Work Experience

Company website

The Shadow Group
January 1997 - April 2001
Principal Partner and Founder

Company website

Company was acquired by Corbett Technologies, Inc.

Plesk, Inc.
December 2000 - Present
Director

September 1999 - December 2000
Chief Technology Officer, Director and Founder

• Determine technology direction for company
• Advise and help managment make strategic technology decisions for company
• Company Website

• Manage product development, research and QA department heads
• Determine technology direction for company
• Make strategic technology decisions for company
• Company Website

Cisco Systems
Formerly Wheelgroup Corporation

May 1999 - July 1999
Senior Software Developer
Signature and Exploits Development Group, Active Audit, Security Internet Services Unit

• Netranger Developer
• Write new intrusion detection signatures for Ciscos premiere Network Intrusion Detection and Response System.
• Enhance the Netranger Engine and next generation Intrusion Detection Engine.
• Netsonar Developer
• Write new security vulnerability quantification tools.
• Write new exploits to find security vulnerabilities in all OSes.

August 1998 - May 1999
Senior Research Scientist
Advanced Network Security Research, Active Audit, Security Internet Services Unit
 

• Conduct research into new vulnerabilities and attack methods against all manner of Operation Systems and network devices.
• Develop new methods for defending systems and networks against attack.

August 1997 - August 1998
Senior Network Security Engineer
 

• Provide senior operational management of on site Security Posture Assessments, Forensics Analysis and Security Design Reviews.
• Lead Senior Developer and Engineer.  Responsible for managing and writing security posture assessment and data analysis tools, programs,modules and new experimental distributed engines.
• Lead Senior IS team in evaluating, selecting, testing, recommending, modifying, designing, engineering, coding and integrating new technologies and solutions into existing customer security infrastructure (including methods and tools).
• Responsible for conducting security posture assessments testing of customer enterprises from an operational real world approach (modeling is a seperate job function) both internally and externally to the customers enterprise.
• Responsible for developing, engineering and managing security requirements development, policy creation and operational implementation for Fortune 50 companies.
• Design and testing of next generation Network Intrusion Detection and Response systems.
• Testing new software and new configurations for all commercial and open source operating systems for security vulnerabilites and other security related issues.
• Conduct ongoing research into security of Operating Systems, Networks (operational and modeling), Applications and other concepts, such as designing trusted models, secure models, exploitation tools, counter measures, re-scaling models to fit threat, etc.
• Development of automated Security Posture Assessment tools, modules, scripts and engines.

August 1996 - August 1997
Lead Systems Architect at SEC
Chief Systems Security Architect for UTA

• Lead Senior Multi-Platform Systems Administrator for UTA personnel. Platforms range from HA Solaris platforms, BSD, Linux, HP-UX, Plan 9, SunOS, and SCO to Windows NT and OS/2 Warp Platforms.
• Lead Senior Systems Architect for UTA personnel. Lead Senior IS team in evaluating, selecting, testing, recommending, modifying, creating, engineering, coding and integrating new technologies and solutions into the existing infrastructure (including methods and tools).
• Responsible for pentration testing of SEC and UTA systems and access points.
• Chief architect for implementing Public Key Infrastructures, encryption, digital signature services, Certificate Authorities, evaluating COTS products, designing customized solutions, analyzing requirements and identifying, evaluating and implementing appropriate solutions.
• Reponsible for engineering and implementing Internet technologies as part of the evolving SEC EDGAR Internet project.
• Responsible for developing, engineering and managing security requirements development, policy creation and operational implementation for SEC internet/intranet/extranet systems and making recommendations to other divisions for their security needs as required by contract.
• Responsible for safe guarding all SEC EDGAR filings maintained on high visibility Internet Servers open to public anonymous ftp and Web browsing.
• Building Gauntlet, Checkpoint, TIS, Alta-Vista and Custom Firewalls.
• Developing new security tools to proactively maintain the security of SEC filings data and servers.
• Testing new software and new configurations for Solaris, BSD, Linux, Plan 9, OS/2 and NT based systems.
• Database Development and engineering
• Maintaining a dozen high end Solaris 2.5-2.5.1 Servers and their databases
• Engineering new systems and solutions

June 1995 - June 1996
Computer Analyst

• Senior System administrator for all White House WWW servers and all other internet machines to include the Firewalls at the White House.
• Developing, administering and implementing SecurID Authentication Control Encryption clients, servers and databases on Solaris 2.5 platforms to replace the DEC SecurID systems and proprietary databases used in the older ACE server and clients. Also administering and installing the older ACE server and clients.
• Expert proven CGI and PERL programming skills as Co-Developer of the Federal Statistics Briefing Room for the White House Web Service.
• Expert proven HTML skills as a member of the White House Web Development Team.
• Experienced Java Programmer. Coded and implemented all Java applets and Java based applications for the White House.
• Senior Internet Security Specialist, responsible for maintaining, developing and implementing the security of network, firewall and all whitehouse.gov computers. Also responsible for developing and implementing cracking tools and security testing tools to maintain and enhance the security of EOP networks and computers.
• Secure Communications protocol developer and inter/intranet security specialist. Building, developing and implementing applications that provide real time secure communications via TCP/IP and other protocols over insecure networks and through untrusted hosts. Headed up program to implement SSL, DES, IDEA, Blowfish and other encryption protocols/algorithms into real-time secure streaming of ftp, telnet, http, rsh, X and other connection daemons and clients.
• Administered White House DEC Firewalls while concurrently developing applications that used Kerebos based authentication and/or IDEA, DES, triple-DES, SSL and other encryption technologies for real time stream encrypting and authentication such as Secure X sessions, Secure Telnet, Secure FTP and other software based RT encryption applications.
• System Administrator and TIGER team leader for all Whitehouse.Gov machines.
• Extensive experience with full life cycle development, requirements analysis, inter agency coordination, extended project planning and management as well as complete project implementation in highly visible and sensitive environments such as the White House.

• Designed, programmed, engineered and implemented AIX 3.2.5 and 4.1 Motif Network Management system.
• Built 100 MB/Sec CAT 5 network for Office of Management and Budget.
• Trained to trouble shoot, wire, and setup heterogeneous network containing Ethernet CAT 3 all the way to 100MB/s CAT 5 twisted pair, ATM, and FDDI networks.
• Managed BOOTP server, and DHCP server for 1500 machine network.
• Developed Automatic, paging and notification system for heterogeneous Netware (IPX/SPX), and TCP/IP device failures, server errors and failures, and other network problems.
• Developed, implemented and administered NetView 6000 machine to manage entire network at the White House. Wrote applications and GUIs to interact with Netview 6000, Optivity and Cisco Works.

1995 - July 1997
Founding Member

• Develop policy on Network and Computer Security, oversee the local CERT which reports to the Security Review Panel
• SRP Reports Directly to the Provost.
• Oversee the GMU Responsible Use of Computing (RUC) Policy.
• Resolve complaints about misuse of GMU computing resources, attempted break-ins, and other security issues.
• Serve as a buffer between GMU students, faculty and staff and various campus authorities, and by working for the security and integrity of the campus networks.
• Authored common sense computer and network security publication for use by campus community.

US Army / Virginia Army National Guard

Held the following positions:

• Acting Company Commander, A Co. 1/170th Infantry - October 1994
• Executive Officer, A Co. 1/170th Infantry - Annual Training 1995
• Platoon Leader, 2nd Platoon, A Co. 1/170th Infantry - September 1994-July 1995

Squad Leader, 2nd Platoon A Co. 1/170th Infantry
Sergeant

• Leader of an Infantry Rifle Squad of nine men.

Team Leader, 3rd Platoon A Co. 1/170th Infantry
Sergeant

• Honor Graduate Primary Leadership Development Course, US Army Non-Commissioned Officer Academy
• Leader of a four man Infantry Rifle Team.
• Virginia Army National Guard Soldier of the Year 1993.
• First Army Soldier of the Year 1993.
• Minuteman of the Year 1993.
• 1st Brigade Soldier of the Year for 1993.
• Light Fighter of the Year 1992.

Infantryman
 
 

Programming Languages

• C - 7 Years
• C++ -  6 Years
• PERL - 5 Years
• Python - 2 Years
• Tcl/TK - 3 Years
• Expect - 2 Years
• Java - 5+ Years (Since Java came out)
• UNIX Shell Programming - 10 Years

Operating Systems

• 10 Years of expert experience with UNIX variants, to include AT&T UNIX (Sys V), AIX, BSD (all variants), OSF/1-Digital UNIX, HP/UX, IRIX, Linux, Trusted Solaris, Solaris 2.x-7, SunOS and XENIX as a system adminsitrator, developer and network/systems security expert.
• 3 years experience administering and building Netware 3.x, 4.x, UNIXWare networks.
• 3 years experience developing OS/2 2.x-4.0 WARP, WARP Connect applications.
• 2 years running VMS systems.
• 6 years total experience with - Windows NT 3.5, 3.51, 4.0 and Windows 2000.

Hobbies

Cryptography

Building Information Security Tools and finding bugs in operating systems.

Competive Pistol and High Power Rifle Shooting.

Harley Motorcycles (I own two)

Professional Affiliations and Memberships

        Xiph.org Foundation - Board Director

        ICANN (The Internet Corporation for Assigned Names and Numbers) - Member At Large

        The Association for Computing Machinery

        The Internet Society

        USENIX

        SAGE

        Association of the United States Army

        Reserve Officers Association

        CSICOP

        National Capital Area Skeptics

Awards received

        UTA GEM Award

        US Army Excellence in Competition Award with Service Rifle

        US Army Excellence in Competition Award with Service Pistol

        1993   First Army Soldier of the Year

        1993   Virginia Army National Guard Soldier of the Year

        1993   Minuteman of the Year

        1993   1st Brigade, 29th Infantry Division Soldier of the Year

        1993   1/170th Infantry Battalion Soldier of the Year

        Honor Graduate Primary Leadership Development Course NCO Academy

        1992   1/170th Infantry Light Fighter of the Year

        Virginia State Bronze Star

Security clearance