BLAKE JOHNSON

SEATTLE, WASHINGTON, 98109 608-843-2790 JOHNSONBLAKE1@GMAIL.COM

MISSION
To obtain a position where I can apply my industrial cybersecurity skills by contributing to
the design and implementation of control systems with ownership of their security features

WORK EXPERIENCE
M AN D IA N T , A FI RE EY E C OM PA N Y , SE AT T L E, W A
S en i o r Co nsu l t a nt – Ind u st r i a l Co nt r o l Sy st em s, J u ne 2 01 6 – P re se nt
• Mandiant’s ICS practice focuses on operation technology in critical infrastructure globally. As
a member of the ICS consulting team I lead assessment engagements ranging from passive
threat assessments to active penetration tests. During passive assessments I apply an
architecture assessment of a system and facility driven by a threat model of the system and its
data flows. I developed and own the Mandiant radio frequency (RF) assessment methodology.
I’ve led and delivered both traditional network penetration tests as well as black box RF
testing of field systems. Using software defined radio peripheral hardware and gnuradio
software the testing has exposed the security properties (and vulnerabilities) in systems such
as factory sensor mesh networks, long distance gas pipeline SCADA, and critical train-to-
wayside control communications. This testing leverages open source modules, but reverse
engineering of custom protocols has involved gnuradio module development, primarily in
Python.

A M A ZO N , SE AT T L E, W A
S ec u r i t y En gi ne er , M ay 2 01 4 – J u n e 2 016
As Security Engineer on the Security Analysis and Monitoring team - served as a subject
matter expert in the fields of intrusion detection and adversary hunting. Researched detection
methodologies, optimizing for real time response operations. Owned our event processing
pipeline, a multi-stage enrichment and categorization engine. The system, was implemented
in Python and JavaScript leveraging AWS Dynamo, Lamba, SQS, Kinesis, and EC2. It handled
millions of daily events.
As Security Engineer in Infrastructure Security – As a part of the team’s ownership of the
corporate environment’s operating system and network security standards I was lent on a
consultative basis to project teams across Amazon, including several projects within Amazon
Fulfillment Technology. Advised on the security properties of a custom control protocol for
material handling equipment and built security requirements for an industrial PC pilot.

A LL IA N T EN ER G Y , M AD IS ON , W I
I T Se cu ri t y An al ys t , Au g 2 0 12 – M ay 2 014
Designed, deployed, and supported security solutions focusing on our Energy Management
(EMS), Distributed Control (DCS), and SCADA systems in both our power generation and
distribution industrial control (ICS) environments. Applied architecture consisting of network
and host based detective and preventative controls.
Instantiated a data-driven threat intelligence program to drive down operational risk
informed by our peers in industry and partners in government. Engaged with sector-specific
Information Sharing and Analysis Centers (ISACs) as well as government supported research
institutions for establishment of direct information sharing agreements. Wrote software in
Python to ingest and normalize structured threat information for integration in our security
controls (firewall, proxy, IDS).
Implemented an enterprise wide SIEM program in Splunk.