Justin White

Summary

I'm accountable for the global security posture of Cooke Inc., one of the largest privately held seafood companies in the world — security architecture, governance/risk/compliance, and security operations across 17 countries and roughly 18,000 people, from vessels and hatcheries to processing plants and corporate IT. I came up through network engineering and grew into the role that stood up the cybersecurity function, so my bias is toward security an always-on operational business can actually live with: controls that hold up to the auditors, insurers, and customers who get a say, without stalling production. Most of my career has been bringing security maturity to sectors that grew up as industrial operations, not software shops. I stay hands-on, too — a self-hosted home lab as a live testbed, and security writeups spanning cloud identity, web application, and AI/LLM security.

Technologies

The technologies listed here are from self-directed work pursued independently — in a personal home lab, in solo open-source projects, through certification study, and in authorized security practice — for my own learning and advancement. They are NOT a representation of any employer's systems, tools, vendors, architecture, or environment, and not technologies I deploy, support, or manage in any professional capacity.

Personal projects

Four solo open-source projects ground everything below. HouseGRC, a GRC platform: Python full-stack on Reflex (compiles to React), SQLAlchemy 2.0, SQLCipher-encrypted SQLite (optional Postgres), Alembic, a FastAPI sub-app, APScheduler, and a REST API. DeepReview / superdeepreview, a passive-OSINT engine with an opt-in, authorized-use-only active edition. GYST, a self-hosted household PWA on Reflex + Granian. And jlwhite.ca, this site, on Astro and Cloudflare Pages.

Languages and frameworks

Python full-stack with Reflex (compiles to React), Granian, and a FastAPI sub-app; async FastAPI with Pydantic; SQLAlchemy 2.0 sync and async over asyncpg, Alembic migrations, and APScheduler plus arq (Redis) job queues. Front end in React with Vite, TypeScript, Tailwind, TanStack Query, and Recharts. Astro with content collections, a sharp image pipeline, and dynamic OG generation. Progressive web apps with a service worker and VAPID web push.

Cloud and identity

Identity and cloud work I built into my own apps and personal certification study, not an operated environment. In HouseGRC I implemented SAML 2.0 + OIDC/OAuth SSO, SCIM 2.0 provisioning, group-based RBAC, and MFA (TOTP and WebAuthn/passkeys), plus evidence connectors I wrote against AWS (via boto3), GitHub, and Okta, and backups to S3, SFTP, and WebDAV. Cloudflare Pages and edge, with DNS and DNSSEC for my own domain. Microsoft Azure / Entra ID certified.

AI / LLM engineering

Multi-provider LLM integration (Anthropic, OpenAI, Gemini, Cohere, Mistral, DeepSeek) feeding a multi-pass, multi-lens AI review engine in HouseGRC and adversarial LLM verification of collected evidence in DeepReview. Agentic tool-use assistants (40+ tools) built on Claude and OpenAI in GYST, with vision LLMs alongside a local OWL-ViT object detector, barcode scanning against Open Food Facts, and Web Speech voice input. Prompt-injection guardrails and fencing behind an SSRF-defense chokepoint. An n8n LLM ops agent running in the home lab.

Application and offensive security

Authorized security practice on TryHackMe and CTFs: Azure / Entra ID privilege escalation (managed identities, Microsoft Graph, Temporary Access Pass, account takeover); web app testing including SSRF against server-side PDF renderers, stored XSS, injection, and CVE analysis; AI/LLM security chaining prompt injection with classic web vulnerabilities; and DNS/DNSSEC troubleshooting. Tooling: nmap, gobuster, hashcat, Kali, AzureHound, and the Azure CLI. In DeepReview, passive OSINT collection across 40+ collectors with an evidence store; the authorized-use-only active edition adds subfinder, httpx, nuclei, an OSS tool-runner, Tor, SearXNG, and a hardened Docker-based code-execution sandbox.

Infrastructure and home lab

A four-node Proxmox cluster on my own hardware. Docker and Docker Compose, LXC, Caddy, a Cloudflare edge, and Linux throughout. Self-hosted Plex and Audiobookshelf, an n8n ops agent, Ansible for configuration management, and restic backups. Home detection-engineering and monitoring with Wazuh, Zabbix, and Graylog.

Data and cryptography

The data stores I run: Postgres, Redis, SQLite, and SQLCipher-encrypted SQLite. Cryptographic and appsec primitives I implemented across my apps: AES-256-GCM, SQLCipher, Fernet, PBKDF2, argon2, TOTP, WebAuthn, HMAC, hash-chained and signed audit trails, HMAC-signed webhooks, SSRF allow-lists and guards, and prompt-injection fencing, with a stdlib-only security-invariant test suite covering those primitives in GYST.

Networking

pfSense as an active/passive CARP HA pair; dual-WAN failover across fibre and Starlink; a VLAN-segmented LAN; redundant Pi-hole DNS with DNSSEC; a UniFi controller and access points; and an older Cisco routing/switching lab. Depth in routing and switching, VLANs and trunking, spanning-tree, firewalls, VPNs, and network security and design, backed by Cisco and Juniper certifications.

Electronics and making

Raspberry Pi 5 with a Hailo-8 accelerator for edge AI inference; Raspberry Pi Pico W and ESP32 programmed in MicroPython, publishing telemetry over MQTT. Software-defined radio with PlutoSDR and LibreSDR. pH/EC sensor electronics for hydroponics. FDM and resin 3D printing.

Selected writeups

• Azure / Entra ID privilege escalation: managed identity → Microsoft Graph token → Temporary Access Pass → account takeover
• Web SSRF through a server-side PDF renderer
• AI-pentest room: stored XSS against a reviewer bot, chained with LLM prompt injection
• AI security: scoping an LLM ops-agent for a Proxmox cluster
• Home lab: HA pfSense on Proxmox with dual-WAN failover
• Home-lab DNS / DNSSEC troubleshooting

Hands-on practice

• TryHackMe — offensive-security practice rooms. View profile →
• Home lab — a four-node Proxmox cluster running an active/passive pfSense HA firewall, redundant Pi-hole DNS with DNSSEC, Docker/LXC services, and monitoring (Wazuh, Zabbix) as a live environment to test against.
• Open source — public work on GitHub, including this site.

Credentials

Certifications

• CISSP
• CISM
• AAISM
• Security+
• CCNP Security
• CCNP Enterprise
• CCDP
• JNCIS-SEC

All certifications, verified on Credly →

Experience

• Director, Cybersecurity, Cooke Inc. Oct 2025 – present
  Accountable for the global cybersecurity posture across 17 countries and ~18,000 employees — security architecture, GRC, and security operations.
• Senior Manager, IT Security, Cooke Inc. Jan 2023 – Oct 2025
  Built and operationalized the enterprise cybersecurity function spanning security architecture, GRC, and security operations.
• Network & architecture roles, Cooke Inc. Feb 2018 – Jan 2023
  Senior IT Architect; Team Lead, Network Services; and Senior Network Analyst. Ran the enterprise network across 8 countries, built a disaster-recovery datacenter, handled secure network cutover for acquired companies, and replaced legacy wireless that couldn’t be secured.
• Network Analyst → Senior Network Analyst, J.D. Irving, Limited ~2008 – Feb 2018
  Led core and datacenter network redesign and segmentation, and served as network lead on security projects and major incident response.