James Hebden’s README

✨ Key details

🌏 Talk to me

• Given my timezone and how my brain works, I prefer working and communicating asynchronously.
• I use GitLab TODOs & Emacs Org Mode to track work. If you need my attention on an issue or MR, please @mention me.
• I do my best to value the time and schedules of other team members, so I aim to keep sync meetings on-time.
• I’m happy to jump on a social call and chat to get to know team members better.
• For calls focused on work in progress or planning work, I prefer if there’s an agenda to keep things (mostly me…) on track.
• I value patience, kindness, generosity, and prefer direct feedback if you need to raise something with me.
• If you are new to GitLab, curious about something I’m working on, security, bug hunting, or just want to say hello, send me an invite!

🕴️Professional background

I’ve worked across several different areas of technology, and I value that experience for bringing a diversity of experiences and a lot of empathy for the challenges facing people in many different aspects of technology.

• started my career in a small computer store, every day was different!
• worked my way through on-site PC support to server & network engineering and eventually managing technical teams
• became interested in the DevOps movement very early on, and learned infrastructure as code, starting with Chef, through to Ansible, and many more tools since
• spent some time doing professional software development, and have built some really cool things (including security tools!) in Python, Go and Rust
• ran private cloud environments, from deployment to automation to monitoring to debugging complicated Linux networking and storage issues
• worked in product security, bug bounty research, and managed compliance and vulnerability management for some pretty large enterprises

🐛 CVEs

I enjoy bug hunting occasionally, and sometimes find bugs in things people actually use. I have found security bugs in enterprise network equipment, enterprise software, and random web applications.

Whilst not all of this fun leads to public CVEs, some of it has -

• CVE-2021-22054, an SSRF in VMWare UEM
• CVE-2021-36306, CVE-2021-36307, CVE-2021-36308, various API security flaws in Dell OS10 network switches

🪚 Hobbies

I collect hobbies, and sometimes they don’t last long. These are some of the ones which have stuck around.

• emacs, this is a hobby all by itself, I live out of org-mode
• self hosting (I run my own GitLab, Matrix & Mastodon servers at home) on OpenBSD & Xen, let’s talk homelab!
• coding and using open source software, I love to contribute
• electronics & designing open source hardware
• restoring and upgrading retro computer equipment
• retro (early 2000s) audio gear (CDs, MiniDisc) - I use this stuff daily!
• woodworking & a whole lot of home renovation
• metalwork, recently getting into basic welding and also small engine repair
• bug bounties (h1, bugcrowd)
• swimming, hiking, strength training & sometimes cycling
• languages, actively learning Japanese but I’m very interested in all languages
• japanese sencha & other green teas

Before the pandemic, I also loved going to hacker cons, especially KawaiiCon. Going to the hacker camps in Europe like EMF, SHA, etc. is a future goal.

🔗 Useful links

• the vulnerability management overview handbook page
• the vulnerability management team project

🔒 GPG

• my GPG key on GitLab