- Over a decade's experience with many facets of theoretical and practical computer science, with a focus on information and network security, data analysis, and event correlation.
- Awarded Innovator of the Year by 3Com for security work.
- Designed products that won SC Magazine's Data Extrusion Product of the Year for 2010.
- Principal author of the innovative Giles production rule compiler.
- Invited to speak on a variety of topics by such organizations as the United States Department of Defense, the IEEE, and USENIX, as well as information security conferences such as Black Hat and ShmooCon. Invited to provide quotes and analysis to industry and mainstream publications on information security topics.
- Extensive experience with all areas of network theory and usage, including traffic analysis at all layers.
- Extensive experience developing traffic identification signatures in a variety of languages.
- Taught courses at a variety of industry conferences on protocol, vulnerability, and attack analysis.
- Extensive experience in a variety of pattern matching systems, including deep knowledge of regular expressions and complex event correlation algorithms.
- Extensive experience with many Unix, Unix-like, and Linux-based operating systems.
- Performed in-depth research on numerous topics as a principal researcher for one of the most respected labs in the information security industry.
- Wrote tens of thousands of lines of code for numerous open source and in-house projects.
- Discovered numerous privately- and publicly-disclosed security vulnerabilities in a variety of applications.
- Acted as co-editor and contributor to one of the largest security industry newsletters, read by over 250,000 subscribers weekly.
Senior Engineer (Aug 2011 - Present)
- Worked as an engineer on a variety of high-profile projects.
- Wrote thousands of lines of code on a variety of projects for deployment in high-security environments.
- Created the Giles production system compiler.
Infrastructure and Security Architect (Nov 2010 - Aug 2011)
- Acted as a technical lead in a fast-moving and dynamic startup environment.
as a principal architect in designing and implementing a highly secure
and high-performance network facilitating large volumes of financial
transactions between arbitrary endpoints, including both merchants and
information security expertise for various industry requirements,
including PCI compliance, security best practices, code audits, and
hardening of critical infrastructure.
- Wrote thousands of lines of code for secure payments processing, in both client and server environments.
DVLabs Architect (May 2009 - Nov 2010)
DVLabs Principal Researcher (Mar 2006 - May 2009)
DVLabs Security Researcher (Feb 2005 - Mar 2006)
- Acted as technical and research lead for the research team, providing guidance and expertise across the organization.
- As Architect, participated in the TippingPoint Core Architecture Team, which was responsible for the current and future core design of the TippingPoint Intrusion Prevention System and other systems.
- Responsible for the formalization of the syntax and semantics of the signature language, and was responsible for the DVLabs portion of all future architectural requirements and directions. This included both high- and low-level architecture-wide design decisions.
- Won the 3Com Innovator of the Year award for creating and heading the Custom Filter and WebApp DV groups.
- Performed research into all aspects of modern information security, including static and live code analysis, vulnerability assessment, attack evasion and detection, real-time traffic analysis, and historical vulnerabilities.
- Performed extensive in-depth analysis of a variety of open and closed protocols and developed thousands of application and protocol identification signatures.
- Performed research into numerous aspects of theoretical and practical computer science, including programming language and compiler design and implementation, encoding, encryption, and operating system theory and implementation.
- Designed, wrote, and maintained the toolchain for creating and managing TippingPoint signature packages. This included a complete optimizing compiler and real-time, collaborative, web-based integrated development environment.
- Created numerous ad-hoc tools for a variety of purposes.
- Discovered several vulnerabilities in a variety of applications.
Senior Network and Security Engineer (Apr 2002 - Feb 2005)
- Helped design, build, maintain, and secure one of the largest retail-supporting networks in the United States. The network was, at the time, one of the largest IP/VPN deployments in the world.
- Helped develop information security and monitoring requirements, and implement the necessary systems.
- Wrote thousands of lines of code to implement network monitoring and management.
- Extensive experience with a large variety of network technologies and systems, including various Cisco routers, switches, and other devices.
- Earned a CCNP certification and took and passed the CCIE written exam.
Senior Security Engineer (Apr 2001 - Apr 2002)
InterTransact, Munsbach, Grand Duchy of Luxembourg
- Helped build, maintain, and secure a network facilitating bank-to-bank transactions across the European Union.
- Provided security consulting and auditing to numerous clients, including the European Investment Bank, the long-term lending institution of the European Union.
- Helped develop and extensively document processes and procedures to comply with European banking regulations.
- Wrote large amounts of custom software in a variety of languages to facilitate business in a fast-paced startup environment.
Security Engineer (Jan 2000 - Apr 2001)
- Acted as a member of the security response team, responding worldwide to security incidents and situations, including post-incident analysis and response.
- Helped audit and maintain network and information security for various Exodus clients, including American Airlines, Ford, GE, and GM.
- Provided security auditing and consulting services to Exodus clients and managed security service support.
- Wrote large amounts of ad hoc software for various business purposes.
Technical Lead and Chief Engineer (May 1998 - Jan 2000)
PERnet Telecommunications, Nederland, TX, USA
- Acted as the primary engineer and technical administrator of the largest (at the time) Internet service provided in southeast Texas.
- Wrote thousands of lines of code to support network operations, including custom FreeBSD kernel components and an entire database-backed multi-domain SMTP, POP, and IMAP mail server and webmail client.
- Was involved in all levels of network design and implementation from the RBOC to the customer premises to core router deployment to Unix administration to security audits, design, and implementation.
TALKS, APPEARANCES, AND PUBLICATIONS
Note that this list is not exhaustive; certain appearances cannot be discussed publicly due to their nature and location or by the request of the hosting party.
Crack Me If You Can
(Team Presentation by KoreLogic)
Presented as a contest to help explore the latest in large-scale password cracking techniques.
Building a Better Mousetrap: Effective Techniques in Intrusion Prevention
(Joint Presentation with Rohit Dhamankar)
effective techniques in the development of signatures for streaming
analysis of network traffic, as well as common attack and
detection-avoidance techniques. Presented as both a talk and a multi-day
- Black Hat USA 2011, Las Vegas, NV, USA, Jul 30 2011
- Black Hat USA 2010, Las Vegas, NV, USA, Jul 31 2010
- SANS Network Security 2009, San Diego, CA, USA, Sep 18 2010
- Black Hat USA 2009, Las Vegas, NV, USA, Jul 25 2009
- Black Hat USA 2008, Las Vegas, NV, USA, Aug 1 2008
Introduces and described the Pixaxe Declarative Web Framework ("Pixaxe"), which combines a complete implementation of a Parsing Expression Grammar (PEG) compiler generator with a declarative and functional query language inside a web browser to facilitate in-browser templating and domain specific languages. The PEG compiler generator was implemented in 100% pure ECMAScript.
Static Analysis of Regular Expressions for Encoding
Discusses the challenges of analyzing information encoded using a position-dependent block encoding scheme in a streaming context using regular expressions. Provides an algorithm for the analysis and transformation of a regular expression to match encoded input as well as a formal analysis of the algorithm's performance and a practical implementation in Erlang.
- Erlang Factory, San Francisco, CA, USA, Mar 25 2010
- IEEE Joint Communications and SIgnal Processing, Austin, TX, USA, Feb 18 2010
- United States Department of Defense (other agencies attending), The Pentagon, Arlington, VA, USA, Jan 28 2009
Encrypted Protocol Identification via Statistical Analysis
(Joint Presentation with Rohit Dhamankar)
Presents several statistical methods, including training techniques and machine learning methods, for analyzing encrypted traffic and determining its likely protocol. Practical applications include data extrusion prevention and policy enforcement. Theoretical topics touched upon include multidimensional training sets and rapid distance finding (Euclidean and Mahalanobis), and large training set management.
@RISK: The Consensus Security Alert
One of the most popular newsletters in the security industry, with over 250,000 weekly readers. Acted as contributor and co-editor from 2005 to 2009.
A special report produced by the SANS Institute every year, detailing the major security vulnerabilities and trends for the past year. Acted as contributor and co-editor from 2005 to 2009.
SELECTED PUBLIC ADVISORIES
- CVE-2011-0234 Multi-Platform WebKit Memory Corruption Vulnerability
- CVE-2009-1717 Apple Terminal xterm Resize Escape Sequence Memory Corruption Vulnerability
- CVE-2009-0950 Apple iTunes Multiple Protocol Handler Buffer Overflow Vulnerabilities
SELECTED OPEN SOURCE SOFTWARE
- GILES A compiler that turns relational databases into standalone production rule systems.
- An updated version of the venerable sam text editor.
- PIXAXE A declarative, in-browser web application framework.
- JENNER An in-browser, inline templating system for XHTML.
- ESEL A multi-plaform declarative query language for JSON datasets.
- KOUPREY A complete Parsing Expression Grammar parser generator for ECMAScript.
- DPGC A fully ANSI C99-compliant tri-color incremental garbage collection library for explicitly managed objects.
- KL-EL An easily embeddable, strongly-typed expression language and library.
Excellent references available upon request.