This is the fully buzzword compliant version suitable for resume bots and initial screeners. One-page version here.

 

Jan Schaumann
@jschauma
jschauma@netmeister.org
https://www.netmeister.org
Summary: Distinguished Infrastructure Security Architect with over 20 years of experience building and securing high-availability services at internet scale. I provide long term vision, high quality standards, a realistic threat model, and a deep background in operations, system administration, and teaching Computer Science to protect against threats ranging from nation-state adversaries to malicious insiders and opportunistic attackers.

Chances are you've interacted directly or indirectly with code, sites, and systems on the internet that I've touched; I'd like to apologize for any inconveniences this may have caused.
  LinkedIn Profile
Experience: Current Positions:
Yahoo! Inc. (2015 - present)
(aka Oath Inc. / Verizon Media between 2017 and 2021)
Distinguished Infrastructure Security Architect

Principal member and Infrastructure Security Architect of the Yahoo Paranoids, our industry-wide recognized team of information security experts. I focus primarily on infrastructure architectural design and decisions that impact all of the company's internal systems across all layers of the OSI stack and all data centers, public cloud environments, and edge locations.

I work at the intersection of an over 20-year old infrastructure spanning dozens of datacenters across the globe with massive cloud-native environments and products, covering countless edge cases not usually encountered in other environments; I'm involved in cleaning up after and working to make repeats impossible of some of the internet's biggest compromises, including insights that cannot be learned elsewhere, yet are invaluable to be applied everywhere.

Recent projects included:
  • defining the North Star vision for the tech stacks for the next decade as well as how to move in an agile manner to modern solutions
  • develop, champion, communicate, and guide implementation of the company's Zero Trust strategy for the entire company, including both corporate enterprise environments as well as production networks
  • leadership in architecture, design, and strategy for all infrastructure security aspects of merging, combining, and creating anew two of the internet's oldest and most respected brands: as Yahoo is merged with AOL and various other brands, we focus on raising our defenses, increasing security across the board, and reducing our attack surface while expanding our footprint and global impact
  • function as subject matter expert in the company's efforts to drive tech excellence and unification of a modern stack
  • strategy, initiative, and planning of reproducible builds, trustworthy artifacts, and attestation and assurance of integrity in the continuous integration and continuous deployment cycle
  • consultation and architectural design & review of network level encryption facing nation-state adversaries in various geographic locations and jurisdictions
  • setting direction for Edge security, including technical stack, TLS standards, secure boot, and trusted computing

I provide research and meticulous analysis of the threat landscape and develop and report on company-wide metrics that help our team reduce our attack surface by making difficult decisions and prioritizing the most impactful work. At the same time, I enable our developers and engineers to improve productivity and move roadblocks out of their way, making Security their partner.

Stevens Institute of Technology (2003 - present)
Adjunct Professor of Computer Science
Instructor for graduate level classes "Advanced Programming in the UNIX Environment" (based on the W. Richard Stevens book) and "Aspects of System Administration" (developed by myself).

Past Positions:
Twitter (2013 - 2015)
Staff Infrastructure Security Engineer

Senior member of the Information Security team, team lead for security operations and infrastructure security. We coordinate incident response for company-wide security issues such as Heartbleed, Shellshock, POODLE etc; we maintain all of Twitter's SSL/TLS certificates; we perform internal and external security reviews, consult on internal and external facing feature development and infrastructure changes or planning.

Rolled out Kerberos at Twitter and drove migration of Subversion, SSH, sudo(8), Git, and misc. services to use Kerberos; maintenance of monitoring and auditing around TLS certificates and supported cipher suites; wrote and maintained a tool to allow for user-friendly asymmetric encryption of secrets; helped designed key distribution system; wrote system software for and designed end-to-end solution around bootstrapping trust using TPMs in untrusted locations; regular end-user training to reduce risk of phishing and just general education of all engineers on security related issues.

Etsy (2012 - 2013)
Senior Network Security Engineer

Yahoo! Inc. (2007 - 2011)
Principal Paranoid, System Architect
  • Member of the Engineering Standards Group setting direction for all technological aspects of the company
  • Repeatedly nominated for the internal yearly Superstar Award
  • single owner of one of our configuration management systems deployed on nearly 100K hosts
  • intricately involved in setting the company's IPv6 direction and strategy
  • design and architect scalable solutions in the area of syslogging, massively parallel host scanning, industry breakthrough solutions such as L3DSR load balancing etc.

Stevens Institute of Technology (2001 - 2006)
System Administrator
Publications/Talks: I've presented at various national and international conferences, including RealWorld Crypto, Velocity, O'Reilly Security, ConFoo, BSides, DevOpsDays, and NANOG; please see this page for selected talks.

Book: Principles of System Administration

Video Lecture Series: Advanced Programming in the UNIX Environment, System Administration
Technical Skills: Specialties: Solving hard problems at the intersection of large scale infrastructure and security; realistic, long term strategic systems thinking; conceptual integrity; threat modeling and Zero Trust; all things Unix; automation of any thinkable task; DevOps, SRE, and hybrid cloud environments

OS and Cloud: NetBSD, FreeBSD, Linux (RHEL, Ubuntu, ...), IRIX, MacOS X, Solaris; Amazon Web Services (AWS), Amazon Elastic Compute Cloud

Programming Languages: C, Perl, shell, Go, Java, PHP, Python, C++, SQL, some Tcl/Tk

Protocols, Services and Standards: TCP/IP, UDP, HTTP, SMTP, DNS

Information Security: SSH, SSL, TLS, x509 Certificate Management and PKIs, asymmetric and symmetric key cryptography, PGP, authN/authZ, Kerberos (krb5), HSM, TPM

Spoken Languages: English (fluent), German (native), Spanish (basic), French (elementary)

Education: STEVENS INSTITUTE OF TECHNOLOGY
Master of Science Computer Science (2004), Bachelor of Science Computer Science (2001)

PHILIPS-UNIVERSITÄT MARBURG
Marburg, Germany
M.A. studies in Contemporary German Literature and American Studies (1996-1998)
Other: Blog  Code  Presentations / Talks

NetBSD developer since 2002
(find my name in your OS X stat(1) manual page)