Download Microsoft Word version

205 Yoakum Parkway, Suite 204
Alexandria, VA  22304
*     +1.703.370.2771 main
+ cell


Twenty years' tenure as chief scientist, principal architect, and director of software engineering, focusing on in-depth systems programming in UNIX/C/C++, Perl, and Java environments

Nationally renowned expert in multi-level secure (MLS) O/S, network, and DBMs technologies and federal standards conformance evaluation; chief architect of first UNIX-based MLS RDBMS, Trusted RUBIX B2; chaired two National Security Agency working groups (Trusted UNIX Working Group, Labeling Working Group) at age 23; senior referee for IEEE Computer journal

Experience of virtually unmatched breadth and depth in internals of: UNIX/Linux kernel; O/S and network security platforms and tools; Internet e-ppliances, firewalls, IDS/IPS; TCP/IP protocol stacks; RDBMS engines and tools; compilers/parsers/interpreters/translators


Principal Scientist, Global InfoTEK, Inc., Reston, VA '04—'06

Principal investigator for classified DARPA worm suppression technology testbed. Developed toolkit to generate self-propagating attack code from arbitrary payloads. In support of DARPA "intrusion-tolerant software" initiative, wrote "LISP macros" toolkit to detect and quarantine vulnerable patterns occurrent in polymorphic binary code developed at MIT Lincoln Laboratories, MA.

Consultant and Principal, Network Security Laboratories Inc., Bethesda, MD '99—'04

For The Windermere Group, Annapolis, MD, and DigiGAN, Stamford, CT

Principal architect of SCI guard atop multi-level secure SE Linux. Rewrote SE Linux internals to provide configurable policy atop type enforcement architecture (TEA). Chief architect of (B1)-secure Web server/gateway product suite. Directed formal evaluation against Common Criteria Level EAL4.

For CatchFIRE Systems, Reston, VA

Chief architect and sole developer of FIRENode e-ppliance adding quality of service (QoS) and traffic shaping to complex Web server farms. Wrote 20K LOC of NetBSD and Linux kernel code, including TCP/IP internals, pseudo-device driver, and SNMP.

For Lumeta Corp. (Lucent Technologies New Ventures), Murray Hill, NJ

Principal developer of yacc-based FIRMATO firewall management toolkit, supporting graphical manipulation of multi-firewall security policies. Reverse-engineered undocumented internals of CheckPoint FireWall-1 fw compiler; wrote code generator for non-procedural target language.

For Andes Networks, Mountain View, CA

Directed formal cryptographic evaluation of startup firm's SSL accelerator e-ppliance. Built first complete finite state machine (FSM) characterization and formal security model of the SSL handshake.

Shorter-term and part-time development projects included:

Customized Gauntlet firewall and WebShield e-ppliance (to support malicious code filtering, URL blacklisting, and programmable, content-based URL redirection), integrated CVP-based virus scanning tools, and directed port of 300K+ LOC to Nokia platform for Network Associates, Rockville, MD.

Effected "emergency security repairs" to worldwide NMS accounting system (integrating Visual BASIC, ORACLE SQL*Net, and V-ONE SmartGate VPN) for U.S. Agency for International Development, Washington, DC, delivering system 18 months early at $500M cost savings.

Developed secure, real-time kernel for symmetric multiprocessor platform for VAST Corp., McLean, VA, and Groupe Bull, Grenoble, France.

Developed internals of new OSF/Motif widget classes-including functionality that the hardware vendor (NCR) had deemed impossible-to bring MFC-style controls to standard UIM/X-based application development environment for Internal Revenue Service, Fairfax, VA.

Developed real-time software tools to correlate Dragon IDS event logs with signature database and NESSUS vulnerability scanner reports for Enterasys Dragon, Columbia, MD.

Extended CAT II project management toolkit, including hierarchical DBMS storage manager, yacc-based ESQL/C compiler, and Xt/Xlib presentation graphics, for Robbins-Gioia, Alexandria, VA.

Wrote Model 204 User Language compiler and variety of instrumentation tools, interfacing to novel X11-based "software battlemap" environment, for McCabe and Associates, Columbia, MD.

Developed internals of Linux-based network-attached storage (NAS) platform, supporting both UNIX and Microsoft Windows clients and adding POSIX-conformant discretionary access control mechanisms (i.e., access control lists) for Procom Technology, Irvine, CA.

Design and conformance verification projects included:

Designed firewall solutions and conducted federal conformance testing, vulnerability analysis, and penetration testing for Secretary of Transportation; Director, Nuclear Regulatory Commission; Director, Federal Energy Regulatory Commission; Commissioner, U.S. Forest Service; Director, Bureau of the Census; Diector, Department of Defense Health Affairs (TIMPO); U.S. Judicial Conference.

Director of Software Development, Corbett Technologies, Alexandria, VA '96—'00

Supervised spate of development activities for Drug Enforcement Administration and HQ, U.S. Marshals. Wrote Java software for DISA to automate preparation of DITSCAP system security authorization agreements (SSAA), generating indexed Microsoft Word documents. For Defense Modeling and Simulation Office, Modeled complete security semantics of DoD High-Level Architecture (HLA) for distributed object-oriented simulations: results of study motivated Chief Scientist of DoD to commit additional $45M worth of funding to HLA initiative.


Chief Scientist, Infosystems Technology (ITI), Greenbelt, MD (1987—1991)

Principal architect of (B2)-secure TRUSTED RUBIX B2 RDBMS atop AT&T UNIX 4.2ES. Wrote 100K+ lines of DBMS engine code, including storage manager, security, referential integrity, concurrency, report writer, and yacc-based SQL-II interpreter and ESQL/C compiler. Wrote technical evaluation evidence to support NSA (B2) rating. Wrote proposal that funded entire $1.4M R&D effort.

Sr. Associate Programmer, IBM Thomas J. Watson Research Center, Yorktown Heights, NY (1982)

Built UNIX system API emulation library in REX (now REXX) atop VM/SP/CMS.


M.E.E. (1983), B.E.E. (1982), The Cooper Union for the Advancement of Science and Art, New York, NY. Awarded master's degree at age 19 (thesis published by invitation in Proc. IEEE XVI Power Modulator Symposium) under five-year, full-tuition Cooper Union Foundation Scholarship and four-year New York State Regents Scholarship; Dean's List.

Co-developed UNIX VII kernel and utilities with Bell Laboratories research staff, earning First Prize, 1980 IEEE Student Paper Contest (Northeastern U.S.).

Research UNIX system administrator (1979-1981), Cooper Union Computer Center. Managed DEC PDP-11/45, LSI-11, and VAX-11/780 supporting 400+ users.

Graduated (1978) from Stuyvesant High School, NYC; National Honor Society (Arista).


Fluent technical Spanish; passable French, German, Dutch, and Turkish; decent reading Japanese.


TS/SSBI/, (S, Nov. '02, Federal Aviation Administration; TS, Jul. '03, Missile Defense Agency).