Julien Vehent

julien@linuxwall.info

Status

- US Permanent Resident

- French Citizen

Languages

- French: fluent

- English: fluent

Systems & Security Architect

Linux, Networks and High Traffic

I build Internet infrastructures from the ground up, in datacenters or in the cloud, and from the front firewall to the backend database. I have a Master's Degree in IT Security, write article in GNU/Linux Magazine France and on wiki.linuxwall.info, and program in Perl, Bash, C and PHP.

I build reliable Internet systems that answer business needs and scale with the demand. From hardware management to eBanking security (such as La Banque Postale and Societe Generale). I know Linux (Debian, Red Hat), cryptography, firewalling, databases administration, QoS, access control and so on.

I publish some of my work on the linuxwall.info laboratory and I maintain systems for several non-profits organizations on my free time ([RSS], [GDFA] and [BATS]).

I write for Gnu Linux Mag France. I also help some Open Source projects, report bugs and do translations.

I program in Perl and Bash, and know enough C/Python/Java/PHP to debug programs. I am not a coding expert but I regularly write code.

Technologies

A representation of my core skills.

click here for PNG version

skill map, if this doesn't display, 3 options: click on the PNG or PDF version, or use a recent browser.

Professional Experience

Since 11/2011: Security Engineer at AWeber Communications

AWeber is an email marketing service provider for small business clients worldwide. I am in charge of defining and engineering the security infrastructure.

keywords: ossec, apparmor, geolocation, cryptography, log monitoring

03/2011 to 11/2011: Systems Engineer at Greenlink Networks

Greenlink Networks provides rewards programs for local businesses and TV stations. I was in charge of building a bigger, faster and more reliable hosting infrastructure for the 30+ websites of the company.

Transform the single node architecture into a load balanced cluster.
Migrate from the datacenter hosted system to Amazon's cloud (AWS).
Maintain the production and corporate infrastructure on a day-to-day basis.

keywords: lighttpd, haproxy, tomcat, jboss, postgresql, solaris, centos, EC2

01/2008 to 05/2010: Security Engineer at Axians - Vinci Energies Group

Project

System Architect of the Knowledge Base, designed and build with Alfresco and Debian

Missions

La Banque Postale - eBanking Security Engineer (7 months)

Member of the Architecture team: web front-ends security, cryptography, strenghtening of ebanking operations.

eBanking security: Access control, system and network partitioning, performances
J2EE security: SSL/TLS, IBM IHS, WAS 6, MQ and Web Services cryptography
Security assessments and risks analysis

ALD International - Business Continuity Engineer (9 months)

Member of the Security team: BCM developement and testing, IT Disaster Recovery Plan (40+ locations worldwide and 2 datacenters).

Develop BCM methodology and define Business/IT priorities
Design IT recovery architectures
Run BCP tests and evaluate reaction capabilities

Societe Generale - eBanking Security Engineer (1 year)

eBanking architecture team: web front-ends security and performance, cryptography usage in applications and communications, security audit.

eBanking security: Access control, log auditing, performances
Security measures: SSL/TLS on J2EE, Weblogic, HAproxy
Qualys security audits, firewall rules management

04/2007 to 12/2007: Research Engineer at University of Maryland

Programming of a TCP/UDP proxy in C on Linux 2.6 for connection redirection inside honeypots networks.

In the team of Dr. Michel Cukier at the Center for Risk and Reliability.

Research: Study of network attacks aiming Linux and Microsoft systems in honeypots environments
Design: software engineering using UML specification
Coding: C on Linux (TCP stack, B-tree based Decision engine)

note: this project still lives on sourceforge under the name Honeybrid.

04/2006 to 08/2006: Assistant to the Chief Security Officer at MAAF Assurances

Member of the Information System team: Perl programming for security log processing, application of the privation protection law.

Development of a Perl software to supervise antivirus solutions (Norton,
Compliancy of the information system with the privacy protection law

Since 04/2005: Linux Engineer / Sysadmin at Microgate

Architecture design and maintenance of the email infrastructure.

Migration of the Email infrastructure to Linux/Postfix/Cyrus
Integrated PKI (OpenSSL) and LDAP Directory (OpenLDAP)
Design of a Site to Site interconnection with OpenVPN

note: I still maintain this architecture remotely.

09/2002 to 09/2004: Tech Support at URSSAF

French agency for the social security system funding, Tours, France

Helpdesk and Administration/Maintenance of Windows NT/2000 based networks

Education

2005 to 2007: Master Degree - Information Security Management

IRIAF - University of Poitiers - GPA: 16.3/20 - Honor: Summa Cum Laude

2005: Bachelor Degree - Security and Quality of Telecommunications

University of Tours - GPA: 13.5/20 - Honor: Cum Laude

Brevet de Technicien Superieur (Highest Technician Degree)

ISCB - University of Tours - 2002 to 2004

Option System and Network Administrator.
The course was organized half-time in class and half-time in a professional position (at Ursaff, in my case).

Teaching

2010 - IRIAF - University of Poitiers

Security of Database Infrastructures. 40 hours course in the 2nd year of IT Security Master Program. The content of the course if available here.

Writing

Web Development with Perl and Mojolicious - GNU/Linux Magazine #138 - May 2011

Introduction to the Mojolicious framework through the development of a simple URL shortener.

Fighting Spam with DSPAM - GNU/Linux Magazine #132 - November 2010

Description of the QOS layer of the Linux Kernel. The article covers the description of the shapping algorithms, the definition of a QoS policy with implementation examples and the set up of RRDtools graphs using Perl.

QoS and Traffic Control in the Linux Kernel - GNU/Linux Magazine #127 - May 2010

DKIM Email signature and verification with DKIMProxy - GNU/Linux Magazine #125 - March 2010

Article describing the DKIM protocols, its implementation in DKIMProxy and the deployment of a DKIM infrastructure using Debian, Postfix and Bind 9.

Leisure

Music (bass guitar) and Sport (Roller, Golf, Squash)

Co-creator and administrator of the Linuxwall.info laboratory.