Resume @ John-Paul Verkamp
JP's Blog
Resume @ John-Paul Verkamp
Contact me
- Phone 812.661.8691
- Email: resume@jverkamp.com
- LinkedIn: https://www.linkedin.com/in/jpv0/
- Website: https://blog.jverkamp.com/
- Resume: https://blog.jverkamp.com/resume/
- Github: https://github.com/jpverkamp/
Industry Experience
2020 – 2022: Ethos Life
Senior Security Engineer (Remote)
-
Implemented, maintained, and worked as product design partner with third party solutions for: an AI based WAF and fraud detection, a zero-trust networking solution, and a low level system monitoring solution on workstations and cloud servers.
-
Automated internal access control audits between various systems using flow based automation systems and custom scripts; participated in SOC2 based audits.
-
Implemented centralized vulnerability management system.
-
Set up a logging and inventory system to synchronize and detect oddities between various systems used by IT, infrastructure, and employees at the company.
2013 – 2020: Edmodo
Senior Security/Operations Engineer (Onsite in 2013 to Remote in 2016)
Security
-
Triaged, ticketed, and coordinated fixes with the relevant engineering teams for security reports from third-party independent security researchers.
-
Performed manual and automated pen testing across a dozen major and minor codebases in a variety of programming languages.
-
Built a system for automatically scanning social networks and other sites (including Facebook, Twitter, Google Alerts, and 4chan) for malicious activity related to ‘raids’ on the Edmodo website with email and Slack alerting.
-
Secured our email infrastructure with SPF (including a custom DNS server to overcome SPF recursion limits), DKIM, DMARC, and processing reports and bounced emails.
-
Presented to engineering teams examples of and fixes for common security issues (particularly in legacy codebases).
-
Trained and mentored of several junior security engineers, including engineering teams in sister companies around the world.
Operations
-
Designed and implemented a custom build system for our unique build situation including full docker and in-house deployment system support and automatic parallelization between arbitrarily many build hosts using the docker remote API.
-
Built a credential store system with LDAP integration for access control, automatic in-memory tarball generation with proper timestamps.
-
Coordinated between different engineering teams due to a unique position of gaining years of experience across multiple codebases.
-
Resolved paging events as secondary on-call when necessary by triaging and then either fixing the issue directly or contacting the relevant team(s).
-
Built a custom DNS solution for automatically resolving host names to internal IP address for employee use.
Engineering
-
Collaborated with engineers and codebases in a variety of languages including a large legacy frontend/backend written in PHP and JavaScript, a newer backend written in Ruby (Rails) and Go, and a newer frontend written in JavaScript (React). Also worked with smaller satellite/support codebases in Python, Java, Elixir and Bash.
-
Instrumental in the Dockerization of our codebases, including initial Dockerization for a large legacy codebase with many custom dependencies.
-
Became a ’legacy support engineer’ for several codebases after engineers moved on before replacements were fully put into place.
2009: Cyan Optics (via Rose-Hulman Ventures)
Software Engineer
Developed a user interface for high speed optical routers.
2007 – 2008: Hoosier Stamping (via Rose-Hulman Ventures)
Software Engineer
Implemented a genetic algorithm-based job scheduling system which improved job rate completion from 60% to over 90%.
2007: Naval Surface Warfare Center Crane
Software Engineering Intern
Updated legacy inventory management system while following US Navy coding standards and practices.
2006 – 2007: DessAcc (via Rose-Hulman Ventures)
Software Engineer / Quality Assurance
Designed, tested, and implemented medical imaging plug-ins for Adobe Photoshop and Acrobat meeting ISO-13485 standards for medical devices.
Research Experience
2013 – 2014: A Systematic Study of the Measurement and Circumvention of Internet Censorship
Explores Internet Censorship around the world, focusing on large-scale measurement techniques and the classification and analysis of real world censorship systems.
2013–2014: DNS-Based Censorship
Implemented a novel asynchronous DNS-based scanning technique to scan the entire IPv4 address space for open resolvers; used these resolvers to measure censorship on a country by country basis.
Five Incidents, One Theme: Twitter Spam as a Weapon to Drown Voices of Protest (USENIX FOCI ‘13)
Analysed one month of Tweets for each of five incidents where political forces used Twitter spam to overwhelm peaceful protest; proposed methods for identifying and mitigating such incidents in the future.
Inferring the Mechanics of Web Censorship Around the World (USENIX FOCI ‘12)
Performed an in-depth study of censorship in 11 countries around the world; created a taxonomy of censorship techniques in practice today.
Education
2011 – 2014: Indiana University
MS in Computer Science
Thesis topic: Security and internet censorship; Minor: Compilers
Originally in the PhD program; passed qualification exams; left with my advisor to join the private sector
2006 – 2010: Rose-Hulman Institute of Technology
BS in Computer Science and Mathematics
Skills
-
Security: 10+ years in application layer and infrastructure layer security, specializing in web security, authentication, TLS/HTTPS, and email security (DMARC, DKIM, SPF).
-
Languages: 10+ years experience with Python, JavaScript, Ruby, Go, Scheme/Racket, Bash, and PHP. 5+ years experience with Java, .NET (C# and F#). Some experience with Rust, C++, and various Assembly languages. Can read and review from a security perspective code in just about any other language.
-
Server software: Apache, nginx, MySQL, SQLite, PostgreSQL
-
Operating systems: Most experience with macOS and Linux (20+ years), some experience with Windows.
-
Cloud: 10+ years with AWS (in particular EC2, CloudFront, and S3).