×
Jonathan Kline

Jonathan Kline

Hands on CTO & security architect
United States, Huntsville, AL, US
+1 (414) 975 - 1958
jonathan.kline@isaidno.net
English

Background

About

About

  • 20+ years experience with Linux / Unix kernel and firmware reverse engineering, modification and development
  • 7+ years Hypervisor (Xen/kvm) development
  • 24+ years of Linux (Red Hat, CentOS, Alma, Rocky, Fedora Core, Debian, Ubuntu, and Slackware), Unix (Solaris, Tru64, HP-UX, AIX, FreeBSD, OpenBSD) and network administration
  • 15+ years executive leadership and team building
  • 15+ years offensive / defensive cyber security (Full security lifecycle; hw, sw & firmware)
  • Successfully grew two companies from early stage startup through acquisition / exit
  • Proficient in C and perl; Working knowledge of: php, c++, python, rust, ruby, JavaScript, typescript and assembly (x86, x86 64, PPC, MIPS, ARM, Sparc)
  • Experienced with Linux / Unix kernel, firmware and full-stack software development
  • Linux security (eBPF, pam, systemd, dm-verity, LSM)
  • ARM security and TrustZone
  • Quick study of new languages / environments (i.e. typescript, javascript, ruby, rust)
  • Hands on DevOps, DevSecOps and cloud migration / development
  • Experienced product owner, proposal writer, leader, engineering manager, innovator, entrepreneur and program manager
Work Experience

Work Experience

  • Principal Architect Security SolutionsStar Lab, A Wind River Company

    Jan, 2021 - Jun, 20232 years 4 months

    • Worked with C-level executives to develop new security markets, requirements and opportunities
    • Vertical development
    • Hosted 12-part webinar series & recurring sessions on holistic security (hardware, firmware, software)
    • Provide embedded security training to customers and partners
    • Developed technical sales and marketing collateral
    • Acted as a liaison between marketing, product and engineering to ensure product releases and feature integration
    • Onboard and mentor new members of engineering, QA, and sales / marketing
    • Lead customer integration, design & architecture activities
    • Own and execute customer security assessments
    • Partner / vendor management and integration
    • Lead and encourage OSS contributions
    • Design, develop and integrate a broad range of Linux security capabilities
    • Threat modeling
    • Att&ck analysis, mapping, threat modeling & implementation
    • Embedded security development and integration through the entire device (hardware, firmware, runtime environment)
    • Yocto recipe development and maintenance
    • Linux security (eBPF, pam, systemd, dm-verity, LSM)
    • ARM security & TrustZone
    • DevOps / DevSecOps
    • Application security (static / dynamic analysis, OWSAP, type/memory safe languages)
    • Developed and conveyed full security story across all levels of the software and embedded device development lifecycle
    • Setup and maintain gitlab, gitlab CI and docker registry
    • Metrics (performance, cost, system activity) aggregation and visualization using prometheus / grafana
    • Log / event collection and aggregation using ELK stack
    • Implemented and maintained a hardware integration lab supporting local and remote engineers significantly increasing utilization and providing significant cost savings
    • Support & maintain CMMC compliant network
    • Develop, maintain and integrate security solutions for FedRAMP, NIST 800-171, NIAP, Common Criteria and DISA STIG environments

  • Chief Technology Officer (CTO)Star Lab

    Dec, 2015 - Jun, 20237 years 5 months

    • Linux kernel & hypervisor development
    • Hypervisor / Kernel performance characterization (Interrupt latency, resource scheduling, device throughput, real-time operations)
    • Configuring / deploying Xen/kvm-based solutions as a separation kernel for cross domain & multi-level security
    • Transitioning Xen towards a microkernel architecture
    • AWS implementation, API, migration, access control
    • Agile development, Continuous integration (CI) & release management / engineering
    • Automated testing / deployment of kernel / hypervisor solutions
    • Product Management
    • Chief architect for cyber security solutions
    • Support holistic security integration (hardware, firmware, software, cyber)
    • Technical Leadership (Mentorship for 20+ engineers) across 4 sites & multiple time zones
    • Product / market development
    • Lead offensive, red-team & customer engagements
    • Technical recruiting / retention (Grew engineering from 3-20+ multi-discipline engineers)
    • Subject matter expert (Technology protection, Access Control, Cyber Security, Secure Boot, Cryptography)
    • Present at conferences / symposiums
    • NAIP, Common Criteria, RMF & FIPS documentation / artifact packages for software / system accreditation
    • Commercial Solutions for Classified (CSfC) development, implementation & accreditation
    • Applying hypervisor, & Linux kernel solutions to address NIST 800-53 & IEC 62443 Controls
    • IoT / embedded full lifecycle security architecture, design & implementation
    • Design, develop & deploy embedded security solutions
    • Apply machine learning / game theory to cyber security and cyber defense
    • Proposal development & support
    • OSS coordination/collaboration
    • Participate in multiple industry working groups / standardization committees
    • Model based system engineering (MBSE)
    • Development of technical marketing collateral
    • System & network administrator (Linux, MacOS, Network, Office365); IT Manager
    • Develop, maintain & support CMMC compliant network

  • Owner and Rigger, Jalan Rigging

    May, 2017 - Jun, 20236 years

    • Safety inspections for TSO components including reserve parachutes, harnesses, and containers
    • Reserve parachute repacks
    • Major and minor repairs and alterations to TSO components
    • Prototyping and light manufacturing
    • Gear recommendations, test fitting and suitability
    • Supervising packing and maintenance performed by non-riggers
    • Industrial sewing machine rebuilds, maintenance and operation

  • VP Engineering / CTO, 2Checkout

    Oct, 2014 - Nov, 20151 year 1 month

    • Managed software development and quality assurance departments
    • Grew engineering from 5 members to 22 members
    • Fostered collaboration between infrastructure, devops, development, and product development
    • Technical liaison between engineering and the rest of the business
    • Implemented Continuous Integration (CI) and nightly builds
    • Separated deployed software into PCI DSS and non-PCI domains (CI was rolled out to non PCI components)
    • Development with the Catalyst MVC framework
    • Automated release process
    • Established automated testing strategy
    • Release planning and coordination
    • Modified Agile development
    • Architected technical solutions
    • Technical recruiting and retention

  • Deputy Technical Director, Raytheon Centers of Innovation (COI)

    Apr, 2014 - Dec, 20148 months

    • Managed 9M Internal Research & Development (IRAD) budget for software, firmware and hardware solutions related to offensive and defensive cyber security
    • Chief architect for cyber security solutions
    • Identified intellectual property (IP) that could be sustained as a product, capability or key differentiator
    • Technical interface with business leadership and key customers
    • Ensured COI lead Raytheon’s Cyber strategy and established subject matter expertise (SME)
    • Identify key markets for expansion, growth and technical excellence
    • Earned Value Management (EVMS)
    • Fostered innovation, creativity and results
    • Provide technical oversight to 300+ researchers, technologists & engineers
    • Technical recruiting and retention
    • Develop, maintain and integrate security solutions for FedRAMP, NIST 800-171, NIAP, Common Criteria and DISA STIG environments

  • CTO, Raytheon Pikewerks

    Mar, 2007 - Dec, 20147 years 9 months

    • Linux / Unix kernel development (C & asm)
    • Firmware & hardware reverse engineering, modification and development
    • Developed In-memory forensics, Anti-Tamper, and Cross domain solutions
    • Cyber security and insider threat detection
    • Machine learning for cyber security
    • Extracted, reverse engineered, modified and replaced firmware on multiple mobile devices, embedded systems, and proprietary hardware
    • Identified, root-caused and developed workarounds for multiple issues related to kernel reference counts, semaphores, & locks
    • Agile / SCRUM driven software & firmware development across 6+ sites
    • Wrote multiple winning Research & Development (R&D) proposals from 25K-25M
    • Lead multiple firmware, kernel & mobile engineering teams of 8+ distributed developers
    • Technical sales for Anti-Tamper, In-memory forensics, and various cyber capabilities / products
    • Oversee new technology adoption, integration, and research
    • Support transition of R&D efforts to production with QA, testing, and support
    • Provide program management support for 15+ R&D efforts
    • Software lead & chief architect for enterprise-wide Low Cost Secure Solution
    • Chief Architect for Secure Cloud Solution
    • Designed and implemented split network for IP protection and Internet separation
    • Supported company growth from 2 developers to 50+ developers
    • Supported acquisition & integration with parent company
    • Constructed and managed multiple facilities to US DOD standards (DCID 6/9 & ICD704)
    • Information Assurance Manager (IAM) / Information Systems Security Manager (ISSM) and system administrator for multiple PL1, PL2 and PL3 systems (DCID 6/3 & ICD709)
    • Provide technical oversight to 35 researchers and technologists
    • Provide executive leadership and oversight
    • Designed and implemented a VoIP phone system
    • Managed 2 person IT department
    • Integrated and transitioned existing IT infrastructure with Raytheon and Raytheon SI Government Solutions

  • Director of Technical Services, Fort William LLC

    Mar, 2005 - May, 20072 years 2 months

    • Data-driven software development in perl, JavaScript, XML, & CSS
    • Developed interactive forms and documents using dynamic PDFs and rtf
    • Enabled code modularization and reuse
    • Refactored existing code base through the development & use of modules, subroutines, & libraries
    • Developed XML / SOAP interfaces to external vendors and entities
    • Established APIs and Integrated dynamic content from multiple external partners
    • Data processing, manipulation and warehousing
    • Application and LAMP security
    • Etablished and ran local Linux User's Group (LUG)
    • LAMP Stack development & administration
    • High-availability (HA) Linux and network administration
    • Developed, implemented and routinely tested disaster recovery plan
    • Complied with government protection guidelines for financial and health care information

  • Software EngineerUS Government

    Jun, 2001 - Mar, 20053 years 9 months

  • Assistant Unix AdministratorMilwaukee School of Engineering

    Aug, 2001 - Sep, 20043 years 1 month

    • Linux & Unix (Solaris, HP-UX, Tru64) system administration
    • Supported redundant fault-tolerant Foundry and HP networking infrastructure for 8,000 students, faculty, & staff distributed across 12+ buildings
    • Maintained edge connectivity to WiscNet
    • Developed and maintained “secure” shell server for students
    • Supported and maintained core network services (DNS, DHCP, LDAP, NIS, RIP, BGP, etc.)
    • Implemented and maintained SPAM / Virus mail proxy (forward to MS Exchange cluster)
    • Maintained /16 IP address space including routing and subnetting
    • Maintained campus wide RIP, OSPF and BGP routing tables for a fault tolerant network
    • Maintained web servers for university, all academic departments and students
    • Implemented bandwidth monitoring and QoS (implementation was published in Sys Admin)
    • Scripting and software development
    • Red team Microsoft SQL cluster and data warehouse
    • Perimeter and internal network security (Checkpoint fw-1 & iptables)
    • On-call support as necessary
Projects Experience

Projects Experience

Skills

Skills

  • Embedded Software
  • Embedded Systems
  • Solution Architecture
  • Bash
  • C
  • Network Administration
  • Distributed Systems
  • Firmware
  • FreeBSD
  • Software Engineering
  • Cyber-security
  • MySQL
  • Kernel Programming
  • Continuous Integration
  • Cloud Computing
  • Program Management
  • Jenkins
  • Information Security
  • Solaris
  • Kernel Debugging
  • Scrum
  • DevOps
  • System Architecture
  • Software Development
  • git
  • Computer Security
  • Subversion
  • Linux System Administration
  • Open Source
  • Amazon Web Services (AWS)
  • Innovation
  • Security
  • Engineering Management
  • Integration
  • Technical Leadership
  • Kernel
  • Linux
  • Linux Kernel
  • Apache
  • Debian
  • Unix
  • Reverse Engineering
  • Perl
  • Firewalls
  • Software Development Life Cycle (SDLC)
  • Infrastructure
  • Architectures
  • Network Security
  • Agile Methodologies
Education

Education

  • Engineering/Industrial Management, Master of Science (MS) Engineering Management (MSEM), Kettering University

    Dec, 2010 - Dec, 2013

  • Computer Engineering, Bachelors of Science, Milwaukee School of Engineering

    Dec, 2001 - Dec, 2006

  • , , International School of MN

    Dec, 1997 - Dec, 2001

Certificates

Certificates

  • Commercial pilot (ASEL, ASES, AMEL, Glider), FAA

    Issued on:

  • Instrument Airplane, FAA

    Issued on:

  • D License, USPA

    Issued on:

  • Acellerated Freefall (AFF) Instructor, USPA

    Issued on:

  • Decompression Procedures (Open and closed circuit), TDI

    Issued on:

  • Master parachute rigger (Back, Chest & Seat), Federal Aviation Administration

    Issued on:

  • CCR Full Cave, TDI

    Issued on:

  • Advanced Mixed Gas CCR (100M), TDI

    Issued on:

Publications

Publications

  • HIGH PERFORMANCE TRUSTED EXECUTION ENVIRONMENT, 2019 NDIA GROUND VEHICLE SYSTEMS ENGINEERING AND TECHNOLOGY SYMPOSIUM

    Published on: Jul 31, 2019

    This paper explores the construction of a Trusted Execution Environment (TEE) which doesn’t rely on TrustZone or specific processing modes in order to achieve a high-performance operating environment with multiple layers of hardware enforced confidentiality and integrity. The composed TEE uses hardware intellectual property (IP) blocks, existing hardware-level protections, a hypervisor, Linux security module (LSM), and Linux kernel capabilities including a file system in order to provide the performance and multiple layers of confidentiality and integrity. Additionally, the TEE composition explores both open source and commercial solutions for achieving the same result.

  • YOU’VE IMPLEMENTED ENCRYPTION, NOW WHAT? Using Mandatory Access Control & Separation Techniques to increase system integrity during and after an attack, Star Lab

    Published on: Jun 30, 2016

    Vehicle and transportation systems provide a challenging use case for security, where physical and virtual access is virtually unlimited, and its relatively easy to procure replacement parts, components, and even whole vehicles to continue attacking a system. Given these challenges in the vehicle deployment model, the goal shifts from denying an attacker access, to limiting the damage an attacker can do once access is achieved. Specifically, the integrity and availability of the system (vehicle) must be maintained after a successful compromise. The use of encryption is only the beginning in terms of securing vehicle systems and is generally not sufficient to preserve the integrity of these systems during or after a successful attack.
    We will address:

    1. Security fallacy of “just encrypt”
    2. Attack flow and overview (setting the stage for MAC) 3. Introduction of Mandatory Access Control (MAC)
    3. Kernel implementations of MAC
    4. Hypervisor implementations of MAC
    5. Further decreases to the attack surface
References

References

  • valentine nwachukwu

    I am one of the lucky few to get to work with Jonathan (JK). In my time at Wind River, I appreciate the fact that JK was one of the most intelligent people in the area of design and development of secure processors, and how they can be used to influence, control or solve security-related challenges that are exposed at runtime. He truly has both the breadth and depth of knowledge in the areas of Linux, embedded software, mission-critical systems, and cybersecurity. More importantly, he is one of the few people that I can confidently say would truly understand the challenges and trade offs that occur in a production / design environment for any technology or product he is managing in the realm.

    Another key strength JK brings to the table is his ability to drive business objectives and sales with smart solutions that work for the customer. In fact, his customer obsession has many times led to creation of products that helped the business while also providing our customers with the exact features they requested. In my time knowing him, JK has found a way to go above and beyond for our customers while still making sure the bottom line is achieved.

  • Sandy Ring

    Jonathan is the most talented person that I have ever (and probably will ever) work with. His intelligence, creativity, and dedication are unmatched.