Thomas Benoit
Experience
Software Engineer
Carnegie Mellon University, Software Engineering Institute
- • Engineered and operationalized software foundational to enterprise security monitoring at scale, leading to promotion in January 2024 and five Spot Awards.
- • Designed and implemented a novel VPC Flow Log optimization strategy across AWS Virtual Private Cloud environments by identifying compression opportunities through cloud infrastructure analysis. Built multiple automated, scalable, event-driven ETL (Extract, Transform, Load) pipelines to perform the optimization, resulting in a 60 percent reduction in log size while preserving full analytic and security monitoring value. The approach was subsequently adopted for Microsoft Azure environments and presented at a research conference (Lambda function code). (AWS, Lambda, SNS, SQS, CloudWatch, Python, NumPy, Pandas, Splunk)
- • Independently developed a standalone Python program to convert cloud flow logs into SiLK binary flows, taking ownership of the entire technical approach from algorithm design through deployment. Established integration standards for existing security tools, managed persistent configuration files for consistent sensor ID labeling, and collaborated with network analysts to align with operational security needs. Reduced storage requirements by 75 percent. (Python, NetFlow, SiLK)
- • Designed, implemented, and deployed the first cloud-based instance of YAF for traffic mirroring streams in AWS. Engineered functionality to efficiently perform VxLAN-UDP network protocol decapsulation and extract key values, allowing the sensor to generate flows from AWS mirrored packet streams and integrate with enterprise cloud security infrastructure. (AWS, C, Lua, IPFIX, Wireshark)
- • Briefed the results of various work streams across technical and executive audiences. Leveraged specialized knowledge of network and cloud infrastructure to enrich cross-team collaboration. Provided bottom-line-up-front messaging to ensure understanding across business units, and conveyed the value of security decisions, optimizing efforts across directorate teams.
- • Architected enhancements to a flow sensor's configuration system to support analyst-customizable regex patterns for deep packet inspection (DPI), enabling users to update packet detection rules without modifying source code. Independently designed scalable data types and structures to ensure flexible and maintainable configurations for high-scale deployments, enabling analysts to extend packet inspection capabilities to meet evolving security requirements. (C, Lua)
Projects
Chess Opening Success Analysis System
Designed and developed a high-performance distributed system that processed and analyzed 125 million chess games at scale. Architected a scalable backend system using Apache Kafka message queue middleware to decouple PGN parsing from PostgreSQL database operations, enabling horizontal scaling with multiple producers and consumers at 2,500 games/second throughput. Analyzed data patterns to optimize query performance with custom PostgreSQL materialized views for precomputed statistics and developed a React frontend to visualize opening success rates across player levels. Built with efficiency and scalability as core design principles. (Python, Kafka, PostgreSQL, Docker, React)
Education
George Mason University
Bachelor of Science in Computer Science
Publications
Demystifying the Shape of Traffic in the Cloud
Speaker, 2024Presented at FloCon 2024 on how AWS flow log sensor architecture introduces routing and security monitoring challenges, highlighting key differences between cloud and on-premise network telemetry.
Keeping Up with Cloud Security using Available Telemetry
Author, 2025Coauthored an article on cloud flow collection, focusing on flow generation nuances, sensor deployment, and architecture considerations for optimal data collection.