AREAS OF EXPERTISE
- Internet firewalls,
advanced authentication, encryption, VPN, smart cards
- Commercial software
product internals development
- Federal certification, accreditation, and
executive due care standards (DITSCAP, NIACAP, HIPAA, FIPS PUBs)
- UNIX kernel, TCP/IP,
and DBMS internals
- O/S, network, and DBMS
security (Orange Book, Rainbow Books, CMW)
- Formal modeling of
secure systems and cryptographic protocols
- International standards (Common Criteria,
BS7799)
- E-commerce infrastructure, both B2B and B2C
- Public key cryptography (PKC, PKI, X.509)
- Intrusion detection systems, including neural
network based implementations
TYPICAL
PROJECTS
- Development of firewall, e-ppliance,
and intrusion detection system (IDS) internals
- Integration of security products
(firewalls, single sign-on, anti-virus, smart cards,
Kerberos)
- UNIX-based security product
internals engineering
- Design of secure
systems, Web sites, and intranets
- Competitive market analysis of
security products, tools, and enabling
technologies
- Certification and accreditation of networks
and Web sites
- Risk analysis, security plans,
vulnerability studies, penetration testing
- Custom software development (C/C++, Java,
Perl, X/Motif, Tcl/Tk, Qt, CGI)
- Parser, compiler, and
interpreter development (yacc, lex)
- Evaluation support, formal
models, and FSM (Common Criteria, Orange Book)
- "Expert
witness" litigation support
|