Sep 2015 — Dec 2015

Time Warner Cable, Cloud Engineering and Operations

• Led deployment of black-box network smoke tests and black-box network stress tests on OpenStack Swift clusters that ran in Ubuntu Server on Cisco UCS C-Series Rack Servers. Included runbook about stress tests.
• Engineered test-automation deployment process as PXE Booting managed via OpenStack Nova Compute and OpenStack Glance. Resolved issues with Puppet, Ansible, Cobbler, Xinetd, DHCPd, TFTPd, and DNS records. Included runbook about troubleshooting and resolution.
• Assisted team with migration of high performance cloud microservices from OpenStack Kilo with Ceph storage to OpenStack Liberty with Swift storage, based on Ubuntu Server; through Puppet jobs, Ansible roles, Jenkins tests, and Python scripts.
• Assisted team with development of hardware configuration of Cisco UCS C-Series Rack Servers using Expect scripts that configured RAID, BIOS, BMC, PXE, and IPMI.
• Coordinated resolution of national network issues via Time Warner Cable's data center services, which involved Juniper Services Gateway with Edge Router switches and Cisco UCS C-Series Rack Servers.
• Coordinated fault management of Cisco UCS C-Series Rack Servers via Time Warner Cable's data center services; analyzed Icinga reports, IPMI sensor warnings, and System Event Logs.

Mar 2015 – Sep 2015

CenturyLink, Adaptive Platforms Strategy and Development

• Engineered web server of Ironic in OpenStack Kilo in CentOS Minimal running from Libvirt KVM/QEMU in CentOS on VMware ESX as bare-metal cloud for testing and configuring distributed SuperMicro platforms. Configured message queue passing between RabbitMQ and MariaDB over AMPQ for Ironic REST-API. Developed message queue driver using IPMItool and PXE for Ironic REST-API.
• Engineered golden image of OpenStack Juno in CentOS Minimal running from Libvirt KVM/QEMU and Open vSwitch in CentOS on VMware ESX. Included step-by-step documentation.
• Engineered virtualization platform of Libvirt KVM/QEMU and Open vSwitch in CentOS Minimal on a SuperMicro SuperServer that hosted Cyan's Blue Planet Orchestration and pulled dynamic tenant data from OpenStack Juno+Kilo. Included step-by-step documentation.
• Engineered a cluster of integrated high performance application servers that host SuperMicro Server Manager (SSM) in CentOS Minimal in VMware vCenter Server and VMware vSphere. Added all active nodes per rack and customized monitoring services, for automatic reporting of uptimes, sensors, IPMI-readiness, and licensing.
• Engineered automatic collection of hardware sensor readings from active nodes every 5 minutes, with a maximum runtime of two seconds. Integrated into SuperMicro Server Manager (SSM) using bash scripts, IPMITool, Splunk's Universal Forwarder with Hunk. Included step-by-step documentation.
• Engineered web server as SSL/TLS load balancer using HAProxy in CentOS Minimal in VMware vCenter Server and VMware vSphere for servers part of Nuage Networks Virtual Services Platform. Included step-by-step documentation with test cases.
• Developed high performance networking solutions among web servers of Nuage Networks Virtual Services Platform hosting VSD Architect in CentOS in VMware vCenter Server. Issues involved high latency, intermittent timeouts, response times, resource utilization.
• Engineered automatic collection of context switches from SuperMicro platform-related hardware monitoring services activated on each node. Integrated into SuperMicro Server Manager (SSM) using bash scripts, SSM REST-API, Splunk's Universal Forwarder with Hunk. Included step-by-step documentation.
• Engineered automatic collection of context switches from SuperMicro platform-related configuration events involving BIOS, BMC, IPMI, PXE, etc. Integrated into SuperMicro Server Manager (SSM) using bash scripts, SSM REST-API, and Splunk's Universal Forwarder with Hunk. Included step-by-step documentation.
• Developed automatic batch testing of SuperMicro platform compatibility with features of SuperMicro Update Manager (SUM). Integrated into SuperMicro Server Manager (SSM) using bash scripts. Included step-by-step documentation.
• Assisted with engineering a VMware vCenter Server Appliance of Virtual SAN clusters through vSphere for centralized control of storage clusters, included deploying ESXi hypervisors in hybrid clusters on SuperMicro 4U Fat Twins connected to two Arista 7150S switches. Included step-by-step documentation.
• Authored a cookbook about the customization of SuperMicro Server Manager (SSM) as a high performance server for bare-metal cloud, focuses on both the configuring and monitoring of SuperMicro's platform-specific features. The cookbook is about 50 pages covering six subjects and 132 key topics, and includes 100 configuration examples.
• Configured hardware interfaces of SuperMicro server platforms which were designed to support OpenStack's cloud ecosystem: MegaRAID, PXE, BIOS, in-band IPMI, out-of-band IPMI, BMC. Included step-by-step documentation.
• Mounted SuperMicro's 1U-4U Fat Twins, SuperServers, SuperStores, and SuperChassis, in 40U racks part of CenturyLink's Integrated Testing Facilities at their Network Reliability Center.

Jun 2013 – Dec 2014

Ramsey Grant Brenner & Co, Inc. dba OSDisc.com and NuevoCloud.com and others

• Developed web applications in C with PostgreSQL's libpq for e-commerce template engine with web stack, compliant with PCI DSS 2-3. Web stack was CGI, Bootstrap, LESS, JavaScript, jQuery, FlotJS, HTML, CSS.
• Developed web applications in C for high performance web server engine using Node.js, libevent, and libev.
• Reverse-engineered req() functions and res() functions of Node.js Express API using only its official documentation.
• Managed Ansible orchestration for IT Operations of five companies, OSDisc.com and NuevoCloud.com and three upcoming companies, compliant with PCI DSS 2-3. Maintained infrastructure documentation on change management: new accounts, access controls, resource provisioning, server config procedures, server changelogs, etc.
• Engineered fully automated infrastructure that relied on Ansible with Jinja2 templates and BASH shell scripts.
• Engineered automated web servers based on Debian Linux compliant with PCI DSS 2-3 for testing, scaling, automation, security, traffic control, storage, services.
• Engineered "base templates" (for all servers of the infrastructure) that were the minimum configuration required to customize the latest release of a default installation of Debian Linux as a high performance web server compliant with PCI DSS 2-3.
• Engineered automated platform for high performance and high availability of a managed security service that performed security compliance using SYSLOG messages. Integrated new platform into e-commerce infrastructure via Ansible.
• Engineered centralized NAS platform for PostgreSQL HA WAL to be used for emergency backups and transaction storage.
• Migrated existing e-commerce infrastructure of clustered FreeBSD virtual servers to clustered Debian Linux virtual servers on Citrix XenServer.
• Migrated e-commerce template engine (with web stack), developed in C, from FreeBSD to Debian Linux.
• Migrated SAN platform of FreeBSD-ZFS with Open-iSCSI on RAID to clustered NAS virtual servers based on Debian Linux on Citrix Xenserver and RAID.
• Assisted with business operations through systems analysis: optimization, cost-benefit, risk, product development, manufacturing, shipping, and ticket management.

Aug 2012

Ramsey Grant Brenner & Co, Inc. dba OSDisc.com and others

• Engineered fully automated virtual security appliance based on FreeBSD and Open Source software that performed latest malware scanning and latest vulnerabilty scanning, compliant with PCI DSS 2.
• Appliance included the customization of 20k SNORT Rules with OWASP 2012 threat analysis for web servers in network.
• Appliance included firewall with failover routing policies onto another copy of itself.

Apr 2011 – Nov 2012

ResolveBug.com

• International service that provided same day technical support of UNIX, Linux, BSD, Solaris, VMware, and Windows, technologies for desktops and servers, via emails and remote administration.
• Engineered VMware vData Center with LAMP stack for Australian company using VMware vCloud Director 5.1: IP subnet addressing, Network Bridging, Roles and Rights, Users and Groups, Provider and Organization vDCs, Organizations, Published Catalogs, vApp Templates, vSpheres, vApps, and VMs.
• Managed marketing campaigns of text-based ads and organic searching using Bing adCenter and Google AdWords, included SEO performance. Website reached 3rd page of Google search results using less than $0.15 bidding per keyword. Website received more than 1 million hits per month during campaigns. Total amount spent in two years was less than $1,000.
• Developed modern e-commerce website over TLS with an AES encrypted checkout, compliant with PCI DSS 2. Website was developed in HTML1-5, CSS3, JavaScript, and Java; page load time was 1.3 seconds to 1.4 seconds.
• Developed dynamic knowledge base portal, developed in C and BASH shell scripts, to assist with solving systems engineering problems. Portal scrapes websites for specific information which are PDF or HTML/TXT then converts that information into a common format for categorization and indexing. Later, portal determines statistical relevancy of keywords and phrases related to problems (and their components). Portal presents links to documents as a hierarchical tree that shows component dependencies.

Mar 2010 – Feb 2013

University of Colorado at Denver, Modern Languages Lab & Multimedia Center

• Managed LAN of CentOS LAMP on Citrix XenServer, openSUSE desktops, HP Printers, and AV equipment; compliant with UCD IT Policies, Modern Languages Lab Policies, DMCA, HIPAA.
• Managed network operations via centralized proprietary web-based software configuration manager (SCM) developed in HTML, PHP, CSS, Python, BASH scripts, PERL scripts, SSH, Apache, MySQL.
• Hardened network security practices via enforced SSL certificates, restrictive firewalls, restrictive service access, secure file permissions, restrictive user policies, restrictive group policies, minimal installations, network logging.
• Engineered all customized CentOS web server images and customized openSUSE multimedia workstation images used throughout the network for use by employees and students.
• Engineered centralized monitoring of both network connectivity and hard disk drive performance via Nagios for CentOS web servers and openSUSE desktops. Integrated PERL scripts that relied on SNMPd with SMART for notification and testing of servers and desktops.
• Developed BASH shell scripts integrated into web-based SCM that connected to servers and desktops via SSH then notified SCM of software malfunctions and hardware failures.
• Developed BASH shell scripts integrated into web-based SCM to save/restore 16 server images per hour from Apache NAS (compared to 3-4 server images per hour in the past).
• Developed fully-functional, reusable kiosk with three modes of operation in openSUSE 10.3-12.1 that was compliant with UCD IT Policies; kiosk was used by 350+ students per year.
• Engineered VNC over network of openSUSE desktops using Krfb and Krdc so professors could verbally and remotely instruct up to 36 students at the same time.
• Provided help desk technical support as Subject Matter Expert (SME) for professors, lab advisors, administrative staff, and new students; included individual assistance and group instruction.
• Trained student lab advisors to provide Tier 1-2 technical support of Linux desktops, included issues in new accounts, authorized access, campus crime, networking, connectivity, printing documents, international language support, and application usage.
• Integrated textbook multimedia software into openSUSE desktops as local resources and network attached resources. Local resources were accessible through WINE emulation. Network resources were accessible on lab's Apache NAS server.
• Authored all technical documentation on using common office applications and troubleshooting office applications in Linux-based environments; targeted at the lab's employees, professors, and students.
• Rebuilt multimedia computer lab of custom Dell Optiplex workstations running fully customized openSUSE desktops, customized access to HP Printers, and customized access to AV devices and equipment.
• Migrated experimental openSUSE LAMP and Apache NAS on Xen Hypervisor 1.0, to stable, enterprise-level CentOS web servers on Citrix XenServer.
• Migrated web-based software configuration manager (SCM), developed in PHP and Python, from openSUSE Linux to CentOS Linux.
• Coordinated private consultant to migrate experimental virtualization platform of openSUSE 10.3 Xen Hypervisor 1.0 (KVM-based para-virtualization). The platform ran openSUSE 10.3 enterprise server with a custom XEN-OPENSUSE Linux kernel without SMP support and it used a single 2TB file system with logically extended LVM partitions. The platform was built on an outdated Dell PowerEdge 1800 with a RAID of six 5400 RPM HDDs. Platform was migrated to Citrix XenServer 6.0 the latest enterprise-level virtualization platform.

Jan 2010 – Dec 2010

Ramsey Grant Brenner & Co, Inc. dba OSDisc.com

• Engineered first to market product for OSDisc.com: live Linux operating systems (read-only OS with read-write file system overlays) on USB flash drives with integrated read-write storage.
• Delivered product self-contained as ISO 9660 image with step-by-step instructions for creating the software on storage drives; updated software for 1 year.
• Reverse-engineered popular Linux operating system installers to implement Linux operating systems on USB flash drives.

Jan 2009 – Dec 2009

Ramsey Grant Brenner & Co, Inc. dba OSDisc.com

• Engineered first to market product for OSDisc.com: Software Repositories on DVD media compatible with popular Linux operating systems.
• Delivered product self-contained as ISO 9660 images and ready for mass duplication; updated software for 1 year.
• Engineered easy installation of software packages through APT, Synaptic Package Manager, gdebi-gtk, RPM, and YaST.
• Engineered compatibility with Debian, Ubuntu, SuSE, Mandriva, and PCLinuxOS.
• Authored end-user documentation for customers on using each package manager.
• Reverse-engineered multiple open source website mirroring software to implement web-only technology on disc media.

Aug 2005 – Jan 2008

Ramsey Grant Brenner & Co, Inc. dba OSDisc.com

• Engineered resolution of systems integration issues of Linux/BSD/Solaris for customers: interoperability, migrations, custom kernels, custom device drivers.
• Verified resolution of customer issues with open source software, built servers with similar hardware that ran customer's operating system and customer's applications.
• Authored kernel documentation of Linux/BSD/Solaris which covered the latest features and latest requirements, for 125 kinds of servers. Updated documentation in PostgreSQL databases through phpPgAdmin for e-commerce website.
• Engineered live (read-only) KolibriOS on USB flash drive (boots as USB-HDD) from its 1.44MB floppy image, for a customer. Built virtualized development environment that emulated, CDROM devices and USB devices.
• Authored package manager documentation for operating systems that used Apt, Synaptic, gtk-gdebi.
• Recommended Linux/BSD/Solaris servers based on customers' hardware specifications and intended use.
• Assisted with business operations through systems analysis: optimization, security risk, products, manufacturing, shipping.

2012 – 2016

DeepSentry Security Software

• Intelligent Agent Overview

  DeepSentry is a cyber security intelligent agent. It uses unsupervised representation learning to solve generalized problems in the enforcement of security policies. It was designed to remotely perform push-based policy compliance so it can work with existing networks without modification to monitored servers. Hence the software does not modify the kernel space or the user space of monitored operating systems. The intelligent agent is focused on learning established security mechanisms of a server as well as learning the right behaviors of users and programs. The intelligent agent represents security mechanisms and right behaviors as sequence patterns using algorithms from structured data mining that are focused on solving sequence mining problems. The intelligent agent determines the when and the how of enforcing a security policy using an unique combination of algorithms based on decision tree learning, cluster analysis and multivariate statistics. The intelligent agent uses its statistical reasoning in conjunction with time series analysis and regression analysis to create a predictive model of the environment so that it can counteract new emerging threats. The intelligent agent controls its actions via relational reinforcement learning which can be customized for environments through its programmable security policy. For the most part the programmable policy can be used to target specific server resources like users, groups, programs, processes, network connections, etc. The intelligent agent also supports the customization of its self-management algorithms via customized learning modes and customized behavior modes.

  Reactive Agent Model with Real-Time Data Analysis

  DeepSentry follows a reactive agent model in conjunction with real-time data analysis to intelligently perform operations. DeepSentry enforces the right behaviors of both users and programs by reacting to what they've done. DeepSentry classifies behaviors as relative to an actor's role and purpose during periods of time so that behavioral patterns model an actor's full range of functionality (contingent that the actor's environment is consistent). DeepSentry analyzes the behaviors of both users and programs to determine whether or not their actions and their intentions fall within the established guidelines that are defined within a company's security policy. When a security violation is detected that violation is logged and policy holders are notified of changes then DeepSentry automatically kills offending processes and restores deltas to their original states (from a local/remote repository). DeepSentry's reactive agent model in conjunction with real-time data analysis gives policy holders enough time to act responsibly.

  Programmable Security Policy

  The established guidelines of a company's security policy are represented in DeepSentry as a programmable policy. The programmable policy permits the configuration of DeepSentry through a much higher-level language than what's possible with only enabled/disabled options. The programmable policy defines a company's security policy as explicit declarations and implicit language. Constructs of a security policy like procedures and rules can be defined using enabled options, control structures, conditional logic, regex patterns, internal resources and external resources. Sensitive type constructs of a company's network used to define both network objects and network data can be included/excluded using data from internal pools of resources as well as external pools of resources. Policy holders can ensure all users and programs always follow authorized roles by enforcing system-wide ACLs with security contexts on all processes without modifying the kernel space or the user space of the monitored server.

  Custom Agent Behavior Enforcement

  Policy holders can execute customized learning modes that change how DeepSentry recognizes interactions and how it analyzes interactions. And, customized behavior modes can change how DeepSentry performs policy enforcement. The programmable policy permits direct-access to DeepSentry's application programming interface as expressions of conditional logic in control structures. Through DeepSentry's application programming interface policy holders can leverage both the how and the why DeepSentry performs policy enforcement. In addition to policy enforcement of users and programs, DeepSentry can enforce a programmable policy on itself. DeepSentry can monitor itself for policy violations then nullify its interactions which are against your company policy. DeepSentry can also enforce programmable policies on other sentinels. So it's possible for a single sentinel to manage groups of other sentinels.

  DeepSentry Software Requirements

  Operating System	Debian GNU/Linux >=7.0
  Architecture	64-bit PC
  Kernel	Linux >=3.2+ SMP
  Memory	>=128MB DDR3
  File Systems (POSIX only)	EXT2, EXT3, EXT4
  Mount Flags	ACL
  DeepSentry API	GCC  >=4.0 (C)

  DeepSentry Supported Servers

  Tested	GNU/Linux
  Compatible	FreeBSD, Mac OS, Oracle Solaris, Sun Solaris
  Limited Compatibility	Windows Server

  New Sentinel Storage Estimates

  New sentinel storage rates are only applicable to sentinels that are being trained to recognize new behaviors. Additional storage is required for logs. Logs have a indeterminate variable storage rate. Targets are entries in whitelists and blacklists for a monitored server. Targets can be users, groups, programs, processes, connections, etc. For example, a monitored server could have 5,000 targets made up of 100 users and 4900 processes.

  Storage Rate Per 10,000 Targets Without Compression	56KB / second
  Storage Rate Per 10,000 Targets With Compression	14.7KB / second

  Trained Sentinel Memory Usage

  Trained sentinel memory usage is only applicable to sentinels trained to monitor targets. Targets are entries in whitelists and blacklists for a monitored server. Targets can be users, groups, programs, processes, connections, etc. For example, a monitored server could have 5,000 targets made up of 100 users and 4900 processes.

  Memory Usage Per 10,000 Targets Initial/Update Runtime	82MB RAM
  Memory Usage Per 10,000 Targets At Rest Runtime	20MB RAM

  Bandwidth Estimates

  Bandwidth should be roughly equal to a storage rate without compression per sentinel for real-time behavior analysis. Bandwidth for data sharing between sentinels will be considerably higher due to the pushed-based enforcement model. Other interactions like restoration of deltas and enforcement of policies have indeterminate variable bandwidth rates. Targets are entries in whitelists and blacklists for a monitored server. Targets can be users, groups, programs, processes, connections, etc. For example, a monitored server could have 5,000 targets made up of 100 users and 4900 processes.

  Real-Time Behavior Analysis Bandwidth Rate Per 10,000 Targets	56KB / second
  Data Sharing Between Sentinels Bandwidth Rate Per 10,000 Targets	[Number of Sentinels * (Number of Sentinels - 1) + 1] * 56KB / second

  Asset Modification Monitoring

  DeepSentry monitors resource objects critical to the successful enforcement of a security policy within the environment of a server. It considers those resource objects as valuable assets since modifications made to them could have a direct impact on a server's functionality and a server's purpose.

  Directories	Reading, writing and executing folders.
  Devices	Reading, writing and executing devices located in "/dev/".
  Files	Reading, writing and executing files which includes scripts, programs, libraries, archives, etc.
  Library Calls	Executing specific program library calls.
  File System Metadata	Reading and writing file system metadata.
  Timestamps	Modifying a file's timestamps.
  Accounts	Using user/group accounts and creating user/group accounts.
  Passwords	Changing passwords of user/group accounts.
  Security Contexts	Reading user/group contexts and writing user/group contexts.
  Kernel/Process Signals	Signals sent to and received by programs, users and groups.
  Websites (WWW)	Changing a website page or website resource.
  Network Connections	Changing a monitored network incoming/outgoing connection.
  Connection Packets	Changing the contents of packets of a monitored network incoming/outgoing connection.

  Data Integrity Checking

  DeepSentry tracks modification of data in files using the hashing algorithm specified in the configuration file of a company policy. DeepSentry supports internal and external access to hashing algorithms. Common hashing algorithms are supported internally, such as MD5, SHA-1, and SHA-2. Other hashing algorithms can be used for data integrity checking, specified as a full pathname to the hashing program. DeepSentry detects modifications to data in files by comparing new checksums to old checksums. Every file checksum must be specified in the configuration file along its full pathname; files can be specified explicitly or as regex expressions.

  Security Audit Logging

  DeepSentry assumes servers and workstations rely on a flavor of syslog to handle system logging for computers. All warnings, debug messages, and security alerts are dependent on underlying layers that handle system logging and the actual notification of the alerts.

  1. Policy was enforced	DeepSentry triggers notification process after enforcement of your policy.
  2. Saves alert in logs	DeepSentry saves log entry of how and why it enforced your policy.
  3. Sends you alerts	DeepSentry sends you alerts via email or text message.

  User/Group Whitelist

  The user/group whitelist is a list of users and groups, one per line, allowed to interact with your computer that DeepSentry should monitor for policy violations. If no users and groups are listed DeepSentry assumes all interaction on your computer is performed by the same user (that includes interactions from root and system accounts). Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

    
                targets {
                    user-group whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
                }
                

  Application Whitelist

  The application whitelist is a list of applications or utilities, one per line, allowed to interact with your computer that DeepSentry should monitor for policy violations. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

    
                targets {
                    application whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
                }
                

  Process Whitelist

  The process whitelist is a list of regex expressions, one per line, allowed to interact with your computer that DeepSentry should monitor for policy violations. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

    
                targets {
                    process whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
                }
                

  Network Connections Whitelist

  The network connections whitelist is a list of regex expressions, one per line, allowed to interact with your computer that DeepSentry should monitor for policy violations. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

    
                targets {
                    network whitelist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
                }
                

  User/Group Blacklist

  The user blacklist is a list of regex expressions of users and groups, one per line, not allowed to interact with your computer. DeepSentry prevents all users and groups in this list from accessing your digital assets. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

    
                targets {
                    user-group blacklist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
                }
                

  Library Calls Blacklist

  The library calls blacklist is a list of regex expressions, one per line, not allowed to be called inside programs. DeepSentry prevents programs that match any regex expression from interacting with your computer. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

    
                targets {
                    library calls blacklist = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
                }
                

  Programmable Security Policy

  DeepSentry's C API can be stated "as is" anywhere in the configuration file. Policy holders can include any semantics of C in the configuration file. Additionally, DeepSentry facilitates the inclusion of an indefinite number of both compiled languages and interpreted languages as literal blocks of code that can be compiled/interpreted whenever their called to execute. When DeepSentry detects the declaration of a block of a compiled language or a block of an interpreted language, it finds the appropriate compiler/interpreter that has been installed in DeepSentry's native OS environment then uses that compiler/interpreter to create a temporary executable/script of that code. So that means policy holders can also declare foreign APIs and foreign libraries then access their functionality "as is" inside a block of code.

  Examples	Do not return results	Return results
  Python	Execute the following code, but don't return anything to the configuration file. Use other means for checking results. % #!python insert real python code %	Execute the following code, return the output to the configuration file. Use the named variable to get results. % #!return=variablename #!python insert real python code %
  Ruby	Execute the following code, but don't return anything to the configuration file. Use other means for checking results. % #!ruby insert real ruby code %	Execute the following code, return the output to the configuration file. Use the named variable to get results. % #!return=variablename #!ruby insert real ruby code %
  Scala	Execute the following code, but don't return anything to the configuration file. Use other means for checking results. % #!scala insert real scala code %	Execute the following code, return the output to the configuration file. Use the named variable to get results. % #!return=variablename #!scala insert real scala code %
  CLISP	Execute the following code, but don't return anything to the configuration file. Use other means for checking results. % #!clisp insert real clisp code %	Execute the following code, return the output to the configuration file. Use the named variable to get results. % #!return=variablename #!clisp insert real clisp code %
  Vagrant	Execute the following code, but don't return anything to the configuration file. Use other means for checking results. % #!vagrant insert real vagrant code %	Execute the following code, return the output to the configuration file. Use the named variable to get results. % #!return=variablename #!vagrant insert real vagrant code %
  Ansible	Execute the following code, but don't return anything to the configuration file. Use other means for checking results. % #!ansible insert real ansible code %	Execute the following code, return the output to the configuration file. Use the named variable to get results. % #!return=variablename #!ansible insert real ansible code %

  Nth-Nested Boolean Truth Functions

  DeepSentry supports all sixteen possible truth functions between two or more expressions. The expressions themselves can be combined using more than one truth function and they can be nth-nested using parentheses. Parentheses can be used to explicitly denote truth function precedence by grouping parts of an expression that should be evaluated first. Expressions are evaluated left-right in as they appear.

  Contradiction/False Opq	Input Output 0 Opq 0 0 0 Opq 1 0 1 Opq 0 0 1 Opq 1 0		if ((expression Opq expression ...) Opq ...) { }
  Tautology/True Vpq	Input Output 0 Vpq 0 1 0 Vpq 1 1 1 Vpq 0 1 1 Vpq 1 1		if ((expression Vpq expression ...) Vpq ...) { }
  Proposition P Ipq	Input Output 0 Ipq 0 0 0 Ipq 1 0 1 Ipq 0 1 1 Ipq 1 1		if ((expression Ipq expression ...) Ipq ...) { }
  Negation of P Fpq	Input Output 0 Fpq 0 1 0 Fpq 1 1 1 Fpq 0 0 1 Fpq 1 0		if ((expression Fpq expression ...) Fpq ...) { }
  Proposition Q Hpq	Input Output 0 Hpq 0 0 0 Hpq 1 1 1 Hpq 0 0 1 Hpq 1 1		if ((expression Hpq expression ...) Hpq ...) { }
  Negation of Q Gpq	Input Output 0 Gpq 0 1 0 Gpq 1 0 1 Gpq 0 1 1 Gpq 1 0		if ((expression Gpq expression ...) Gpq ...) { }
  Conjunction Kpq	Input Output 0 Kpq 0 0 0 Kpq 1 0 1 Kpq 0 0 1 Kpq 1 1		if ((expression Kpq expression ...) Kpq ...) { }
  Alternative Denial Dpq	Input Output 0 Dpq 0 1 0 Dpq 1 1 1 Dpq 0 1 1 Dpq 1 0		if ((expression Dpq expression ...) Dpq ...) { }
  Disjunction Apq	Input Output 0 Apq 0 0 0 Apq 1 1 1 Apq 0 1 1 Apq 1 1		if ((expression Apq expression ...) Apq ...) { }
  Joint Denial Xpq	Input Output 0 Xpq 0 1 0 Xpq 1 0 1 Xpq 0 0 1 Xpq 1 0		if ((expression Xpq expression ...) Xpq ...) { }
  Material Nonimplication Lpq	Input Output 0 Lpq 0 0 0 Lpq 1 0 1 Lpq 0 1 1 Lpq 1 0		if ((expression Lpq expression ...) Lpq ...) { }
  Material Implication Cpq	Input Output 0 Cpq 0 1 0 Cpq 1 1 1 Cpq 0 0 1 Cpq 1 1		if ((expression Cpq expression ...) Cpq ...) { }
  Converse Nonimplication Mpq	Input Output 0 Mpq 0 0 0 Mpq 1 1 1 Mpq 0 0 1 Mpq 1 0		if ((expression Mpq expression ...) Mpq ...) { }
  Converse Implication Bpq	Input Output 0 Bpq 0 1 0 Bpq 1 0 1 Bpq 0 1 1 Bpq 1 1		if ((expression Bpq expression ...) Bpq ...) { }
  Exclusive Disjunction Jpq	Input Output 0 Jpq 0 0 0 Jpq 1 1 1 Jpq 0 1 1 Jpq 1 0		if ((expression Jpq expression ...) Jpq ...) { }
  Biconditional Epq	Input Output 0 Epq 0 1 0 Epq 1 0 1 Epq 0 0 1 Epq 1 1		if ((expression Epq expression ...) Epq ...) { }

  Agent Behavior Enforcement Modes

  DeepSentry uses threat escalation to classify the severity of policy violations according to company policy. Threat escalation limits or restricts which kinds of interactions are allowed by users and services, so that users and services whose interactions are against policy can be confined to restrictive roles reasonably. DeepSentry can increase severity or decrease severity for specific interactions, such as interactions deemed less harmful, over a period of time as specified in a policy.

  Threat Escalation

  DeepSentry has four warning levels of threat escalation that can be redefined in a company policy: low threat, elevated threat, high threat, and serious threat. Each warning level represents a violation threshold that when exceeded further restricts the kinds of interactions allowed by users and services as specified in a policy. Low threats are by default less severe than serious threats. There is no such thing as middle ground in threat escalation; elevated threats and high threats are neither equivalents nor between two extremes.

  Green Warning Level	Low Threat	Indicates that the identified user or service violated policy.
  Yellow Warning Level	Elevated Threat	Indicates that the user or service continues to violate policy.
  Orange Warning Level	High Threat	Indicates that the user or service continues to violate policy.
  Red Warning Level	Serious Threat	Indicates that the user or service continues to violate policy.

  Simple Behaviors

  DeepSentry defines simple behaviors as those performances of enforcement that are useful to most company policies. DeepSentry runs simple behaviors after policy violations. Simple behaviors are hard-coded and optimized for high performance therefore they can not be directly modified in a policy. Simple behaviors can be included in complex behaviors and customized behaviors. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

  Relaxed	Enforces company policy, if necessary, after a specified threshold. Can notify policy holder.	behavior { relaxed = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Neutral	Enforces company policy after limit of specified violations is reached. Can notify policy holder.	behavior { neutral = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Aggressive	Enforces company policy after a percentage of violations has been reached. Can notify policy holder.	behavior { aggressive = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Hostile	Enforces company policy whenever a violation occurs. Can notify policy holder.	behavior { hostile = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Lockdown	Kill all processes, kill all connections, log out all non-privileged accounts, disable all non-privileged accounts, then notify policy holder	behavior { lockdown = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  LockOut	Kill all processes owned by offender, kill all connections owned by offender, log out offender, change password of their account, then notify policy holder or company representative with new password. Offender must contact policy holder to get new password.	behavior { lockout = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  KickOut	Kill all processes owned by offender, kill all connections owned by offender, log out offender, and disable their account, then notify policy holder.	behavior { kickout = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Freeze	Kill all processes, kill all connections, stop all services, log out accounts, run archiver on all files and directories specified in policy, then notify policy holder.	behavior { freeze = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Temporary	Permit timed access as specified in policy.	behavior { temporary = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Spy	Record all interactions with keystrokes, log violations, notify policy holder.	behavior { spy = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Silent	Ignore interactions not allowed and log violations.	behavior { relaxed = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Auth Only	Kill user or service on interaction not allowed as specified in policy.	behavior { auth = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Restore Level	Kill user or service on interaction not allowed until threat warning level is reached as specified in policy.	behavior { restore = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}
  Idle	Only run what user or service wants when computer is idle.	behavior { idle = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...}

  Complex Behaviors

  DeepSentry defines a complex behavior as a list of simple behaviors that run together at the same time. A complex behavior can be defined in any order and with any number of simple behaviors. Simple behaviors defined first have higher preference than those defined later in the list.

              
              behavior {
                  complex = hostile kickout auth lockout lockdown ...
              }
              

  Custom Behaviors

  A new behavior is a customized policy of simple behaviors and complex behaviors in which the constraints of each behavior are defined in the policy. The definition of the behavior follows no specific order or arrangement, name-value pairs (with comments) can be specified in any order that makes the most sense. Pathnames that include wildcards or regex patterns will be expanded as a list of filenames; of which their contents will be concatenated together to be used as a single source.

              targets {
              ...
              }
   
              # add comments like this one
              if (expression ...) {
                  complex = behavior behavior ...    
                  temporary {
                      input = user group program /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename ...
                      run = behavior /path/to/program /path/to/script ...
                  }
              }
              else if (expression ...) {
                  run other options and behaviors ...
              }
              else if ... {
                  run other options and behaviors ...
              }
              else {
                  run other options and behaviors ...
              }
  
              # append additional options from other config files
              include = /path/to/^[A-Za-z0-9 _]*[A-Za-z0-9][A-Za-z0-9 _]*$/filename
              

  Custom Self-Enforcing

  In addition to policy enforcement of users and services, DeepSentry can enforce your policy on itself. DeepSentry can monitor itself for policy violations then nullify its interactions which are against your company policy. DeepSentry monitors its user (or group) and enforce company policy whenever a violation occurs.

              
              targets {
                  user-group-whitelist = user
              }
              

  DeepSentry uses a custom spy behavior to record all its interaction with keystrokes, enforce company policy whenever a violation occurs, then notify policy holder.

              behavior {
                  spy {
                      input = user
                      run = hostile
                  }
              }
              

  Policy Inheritance

  DeepSentry performs policy enforcement on specifc servers and clusters of servers at the same time. Policies can overlap among servers because DeepSentry uses its behavior modes to control enforcement. DeepSentry can handle an unlimited number of overlapping policies.
  

  Goal-Directed Learning

  DeepSentry's goal-directed learning mechanisms are a distributed synthesis of features that make up the software. Its goal-directed learning mechanisms aren't configurable directly in configuration files like, for example, the configuration of behavior modes. Its learning mechanisms are highly dependent on which options have been enabled and which options have been disabled to accomodate a company policy. DeepSentry has five modes of goal-directed learning that recognize right behaviors and wrong behaviors. Each mode determines how patterns of behaviors from a user or a service are analyzed over time.
  

  None	Your preferences (if any) determine recognition of right behaviors and wrong behaviors.
  Baseline	A baseline model of limits and extremes determines recognition of right behaviors and wrong behaviors.
  History	Previous interactions and previous behaviors determine recognition of right behaviors and wrong behaviors.
  Trained	Specific patterns of behaviors determine recognition of right behaviors and wrong behaviors.
  Complex	A combination of None, Baseline, History, and Trained, determine right behaviors and wrong behaviors.

  Distributed Multi-Agent Cyber Security Enforcement

  DeepSentry was designed to share kinds of data about monitored assets and company policies among specific nodes or teams of nodes. Nodes don't require sharing of data to analyze behaviors or enforce policy in real-time. DeepSentry nodes can be made to perform specialized behaviors according to their policy. Nearly all of DeepSentry features can be customized in the config file that represents a policy. A policy can define network operations that are offensive and defensive, for both local and remote computers. For example, a team of sentinels can be made to perform only host intrusion prevention operations for specified servers. A team of sentinels could be made to perform only network intrusion prevention operations.

  Campaign Operations	Runs coordinated operations with specific goals from microseconds up to years.
  Rapid-Response Operations	Runs operations triggered by priorities and preferences in response to events.
  Emergency Operations	Runs operations that detect failures (or changes) then rebuild your services or computers, without ever requiring a person to be there.
  Silent Operations	Runs covert operations on specific services, applications, users, groups, or computers.

  Remote Management

  DeepSentry oversees interaction on your computer according to your policy through SSH or a custom remote access service. DeepSentry does not handle the setup and configuration of SSH on remote computers. SSH connections must be established to remote computers prior to commencement of DeepSentry operations. DeepSentry assumes that the file system of the remote computer can be accessed at a folder on the DeepSentry machine.

  Secure Shell (SSH)	DeepSentry's preferred method of remote access is Secure Shell (SSH), SSH-1 or SSH-2. SSH handles secure data communication for remote command-line login, remote command execution, and other secure network services between networked computers.
  Custom Remote Access	DeepSentry can run its operations through any remote access service that can handle remote command execution.

DeepSentry.com

https://github.com/deepsentry

Jan 2016 — Present

• Developed a REST-API of microservices on PostgreSQL over HTTPS/TLS in Golang that features: Host/Device Registration; Supports private TLS Certificates; Supports private 2048-bit SSH2 keys; AWS-like authorization header; Automatic connectivity testing of AWS S3 buckets; HATEOAS compliant hypermedia controls (replaces web browser usage); Pagination (including Link header) in every successful request; Detailed errors with status codes; Req/Res conform to Google JSON Style Guide.
• Developed pagination for RESTful requests as a single PL/PgSQL script in PostgreSQL.
• Developed open source log collectors and open source file forwarders in Bash 4 and Python 3 for modern servers running: Linux, FreeBSD, Mac OS, Windows Server, and compatible operating systems. Collectors/forwarders periodically collect dynamic logs/files of machine data on a host then securely forwards the data to online storage.
• Designed a web-based administration panel that exists within a dedicated AZ, it relies on AWS Cognito Identity and AWS DynamoDB to manage access to user accounts. CloudFormation uses account Keys/IDs in DynamoDB to spin-up and teardown tenant-isolated VPCs in an IP range defined in Route53 using a template security group for WAF and a template policy document developed in OpsWorks. OpsWorks scales-out a single shared VPC (being monitored for usage billing via AWSConfig) with isolated VPCs (tagged for billing) of new EC2 servers from a template that sets up: dedicated SMQ, dedicated ElasticCache (Redis), SSHd, Sudo, PostgreSQL, ParallelSSH, User's TLS Certificates (from S3), User's SSH Keys (from S3).
• Designed the collection of a user's undefined/dynamic machine data, it relies on AWS Kinesis Streams, AWS DynamoDB and AWS S3. Kinesis Streams collects machine data from remote hosts then uses DynamoDB's metadata (that was setup by Cognito Identity) to control who can access S3 and where to store user's machine data on S3.
• Designed a HTTPS REST-API of microservices hosted by AWS Spark on EC2 with S3 and RDS in VPC, partially managed using Vagrant.
• Designed a HTTPS REST-API of microservices with PostgreSQL developed in Python3 and C in Debian Linux hosted by Apache Spark on Hadoop with MapReduce.
• Designed an agent-manager model that relies on server agents to collect data about their hosts then transfers that data (over TLS certificates or IPSec tunnels) to DeepSentry for analysis.
• Designed a network gateway in Debian Linux that uses SNORT-like network sniffers based on Libpcap to perform DPI and content filtering as either an ISP or a TOR switch.

Jan 2015 — Jan 2016

• Developed a multi-language compiler in C as DeepSentry's programmable security policy. DeepSentry's C API can be stated "as is" anywhere in the configuration file. Policy holders can include any semantics of C in the configuration file. Additionally, DeepSentry facilitates the inclusion of both compiled languages and interpreted languages as literal blocks of code that can be compiled/interpreted whenever their called to execute. When DeepSentry detects the declaration of a block of a compiled language or a block of an interpreted language, it finds the appropriate compiler/interpreter that has been installed in DeepSentry's native OS environment then uses that compiler/interpreter to create a temporary executable/script of that code.
• Developed a Parser-SML Compiler in Python3 as a programmable security policy integrated into DeepSentry's intelligent agent. Converts a config file that defines a security policy into simple machine language instructions which can be understood/executed by the intelligent agent (that ensures compliance).

2011 – 2012

AES 256-bit E-Commerce Checkout

• Java servlet that saves HTTP 1.1 session data and an unlimited number of name-value pairs from a HTML form then encrypts it as an AES 256-bit file on a remote server. Java servlet responds by with redirection to a credit/debit payment form hosted on Authorize.net.
• Intended to be a two-part checkout process. Can be integrated seamlessly into any website theme. Developed and tested in Tomcat 6 on Ubuntu Server 10.04 LTS.

2011 – 2012

Dynamic Knowledge Base Portal

• Searches a collection of files for matches according to: wildcards, regex, exact phrase, partial phrase, proximity, nearness, inclusion, exclusion, and date of publication; both keyword order and keyword position determine results of searches. Returns results as shortcuts/links to documents.
• Determines statistical relevancy of keywords related to problems; keyword statistics change as more documents are added to and removed from the collection.
• Categorizes files by subject then separates files into directories. Coverts files of specific document types into a common readable file format; can extract text/strings from HTML, DOC, RTF, PDF, ISO and IMG.
• Creates an index of all files with their absolute paths, checksums, and keyword statistics.

2009

Google Combinatorics Engine

• Reads a list of subjects and produces every possible combination of those subjects and their components as Google search strings using Boolean operators, exact phrase, partial phrase, proximity, nearness, inclusion, exclusion, and date of publication. Both the number of subjects and the number of components per subject can be infinite. Although, the number of subjects and their components can be infinite Google's search engine only allows a maximum of 32 keywords per search including keyword variations.
• As the number of subjects and the number of total components increases its limits get closer to the total amount of RAM and the total amount of hard disk space whichever runs out first. Worst-case results are obtained by producing all possible combinations, limiting the number of subjects, or limiting the number of components per subject. Best-case results are obtained by setting hard limits to the scope of the results.
• The combinatorics engine features include:
  • Search-strings for Google, Yahoo, AOL, and MSN
  • Unlimited number of subjects, one per line in a file
  • Unlimited number of components per subject, one per line in a file
  • Custom reasonings or pathways per subject to follow
  • Limits which components each subject contains
  • Limits the number of components per subject
  • Limits the kind of technology per subject

Jan 2016 — Present

DavidBrennerJr.com

• Engineered automated, high performance, distributed continuous integration pipeline as a virtual appliance at DevOpsBuilder.com: CentOS Minimal with Git used Vagrant to automatically manage the deployment and configuration of Docker containers that ran Jenkins build slaves in a Mesos cluster. Bash periodically updated Vagrant configurations from Git. Containers were configured using Bash and Ansible to build code and test code using Jenkins. Jenkins ran Ansible to configure build slaves and deploy build slaves inside Mesos cluster. Included configuration of Webmin, Iptables, SELinux, Cgroups, Rsyslog, NTP, OpenSSH.
• Engineered automated, high performance, VPN service as a virtual appliance at DevOpsBuilder.com: Ansible automates the management of both HAProxy and OpenVPN in LXC. External health checks are performed by a Bash script that checks whether OpenVPN has hanged/stalled via latency testing of VPN connection requests; and determines whether to use Ansible to launch a new container of OpenVPN then reconfigure HAProxy so new connections are handled by the new instance of OpenVPN.
• Engineered automated virtual appliance manager at DevOpsBuilder.com that used Vagrant to automate the management of new services in virtual Linux servers (based on Debian Linux, CentOS Minimal, Ubuntu Server) inside VirtualBox. Vagrant uses Ansible and Bash for deployment and configuration. Included configuration of Iptables, SELinux, Cgroups, Rsyslog, NTP, OpenSSH.
• Engineered automated reconfiguration of BIOS and BMC of (active) Cisco C-Series M2-M4 Rack Servers via their CIMC using Puppet and Expect scripts.
• Engineered automated black-box testing of network configurations of Cisco C-Series M2-M4 Rack Servers using Puppet, DNS resolution, gateway traceroute, and service connectivity.
• Developed automated SSL/TLS certificate testing in Python 2.7 on Ubuntu Server to test for soon to expire SSL/TLS certificates used by remote web servers; notifies admins via sendmail.
• Developed centralized, on-demand batch testing of networks via an uploaded script, as HTTP REST-API in Python 2.7 on Ubuntu Server. Supports scripts in Python, Ruby, Bash, and Perl. Uses script extension to determine local execution command ran on master server. Responds with OK status when tests are deployed; otherwise with failure status codes. Saves responses of batch testing of hosts as JSON to MySQL. Responds to GET requests with dump of result from batch testing.

Jan 2016 — Nov 2020

DeepSentry.com

• Developed a new API model for DeepSentry as a multi-tenant IO that shifts user focus away from training the machine learning and configuring the strike operations to a model better suitable the current security industry in the United States that is results-driven, the generation of reports for new activity. Overall cost per customer per month for 24 hour usage is $149 with 2TB of downloads, based on EC2+S3 scaling. With the new IO model DeepSentry can be plugged into any tool that can perform HTTP requests since uploading new machine data drives the downloading of reports. The features of the API which were removed belong to Customized Targeting and Strike Operations. Training the machine learning algorithms for an endpoint is an automatic process that takes place when machine data is uploaded to the resource. Users no longer setup SSH/remote credentials for DeepSentry to perform strike operations in response to suspicious activity, they will receive generated security reports in JSON format they can utilize with internal orchestration tools.
• Developed a programmable interface at DeepSentry.com for intelligent network security that remotely enforces the right behaviors of an endpoint for exploit prevention and malware protection, via a dedicated jump server available 24 hours a day hosted on AWS EC2. Developed a HTTPS REST-API of microservices in 100% pure Golang backed by PostgreSQL v10 in Ubuntu Linux v18 that features Multi-Factor Authenication (MFA), User Privileges, and Admin Privileges. Developed pagination that conforms to Google JSON style Guide or all RESTful requests as a single PL/PgSQL script in PostgreSQL builtin into the REST-API. Engineered utility wrappers in Bash 4.4 and Python 3 that periodically collect deltas of files then upload that data to online storage, available for free at https://github.com/deepsentry
• Designed a web-based administration panel for DeepSentry.com that exists within a dedicated AZ, it relies on AWS Cognito Identity and AWS DynamoDB to manage access to user accounts. CloudFormation uses account Keys/IDs in DynamoDB to spin-up and teardown tenant-isolated VPCs in an IP range defined in Route53 using a template security group for WAF and a template policy document developed in OpsWorks. OpsWorks scales-out a single shared VPC (being monitored for usage billing via AWSConfig) with isolated VPCs (tagged for billing) of new EC2 servers from a template that sets up: dedicated SMQ, dedicated ElasticCache (Redis), SSHd, Sudo, PostgreSQL, ParallelSSH, User's TLS Certificates (from S3), User's SSH Keys (from S3).
• Designed the collection of a user's undefined/dynamic machine data for DeepSentry.com, it relies on AWS Kinesis Streams, AWS DynamoDB and AWS S3. Kinesis Streams collects machine data from remote hosts then uses DynamoDB's metadata (that was setup by Cognito Identity) to control who can access S3 and where to store user's machine data on S3.
• Designed a HTTPS REST-API of microservices hosted by AWS Spark on EC2 with S3 and RDS in VPC, partially managed using Vagrant for DeepSentry.com.
• Designed a HTTPS REST-API of microservices with PostgreSQL developed in Python3 and C in Debian Linux hosted by Apache Spark on Hadoop with MapReduce for DeepSentry.com.
• Designed an agent-manager model that relies on server agents to collect data about their hosts then transfers that data (over TLS certificates or IPSec tunnels) for analysis for DeepSentry.com.
• Designed a network gateway in Debian Linux that uses SNORT-like network sniffers based on Libpcap to perform DPI and content filtering as either an ISP or a TOR switch, for DeepSentry.com.
• Developed a multi-language compiler in C as a programmable security policy for DeepSentry.com. DeepSentry's C API can be stated "as is" anywhere in the configuration file. Policy holders can include any semantics of C in the configuration file. Additionally, DeepSentry facilitates the inclusion of both compiled languages and interpreted languages as literal blocks of code that can be compiled/interpreted whenever their called to execute. When DeepSentry detects the declaration of a block of a compiled language or a block of an interpreted language, it finds the appropriate compiler/interpreter that has been installed in DeepSentry's native OS environment then uses that compiler/interpreter to create a temporary executable/script of that code.
• Developed a Parser-SML Compiler in Python3 as a programmable security policy integrated into an intelligent agent for DeepSentry.com. Converts a config file that defines a security policy into simple machine language instructions which can be understood/executed by the intelligent agent (that ensures compliance).

University of Colorado Denver

Jan 2010 – Dec 2014

Bachelor of Science of Business Administration & Information Technology, GPA 3.2/4.0

Community College of Denver

Jan 2008 – Jan 2010

IT Training, Completed 45 credits, CCD's Phi Theta Kappa Honor Society, GPA 3.9/4.0