My name is Haydn Johnson, and I'm an Australian native currently living in Canada. I'm a proud father and an experienced Information Security Specialist with over a decade of experience in security consulting, program initiation and management, penetration testing, threat intelligence, security operations, incident response, and implementation.
I possess strong communication skills, which allows me to speak confidently with both senior management and engineers. Additionally, I'm well-versed in presenting to peers at conferences. I have a genuine passion for cloud security and am always striving to learn more about the latest developments in this rapidly evolving field.
When I'm not working, I'm usually found on the mats training Brazilian Jiu-Jitsu. It's a passion of mine that has taught me about the importance of discipline, focus, and perseverance.
Thank you for taking the time to read my bio, and I look forward to connecting with you soon!
Experience

Cloud Security Architect
Ruby Life Inc LTD | July 2022 to Current

•  Built 2021 cloud security roadmap, presented and communicated to stakeholders
•  Identified unused assets in the cloud, saving 10% of monthly Operational budget
•  Participation in newly created enterprise architecture team
•  Increased visibility within the cloud, benefiting multiple teams
•  BCDR project support as SME
•  Security Account VPCs built in Terraform
•  Integrated Splunk AWS addon with CloudTrail logs using SQS Queues
•  Improve SecOps investigations by automating the creation of a sandbox with Terraform
•  Kubernetes Installation Ansible Playbook created to improve testing capabilities
•  Splunk add-ons built in Python to increase response for incidents and negate time spent investigating false positives


Principal Security Analyst
Ruby Life Inc LTD | Sept. 2020​ to July 2022​

•   Identified gap in focus on cloud security, designed and executed cloud program
•   Planning, POC building and execution for projects such as Secrets Management
•   Security solutioning and implementation for API access
•   Outbound network visibility gap identification, solutioning and implementation within Splunk
•   Solutioned asset inventory within AWS, guiding deployment with OPS and dashboard creation with security architect
•   Alert review, Incident response, participation in On-Call rotation
•   Technical and leadership advisory for Security Operations projects


Security Manager, Information Security & Privacy
Points International | July 2018​ to Sept. 2020​

•  Relationship building with different teams and stakeholders across the organization
•  Act as Security SME for IT teams on email, OS and application configurations
•  Management and validation of Web Application Pentest findings, conducting Pentests on major changes
•  Automated reporting of Key Performance Indicators and Key Risk Indicators using custom scripts to generate dashboards for executive audience

Security Analyst, IT Operations
Points International | July 2017​ to July 2018​
•  Provide security guidelines for IT Operations
•  Build beginning of security program
KPMG, LLP, Canada
Senior Consultant, Risk Consulting
Feb. 2016​ to July 2017​
The role mostly required the involvement of the full engagement life cycle; budget, scope, kick-off, execution, reporting and close off. Engagements were conducted solo, or with direct reports (consultants). Experience included Penetration Testing, Fuzzing, Threat Intelligence, basic malware analysis, Wi-Fi Assessments. Being a senior consultant caused me to be a workstream lead in addition to upward management to ensure other workstreams as part of bigger engagements were successful.
Deloitte Canada
Senior Consultant and Consultant, Enterprise Risk Services
July 2014​ to June 2017​
Provided security consulting services to clients in Oil & Gas and Financial Services
Performed Web Application Pentests and Wi-Fi Assessments
Gathered and analyzed intelligence from a variety of open and closed sources to identify relevant cyber threats to clients and provided recommendations for countermeasures
Deloitte Australia
Graduate, Enterprise Risk Services
Mar. 2013​ to Mar. 2014​
Gateway to work at Deloitte from University. 1 year as a new consultant/graduate.


Projects
2022
Main Portfolio Youtube Playlist Link
Custom Service Account for API Access in Kubernetes Cluster
Docker Container Built with Best Practices (Docker Bench for Security)
Auditing Docker Daemon and Host with Docker Bench for Security
Handling Secrets Securely when Building a Docker Image
Demo of a docker image that uses passwords, tokens and private keys
Terraform Code for an AWS VPC and 2 EC2 systems
Using AWS Security Token Service (AWS STS) To Assign Temporary Security Credentials

2021

2020​
Emulate.GO
A tool to abstract away the complexity of executing command line indicators in adversary emulation.
Jira Pull
Golang script that uses basic authentication to connect to Jira, executes a JQL query and prints output to the screen.
A step by step guide to implementing Hashicorp Vault, creating users and rotating passwords within an AWS RDS instance.
Powershell Script to List Missing Windows Patches
GitHub Actions Trufflehog Walkthrough
A blog post of using (and not using) the Splunk SDK to connect to Splunk in Python. Using beautiful soup to parse results.
Golang and Windows Network Interfaces
A blog post explaining how to connect to Windows NICs.  Including Go code that can be run to list NICS.

Back to Top