Welcome | Welkom | Willkommen
Hi, I'm Drew. I'm a Multi-Cloud Security, Threat Hunting, SecOps, and Automation student and fanatic. I'm a former SR. DIR of SaaS, IT, and Security for a successful healthcare ISV who is now immersed in researching cloud, building hybrid labs, learning automation, python, and new security tools and techniques as they come to the market.
About Me
For 15+ years, I designed, managed, secured, and administered domestic and international IT systems. These were operational, development, and production SaaS systems that ran in private, hybrid, and public clouds. On the production side, these systems processed (and still process) hundreds of millions of US healthcare records annually. I'm proud to be part of a team that built a successful cloud SaaS from scratch to a unicorn billion+ acquisition. I'm even more proud that we met our customers' SLAs and had ZERO *known* security breaches. Presently, I'm deep into researching cloud, automation, privacy, and security while I search for new and challenging opportunities.
Recent Activity
January '23: I'm dedicating this month to researching and testing container and container host security. I'll be manually scanning and hammering containers as well as seeing what fun I can get from AI/ML like ChatGPT.
December '22: The weather has been cool and my cloud bills were rising so I rebuilt a few physical servers in my lab with Ubuntu 22.04.1 LTS to host containers. The years of running squeaky clean production systems still carries over to the lab as I still enjoy a fresh, minimal install, and fully patched server.
Resume
I've spent most of my career on the hiring manager side of the desk, so I'm posting a few versions for you to choose from. The first resume is a simple one-page PDF I've created through a markdown to PDF script tied into a GitHub actions (Credit to: Pandoc. The second link is pure markdown if you want to see the source and the last link will whisk you away to my LinkedIn profile If you need more information, or you would like to offer suggestions on how I can improve my resume, please let me know.
One Page Resume
Markdown Resume
Full Resume
Lab: Automation
I'm rebuilding my lab moving away from Portainer and Docker back into Terraform to test out some new TF State files. This is not a production environment nor how I would recommend setting up anything important. The goal is that a PR (pull request) on main branch in GitHub kicks off a series of GitHub actions that will scan for security, syntax, and policy issues. If all green it will initiate a 'terraform apply' and off we go. Fun.
Lab Topology
Hobbies
Roo, The Dog
Two year old Golden Doodle
View more
Garden Bench
Made by hand from a fallen tree
View more
Baja Horseback Ride
Out and about with the family exploring
View more
Covid Driveway Art
My favorite part of Covid was the creativity it brought out in the kids
View more
Balances is The Key
Rock balancing to calm my soul
View more
Moto
Exploring our local riding areas
View more
Winter Storm
2021 Snowmagedon Storm
View more
Work Boots
Home improvement took its toll...
View more
Security Issues
- TLS v1.0 & TLSv1.1 enabled
- No CSP (Content Server Policy) Support
- Server does not allow slipping CSP into meta tag in HTML
- No ability to add a CAA (Certificate Authority Authorization) record in DNS
- 'bizland.com' cert included in the bundle
- Weak ciphers:
- TLSECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLSECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLSECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLSECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- TLSECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLSECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLSECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- ... and so on ...