Los Gatos, CA
Architect or senior engineer position that allows me to use my security, cryptography and software engineering expertise to design and build products that succeed.
Highly experienced software engineer and architect with a focus in security analysis, design, and development. Strong background in issues related to application security, cryptography, secure network protocols, and embedded systems security.
Deep knowledge of multi-platform software development in C and C++ including most Unix variants, Windows, embedded systems and mainframe computers.
Well-versed in development issues concerning memory management, performance and multi-threaded software development.
Experience with the complete software project life cycle. Have shipped multiple commercial products.
Experience managing engineering groups and mentoring junior engineers.
Participated in various standards organizations including ANSI X9 and IETF.
Inventor of seven patents (6,321,333, 6,111,660, 6,092,202, 7,243,341, 7,617,396, 7,644,279, 7,802,108), others applied for.
Systems: Unix (Linux, Solaris, HP/UX, AIX), WebOS, Windows (NT, 2000, XP), Z/OS, AS400
Tools: gcc, gdb, vi/vim, make, VisualStudio, SVN, git, SCCS, CVS, Teamware.
Languages: C, C++, Perl, XML, SQL, TCL
Cryptographic Algorithms: RSA, DES, AES, SHA
Digital Certificates: X.509, ASN.1, PKCS11
Certification: FIPS 140-2, Common Criteria
Protocols: SSL, TLS, HTTP, SMTP, FTP
Handled all aspects of security incident response, from communicating with external researchers to finding the fault and fixing it to writing the press release to improving the incident response plan.
Designed and implemented a secure key manager for WebOS. The keymanager keeps keys securely and allows authenticated users to perform cryptographic operations without the keys leaving the key manager.
Designed and implemented a native app sandboxing scheme, so WebOS could safely support native games. The sandbox is configureable for different applications types. I had to reverse-engineer numerous games to determine what they needed in their sandbox.
Designed and implemented a disk encryption scheme to protect user data in WebOS. This included a reliable way of migrating data on the plaintext partitions to the same partitions once they were encrypted.
Served as a company resource for security and cryptography issues, especially X.509 and SSL.
Represented WebOS on the HP FIPS/CC SIG.
Ingrian was the leading company in database encryption software and appliances. It was acquired by SafeNet in 2008.
Responsible for the security architecture for all Ingrian hardware and software products.
Designed first and second generations of a centrally managed file encryption product.
Designed and developed cryptographic APIs for internal and customer use.
Designed, managed and implemented a combined hardware and software product to satisfy US government and international security certifications (FIPS 140-2 and Common Criteria (EAL2)).
Managed a team that developed the protocol and clients for Ingrian's flagship Network Attached Encryption (NAE) products.
Developed methods for code protection (anti-debugging features).
Performance tuning of software, algorithms, and protocols. Increased speed of NAE protocol by 300% through tuning NAE client and it's XML parser.
Network protocol design for NAE.
Produced internal seminars on cryptography and was the corporate resource for security, cryptography, SSL and digital certificate knowledge.
Developed and enforced the company's security incident response plan.
Defined a secure architecture for downloading configuration information to reconfigurable processors.
Worked with other groups within the company to define requirements, create specifications and ensure the security architecture would be implemented as designed.
Designed and developed a low-level secure architecture and API.
Security-related consulting work including:
Design advice and research for a company making high-speed SSL hardware.
Security review of a B2B network protocol and network design.
Design of a security model and secure download protocols for a Software-Defined Radio product.
Security review of an existing content-protection product.
Review of third-party software tamper-resistance technology for a content-protection company.
Design and development for a software layer to add OpenSSL to an embedded web server.
Design and development of a French smart card payment application for an embedded smart card keyboard.
Developed the security model for the N*Able's N*Click, a smart card reader /keyboard chip and software package with full cryptographic capabilities including support for SET, X.509, RSA and DES.
Specified the security features of the chip for hardware engineers.
Designed the overall architecture for the chip's OS and software, including components, interfaces, key APIs and protocols.
Developed new and innovative ways to perform complex protocols in limited memory devices (patents granted in this and related areas).
Participated in standards development in both public and industry standards groups including ANSI X9A, the X9.59 payment protocol, SET.
Managed a team of security researchers and provided technical leadership to the N*Able software engineering staff.
Developed research/demo projects including a biometric-authenticated smart card reader (shown at Comdex) and a smart card authenticated RADIUS login process.
Advised the CEO on business implications of new products and developments in the security/cryptography space.
Considerable software development- for our own embedded OS, Linux, and Windows.
Security-related consulting work including:
Designed a security model, assisted on a hardware specification, and began designing the OS, communications protocol and application framework for a secure smart card product (N*Able, was hired in 9/97)
Provided input on the security model, cryptographic protocols and the problems of digital rights management on consumer equipment for a startup delivering encrypted music over the Internet.
Consulted on network security and authentication for a startup developing an Internet-based travel agent system, including analyzing the security implications of their vertical market, recommending solutions to problems involving data security, authentication and non-repudiation, and performing security analysis on existing and proposed CORBA and Java technologies
Designed and developed an implementation SSLv3 for a PDA product.
Developed two SSLv3 implementations -- One to the initial SSLv3 draft and based on pre-SSLv3 SSLeay and BSAFE, and one written from scratch to the final SSLv3 spec, also using BSAFE.
Participated in the design of SSLv3 by giving feedback to Netscape on SSL design issues.
Developed a version of sendmail to encrypt and decrypt PGP-encoded messages.
Modified the SOCKS and TIS proxy gateways for use on Sun's corporate gateway to the Internet.
Wrote a library to convert PGP keys to and from the PKCS#1 format.
Bachelor of Science, Humboldt State University, 1985.