Scott Behrens — DevOps Engineer

Principal Security Engineer focused on technical leadership of highly effective virtual teams, sustainable engineering practices, and pioneering execution models that scale. My passion lies in creating high-leverage security solutions that protect Netflix's 300M+ members, enabling us to entertain the world securely, responsibly, and reliably. At Netflix, I currently lead our Live Security program and our Attack Emulation Team. Previous initiatives include DDoS Research and Testing, as well as comprehensive Data Protection strategies. My approach centers on empowering colleagues through mentorship and growth-oriented leadership, navigating complexity in ambiguous spaces with clear strategies and successful execution. I've enhanced operational resilience through incident avoidance projects, developed methodologies for threat modeling and security posture lifecycle management, and established frameworks to treat data as a strategic asset, directly contributing to organizational excellence and innovation. I consider myself a T-shaped generalist capable of applying proven patterns across diverse challenges spanning data, technology, security, and organizational culture. I'm a breaker at heart and love hacking. I'm also focused on providing engineers with patterns and strategies to advocate for themselves at work and succeed in senior and staff-level roles through a project I'm calling The Engineer Setlist. Previously, I conducted penetration tests, performed application security assessments, and led automation-driven security research. I've authored research articles on DDoS testing, proactive security strategies, asset inventory, malware analysis, and application security, and presented at major security conferences including DEF CON, OWASP, B-Sides, and others. Outside of work, I'm passionate about creating music, weightlifting, exploring nature, making great coffee, and spending quality time with my wife and dog. Specialties: Strategic Security Leadership, Team Enablement & Mentorship, DDoS Research and Testing, Attack Emulation & Red Teaming, Application Security, Security Automation, Data Protection & Governance, Secure Software Development, Risk Management, Public Speaking, Python Development.

Stackforce AI infers this person is a SaaS security expert with a focus on strategic leadership and team enablement.

Location: San Francisco, California, United States

Experience: 22 yrs 2 mos

Skills

Strategic Security Leadership
Attack Emulation & Red Teaming
Application Security
Career Development

Career Highlights

Led Netflix's Live Security program and Attack Emulation Team.
Pioneered DDoS research and testing methodologies.
Mentored engineers to succeed in senior roles.

Work Experience

Self-employed

The Engineer Setlist (1 yr 2 mos)

Netflix

L8 Principal Security Engineer (1 yr 9 mos)

E7 Principal Security Engineer (3 yrs 4 mos)

Staff Security Engineer (1 yr 4 mos)

Senior Application Security Engineer (6 yrs 4 mos)

Neohapsis

Senior Security Consultant (1 yr 2 mos)

Security Consultant (1 yr 3 mos)

Associate Security Consultant (9 mos)

DePaul University

Adjunct Professor (1 yr 6 mos)

Radius IT

Open Systems Architect (4 yrs 2 mos)

Electronic Visualization Laboratory

Research Scientist (8 mos)

Argonne National Laboratory

Network and Systems Engineer, Co-Op (1 yr 8 mos)

Education

Masters of Science at DePaul University

Bachelors of Science at DePaul University

Scott Behrens

DevOps Engineer

San Francisco, California, United States22 yrs 2 mos experience

Highly Stable

Key Highlights

Led Netflix's Live Security program and Attack Emulation Team.
Pioneered DDoS research and testing methodologies.
Mentored engineers to succeed in senior roles.

Stackforce AI infers this person is a SaaS security expert with a focus on strategic leadership and team enablement.

Contact

Skills

Core Skills

Strategic Security LeadershipAttack Emulation & Red TeamingApplication SecurityCareer Development

Other Skills

DDoS Research and TestingTeam Enablement & MentorshipStrategyWeb Application SecurityMobile SecuritySocial EngineeringPhysical Security AssessmentPenetration TestingApplication Security ArchitectureSystem AdministrationPythonBashSecurityNetwork SecurityVulnerability Management

About

Experience

22 yrs 2 mos

Total Experience

3 yrs 1 mo

Average Tenure

1 yr 2 mos

Current Experience

Self-employed

The Engineer Setlist

Mar 2025 – Present · 1 yr 2 mos · San Francisco Bay Area · Remote

The Engineer Setlist is a weekly guide for engineers who want to grow their impact, sharpen essential soft skills, and get recognized for their work. Each issue delivers real-world stories, practical patterns, and easy-to-use frameworks.

Career DevelopmentStrategy

Netflix

4 roles

L8 Principal Security Engineer

Aug 2024 – Present · 1 yr 9 mos

L8s are technical leaders who work on challenges that directly affect our ability to compete and win as a business. They do this by identifying and tackling issues that result in impact for Engineering and Netflix as a whole.
In this role, I'm leading the development and integration of our Security, Privacy, and Assurance strategies. Closely aligned with business objectives, this role ensures that our security posture not only protects the company but also facilitates growth and innovation for Netflix. Current focus areas include security technical lead for Netflix Live product, tech lead of Attack Emulation Red Team, and tech lead DDoS research and testing.

Attack Emulation & Red TeamingDDoS Research and TestingTeam Enablement & MentorshipStrategic Security LeadershipApplication Security

E7 Principal Security Engineer

Promoted

Jun 2021 – Oct 2024 · 3 yrs 4 mos

I work as a Security principal engineer on technical vision, strategy, execution, influence, and alignment of select security and Engineering-wide cross-functional projects without direct reports.
This can take many forms, including developing and influencing team/charter/technical strategies, team/product/org visions, architectural design, security/risk/capability assessments, execution plans, gap analysis, prototyping, and technical decision-making.
I work on team enablement through mentorship, career development work, onboarding support, and identifying and resolving conflicts.
Currently I am leading our security program for Netflix Live and I lead our attack emulation team.

Attack Emulation & Red TeamingDDoS Research and TestingTeam Enablement & MentorshipStrategic Security LeadershipApplication Security

Staff Security Engineer

Promoted

Feb 2020 – Jun 2021 · 1 yr 4 mos

I help align the technical strategy across the Product And Application Security org, which encompasses 4 teams: Cloud Infrastructure Security, Platform Security, Application Security, Customer Trust, and Safety.
I will lead various cross-team efforts and identify new high-leverage opportunities for the organization. My current focus area is building out a scalable risk program for our product and application security org.

Attack Emulation & Red TeamingDDoS Research and TestingTeam Enablement & MentorshipStrategic Security LeadershipApplication Security

Senior Application Security Engineer

Oct 2013 – Feb 2020 · 6 yrs 4 mos

Keeper of all things security. I'm focusing on making sure the Cloud Platform stays secure, robust and resilient.

Attack Emulation & Red TeamingDDoS Research and TestingTeam Enablement & MentorshipApplication Security

Neohapsis

3 roles

Senior Security Consultant

Promoted

Jul 2012 – Sep 2013 · 1 yr 2 mos

Provide strategic information security advisory and consulting services for enterprise clients. Translate business, industry, and regulatory requirements into information risk management objectives and associated tactical/strategic information security initiatives.
Specialties include web application assessments, social engineering, mobile application security assessments, penetration testing, security policy review and design, malware analysis, tool development, and security research.
Neohapsis lab manager responsible for developing research agenda, managing labs initiatives, publishing and presenting research.
Responsible for mentoring associate consultants and provide training courses in application security.

Attack Emulation & Red TeamingDDoS Research and TestingTeam Enablement & MentorshipApplication Security

Security Consultant

Promoted

Apr 2011 – Jul 2012 · 1 yr 3 mos

Provide strategic information security advisory and consulting services for enterprise clients. Translate business, industry, and regulatory requirements into information risk management objectives and associated tactical/strategic information security initiatives. \

DDoS Research and TestingApplication Security

Associate Security Consultant

Jul 2010 – Apr 2011 · 9 mos

Provide strategic information security advisory and consulting services for enterprise clients. Translate business, industry, and regulatory requirements into information risk management objectives and associated tactical/strategic information security initiatives.

Application Security

Depaul university

Adjunct Professor

Mar 2012 – Sep 2013 · 1 yr 6 mos · Greater Chicago Area

Adjunct Professor at DePaul University teaching the Masters level course Software Security Assessment (SE-526).

Team Enablement & MentorshipApplication Security

Radius it

Open Systems Architect

May 2006 – Jul 2010 · 4 yrs 2 mos

Information Technology Consulting Services to businesses in the Chicago Metropolitan and surrounding areas. Primary focus is on network and systems solutions for small to mid-sized businesses in high availability financial and trading environments.

Electronic visualization laboratory

Research Scientist

Oct 2005 – Jun 2006 · 8 mos

The Electronic Visualization Laboratory (EVL) is an interdisciplinary graduate research laboratory that combines art and computer science, specializing in advanced visualization and networking technologies. My focus was developing NetLasso, an intuitive software tool for multi-site network performance testing writen in Python.

Argonne national laboratory

Network and Systems Engineer, Co-Op

Feb 2004 – Oct 2005 · 1 yr 8 mos

The basic mission of the MCS Division is increase scientific productivity in the 21st century by providing intellectual and technical leadership in the computing sciences -- computer science, applied computational mathematics, and computational science. My particular focus was developing monitoring software to the TeraGrid cluster for real-time monitoring and analysis of network and systems data, as well as Linux cluster administration.