I’m seeking a security infrastructure/operations role. I know, names… I’ve spent the last 7 years worrying about the security of laptops (mac), servers (linux) and their networks (everything) and integrating, plumbing and building all the bits together, and want to keep doing that. I’ve been in the industry since the 90s and have predominately worked in security, but also networking and operations, mainly at startups around the world.

What I do/have done

Mostly recently I’ve been a Security Engineer at Stripe, an Infrastructure Security Engineer at Etsy, and SRE at Puppet Labs.

I work with a variety of modern languages, Golang, Python, rubby, and some less modern ones, C, REXX, Sendmail configs.

Software and systems wise, I have done large projects (impact of 500+ people or 1000+ machines) with osquery (have commits to) and custom HIDS, suricata, Linux’s auditd and recovery from using it.

I won’t list every protocol ever, as that’s pointless, but at Etsy I was the SSL goto person for the company, I’m the goto DNS person too (did you know the spec features compression?)… I have a background in ISPs from the era they all ran FreeBSD and some still had modem racks, so my UNIX fundamentals go back to arguing about SysV vs. BSD startups, not systemd. I used to work at Puppet Labs and so have a lot of experience with not just Puppet but configuration management as a whole.

I’ve done and do a lot of public speaking and have done a number of workshops. I’ve spoken a lot about realworld security, building security infrastructure, and most recently of the actual costs of breaches. Highlights such as QueryCon (first osquery conference), BSides Wellington, Toronto and Portland, LasCon, Velocity and numerous BSides conferences globally. You can see many of them at barnbarn on SpeakerDeck including videos on some. I’ve been on the review panel for many a conference too.

Things I don’t want

Here’s where I let my experience and entitlement speak.

  • Based in SF, not remote, I want to work in an office with people.
  • Not in fintech, gig economy, self driving cars, Facebook, Google et al, I sadly take my employment as an extension of my own ethics.
  • Not SOC/front line incident response, I’ve done it and I see no reason for me to repeat it.
  • Not in a jerk “says no to things” security team, which I doubt anyone would self identify with, but we know who you are.
  • If your security team is all white dudes, then we don’t have anything to discuss.
  • If your company’s management is all white dudes, then guess what too.
  • If you have anything to do with cryptocurrencies then please stop as a company, you are killing the planet.
  • Whiteboard coding, I will walk out of the interview… <3

Thank you for coming to my Ted Talk.

email employaben@mumble.org.uk