Joseph M. Hofmann
Schulstraße 36, 85419 Mauern, Germany
Schulstraße 36, 85419 Mauern, Germany
September 2017 - Present
I founded combahton IT Services back in September 2015 and acted as shareholder until April 2016, when I joined the company as CTO. In September 2017, the former CEO left combahton and I took over the CEO position together with Michael Sattel. combahton uses multiple lines of code written from me. This includes some parts of the customer area, automated server deployment / billing / abuse management. Most of combahton's processes are fully automated. The inhouse operated ddos-protection, called flowshield / flowanalyzer, is also based on my work and completely written in C, using a fairly complex combination of multi-threading (packet filtration, control plane) and kernel bypassing (netmap).
combahton operates a redundant Juniper EX / QFX / MX network with a redundant connected AS on top, the whole planning was also done by me.
April 2016 - Present
In April 2016, I joined Optile, a munich based company which is focused on providing a open payment platform, handling payments of Europe's largest businesses. I'm involved with almost the whole infrastructure operation. I'm fully responsible for the Juniper network Optile runs, including firewalling, vpn and switching. Also I'm working with various well known Cloud Service Providers.
September 2012 - March 2016
At MIVITEC, I was educated as Fachinformatiker Systemintegration (IHK tested). After 3 years of education, I've worked for nearly one additional year as Linux System administrator. I did on call, was responsible for most server deployments and built a tomcat / jboss based cloud hosting solution, including a php / mysql based webinterface. I earned some knowledge in managing large it infrastructures, typical data center environments and virtualization based on VMWare ESX.
I've developed several network oriented applications in C. One of them is my ddos-protection solution called flowShield. flowShield was formerly based on a Linux Kernel Module. Currently it's based on a netmap based userspace application, which bypasses the kernel completely for high throughput under minimal load. I was able to reach almost 10G wirespeed of traffic filtration at a rate of 64byte per packet. I also developed a application which analyzes sflow datagrams in order to recognize ddos-attacks and activate the mitigation platform through BGP. flowShield is actively operated in the network of combahton, dealing with hundreds of different attacks every month.
I have some knowledge in webapplication development in PHP. You can see my work on various project, ranging from a small self built social network to infrastructure automation and billing.
In python, I developed the former version of my ddos-analyzation solution. Today it's completely based on several lines of C-Code. Also I built some internal tools like split knowledge password management and automated sflow based network abuse detection in Python.
In most of my jobs, I developed puppet modules in order to automate the server side infrastructure. For example, the virtualization infrastructure at combahton is fully managed by puppet. In order to deploy a new kvm node, we just need to add the physical server into the rack, connect it to both power and network. The installation is done fully automated, including monitoring and customization. This safes us a lot of time and prevents human errors as we test our code before execution.
I'm working with Debian based systems since I was 13 years old. In my early days with Debian, I started with Etch (4.X). Most of my work experience had or has a near coverage with Debian based servers.
In my years as system operator, I dealt also with CentOS based servers. I dont have the level of knowledge I have with Debian based systems, but I'm able to do all typical daily tasks without any struggle.
For some years, I've operated BSD based servers acting as firewalls, dns-caches and webservers. Currently I dont operate any bsd based servers anymore, because I did not wanted to deal with multiple different machines anylonger.
Back in 2012, I started to administrate my first network devices, beginning with Dell Force10 running FTOS (extremely CISCO like). At some point I was also operating Brocade RX, MLXe and VDX devices for a few years. In the meantime, I earned a broad experience in operating Juniper based devices like SRX, MX and EX. I have experience in operating networks based on BGP, typical Layer2 stuff and Firewalling / VPN.