Christopher P.

Christopher P.

Linux specialist - security, reliability, scalability, programming

New York , United States

Experience: 31 Years

Christopher

New York , United States

Linux specialist - security, reliability, scalability, programming

216000 USD / Year

  • Notice Period: Days

31 Years

Now you can Instantly Chat with Christopher!

About Me

With 23 years of day/night/weekend Linux experience, programming since 1983, and founding a $44,000,000 startup in 1996, I help fast growing start-ups scale their Linux services securely and reliably.

...

Show More

Portfolio Projects

Description

    • Auditing Python Django source code and implementing remediations for security vulnerabilites and cryptography standard practices
    • Reviewing Google Cloud Platform (GCP) network configurations (VPC)
    • A few hours of Terraform
    • Assisting with workflow improvements to infrastructure as code and change control to reduce risk and improve auditability

Show More Show Less

Description

    • Increased reliability 10x in 6 months by removing points of failure, adding redundancy and exception handling/logging, to C, Ruby, PHP, Perl, and BASH
    • Reduced AWS costs by 50%
    • Discovered and mitigated SQL injection vulnerability that could result in privilege escalation
    • Site Reliability Engineering of 50 mostly unique systems operating web services, webmail, postfix SMTP, IMAP, and POP3 in AWS
    • Auditing Ruby and PHP source code for security best practices
    • Implemented server monitoring in BASH shell scripting and AWK via git / Github
    • Performed Nessus and nmap vulnerability and port scans, reviewing results for applicable security risks
    • Deployed and configured services/servers in AWS
    • Set up MySQL access controls and replication
    • SPF record management and automation, spam filtering, complex postfix configuration
    • Implemented HITRUST / HIPAA requirements
    • Deployed centralized syslog/rsyslog logging service
    • Administered NGINX
    • Migrated manually maintained system configurations into centralized management (GitOps)
    • Deployed OWASP web application filter (WAF) with ModSecurity
    • Debugged server load issues and tuned for performance
    • Disaster recovery (DR) planning on AWS EC2/VPC/EBS
    • Deployed MySql / MariaDB replication with automatic failover
    • MySQL/Mariadb Database administration - SQL query optimization, access controls, performance tuning
    • tumgreyspf administration
    • Fixed bugs in PERL, Python, Javascript, and Ruby code
    • Wrote tools using Python/MYSql connector and YAML
    • ClamAV anti-virus administration
    • Enable snapshot lifecycle on 150 AWS volumes using JSON/JQ and AWS CLI
    • Postfix administration and log analysis
    • Designed phased update rollout process using iptables connection limiting
    • Resolved UNICODE database incompatibility issue
    • Audited configurations and software versions for security issues
    • Layer 1/2/3 network debugging with tcpdump
    • Advanced iptables re-routing
    • Wrote predictive disk space monitoring in BASH/AWK
    • DKIM/DMARC/ARC set up and configuration
    • Real-time log redaction via rsyslog configuration
    • Implemented data to mysql in real time using rsyslog
    • Wrote Boto3/python AWS snapshot and volume tagging to add snapshot lifecycles and identify unattached volumes and snapshots
    • NGINX log and database query correlation analysis for causes of slow web responsiveness
    • Sourcing and screening canditates for my replacement using LinkedIn and Angel.co/AngelList recruiting interface
    • Documenting my workflow in Markdown, commenting code, putting instructions into alerts, and removing cruft, for the next person

Show More Show Less

Description

  • Produced security audit reports for client's Ethereum Solidity blockchain smart contract / cryptocurrency source code, of network security concerns for each client, using truffle, solhint, git, jq, solc, github, and vim.
  • Automated detection of non use of OpenZeppelin's SafeMath, dividing without using remainder, non view functions without an emit call, and dividing before multiply; by adding lint rules to solhint in JavaScript
  • Automated and templated initial report generation by writing custom ESLint output formatter for solhint to match company style

Show More Show Less

Description

  • Automated build and test of security patch update process using BASH shell scripting on Linux, for National Laboratories and similar supercomputing systems (DevSecOps / DevOps)
  • Streamlined and improved reliability, maintainability, and security, of Python based SUSE security patch deployment process, by removing dependencies, 100s of lines (75%) of code, and adding fail-fast logic in place of fail-silently logic usingoffensive programmingmethods (assertions and strict data types) (DevSecOps) to focus on business objectives
  • Researched impact of zero-day vulnerabilities to recommend patch schedules and/or mitigations
  • Reported internal network and product security vulnerabilities and remediations to appropriate departments

Show More Show Less

Description

    • Discovered over 12 critical network security and application security (AppSec) vulnerabilities in Java/J2EE code, network/LAN/VLAN and firewall configurations, and cryptography implementations (encryption, TLS, public-key cryptography), using source code auditing (static analysis) and dynamic analysis
    • Directed mitigation of vulnerabilities through resolution with IT, Development, and Operations teams
    • Performed threat modeling of entire attack surface through the layers of access controls to critical data targets in acyclic directed graph format (using Graphviz)
    • Audited PostgreSQL database schema for proper credential storage and access controls
    • Overhauled and streamlined company firewall rules using iptables on Linux
    • Assisted Marketing with security related customer facing commitments for consistency with existing architecture, accuracy, and appeal to security minded audiences
    • Researched impact of zero-day network security vulnerabilities for patch scheduling and mitigation
    • Assisted in implementation and application of PCI and OWASP controls
    • Oversaw and verified deployment of critical security updates / patches of third party code
    • Automated business continuity management (BCM) and disaster recovery (DR) usingSemantic MediaWiki (SMW / semanticwiki), enabling each role to document expected maximum downtime, with DR plan, last DR test date, and calculated cumulative net agreed upon downtimes, displayed on each service's company-wide viewable page. Implemented generated summary page of tabulated verification dates and maximum downtimes for easy management review
    • Automated Nessus to JIRA issue ticket creation to decrease vulnerability response time
    • Tools used: Nessus, BurpSuite, nmap, tcpdump, curl, netstat

Show More Show Less

Description

  • Migrated DNS configurations into change control process using git
  • Reduced per-server downtime and data loss by 99% by bringing Linux systems up to standard practices
  • Improved office internet connectivity using Linux's traffic control (tc) to support 100s of employees over a single 10/100Mbps connection (while waiting for fiber to be run)
  • Presented with a PIN by the CEO at 500 person all company meeting for identifying $6,000,000 of unused data center hardware
  • Diagnosed service bottlenecks in Java/J2EE code using netstat, strace, tcpdump, curl, traceroute, iostat, etc
  • Led a team of 5 in system administration of $30,000,000 of datacenter servers in a private cloud
  • Automated resolution of 90% of on-call pages for server issues, with automated JIRA ticket filing with debugging information to reach pro-active resolution
  • Recovered XFS file systems corrupted by defects in hardware RAID cards, using custom C code
  • Scaled performance and reliability of primary PostgreSQL (Postgres) SQL relational database by optimizing SQL queries, and simply adding more RAM (after others had attempted many more complex, costly, and downtime causing solutions)

Show More Show Less

Description

  • Founded top 1000 web search engine earning $500,000 of ad revenue in first 2 years, reaching over 1,000,000 daily page hits from over 100,000 daily users using C (for indexed substring search, FTP client, and web crawler), AWK, RegEx, and BASH shell scripting, on a single Linux server
  • Raised $2,768,000 in venture capital
  • Took public (IPO)to a peak market capitalization of $40,000,000
  • Mentioned inThe Wall Street Journal page B1, center article, June 15, 1999andseveral books
  • Solely invented, developed, andapplied for patentfor peer to peer distributed file sharing and video streaming protocol in C++
  • Designed and implemented Digital Rights Management (DRM) controls using DNS lookups for scalability
  • Developedclick-through optimizing ad rotator and billing system in C

Show More Show Less