Systems and Security Architect
I am a self-starting, project-oriented individual with over 27 years of experience in computing systems architecture, engineering, and management. I have a broad range of skills and depth in most areas of system architecture, operating systems, security, general site administration, management and development in highly available production environments which I have used to develop, support and guide Information Systems departments for diverse applications including highly secure global communications systems, NASA shuttle projects; TSA security systems; and production services for over 10000 strong associate base. I have held a Secret Clearance, a Civilian NACL and have previously held a Top Secret-SBI Clearance.
Designed, Engineered and Implemented several high-availability systems including support services for mobile security products; complete infrastructures for several companies; a real-time search application for books and other products; a data- aggregation and monitoring system for TSA scanning equipment; and network scanning and monitoring system for a 10000+ node network. I have designed and written several large scale web-based programs in Python, Perl and Ruby.
Managed as many as 15 associates in a highly available production environments. Responsibilities included a 6+ million dollar budget, associate evaluations, leadership training and project management. Supervised areas included Network Support, Unix Administration, Windows Administration, Helpdesk Support, Database Administration, Internet Services Support, Software Development,Integration and IT Security Services.
I am a frequent speaker, instructor and staff for business, security and system administration conferences around the country including: keynote speaker at the Partners in Business conference for Utah State University, USENIX Annual Technical Conference, Large Installation System Administration Conference (LISA), LOPSA-East Conference, SANS, ShmooCon, CarolinaCon, SkyDogCon and NASA CyberSecurity conferences. Topics I have spoken and taught include: Blue Team/Red Team penetration testing, Hands on Security for System Admins, Social Engineering, Penetration Management, basic and advanced perl and Unix administration. I am honored to also be on the LISA 2014 Program Committee.
Can perform detailed network and policy audits; penetration testing and forensic analysis using current tools and processes. Have extensive experience with Nessus, NMAP, and most other OSS security tools. Performed extensive social engineering and physical penetration testing. Developed and instructed classes in IT Security, perl and Unix administration. Have presented and taught at many universities and conferences including Utah State, USENIX ATC and LISA conferences, SkydogCon, ShmooCon and CarolinaCon conferences.
Networking and Operating Systems
I can architect, setup and maintain complete raw and virtual environments using VMWare, ganeti with SAN or NAS. Expert administrative skills in most variants of UNIX including Linux, FreeBSD, MacOS X, HPUX, Solaris; and Windows 2003/2008/XP/Vista/ 7/2012Senior System management skills on various types of equipment including Cisco, Dell, HP, Sun, EMC, Apple and PC desktops, servers and virtual environments. I can develop and maintain configuration in CMS using Puppet, Ansible and cfengine.. Senior programming skills in web based applications using python/ruby/perl and MySQL. Can configure and maintain various network services including: ActiveDirectory, Exchange, two-factor, LDAP, SMTP, CIFS, NFS, Nagios, Zenoss and SNMP. Familiar with various databases including Oracle, Postgres, “nosql” and MySQL. I have developed and instructed classes on Unix System Administration, Computer Security, Perl programming and system architecture management.
- NASA Certified Security Manager, Certified System Administrator
- CompTIA Security+
- SANS GSEC Silver Certified.
- SANS Security Instructor
- Six Sigma Green Belt
- BSD Certified System Administrator
Silent Circle/Blackphone – Geneva, Switzerland 05/2014-08/2016
Silent Circle – Chief Information Officer
Responsible for all facets of Information Technology for a 200 person company spread between 11 offices and data-centers worldwide. Combined two companies into a merged operation supporting both production and distributed infrastructure. Managed 15 people in three teams comprised of systems and network engineers maintaining all production, networking and infrastructure systems, as well as internal support for all services for Blackphone and Silent Circle communications systems. Responsible for 3M budget and all purchasing, employee and management issues. Primary architect for infrastructure, system development and planned growth.
Blackphone – Director Information Systems
As the business grew, I hired and managed 3 employees to further develop the production and business infrastructure environments. Responsible for a 1.2M operating budget. This included deployment of Active Directory, Exchange, centralized PBX and Jabber services, production VPN and business documentation services and issue tracking and systems documentation. Performed salary and performance reviews and presentations to customers and investors.
Blackphone – Systems Architect
Architected, designed, developed and implemented highly available, zero-downtime, production systems from the ground up for privacy and security services related to the mobile device management on a private cloud infrastructure. The design included VMWare, SAN, redundant networking, power systems and out-of-band administration; and supported over 60k devices and 50k subscribers. All systems were centrally managed and monitored using open source Configuration Management and monitoring tools.
Raytheon/Stinger Gaffarian Technologies – NASA Langley 04/2010 – 05/2014
Systems Architect and Experiment Specialist
Responsible for the redesign, architecture and administration of an ~700 node lab supporting production synchronous and asynchronous airspace simulations using batch, low, medium and high fidelity stations with ATC controllers and pilots. Integrated the separate experiment clusters into a single, secure, high-performance and highly available network with full infrastructure (DHCP,DNS,NTP,SMTP,Monitoring) including security controls and monitoring. Lead the initial design and supporting the construction of the new ATOL facility including: layout, power, cooling and lighting systems, compute resources and networking configuration. Wrote software and operated experiments processing 500,000+ scenarios on 64 hosts in ~18 hours and developing 4.5Tbytes of data.
sandSecurity, LLC 02/06 – Current
Senior System and Security Architect , CEO
As technical lead, perform contract related services to a number of financial and medical institutions for security audits, penetration testing, remediation, system administration and large installation integration. Also perform system and network support services as well as web application and middle-ware development for high-traffic sites. Supported clients include Transportation Security Administration (TSA), Welligent, Bluewater, AT Corp, Raytheon, Crystal Solutions and many financial institutions. Designed, built and implemented our on-site Co-Hosting facility and Enterprise Resource Planning system to better serve customers.
Raytheon: 02/06 – 03/09 (PT)
STIP Contract to Transportation Security Administration
System Architect and Implementation Manager
Developed and implemented a network monitoring, data-collection and authentication system for a TSA pilot program supporting security bag scanning machines (Smiths and Rapidscan). This involved integrating and extending a third party commercial monitoring system with existing and developing infrastructure within TSA’s production network. Developed the technical and work management components of the proposal and worked closely with the Project Manager to ensure the project moved forward to successful completion. Managed associates on-site and was the main technical liaison to TSA and their support contractors.
10/03 – 03/09 CoNITS Contract to NASA Langley
As a contractor, I was primarily responsible for Incident Management at the NASA Langley Research Center performing interdiction, forensics and remediation on compromised hosts and systems. Also supported Linux, Solaris, FreeBSD, and Windows hosts providing security services. Performed extensive development with Perl+MySQL for managing security related data using web-clients. Responsible for outreach as well as supporting the Unix System Administrators on base through various projects such as documentation, project management and security profiling of hosts and systems.
Northrop Grumman Information Technology 03/03 – 10/03
Responsible for integration of various Solaris and Windows NT systems into a cohesive unit in the Army Amphibious Assault Vehicle performing security audits of systems and networks. Developed a unique installation solution, which used FreeBSD to install Solaris over the network. Developed and instituted basic system administration services including network routing, firewall management and backups for the development and test networks in support of the project.
Windborne Productions 06/01 – 06/08
Senior Systems and Security Engineer
Responsible for all system administration for a small Internet Services Provider and their clients. Duties included performing security audits for banks, hospitals, and other businesses, VPN support for clients all over the country and general system spport.. Developed various marketed solutions including a single server for managing single sign-on, web, E-mail, VPN and firewall capabilities for a customer. Also designed and implemented a failover configuration for firewalls, BGP multi-pathing for routers and web clusters for load balancing and redundancy. Designed and implemented a computing facility including all aspects of power, environment and cabling.
Ferguson Enterprises 02/94 – 06/01
Manager, Risk and Information Security
Responsible for security of all IT systems including physical security of computing facilities, tape storage and remote sites, remote access, internet access, internal software security and policies, risk management dealing with all IT functions including change management, disaster recovery planning and testing, disaster site design and implementation and new computing facilities design and implementation. Also designed and implemented system application software including a common home-directory structure for Unix and Windows, a single authentication structure using LDAP and a remote access system using VPN and remote dial-up using ACL protections.
Manager, Systems Group
Responsible for 15 associates in various IT related functions including Peoplesoft, Unix, Oracle, Informix and MySQL administration with a budget in excess of 3.4 million.
Manager, Unix Systems Administration
Responsible for 5 associates administrating HP, Solaris and TOPIX servers in a production environment with over 6000 active users and a budget of 1.4 million.
Senior Unix Systems Administrator
Starting as the sole Unix System Administrator for a 4000 strong install base I brought TCP/IP, Internet connectivity and most all the base networking and systems infrastructure to the company. Began with four Sequoias and was a catalyst to moving the company to 40+ HPUX and FreeBSD servers supporting 9000 associates.
Computer Sciences Corporation 06/92 – 02/94
Senior Unix System Administrator
Working as a contractor at NASA Langley Research Center I directly administered a cluster of 28 Sun systems for scientists and engineers. I also worked as part of a team to administer over 200 diverse systems from IBM to SGI. As a part of this team I implemented a site wide backup plan and problem tracking software.
United States Navy 06/86 – 06/94
Cryptologic Technician Petty Officer
Responsible for various communications equipment and services on active duty (2+ years) and reserves for the rest of the duration while assigned to the Naval Security Group Detachment CINCLANTFLT during active duty and the Naval Security Group Northwest for reserve duty.
- Principal Architect and implementer of a new 10000 sq/ft lab with complete audio, video, networking and power systems, expected online May 2014.
- Designed, developed and lead a team to create a central information sharing site for NASA system administrators.
- Designed, developed and implemented an Enterprise Resource Management program for sandSecurity.
- Designed and implemented a highly-available web cluster for a large book-search website. I developed and implemented the back-end search engine for the service.
- Designed and implemented two independent computer-hosting facilities including power, environment and network systems.
- Developed a puppet and cfengine ‘bootstrap’ systems for bringing Windows, RedHat, Solaris and FreeBSD hosts up from a base install to current requirements.
- Developed and implemented several redundant FreeBSD web clusters with redundant firewalls providing IPSEC, DNS, DHCP and SSH services; printing service to manage 6000+ printers from a single centralized host; centralized user administration using LDAP, Radius, and YP; common home directory structure for 7000+ associates; low impact backup services for 3+TB of data using Amanda, Omniback, and Veritas; knowledge base, task management, and call tracking and processing systems; a mail routing system that allows for different types of data store and email clients and does active UCE and content filtering.
I have various interests from music to training and teaching inKarate to house construction. I have traveled around the world, enjoy having friends from all over and meeting new people.
- 3 Years College at Old Dominion University
- GSEC certification
- Security+ certification
- BSD Certification
- Many SANS courses ( GCIH, GCIA, GCUX )
- First Aid and CPR Certified
References available upon request.