Whitney Ellis Champion

Linux. Security. Ops. Automation.

Hi! I'm Whitney. Systems and security architect based in Charleston, South Carolina.

Resume GitHub

About

I suck at intros.

I wear many hats and I crave a challenge.

My geeky interests lie mostly in Linux, security, devops, infrastructure, and automation.

My non geeky interests consist of crossfit, Seinfeld, drawing weird things, and raising lots of children.

Whitney Champion

Skills

    Operating Systems

  • Linux
  • Mac OS
  • Windows

    Utilized Cloud Platforms

  • Amazon Web Services
  • DigitalOcean
  • Vultr
  • Google Compute Engine
  • OpenStack

    Containerization

  • Docker
  • Red Hat OpenShift Container Platform
  • Elastic Container Service

    Information Security Tools

  • Nessus/Security Center
  • Nmap
  • Metasploit
  • AWS Inspector

    VPN

  • AWS VPC
  • OpenVPN
  • ZeroTier
  • strongSwan

    Programming

  • Python
  • Bash
  • Java
  • PHP
  • HTML
  • CSS

    Database Implementation/Administration

  • AWS RDS
  • MySQL
  • PostgreSQL
  • Elasticsearch
  • DynamoDB
  • MongoDB

    Virtualization

  • VirtualBox
  • VMware / vSphere
  • KVM
  • Red Hat Virtualization (RHV)

    Deployment & Automation Tools

  • Ansible & Ansible Tower
  • Packer
  • AWS CloudFormation

    Administration Tools

  • Kolide/osquery
  • Graylog
  • Red Hat IdM (Identity Management) / FreeIPA
  • Wazuh/OSSEC
  • Splunk
  • Red Hat Satellite / Spacewalk
  • Puppet

    Continuous Integration & Deployment

  • CircleCI
  • Jenkins

    Design

  • Adobe Photoshop
  • Adobe Illustrator

Experience

Recon InfoSec

November 2018 - Present

Position: Lead Architect

  • Responsible for architecting, developing, automating, and maintaining Recon’s security platform.
  • Architecting and automating the continuous development of the OpenSOC.io platform.

SPARC, an Agile Systems Delivery Hub of Booz Allen Hamilton

August 2011 - November 2018

Position: Senior Systems Engineer

  • Engineered full deployment, environment, network, and infrastructure automation utilizing Ansible, Packer, Docker, CloudFormation, and a range of AWS tools.
  • Built and maintained dev, testing, preprod, and production environments for projects within the Amazon Web Services platform:
    • Custom server builds, primarily CentOS/RHEL 7
    • Infrastructure
    • Troubleshooting
    • Code deployments
    • Monitoring/alerting
    • Patching/software updates
    • Security engineering and compliance
    • Intrusion detection
    • Backup automation
    • Multi-VPC environments
    • Network configuration
    • VPN configuration
    • Identity management
    • Multi-factor authentication
    • Documentation
  • Worked alongside developers to determine security and infrastructure requirements to meet project needs.
  • Linux systems engineer on production operations team supporting the Veterans Benefits Management System (VBMS), ~200 servers spanning 4 environments.
    • Custom server builds, primarily RHEL 5/6
    • Patching/software updates
    • Troubleshooting
    • Code deployments
    • Monitoring/alerting
    • Disaster recovery procedures
    • Documentation

Red Hat

September 2017 - March 2018

Position: Consulting Architect

  • Provided technical guidance and engineering support, with a focus in cloud automation. Primarily Ansible, OpenShift, Satellite, and CloudForms.

SPAWAR Systems Center Atlantic

May 2010 - August 2011

Position: Security Engineer

  • Specialized in Linux and Unix CT&E (Certification Testing & Evaluation) processes and engineering using NIST 800-53 controls and Risk Decision Authority Criteria (RDAC) for CDS (Cross Domain Solutions) within the DoD (Department of Defense).
  • Performed in depth network forensic analysis.
  • Scripted tools to assist in aforementioned forensic analysis.
  • Led security engineering effort for a DoD CDS in 2010.
  • Co-led CT&E regression testing effort for a DoD CDS in 2010.

Honeywell Technology Solutions, Inc

June 2009 - May 2010

Position: Information Security Analyst

  • Specialized in Linux and Unix CT&E processes using NIST 800-53 controls and RDAC for CDS within the Department of Defense.
  • Led PT&E review effort for a DoD CDS in 2009.
  • Used tools such as DISA Gold Disk, DISA SRR, and manual testing tools to test client systems for C&A (certification and accreditation).

ASU Technical Support Services

August 2004 - August 2008

Position: Computer Repair Technician

  • Computer hardware/software repair and one-on-one technical customer support for students, faculty, and staff at Appalachian State University.

Certifications

  • Red Hat Certified Architect (RHCA) - December 2017
  • Red Hat Certified Engineer (RHCE) - April 2011, November 2017
  • Red Hat Certified Systems Administrator (RHCSA) - April 2011, November 2017
  • Red Hat Certified Specialist in OpenShift Administration - December 2017
  • Red Hat Certified Specialist in Ansible Automation - Oct 2017
  • Red Hat Certified Specialist in Server Security and Hardening - June 2016
  • Red Hat Certified System Administrator in Red Hat OpenStack - February 2015
  • Red Hat Certified Specialist in Virtualization (RHCVA) - September 2014
  • Certified Information Systems Security Professional (CISSP) - April 2010
  • Certified Ethical Hacker (CEH) - September 2010
  • CompTIA Linux+ - May 2010
  • CompTIA Security+ - May 2009
  • ITILV3 Foundations Certified - November 2008

Training

LAB

I rebuilt my home lab in early 2018, for a few reasons: to support my work, my LLC, any and all side projects. I am an AWS and overall cloud fangirl through and through, but it adds up quickly.

I will continue to document new developments, as time allows, and add to it, as my wallet allows.

I did a full write up which can be found here.

DEV


Infrastructure

Web & Design

Android

Infrastructure

  • OpenSOC.io

    This is the infrastructure that currently supports OpenSOC.io. I encourage you to go to the website and read up on this project, as it is amazing :)

    When we deploy our current stack, it builds the following with CloudFormation and Ansible, configured and ready to be hit by all of our systems and sensors in our CTF range:

    • Our VPC
      • Subnets (so many subnets, like 40, network segmentation and HA FTW)
      • Routing tables
      • NACL's
    • Bastion
    • VPN server
    • VPN tunnel to the range
    • Security groups (again, so many)
    • Load balancers (classic or application, depending on what each setup needs, and sometimes multiple load balancers depending on public or private access)
    • Target groups
    • DNS/route53 entries
    • Elasticsearch cluster
    • Redis cluster
    • MySQL
    • Mongo replica set
    • Auto scaling groups (for Graylog, Wazuh, Kolide, Moloch, GRR, Nginx, etc)
    • Launch configurations / user data
    • Mailgun configurations for services that need it
    • ECS services, for things that need to be dockerized (see tangent below)

    There are also pieces that run after everything is built. Once the above CloudFormation stack is done and Ansible deploys all of those applications and configures everything, the playbook continues on to install New Relic agents, Telegraf agents, Graylog sidecar collector / osquery / Wazuh OSSEC agents on all of our own systems, and then it adds everything that needs to be user-facing to ZeroTier.

  • OpenSOC.io Infrastructure
    OpenSOC.io Infrastructure

  • App Deployment / Infrastructure

    This project has 2 parts: the deployment scripts, and the deployment dashboard.

    Deployment Scripts

    The deployment scripts are a combination of Ansible and bash that work together to deploy new applications, environments, and builds within AWS. The diagram describes the process in greater detail.

    Deployment Dashboard

    The deployment dashboard is written with Python and Flask. It has some DynamoDB on the backend, and it also uses Boto to aggregate data from AWS.

    It utilizes the deployment scripts above to automate the entire deployment and build process from a simple dashboard. The output from the deployment scripts is displayed in real time on the dashboard as builds are running.

  • Environment

    Environment

    • Deployment Dashboard

  • Deployment Dashboard

    Deployment Dashboard Home

    Home page for deployment dashboard.

  • Deployment Dashboard

    Deploy New Environment

    Screen to deploy new environments.

  • Deployment Dashboard

    Deploy New Build

    Screen to deploy new builds.

  • Deployment Dashboard

    Maintenance Dashboard

    Screen to deploy or remove the maintenance page.

  • Deployment Dashboard

    Environment Deployment History

    New environment deployment history being pulled from DynamoDB.

  • Deployment Dashboard

    Build Deployment History

    New build deployment history being pulled from DynamoDB.

    • Web & Design

  • OpenSOC

    OpenSOC

    Marketing sheet design / creation. Designed in Adobe Illustrator.

  • DryStax

    DryStax

    Logo, design, and development. HTML, CSS, and PHP. Fully responsive.

  • shortstack, LLC

    shortstack, LLC

    Development and logo. HTML, CSS.

  • Linden Surgical Center

    Linden Surgical Center

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • Buena Vista Surgery Center

    Buena Vista Surgery Center

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • The Hand Center of San Francisco

    The Hand Center of San Francisco

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • The Stroke and Neurovascular Center of Central California

    The Stroke and Neurovascular Center of Central California

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • The Lab

    The Lab

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • VG Life Sciences

    VG Life Sciences

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • CINI

    CINI

    Development only. Wordpress. HTML, CSS, and PHP. Fully responsive.

  • Sean Divine

    Sean Divine

    Designed all but the logo. First mockup of 2013. Images created in Adobe Photoshop.

  • Sean Divine

    Sean Divine

    Designed all but the logo. Second mockup of 2013. Images created in Adobe Photoshop.

  • SPARCET

    SPARCET

    Designed all but the ribbon. Second concept mockup. Images created in Adobe Photoshop.

  • SPARCET

    SPARCET

    Designed all but the ribbon. First concept mockup. Images created in Adobe Photoshop.

  • Jurd Beats

    Jurd Beats

    Designed full SoundClick layout. First concept mockup. Images created in Adobe Photoshop.

  • High School Nation

    High School Nation

    Designed everything except for the logo. Wordpress. HTML, CSS, and PHP. Images created in Adobe Photoshop.

  • PhilipBould.com

    PhilipBould.com

    Design and development. Background photo was taken by artist and altered in Photoshop. Wordpress. HTML, CSS, and PHP. Images created in Adobe Photoshop.

    • Android

    Hacker Tracker Hacker Tracker Hacker Tracker

    Hacker Tracker

    This started out as a "nice to have" for the conference. But as of DEF CON 23, DEF CON organizers made it the OFFICIAL Android app, and as of 2017, it supports multiple security conferences and is supported by a team of people!

    App was written in Java and Kotlin. The database is SQLite populated from a JSON API.

    The app can be downloaded here.

    The code can be forked from GitHub here.

    In 2017, I recruited outside help to work on this project with me going forward, since I don't have the bandwidth to work on it solo anymore.



    Angry Birds Backup

    Angry Birds Backup

    Note: I have discontinued these as they do not work with the modern versions of Angry Birds.

    I needed a way to transfer my Angry Birds scores between Android devices efficiently, so I wrote an app to do it. Four of them, actually. One for each version of Angry Birds. Except Star Wars because I went and had a baby and didn't have time.

    A user can choose to either save/restore their scores locally between the game and their SD card, or they can create an account and use the online option, which saves/retrieves their score files to/from AngryBackup.com.

    I also wrote the web interface and PHP API that the app uses internally.

    App was written in Java. Website was written in HTML, CSS, and PHP. The API was written in PHP. The database is MySQL. Images are property of Rovio but were redrawn by me in Adobe Illustrator. They can be downloaded in AI format here

    Talks

    • 08/2018 - Building the Hacker Tracker - DEF CON 26, slides
    • 05/2018 - Open Source DevOps - WeSpeakLinux Monthly, slides
    • 04/2018 - Automated Deployments With CircleCI & Ansible - SPARC Lunch and Learn, slides
    • 05/2017 - AWS EC2 & VPC Crash Course - SPARC Lunch and Learn, slides
    • 03/2016 - DIY Job Security - CarolinaCon, redacted talk, slides
    • 10/2014 - Android Crash Course - The Iron Yard, slides
    • 04/2014 - AWS / LAMP / Wordpress / Bootstrap Etravaganza - SPARC Lunch and Learn, slides

    Education

    2004-2009 | Appalachian State University

    Bachelor of Science, Business Administration

    Computer Information Systems

    Contact

    whitney.ellis.champion@gmail.com

    shortxstack

    shortstack

    Whitney Champion

    keybase.io/shortstack