# About JP

{{< figure
  src="/images/JP_Smaller_Color.jpg"
  alt="JP Vossen"
  link="/images/JP_Small_Color.jpg"
>}}

- Co-author of *[O\'Reilly\'s](http://www.oreilly.com/)* *[bash Cookbook 2nd](https://www.oreilly.com/library/view/bash-cookbook-2nd/9781491975329/)*
and *[bash Idioms](https://www.oreilly.com/library/view/bash-idioms/9781492094746/)*
- Information Security, Linux & Perl Geek
- Former Co-maintainer of the *[Snort.org](http://www.snort.org/)* *[RPMs](http://www.snort.org/dl/binaries/linux/)*\
- Former *[Infrastructure and Network Security (esp. Snort)](http://searchsecurity.techtarget.com/ateAnswers/0,289620,sid14_tax292734,00.html)* *[expert](http://searchsecurity.techtarget.com/ateExpertBio/0,289623,sid14_cid566347,00.html)*
for *[SearchSecurity.TechTarget.com\'s](http://searchsecurity.techtarget.com/)*
"*[Ask the Expert](http://searchsecurity.techtarget.com/ateExperts/0,289622,sid14,00.html)*"
feature (*[Meet the other Experts](http://searchsecurity.techtarget.com/ateExpertsBios/0,289621,sid14,00.html)*)

-----

JP has been working with computers since the early Eighties and has been
in the IT industry since the early Nineties, specializing in Information
Security since the late Nineties. He spent some of that time working as
a consultant and about 12 years as a Senior Security Engineer for BT MSS
(i.e., *[BT Counterpane](http://www.counterpane.com/)*). He was also
Director of Customer Support for SGP Technologies (Blackphone.ch) for a
while, but prefers hands on technical work.

Mr. Vossen has worked with DOS, Windows, UNIX, VMS and AS/400 platforms,
with duties ranging from first-level technical support to network and
security architecture and design. He currently loves to work with Linux,
Perl, Snort and other Open Source and Free Software but is otherwise not
much of a programmer. Unlike many of his technically inclined
colleagues, he also enjoys writing and documentation, which has led to
the publication of various InfoSec articles, scripts and tips,
*[O'Reilly's](http://www.oreilly.com/)* *[bash
Cookbook 2nd](https://www.oreilly.com/library/view/bash-cookbook-2nd/9781491975329/)*,
and *[O'Reilly's](http://www.oreilly.com/)* *[bash
Idioms](https://www.oreilly.com/library/view/bash-idioms/9781492094746/)*.

JP is also a CISSP and member of *[CSI](http://www.gocsi.com/)*,
*[ISSA](http://www.issa.org/)* (*[Delaware
Valley](http://www.issa-dv.org/)*),
*[InfraGard](http://www.infragard.net/)* (*[Philadelphia
Chapter](http://www.infragardphl.org/inf/website/index.php)*),
*[SANS](http://www.sans.org/)*, *[PLUG](http://www.phillylinux.org/)*,
and other industry related groups.

-----

## Publications & Whitepapers:

  - Code on [Github](https://github.com/vossenjp/)
  - Co-author of *[O'Reilly's](http://www.oreilly.com/)* *[bash
    Cookbook 2nd](https://www.oreilly.com/library/view/bash-cookbook-2nd/9781491975329/)*
    and *[bash
    Idioms](https://www.oreilly.com/library/view/bash-idioms/9781492094746/)*
      - [Cookbook example
        code](https://github.com/vossenjp/bashcookbook-examples)
      - [Idioms example code, templates, and style
        guide](https://github.com/vossenjp/bashidioms-examples)
      - *[A Website for All Things Bash](http://bashcookbook.com/)*
  - Various [presentations](/public/).
  - Volume XX, Number 3 (Summer 2004) the *[CSI
    Journal](https://www.pubservice.com/Subnew1.aspx?PC=CJ)* has my
    ["Scripting: Message Triage with
    Perl"](/public/Scripting-Message_Triage_with_Perl_CSIJ-XX-3_Summer_2004.pdf)
    article. You can
    *[download](http://i.cmpnet.com/gocsi/gifs/content/csj2004q3perl.zip)*
    the Perl code from the *[CSI site](http://www.gocsi.com/).*
  - *[My](http://searchsecurity.techtarget.com/tipsSearchResults/1,289494,sid14,00.html?query=JP+Vossen&type=tip&x=0&y=0)*
    *[Network Security
    Tips](http://searchsecurity.techtarget.com/tipsIndex/0,289482,sid14_tax292187,00.html)*
    and *[Snort
    FAQ](http://searchsecurity.techtarget.com/featuredTopic/0,290042,sid14_gci996737,00.html)*
    at *[SearchSecurity.com](http://searchsecurity.techtarget.com/)*
    (*[Google
    search](http://www.google.com/search?q=%22JP+Vossen%22+site%3Asearchsecurity.techtarget.com)*):
      - 2005-05: *[Snort Technical
        Guide](http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1083823,00.html)*,
        an index to the Snort articles below
      - 2005-02: *[Beyond AV: Eliminating evasive
        malware](http://www.searchSecurity.com/tip/1,289483,sid14_gci1060223,00.html)*
          - I also got permission to post *[my original,
            longer](/public/Common_Malware_Threats.pdf)* article,
            which is otherwise All Rights Reserved, Copyright 2000 -
            2005, TechTarget.
      - 2004-12: *[How to verify that Snort is
        operating](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1031246,00.html)*
      - 2004-11: *[Updating rules with
        Oinkmaster](http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1021704,00.html)*
      - 2004-10: *[Four ways to find Snort
        rules](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1016210,00.html)*
      - 2004-09: *[How should I define Snort's configuration
        variables?](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1007144,00.html)*
      - 2004-08: *[Modifying and writing custom Snort
        rules](http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci998669,00.html)*
      - 2004-07: *[How many interfaces does my sensor
        need?](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci992125,00.html)*
      - 2004-06: *[What OS should I use for my Snort
        sensor?](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci970062,00.html)*
      - 2004-05: *[Where should I place my IDS
        sensors?](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci962158,00.html)*
      - 2004-04: *[Network-based IDS: How to deal with switches and
        segments](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci957934,00.html)*
      - 2004-03: *[Snort makes IDS worth the time and
        effort](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci953055,00.html)*
      - 2004-02: *[Disconnecting desktops for network
        security](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci949515,00.html)*
      - 2004-01: *[What is that
        Port?](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci942852,00.html)*
      - 2003-12: Predictions for *[IDS and IPS
        in 2004](http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci942515,00.html)*
  - My
    *[answers](http://searchsecurity.techtarget.com/ateAnswers/0,289620,sid14_tax292734,00.html)*
    to *[SearchSecurity.com's](http://searchsecurity.techtarget.com/)*
    ["Ask the
    Expert"](http://searchsecurity.techtarget.com/ateExperts/0,289622,sid14,00.html)
    feature for *[Infrastructure and Network
    Security](http://searchsecurity.techtarget.com/ateAnswers/0,289620,sid14_tax292734,00.html)*.
      - 2004-01: *[What is the most cost-effective way to battle
        viruses?](http://searchsecurity.techtarget.com/ateQuestionNResponse/0,289625,sid14_cid576094_tax292734,00.html)*
      - 2004-01: *[Using integrated security
        products](http://searchsecurity.techtarget.com/ateQuestionNResponse/0,289625,sid14_cid568506_tax292734,00.html)*
      - 2004-01: *[Is Snort better than proprietary
        IDS?](http://searchsecurity.techtarget.com/ateQuestionNResponse/0,289625,sid14_cid568508_tax292734,00.html)*
      - 2004-01: *[The ABCs of intrusion
        detection](http://searchsecurity.techtarget.com/ateQuestionNResponse/0,289625,sid14_cid568515_tax292734,00.html)*
      - 2004-01: *[Firewall recommendations for a busy Web
        server](http://searchsecurity.techtarget.com/ateQuestionNResponse/0,289625,sid14_cid568524_tax292734,00.html)*
  - Various articles in *Information Security Magazine* (now merged into
    *[SearchSecurity.com](http://SearchSecurity.com)*, so see the text
    in the *[Internet Archive](http://archive.org/)*):
      - 2003-01: A
        *[review](http://web.archive.org/web/20061117021922/http://www.infosecuritymag.com/2003/jan/testcenter.shtml)*
        of *[ForeScout's](http://www.forescout.com/)*
        *[ActiveScout](http://www.forescout.com/products.html)*.
      - 2002-06: A
        *[review](http://web.archive.org/web/20061117060215/http://www.infosecuritymag.com/2002/jun/testcenter.shtml)*
        of *[Harris](http://www.harris.com/)*' *[STAT
        Neutralizer](http://www.statonline.com/)*.
      - 2002-02: An article and several sample scripts about "*[Windows
        Security
        Scripting](http://web.archive.org/web/20060709105029/http://www.infosecuritymag.com/2002/feb/features_scripting.shtml)*".
        See also *[Sample
        Scripts](http://www.infosecuritymag.com/2002/feb/features_scripting.shtml)*,
        *[Scripting
        Resources](http://web.archive.org/web/20041013132755/http://www.infosecuritymag.com/2002/feb/features_scriptingresources.shtml)*
        and *[Shell Script
        Security](http://web.archive.org/web/20041013132243/http://www.infosecuritymag.com/2002/feb/features_shellscript.shtml)*.
        This is one of my favorites.
      - 2001-04: A (500 word) *[product
        write-up](http://web.archive.org/web/20070705075333/http://www.infosecuritymag.com/articles/april01/departments_products2.shtml)*
        of *[BindView](http://www.bindview.com/)*
        [Control](http://www.bindview.com/products/bvcontrol/)
      - 2001-03: "*[Kane
        Enable](http://web.archive.org/web/20061117060202/http://www.infosecuritymag.com/articles/march01/departments_products1.shtml)*,"
        a (\~ 3,000 word) review of Kane Security Analyst v5. (Note: I
        will not take the blame for the title, that goes to then
        Editor-In-Chief, Andy Briney ;-)
  - A Whitepaper (*[PDF](/public/Hardening_Windows_Servers.pdf)*) and
    slideshow
    (*[PDF](/public/Hardening_Windows_Servers_Presentation.pdf)*),
    copyright 2002 *[AlphaNet
    Solutions](http://www.alphanetsolutions.com/)*, called "Securing
    (Hardening) Windows Servers." Also download the
    [MoveTools](/public/source/MoveTools.txt) batch file, then rename
    from .TXT to .CMD as needed. They were written for a "TechNet
    Workshop: Microsoft Security Solutions" presentation on January
    22nd, 2002 at the *[Microsoft Greater PA Office in Malvern,
    PA](http://www.microsoft.com/usa/greaterpa/default.asp)*.
  - A
    *[response](http://mcpmag.com/columns/article.asp?EditorialsID=386)*--published
    in the February 2002 *[MCP Magazine](http://www.mcpmag.com/)*'s
    "Certified Mail" (i.e. letters to the editor) section--to an article
    by Keith Ward entitled "*[Gartner IIS Analysis Off-Target, Say Some
    Experts](http://www.mcpmag.com/news/article.asp?EditorialsID=434)*."
    The piece is a well balanced discussion of a *[Gartner IIS Analysis
    that recommends against using Microsoft's
    IIS](http://www.interactiveweek.com/print_article/0,3668,a%253D15027,00.asp)*.
    However, it does not address the fact that IIS must run in the
    "Local System" security context.
  - Reviewed and contributed to a draft of "The 60 Minute Network
    Security Guide (First Steps Towards a Secure Network Environment)"
    from the *[NSA](http://www.nsa.gov/)* Systems and Network Attack
    Center (SNAC). This was referenced at
    http://www.sans.org/newlook/resources/NSA\_guide.htm, but that page
    is no longer there. I'm guessing the document is undergoing revision
    again. You might check the *[NSA Security Recommendation
    Guides](http://nsa1.www.conxion.com/index.html)* site.
  - {{< xref "/linux/OnStream_DI-30-RedHat_Backup_mini-HOWTO" >}}
  - {{< xref "/infosec/rulebasebp" >}}
  - {{< xref "/networking/nat" >}} What NAT is
    and how and why you should use it in conjunction with "Private" or
    *[RFC1918](http://www.faqs.org/rfcs/rfc1918.html)* non-routable IP
    addresses.
  - I've contributed my Port Database to the
    *[Snort](http://www.snort.org/)* project (see the credits section in
    *[About Snort](http://www.snort.org/about.html)*), and to *[The
    Internet Ports Database](http://www.portsdb.org/)*.
  - A
    *[contribution](http://www.netfunny.com/rhf/jokes/96/Oct/licenses.html)*
    to Rec.Humor.Funny. And another one to the R.H.F
    *[April 2005](http://www.netfunny.com/rhf/jokes/05/Apr/oneline.html)*
    one-liners file
  - Two pictures of my deck and the plastic lumber I used to build it
    appear in the *[Spring 2005 issue of Coastal
    Contractor](http://www.coastalcontractor.net/cgi-bin/issue.pl?issue=3)*
    magazine in *[Materials Report: Plastic
    Decking](http://www.coastalcontractor.net/pdf/2005/0504/0504mate.pdf)*.

-----

## Tools:

  - See the {{< xref "windows/winlogcheck" >}} page for my Windows port of
    *[logcheck](http://sourceforge.net/projects/sentrytools/index.html)*,
    the famous UNIX log processing tool. You can also download the
    [PowerPoint presentation](/public/WinLogcheck-PANTUG.ppt) I gave
    to the Philadelphia Area Network Technologies User Group
    (*[PANTUG](http://www.pantug.org/)*) on September 12th 2001.
  - I have written a couple of management scripts for CheckPoint
    Firewall-1 (LogSwap & CPFWBack). See my {{< xref "/infosec/sec-tools#check-point-firewall-1" "Firewall-1 tools" >}} section for more
    information.
  - I have also packaged an NTP service that will run on a really
    hardened NT server (unlike the non-free MS TimeServ service). See my
    {{< xref "/infosec/sec-tools#check-point-firewall-1" "Firewall-1 tools" >}}
    section for more information.

-----

## My Job:

Here is my resume in [PDF](Vossen_Resume.pdf) or
[HTML](Vossen_Resume.html), last updated 2021-07-25.

Anyway, my certifications include:

  - {{< xref "/infosec" "CISSP" >}} (Certified Information
    Systems Security Professional) [#11049](https://webportal.isc2.org/BuyersGuide/ProfessionalSearch.aspx),
    granted March 4 2000, to present.
  - Microsoft Certified Systems Engineer (MCSE); late 1990's
  - *[CheckPoint](http://www.checkpoint.com/)* Firewall-1 v3.x Certified
    Systems Engineer (CCSE); mid-late 1990's
  - *[WatchGuard Certified System
    Professional](http://www.watchguard.com/training/cert.asp#WCSP)*
    (WCSP); mid-late 1990's
  - a *[Novell](http://www.novell.com/)* 3.x
    *[CNA](http://www.novell.com/training/certinfo/cna/index.html)*
    (Certified Novell Administrator); mid 1990's

See my Bio above.

I have worked with many small and mid-size companies in eastern
Pennsylvania and New Jersey. I have experience with companies in a broad
range of markets, including Telecommunications, Pharmaceutical,
Financial, Healthcare, and Manufacturing.

I have worked with networks from Netware Lite and Netware 3.x on up to
30+ site TCP/IP WANS. I have written programs in COBOL, Pascal, C,
BASIC, Perl, Bourne Shell and many application macro languages including
VBScript. I have also been a beta tester for Microsoft (Win95 & NT4),
Symantec and others.

### What I like to do:

I am kind of a generalist rather than a specialist, one reason for my
interest in Information Security--it is a very broad and far-reaching
topic. I find I enjoy the tactical (in-the-weeds) side of things much
more than the strategic. I really get into the nuts and bolts of how
best to accomplish the goal and am very methodical about the process and
documentation. I do best with solid, uninterrupted blocks of time during
which I can fully focus on a task (see *[Maker's Schedule, Manager's
Schedule](http://www.paulgraham.com/makersschedule.html)*).

I really enjoy:

  - Scripting, building system & tool automation/integration
      - Ansible, shell scripts, Perl, Regular Expressions, Unix
        TextUtils and pipelines
      - DevOps concepts and implementation
  - Technical writing and documentation (ideally in wiki markup)
  - Getting as much as possible under revision control (git, bzr, hg,
    svn)
  - Linux (mostly Debian and Ubuntu/Mint, and CentOS) and other Free and
    Open Source software
  - Smart people I can both learn from and teach
  - Learning more about: Python, DevOps, Anisble
  - Did I mention bash, Perl & Linux? :-)

-----

## My Education:

I went to *[Oratory Prep High School](http://www.oratoryprep.org/)*, in Summit, NJ.

I also have a *[BSIS](http://www.sis.pitt.edu/~dist/bsis/bsis.html)* from *[The University of Pittsburgh](http://www.pitt.edu/)*. {{< figure src="/images/halfpitt.gif" alt="University of Pittsburgh Logo" link="http://www.pitt.edu/" >}}

-----

## My Hobbies and Interests include:

  - Reading, mostly hard science fiction and vampire books
  - Target shooting, pistol, rifle and bow
  - Experimenting with Information Security, Linux, Bash, Perl, Python
  - SCUBA and skin diving (was *[PADI](http://www.padi.com/)* certified
    by *[O'Donnel Diving](http://www.odonneldiving.com/)* and *[Lahaina
    Divers](http://www.lahainadivers.com/)* in early 2001)\! See also
    the *[Diver's Alert Network](http://www.diversalertnetwork.org/)*
    and *[Hidden Cove SCUBA](http://www.phillypa.com/hscuba/)* in King
    of Prussia PA, and my {{< xref "/photos/scuba" >}} page.
  - Skydiving\! Only had one tandem just so far, at the *[United
    Parachute Club](http://www.skydiveupc.org/)* but... :-)
  - Working on my car (up to late 2003 that was a '93 Honda Civic del
    Sol Si, now it's the '04 Acura TL 6 speed)
      - See my ASCII "circuit" diagram for a headlight buzzer for early
        90's Civic's, including the del Sol:
        *[here](http://wopr.caltech.edu/~mph/delsol/lights.html)*.
  - Rock climbing at the *[Philadelphia Rock Gym](http://www.philarockgym.com/)*
  - Fixing things and working around the house (see the infamous {{< xref "/photos/deck" >}}).
  - Wood & metal working
  - Kayaking on various local rivers in an Ocean Kayak *[Malibu Two](http://www.oceankayak.com/malibutwo.html)*. Nice boat...