Berk Demir

Engineer at Facebook

San Francisco, CA

How does this work?
About

I'm an engineer living in San Francisco Bay Area. I work at Facebook, focusing on authentication, authorization, and use of cryptography. Previously, I worked at Twitter, Cloudflare, and StumbleUpon, focusing on traffic, resiliency, and security. I offer office hours on wide range of information security topics, large scale internet service delivery, and distributed systems resiliency.

Ask me about
tailscale
cryptography
security
authentication
authorization
Duo Security
Okta
LastPass
1Password
BeyondCorp
Go
C
C++
Apache Mesos
Apache Aurora
WireGuard
Content Distribution Networks
CDN
BGP
TLS
HTTP/2
X.509
SSH
Tailscale
Work experience
logo

Aug 2016 - Present

Facebook

Engineer

Authentication, authorization, and use of cryptography. Previously: – Web Foundation: facebook.com availability and resiliency – Traffic Foundation: global scale optimal service delivery

logo

Nov 2012 - Aug 2016

Twitter

Sr Staff Site Reliability Engineer

Availability, performance, and reliability. Complex Incident Response. Traffic Engineering.

logo

Sep 2012 - Oct 2012

CloudFlare, Inc.

Systems Engineer

logo

Oct 2009 - Aug 2012

StumbleUpon

Software Architect

Availability, latency and security. • Infrastructural Components - Near real time MySQL to HBase replication. (Java) - ZooKeeper based service discovery. (Python) - Kafka based messaging system with an HTTP gateway. (Scala) - Content addressable storage for binary large objects on top of HBase used as a CDN origin. (Scala) - K-ordered, multi datacenter capable, distributed ID generator. (Scala) - Time series collectors for kernel, JVM, SNMP, and proprietary APIs of appliances. (C, Python) • Service Delivery - Frontend serving, caching and load balancing. - TLS termination. • Networking - Data center networking. - Move from Layer 2 (VLANs) to Layer 3 (IP) leaf and spine with OSPF in the core. - Diversifying upstream connectivity by becoming multi-homed and establishing MLPEs with BGP at the border. - OpenBSD based packet filtering and direct server return load balancing. • Advisory Engineer - OpenTSDB: An open source, scalable, high performance time series database built on top of HBase and written with Java. - An N+2 system to serve StumbleUpon badges (around 70% of the all HTTP requests StumbleUpon gets) with very low latency and high availability. Written with Scala.

logo

Aug 2005 - Sep 2009

Meteksan Sistem

Solution Architect (Integration, Scalability, Security)

• Scalability ­ - Bottleneck analysis and refactoring of Java, .NET, and LAMP stack applications. ­ - RDBMS performance work for MySQL and Oracle via engine tuning, sharding, and query refactoring. ­ - Migration of aging conventional OLAP systems to Hadoop and HBase. ­ - Anycast CDNs • Integration ­ - Peddler of Service Oriented Architecture. SOAP, XML-RPC, and RESTful web services. ­ - Enterprise Service Buses with Oracle Fusion, BEA AquaLogic and Apache ServiceMix. ­ - Message Queue, Business Process Mgmt. and Data Services Platform integrations to ESB. • Security ­ - Security engineer for software product line and customer proprietary information security projects. ­ - Black box and white box vulnerability assessment, penetration testing, and audit automation. ­ - MSSP operations lead for homeland security, law enforcement, and finance sector customers. • Business Continuity and Disaster Recovery Planning & Compliance (2006-2007) ­ - BCP and DRP for government information systems. ­ - ISMS auditor for ISO 27000 and PCI-DSS. • Product Development (2004-2006) ­ - DDoS Mitigation Appliances, Load Balancers with SSL offload. - Kernel development for OpenBSD based network security appliances.

Jul 2003 - Aug 2005

Meteksan Net

Internet Systems Engineer

• Planning, deployment and administration of large scale Internet services in an ISP environment. - Operations on OpenBSD, Solaris, and Linux based systems. - Veritas and Red Hat Cluster Server based high availability clusters. • Planning, deployment, and administration of customer premises network security devices. - Checkpoint, OpenBSD, and Linux based firewall, VPN, and detection systems. - Design and implementation of OpenBSD and Linux based embedded security appliances. • Web services for ISP infrastructure management and monitoring. - XML-RPC and SOAP services implemented in C and Python. • Integration of open source software to create high performance, scalable Internet services.

logo

Oct 1999 - Jun 2003

Self-employed

Systems and Security Consultant

• Contract agent with Andersen Consulting. • Enterprise risk assessments, penetration tests, incident handling, computer forensics. • Unix migrations. HPC, and high availability clusters.

Aug 1996 - Jun 1999

birNET Information Systems Ltd.

Network and UNIX Systems Administrator

• Day-to-day administration of ISP services on Unix and Windows NT based systems. • Technical support for WAN connectivity with Cisco and Nokia network active devices. • End-user technical support for dial-up customers.

Education

2004 - 2009

M.Sc. Candidate, Software Engineering

2000 - 2003

B. Sc., Computer Engineering

1999 - 2000

B. Sc., Electrical and Electronics Engineering

Talk to Berk

@ Copyright 2020 OfficeHours Technologies Co.