resume

Jon spearheads technical projects spanning backend and frontend development, cybersecurity, machine learning, and mobile and desktop apps. As comfortable with legacy code as greenfield work, he can take a general customer need and shepherd it through R&D to production, fleshing out an idea to a complete backend and frontend stack that can perform at scale.

A self-taught programmer, Jon got his start in open source, contributing massive core enhancements and significant improvements to HandBrake, an award-winning project, where he received his first exposure to the practical use of deep neural nets for signal filtering.

He then worked on endpoint agents for the market research industry at Nielsen, using low-latency kernel extensions and browser extensions in techniques he patented there to fingerprint user behavior based off of encrypted network traffic.

He also has years of experience in mobile development for commercial field operators at Nitro Mobile Solutions, pushing the boundaries of the iPhone and iPad to bring complex backend data systems to life within the resource and connectivity constraints of edge computing.

Jon was a day zero hire for the core engineering team at ThreatWarrior, a cybersecurity startup that used unsupervised deep learning to hunt for network threats. At ThreatWarrior, Jon focused on machine learning and backend data processing pipelines, infrastructure as code, cloud technologies, data visualizations, and the network packet analysis stack. Jon architected ThreatWarrior's anomaly detection machine learning models as well as their Kubernetes-based training and deployment harness. He was also responsible for designing and implementing their device profiling user behavior tracking system and prototyped its distinctive user experience. Jon's contributions to ThreatWarrior's infrastructure as code templating for their backend systems on GCP and customer cloud deployments in AWS were critical to their ability to scale and adapt to meet customer needs. ThreatWarrior successfully closed a Series-A round, during which Jon served as a technical SME throughout investor discussions and due diligence.

In recent years, Jon has transitioned from independent contributor to leadership. a seed round hire at insane cyber, jon runs the engineering department and acts as de facto product owner.

Jon codes primarily in Python, Go, TypeScript, and C, along with years of experience in Swift and Objective-C, and some dabbling in Rust. He is deeply familiar with orchestration and deployment technologies like Terraform, Terragrunt, Docker, Kubernetes, and Helm, as well as with the GCP and AWS RESTful APIs. Jon has spent years working with Kafka and Elasticsearch / OpenSearch for processing data. On the frontend, he is proficient with D3.js, React, and Apple UIKit. Jon has regularly used a wide array of the Google Cloud (GCP) stack, including Google DataFlow / Apache Beam, Google Cloud Run, Google Kubernetes Engine, Google PubSub, Google Bigtable, and Google BigQuery.

work

insane cyber -- director of engineering

sep 2024 -- present · san antonio, tx (remote)

Balancing the needs of the rest of the Insane Cyber leadership team -- as well as those of their design partners and customers -- Jon directs the product roadmap, manages the engineering team, and makes contributions to core platform functionality.

threatwarrior -- principal software engineer

jul 2018 -- sep 2024 · tampa, fl

• Designed, implemented, and maintained machine learning pipelines for unsupervised deep autoencoders to perform anomaly detection on network traffic flows using Python, Kafka, TypeScript / Node.js, Google Kubernetes Engine, and Helm.

• Designed, implemented, and maintained serverless, distributed user and entity behavioral profiling and anomaly detection streaming pipelines, middleware, and frontend UI for tracking interactions over time across arbitrary data sources with mergeable, probabilistic data structures in a graph model to answer who communicated with whom, how much, and what about, using Go, Apache Beam / Google Dataflow, Google Bigtable, Google BigQuery, Python, TypeScript, D3.js, and React. Served in production as a flagship feature and foundational technology for ThreatWarrior's XDR approach.

• Led a cloud migration from bare metal servers in a colo datacenter, where processes ran in VMs and communicated over inter-process communication (IPC), to containerized microservices running in Google Kubernetes Engine and communicating over an Apache Kafka message bus, using TypeScript / Node.js and Helm. This involved writing a number of custom TypeScript libraries for integrating application services and Kafka with the Node.js streams API.

• Led a subsequent cloud initiative to embrace cloud-native idioms like serverless containers and infrastructure as code, rearchitecting the entire backend stack to deploy with Terraform, Terragrunt, Google Cloud Run, and Google PubSub. This enabled backend scalability and rapid provisioning of customers within minutes.

• Researched applying generative AI techniques like transformer architectures to assembly code for anomaly detection on supply chain software updates, prototyping a hierarchical transformer model which learned to represent sequences of basic blocks of decompiled Windows and Linux binaries in ways that clustered vectors from similar binaries together using Python, Torch, Huggingface, Rizin, and Ghidra.

• Patched and integrated C libraries for network packet analysis and reporting, developing a dynamic plugin loading library on top of suricata to process results through a proxy that could safely and legally link to nDPI, a network traffic protocol detection library under a conflicting open source license, using ZMQ to deliver output results to a custom process.

• Implemented and maintained a tool to discover and enumerate resources in cloud environments, unify them into a single data model across providers, structure them into a hierarchy, aggregate their network usage, and visualize them as graphs or Sankey diagrams using Python, JavaScript / Node.js, the AWS and GCP RESTful APIs, Gephi, and D3.js.

• Implemented a flexible, turnkey system to deploy ThreatWarrior's network monitoring sensors and traffic mirroring infrastructure inside customer AWS environments, using Terraform and Terragrunt. This was an extremely sophisticated infrastructure as code project, which required developing many custom modules deployed across multiple VPCs and accounts, making heavy use of mapping and looping within templates.

• Developed a user-session tracking data pipeline to aggregate and report API audit events to Slack using Python, Apache Beam / Google DataFlow, Google PubSub, and Google BigQuery.

• Held DevOps responsibilities utilizing Grafana, M3DB, Google Cloud Metrics, and Google Cloud Trace / OpenTelemetry for dashboarding and alerting from Elasticsearch / OpenSearch clusters, Apache Kafka clusters, Google Kubernetes Engine clusters, and internal tooling.

• Shaped product roadmap, engineering hiring, costing and pricing, internal and external presentations, and technical discussions with investors as a key subject matter expert during due diligence for seed and A-round investment and merger and acquisition talks.

• Worked closely with finance, providing monthly breakdowns and analyses of cloud costs across multiple vendors and cost centers.

nitro solutions -- senior software engineer

mar 2014 -- jul 2018 · tampa, fl

• Led teams of offshore and onsite team members and collaborated directly with clients to gather requirements and estimate project complexity.

• Developed an unsupervised facial recognition system using Python, OpenCV, and dlib as part of an interactive 3D virtual receptionist product, which received media attention.

• Performed exploratory data analysis and clustering of social graph data and document troves using Python, sklearn / scikit-learn, JavaScript, and D3.js.

• Designed, implemented, and enhanced iOS apps and Nitro's core iOS libraries using Swift and Objective-C.

• Designed and deployed a containerized infrastructure for Nitro's server platform, NitroServer 6, on top of Docker Swarm Mode using a custom-written Node.js CLI utility.

• Developed automated build harnesses for native mobile apps on multiple platforms.

• Crafted in-house tools for tasks like load testing backend servers, presenting (iPad) and controlling (iPhone) an interactive scavenger hunt, and importing client data into backend systems.

In July 2018, Nitro separated its cybersecurity business into an independent entity called KineticFuse.

nielsen -- lead software engineer

feb 2011 -- mar 2014 · oldsmar, fl

Mac lead for a cross-platform user activity measurement tool, NetSight, which powered many of Nielsen's client reports, including NetView.

• Choreographed a suite of root daemons, user apps, and kernel extensions written in a mixture of C, C++, Objective-C, and Objective-C++ -- with a heavy dose of ported Windows code.

• Responded to security and HAL changes as OS X evolved, while preserving legacy support back to the 10.4 (i386) SDK.

• Planned, estimated, and designed releases. Assigned work to on-site colleagues and off-shore consultants.

• Acted as integration manager, handling all branching, merging, and tagging.

• Acted as a technical representative for the team in dealings with upstream and downstream groups at Nielsen.

• Contributed to Nielsen's innovation program with white papers and patent applications.

• Led the team's migration from CVS and SVN to Git, which was a pilot study for Nielsen as the company considered certifying it as a "Nielsen Standard."

• Ran the team's Failure Mode Effects Analysis (FMEA) process.

handbrake -- project administrator

dec 2006 -- feb 2011

• Helped maintain the core library of the video transcoder: developed new features, isolated and fixed bugs, administered servers, moderated forums, wrote user and developer documentation, provided tech support, and organized public releases.
• Focus was on developing new image filters to fix telecined and interlaced video -- first exposure to the practical use of deep neural nets for signal filtering.
• Credited in the AUTHORS file with "Massive core enhancements."

cf motion, inc. -- it intern

dec 2009 -- dec 2010

• Prototyped a Ruby on Rails project tracking system to replace the company's manila folders.

• Drafted curriculum for a network technology certification program.

• Configured and troubleshot the deployment of a surveillance system for the Veteran's Administration.

• Located invitation to bid opportunities in the government sector, wrote responses to requests for proposals, and priced out quotes for reselling technology equipment.

• Interviewed job applicants to vet their technical skills.

patents

• US 8914629 -- Intercepting encrypted network traffic for internet usage monitoring (October 2014)
• US 9516001 -- Methods and apparatus to identify media distributed via a network (December 2016)
• US 10810607B2 -- Methods and apparatus to monitor media presentations (October 2020)

training

• Black Hat USA / DEF CON 31 -- Las Vegas, August 2023
• Black Hat USA / DEF CON 30 -- Las Vegas, August 2022
• WWDC 2013 -- San Francisco
• WWDC 2012 -- San Francisco

education

bachelor of applied science, technology management: business information systems St. Petersburg College · 2009 -- 2010

associate of arts St. Petersburg College · 2002 -- 2009

skills

languages: Go, Python, TypeScript, C, Terraform

frameworks: Node.js, D3.js, Keras, TensorFlow, Pandas, HuggingFace, nDPI, React, Protobuf, DDSketch, OpenTelemetry, ZMQ

tools: Apache Kafka, Elasticsearch, OpenSearch, Kubernetes, Docker, Apache Beam, Google Dataflow, Git, MongoDB, M3DB, Grafana, Helm, Terragrunt, suricata, Google Cloud Run, Google PubSub, Google Bigtable, Google BigQuery

operating systems: macOS, iOS, Linux

download as pdf