Benjamin Jansen

22492 S Redland Rd
Estacada, OR 97023

Phone: 503-560-1955
Email: aogail@w007.org

I am a software engineer who likes to solve customer problems. I am passionate about security and I enjoy tackling problems and stretching myself in new technologies and techniques. I have experience in software engineering, product security, security engineering, QA, systems engineering, and systems administration.

I am part of the team that is responsible for running DNS for Oracle Cloud Infrastructure's Virtual Cloud Networks.

Selected work:

• Deployed & managed DNS-related first- and third- party tools, including BIND and Unbound
• Participated in research and planning for deployment of next generation VCN DNS
• Responded to service incidents during on call rotation
• Advocated for and led by example in automated testing

Tools: Oracle Linux, iptables, Go, Python, Docker, BIND, Unbound

Dates: June 2016 - December 2018

As part of Oracle's Cloud Security (CSEC) Engineering team, I was involved in various security engineering projects providing security services to Oracle's cloud (PaaS/SaaS) teams. The work included managing the infrastructure we provide, using Chef, and developing custom applications to meet security-services-related business needs.

Selected work:

• Implemented a CI & CD pipeline for Cloud Security Chef cookbooks and internal software projects supporting deployment and management of bastions, egress proxies, DNS, and other security services
• Introduced software development best practices to the team, including code review, automated testing, automated deployment
• Implemented a RADIUS authorization API in Rails as an integration between RCDevs AAA software and Oracle's entitlement system, controlling authorization for all of Oracle cloud networking
• Managed a globally distributed fleet of servers and services using Chef
• Replaced a manually managed Active Directory-based DNS service with dnsmasq, managed using Chef

Tools: Chef, Oracle Linux, Ruby, Ruby on Rails, RCDevs AAA products

Dates: January 2012 - June 2016

Tripwire provides security & compliance products for enterprise IT. I worked on the team that owns Tripwire's next generation agent-based security data collection platform. We were responsible for getting data about endpoints to Tripwire products. I regularly worked across all the components within that platform, using a variety of technologies.

Selected work:

• As part of the Software Security Group (SSG):
  • Selected a secure software development framework (BSIMM) for use in R&D
  • Worked as a liaison between SSG and my product team, bringing BSIMM practices to my team
  • Set plan for rolling out secure SDLC activities for all of Tripwire R&D
  • Facilitated and participated in software security activities including threat modeling, secure code reviews, security book club, secure coding standards and security training curation
  • Enabled a baseline of secure development by creating secure internal libraries covering password hashing, encryption, application messaging, and PKI
• As half of a two-person feature team, completely overhauled Tripwire Enterprise's crypto infrastructure and shepherded TE through an updated FIPS 140-2 certification.
• Added collection of events from Windows Event Log to our agent-based security data collection platform
• Implemented features to enhance the robustness of our security data collection platform
• Championed straightforward mechanisms for installing our software
• Helped drive an automated testing strategy that enabled our small team to test and release software on many platform versions
• Helped champion the use of environment automation tools (such as chef and vagrant) to improve efficiency and reproducibility of our software development practices

Tools: Java, Ruby, C++, chef, vagrant, test kitchen, bash, Windows Cmd shell, Guice, netty, boost, Protobuf, Windows Event API, Windows Installer API, JSSE, JCE, ActiveMQ, gradle, cmake, RPM, MSI (via WiX), Bazaar

Dates: June 2006 - December 2011

Tripwire provides security & compliance products for enterprise IT. I primarily worked on Tripwire Enterprise, a large client/server enterprise application mostly written in Java.

Selected work:

• Implemented a diagnostic feature that greatly simplified data collection in support.
• Researched & implemented FIPS 140-2 (data protection) and SCAP (FDCC Scanner) compliance, enabling Federal sales.
• Implemented SOCKS proxy support for agent/server communication.
• Designed & created a “push upgrade” feature that upgraded agent packages (rpm, MSI, etc.) remotely, initiated from the server.
• Redesigned the client/server architecture to enable large deployments (10K+ agents) and implemented components of the new architecture.
• Maintained the TE Server (InstallAnywhere) and Agent (native packages on Linux, Solaris, HP-UX, Windows, AIX) installers.
• Updated and improved use of cryptography involved in securing the applications.

Tools: Java, C++, Ruby, SQL, bash, Windows Cmd shell, XML, Guice, netty, boost, Protobuf, xmlbeans, Windows Event API, Windows Installer API, JSSE, JCE, Java-RMI, ActiveMQ, gradle, ant, cmake, RPM, Solaris pkg, HP-UX depot, MSI (via WiX), Bazaar, Subversion, MySQL, Oracle, MS SQL Server

• Oregon State University, B.S. Computer Science with minor in Business Administration, 2006.
• GIAC Certified Secure Software Programmer (GSSP-JAVA)
• Chef Certified Local Cookbook Developer – Linux Platform

• vim/emacs: vim
• OS: Mac OS