My background includes 35 years programming, 26 years professional computing, 23 years GNU/Linux administration, and 15 years in both information security and enterprise data center operations. I author free/open source software and contribute to larger, collaborative projects such as OpenStack and Debian. I enjoy writing technical articles, presenting to students/enthusiasts and participating in a variety of computing, security and mathematic communities.
(August, 2012 to present)
I'm helping support continuous integration systems and infrastructure for the OpenStack developer community as a core member of the Infrastructure Team, assisting with security vulnerability management for the OpenStack project as a member of the Vulnerability Management Team, and co-chairing the Security Track for the semi-annual OpenStack Summit. My position was initially funded by HPCloud, but later moved to direct employment with the OpenStack Foundation in April of 2013.
Security Engineering at a Managed Hosting Service Provider
(March, 2002 to August, 2012)
In a Security Lead capacity, I oversaw computer, network and physical security matters for a leading ISP, colocation and managed hosting group in Boston, MA and RTP/Charlotte, NC. Most initiatives were solved using commodity hardware, open source software and common programming or scripting languages for flexibility and cost-benefit. I additionally performed forensic analysis for customers, provided oversight for Abuse Desk activities, and acted as a liaison to security auditors and law enforcement. I wrote and maintained the Security Manual and security policies and procedures, providing guidance to the Executive Management Team on industry best practices for both Internet and enterprise information security. I assisted the Sales Team as a subject matter expert on security topics for prospective clients and existing customers.
While focusing on information security, I also provided expertise as a senior Linux/Unix administrator--maintaining infrastructure servers, overseeing patch management and mentoring junior administrators. In this capacity I designed a managed operating system service offering and consulted with customers on systems administration best practices. I architected advanced systems to meet service-provider-oriented business needs which were not well addressed by existing industry software solutions, most of which continued to serve their intended purposes in a stable and scalable manner for as much as a decade.
Following an acquisition and reorganization, I was reassigned into a Network Security Engineer role. I provided research and guidance to the Network Team on network security and cryptography technologies (firewalls, virtual private networks, intrusion detection systems, attack mitigation solutions, packet and protocol analysis). I also ran or participated in design and implementation of a variety of major business initiatives, developing new products and service offerings, putting together proof-of-concept demonstrations, writing extensive operational documentation and automating many otherwise burdensome tasks. I designed, installed and configured many of the largest customer networks including non-security-oriented network devices such as routers, managed switches and load balancers. I participated in design and maintenance of the core routing and switching infrastructure, on-call duties and troubleshooting advanced problems for larger customers.
Finally, I joined the Technology and Architecture division in a research and development role. I worked with Product Marketing, Sales and Operations to design, test, deploy and document new products and services. I also spent months simultaneously standing in for the vacated Network Architect position, consulting with other divisions and vendors/partners on core networking design, product selection and timelines. I was instrumental in bringing their "Cloud" (infrastructure as a service) and "Disaster Recovery" (remote array and host-based replication) product offerings to market.
Information and Network Security at a Start-Up Company
(May, 2000 to January, 2002)
I designed, implemented and maintained computer, network and physical security solutions using commodity hardware and open source software for hundreds of distributed GNU/Linux and OpenBSD servers, protecting terabytes of sensitive Web browsing data collected continuously from around the globe. I performed penetration tests and site security audits, dealt with forensic analysis of post-incident, quarantined systems and coordinated voluntary third party privacy and security audits.
Systems Administration at a Non-Profit Organization
(October, 1997 to May, 2000)
I designed and implemented network and systems infrastructure for a 5 site, 15 server, 300 user WAN including Windows NT and SCO UNIX servers, seven different PBX systems, point-to-point and frame relay T1s, various IP routers, Ethernet hubs/switches and serial hardware, network mapping and monitoring software, network security auditing, router ACLs and packet filters, scripted automation of common administrative tasks, and drafted acceptable use policies and budgetary technology plans.
(Information on systems administration and software development jobs prior to 1997 available upon request.)