Philip Behnke

[email protected]

I'm Phil, a seasoned professional in the computer security arena, currently holding the role of Senior Application Security Engineer at EasyPost. With a career spanning over 10 years, I've fortified the digital landscapes of renowned entities such as General Motors, Cisco, Arbor Networks, and Barracuda Networks. My highly technical background and expertise extends across the technology stack, from securing embedded systems and operating systems to implementing cryptographic protocols and safeguarding web applications and APIs. My commitment lies in fortifying digital assets while fostering innovation and efficiency across organizational frameworks.

Alongside my OSCP certification, my expertise encompasses a deep understanding of security practices, particularly in application security. In addition to security, my extensive programming experience reflects my commitment to staying ahead in technology.

Education

1. Grand Valley State University; Allendale, MI (2006 – August 2011)
   Bachelor of Science in Engineering Program
   Major: Computer Engineering
   Minor: Mathematics
   GPA: 3.55
   Honors: Dean's List (6 Semesters)
   Member of Tau Beta Pi Engineering Honors Society, Treasurer
   Member of IEEE Student Branch

2. Chippewa Valley High School; Clinton Twp., MI (2002 – 2006)
   Graduated Magnum Cum Laud: June 2006
   Founder & President of High School Technology Club

Work Experience

1. EasyPost

Senior Application Security Engineer

Remote
(December 2023 - Now)

‘Really, now you ask me,’ said Alice, very much confused, ‘I don’t think--’

Alice thought the whole thing very absurd, but they all looked so grave that she did not dare to laugh; and, as she could not think of anything to say, she simply bowed, and took the thimble, looking as solemn as she could.

Presently the Rabbit came up to the door, and tried to open it; but, as the door opened inwards, and Alice’s elbow was pressed hard against it, that attempt proved a failure. Alice heard it say to itself ‘Then I’ll go round and get in at the window.’

The Caterpillar was the first to speak.

‘It’s a Cheshire cat,’ said the Duchess, ‘and that’s why. Pig!’

‘You’ll get used to it in time,’ said the Caterpillar; and it put the hookah into its mouth and began smoking again.

2. General Motors

Python Developer - Software Defined Vehicle

Warren, MI
(April 2022 - December 2023

My role on GM's Software Defined Vehicle, Emulation/Simulation and Tools team is to develop tools and infrastructure to virtualize vehicle features for GM's next-generation infotainment applications and platform based on Android Automotive.

• Developed Python based tools to simulate vehicle services (ex. climate control, EV charging and power management, etc.)
• Developed tools to interface with Android Automotive to publish and subscribe to vehicle data.
• Worked with Android Automotive developers and QA teams to understand virtualization needs.

3. General Motors

Product Penetration Tester - Vehicle Cybersecurity Group

Warren, MI
(April 2021 - April 2022)

My role on GM's Product Cybersecurity red team was to identify and report security vulnerabilities within vehicle ECUs and GM's product portfolio. The main responsibilities of this role were to perform embedded security testing activities, both automated and manual, to identify and exploit vulnerabilities in embedded components, systems, applications, and network components to reduce risk and improve product security.

• Acted as technical lead for testing denial-of-service/radio jamming of GM's new wireless battery management system (wBMS). Developed testing environment using software defined radios, GNU Radio, and other off-the-shelf components.
• Carried out reverse engineering of embedded devices firmware to identify and exploit vulnerabilities.
• Documented technical and logical security findings identified during the security assessments and reported them in a timely manner.
• Identified gaps in Red Team infrastructure and deployed internal tools to allow for a more streamlined workflow for the team.

4. SemanticBits

Security Engineer

Charlotte, North Carolina - Remote
(March 2020 – April 2021)

As a security engineer at SemanticBits, I was able to assist product development teams in hardening and secure development of analytics web applications for the U.S. Department of Health and Human Services.
Detailed achievements:

• Worked to assess current security posture of multiple, autonomous software projects and teams.
• Worked with representatives of the U.S. Dept of Health and Human Services, and other federal contractors, to harden AWS infrastructure, and enhance attack detection and mitigation capabilities.

5. Cisco Systems

Security Researcher - Advanced Security Initiatives Group

Charlotte, North Carolina - Remote
RTP Campus, North Carolina
Knoxville, Tennessee
(July 2015 – March 2020)

As a security researcher within Cisco's elite Advanced Security Initiatives Group (ASIG), my primary focus was in application-security-centric security evaluations, which leaned heavily on offensive capabilities; ASIG’s focus and mission was to evaluate Cisco products and services to identify vulnerabilities, weaknesses, and improvements using tools, techniques, and processes that emulate those used by sophisticated and motivated attackers.

• Performed detailed security evaluations of Cisco products and services, typically lasting 5-8 months in duration.
• Evaluated the security posture of products across the breadth of Cisco's portfolio. Examples include Cisco's Security Services Platform (SSP), Cisco IOS-XE, Cisco/OpenDNS Brain, Meraki System Manager, Meraki Dashboard, Duo Security 2FA, along with other Cisco products.
• Performed security evaluations across the software stack, from Linux kernel drivers and networking routing stacks, to web applications.
• Lead engineer of the detailed security evaluation of Webex Teams -- a Slack competitor. Lead of several other short-term (2-3 week) penetration test engagements.
• Discovered and reported many security vulnerabilities in Cisco products over the course of many product evaluations, with PoC code and detailed reports delivered to the respective business unit.
• Developed exploits, PoC code, and demonstrations for discovered vulnerabilities.

CVEs

• CVE-2015-6380 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6380
• CVE-2015-6371 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6371
• CVE-2017-3858 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3858
• CVE-2017-12230 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12230
• CVE-2018-0470 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0470

6. Arbor Networks

Software Engineer – DDos Protection

Ann Arbor, MI
(May 2014 - July 2015)

Software developer for the Peakflow SP product team. Peakflow SP is Arbor's service provider DDoS detection and mitigation appliance used by 90% of ISPs.

• Developed new anti-DDoS and network visibility features for Peakflow SP.
• Fixed bugs for Peakflow SP throughout all areas of the product, from UI to backend.
• Developed tools and features using a multitude of different technologies and languages such as C, Python, PHP, Javascript, TCL, and Bash.
• Participate in code reviews and walkthroughs.
• Discovered and fixed security vulnerabilities in the Peakflow SP appliance.
• Participate in Security Guild discussions.

7. General Motors

Embedded Controls Security Engineer - Vehicle Cybersecurity Group

Warren, MI
(March 2013 - May 2014)

Worked in GM's core group of vehicle security engineers to bootstrap vehicle security efforts in the wake of research from Charlie Miller and Chris Valasek. Helped to develop and enforce security requirements throughout GM's global vehicle lineup for in-vehicle systems and ECUs.

• Worked with product engineers and suppliers to evaluate the security posture of ECUs and implement secure embedded controller designs.
• Reverse engineered firmware binaries to discover and exploit new vulnerabilities.
• Developed a cross-platform shared library (in C) to implement secure controller unlock. Used to program cryptographically sensitive key material at time of manufacture, eventually rolling out across every GM plant and new vehicle.
• Developed tools for testing and verification of upcoming vehicle message authentication technology.
• Worked independently and with third parties to find, report, and track security vulnerabilities through resolution.
• Developed security requirements for controllers in the areas of active safety, infotainment, and automotive ethernet.

8. Barracuda Networks

Software Engineer in Test

Ann Arbor, MI
(August 2011 – March 2013)

Software Engineer in test as part of Barracuda Networks's Message Archiver team. Expanded testing automation and performed manual testing of the email message archiver appliance, while also greatly expanding my own knowledge of Linux internals and ecosphere.

• Automated test coverage for email archiver appliance using Selenium with Perl and Python.
• Developed automated, object oriented test suite for a new hybrid data storage product in Python.
• Managed QA infrastructure including Linux and Windows VMs and hardware.
• Managed manufacturing test suite for email archiver appliance.
• Discovered and reported security vulnerabilities in both message archiver and modules common to Barracuda products.

Certifications

============

• Offensive Security Certified Professional (OSCP)

Publications

============
Behnke, P., D. Soberal, S. Bredeweg, B. Dunne, A. Sterian, and D. Furton. "Senior capstone: A software defined radio design for amateur astronomy." In Interdisciplinary Engineering Design Education Conference (IEDEC), 2013 3rd, pp. 104-111. IEEE, 2013.

Past Projects

======

• SDRJove - a software defined radio for receiving and analyzing RF emissions from Jupiter and the sun - https://github.com/pbehnke/sdrjove
• Tetraquark - a multithreaded, real-time, preemptive kernel for ARM Cortex M3 architecture. This project was later publicly released under the GPL - https://github.com/pbehnke/tetraquark