David Klassen

June 9, 2015

Your Company
Your Address
Your Region
Your Country

Re: Programmer / Security Position

To Whom It May Concern:

I am applying to this position with the intention of finding a team, where I can excel researching, creating, proofing, and securing technology within your organization. During the last ten years of my career my main objective has been to create secure technologies, that can bring advanced digital media content to the web, and at the same time protect both the companies and clients involved in the experience. The research problem space is non-trivial and has involved reviewing server, client, device, and feature implementation, using evolving web related technologies, protocols, processes, and practices. Given the nature of our business most professionals have a hard time differentiating how security activities:

relate to using a plethora of technologies to produce consumer content and entertainment (It is new-ish for most of us):

  • UI design using jQuery, ExtJS, Unity3D, HTML5, CSS3 and related AJAX Web Services (REST/ SOAP)

  • Server side integration with Java Restlet, and Spring/JSF API calls/annotations (JSON/XML)

  • Transaction processing using JMS message brokering and Hibernate/JPA/BigData API calls/annotations

  • Content Management System integration with (PHP/Drupal) and New Media related services

  • Secure wireless data communication and embedded programming on various open mobile architectures

however in a previous role with a Canadian video game producer, I was tasked with such things and attempted to encourage groups towards meeting both objectives. My knowledge and abilities stem from research, and a history of working in both security software and web technology companies. While in a dev team at mobile phone company I developed a Java server side crypto API by:

  • Verifying Phone configuration/signing requests in Java, and porting C code to Java for factory-side HSM verification

  • Using fifty two J2EE XServes providing 3000 request/sec to iPhones performing iTunes s/w validation

  • Applying nCipher Hardware Security Module to provide for a FIPS 140-2 Level 3 validated security configuration

Working for Corinex Communications I helped analyze, design, and implement an EMS (Element Management System):

  • using an ASIC distributor supplied C API for customizing Linux firmware functionality

  • the QT cross platform C++ API, and various libraries for UI and database integration

  • creation of multi-threaded servers for session and application services

I have participated in academic and recreational research surrounding software creation and deconstruction. I look forward to learning more about the competitive advantages of your organization and how it is positioned in the market.

Sincerely Yours,

David Klassen

David J. M. Klassen

Burnaby, BC Canada


Information Security Developer (Contract via. Annex) Sept. '14 – March '15

Annex Consulting Group, Inc., Vancouver, BC, Canada

  • Auditing code, Assessing applications, and testing (findbugs/JSLint/XssMe/ZAP/sqlmap/Skipfish Nessus)

  • Redesigning and implementing systems to account for best practices and prevention of common attack patterns

  • Created various scripts and POC code for analyzing security issues and providing maintenance procedures.

Software Security Engineer Sept. '11 – Sept. '14

TekSystems, Inc., Burnaby, BC, Canada

  • Redesigning and implementing systems to account for best practices and prevention of common attack patterns

  • Created various scripts and POC code for analyzing customer/security incidents and CDN/WAF behavior

  • Reviewed the 10 year old web site/services SOA architecture for security gaps, and provided best practices advice

  • Creating developer security awareness material, documenting security research, and leading security initiatives

  • Auditing code, Assessing applications, and testing (findbugs/JSLint/XssMe/ZAP/sqlmap/Skipfish/Nessus)

Software Engineer April '11 – Sept. '11

ENXSuite Corporation (now Infor), Victoria, BC, Canada

  • Java Web Application providing Emission Statistics for reducing GHG and Carbon pollution

  • Solved customer issues involving new features, software usability, and defects

  • Created simple CRUD workflows for a new product and integrated charting (highcharts.com)

  • JEE/Spring (JSTL/EL, i18n, JSF/Primefaces, Restlet/JAX-RS, Guice/JMS/ActiveMQ, Maven/Junit), SQL (hibernate/JPA/MySQL/Oracle), Javascript (JQuery/ExtJS/AJAX/JSON/JSLint), CSS

Security Software Engineer Oct. '08 – Oct. '09

Aumkaara, Inc., Cupertino, CA, USA

  • Created an installation validation J2EE servlet capable of providing 125 request/sec to phones

  • Provided API for cryptographically securing Configuration Info, sent to manufacturing facilities

  • Created code to translate Java objects to custom byte data, for performing cryptographic signing operations.

  • Ported 'C' code to Java so as to mimic secure service signing operations, where required

  • J2EE (Servlet, SOAP, nCipher/JCA, Junit), SQL (hibernate/MySQL), nCipher HSM, Mac/OSX

Software Engineer July '07 – Sept. '08

Corinex Communications Corp., Vancouver, BC, Canada

  • Implemented C code customizations for ASIC based firmware

  • Analyzed creating a NMS for managing multiple network/backbone device configurations

  • Implemented a multi-threaded session service for providing real-time updates to field engineers

  • C/C++/QT Signal/Slot(custom message protocol), QT/MySQL, shell/perl/CVS/Drupal/Linux/Win32

Software Quality/Release Engineer June '99 – March '05

Interwoven, Inc. (now Autonomy/HP), Sunnyvale, CA, USA - Xuma, Inc., San Francisco, CA, USA

Xcert International Inc. (now RSA/EMC), Vancouver, BC, Canada

  • Designed, implemented, maintained, and monitored build systems (AIX, Solaris, HPUX, Linux, BSD, Win)

  • Introduced parallel/debug build types, the component build infrastructure, and archival facilities (gmake/NetApp)

  • Participated in creating an automated service pack and patch infrastructure (PERL/Shell)

  • Integrated several build trains into a centralized global multi-site build environment and test suite

  • Created a build system and installer for a multi-tiered internet content server (UNIX packages, Perl and shell)

  • Design and development of product test suites using C/C++, Expect, and SilkTest

  • Created a s-client fuzzer for analyzing security weaknesses in the product offerings


  • GWAPT - GIAC Web Application Penetration Tester – SANS Certification/License #3951

  • Dean's Award – BCIT 2007 : for academic performance in B.Tech program

  • Runner Up Prize – BCNET 2007 Broadband Innovation Challenge : BCIT Practicum Project to Secure SCADA


Masters of Digital Media: (Not Complete) Apr. '10 – On Going

Center for Digital Media, Vancouver, BC

  • Small cohort based program modeled after the ETC program at Carnegie Mellon University

  • Programming for graphics related technologies OpenGL, Maya, Unity, Unreel, PHP, HTML5 etc.

  • BCIT Web Application Development Courses: HTML/5, CSS/3, AJAX, JSON, XML (DOM/SAX, Xpath/XSLT), SQL (hibernate, JPA), Javascript/JQuery, PHP/Drupal, JEE (i18n, JSP/JSTL, JSF, JAX-WS/RS, JMS, EJB3)

Bachelor of Technology : Secure Computer Systems Apr. '05 – Apr. '07

British Columbia Institute of Technology, Burnaby, BC

  • Graduated with honors - GPA 86% (3.1 or 4.0 depending on which scale is used.)

  • Praticum Project – Remote firewall access via. rules triggered by custom encryption protocol

  • 1st PlaceTeam - Practical Hacking/Defense Contest (ie. War Games Competition)

  • Covert Channels, Secure System Design, Firewalls, and Intrusion Detection Systems

  • Programming Concepts for Java/C#, OpenGL, Cryptography, Wireless and Embedded systems

Diploma of Technology : Computer Systems Sep. '97 – May '99

British Columbia Institute of Technology, Burnaby, BC

  • Hardware and Data Communication Concepts for Serial and TCP/IP Network Programming

  • Operating Systems, Database Systems, Expert/Decision Systems

  • Programming Concepts for C, C++, Java, Shell, Make, Assembler, Pascal, and Graphics

  • System Analysis and Design (OMT/UML), Rapid Application Development Tools

  • Communications, Marketing, Economics, Accounting, Statistics, and Law


  • Web design: Java, PHP, AJAX, JSON, Javascript (jQuery, ExtJS), CSS/3, HTML/5

  • Web Services .NET, PHP, JEE/Spring (JSP, i18n, EL, JSTL, JSF, JAX-WS, JAX-RS, JMS, EJB3), SQL (hibernate,JPA) XML (DTD/XSL, DOM/SAX, WSDL/WADL, Xpath/XSLT),

  • Programming Assembler Shell, Perl, Python, Expect, Make(CVS,SVN), Pascal, C (Unix, Win32, Xwindows, OpenGL), C++ (QT), Java (Junit, Ant, Maven, J2ME, Swing) and C# (Nunit, WinCE)

  • serial, network, and wireless programming in UNIX and Win32 (ie. RS-232, TCP/IP, Winsock, Berkeley Sockets, Raw Sockets, Multicast, 802.11, IPC, Threads, Protocol Design, SOAP/REST)

  • Computer network/security programming (ASN.1, MD5/SHA1, RC4/WEP/WPA2, OTP/ Kerberos, AES/DSA/RSA/ECC/PGP; PKI/V3 ext.; nCipher/openSSL/JCA,/Nettle, SAML,OpenID/oAuth

  • JSLint, findbugs, valgrind, nmap, ncat, socat, tcpdump, ZAP, sqlmap, Nessus, metasploit, ASLR/kernel, snort/iptables, backtrax/knopper, WAF, covert channels, Bastille/seLinux, OWASP Top 10 prevention

  • Processes for designing and creating secure systems (OWASP/CLASP/BSIMM/SAMM/CWE/SDL)

  • Modifying drivers, kernel configurations and programming embedded boards (SOC/GPU/DSL), SCADA equipment and protocols (DeviceNet, Modbus, DNP3, Profinet)

  • OSS Standards and Protocols: cross-gcc, dhcp, dns-sec, iptables/ebtables, snort, nfs/samba, NIS/ActiveDirectory, LDAP, SNMP, SMTP/POP, httpd, jboss/tomcat/jetty, cygwin, X Windows,

  • Databases, APIs and NoSQL (MSSQL, MYSQL, JDBC/ODBC, hibernate, Hadoop Cassandra Redis MongoDB)

  • Content/Configuration Management Systems and their use in development and release (TeamSite, Drupal, Wiki, Confluence, JIRA, LAMP etc.)