About Me

I am currently the founder of troupeit.com, a stage/conference management SaaS site. Prior to building that service, I was employee #13 or so at Twitter, working in operations and security. These days I do a bit of information security consulting and I'd love to meet you if you work in infosec. I am also on the board of the Open Technology Fund, which utilizes available funds to support Internet Freedom projects that empower world citizens to have access to modern communication channels that are free of restrictions, in order to allow them to communicate.

I have extensive experience building security teams, managing incident response, and coordinating efforts defending against various security threats. I also have solid experience in web operations and scalabilty, and have been a strong defender of Internet Freedom and user privacy for many years through my work and independent research. I am confident that I will be an asset to you in your company’s future security work.

Building a strong and dedicated team with a focus on the user has helped me develop a successful career and as a strong public speaker, I have been able to promote security both inside (as an educator at Twitter) and outside the organizations I have worked with.

I also enjoy working on hardware, audio, and video things. If you need event production help, I'm here for you.

Contact Details

John Adams
(415) 425-3551
jna@retina.net
@netik on Twitter

Recent Work

... but not all!

Bolt

Head of Information Security March 2015 – March 2017 (2 years 1 month)

Founding member of the Bolt Infosec Team.

I worked on security issues related to crypto currencies and the payments industry, user privacy, and compliance (PCI, ISO27001/27002, SAS70). I handled frequent audits of their Amazon Web Services configuration for compliance and security. Advised software engineers on proper security methodologies and built security into Bolt's software development lifecycle.

I also worked on software engineering and security audit work in Go, Ruby, node.js, React.js, and Python. I deployed the firstidentity mangement for the company system using OpenLDAP and FreeIDM. All of this was deployed using configuration management in Ansible and Terraform on AWS.

Twitter

Security Team Lead 2010 – 2012 (3 years)

As team lead for Twitter's first security team, I worked on SSL performance at scale, cryptography, XSS/CSRF defense, malware defense, penetration analysis, security reviews, and code reviews in Ruby/Rails, Java, Scala, PHP, Python, and C.

Our fledgling infosec team set security policy for the entire company, handling security at scale.

I also educated our developers and engineers on security issues and presented at various industry conferences such as RSA, O'Reilly Velocity, Web 2.0 Expo, Defcon, and CloudComputing.

I lead a team of 14 people, and every day we worked to defend the user's voice.

Twitter

Operations Engineer 2007 – March 2010 (3 years)

As an early member (employee 13) of Twitter's Operations team, I took a site with less than 200,000 users and poor uptime to full stability and over 100M users through careful application of configuration management tools (Puppet, custom python scripts), metrics, and capacity planning.

I later founded the first security team at Twitter with Bob Lord, who went on to become the CSO of Yahoo!

Applicable technologies: Linux, Ruby on Rails, Puppet, Java, Scala, Python, DNS, SSL, etc.

Skills

From the early days of the web in the 1990's to today, I have grown my career with the Internet. I worked on some of the earliest web sites back then, and continue to work on the Internet daily.

Among the things I enjoy are DevOps, Configuration Management (chef, puppet, ansible, etc.), TLS, Operations, Scaling, Security, Privacy, Penetration Testing, Automation, Python, Ruby/Rails, Messaging, Network Engineering, Linux, Linux Performance

I've also done full-stack development in React.js, Node, Go, Ruby on Rails, and many other frameworks. If you want to see source code, just ask.

The DEFCON 25 badge I worked consisted of solving serious hardware development and manufacturing issues in KiCad, Embedded C, ChiBios, ARM assembly, and others. I've leveraged that work to do IoT security testing, which has worked well for companies like eero where I designed a seamless PKI cryptosytem that even consumers could utilize with zero effort.

Other Interests

Privacy, Security, Internet Freedom issues, Film and video production, audio/video editing, Vintage Synths, Cooking, Concert Photography, Electronics, Music Production/Engineering.