diff --git a/paul-halvorsen-resume-detailed.md b/paul-halvorsen-resume-detailed.md index 34068c3..a952e12 100644 --- a/paul-halvorsen-resume-detailed.md +++ b/paul-halvorsen-resume-detailed.md @@ -1,115 +1,327 @@ ---- -name: Paul Halvorsen -keywords: rust, cargo, python, c, docker, containers, tdd, test driven development, pytest, ci/cd, javascript, jquery, php, mysql, rest, api, json, xml, git, gitlab, nginx, remote, testing -left-column: - - 'Phone: +1-410-236-4665' - - 'Citizen of the United States' -right-column: - - 'Email: [work@halvo.me](mailto:work@halvo.me)' ---- -# Summary +# About Me -I'm a Software Engineer with over (started in 2011) years development and (started in 2006) years professional experience, with exposure to Rust, C, Python, PHP, Go, JavaScript, Java, and C++ languages; various SQL databases; JQuery and Pytest frameworks; Docker containerization; and Rest API, NATS, JSON, XML, and nginx technologies. +## General Info -# Work Experience + - Name: Paul Halvorsen + - Contact + - Email: paul.halvorsen@pm.me + - Phone: +1-410-236-4665 + - Links + - Personal Blog: https://flow.halvo.me + - Git Repo: https://git.halvo.me/paul + - LinkedIn: https://www.linkedin.com/in/paul-halvorsen + - Citizen of the United Stats -## Binary Defense +## Summary -**Sr Software Engineer**: April 2022 - Present +I'm a Software Engineer with over (started in 2011) years development and (started in 2006) years professional experience, with exposure to Rust, C, Python, PHP, Go, JavaScript, Java, and C++ languages; various SQL DBs; tokio, JQuery, and Pytest frameworks; Docker and GitLab CI/CD; and Rest API, NATS, JSON, XML, and nginx technologies. - - Rust development using cargo, nextest, cmake, WIX, and cross compilation - - Python development using pyenv, pipenv, cython, docker build environment, gitlab pipelines, and static compilation - - Develop security alarms for Windows, Linux (Debian, Ubuntu, CentOS, RedHat), and MacOS - - Written RFC and ADR to drive design and decision making on project direction - - Design and build containment for all platforms upon detected compromise - - Design and build secure key exchange and connections - - Perform public key pinning and certificate transparency logs for server verification: Rust, Python - - Perform API calls to Azure for data transfer - - Testing performed using VMs built in Proxmox and Virtualbox +### Keywords + +rust, cargo, python, c, docker, containers, TDD, test driven development, pytest, CI/CD, JavaScript, JQuery, PHP, MySQL, rest, API, JSON, XML, git, GitLab, nginx, remote, testing + +## Work Experience + +### Abnormal AI + +**Software Engineer**: Jan 2026 - Present + + - Utilize claude AI, summarize code, aid in coding, planning + - Build and maintain k8s and aws infrastructure + - python + - pacman + - haml + - yaml + - Build and maintain service to aggregate data + - golang, python + - pytest, unit testing + - running cron jobs in k8s + - using kubectl, k9s to control k8s + - RBAC + +### Binary Defense -## Kyrus Tech +**Sr Software Engineer**: April 2022 - Oct 2025 + + - Gitlab + - CI/CD pipelines for unit and integration testing, compilation, and deployment + - docker images for Linux, Windows + - VMs for MacOS + - MR/PR contributions, comments and testing + - Rust development + - cargo, nextest, cmake, WIX, cross compilation, unit tests + - sqlite encrypted db + - libraries: tokio, reqwest, anyhow, serde + - Containment + - Azure Library + - Library to watch for windows event logs, file system changes, user changes, and firewall changes + - White and blacklists for files, file types, file contents, and hashes + - Sanatize, decorate (add additional data), serialize data for transfer to backend + - De-duplicate data to reduce network traffic and backend storage costs + - Event driven + - Unit tests + - Public key pinning and certificate transparency + - Secure key storage + - Encrypting and decrypting on disk sqlite db + - dpapi for Windows + - org.freedesktop.secrets for Linux + - Python development + - pyenv, pipenv, cython, docker build environment, static compilation, pytest + - Containment + - Public key pinning and certificat transparency logs + - end-to-end integration testing + - Spin up pre-configured VMs (Windows and Linux) + - Make specific testing changes to those VMs via ssh + - Spin up temporary servers + - Run tests + - Performance improvements + - Reduce CPU usage by filtering out previously observed issues + - Reduce memory usage by using regex and filtering + - Reduce network traffic using regex and filtering + - Reduce disk size by turning multiple strings into regex + - Libraries for watching network traffic on Windows and Linux + - Event driven + - White and blacklists in regex + - Specific Windows events + - Filesystem changes + - User changes + - Event driven + - Windows + - Server 2009, 2012, 2019 + - xp, 7, 8, 10, 11 + - Linux + - Debian, Ubuntu + - Redhat, CentOS + - MacOS + - Written RFC and ADR to drive design and decision making on project direction + - Containment + - Design and build containment for all platforms upon detected compromise + - Containment meaning no network access other than to BD servers + - Use Linux iptables, windows firewall, and MacOS ip firewall + - Design and build secure key exchange and connections + - Public key pinning and certificate transparency logs + - For server verification + - Prevent MITM attacks + - Azure Library + - Setup library for communication: rust and python + - Perform API calls for uploading and updating data in database + - Setup database when it doesn't exist + - Testing performed using VMs built in Proxmox and Virtualbox + - SCRUM + +### Kyrus Tech **Sr Software Engineer**: Nov 2020 - April 2022 - - Perform test driven development: C, Python/Pytest, Docker, GitLab CI/CD - - Build covert communications and file transfers proxy: C, HTTPS, Apache Thrift, Rest API - - Design compact router fingerprinting and vulnerability analysis: Android, HTTPS, TCP/IP, StreamCypher Encryption - - Modify existing code to suppress system logging from Linux Kernel module: various Linux Kernel versions, Ghidra + - Router Fingerprinting + - C and Python + - Run on Android phone + - Compact and rolling logs + - Aggregated logs + - Scan for connected routers + - Perform fingerprinting and vulnerability analysis on device + - HTTPS, TCP/IP, StreamCypher Encryption, ICMP, DNS + - Covert communications + - C, Python, Docker + - HTTPS, Apache Thrift, REST API + - Multi threaded + - Routing through multiple middle + - C front end, and middle, python backend + - Encrypted transfers + - RSA key exchange + - Linux kernel backdoor + - Supress system logging + - Monitor filesystem changes + - Supress system monitoring + - Support for various Linux Kernel versions + - Ghidra, C + - Test driven development + - C, Python, Pytest, Docker, GitLab CI/CD + - SCRUM -## Parsons +### Parsons **Cyber Security Software Engineer**: Apr 2018 - Nov 2020 - - Continue development of covert Windows application: C, C++, Python - - Build modular solution for plugin architecture - - Design and develope custom API for minimal data transfer to back-end - - Reverse engineer custom data storage solutions to parse and manipulate target data - - Reverse engineer API calls to proprietary tools to manipulate communication - - Encrypt storage and comms using AES shared key to maintain confidentiality and integrity - - Build prototype back-end service for file storage and search: Java, Tomcat, Niagarafiles (NiFi), nginx, Hadoop, MySQL, LDAP, RBAC - - Create API for uploading files via web interface or CLI - - Verify duplication before storage - - Track and maintain multi-level user access - - Generate metadata for searching + - Covert Windows Application + - Library injection + - C, C++, Python + - Modular solution for dynamic and static plugins + - Cluster of nodes + - Custom API and serialization + - Extremely limited network traffic + - Reduce size of data transfer + - Aggregate/Consolodate data from multiple nodes + - Reverse engineer target's custom data storage to parse and manipulate target data + - Reverse engineer API calls to proprietary application + - Manipulate lagitimate traffic + - Inject traffic + - Encrypt local storage and comms using shared AES key + - Back-end service for file storage + - Java, Tomcat, Niagarafiles (NiFi), nginx, hadoop, MySQL, LDAP, RBAC + - API for uploading files + - Web interface + - CLI + - Remove duplication before storage + - Allow reads from multiple users uploading the same file + - Create new file on write + - Multi-level user access, RBAC and LDAP + - Produce metadata + - Provide search functionality -## NSA +### NSA **Security Software Engineer**: Nov 2011 - Apr 2018 - - RedTeam DevOps development of browser enumeration, manipulation, and exploitation: PHP, JavaScript, JQuery, CSS, Python, MySQL, Java, Apache, Tomcat, Linux, Windows, Chrome, Firefox, Safari, IE, Edge - - Design Rest and JSON API to transfer data between targets, server, and UI - - Deliver covert JavaScript to targets for enumeration and exploitation - - Design front-end to provide a dynamic UI with real time target data, graphs, and charts for in-depth data analysis - - Design MySQL database to hold and quickly query enumeration and exploitation data - - Design and develop new browser exploits using public CVE and POC - - Update PHP back-end for security and performance - - Advise and develop vulnerability mitigation strategies for various military and government customers - - Train and provide SOPs to NSA RedTeam operators for various tools - - Train new development employees on test system and deployment procedures - - Update Windows and Linux software package to also run on MacOS + - RedTeam DevOps + - Browser security + - enumeration, manipulation, exploitation + - Languages: PHP, JavaScript, JQuery, CSS, Python, MySQL, Java + - Platforms: Tomcat, Apache, Nginx + - OS: Linux, Windows, Android, iOS + - Browsers: Chrome, Firefox, Safari, IE, Edge + - Rest JSON API for data transfer to and from target and backend server + - Recon from browser + - Browser name, type, version + - OS name, type, version + - Possible device make and model + - Plugins in browser and versions + - Design dynamic browser UI using JQuery + - View all data on all connected targets + - Interact with the targets browsers + - Change the look + - Monitor key presses and mouse movements + - Mimic legitimate sites + - Redirect the page + - View stats on currently and past connected targets + - Query CVEs to view possible exploits + - Number of versions seen + - Plugins seen + - Add more as needed by operator + - Send exploits to target with backdoor payload + - Build browser exploits using CVE and POC (half day and full day vulnerabilities) + - Obfuscate + - PHP and JS obfuscation + - Randomly change the JS and PHP to hide and evade detection + - Design and maintain MySQL database + - Hold data on each browser, os, and possible exploits + - Hold and relate data for CVEs and available exploits + - Reduce redundancy + - Increase efficiency with pre-compiled queries and indexes + - Maintain backend server + - Additional projects as needed + - Java Tomcat web backdoor + - ASP.Net web backdoor + - ASP.Net document backdoor + - Run JS inside documents and PDFs + - Re-work windows backdoor to cross compile on MacOS + - Provide feedback + - Train and provide SOPs to NSA RT operators for various tools + - Produce documentation for new developers + - Train new developers + - Advise and develop vulnerability mitigation strategies for various military and government customers + - Aid in scoring the NSA Cyber Defense Challenge + - Build token scoring system + - Keep track of scores and provide feedback to the teams + - Report scoring throughout the competition +### NSA + **Systems Engineer**: Sept 2009 - Nov 2011 - - Deploy, maintain, and monitor 30+ systems with 130+ Red Hat Enterprise Linux (RHEL) servers each - - Maintain multiple services on each system including; LDAP, DNS, Apache, NiFi, Hadoop, Apache, Puppet, DHCP, PXE boot - - Develop and deploy monitoring, reporting, and issue correcting scripts: Python - - Repoting sent via Web API to graphic interface for viewing as well as emailed out to the team - - Organize, train, and participate in team performing 24x7 call-in rotation - - Stage new deployments to verify viability before deployment - - Responsible for 5+ domestic and foreign system deployments + - Ownership over 30+ systems with 130+ RHEL servers each + - Stage 10+ systems + - Deploy 3+ systems, domestic and foreign + - Soley responsible for 5+ domestic and forign systems + - Maintain all systems as part of a 24x7 call-in rotation + - Multiple services on each system + - LDAP, DNS, Apache, NiFi, Hadoop, Puppet, DHCP, PXE boot + - Develop scripts to aid in maintenance + - Python + - Auto fix known issues + - Scan and produce report of all systems in under 30 min + - Report sent via Web API to Web UI and alerting system + - Reduced call-ins + - Organize and train team of contractors + - Spun up to work 24x7 + - Provide SOPs for quick fixes + - Provide SOPs for tier 1 to reduce call-ins for 24x7 team -## Salisbury University +### Salisbury University **Software Developer**: Nov 2006 - May 2008 - Funded through the Wallops Flight Facility (NASA) - - Provide simplified UI and scenario builder for the Satellite Tool Kit (STK): Managed C++ + - Tasked to provide risk assessments + - Launch vehicles and UAVs over the DELMARVA peninsula + - Provide simplified UI and scenario builder for the Satellite Tool Kit (STK) + - Wizard walk through for standard set of launch and safety scenarios + - Build scenario in both custom simplified UI as well as full STK + - C++, UI built using Visual Studio and Managed C++ + - Provide reports on risks of scenarios + - Realtime graphs and charts + - Post analysis reporting - Create graphs designed to display risk throughout the scenario - Design risk assessment scenarios for launch vehicles and UAVs over the DELMARVA peninsula - - Collaborate with Geographic Information Science (GIS) for mapping - - Display emergency services and response time on the map throughout the simulation + - Collaborate with Geographic Information Science (GIS) + - Provide maps with POI + - Distances and response times for emergancy vehicles +### Salisbury University + **Lab Administrator**: Sept 2007 - May 2009 - Support Math and CS departments at SU - - Maintain the Linux labs on campus: dual boot OpenSUSE, WindowsXP, and OpenSUSE server - - Perform backups, updates, user management (LDAP), disk quotas, and remote access + - Maintain the Linux labs on campus + - In charge of 2 labs + - Dual boot OpenSUSE, WindowsXP + - OpenSUSE server + - Provide SSH access both internal and external + - Perform regular tasking + - Backups + - Updates + - User management (LDAP) + - Disk quotas + - Remote access + - Installation of needed software - Monitor the labs while in use - - Provide ssh access into the lab for remote work -# Education +## Education - - **University of Maryland Baltimore Campus**: Masters in Computer Science; 2013. Thesis: "Stateless Detection of Malicious Traffic: Emphasis on User Privacy" - - **Salisbury University**: Bachelors in Computer Science; 2009. Magna Cum-Laude - - **Security+**: ID: COMP001021281239; Exp Date: 04/04/2024 - - **Royal Military College (RMC Canada)**: Training in OpenBSD development and administration + - University of Maryland Baltimore Campus + - Masters in Computer Science + - Graduated 2013 + - Thesis: "Stateless Detection of Malicious Traffic: Emphasis on User Privacy" + - Salisbury University + - Bachelors in Computer Science + - Graduated 2009 + - Magna Cum-Laude + - Security+ + - ID: COMP001021281239 + - Exp Date: 04/04/2024 + - Royal Military College (RMC Canada) + - Training in OpenBSD development and administration -# Miscellaneous +## Miscellaneous - - **RedBlue Conference**: Presented combination web enumeration/exploitation tool - - **National Conference for Undergrad Research (NCUR)**: Presented development of STK scenario building and manipulation - - **SANS Courses**: Staying up-to-date on security research - - **Homelab**: Running email, cloud storage, gitea, DNS, multimedia, geneology, and static web page services - - **Web Admin for PTA**: Setup and maintain a Wordpress site + - RedBlue Conference + - Presented combination web enumeration/exploitation tool + - National Conference for Undergrad Research (NCUR) + - Presented development of STK scenario building and manipulation + - SANS Courses + - Staying up-to-date on security research + - Homelab + - Proxmox + - Running email + - Cloud storage, TrueNAS, Nextcloud + - gitea + - DNS, pi-hole, adguard + - Multimedia, Plex, Jellyfin + - Geneology, Webtrees + - Static web page services, docs, hugo, blogs, dashboard + - Home assistant + - Web Admin for PTA + - Setup and maintain a Wordpress site + - Setup and maintain weebly site diff --git a/paul-halvorsen-resume.md b/paul-halvorsen-resume.md index 904f76b..87a5531 100644 --- a/paul-halvorsen-resume.md +++ b/paul-halvorsen-resume.md @@ -21,7 +21,7 @@ I'm a Software Engineer with over 14 years development and 18 years professional ## Binary Defense -**Sr Software Engineer**: April 2022 - Present +**Sr Software Engineer**: April 2022 - Oct 2025 - Rust development including: tokio (test), reqwest, anyhow, serde, windows, cargo, cmake, and WIX - Python development using pyenv, pipenv, cython, docker, GitLab pipelines, and static compilation diff --git a/paul-halvorsen-resume.pdf b/paul-halvorsen-resume.pdf index 2ab734c..5739775 100644 Binary files a/paul-halvorsen-resume.pdf and b/paul-halvorsen-resume.pdf differ