stevenjohnstone · January 13, 2026 13:24
diff --git a/resume.json b/resume.json
 {
  "meta": {
    "theme": "modern-classic"
  },
  "basics": {
    "name": "Steven Johnstone",
    "label": "Security Engineering Leader | Founder",
    "email": "[email protected]",
    "summary": "Seasoned Security Engineer and Founder with 15+ years of experience protecting critical national infrastructure, building security-first products, and driving compliance. A true builder who combines strategic experience with deep, hands-on engineering skills (Golang, C/C++, Assembly). Proven track record of founding startups, coding core systems, and securing successful exits to Cisco, Motorola, and Fortinet.",
    "location": {
      "countryCode": "UK",
      "address": "Lanark, South Lanarkshire, United Kingdom"
    },
    "profiles": [
      {
        "network": "Github",
        "username": "stevenjohnstone",
        "url": "https://github.com/stevenjohnstone"
      },
      {
        "network": "LinkedIn",
        "username": "steven-james-johnstone",
        "url": "https://www.linkedin.com/in/steven-james-johnstone/"
      }
    ]
  },
  "work": [
    {
      "name": "Smarter Grid Solutions",
      "position": "Product Security Lead",
      "startDate": "2024-01-10",
      "website": "https://www.smartergridsolutions.com/",
      "summary": "Leading application and supply chain security for critical national infrastructure. Protecting the power grid against sophisticated nation-state attacks.",
      "highlights": [
        "Architected a hardened software supply chain to meet SLSA standards, specifically defending against nation-state actors attempting to 'poison' binaries delivered to power grid customers.",
        "Designed and secured GitLab CI/CD pipelines, provisioning hardened runners and implementing ubiquitous artifact signing using Sigstore.",
        "Supported a legacy Java build pipeline by writing a custom pgp drop-in-replacement in Golang which supported Vault-backed keys and recorded signing operations in Sigstore's transparency log",
        "Deployed and managed supporting security infrastructure including HashiCorp Vault for secrets management and centralized log aggregation.",
        "Led threat modeling exercises identifying high-risk attack vectors, driving the implementation of tamper-proof delivery mechanisms for critical infrastructure software."
      ]
    },
    {
      "name": "Girnin Dug",
      "position": "Lead Security Engineer",
      "startDate": "2020-05-31",
      "endDate": "2024-01-10",
      "summary": "Specialized security consultancy focusing on adversarial product testing for startups.",
      "highlights": [
        "Conducted 'Red Team' operations and deep-dive penetration testing on client products to identify critical logic flaws before release.",
        "Performed architectural reviews and threat modeling for early-stage startups to establish security baselines.",
        "Provided remediation strategies for complex vulnerabilities in cloud-native and embedded environments."
      ]
    },
    {
      "name": "Mirantis",
      "position": "Principal Security Engineer",
      "startDate": "2021-09-17",
      "endDate": "2022-05-14",
      "website": "https://github.com/mirantis/security",
      "summary": "Technical owner of the cryptographic stack for Docker Enterprise and Product Security lead for Lens IDE.",
      "highlights": [
        "Maintainer of the custom golang toolchain providing FIPS-140-2 compliant cryptography to go projects, including Docker Enterprise",
        "Integrated automated fuzz testing into the Docker cryptographic stack, discovering and fixing multiple flaws such as CVE-2021-23218",
        "Conducted deep-dive remedial threat modelling, code review and functional testing on the Lens Kubernetes IDE, uncovering a series of vulnerabilities including CVE-2021-44458 (RCE) which allowed full compromise via a malicious link.",
        "Established the PSIRT and successfully onboarded Mirantis as a CVE Numbering Authority."
      ]
    },
    {
      "name": "Independent Security Research & Open Source",
      "position": "Researcher & Contributor",
      "startDate": "2020-05-31",
      "endDate": "2021-09-17",
      "summary": "Dedicated period of open-source contribution and deep-dive technical research.",
      "highlights": [
        "Beta tester for the integrated Golang fuzzer; identified implementation bugs and contributed fixes to the Go project.",
        "Created and maintained a tool for generating bpftrace programs to troubleshoot Golang runtime quirks.",
        "Developed a custom fuzzer for Lua programs."
      ]
    },
    {
      "name": "Next DLP (formerly Jazz Networks)",
      "position": "Founder & Chief Security Officer",
      "startDate": "2017-05-31",
      "endDate": "2020-05-31",
      "website": "https://www.linkedin.com/company/nextdlp/",
      "summary": "Founder of company and security architecture. Steered company to a successful exit (Split acquisition by Motorola and Fortinet).",
      "highlights": [
        "Architected a hybrid infrastructure supporting both cloud and air-gapped on-premise Kubernetes deployments, including custom tooling for offline management.",
        "Designed the secure data pipeline for ML/AI-driven analytics, solving the dual challenge of efficient inference and strict privacy controls for highly sensitive observation data.",
        "Defined the company’s security posture as ISO 27001 Lead Implementer.",
        "Hands-on Golang developer for the core product and infrastructure."
      ]
    },
    {
      "name": "Acano",
      "position": "Founder & Chief Security Officer",
      "startDate": "2013-12-31",
      "endDate": "2017-05-31",
      "website": "https://www.linkedin.com/company/acano/",
      "summary": "Founded the video infrastructure company, driving it to a $700M acquisition by Cisco.",
      "highlights": [
        "Guided the product through rigorous US Federal evaluations (JITC), unlocking the DoD market.",
        "Founded the PSIRT (Product Security Incident Response Team).",
        "Served dual role as Head of Systems Programming; responsible for embedded software, manufacturing tests, and software build system.",
        "Managed a team of engineers while remaining a hands-on individual contributor in C/C++, embedded Lua, and early-stage Golang."
      ]
    },
    {
      "name": "Acano",
      "position": "Founder & Systems Engineer",
      "startDate": "2012-02-28",
      "endDate": "2013-12-31",
      "summary": "Built the initial systems architecture from zero.",
      "highlights": [
        "Performed low-level hardware bring-up.",
        "Maintained custom Linux distribution and owned the build system."
      ]
    },
    {
      "name": "Cisco Systems",
      "position": "R&D Security Engineer",
      "startDate": "2010-04-30",
      "endDate": "2012-02-28",
      "website": "https://www.linkedin.com/company/cisco/",
      "summary": "Design and implementation of security features for telepresence infrastructure products.",
      "highlights": [
        "Specialized in kernel optimization and network stack development."
      ]
    },
    {
      "name": "Tandberg (Acquired By Cisco)",
      "position": "Systems Engineer",
      "startDate": "2007-09-30",
      "endDate": "2010-04-30",
      "website": "https://www.linkedin.com/company/cisco/",
      "highlights": [
        "NetBSD and FreeBSD custom network stack development",
        "Custom hardware bringup and manufacturing test code"
      ]
    },
    {
      "name": "Codian (Acquired by Tandberg)",
      "position": "Systems Engineer/Manufacturing Test Automation",
      "startDate": "2006-08-31",
      "endDate": "2007-09-30",
      "website": "https://www.linkedin.com/company/codian/",
      "summary": "Video conferencing startup. Acquired by Tandberg.",
      "highlights": [
        "Developed manufacturing test automation.",
        "Maintained core system software."
      ]
    },
    {
      "name": "University of Glasgow",
      "position": "Summer Research Student",
      "startDate": "2001-05-31",
      "endDate": "2001-10-31",
      "summary": "Mathematical modelling applied to problems in medicine."
    }
  ],
  "projects": [
    {
      "name": "Ruby Prism Parser (Security)",
      "startDate": "2023-01-01",
      "summary": "Active contributor to the Prism parser for the Ruby language, focusing on security and stability.",
      "highlights": [
        "Developed and integrated a custom fuzzer to the project.",
        "Continuously identifying and reporting memory safety issues and edge-case bugs.",
        "Ongoing collaboration with the core Ruby team to harden the parser."
      ]
    }
  ],
  "volunteer": [
    {
      "organization": "Intergenerational Mentoring Network",
      "position": "Mentor",
      "url": "https://intergenerationalmentoring.com/",
      "startDate": "2022-12-22",
      "summary": "Mentor to two bright young people from Easterhouse, Glasgow who want to start careers in high technology."
    }
  ],
  "education": [
    {
      "institution": "University of Strathclyde",
      "area": "Mathematics",
      "studyType": "PhD",
      "startDate": "2003-12-31",
      "endDate": "2006-12-31"
    },
    {
      "institution": "University of Strathclyde",
      "area": "Mathematics",
      "studyType": "BSc (Hons) First Class",
      "startDate": "1996-12-31",
      "endDate": "2001-12-31"
    },
    {
      "institution": "Queen's University",
      "area": "Mathematics",
      "studyType": "Exchange program",
      "startDate": "1998-12-31",
      "endDate": "1999-12-31"
    }
  ],
  "awards": [],
  "publications": [],
  "skills": [
    {
      "name": "Security Processes",
      "level": "Expert",
      "keywords": [
        "Threat & Vulnerability Management",
        "Incident Handling",
        "Penetration Testing",
        "Secure Code Review",
        "SDL"
      ]
    },
    {
      "name": "Industry Standards",
      "level": "Battle-Hardened",
      "keywords": [
        "FIPS 140-2 (Technical Owner)",
        "ISO 27001 Lead Implementer",
        "GDPR"
      ]
    },
    {
      "name": "US Federal Market Compliance",
      "level": "Multi-million Dollar Successes",
      "keywords": [
        "JITC",
        "APL",
        "DoD"
      ]
    },
    {
      "name": "Golang",
      "level": "Expert",
      "keywords": [
        "Systems Code",
        "Fuzzing",
        "Runtime Internals"
      ]
    },
    {
      "name": "C/C++",
      "level": "Veteran",
      "keywords": [
        "Embedded Systems",
        "Kernel Drivers",
        "Cryptographic Modules"
      ]
    },
    {
      "name": "Scripting Languages",
      "level": "10+ years",
      "keywords": [
        "Ruby",
        "Python",
        "Lua (Embedded)",
        "Bash"
      ]
    },
    {
      "name": "Frontend Web Technologies",
      "level": "Code Reviewer",
      "keywords": [
        "Javascript",
        "Typescript",
        "Elm",
        "Angular",
        "React"
      ]
    },
    {
      "name": "Cloud Native Technologies",
      "level": "Expert",
      "keywords": [
        "Docker",
        "k8s",
        "Terraform",
        "Lens IDE",
        "Sigstore",
        "SLSA"
      ]
    },
    {
      "name": "Reverse Engineering",
      "level": "Always Practicing",
      "keywords": [
        "r2",
        "ghidra",
        "angr",
        "assembly language"
      ]
    },
    {
      "name": "Fuzzing",
      "level": "Expert",
      "keywords": [
        "afl",
        "go-fuzz",
        "custom frameworks"
      ]
    }
  ],
  "languages": [
    {
      "language": "English",
      "fluency": "Native Speaker"
    },
    {
      "language": "Dutch",
      "fluency": "Fluent"
    },
    {
      "language": "German",
      "fluency": "Beginner"
    }
  ],
  "interests": [],
  "references": []
 }
	{
	"meta": {
	"theme": "modern-classic"
	},
	"basics": {
	"name": "Steven Johnstone",
	"label": "Security Engineering Leader \| Founder",
	"email": "[email protected]",
	"summary": "Seasoned Security Engineer and Founder with 15+ years of experience protecting critical national infrastructure, building security-first products, and driving compliance. A true builder who combines strategic experience with deep, hands-on engineering skills (Golang, C/C++, Assembly). Proven track record of founding startups, coding core systems, and securing successful exits to Cisco, Motorola, and Fortinet.",
	"location": {
	"countryCode": "UK",
	"address": "Lanark, South Lanarkshire, United Kingdom"
	},
	"profiles": [
	{
	"network": "Github",
	"username": "stevenjohnstone",
	"url": "https://github.com/stevenjohnstone"
	},
	{
	"network": "LinkedIn",
	"username": "steven-james-johnstone",
	"url": "https://www.linkedin.com/in/steven-james-johnstone/"
	}
	]
	},
	"work": [
	{
	"name": "Smarter Grid Solutions",
	"position": "Product Security Lead",
	"startDate": "2024-01-10",
	"website": "https://www.smartergridsolutions.com/",
	"summary": "Leading application and supply chain security for critical national infrastructure. Protecting the power grid against sophisticated nation-state attacks.",
	"highlights": [
	"Architected a hardened software supply chain to meet SLSA standards, specifically defending against nation-state actors attempting to 'poison' binaries delivered to power grid customers.",
	"Designed and secured GitLab CI/CD pipelines, provisioning hardened runners and implementing ubiquitous artifact signing using Sigstore.",
	"Supported a legacy Java build pipeline by writing a custom pgp drop-in-replacement in Golang which supported Vault-backed keys and recorded signing operations in Sigstore's transparency log",
	"Deployed and managed supporting security infrastructure including HashiCorp Vault for secrets management and centralized log aggregation.",
	"Led threat modeling exercises identifying high-risk attack vectors, driving the implementation of tamper-proof delivery mechanisms for critical infrastructure software."
	]
	},
	{
	"name": "Girnin Dug",
	"position": "Lead Security Engineer",
	"startDate": "2020-05-31",
	"endDate": "2024-01-10",
	"summary": "Specialized security consultancy focusing on adversarial product testing for startups.",
	"highlights": [
	"Conducted 'Red Team' operations and deep-dive penetration testing on client products to identify critical logic flaws before release.",
	"Performed architectural reviews and threat modeling for early-stage startups to establish security baselines.",
	"Provided remediation strategies for complex vulnerabilities in cloud-native and embedded environments."
	]
	},
	{
	"name": "Mirantis",
	"position": "Principal Security Engineer",
	"startDate": "2021-09-17",
	"endDate": "2022-05-14",
	"website": "https://github.com/mirantis/security",
	"summary": "Technical owner of the cryptographic stack for Docker Enterprise and Product Security lead for Lens IDE.",
	"highlights": [
	"Maintainer of the custom golang toolchain providing FIPS-140-2 compliant cryptography to go projects, including Docker Enterprise",
	"Integrated automated fuzz testing into the Docker cryptographic stack, discovering and fixing multiple flaws such as CVE-2021-23218",
	"Conducted deep-dive remedial threat modelling, code review and functional testing on the Lens Kubernetes IDE, uncovering a series of vulnerabilities including CVE-2021-44458 (RCE) which allowed full compromise via a malicious link.",
	"Established the PSIRT and successfully onboarded Mirantis as a CVE Numbering Authority."
	]
	},
	{
	"name": "Independent Security Research & Open Source",
	"position": "Researcher & Contributor",
	"startDate": "2020-05-31",
	"endDate": "2021-09-17",
	"summary": "Dedicated period of open-source contribution and deep-dive technical research.",
	"highlights": [
	"Beta tester for the integrated Golang fuzzer; identified implementation bugs and contributed fixes to the Go project.",
	"Created and maintained a tool for generating bpftrace programs to troubleshoot Golang runtime quirks.",
	"Developed a custom fuzzer for Lua programs."
	]
	},
	{
	"name": "Next DLP (formerly Jazz Networks)",
	"position": "Founder & Chief Security Officer",
	"startDate": "2017-05-31",
	"endDate": "2020-05-31",
	"website": "https://www.linkedin.com/company/nextdlp/",
	"summary": "Founder of company and security architecture. Steered company to a successful exit (Split acquisition by Motorola and Fortinet).",
	"highlights": [
	"Architected a hybrid infrastructure supporting both cloud and air-gapped on-premise Kubernetes deployments, including custom tooling for offline management.",
	"Designed the secure data pipeline for ML/AI-driven analytics, solving the dual challenge of efficient inference and strict privacy controls for highly sensitive observation data.",
	"Defined the company’s security posture as ISO 27001 Lead Implementer.",
	"Hands-on Golang developer for the core product and infrastructure."
	]
	},
	{
	"name": "Acano",
	"position": "Founder & Chief Security Officer",
	"startDate": "2013-12-31",
	"endDate": "2017-05-31",
	"website": "https://www.linkedin.com/company/acano/",
	"summary": "Founded the video infrastructure company, driving it to a $700M acquisition by Cisco.",
	"highlights": [
	"Guided the product through rigorous US Federal evaluations (JITC), unlocking the DoD market.",
	"Founded the PSIRT (Product Security Incident Response Team).",
	"Served dual role as Head of Systems Programming; responsible for embedded software, manufacturing tests, and software build system.",
	"Managed a team of engineers while remaining a hands-on individual contributor in C/C++, embedded Lua, and early-stage Golang."
	]
	},
	{
	"name": "Acano",
	"position": "Founder & Systems Engineer",
	"startDate": "2012-02-28",
	"endDate": "2013-12-31",
	"summary": "Built the initial systems architecture from zero.",
	"highlights": [
	"Performed low-level hardware bring-up.",
	"Maintained custom Linux distribution and owned the build system."
	]
	},
	{
	"name": "Cisco Systems",
	"position": "R&D Security Engineer",
	"startDate": "2010-04-30",
	"endDate": "2012-02-28",
	"website": "https://www.linkedin.com/company/cisco/",
	"summary": "Design and implementation of security features for telepresence infrastructure products.",
	"highlights": [
	"Specialized in kernel optimization and network stack development."
	]
	},
	{
	"name": "Tandberg (Acquired By Cisco)",
	"position": "Systems Engineer",
	"startDate": "2007-09-30",
	"endDate": "2010-04-30",
	"website": "https://www.linkedin.com/company/cisco/",
	"highlights": [
	"NetBSD and FreeBSD custom network stack development",
	"Custom hardware bringup and manufacturing test code"
	]
	},
	{
	"name": "Codian (Acquired by Tandberg)",
	"position": "Systems Engineer/Manufacturing Test Automation",
	"startDate": "2006-08-31",
	"endDate": "2007-09-30",
	"website": "https://www.linkedin.com/company/codian/",
	"summary": "Video conferencing startup. Acquired by Tandberg.",
	"highlights": [
	"Developed manufacturing test automation.",
	"Maintained core system software."
	]
	},
	{
	"name": "University of Glasgow",
	"position": "Summer Research Student",
	"startDate": "2001-05-31",
	"endDate": "2001-10-31",
	"summary": "Mathematical modelling applied to problems in medicine."
	}
	],
	"projects": [
	{
	"name": "Ruby Prism Parser (Security)",
	"startDate": "2023-01-01",
	"summary": "Active contributor to the Prism parser for the Ruby language, focusing on security and stability.",
	"highlights": [
	"Developed and integrated a custom fuzzer to the project.",
	"Continuously identifying and reporting memory safety issues and edge-case bugs.",
	"Ongoing collaboration with the core Ruby team to harden the parser."
	]
	}
	],
	"volunteer": [
	{
	"organization": "Intergenerational Mentoring Network",
	"position": "Mentor",
	"url": "https://intergenerationalmentoring.com/",
	"startDate": "2022-12-22",
	"summary": "Mentor to two bright young people from Easterhouse, Glasgow who want to start careers in high technology."
	}
	],
	"education": [
	{
	"institution": "University of Strathclyde",
	"area": "Mathematics",
	"studyType": "PhD",
	"startDate": "2003-12-31",
	"endDate": "2006-12-31"
	},
	{
	"institution": "University of Strathclyde",
	"area": "Mathematics",
	"studyType": "BSc (Hons) First Class",
	"startDate": "1996-12-31",
	"endDate": "2001-12-31"
	},
	{
	"institution": "Queen's University",
	"area": "Mathematics",
	"studyType": "Exchange program",
	"startDate": "1998-12-31",
	"endDate": "1999-12-31"
	}
	],
	"awards": [],
	"publications": [],
	"skills": [
	{
	"name": "Security Processes",
	"level": "Expert",
	"keywords": [
	"Threat & Vulnerability Management",
	"Incident Handling",
	"Penetration Testing",
	"Secure Code Review",
	"SDL"
	]
	},
	{
	"name": "Industry Standards",
	"level": "Battle-Hardened",
	"keywords": [
	"FIPS 140-2 (Technical Owner)",
	"ISO 27001 Lead Implementer",
	"GDPR"
	]
	},
	{
	"name": "US Federal Market Compliance",
	"level": "Multi-million Dollar Successes",
	"keywords": [
	"JITC",
	"APL",
	"DoD"
	]
	},
	{
	"name": "Golang",
	"level": "Expert",
	"keywords": [
	"Systems Code",
	"Fuzzing",
	"Runtime Internals"
	]
	},
	{
	"name": "C/C++",
	"level": "Veteran",
	"keywords": [
	"Embedded Systems",
	"Kernel Drivers",
	"Cryptographic Modules"
	]
	},
	{
	"name": "Scripting Languages",
	"level": "10+ years",
	"keywords": [
	"Ruby",
	"Python",
	"Lua (Embedded)",
	"Bash"
	]
	},
	{
	"name": "Frontend Web Technologies",
	"level": "Code Reviewer",
	"keywords": [
	"Javascript",
	"Typescript",
	"Elm",
	"Angular",
	"React"
	]
	},
	{
	"name": "Cloud Native Technologies",
	"level": "Expert",
	"keywords": [
	"Docker",
	"k8s",
	"Terraform",
	"Lens IDE",
	"Sigstore",
	"SLSA"
	]
	},
	{
	"name": "Reverse Engineering",
	"level": "Always Practicing",
	"keywords": [
	"r2",
	"ghidra",
	"angr",
	"assembly language"
	]
	},
	{
	"name": "Fuzzing",
	"level": "Expert",
	"keywords": [
	"afl",
	"go-fuzz",
	"custom frameworks"
	]
	}
	],
	"languages": [
	{
	"language": "English",
	"fluency": "Native Speaker"
	},
	{
	"language": "Dutch",
	"fluency": "Fluent"
	},
	{
	"language": "German",
	"fluency": "Beginner"
	}
	],
	"interests": [],
	"references": []
	}
No results found