✨Welcome to my README page 🩷❤️🧡💛💚🩵💙💜🖤🩶🤍🤎

Talk to me

• I use GitLab TODOs & Emacs Org Mode to track work. I just feel like you should know.
• If you need my attention on an issue or MR, please mention me @jhebden.
• Please feel free to set up a coffee (tea/liquid of choice) chat with me! I like getting to know team members.
• For calls focused on a specific topic, I prefer if there's an agenda to keep things (mostly me...) on track.
• I value patience, kindness, generosity, and prefer direct feedback if you need to raise something with me.
• If you are new to GitLab, curious about something I'm working on, security, bug hunting, Rust, Nix, cursed Furbies, or just want to say hello, send me an invite!

Career Background

I've worn many hats at this point. Mostly baseball caps and beanies. I've also had a lot of different jobs in different areas of tech. I value that experience for bringing diversity to my experiences and perspective, and a lot of empathy for the challenges facing people in many different areas of technology.

• I started my career in a small computer store, every day was different! I learned a lot about how computers get used for various things (including making railroad tracks)
• Worked my way through on-site PC support to server & network engineering and eventually managing technical teams / engineering
• Became interested in the DevOps movement very early on, and learned infrastructure as code, starting with Chef, Puppet, through to Ansible, and many more tools since
• Spent some time doing professional backend software development, and have built some really cool things (including security tools!) in Python, Go and Rust
• Ran private cloud environments, from deployment to automation to monitoring to debugging complicated Linux networking and storage issues
• Worked in product security, bug bounty research, and managed compliance and vulnerability management for some pretty large enterprises (and here we are)

CVEs

I enjoy bug hunting occasionally, and sometimes find bugs in things people actually use. I have found security bugs in enterprise network equipment, enterprise software, and random web applications.

Whilst not all of this fun leads to public CVEs, some of it has -

• CVE-2021-22054, an SSRF in VMWare UEM
• CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, various API security flaws in Dell OS10 network switches

Hobbies

I collect hobbies, and sometimes they don't last long. These are some of the ones which have stuck around.

• Emacs, this is a hobby all by itself, I live out of org-mode
• Self hosting (I run my own GitLab, Matrix & Mastodon servers at home) on OpenBSD & Xen, let's talk homelab!
• Coding and using open source software, I love to contribute, currently Nix and Rust focused
• Electronics & designing open source hardware, firmware development, coreboot hacking
• Restoring and upgrading retro computer equipment
• Retro (early 2000s) audio gear (CDs, MiniDisc) - I use this stuff daily!
• Woodworking & a whole lot of home renovation
• Metalwork, recently getting into basic welding and also small engine repair
• Swimming, hiking, strength training & sometimes cycling (except in Summer)
• Languages, actively learning Japanese but I'm very interested in all languages
• I enjoy Japanese sencha & other green teas, coffee, iced jasmine tea daily! I love to compare notes.

Before the pandemic, I also loved going to hacker cons, especially KawaiiCon. Going to the hacker camps in Europe like EMF, SHA, etc. is a future goal.

Useful links

• The GitLab Vulnerability Management Handbook
• The GitLab Vulnerability Management Team Handbook