Software Engineer · Ottawa, Canada

John
Breton.

Engineer working on open-source security at Canonical — where Ubuntu is hardened, vulnerabilities are triaged, and complex disclosures are made legible for the community.

M.A.Sc. Software Engineering Published security researcher Available for conversation

01 / Experience

My work.

Nov 2025 — Present

Canonical — Software Engineer I

Ubuntu Security · Ottawa, CA

Applied AI tooling to the Ubuntu Security Notice pipeline, turning noisy vulnerability data and draft reports into clear, actionable disclosures for the open-source community.
Authored and led comprehensive threat modeling for the Ubuntu Archive, enforcing strict SDLC principles and a "secure by default" posture for core open-source infrastructure.
Refactored legacy Python tooling into concurrent CVE and security-notice processors, reducing execution time by more than 70%.
Onboarded and mentored new team members into high-priority security engineering workflows.

Dec 2024 — Nov 2025

Canonical — Associate Software Engineer

Ubuntu Security · Ottawa, CA

Triaged, assessed and patched hundreds of CVEs across Ubuntu packages, maintaining rapid deployment and high compliance across supported releases.
Developed QA tests for supported packages, improving coverage by ~10% while safeguarding stability.
Spearheaded internal + public documentation, growing content by over 100% and building knowledge-base articles that now anchor Ubuntu's security workflows.

Sep 2020 — Aug 2021

Ericsson — 5G/LTE Software Developer Intern

Baseband · Ottawa, CA

Built automated test cases in a Java framework to validate critical 5G and LTE functionalities.
Led internal knowledge-sharing sessions introducing new test automation initiatives to the baseband team.
Piloted a transition program for 50+ engineers, shifting manual testing toward automation and cutting LTE turnaround by 20%.

02 / Open Source

My projects.

001

TicTacBombs

A chaotic re-imagining of tic-tac-toe with bombs that reshape the board mid-game — built as a study in small-scope game design and turn-based state management.

Game Godot Turn-based

→

002

Dubhe

M.A.Sc. Thesis Implementation — ✨ Dubhe is an analysis tool that takes in UML activity diagrams to determine a system's behavioural security posture.

Thesis Security UML

→

003

ZOIA Librarian

Community patch-management for the Empress ZOIA — a PyQt desktop app for browsing, organizing and syncing user-created patches. Co-maintained with the ZOIA community.

Python PyQt Community

→

See everything on GitHub

03 / Research

Peer-reviewed publications.

FPS 2024 December 2024

An Approach to Determine a System's Behavioural Security Posture

J. Breton, J. Jaskolka, G.O.M. Yee

17th Intl. Symposium on Foundations & Practice of Security — pp. 94–110

FPS 2023 December 2023

Hardening Systems Against Data Corruption Attacks at Design Time

J. Breton, J. Jaskolka, G.O.M. Yee

16th Intl. Symposium on Foundations & Practice of Security — pp. 391–407

NDSS 2023 April 2023

Assessing Threats for Users with Disabilities via Accessibility Metrics

J. Breton, AR. Abdou

MADWeb Workshop on Security Measurements, Attacks & Defenses

★ Best Presentation Award

Education.

M.A.Sc. — Electrical & Computer Engineering

Carleton University · Software Engineering stream

Sep 2022 — Nov 2024 · GPA 3.93 / 4.00

Thesis: Analyzing the Behavioural Security Posture of Software Systems

B.Eng. — Software Engineering, CO-OP

Carleton University

Sep 2018 — April 2022 · GPA 3.84 / 4.00

Toolkit.

Languages

Java, Python, C/C++, JavaScript, Bash, PostgreSQL, HTML/CSS, Go (actively learning)

Technologies

Linux, Git, Spring, Flask, Docker, AWS (EC & S3), Jenkins, Maven, JUnit, Ubuntu, PyQt, CI/CD, Figma

Certifications

CompTIA Security+ · ISC2 Certified in Cybersecurity (CC)

Spoken

English (native) · Français (fluent)

04 / Get in touch

Let's talk.

Email johnbreton37@gmail.com ↗ Phone (905) 246-3652 ↗ GitHub @john-breton ↗ LinkedIn /in/john-breton ↗