I design systems and develop systems software with a focus on clean abstractions and security. I build custom Linux platforms and integrate applications. I secure infrastructure and isolate software components from down to earth industrial embedded systems all the way into the clouds.
For a better future, my favorite concept is the Principle of Least Privilege, my favorite technology are Microkernel Operating Systems, my favorite programming language is Rust, and I prefer to work on FLOSS (Free/Libre and Open-Source Software). In today's complex IT ecosystem, I advocate code reuse, work on modern Linux systems, carefully isolate (and still write) software in C and C++, most of my previous professional work is not Open Source and I am experienced in navigating the perils of proprietary software on FLOSS platforms.
My native language is German, I have near-native proficiency in English and an intermediate knowledge of Spanish. I thrive in an international environment and a discrimination-free workplace is important to me.
Systems Engineering & Programming
A passion for abstractions and systems design, building on more than 15 years of industry experience and a formal Computer Science education with a focus on Operating Systems, Systems Engineering and Security. I embrace Rust as the future of systems programming, have a strong background in C development on Linux, and make use of modern C++ for solid industry software. My language of choice for non-runtime-critical data processing is Python. Clean code, quality documentation, and a conscious use of source code and project management software are integral to my work. I have worked with diverse ecosystems and programming languages (including complex software in awk!), from μkernel OS services to high availability clusters.
- Programming Languages: C, C++, Rust, Python, basic x86 assembly, dark shell scripting
- Source Code & Build Management: Git, Subversion/SVN, ClearCase, Jenkins
- Build Systems: proper Makefiles, Meson, Autotools (if I must), Cargo
Linux Integration & Customization
I thrive in the space between hardware and end user applications, specializing in Linux Operating Systems integration, customization and hardening, complemented by application build management, packaging and deployment. Building my own Linux kernels and custom Linux systems since 2005, today I build solid platforms with modern deployment strategies and help teams ship software more efficiently.
- Linux Distributions: Arch, Gentoo, Debian & Ubuntu, Red Hat Enterprise Linux (RHEL) & SUSE Linux Enterprise Server (SLES), Sailfish OS
- Packaging: dpkg, pacmam, Portage, RPM
- Platforms: x86 server, semi-embedded x86 and ARM embedded devices
Infrastructure Security & Isolation
From an academic background of μkernel Operating Systems and security research, I provide security consulting with a focus on privilege separation and system validation. Starting with Secure Boot of local hardware over sandboxing and containers to orchestrated virtual machines in the Cloud, I combine new technologies with Linux hardening techniques acquired in my early Systems Administration work to secure infrastructure.
- Privilege Separation: μkernel-OSes (L4Re), Linux hardening, sandboxing (Seccomp-BPF, Linux Namespaces), containers (rkt, Docker, systemd-nspawn), virtualization (VirtualBox, QEMU/KVM, VMWare), Vagrant
- The Cloud: AWS (Amazon Web Services), EC2 (Elastic Cloud 2), Virtual Private Cloud
- Network Services: HTTP (Nginx, Apache, Lighttpd, Squid), SMTP (Postfix, qmail), IMAP & POP3 (Dovecot, Imapd), DNS (djbdns, Bind), OpenSSH, OpenVPN
Research Interests & Education
I studied Computer Science specializing in Operating Systems, together with advanced courses in Security and Cryptography, Systems Engineering and Engineering Psychology. I earned a Master's degree from Technische Universität Dresden with a thesis on Automatic Sandboxing of Unsafe Software Components in High Level Languages. TUD's Operating Systems Group gave me the opportunity to present my findings at the PLOS workshop at SOSP'17 (paper, slides).
My main research interests are Operating System privilege separation and security design, from Linux sandboxing to μkernel-OSes in the tradition of the L4 family. Further research interests include information security, decentralized services, and anonymity.
Building the Linux-based operating system base for LAR's next product generation, from driver customization to automatic networked installation and start into a polished, touch-friendly application environment.
Managing the transformation of Pushbutton's development infrastructure into the Amazon corporate network: devising a big-picture strategy and security concept, hands-on evaluation and transition of services.
Developing the next generation operating system base for Nokia Networks (then NSN) communication products and enhancing the in-house software distribution and deployment system.
Currently, the most reliable way to reach me for more information or to request a detailed CV is to email me at firstname.lastname@example.org. Feel free to use my PGP key. I am happy to get back to you through other channels of communication.