Jo Johnson is a seasoned Principal-level software engineer and advisor with 14 years building high-performance security and network analysis systems from Microsoft antimalware services to DPI sensors and Zeek contributions. Based in Seattle, he blends deep protocol and detection expertise with productizing skills—moving prototypes like Bloodhound Enterprise to shippable products and leading ICEBRG/Gigamon DPI development. He’s contributed core session-handling improvements to the widely used Zeek network analysis framework, demonstrating low-level packet and analyzer design chops. As a consultant and leader he shapes teams, architecture, and hiring while continuing hands-on work such as JA4 Zeek porting and Suricata Lua sandboxing. Known for pragmatic, security-first engineering, he thrives at the intersection of systems performance, network forensics, and operational scale.
14 years of coding experience
19 years of employment as a software developer
Computer Science, Computer Science at California Institute of Technology
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
Role in this project:
Back-end Developer
Contributions:303 reviews, 1822 commits, 375 PRs in 11 years 5 months
Contributions summary:Jo contributed to the Zeek network analysis framework, focusing on its core session handling capabilities. Their work involved modifying the Session.cc and Sessions.cc source files, where they added an "addl" parameter to flow\_weird and net\_weird events, which involved modifications to the way TCP/UDP packets are processed. Additionally, the user contributed to the internal structure and data of the various analyzers.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.