http://www.atomicorp.comBuilding on the power of OSSEC, the world’s leading open source intrusion detection system, Atomicorp offers automated and adaptive workload protection for the cloud, the datacenter, or for hybrid environments.

Multi-million dollar services and products company with Federal and Commercial customers.Selected Projects and Customers:Nuclear Regulatory Commission (NRC)Co-Authored RG 5.71 "Cyber Security Programs for Nuclear Facilities"Co-Authored RG 5.83, "Cyber Security Event Notifications"Worked on behalf of NRC with industry to seek alignment on NEI 08-09, 10-04 and 13-10.Performed the safety evaluation review of cyber security elements of the AP1000Performed inspections of licensee facilities for compliance with 10 CFR 73.54Worked to develop SECY-12-0088 and SECY 14-0147Worked with NSIR and the IAEA to develop Nuclear Security Series No. 17 “Computer Security at Nuclear Facilities”Worked to update RG 5.69 and RG 5.81 to meet new cyber security regulatory requirementsWorked to develop 10 CFR 73.53 ("Requirements for cyber security at nuclear fuel cycle facilities")and 10 CFR 73.73 ("Cyber Security Event Notifications”) , updates to 10 CFR 73 Appendix GMember of the NRCs Fuel Cyber Cyber Security Task force since 2010Currently developing a Regulatory guide for 10 CFR 73.53Testified before ACRS and NRC Commissioners on Cyber Security and Licensee topics.SME instructor for NRC Cyber Security training, including Executive, Management and Staff level training.Undisclosed Intel agencyMultiple security programs. Department of Defense – Inspector GeneralAttack and Penetration (A&P) team for DoDIG auditing efforts of an internal DoD agencies.Office of Management and Budget (OMB)Performed government wide assessment of FDCC and IPV6 rollout for all agencies, assessment and development of roadmap to help OMB set federal government direction.

Drive company vision and manage company with Co-CEO. Private acquisition finished in December 2010.

Provide input and oversight to the directions, goals, and operations of the California Community Co-location Project until we wrapped up the project in 2007.http://www.onlinepolicy.org

http://www.gotroot.comGotRoot was acquired by Prometheus Global Corporation in 2006.Developer of the GotRoot modsecurity rules.

• Provide director level oversight of companies strategy, risk management and operations. • Assist management team determine technology direction for company.• Help company analyze and respond to acquisition offers, investments and due diligence requests.• Help market and publicize company.• Co-founded company. Company was acquired by SW-Soft, now known as Parallels, Inc.

Acquired by Corbett.Co-developed process and team that recovered White House tapes from Clinton Administration, as part of large federal court evidence recovery process.Taught NMCI SOC personnel how to use, deploy and configure IDS systems.Developed STIGs for various DOD agencies.Hacked a bunch of customer systems.

Led team of over 45 developers and scientists in creating some neat media analysis, distribution and computer learning systems.

• Developer on Cisco’s Netranger Intrusion Detection product.• Developer on Cisco’s Netsonar Vulnerability Assessment product.• Wrote new exploits to find security vulnerabilities in all manner of OSes as part of the NetSonar product.• Developed new methods for defending systems and networks against attack.• Patented some technology for Cisco.

• Led teams conducting Security Posture Assessments, penetration tests and Security Design Reviews for customers. This included performing security audits on the largest corporations in the world, comprising all known operating systems, network devices, SCADA devices and other networked technologies. Industries included Nuclear, Power, Water, Financial, Defense, Manufacturing, Services, Petroleum, Telecommunications and Technology.• Responsible for writing penetration testimg and security posture assessment and data analysis tools, programs, modules and new tools for conducting customer assessments and generating end product reports.• Test new software and new configurations for all commercial and open source operating systems for security vulnerabilities and other security related issues, to be used as part of Security Posture Assessment offering for customers.• Conducted ongoing research into security of Operating Systems, Networks, Applications and other concepts, such as designing trusted models, exploitation tools, vulnerabilities, counter measures, re-scaling models to fit threat, etc.• Acquired by Cisco Systems in August 1998.

• Lead Senior Systems Architect for UTA personnel on SEC Internet EDGAR contract (http://www.sec.gov). • Responsible for reliability, scalability of systems and safe guarding all SEC EDGAR filings maintained on high visibility Internet Servers open to public anonymous ftp, gopher, WAIS and Web access. • Responsible for leading and managing contractor teams to conduct penetration testing of SEC and UTA systems and access points.

• As member of SRP, developed University Network and Computer Security policies. • Provided oversight for the local CERT• Reported directly to the Provost of George Mason University.• Adjudicated and/or resolved all complaints about misuse of GMU computing resources, attempted break-ins, and other security issues.

Worked at the Executive Office of the President of the United States of America (EOP)• Digital Forensics investigator supporting Secret Service• Special projects developer, supporting EOP and Office of the Vice President.• Sysadmin for White House webservers, to include all White House Internet connected machines. • Responsible for maintaining security posture of all Internet connected systems.• Member of two man team that designed, developed and managed the White House Network Management system.• Member of two man team that developed and deployed the Federal Statistics Briefing Room.