Resume @ John-Paul Verkamp

    Contact me

    Industry Experience

    2022 – present: Dropbox

    Senior Security Engineer (Application Security) (Remote)

    • Headed project to triage, detect, and remove any secrets committed to source code both retroactively and on an ongoing basis for new pull requests. Implemented GitHub Advanced Security Secret Scanning.

    2020 – 2022: Ethos Life

    Senior Security Engineer (Remote)

    2013 – 2020: Edmodo

    Senior Security/Operations Engineer (Onsite in 2013 to Remote in 2016)

    Security

    • Triaged, ticketed, and coordinated fixes with the relevant engineering teams for security reports from third-party independent security researchers.

    • Performed manual and automated pen testing across a dozen major and minor codebases in a variety of programming languages.

    • Built a system for automatically scanning social networks and other sites (including Facebook, Twitter, Google Alerts, and 4chan) for malicious activity related to ‘raids’ on the Edmodo website with email and Slack alerting.

    • Secured our email infrastructure with SPF (including a custom DNS server to overcome SPF recursion limits), DKIM, DMARC, and processing reports and bounced emails.

    • Presented to engineering teams examples of and fixes for common security issues (particularly in legacy codebases).

    • Trained and mentored of several junior security engineers, including engineering teams in sister companies around the world.

    Operations

    • Designed and implemented a custom build system for our unique build situation including full docker and in-house deployment system support and automatic parallelization between arbitrarily many build hosts using the docker remote API.

    • Built a credential store system with LDAP integration for access control, automatic in-memory tarball generation with proper timestamps.

    • Coordinated between different engineering teams due to a unique position of gaining years of experience across multiple codebases.

    • Resolved paging events as secondary on-call when necessary by triaging and then either fixing the issue directly or contacting the relevant team(s).

    • Built a custom DNS solution for automatically resolving host names to internal IP address for employee use.

    Engineering

    • Collaborated with engineers and codebases in a variety of languages including a large legacy frontend/backend written in PHP and JavaScript, a newer backend written in Ruby (Rails) and Go, and a newer frontend written in JavaScript (React). Also worked with smaller satellite/support codebases in Python, Java, Elixir and Bash.

    • Instrumental in the Dockerization of our codebases, including initial Dockerization for a large legacy codebase with many custom dependencies.

    • Became a ’legacy support engineer’ for several codebases after engineers moved on before replacements were fully put into place.

    2009: Cyan Optics (via Rose-Hulman Ventures)

    Software Engineer

    Developed a user interface for high speed optical routers.

    2007 – 2008: Hoosier Stamping (via Rose-Hulman Ventures)

    Software Engineer

    Implemented a genetic algorithm-based job scheduling system which improved job rate completion from 60% to over 90%.

    2007: Naval Surface Warfare Center Crane

    Software Engineering Intern

    Updated legacy inventory management system while following US Navy coding standards and practices.

    2006 – 2007: DessAcc (via Rose-Hulman Ventures)

    Software Engineer / Quality Assurance

    Designed, tested, and implemented medical imaging plug-ins for Adobe Photoshop and Acrobat meeting ISO-13485 standards for medical devices.

    Research Experience

    2013 – 2014: A Systematic Study of the Measurement and Circumvention of Internet Censorship

    Explores Internet Censorship around the world, focusing on large-scale measurement techniques and the classification and analysis of real world censorship systems.

    2013–2014: DNS-Based Censorship

    Implemented a novel asynchronous DNS-based scanning technique to scan the entire IPv4 address space for open resolvers; used these resolvers to measure censorship on a country by country basis.

    Five Incidents, One Theme: Twitter Spam as a Weapon to Drown Voices of Protest (USENIX FOCI ‘13)

    Analysed one month of Tweets for each of five incidents where political forces used Twitter spam to overwhelm peaceful protest; proposed methods for identifying and mitigating such incidents in the future.

    Inferring the Mechanics of Web Censorship Around the World (USENIX FOCI ‘12)

    Performed an in-depth study of censorship in 11 countries around the world; created a taxonomy of censorship techniques in practice today.

    Education

    2011 – 2014: Indiana University

    MS in Computer Science

    Thesis topic: Security and internet censorship; Minor: Compilers

    Originally in the PhD program; passed qualification exams; left with my advisor to join the private sector

    2006 – 2010: Rose-Hulman Institute of Technology

    BS in Computer Science and Mathematics

    Skills

    • Security: 10+ years in application layer and infrastructure layer security, specializing in web security, authentication, TLS/HTTPS, and email security (DMARC, DKIM, SPF).

    • Languages: 10+ years experience with Python, JavaScript, Ruby, Go, Scheme/Racket, Bash, and PHP. 5+ years experience with Java, .NET (C# and F#). Some experience with Rust, C++, and various Assembly languages. Can read and review from a security perspective code in just about any other language.

    • Server software: Apache, nginx, MySQL, SQLite, PostgreSQL

    • Operating systems: Most experience with macOS and Linux (20+ years), some experience with Windows.

    • Cloud: 10+ years with AWS (in particular EC2, CloudFront, and S3).