Selected work

The common thread is infrastructure that has to be correct, fast, and durable. Here's a selection — current work, a couple of things I build for myself, and a condensed look back over twenty-something years.

Now

Veracode — Identity & Zero-Trust

I lead the modernization of Veracode's identity platform — the authentication and authorization layer the rest of the product depends on. Recent and ongoing work:

• Zero-trust built on a creative use of OAuth specs: Token Exchange, Device Flow, Client Credentials, and DPoP device binding, combined with fine-grained authorization.
• A Spring Authorization Server foundation enabling SCIM 2.0 and custom OAuth flows.
• A flexible policy/rules engine for complex enterprise standards compliance.
• A customer-defined custom roles system and a self-service free-trial platform.
• Observability with Grafana and Datadog plus k6 load-testing infrastructure, so our teams can build, test, and ship with confidence.
• A Spring AI classification system that detects and filters spam trial signups.

Mostly Java and Spring Boot (including Spring Authorization Server) on the back end; React, Angular, and TypeScript on the front; Postgres, Redis, and Kubernetes underneath.

Things I build for myself

detroit.games/euchre

My family started playing Euchre remotely during covid, and we still play whenever we travel or can't get together. The mobile app we used got so aggressive with ads — hidden buttons, forced app-store detours, full screen interstitials that booted you mid-game — that it turned a fun ritual into a stressful one. So I built it myself, to own the UX end to end and make playing Euchre fun again.

This site

jimjonah.dev is a static Astro site — no server, no database, minimal JavaScript. The blog content is Markdown with a schema that mirrors the AT Protocol site.standard.document lexicon, so posts appear natively in Bluesky's timeline and in other AT Protocol standard.site-aware clients like Leaflet and Offprint.

Before this

Twenty-something years of platforms and tooling across many domains:

• BMC Software — Java/ANTLR4 parsers and interpreters for COBOL, PL/I, Rexx, and JCL, plus graph-based visualization tools that turn mainframe logic into interactive flowcharts and program-to-program call graphs. I was awarded a patent for a unique twist on a COBOL code editor.
• Compuware — 17 years working on the Topaz visualization platform (Runtime Visualization, Program Analysis), the Vantage Analyzer high-throughput distributed APM tool, and the OptimalJ code modeling/generation tool.
• Organic / Chrysler — architected, built, and led Chrysler Group's web presence through its early years online, growing the interactive group to 90+ and migrating the platform from Pro*C/C++ CGI to Java J2EE.
• Ross Roy — built an interactive agency from a team of 3 to 60+ that was spun off and IPO'd during the dot-com era.