Steven Johnstone
Software Engineer with Strong Security Focus
Contact
Location
- Address
- Lanark, South Lanarkshire, United Kingdom
Languages
- English
- Native Speaker
- Dutch
- Fluent
- German
- Beginner
Profiles
- Github
- github.com/stevenjohnstone
About Me
Seasoned security engineer with 15+ years of experience protecting critical national infrastructure, building security‑first products, and driving compliance for US federal programs. Passionate about breaking things to make them stronger—expert in secure development lifecycles, vulnerability management, and cloud‑native security.
Work Experience
2024-01-10 to Present
Product Security Lead at Smarter Grid Solutions
Application security for critical national infrastructure. Making CISA's Secure By Design a reality
2020-05-31 to 2024-01-10
Lead Security Engineer at Girnin Dug
Adversarial product security testing. Red-team testing of startups
2021-09-17 to 2022-05-14
Principal Security Engineer at Mirantis
Docker Enterprise FIPS 140-2 maintainer; established and ran PSIRT; onboarded Mirantis as a CVE Numbering Authority
2020-05-31 to 2021-09-17
Resting at Sabattical
Very badly timed (COVID) sabattical after intense period of back-to-back startups
2017-05-31 to 2020-05-31
Founder & Chief Security Officer at Next DLP (formerly Jazz Networks)
Leader in security of the product and company infrastructure. ISO 27001 lead-implementer. Golang developer. Hands-on security tester. Successful exit: company split and acquired by Motorola and Fortinet
2013-12-31 to 2017-05-31
Founder & Chief Security Officer at Acano
Leader of security efforts. Founded PSIRT. Guided product through US Federal evaluations (JITC). Dual role as head of systems programming. Responsible for embedded software, manufacturing tests and software build system. Manager of a team with hands-on programming in the mix. Acquired by Cisco
2012-02-28 to 2013-12-31
Founder & Systems Engineer at Acano
Systems software engineer and security specialist. Low-level hardware bringup, custom Linux distribution maintainer, build system owner. Built something from nothing
2010-04-30 to 2012-02-28
R&D Security Engineer at Cisco Systems
Design and implementation of security features for telepresence infrastructure products. Specialism in kernel and network stack development.
2007-09-30 to 2010-04-30
Systems Engineer at Tandberg (Acquired By Cisco)
2006-08-31 to 2007-09-30
Systems Engineer/Manufacturing Test Automation at Codian (Acquired by Tandberg)
Video conferencing startup. Acquired by Tandberg
2001-05-31 to 2001-10-31
Summer Research Student at University of Glasgow
Mathematical modelling applied to problems in medicine.
Education
2003-12-31 to 2006-12-31
University of Strathclyde
PhD: Mathematics
1996-12-31 to 2001-12-31
University of Strathclyde
BSc (Hons) First Class: Mathematics
1998-12-31 to 1999-12-31
Queen's University
Exchange program: Mathematics
Volunteer work
Mentor at Intergenerational Mentoring Network
Mentor to two bright young people from Easterhouse who want to start careers in high technology
Skills
Security Processes (Expert): Threat & Vulnerability Management, Incident Handling, Penetration Testing, Secure Code Review
Industry Standards (Battle-Hardened): FIPS 140-2, ISO 27001 Lead Implementer, GDPR
US Federal Market Compliance (Multi-million Dollar Successes): JITC, APL, DoD
Golang (Expert): Systems Code
C (Veteran): Embedded Systems, Kernel Drivers
C++ (10+ years): Systems Code
Scripting Languages (10+ years): Ruby, Python, Lua, Bash
Frontend Web Technologies (Code Reviewer): Javascript, Typescript, Elm, Angular, React
Cloud Native Technologies (Expert): Docker, k8s, Terraform
Secure coding (Evangelist): SDL, CERT-C, OWASP
Cryptography (Enough to be Dangerous): Applications, Vulnerability Auditing
Reverse Engineering (Always Practicing): r2, ghidra, angr, assembly language
Fuzzing (Expert): afl, golang, c, custom frameworks