Last Updated:

CV of James Hebden

Contact: E-mail, Web, LinkedIn, GitHub


I enjoy working remotely, and am a huge proponent of flexible work options. I'm interested in how technology enables us all to live better lives. I work well in teams, and I value being friendly, polite, patient, and I enjoy sharing knowledge and skills.

My skillset and interests are around web/cloud infrastructure and security - especially hardware, virtualisation, configuration management/automation, and embedded technology (e.g. IoT), with experience developing, auditing, securing and reverse engineering software at various levels of the stack. I specialise in, and really enjoy working with - Linux, BSD, Open Source Software, Security, Monitoring & Automation, Virtualisation, Networking & Software Development, including embedded system development.

I enjoy working in DevOps & Generalist teams, where everyone can get their hands dirty and all voices are heard. I keep up to date on the latest technologies and platforms, and finding new and smarter ways to get things done through automation, monitoring/metrics and open communication, but don't believe in innovation for innovation's sake - solving problems using appropriate solutions is always my focus.

In my spare time, I enjoy hacking, coding, brewing, baking, electronics, woodworking, blacksmithing, gardening, hiking, and swimming.


A high level list of the technology I've worked with in my career and personal projects.


  • KVM (libvirt, nova)

  • OpenStack, Kubernetes

  • Public Cloud (AWS)


  • LXD

  • Kubernetes

  • Docker (Swarm, Image builds, Deployment, Performance tuning)

  • Kernel namespaces and capabilities development

  • Container security hardening


  • SAN and NAS - EMC, IBM, NetApp

  • SAN Fabrics - iSCSI, FC & FcoE

  • Software & APIs - S3, MogileFS, Ceph, Swift, Samba, NFS


  • Servers x86/x86_64 (IBM, Dell, HP, Super Micro, Lenovo)

  • ARM embedded / IoT - usage and integration

  • Router Platform implementation and reverse engineering


  • Application analysis & code auditing

  • Network & system auditing and offensive security testing

  • Vulnerability analysis and flaw handling

  • Security compliance auditing & baseline implementation

  • Malware protection and patch management


  • Cisco/IBM/BNT/Cumulus Equipment

  • IPV4 & IPV6 implementation and management


  • VPN (IPSec, OpenVPN, WireGuard)

  • DNS (Bind, dnsmasq, MS DNS)

  • Firewalling/Proxying (iptables, Squid, haproxy, nginx, PF, pfSense, OpenWRT)

  • 802.11 Wireless (mesh networking, long range links, network design)

  • Linux & BSD policy routing and firewalling

  • Load balancing and CDN (ELB, F5, Haproxy, nginx)

  • SDN - Open vSwitch/OVS/OVN, OpenDaylight, OpenStack Neutron (L3HA & DVR)

  • Public Cloud networking (AWS VPCs, ALBs, etc)


  • System and backend programming - Python, Ruby, Rust, Golang, C

  • Web - HTML5 / CSS3 / JS

  • Assembly, but mostly for reversing / auditing / disassembly

Deployment Tooling

  • Packaging (dpkg, basic rpm, manual) and deployment automation

  • CI tooling and Testing - GitLab, Travis, Jenkins, Rspec, pytest

  • Snapcraft packaging and Juju Charm development

  • Docker/OCI image creation

OS Build/Config Management

  • MaaS/Juju

  • Ansible, Puppet, Chef

  • Kickstart & preseeding/curtin

  • Packer & Vagrant image creationg and deploy automation

  • OS image security hardening

  • Test Kitchen / Serverspec / Testinfra server testing frameworks


  • Buildroot base embedded system development

  • OpenWRT packaging and image builds

  • Microcontroller PCB & firmware design and implementation

Job History

Work history, detailing the technologies and skills used and learned for the role.

Canonical (Present)

Engineering Manager

  • Managing a team of engineers working in a true DevOps team

  • Software development in Python/Django/Golang

  • Automated network, storage and server management at scale

  • Monitoring and metrics infrastructure deployment and management

  • Customer relationship management and support

Red Hat

Senior Developer, Product Security (OpenStack / Software Defined Networking)

  • Vulnerability analysis and classification

  • Cross-team security flaw management and analysis

  • Code auditing and application testing

  • Automation of analysis environments (Python, Ansible, Vagrant)

  • CVE / CVSS scoring and issuing advisories

  • Bug and patch management lifecycle management


Cloud Reliability Engineer

  • LXD containerisation

  • MaaS, Juju deployment and management

  • OpenStack deployment and management - Deep Neutron, Ceph, Nova and Keystone

  • Ceph storage tuning, deployment and maintenance

  • Python and Golang development

  • Server hardware (IBM, HP, Dell, SuperMicro, Cisco)

  • Hardware and software networking (Cisco, Cumulus, Juniper, Neutron, OVS)

  • Observability (Grafana, Prometheus, Graylog, ES, Beats, Nagios)

  • Remote Hardware and deployment diagnosis

  • Databases (ES, MongoDB, PostgreSQL, MySQL)

  • Customer support

Fog Creek Software

System Administrator

  • Docker (Swarm, Networking, Kernel tuning, API programming/orchestration, Container security)

  • Server platform implementation & Administration (AWS, Bare metal)

  • Server installation/configuration (Puppet, Ansible, Vagrant, Packer, Preseed)

  • Storage (iSCSI, LVM, EBS, MogileFS, S3, Glacier)

  • Security (VPN, PF, pfSense, GPG, SSH, SSL, Hiera EYAML)

  • Networking (pfSense, OpenBSD & FreeBSD PF, Haproxy, Dell OpenConnect, VPC, DNS, DHCP, PXE)

  • Full-Stack Development (Golang, Ruby, Node.js, CSS, HTML5, JavaScript, Powershell, Python)

  • Database Administration (MSSQL, MySQL, RDS, PostgreSQL, Sqlite)

  • Monitoring & Logging (Nagios, AWS Cloudwatch, Loggly, ElasticSearch, Logstash, syslog, journald, Kibana)

  • DVCS hosting & management (Mercurial, Git)

Tectonic Digital & Award Force

DevOps Systems Engineer

  • Cloud platform implementation & Administration (AWS)

  • Server installation/configuration (Chef + BerkShelf, AWS OpsWorks)

  • Cloud Networking (ELB, IPv6, VPC, DNS)

  • Full-Stack Development (PHP, Ruby, Perl, CSS, Sass, HTML5, JavaScript)

  • Database Administration (MySQL, RDS)

  • Monitoring (CopperEgg, Sensu, Graphite, LogStash, Syslog)

  • Hosting Stack Development & Deployment (NGINX, Apache, PHP-FPM, HHVM, Git, Capistrano)


Systems & Technologies Group (STG) - Lab Services CTS

  • Cloud platform implementation (OpenStack, SmartCloud)

  • Server installation/configuration (Systemx, Power, PureFlex)

  • Network implementation (IBM, Cisco, Firewalls, VPN)

  • Storage installation/configuration (IBM, NetApp)

  • Automated OS Deployment (Windows, Linux, vSphere)

  • Scripting (Ruby, Perl, Bash, VBScript, Powershell)

  • VDI Design & Implementation (Citrix, VMware)

  • Virtualisation (KVM, VMware, PowerVM)

  • Big Data (BigInsights, Hadoop)

Workspace Engineer

  • Web and mobile application design and developement (jQuery, MySQL, PHP, AJAX, Cordova, Worklight)

  • Unified Comms and collaboration (Microsoft Lync, Exchange, VMware Zimbra, OSX, Cisco Jabber)

  • Virtualisation and VDI design (XenServer, XenDesktop, XenApp, CloudFront, vSphere, VMware View)

  • Server and Storage hardware (NetApp, IBM xSeries, IBM BladeCentre, Cisco UCS, EMC)

  • Application packaging and virtualisation (App-V, Citrix Streaming, VMware ThinApp)

  • Mobile Device Management (IBM Endpoint Manager, Good, Afaria, MobileIron)

  • Microsoft Infrastructure and user experience design (AD, Group Policy, DFS, etc)

  • Zero-touch OS Deployment (SCCM OSD, MDT 2010 and 2012, OSX SIU)

  • System Management platforms (IBM Endpoint Manager/BigFix, SCCM)

  • VBScript, Perl, Ruby and PowerShell scripting (ADSI, HTA, DOM, SQL)

  • Windows, OSX and Linux deployment, management and virtualisation

  • Networking (Cisco, Citrix NetScaler, F5 Big-IP, Juniper)

  • Infrastructure and solution design

Technical Manager

  • Intel server hardware, including IBM BladeCentre, design, implementation and management

  • EMC SAN and storage networking design, implementation and management

  • Right-to-left push initiative design and implementation, including tooling

  • Citrix XenApp & XenDesktop design, implementation and management

  • Windows media services implementation and video broadcasting

  • Automated compliance reporting design and development

  • Design and support documentation authoring and review

  • Microsoft OCS design, implementation and management

  • Infrastructure design, implementation and management

  • Group policy design, implementation and management

  • SCCM/SMS design, implementation and management

  • McAfee design, implementation and management

  • Automated asset management reporting

  • Perl, VBScript and Powershell scripting

  • Incident and problem management

  • Security compliance management

  • Critical situation management

  • AD design and management

  • Exchange management

  • Client consultation

  • Team leadership

Intel Server Support

  • EMC SAN and storage networking design, implementation and management

  • Citrix XenApp & XenDesktop design, implementation and management

  • Windows media services implementation and video broadcasting

  • IBM bladecentre, design, implementation and management

  • Microsoft OCS design, implementation and management

  • Infrastructure design, implementation and management

  • Group policy design, implementation and management

  • SCCM/SMS design, implementation and management

  • McAfee design, implementation and management

  • Automated reporting design and development

  • VBScript and Powershell scripting

  • Security compliance management

  • Intel server hardware, including

  • AD design and management

  • Exchange management

Deskside Support Specialist

  • End-user support of PC hardware and peripherals in a professional setting

  • Automation of common fixes and administrative tasks

  • Escalation management and resolution

  • Remote access support

  • Executive support

PC People

Technician / Head Technician

  • First real computer repair gig :)

  • Customer premises support of PC and networking equipment

  • OS installation, driver management and build automation

  • Home and business network design and implementation

  • PC hardware configuration design and implementation

  • Walk-in support of PC and networking equipment