updating the details

paul-halvorsen-resume-detailed.md

@@ -1,115 +1,327 @@
----
-name: Paul Halvorsen
-keywords: rust, cargo, python, c, docker, containers, tdd, test driven development, pytest, ci/cd, javascript, jquery, php, mysql, rest, api, json, xml, git, gitlab, nginx, remote, testing
-left-column:
-    - 'Phone: +1-410-236-4665'
-    - 'Citizen of the United States'
-right-column:
-    - 'Email: [work@halvo.me](mailto:work@halvo.me)'
----
 
-# Summary
+# About Me
 
-I'm a Software Engineer with over (started in 2011) years development and (started in 2006) years professional experience, with exposure to Rust, C, Python, PHP, Go, JavaScript, Java, and C++ languages; various SQL databases; JQuery and Pytest frameworks; Docker containerization; and Rest API, NATS, JSON, XML, and nginx technologies.
+## General Info
 
-# Work Experience
+ - Name: Paul Halvorsen
+ - Contact
+    - Email: paul.halvorsen@pm.me
+    - Phone: +1-410-236-4665
+ - Links
+    - Personal Blog: https://flow.halvo.me
+    - Git Repo: https://git.halvo.me/paul
+    - LinkedIn: https://www.linkedin.com/in/paul-halvorsen
+ - Citizen of the United Stats
 
-## Binary Defense
+## Summary
 
-**Sr Software Engineer**: April 2022 - Present
+I'm a Software Engineer with over (started in 2011) years development and (started in 2006) years professional experience, with exposure to Rust, C, Python, PHP, Go, JavaScript, Java, and C++ languages; various SQL DBs; tokio, JQuery, and Pytest frameworks; Docker and GitLab CI/CD; and Rest API, NATS, JSON, XML, and nginx technologies.
 
- - Rust development using cargo, nextest, cmake, WIX, and cross compilation
+### Keywords
- - Python development using pyenv, pipenv, cython, docker build environment, gitlab pipelines, and static compilation
+
- - Develop security alarms for Windows, Linux (Debian, Ubuntu, CentOS, RedHat), and MacOS
+rust, cargo, python, c, docker, containers, TDD, test driven development, pytest, CI/CD, JavaScript, JQuery, PHP, MySQL, rest, API, JSON, XML, git, GitLab, nginx, remote, testing
+
+## Work Experience
+
+### Abnormal AI
+
+**Software Engineer**: Jan 2026 - Present
+
+ - Utilize claude AI, summarize code, aid in coding, planning
+ - Build and maintain k8s and aws infrastructure
+    - python
+    - pacman
+    - haml
+    - yaml
+ - Build and maintain service to aggregate data
+    - golang, python
+    - pytest, unit testing
+ - running cron jobs in k8s
+ - using kubectl, k9s to control k8s
+ - RBAC
+
+### Binary Defense
+ 
+**Sr Software Engineer**: April 2022 - Oct 2025
+
+ - Gitlab
+    - CI/CD pipelines for unit and integration testing, compilation, and deployment
+    - docker images for Linux, Windows
+    - VMs for MacOS
+    - MR/PR contributions, comments and testing
+ - Rust development
+    - cargo, nextest, cmake, WIX, cross compilation, unit tests
+    - sqlite encrypted db
+    - libraries: tokio, reqwest, anyhow, serde
+    - Containment
+    - Azure Library
+    - Library to watch for windows event logs, file system changes, user changes, and firewall changes
+        - White and blacklists for files, file types, file contents, and hashes
+        - Sanatize, decorate (add additional data), serialize data for transfer to backend
+        - De-duplicate data to reduce network traffic and backend storage costs
+        - Event driven
+    - Unit tests
+    - Public key pinning and certificate transparency
+    - Secure key storage
+        - Encrypting and decrypting on disk sqlite db
+        - dpapi for Windows
+        - org.freedesktop.secrets for Linux
+ - Python development
+    - pyenv, pipenv, cython, docker build environment, static compilation, pytest
+    - Containment
+    - Public key pinning and certificat transparency logs
+    - end-to-end integration testing
+      - Spin up pre-configured VMs (Windows and Linux)
+      - Make specific testing changes to those VMs via ssh
+      - Spin up temporary servers
+      - Run tests
+    - Performance improvements
+        - Reduce CPU usage by filtering out previously observed issues
+        - Reduce memory usage by using regex and filtering
+        - Reduce network traffic using regex and filtering
+        - Reduce disk size by turning multiple strings into regex
+    - Libraries for watching network traffic on Windows and Linux
+        - Event driven
+        - White and blacklists in regex
+    - Specific Windows events
+    - Filesystem changes
+    - User changes
+    - Event driven
+ - Windows
+    - Server 2009, 2012, 2019
+    - xp, 7, 8, 10, 11
+ - Linux
+    - Debian, Ubuntu
+    - Redhat, CentOS
+ - MacOS
  - Written RFC and ADR to drive design and decision making on project direction
- - Design and build containment for all platforms upon detected compromise
+ - Containment
+    - Design and build containment for all platforms upon detected compromise
+    - Containment meaning no network access other than to BD servers
+    - Use Linux iptables, windows firewall, and MacOS ip firewall
  - Design and build secure key exchange and connections
- - Perform public key pinning and certificate transparency logs for server verification: Rust, Python
+ - Public key pinning and certificate transparency logs
- - Perform API calls to Azure for data transfer
+    - For server verification
+    - Prevent MITM attacks
+ - Azure Library
+    - Setup library for communication: rust and python
+    - Perform API calls for uploading and updating data in database
+    - Setup database when it doesn't exist
  - Testing performed using VMs built in Proxmox and Virtualbox
+ - SCRUM
  
-## Kyrus Tech
+### Kyrus Tech
 
 **Sr Software Engineer**: Nov 2020 - April 2022
 
- - Perform test driven development: C, Python/Pytest, Docker, GitLab CI/CD
+ - Router Fingerprinting
- - Build covert communications and file transfers proxy: C, HTTPS, Apache Thrift, Rest API
+    - C and Python
- - Design compact router fingerprinting and vulnerability analysis: Android, HTTPS, TCP/IP, StreamCypher Encryption
+    - Run on Android phone
- - Modify existing code to suppress system logging from Linux Kernel module: various Linux Kernel versions, Ghidra
+    - Compact and rolling logs
+    - Aggregated logs
+    - Scan for connected routers
+    - Perform fingerprinting and vulnerability analysis on device
+    - HTTPS, TCP/IP, StreamCypher Encryption, ICMP, DNS
+ - Covert communications
+    - C, Python, Docker
+    - HTTPS, Apache Thrift, REST API
+    - Multi threaded
+    - Routing through multiple middle
+    - C front end, and middle, python backend
+    - Encrypted transfers
+    - RSA key exchange
+ - Linux kernel backdoor
+    - Supress system logging
+    - Monitor filesystem changes
+    - Supress system monitoring
+    - Support for various Linux Kernel versions
+    - Ghidra, C
+ - Test driven development
+ - C, Python, Pytest, Docker, GitLab CI/CD
+ - SCRUM
 
-## Parsons
+### Parsons
 
 **Cyber Security Software Engineer**: Apr 2018 - Nov 2020
 
- - Continue development of covert Windows application: C, C++, Python
+ - Covert Windows Application
-    - Build modular solution for plugin architecture
+    - Library injection
-    - Design and develope custom API for minimal data transfer to back-end
+    - C, C++, Python
-    - Reverse engineer custom data storage solutions to parse and manipulate target data 
+    - Modular solution for dynamic and static plugins
-    - Reverse engineer API calls to proprietary tools to manipulate communication
+    - Cluster of nodes
-    - Encrypt storage and comms using AES shared key to maintain confidentiality and integrity
+    - Custom API and serialization
- - Build prototype back-end service for file storage and search: Java, Tomcat, Niagarafiles (NiFi), nginx, Hadoop, MySQL, LDAP, RBAC
+        - Extremely limited network traffic
-    - Create API for uploading files via web interface or CLI
+        - Reduce size of data transfer
-    - Verify duplication before storage
+        - Aggregate/Consolodate data from multiple nodes
-    - Track and maintain multi-level user access
+    - Reverse engineer target's custom data storage to parse and manipulate target data
-    - Generate metadata for searching
+    - Reverse engineer API calls to proprietary application
+        - Manipulate lagitimate traffic
+        - Inject traffic
+    - Encrypt local storage and comms using shared AES key
+ - Back-end service for file storage
+    - Java, Tomcat, Niagarafiles (NiFi), nginx, hadoop, MySQL, LDAP, RBAC
+    - API for uploading files
+        - Web interface
+        - CLI
+    - Remove duplication before storage
+        - Allow reads from multiple users uploading the same file
+        - Create new file on write
+    - Multi-level user access, RBAC and LDAP
+    - Produce metadata
+        - Provide search functionality
 
-## NSA
+### NSA
 
 **Security Software Engineer**: Nov 2011 - Apr 2018
 
- - RedTeam DevOps development of browser enumeration, manipulation, and exploitation: PHP, JavaScript, JQuery, CSS, Python, MySQL, Java, Apache, Tomcat, Linux, Windows, Chrome, Firefox, Safari, IE, Edge
+ - RedTeam DevOps
-    - Design Rest and JSON API to transfer data between targets, server, and UI
+ - Browser security
-    - Deliver covert JavaScript to targets for enumeration and exploitation
+    - enumeration, manipulation, exploitation
-    - Design front-end to provide a dynamic UI with real time target data, graphs, and charts for in-depth data analysis
+    - Languages: PHP, JavaScript, JQuery, CSS, Python, MySQL, Java 
-    - Design MySQL database to hold and quickly query enumeration and exploitation data
+    - Platforms: Tomcat, Apache, Nginx
-    - Design and develop new browser exploits using public CVE and POC
+    - OS: Linux, Windows, Android, iOS
-    - Update PHP back-end for security and performance
+    - Browsers: Chrome, Firefox, Safari, IE, Edge
- - Advise and develop vulnerability mitigation strategies for various military and government customers
+    - Rest JSON API for data transfer to and from target and backend server
- - Train and provide SOPs to NSA RedTeam operators for various tools
+    - Recon from browser
- - Train new development employees on test system and deployment procedures
+        - Browser name, type, version
- - Update Windows and Linux software package to also run on MacOS
+        - OS name, type, version
+        - Possible device make and model
+        - Plugins in browser and versions
+    - Design dynamic browser UI using JQuery
+        - View all data on all connected targets
+        - Interact with the targets browsers
+            - Change the look
+            - Monitor key presses and mouse movements
+            - Mimic legitimate sites
+            - Redirect the page
+        - View stats on currently and past connected targets
+            - Query CVEs to view possible exploits
+            - Number of versions seen
+            - Plugins seen
+            - Add more as needed by operator
+        - Send exploits to target with backdoor payload
+    - Build browser exploits using CVE and POC (half day and full day vulnerabilities)
+    - Obfuscate
+        - PHP and JS obfuscation
+        - Randomly change the JS and PHP to hide and evade detection
+    - Design and maintain MySQL database
+        - Hold data on each browser, os, and possible exploits
+        - Hold and relate data for CVEs and available exploits
+        - Reduce redundancy
+        - Increase efficiency with pre-compiled queries and indexes
+    - Maintain backend server
+ - Additional projects as needed
+    - Java Tomcat web backdoor
+    - ASP.Net web backdoor
+    - ASP.Net document backdoor
+    - Run JS inside documents and PDFs
+    - Re-work windows backdoor to cross compile on MacOS
+ - Provide feedback
+    - Train and provide SOPs to NSA RT operators for various tools
+    - Produce documentation for new developers
+    - Train new developers
+    - Advise and develop vulnerability mitigation strategies for various military and government customers
+ - Aid in scoring the NSA Cyber Defense Challenge
+    - Build token scoring system
+    - Keep track of scores and provide feedback to the teams
+    - Report scoring throughout the competition
+
+### NSA
     
 **Systems Engineer**: Sept 2009 - Nov 2011
 
- - Deploy, maintain, and monitor 30+ systems with 130+ Red Hat Enterprise Linux (RHEL) servers each
+ - Ownership over 30+ systems with 130+ RHEL servers each
- - Maintain multiple services on each system including; LDAP, DNS, Apache, NiFi, Hadoop, Apache, Puppet, DHCP, PXE boot
+    - Stage 10+ systems
- - Develop and deploy monitoring, reporting, and issue correcting scripts: Python
+    - Deploy 3+ systems, domestic and foreign
- - Repoting sent via Web API to graphic interface for viewing as well as emailed out to the team
+    - Soley responsible for 5+ domestic and forign systems
- - Organize, train, and participate in team performing 24x7 call-in rotation
+    - Maintain all systems as part of a 24x7 call-in rotation
- - Stage new deployments to verify viability before deployment
+ - Multiple services on each system
- - Responsible for 5+ domestic and foreign system deployments
+    - LDAP, DNS, Apache, NiFi, Hadoop, Puppet, DHCP, PXE boot
+ - Develop scripts to aid in maintenance
+    - Python
+    - Auto fix known issues
+    - Scan and produce report of all systems in under 30 min
+    - Report sent via Web API to Web UI and alerting system
+    - Reduced call-ins
+ - Organize and train team of contractors
+    - Spun up to work 24x7
+    - Provide SOPs for quick fixes
+    - Provide SOPs for tier 1 to reduce call-ins for 24x7 team
 
-## Salisbury University
+### Salisbury University
 
 **Software Developer**: Nov 2006 - May 2008
 
  - Funded through the Wallops Flight Facility (NASA)
- - Provide simplified UI and scenario builder for the Satellite Tool Kit (STK): Managed C++
+    - Tasked to provide risk assessments
+    - Launch vehicles and UAVs over the DELMARVA peninsula
+ - Provide simplified UI and scenario builder for the Satellite Tool Kit (STK)
+    - Wizard walk through for standard set of launch and safety scenarios
+    - Build scenario in both custom simplified UI as well as full STK
+ - C++, UI built using Visual Studio and Managed C++
+ - Provide reports on risks of scenarios
+    - Realtime graphs and charts
+    - Post analysis reporting
  - Create graphs designed to display risk throughout the scenario
  - Design risk assessment scenarios for launch vehicles and UAVs over the DELMARVA peninsula
- - Collaborate with Geographic Information Science (GIS) for mapping
+ - Collaborate with Geographic Information Science (GIS)
- - Display emergency services and response time on the map throughout the simulation
+    - Provide maps with POI
+    - Distances and response times for emergancy vehicles
+
+### Salisbury University
  
 **Lab Administrator**: Sept 2007 - May 2009
 
  - Support Math and CS departments at SU
- - Maintain the Linux labs on campus: dual boot OpenSUSE, WindowsXP, and OpenSUSE server
+ - Maintain the Linux labs on campus
- - Perform backups, updates, user management (LDAP), disk quotas, and remote access
+    - In charge of 2 labs
+    - Dual boot OpenSUSE, WindowsXP
+    - OpenSUSE server
+ - Provide SSH access both internal and external
+ - Perform regular tasking
+    - Backups
+    - Updates
+    - User management (LDAP)
+    - Disk quotas
+    - Remote access
+    - Installation of needed software
  - Monitor the labs while in use
- - Provide ssh access into the lab for remote work
 
-# Education
+## Education
 
- - **University of Maryland Baltimore Campus**: Masters in Computer Science; 2013. Thesis: "Stateless Detection of Malicious Traffic: Emphasis on User Privacy"
+ - University of Maryland Baltimore Campus
- - **Salisbury University**: Bachelors in Computer Science; 2009. Magna Cum-Laude
+    - Masters in Computer Science
- - **Security+**: ID: COMP001021281239; Exp Date: 04/04/2024
+    - Graduated 2013
- - **Royal Military College (RMC Canada)**: Training in OpenBSD development and administration
+    - Thesis: "Stateless Detection of Malicious Traffic: Emphasis on User Privacy"
+ - Salisbury University
+    - Bachelors in Computer Science
+    - Graduated 2009
+    - Magna Cum-Laude
+ - Security+
+    - ID: COMP001021281239
+    - Exp Date: 04/04/2024
+ - Royal Military College (RMC Canada)
+    - Training in OpenBSD development and administration
 
-# Miscellaneous
+## Miscellaneous
 
- - **RedBlue Conference**: Presented combination web enumeration/exploitation tool
+ - RedBlue Conference
- - **National Conference for Undergrad Research (NCUR)**: Presented development of STK scenario building and manipulation
+    - Presented combination web enumeration/exploitation tool
- - **SANS Courses**: Staying up-to-date on security research
+ - National Conference for Undergrad Research (NCUR)
- - **Homelab**: Running email, cloud storage, gitea, DNS, multimedia, geneology, and static web page services
+    - Presented development of STK scenario building and manipulation
- - **Web Admin for PTA**: Setup and maintain a Wordpress site
+ - SANS Courses
+    - Staying up-to-date on security research
+ - Homelab
+    - Proxmox
+    - Running email
+    - Cloud storage, TrueNAS, Nextcloud
+    - gitea
+    - DNS, pi-hole, adguard
+    - Multimedia, Plex, Jellyfin
+    - Geneology, Webtrees
+    - Static web page services, docs, hugo, blogs, dashboard
+    - Home assistant
+ - Web Admin for PTA
+    - Setup and maintain a Wordpress site
+    - Setup and maintain weebly site
 

paul-halvorsen-resume.md

@@ -21,7 +21,7 @@ I'm a Software Engineer with over 14 years development and 18 years professional
 
 ## Binary Defense
 
-**Sr Software Engineer**: April 2022 - Present
+**Sr Software Engineer**: April 2022 - Oct 2025
 
  - Rust development including: tokio (test), reqwest, anyhow, serde, windows, cargo, cmake, and WIX
  - Python development using pyenv, pipenv, cython, docker, GitLab pipelines, and static compilation