159 Madison Ave. #2A
New York, NY 10016
|Education:||Carnegie Mellon University, 1997
B.S. in Human-Computer Interaction (Self-Defined)
Minor in Computer Science
|Programming Languages:||Expert (several years' experience, several large projects)
Experienced (about a year's experience, medium projects)
C, C#/ASP.NET, XML/SOAP, Java, Pascal, ASP/Visual Basic/VB Script, CSS, XML, HyperTalk, Perl
Working Knowledge (small projects)
C++, Microsoft T-SQL, sh, discrete electronics, PIC assembler, SM/NJ, COBOL
HTTP, Photoshop, Illustrator, Oracle, CVS, MS Access, After Effects, Premier
Apache, BURP Suite, Ethereal/Wireshark, MS Visual Studio, TCP/IP, Macromedia Director, MS Visual SourceSafe, ipchains, Word, Excel
DNS, MS SQL Server, SMTP, Ethernet, Lotus Notes, Cyrus
|Computer Security:||Web Application Penetration Testing (SQL/HTML/Script Injection, Request Forgery, Authentication Bypass, Session Hijacking, etc.), Architecture and System Design Review, Protocol Design and Analysis, Authentication System Design and Analysis, Code Reviews, Firewalls and Networks, Intrusion Detection and Forensics|
|UI Evaluation Skills:||User Testing, Heuristic Analysis, Interviews, Contextual Analysis, Surveys, GOMS|
Use since 1992 (Linux, Darwin, Solaris, HP/UX, AIX)
Administration since 1995 (Linux, darwin)
Use since 1986
Administration since 1991 (Versions 6.x - 10.4)
Use since 1993 (DOS, 3.1/3.1.1, 95/98, NT, 2000, XP)
Administration since 1996 (DOS, 3.1.1, NT, 2000)
|Work Experience:||September 2011 - Present – Matasano, NCC Group
Senior Consultant, Matasano New York Practice Manager
I am a security consultant for Matasano Security, a part of the NCC Group. In this role, I am responsible for supervising and mentoring consultants, managing customer relationships, overseeing several aspects of group integration, hiring, managing projects, performing security architecture reviews, and performing security assessments on a variety of applications.
|April 2007 - September 2011 – Foundstone
I was a security consultant for Foundstone Professional Services, a Division of McAfee (now a part of Intel). In this role, I was responsible for managing project engagements, teaching web security courses, and performing security assessments, primarily on web and thick-client applications and networks.
|December 2006 - April 2007 – Symantec
Principal Security Consultant
I was employed as a security consultant for the advisory services group of Symantec. In this role, I was responsible for discovering vulnerabilities in clients’ applications and networks, and advising in their remediation. I worked remotely and on client sites for a variety of large and small clients.
|January 2005 - December 2006 – Interpublic Group of Companies, Inc
Senior Programmer Analyst
The Interpublic Group of Companies is a collection of advertising agencies. I was a member of the 6-person team that developed and maintained Interpublic’s intranet and public web site. The intranet serves tens of thousands of Interpublic employees worldwide, and provides support for cross-agency information sharing and corporate initiatives and procedures.
|September 2003 - January 2005 – Community Connect, Inc
Tech Lead, Senior Developer
Community Connect (CCI) creates and maintains online communities for US ethnic audiences. These sites, Black Planet, Asian Avenue, and MiGente are some of the most popular internet destinations for ethnic communities. As Technology Lead for the diversity recruiting (DR) department, I designed the software architecture for DR projects, and ensured that the DR developers produce high-quality code. I also performed the duties of a senior developer, estimated development effort for DR projects, and interfaced with clients and third party partners. Additionally, I contributed to strategic company-wide development initiatives, and was repeatedly praised for my attention to business goals.
|January 2003 - September 2003 – Ilios Partners, LLC
Programmer / Analyst
Ilios specializes in extremely accurate stock surveillance. In order to compete effectively with their larger peers, they decided to move to a more full-featured IR package. Their product, IRNavigator, allows IR professionals to manage their shareholder relationships, view information on investors, and view the ownership information of their and other companies’ stock. I was the primary frontend developer for irNavigator.
|June 2002 - present – Freelance Work
|November 1997-July 2002 – MAYA Design Group
Interaction Designer/Systems Engineer
MAYA is a consulting firm that does both commercial product design and government-sponsored research. Notable projects included:
Wrote a database indexer
Under a DARPA contract, MAYA has been developing an object database that overcomes many of the problems traditionally associated with object databases. I architected and built an indexer for this database. The indexer allows fast lookups on fine-grained data structures, and features fast updating when the indexed data changes. I developed the indexer using Python on Linux and Solaris.
Office Security Expert
Designed and implemented authentication systems for web applications. Audited security measures in existing systems, and suggested fixes. Steered the development of DARPA-funded distributed information systems so that they could be made to function in a hostile environment. Upgraded company's network and host security measures.
Managed internal automation projects
Managed projects to move internal records online. Designed and built online applications for timesheets and labor forecasting. Lots of data modeling. Hired, trained, and managed an employee to do routine maintenance and implementation. Used a variety of tools and platforms, including Perl, Python, and VB on Linux, NT, and Solaris.
Led the award winning "Muybridge 360" project
Managed a high-pressure, short-deadline, resource-tight project to create a smashingly successful exhibit piece for a Pittsburgh film event. The installation consisted of a circular room surrounded by $20, Barbie-branded digital cameras. The device would photograph the participant, then produce a Matrix-style flipbook for them. The digital cameras were connected through custom-designed electronics to a Linux box (chosen for rapid development speed) for processing, then the images were sent to a Windows machine to be printed. I took the project from idea to on-site installation in one month. The project had architectural, electronics, software, and optics components, and loads of systems integration. In addition to managing and coordinating, I was responsible for most of the integration, designed the optics system, broke though show-stopping barriers in the electronics design, worked on the software, and generally filled in any gaps. This project involved the use of VB, Python, and electronics, among others. MAYA's web page about the project is available at: http://www.maya.com/web/what/clients/what_client_filmmakers_360.mtml
Other responsibilities included:
1997 – Carnegie Mellon University Department of Design
Maintained hardware and software for 50 Macintoshes and 5 Windows NT machines. Installed LAN for 20 machine design studio.
1995-1997 – Carnegie Mellon University Institute for Complex Engineered Systems
Designed and implemented wearable computing system with a team of designers and software engineers.
|Honors etc:||US Patent 6907300: User interface for fire detection system
Muybridge 360 – ID Magazine Annual Design Review 2002 Bronze Medal
Certified in Axent/Symantec NetProwler
Africa Stik – 1996 Interval Research Corp. "Most Appropriate Use of Technology"
Efficacy of a Predictive Display, Steering Device, and Vehicle Body Representation in the Operation of a Lunar Vehicle – CHI '96