Website Development, Web Applications, Orchestration, Automation, Continuous Integration (CI), Continuous Delivery (CD), High Performance, High Availability, Systems Programming, Databases, Network Monitoring, Network Messaging, Intrusion Prevention, Vulnerability Scanning, Payment Card Industry (PCI) Compliance, Virtual Private Network (VPN), Domain Name Service (DNS), Storage Area Network (SAN), Network Attached Storage (NAS), Dynamic Knowledge Base, Expert Systems, Automated Virtual Appliances
RESTful API Microservices, Bare-Metal Clouds, Network Function Virtualization (NFV), Software-Defined Network (SDN), OpenStack, Big Data, Orchestration, Automation, Continuous Integration (CI), Continuous Delivery (CD), High Performance, High Availability, Systems Programming, Databases, Network Monitoring, Network Messaging, Virtual Private Network (VPN), Domain Name Service (DNS), Storage Area Network (SAN), Network Attached Storage (NAS), Virtual Network Computing (VNC), Automated Virtual Appliances
RESTful API Microservices, Machine Learning, Data Analytics, Software Toolkits, Software Compilers, Amazon Web Services, Big Data, Orchestration, Automation, Continuous Integration (CI), Continuous Delivery (CD), High Performance, High Availability, Systems Programming, Databases, Network Monitoring, Network Messaging, Website Development, Web Applications, Intrusion Prevention, Vulnerability Scanning, Domain Name Service (DNS), Storage Area Network (SAN), Network Attached Storage (NAS)
Website Development, Web Applications, Automation, High Performance, High Availability, Systems Programming, Databases, Network Monitoring, Network Messaging, Intrusion Prevention, Vulnerability Scanning, Bare-Metal Cloud, Domain Name Service (DNS), Storage Area Network (SAN), Network Attached Storage (NAS), AV Multimedia Software, Virtual Network Computing (VNC)
I deliver efficiency that keeps infrastructures running smoothly every day. I deliver trusted, reliable solutions which are always up and always repsonsive. I promote technologies and methods which reinforce best practices and security standards.
I promote popular open source software that's actively maintained by real people skilled in software engineering and proudly backed by millions of educated users. I seek software that can be tested and verified by anyone worldwide. I seek software that accurately documents its architecture and its subsystems. I seek software that's actively improved in online forums of user communities where anyone can participate.
I believe the best solutions keep it simple and make use of the right tools for the job by relying on proven technologies and proven methods. So I don't hack code together in kludges. I don't push technologies beyond what they were intended for and designed to do. Everything I do I can explain to you. I'm not about pushing on you languages and technologies which have fallen into industry disuse. And I have no problem with learning new technologies and new methods to make use of the right tools.
I've worked in four industries: E-Commerce, Telcommunications, Security, and Education. I've worked for myself, startups, small businesses, and enterprise companies. I've been a business owner, a consultant, a team leader and an individual contributor. Most of my work has been engineering solutions from vague concepts and networks diagrams working alongside business owners and systems architects.
I worked solo at DavidBrennerJr.com, DeepSentry.com, DevOpsBuilder.com, and ResolveBug.com. I worked in two-person teams at Zayo Group, McAfee.com, Symantec.com, NuevoCloud.com, and OSDisc.com. I worked part of teams of 20-60 people at Comcast Wholesale, CenturyLink.com, Time Warner Cable, and CU-Denver.Just by following along with me you can modify your deliverables or halt your project at any time. My work stays in sync with your team and your deployment strategy. My work is completed in phases that are best for deployments like blue-green, red-black, a/b, or canary.
I always start with an isolated network of separated services that satisfies essential QA requirements. The isolated network has the latest releases of default software installations and their minimal configurations. Shared components in the isolated network are glued together using private IP addresses, shell scripts, process scheduling, and common tooling.
I add one feature at a time, step-by-step testing that the entire isolated network is compliant through integrated testing until all of the requirements have been added to the isolated network. I slowly increase the complexity of the isolated network by adding kernel routing tables, software firewalls, and a private DNS to the point that it can best be described as a production-like network of integrated services that satisfies all of the QA requirements.
The new production-like network is operational, but may need additional customization from you to be ready for your end-users. Now we'll walk through a deployment checklist so that it's ready for independent verification.
I know what it takes to be instrumental in all aspects of day to day customer success. I can build strong interpersonal relationships with your technical resources at all levels to improve your products and services. I know how to drive success through teamwork, communication and coordination. I know how to be part of an effective team that delivers excellence. I've led highly collaborative cross-functional teams distributed remotely throughout the world in delivering excellence. I've driven the resolution of highly technical, complex issues. I've authored customer facing, articles and runbooks.
I can give you a detailed, step-by-step breakdown of the entire process and guarantee a fixed hourly rate by a maximum number of hours. I can perform that work on a 1099 contract renewed per week or on a W2 contract renewed per hour, pending your satisfaction of the deliverables. I want you to be happy with the solutions you get from me. I can you give you free consultations and free bug fixes.
You can cancel anytime it's convenient for you. You're not bound by any terms to fulfill the contract. You're not required to fulfill a minimum number of work hours. You will know what has been completed according to the step-by-step breakdown of the entire process in an online, shared Google spreadsheet or shared Slack channel or shared IRC channel so you can follow along with my work as it's completed for you.
I agree to a non-restrictive Non-Disclosure Agreement typical for Software Engineers in the United States with you (and your company) on all information including purposes of "work" and reasons for "work".
I will agree to a limited open source license that permits you (and your company) to distribute my work and modify my work.
Engineered custom CI/CD pipelines, automated QA platforms, and automated virtual appliances.
Click Here
Engineered a HTTPS REST-API for a multi-tenant IO model running on EC2+RDS+S3 scaling.
Click Here
Led black-box testing of OpenStack Swift in data centers nationwide for migration of OpenStack Kilo to OpenStack Liberty
Click Here
Engineered bare-metal cloud platforms for on-demand, high performance telco microservices based on SDN and NFV using an OpenStack ecosystem of Open Source software.
Click Here
Engineered network operations compliant with PCI-DSS 2-3 for five e-commerce companies, OSDisc.com and NuevoCloud.com and three upcoming companies.
Click Here
Engineered a fully automated virtual security appliance based on FreeBSD and Open Source software, critical to PCI DSS 2 compliance.
Click Here
Engineered a small international business that provided on-demand engineering of Linux servers with Open Source software via both same-day emails and remote administration.
Click Here
Engineered network operations for cloud of CentOS servers and openSUSE multimedia desktops on Citrix XenServer; compliant with UCD IT Policies, Modern Languages Lab Policies.
Click Here
Engineered another first to market product that involved reverse-engineering similar technology found in Open Source software: Live Linux with Integrated Read-Write Storage.
Click Here
Engineered a first to market product that involved reverse-engineering similar technology found in Open Source software: Software Repositories on CD/DVD Media.
Click Here
Engineered resolution of systems integration issues of bleeding-edge and cutting-edge Open Source technologies in Linux, BSD, Solaris.
Click Here
Returns every possible combination of list of subjects and their components according to list of requirements, as search-strings for Google, Yahoo, AOL, MSN.
Click Here
Determines statistical relevancy of keywords related to problems within collection; both keyword order and keyword position return results as links.
Click Here
Java servlet encrypts HTTP 1.1 session data over HTTPS-TLS as AES 256-bit file then responds with credit card payment form hosted on Authorize.net.
Click Here
Cyber security intelligent agent developed in C that uses machine learning to remotely enforce the "right" behaviors of users and services.
Click Here
Programmable security policy developed in Python3 that converts a config file into simple machine language instructions to be managed and executed by DeepSentry's intelligent agent.
Click Here
Programmable security policy developed in C that combines any semantics of C with DeepSentry's API in addition to compiled languages and interpreted languages as literal blocks of code.
Click Here
Collection of JSON microservices, HATEOAS compliant, on PostgreSQL developed in Golang with private TLS certificates, private 2048-bit SSH2 keys, real PL/PgSQL pagination.
Click Here
Bachelor of Science, Business Administration & Information Technology, GPA 3.2/4.0, Academic Awards: 2
Click Here
Associate of Science, Business Administration & Information Technology, CCD's Phi Theta Kappa Honor Society, GPA 3.9/4.0, Academic Awards: 4
Click Here
I work with you to determine the technology for your project by helping you come up with a list of your project's capabilities and a list of your project's requirements. I give you a detailed breakdown, step-by-step of what's involved to complete your project. I work with you to draft a guaranteed plan that delivers your project in time and on budget. I guarantee to complete your project by a fixed hourly rate per a maximum number of hours.
I use your list of your project's capabilities and your list of your project's requirements to build a system of separated network services in a isolated local network within a testing environment. I ensure this system satisfies your project's basic requirements via QA testing. In this special environment components of your project are glued together using shell scripts, process scheduling, and common tooling.
I use your project's prototypes to build a system of integrated network services in a production-like network within a development environment. I prove this system represents proof of concept with the minimum features to satisfy your project's capabilities and your project's requirements via QA testing. I ensure your system is operational, but it may need further customization to be ready for your production environment.
I use your project's minimum viable product to build a system of integrated network services that's operational and ready for your end-users. I ensure this system has been customized for the needs of your production environment. I prove the features of this system satisfies your project's capabilities and your project's requirements via QA testing and independent verification.
Sample my engineering techniques and engineering guides. Read about current trends in high performance. Learn how to engineer a VMware vSAN. Learn about continuous integration best practices. Learn the how to of secure Linux programming. Understand the uses of Big-O notation. And more!
Click Here
david.brenner.jr@gmail.com
+1-720-584-5229
Operating System | Debian GNU/Linux >=7.0 |
Architecture | 64-bit PC |
Kernel | Linux >=3.2+ SMP |
Memory | >=128MB DDR3 |
File Systems (POSIX only) | EXT2, EXT3, EXT4 |
Mount Flags | ACL |
DeepSentry API | GCC >=4.0 (C) |
Tested | GNU/Linux |
Compatible | FreeBSD, Mac OS, Oracle Solaris, Sun Solaris |
Limited Compatibility | Windows Server |
Storage Rate Per 10,000 Targets Without Compression |
56KB / second |
Storage Rate Per 10,000 Targets With Compression |
14.7KB / second |
Memory Usage Per 10,000 Targets Initial/Update Runtime |
82MB RAM |
Memory Usage Per 10,000 Targets At Rest Runtime |
20MB RAM |
Real-Time Behavior Analysis Bandwidth Rate Per 10,000 Targets |
56KB / second |
Data Sharing Between Sentinels Bandwidth Rate Per 10,000 Targets |
[Number of Sentinels * (Number of Sentinels - 1) + 1] * 56KB / second |
Directories | Reading, writing and executing folders. |
Devices | Reading, writing and executing devices located in "/dev/". |
Files | Reading, writing and executing files which includes scripts, programs, libraries, archives, etc. |
Library Calls | Executing specific program library calls. |
File System Metadata | Reading and writing file system metadata. |
Timestamps | Modifying a file's timestamps. |
Accounts | Using user/group accounts and creating user/group accounts. |
Passwords | Changing passwords of user/group accounts. |
Security Contexts | Reading user/group contexts and writing user/group contexts. |
Kernel/Process Signals | Signals sent to and received by programs, users and groups. |
Websites (WWW) | Changing a website page or website resource. |
Network Connections | Changing a monitored network incoming/outgoing connection. |
Connection Packets | Changing the contents of packets of a monitored network incoming/outgoing connection. |
1. Policy was enforced | DeepSentry triggers notification process after enforcement of your policy. |
2. Saves alert in logs | DeepSentry saves log entry of how and why it enforced your policy. |
3. Sends you alerts | DeepSentry sends you alerts via email or text message. |
targets { user-group whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename }
targets { application whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename }
targets { process whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename }
targets { network whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename }
targets { user-group blacklist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename }
targets { library calls blacklist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename }
Examples | Do not return results | Return results |
Python | Execute the following code, but don't return anything to the configuration file. Use other means for checking results.% #!python insert real python code % |
Execute the following code, return the output to the configuration file. Use the named variable to get results.% #!return=variablename #!python insert real python code % |
Ruby | Execute the following code, but don't return anything to the configuration file. Use other means for checking results.% #!ruby insert real ruby code % |
Execute the following code, return the output to the configuration file. Use the named variable to get results.% #!return=variablename #!ruby insert real ruby code % |
Scala | Execute the following code, but don't return anything to the configuration file. Use other means for checking results.% #!scala insert real scala code % |
Execute the following code, return the output to the configuration file. Use the named variable to get results.% #!return=variablename #!scala insert real scala code % |
CLISP | Execute the following code, but don't return anything to the configuration file. Use other means for checking results.% #!clisp insert real clisp code % |
Execute the following code, return the output to the configuration file. Use the named variable to get results.% #!return=variablename #!clisp insert real clisp code % |
Vagrant | Execute the following code, but don't return anything to the configuration file. Use other means for checking results.% #!vagrant insert real vagrant code % |
Execute the following code, return the output to the configuration file. Use the named variable to get results.% #!return=variablename #!vagrant insert real vagrant code % |
Ansible | Execute the following code, but don't return anything to the configuration file. Use other means for checking results.% #!ansible insert real ansible code % |
Execute the following code, return the output to the configuration file. Use the named variable to get results.% #!return=variablename #!ansible insert real ansible code % |
Contradiction/False Opq |
|
![]() |
if ((expression Opq expression ...) Opq ...) { } | ||||||||||
Tautology/True Vpq |
|
![]() |
if ((expression Vpq expression ...) Vpq ...) { } | ||||||||||
Proposition P Ipq |
|
![]() |
if ((expression Ipq expression ...) Ipq ...) { } | ||||||||||
Negation of P Fpq |
|
![]() |
if ((expression Fpq expression ...) Fpq ...) { } | ||||||||||
Proposition Q Hpq |
|
![]() |
if ((expression Hpq expression ...) Hpq ...) { } | ||||||||||
Negation of Q Gpq |
|
![]() |
if ((expression Gpq expression ...) Gpq ...) { } | ||||||||||
Conjunction Kpq |
|
![]() |
if ((expression Kpq expression ...) Kpq ...) { } | ||||||||||
Alternative Denial Dpq |
|
![]() |
if ((expression Dpq expression ...) Dpq ...) { } | ||||||||||
Disjunction Apq |
|
![]() |
if ((expression Apq expression ...) Apq ...) { } | ||||||||||
Joint Denial Xpq |
|
![]() |
if ((expression Xpq expression ...) Xpq ...) { } | ||||||||||
Material Nonimplication Lpq |
|
![]() |
if ((expression Lpq expression ...) Lpq ...) { } | ||||||||||
Material Implication Cpq |
|
![]() |
if ((expression Cpq expression ...) Cpq ...) { } | ||||||||||
Converse Nonimplication Mpq |
|
![]() |
if ((expression Mpq expression ...) Mpq ...) { } | ||||||||||
Converse Implication Bpq |
|
![]() |
if ((expression Bpq expression ...) Bpq ...) { } | ||||||||||
Exclusive Disjunction Jpq |
|
![]() |
if ((expression Jpq expression ...) Jpq ...) { } | ||||||||||
Biconditional Epq |
|
![]() |
if ((expression Epq expression ...) Epq ...) { } |
Green Warning Level | Low Threat | Indicates that the identified user or service violated policy. |
Yellow Warning Level | Elevated Threat | Indicates that the user or service continues to violate policy. |
Orange Warning Level | High Threat | Indicates that the user or service continues to violate policy. |
Red Warning Level | Serious Threat | Indicates that the user or service continues to violate policy. |
Relaxed | Enforces company policy, if necessary, after a specified threshold. Can notify policy holder. | behavior { relaxed = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Neutral | Enforces company policy after limit of specified violations is reached. Can notify policy holder. | behavior { neutral = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Aggressive | Enforces company policy after a percentage of violations has been reached. Can notify policy holder. | behavior { aggressive = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Hostile | Enforces company policy whenever a violation occurs. Can notify policy holder. | behavior { hostile = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Lockdown | Kill all processes, kill all connections, log out all non-privileged accounts, disable all non-privileged accounts, then notify policy holder | behavior { lockdown = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
LockOut | Kill all processes owned by offender, kill all connections owned by offender, log out offender, change password of their account, then notify policy holder or company representative with new password. Offender must contact policy holder to get new password. | behavior { lockout = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
KickOut | Kill all processes owned by offender, kill all connections owned by offender, log out offender, and disable their account, then notify policy holder. | behavior { kickout = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Freeze | Kill all processes, kill all connections, stop all services, log out accounts, run archiver on all files and directories specified in policy, then notify policy holder. | behavior { freeze = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Temporary | Permit timed access as specified in policy. | behavior { temporary = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Spy | Record all interactions with keystrokes, log violations, notify policy holder. | behavior { spy = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Silent | Ignore interactions not allowed and log violations. | behavior { relaxed = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Auth Only | Kill user or service on interaction not allowed as specified in policy. | behavior { auth = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Restore Level | Kill user or service on interaction not allowed until threat warning level is reached as specified in policy. | behavior { restore = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
Idle | Only run what user or service wants when computer is idle. | behavior { idle = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...} |
behavior { complex = hostile kickout auth lockout lockdown ... }
targets { ... } # add comments like this one if (expression ...) { complex = behavior behavior ... temporary { input = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ... run = behavior /path/to/program /path/to/script ... } } else if (expression ...) { run other options and behaviors ... } else if ... { run other options and behaviors ... } else { run other options and behaviors ... } # append additional options from other config files include = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
targets { user-group-whitelist = user }DeepSentry uses a custom spy behavior to record all its interaction with keystrokes, enforce company policy whenever a violation occurs, then notify policy holder.
behavior { spy { input = user run = hostile } }
None | Your preferences (if any) determine recognition of right behaviors and wrong behaviors. |
Baseline | A baseline model of limits and extremes determines recognition of right behaviors and wrong behaviors. |
History | Previous interactions and previous behaviors determine recognition of right behaviors and wrong behaviors. |
Trained | Specific patterns of behaviors determine recognition of right behaviors and wrong behaviors. |
Complex | A combination of None, Baseline, History, and Trained, determine right behaviors and wrong behaviors. |
Campaign Operations | Runs coordinated operations with specific goals from microseconds up to years. |
Rapid-Response Operations | Runs operations triggered by priorities and preferences in response to events. |
Emergency Operations | Runs operations that detect failures (or changes) then rebuild your services or computers, without ever requiring a person to be there. |
Silent Operations | Runs covert operations on specific services, applications, users, groups, or computers. |
Secure Shell (SSH) | DeepSentry's preferred method of remote access is Secure Shell (SSH), SSH-1 or SSH-2. SSH handles secure data communication for remote command-line login, remote command execution, and other secure network services between networked computers. |
Custom Remote Access | DeepSentry can run its operations through any remote access service that can handle remote command execution. |
Bachelor of Science of Business Administration & Information Technology, GPA 3.2/4.0
IT Training, Completed 45 credits, CCD's Phi Theta Kappa Honor Society, GPA 3.9/4.0