Mike Arpaia

Mike Arpaia

About Me

I’m a computer scientist working on large-scale distributed systems, machine learning, and quantitative finance.

Professionally, I’m currently a Principal Machine Learning Engineer at Workday. In the past, I’ve worked as a Software Engineer at Facebook and Etsy as well as an Engineering Manager at Facebook. I was also the Co-Founder and CTO of an infrastructure analytics startup where I built a completely remote engineering organization and raised 9.6 million dollars in venture funding.

While working at Facebook in 2014, I created and open-sourced a tool called osquery which exposes a SQL interface to a fleet of computers for fast, flexible operating system monitoring. Osquery has since become a foundational tool in the information security and compliance industries.

Outside of work, I’m an avid outdoors enthusiast. I like to train for and participate in a variety of mountain sports including rock climbing, skiing, and adventure motorcycling. I also play the electric and upright bass. The bass fulfills an extremely foundational role in the rhythmic structure of music and that has always drawn me to the instrument.

Professional Experience


Principal Machine Learning Engineer


March 2019 – Present Boulder, CO
At Workday, I am a member of the Human Capital Management (HCM) Machine Learning (ML) team where my work exists at the intersection of Software Engineering and Machine Learning Research. I’m currently focused on researching deep learning techniques for natural language problems, putting these techniques into practice to train increasingly effective neural probabilistic language models, and using these language models for large-scale information retrieval use-cases.

Co-Founder & CTO


July 2016 – January 2019 Boulder, CO
As the CTO and Co-Founder of a small infrastructure analytics startup, I was the lead architect and developer for almost all of our backend, infrastructure, and operating system software. I was also a frequent author of blog articles, part-time salesman, periodic financial negotiator, persistent pedagogue, etc. Several of Kolide’s tools for managing osquery infrastructure have been open sourced on GitHub.

Engineering Manager


October 2015 – June 2016 Menlo Park, CA
After working on osquery as an individual contributor at Facebook, I was the Engineering Manager of the intrusion detection infrastructure team at Facebook. We were primarily responsible for host instrumentation (osquery), network instrumentation (Bro and Suricata), email detection, etc. I learned a lot about managing and supporting humans, big company dynamics, and a whole bunch of ways to detect and respond to compromise.

Software Engineer


February 2014 – October 2015 Menlo Park, CA
I joined the team at Facebook to work on improving host intrusion detection capabilities, specifically on macOS and Linux which were falling behind Windows tools from vendors. To accomplish this across all of Facebook’s environments, I created the osquery project and widely deployed it throughout corp and production with enormous help from an amazing team. Osquery is the most starred security project on all of GitHub!

Senior Software Engineer


October 2012 – February 2014 Brooklyn, NY

While at Etsy, I worked on a custom host intrusion detection system which I deployed and managed across Etsy’s corporate infrastructure. I participated in several red team exercises designed to test it’s effectiveness. I gained a lot of experience and domain expertise that guided a lot of design decisions in osquery.

At Etsy, I was also the designated security lead for data infrastructure and voluntarily maintained some analytics infrastructure for our team of Data Analysts.


Security Engineer

iSEC Partners

August 2011 – October 2012 New York, NY
At iSEC Partners, I was a penetration tester and security researcher, specializing in infrastructure security, mobile operating system security, and mobile application security. I did research on mobile device exploitation, PHP application security, and mobile application security.

Security Engineer

Gotham Digital Science

January 2011 – August 2012 New York, NY
I did security assessments for GDS while also attending University. I participated in infrastructure and application assessments for a variety of large financial and technology companies.

Network Technician

Stevens Institute of Technology

June 2010 – January 2011 Hoboken, NJ
During university, I worked as a Network Technician for the Stevens IT department where I performed a variety of maintenance, debugging, and repair tasks on networking equipment all throughout the campus.

Research Experience


Research Engineer

Mila - Québec Artificial Intelligence Institute

May 2019 – December 2019 Montréal, QC
At Mila, I worked as a volunteer on software and infrastructure engineering objectives for a project which aimed to raise awareness and conceptual understanding of climate change by depicting accurate and personalized outcomes of climate change using cutting-edge techniques from artificial intelligence and climate modeling.

Open-Source Leadership

Alpaca Trading API C++ Client Project Lead

Alpaca Trading API C++ Client Project Founder

Kubernetes Release Team Member

Kubernetes Multi-Tenancy Working Group Member

Osquery Project Lead

Osquery Project Founder

Conference Talks

Using a Kubernetes Operator to Manage Tenancy in a B2B SaaS App

Companies that create products for other companies or teams often have to reason about how to deal with the application-level tenancy of each team. This presentation will discuss how Kolide has approached the problem of application tenancy by building a Kubernetes Operator to manage the complete lifecycle of each tenant as an isolated instance of a single-tenant application.

Behind The Scenes: Kubernetes Release Notes Tips and Tricks

This session aims to shed more light on the release note process from the Kubernetes contributor’s point of view. We will briefly …

Instrumenting Dynamic Environments with Source Control, Peer Review, and Decentralized Intelligence Distribution

Osquery configurations often start simple and static, but, as the complexity of an osquery deployment grows, the level of dynamicism …

Starting Growing and Scaling Your Host Intrusion Detection Efforts

Osquery is a lightweight host intrusion detection tool that organizations can use to monitor extremely large production environments as …

Building Successful Open Source Security Software

Released in 2014 by Facebook, osquery is an open source operating system instrumentation framework and toolset. In this talk, I will …


RTFn: Enabling Cybersecurity Education Through a Mobile Capture the Flag Client

Cybersecurity is one of the most highly researched and studied fields in computer science. It has made its way into numerous accredited …