02-Sep-2020 14:55 - edited 01-Feb-2022 20:48
Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks. You might remember him from the F5 Certification Study Guides, DevCentral MVP Philip Jönsson is our Featured Member for September 2020! Let's learn more about Philip.
DevCentral: First, please explain to the DC community a little about yourself, what you do and why it is important.
Philip: I work as a Security consultant where I’m assisting customers with implementing, maintaining, and developing their environments based on a variety of security products with the goal of securing their applications and infrastructure. My main focus is F5, but I also work with other vendors who specialize in VPN and Next-Generation Firewalls. I was first introduced to F5 on the customer side but didn’t get to work with it much. My first real hands-on experience was back in 2013, about a month after being hired at Orange. We had an internal class introducing LTM after which my manager wanted me to write the 101 certification exam. Since then I have been working with F5 both from an operational standpoint and consultancy assignments. On my spare time I like to nerd into different technologies to learn something new or write on our F5 books that I co-write with a fellow DC MVP Steven Iveson. I also enjoy spending time with friends and family, play video-games or my quite newly found interest, vinyl collecting. I’m an Electronic Dance Music (EDM) enthusiast, so my collection is mostly based on that genre.
DevCentral: You’ve been active contributor in the DevCentral community over the years. What keeps you involved?
Philip: DevCentral is a great tool to develop your own knowledge and get assistance with finding solutions, building iRules and solve bugs. There are truly brilliant minds in this community, and they are extremely keen on helping others. As I have benefited a lot from this community, I want to pay it forward and if I know something that I can share with the community I will gladly do it.
DevCentral: Tell us a little about the technical expertise you have.
Philip: I started my career in the Network Operations Center working with pretty much every major vendor out there which gave me a wide range of expertise. After a while you stop focusing on the GUI and only on the underlying protocols which all vendors rely on. But my main focus has always been F5 which has given me the opportunity to work with BIG-IP LTM, APM, ASM, DNS, AFM, SWG, SSLO, VIPRION and vCMP. As I have always been more on the NetOps side, I have started my journey of going more towards the DevOps side and learning more about automation and container based environments.
DevCentral: You are a Security Specialist with Orange Cyberdefense . Can you describe your typical workday, how you manage work/life balance and the strong support of F5 solutions? How has the recent pandemic impacted your work?
Philip: My typical workday involves jumping between multiple customers where I’m sometimes booked for 2-3 days per week for a particular project or 1 day per week where I assist customers in their daily operations. A project could be installing a new vCMP cluster, building/designing a new datacenter or building a new environment in cloud.
Balancing life and work are tough at the moment being a father of two small children and the strong wish of continuing to develop books. Since I’m writing only on my spare time. When there just aren’t enough hours on a day you start to remove activities that is beneficial for your health. First, I stopped playing video games then I stopped exercising, and going to the gym and finally cut down on my hours of sleep. When we were developing the 201 book, I had the goal to release it before my daughter was born because I knew my available time would be even less than what I had and I wanted to focus on her. At that time I put my son to sleep at 8PM and then immediately went to work on the book until around 1AM, head to bed and up at 5AM to get ready for work and get my son to preschool. This was my routine every day from November 2017 until 10th of March 2018 when the book was released, one day before my daughter was born. Nowadays I try my best to balance between life and work and as my daughter’s sleep and routines improve, so does my hours of writing.
My strong support for F5 originates from that first class I took back in 2013. I enjoyed the product from start, and I saw the capabilities and potential it could have for its customers. The best is to see it in action and showing customers the swiss army knife, they have actually bought. That has not changed, in fact, it has only gotten stronger as I see how F5 as a company adapts to current trends and keep giving value to both new and existing infrastructure.
In the beginning the pandemic resulted in doubling in work where I sometimes had to work 70h in one week in order to rapidly expand customers’ VPN capabilities. Now all our work is being done from home and if a customer needs us on-site, they have to request it and it needs to be approved by a manager at Orange.
DevCentral: Do you have any F5 Certifications? If so, why are these important to you and how have they helped with your career?
Philip: I recently re-certified for the 401 certification and currently need to redo the DNS (GTM) exam. The certifications have helped me expand my knowledge as they are designed to gradually add more knowledge starting from basic networking, to administrating an LTM and finally specializing in each major module and becoming a solution expert.
DevCentral: Do you have any more books or study guides coming along soon?
Philip: Right now, we are working on updating our old 101 Application Delivery Fundamentals Study Guide because much has happened with that exam since we released it back in 2014. We are doing a complete remake of it, refreshing all its diagrams and expanding the Solutions chapter, covering all F5 modules. We have received feedback from people wanting to have that chapter expanded because as a complete rookie to F5, understanding what each module do and assist with can be quite overwhelming seeing each individual module is to be considered a product by itself. Learning about a new product can be quite tough because sales pitches do not really relate to specific customer scenarios and just contain fancy buzz words whereas technical papers could be too advanced and only focus on one particular subject without customer scenarios in question. We try to combine these two by providing technical explanations of solutions connected to customer scenarios. They should simply explain how it is done on a technical level and how that can be useful to a customer. I hope the reader will enjoy that. For that chapter alone we have added around a 100 pages. Once that is complete, we still have to add quite a lot of topics to align with the new exam, but that process will be much quicker I hope.
DevCentral: Describe one of your biggest Customer challenges and how the community helped in that situation.
Philip: I worked with a customer that used Secure Web Gateway (SWG) as a transparent forward proxy for their employees. They allowed social media applications like Facebook and Instagram inside their company network but that traffic ran through their transparent proxy. After Facebook updated their app to only support TLS 1.3 the app stopped to work since the BIG-IP did not support that at that time. Theoretically we could simply exclude SSL interception of Facebook addresses inside SWG but if I remember correctly, the cipher mismatch happened before policy evaluation inside SWG so it did not work. I decided to solve it by creating an iRule that checked the TLS version and if it was version 1.3 I would simply forward the traffic to the Original Content Server (OCS) without trying to modify or interfere with the traffic. With a big help from MVP (and F5 Consultant) Stanislas Piron who created an amazing iRule that completely breaks down the SSL Handshake, I managed to create an iRule for the purpose. The iRule looks at both the destination IP address and SNI and if it matches, it disables the HTTP and SSL profiles, evidently degrading the VS to operate on L4 with no intelligence. For easy use, I created data-group lists so the customer could easily add and remove applications as they needed to. What’s funny is that this iRule was used by a different customer to solve the same problem in Bluecoat ProxySG’s that was being load-balanced by F5 LTM’s. Since Bluecoat proxies do not have iRules, they had no solution to that problem at that time which goes to show the type of strength F5 has.
DevCentral: Lastly, if you weren’t doing what you’re doing – what would be your dream career? Or better, when you were a kid – what did you want to be when you grew up?
Philip: My dream job as a kid was actually to become a pilot but when it was time to choose schools, I had developed a fear of flying. And becoming a pilot that was afraid of flying didn’t seem like a good idea haha. I think that was a result of watching too many episodes of ‘Mayday’.
---Thanks Philip ! We really appreciate your willingness to share. To stay connected with Philip on other social media channels: