- CISSP Certification - Passed the CISSP exam in mid-October 2012. Formal certification pending.
- Independent Application Security - To test skill and develop reportable experience, performed an independent code review of an open source application. Quickly discovered a flaw in their file type checking which when combined with their default OpenID policy, resulted in arbitrary code execution on any installation of the software. Published CVE-2012-2670 after the project released a new version correcting the issues.
- Capture the Flag Competitions - Competed independently in the Stripe CTF Challenge, and with the Robot Mafia team in the DefCon 20 CTF Finals as well as CSAW 2012 and Hack.lu 2012. For DefCon, I was Invited to join the team after qualifications, but became the network analysis lead after writing a tool to import pcap files into an SQL database for statistical identification of malicious packets. Also contributed to binary analysis and patching (IDA).
- Reverse Engineered the Rio MP3 Player Custom File System - In order to utilize an early generation MP3 player with Linux, I analyzed the raw file system used, identified the deliberately non-confirming data structures, and wrote a utility to allow interaction with SD cards formatted using that file system.
Employed by IBM since 1999 with various titles but in consistent roles.
Project Management / Application Design 1999-2001, 2004-Present
Managed the design, development, global deployment, and steady state operations of multiple web based corporate applications. When acting as direct project manager, delivered the product well under the 500k annual budgets. Development staff varied 2 to 15 people, frequently involving international resources. The development was managed using Agile methodologies. Was frequently heavily involved not only in the requirements gathering process but also in the detailed application and database design and as occasion required, direct development as well. The applications were:
- Global Data Warehouse and Business Intelligence Application - A global ITIL aligned repository for incident and change record information. Also included a user-configurable metric calculation engine and standardized reporting. Enabled market differentiating visibility to customers and unprecedented process improvement capabilities.
- Major Incident Management Process Automation Tool - Organized the steps performed during the recovery of a major incident and automated notification to stakeholders. Mean recovery time across multiple platforms was reduced from 120 to 70 minutes following deployment.
- Web Site Monitoring Utility - A self initiated project with no budget which grew to become a core web hosting tool still in use 10 years after initial implementation. Capable of exercising numerous site components from both a protocol and end-to-end perspective.
- On-call Scheduling and Automated Callout Utility - Enabled self-configuration of call-out schedules for hundreds of teams with multiple devices per individuals.
Major Incident Management 2003-2005
Functioned as the central coordination point for troubleshooting failures in enterprise web hosting and other production environments for Fortune 50 down to medium sized clients. Actively directed the activities of experts in various technologies to minimize down-time. Provided hourly situation reports to IBM and client executive management.
Root Cause Analysis Specialist 2001-2003
Part of a specialized team to review the highest profile service disruptions, interview participants, identify the root and contributing causes, then document improvement plans to mitigate future risk. A formal presentation was made to the IBM management team and a written report was prepared and delivered to client management. After six months was named team lead and performed quality assurance reviews of all reports before they were delivered.
Systems/Security Operations Specialist 2001-2003
Provided real-time monitoring and troubleshooting of enterprise web hosting environments including Windows and UNIX hosts. Also monitored Intrusion Detection Systems to distinguish malicious attacks from routine traffic.
Linux System Administration, Perl Application Devlopement 2002-2005
Acted as the primary Linux administrator for an international proxy service catering to overseas servicemen. Developed a customer management and billing application including authentication and credit card processing.
- PMI Certified Project Management Professional - Jan 2003 to Present
- B.S. in Computer Science from the University of Utah - May 1999
- National Merit Scholar
- Eagle Scout in the Boy Scouts of America
Have served as a Scoutmaster, Asst. Scoutmaster, and Webelos leader for more than 10 years
- Languages\Frameworks: C++, Java, Qt, SQL, Perl, PHP, Ruby
- Operating Systems: Linux/UNIX (Fedora/RHEL, Ubuntu, BSD), Windows (XP, 7)
- Russian - Fluent
- German - Basic