Philip Behnke

[email protected]

Education

1. Grand Valley State University; Allendale, MI (2006 – August 2011)
   Bachelor of Science in Engineering Program
   Major: Computer Engineering
   Minor: Mathematics
   GPA: 3.55
   Honors: Dean's List (6 Semesters)
   Member of Tau Beta Pi Engineering Honors Society, Treasurer
   Member of IEEE Student Branch

2. Chippewa Valley High School; Clinton Twp., MI (2002 – 2006)
   Graduated Magnum Cum Laud: June 2006
   Founder & President of High School Technology Club

Work Experience

1. General Motors

Product Penetration Tester - Vehicle Cybersecurity Group

Warren, MI
(April 2021 - Now)

‘Really, now you ask me,’ said Alice, very much confused, ‘I don’t think--’

Alice thought the whole thing very absurd, but they all looked so grave that she did not dare to laugh; and, as she could not think of anything to say, she simply bowed, and took the thimble, looking as solemn as she could.

Presently the Rabbit came up to the door, and tried to open it; but, as the door opened inwards, and Alice’s elbow was pressed hard against it, that attempt proved a failure. Alice heard it say to itself ‘Then I’ll go round and get in at the window.’

The Caterpillar was the first to speak.

‘It’s a Cheshire cat,’ said the Duchess, ‘and that’s why. Pig!’

‘You’ll get used to it in time,’ said the Caterpillar; and it put the hookah into its mouth and began smoking again.

2. SemanticBits

Security Engineer

Charlotte, North Carolina - Remote
(March 2020 – April 2021)

As a security engineer at SemanticBits, I was able to assist product development teams in hardening and secure development of analytics web applications for the U.S. Department of Health and Human Services.
Detailed achievements:

• Worked to assess current security posture of multiple, autonomous software projects and teams.
• Worked with representatives of the U.S. Dept of Health and Human Services, and other federal contractors, to harden AWS infrastructure, and enhance attack detection and mitigation capabilities.

3. Cisco Systems

Security Researcher - Advanced Security Initiatives Group

Charlotte, North Carolina - Remote
RTP Campus, North Carolina
Knoxville, Tennessee
(July 2015 – March 2020)

As a security researcher within Cisco's elite Advanced Security Initiatives Group (ASIG), my primary focus was in application-security-centric security evaluations, which leaned heavily on offensive capabilities; ASIG’s focus and mission was to evaluate Cisco products and services to identify vulnerabilities, weaknesses, and improvements using tools, techniques, and processes that emulate those used bys ophisticated and motivated attackers.

• Performed detailed security evaluations of Cisco products and services, typically lasting 5-8 months in duration.
• Evaluated the security posture of products across the breadth of Cisco's portfolio. Examples include Cisco's Security Services Platform (SSP), Cisco IOS-XE, Cisco/OpenDNS Brain, Meraki System Manager, Meraki Dashboard, Duo Security 2FA, along with other Cisco products.
• Performed security evaluations across the software stack, from Linux kernel drivers and networking routing stacks, to web applications.
• Lead engineer of the detailed security evaluation of Webex Teams -- a Slack competitor. Lead of several other short-term (2-3 week) penetration test engagements.
• Discovered and reported many security vulnerabilities in Cisco products over the course of many product evaluations, with PoC code and detailed reports delivered to the respective business unit.
• Developed exploits, PoC code, and demonstrations for discovered vulnerabilities.

CVEs

• CVE-2015-6380 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6380
• CVE-2015-6371 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6371
• CVE-2017-3858 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3858
• CVE-2017-12230 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12230
• CVE-2018-0470 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0470

4. Arbor Networks

Software Engineer – DDos Protection

Ann Arbor, MI
(May 2014 - July 2015)

Software developer for the Peakflow SP product team. Peakflow SP is Arbor's service provider DDoS detection and mitigation appliance used by 90% of ISPs.

• Developed new anti-DDoS and network visibility features for Peakflow SP.
• Fixed bugs for Peakflow SP throughout all areas of the product, from UI to backend.
• Developed tools and features using a multitude of different technologies and languages such as C, Python, PHP, Javascript, TCL, and Bash.
• Participate in code reviews and walkthroughs.
• Discovered and fixed security vulnerabilities in the Peakflow SP appliance.
• Participate in Security Guild discussions.

5. General Motors

Embedded Controls Security Engineer - Vehicle Cybersecurity Group

Warren, MI
(March 2013 - May 2014)

Worked in GM's core group of vehicle security engineers to bootstrap vehicle security efforts in the wake of research from Charlie Miller and Chris Valasek. Helped to develop and enforce security requirements throughout GM's global vehicle lineup for in-vehicle systems and ECUs.

• Worked with product engineers and suppliers to evaluate the security posture of ECUs and implement secure embedded controller designs.
• Reverse engineered firmware binaries to discover and exploit new vulnerabilities.
• Developed a cross-platform shared library (in C) to implement secure controller unlock. Used to program cryptographically sensitive key material at time of manufacture, eventually rolling out across every GM plant and new vehicle.
• Developed tools for testing and verification of upcoming vehicle message authentication technology.
• Worked independently and with third parties to find, report, and track security vulnerabilities through resolution.
• Developed security requirements for controllers in the areas of active safety, infotainment, and automotive ethernet.

6. Barracuda Networks

Software Engineer in Test

Ann Arbor, MI
(August 2011 – March 2013)

Software Engineer in test as part of Barracuda Networks's Message Archiver team. Expanded testing automation and performed manual testing of the email message archiver appliance, while also greatly expanding my own knowledge of Linux internals and ecosphere.

• Automated test coverage for email archiver appliance using Selenium with Perl and Python.
• Developed automated, object oriented test suite for a new hybrid data storage product in Python.
• Managed QA infrastructure including Linux and Windows VMs and hardware.
• Managed manufacturing test suite for email archiver appliance.
• Discovered and reported security vulnerabilities in both message archiver and modules common to Barracuda products.

Certifications

============

• Offensive Security Certified Professional (OSCP)

Publications

============
Behnke, P., D. Soberal, S. Bredeweg, B. Dunne, A. Sterian, and D. Furton. "Senior capstone: A software defined radio design for amateur astronomy." In Interdisciplinary Engineering Design Education Conference (IEDEC), 2013 3rd, pp. 104-111. IEEE, 2013.

Past Projects

======

• SDRJove - a software defined radio for receiving and analyzing RF emissions from Jupiter and the sun - https://github.com/pbehnke/sdrjove
• Tetraquark - a multithreaded, real-time, preemptive kernel for ARM Cortex M3 architecture. This project was later publicly released under the GPL - https://github.com/pbehnke/tetraquark