# John (@johnandersen777.bsky.social) Profile: https://sifa.id/p/johnandersen777.bsky.social Headline: beep boop software security ## About Securing the software supply chain and driving best practices ## Experience - **Senior Product Security Engineer at DigitalOcean** (2025 – present) Security Platform team lead focusing on security engineering and secure by-default support for engineering teams. - **Infrastructure and DevOps Architect at Intel Corporation** (2022 – 2024) Methodologies for and implementations of mutating workload identity as GenAI tech lead. Contributed to Open Source and internal Software Supply Chain Security specs, code, and roll outs. Saved over 540 million dollars co-leading and participating in the development of CI/CD and InnerSource decisions and implementations during corporate initiative to align methodologies (2020 \- 2024). - **Android QA Intern at Intel Corporation** (2014 – 2016) Created a PHP + MySQL application to log, track, produce reports, and chart success of test results for Android on Intel Architecture. Developer of Distributed Android Testing system, deployable to many physical hosts using Docker. Allows many devices to be tested at once, logs available across hosts, and physical robot automated or software UIautomator tests execute the same across devices. Updated codebase of the Intel Android Telemetry project to work with Android Marshmallow. Modified client side daemons and applications, server side and database components, and production infrastructure. - **Coach at Five Rings Jiu Jitsu and Fitness** (2012 – 2015) Coach for Junior and Little Samurai classes 16 to 4 years old. Great gym and great coaches I've been with them for many many years. Fitness classes as well as Jiu Jitsu. - **Intern at Bonneville Power Administration** (2013 – 2013) Worked in the IT Project Management Office Centralized Project Management Metrics using excel and SharePoint to ease the process of portfolio manager reviews and identify problem areas in portfolios and projects. - **Open Source Security Software Engineer at Intel Corporation** (2018 – 2021) Product Security Expert. Security consulting on software architecture. Guides projects through Intel’s Security Development Lifecycle (2017 \- present). Security validation for various Intel products. Leads an international team of contributors working on Data Flow Facilitator for Machine Learning. Developed paravirtualized control register protection patchset for Linux and KVM. Applied machine learning to evaluate open source software packages on secure development practices, streamlining dependency review for all of Intel. Co-Maintainer of cve-bin-tool, a tool used to scan binaries for known CVEs. Mentored via Google Summer of Code program for DFFML and CVE Bin Tool (2019 \- 2022, 2021). - **Cloud Orchestration Software Engineer at Intel Corporation** (2021 – 2022) Contributed to architecture definition and implementation of CI/CD for server platform validation. - **Open Source Security Intern at Intel Corporation** (2016 – 2018) POC showing leaked addresses allow for bypassing of Kernel Address Space Layout Randomization (KASLR) to achieve privilege escalation in the Linux kernel. Created demo showcasing Intel’s container virtualization to defend against host kernel exploits. Fuzz and penetration testing, integration with OSS Fuzz, of Intel and Open Source projects. Wrote penetration testing documentation and provided guidance to the team on how to perform pentesting. ## Education - **Portland State University** — Bachelor's degree (2014 – 2018) ## Skills - Embedded Operating Systems - golang - C - Python - Assembly Language - HTML5 - Linux Server - JavaScript - C++ - Docker ## Publications - Compute Contracts — john.leaflet.pub (https://john.leaflet.pub/3mletyxaie22o) - Workload Identity Reverse Proxy — john.leaflet.pub (https://john.leaflet.pub/3lz7aymmqqc2l) - 🐛 Workload ID Musings 2025-09-06 — john.leaflet.pub (https://john.leaflet.pub/3ly6yulzgo22c) - APIs — john.leaflet.pub (https://john.leaflet.pub/3lvt34t54o22a) ## Volunteering - Mentor at Python Software Foundation ## Honors and awards - Member of Urban Honors College at Portland State University ## Languages - English (native) - Spanish (elementary) - Danish (limited_working)