In addition to efforts towards operational security, defense in depth and paranoia advocacy, I would like to contribute
to projects that help protect everyone's confidentiality, anonymity and censorship resistance.
I would be especially interested in working with an organization that is interested in using Tor or Tahoe-LAFS.
Lately, I have been exploring golang and I am designing and writing a security related network flow analysis program
in golang. My primary programming languages are Golang, Python and C. Yes, I can fix your broken C to golang bindings:
... for the Linux netfilter-queue API... it *might* be useful to someone writing a network scanner in golang.
volunteer code contributor
Tor Project and Tahoe-LAFS Project Berlin/San Francisco (2013 - present)
- native Tor integration for Tahoe-LAFS
- feature addition to txtorcon: twisted endpoint and parser for Tor hidden services
- Ansible role for Tor
- bananaphone PT for Tor's obfsproxy
Operations Engineer/Security Advisor Zenmate Berlin (X - April 22nd 2014)
- configured new chef system to manage core infrastructure
- conducted datacenter migration
- conducted Postgres DB migration/upgrade
- documented contingency plans
- increased high availability of various services
- assisted teammates with writing chef cookbooks and other operational tasks
Developer Addvocate, San Francisco (August 2013 - November)
- setup Pingdom and Pagerduty with on-call rotation and escalations
- wrote healthchecks for our python Tornado web app
- ported 10,000 line Tornado web app from PyMongo to Motor
- ported Tweepy to Tornado http async client api
- ported python-linkedin to Tornado http async client api
- wrote fastly-purge.py - to purge artifacts from our Fastly CDN account
- wrote a test harness for the Addvocate RESTfull API
Systems Administrator Causes, San Francisco (February - May 2013)Worked on Chef 11 migration, Redis upgrade, postfix migration, Chef Berkshelf release/deploy process etc.
Systems Administrator Scribd, San Francisco (May 2012 - September 2012)
- Dealt with technical debt.
- Performed many database migrations.
- Assisted in Chef migration.
Operations Engineer Spinn3r, San Francisco (October 2010 - March 2012)
- Systems configuration management with Bcfg2
- Fully automated OS install and configuration from single commandline tool; extended this system to work with KVMs
- Rolling upgrades from Mysql 5.0.x (an Ourdelta fork) to Percona 5.1.x
- Automated database operations in Python; percona_clone.py is a new addition to mysql-cluster-tools
- Automated Nagios configuration via Bcfg2 + the Nagiosgen plugin
- Automated powerdns with bcfg2
- Wrote tools to detect page cache efficiency when using MyISAM storage engine
System Engineer Digg, San Francisco (July 2010 - October 2010)
- Wrote Puppet manifests for Hadoop and Hive.
- I was responsible for Hadoop cluster upgrades.
- Created the Mysql 5.1 xtradb innobackupex snapshot backup system for Digg's Mysql databases.
- Worked with Clusto, Scribe and Mogile FS
- Wrote tools to assist engineers with using Cassandra; I wrote Cassandra Page-cache Usage in Python.
Operations Engineer Spinn3r, San Francisco (2008 - August 2009)
- 40+ servers with hardware managed-hosting (i.e. not colocation and not managed-hosting)
- Rolling upgrades to the Mysql clusters
- Live migration from ServerBeach to Softlayer managed hosting
- Operations and capacity planning of a large Mysql clusters...
- Database operations automated via Python
- Continually improving monitoring systems (Nagios and Ganglia)
- On-call rotation
- Cluster configuration management with Bcfg2 (similar to Puppet)
- Automatic Debian package creation
Linux Systems Administrator Snapjot, San Francisco (April 2006 - August 2007)
- Network Administration: fixed network outages, setup loadbalancing traffic to webservers via HAProxy and STunnel, customized IP security policies and routing schemes with a Juniper Netscreen firewall, Linux IP Tables and Cisco routers
- Systems: "shadow DNS" via Daniel J. Bernstein's TinyDNS, mail via Postfix, SpamAssassin and qpsmtpd with a custom Perl plugin, Apache, Tomcat, MySQL, Squid, Mon (service monitoring system) w/ custom Perl scripts, backup system via cron scripts
- Applications: VMWare Server setup with Windows and Linux images, Cruise Control - Java continuous build server
Site Operations Engineer Snapfish, San Francisco (November 2004 - August 2005)
- Worked on call, responsible for site reliability and uptime.
- Facilitated in site downtime maintenance including a timed bounces of various services for site operation, collaborating with the DBA etc...
- Wrote various monitoring and database analysis tools in Java, Perl and Bash. This includes usage of Gnuplot and Perl to generate web viewable graphs, Mon monitor's which send alerts to the pager, a Java program to automatically fix failed website orders...
- Ran many SQL queries on various Oracle database nodes to maintain coherency for Snapfish accounts and photo albums.
- Performed various systems administration tasks such as maintain crontabs, configure postfix, custom compiled apache etc.
- Responsible for the management and generation of all internal SSL certs. Used perl to automate the process.
- Reported upon site bugs and collaborated with the site developers to get them fixed.
contract Tech Support Engineer / Developer, Barracuda Networks, Cupertino (May 2004 - July)
- Serviced tech support calls troubleshooting firewalls, routing problems, DNS and mail server configurations.
- Automated tasks in perl and setup SNMP monitoring.
contract Software Quality Assurance Engineer, DataDomain, Palo Alto (January 2004 - April)
- Performed hardware/software manual tests.
- Wrote Perl programs to automate testing of DataDomain's software.
- Installed and configured Linux systems to run QA tests of DataDomain's backup server.
- Debugged program crashes/core dump analysis with GDB (the GNU Debugger).
- Created performance tests to ensure the Data Domain Restorer met product SLA.
Network Tools Developer, Northpoint Communications, San Francisco (April 1999 - December 2000)
- Deployed custom monitoring software to Solaris/Linux servers in less than 50 points of presense...
- Wrote tools to automate the monitoring and maintenance of the network. Some of these tools were used to modify the configuration of hundreds of Cisco routers, Ascend switches, automate configuration of MRTG (multi router traffic grapher) etc.
- Worked in a project writing in-house software to automate the testing of copper loops (for DSL) from circuit orders. I programmed the backend code and collaborated with database and web CGI programmers.
- Configured CopperMountain DSLAMs, Cisco routers and Ascend frame-relay switches
Network Engineer / Tools Developer, CRL Network Services, San Francisco (December 1997 - October 1998)
- Worked with hundreds of cisco routers
- Wrote various monitoring facilities for the Network Operations Center, including a program which displayed packet loss to peer networks from core routers
- Worked extensively with MRTG (multi router traffic grapher)
- Performed frame-relay trouble shooting on Ascend switches (via HPOpenView) and EIGRP/BGP trouble shooting on Cisco routers.
- Set up Cisco Flow Analyzer, MIT Kerberos V4 on a SunOS server, including serious Sendmail configuration, modified the C source code for the standard local mailer tranfer agent to include Kerberos authentication and modified the C source code of the Merit AAA RADIUS server for special username parsing.