Nathan Handler and Pratik Lotia, Reddit
For years, Reddit’s internal services were protected by a traditional, perimeter-based security model using NGINX proxy. This talk explores our journey toward a zero trust architecture and the process of replacing that legacy system. We cover why we chose Cloudflare, the challenges of migrating at Reddit’s scale, and the hard-won lessons that shaped our approach. We show you how we made it simple and fast for developers to onboard new applications without getting bogged down in complex security configurations. Leave with practical insights to guide your own zero trust transitions.
Nathan is a Staff Infrastructure Security Engineer at Reddit, working within the SPACE (Security, Privacy, Assurance, Corporate Engineering) organization. He focuses on ensuring Reddit’s infrastructure is launched securely by default, partnering closely with infrastructure, product, and compliance teams to build tooling that surfaces misconfigurations early, automates common security controls, and provides clear visibility into security posture without slowing development.
Prior to his current role in Security, Nathan worked as a Site Reliability Engineer at Reddit, supporting multiple critical platforms. In that role, he operated large-scale production infrastructure such as the RPAN video platform and ran the infrastructure powering r/place in 2022 and 2023. Alongside his current work, he continues to help shape Reddit’s IAM strategy and Infrastructure as Code practices.
Before Reddit, Nathan led infrastructure at the crypto startup Orchid, building systems for a decentralized bandwidth marketplace on Ethereum. Earlier in his career, he was a Site Reliability Engineer at Yelp, where he was a core contributor to PaaSTA, Yelp’s internal open-source Platform as a Service built on Apache Mesos. He has also been deeply involved in open source as an Ubuntu and Debian developer and as a former member of the freenode IRC staff.
Pratik Lotia is an infrastructure security engineer at Reddit, where he is responsible for building tools and processes for implementing security best practices for cloud native environments. He has extensive experience working on security projects for public and private clouds and telco security. He actively contributes to CNCF TAG security projects and runs the DDoS Community at DEFCON.
author = {Nathan Handler and Pratik Lotia},
title = {The Zero Trust Odyssey: Our Journey to Modernize Internal Access},
year = {2026},
address = {Seattle, WA},
publisher = {USENIX Association},
month = mar
}
