Product security architecture in Deloitte Consulting's New Business Innovation group.

Product Direction: Helped keep First Data’s acquiring and merchant clients safe by creating innovative suites of security products for different business types, ranging from SMB to Nationals, in various vertical market verticals. Ensured that we delivered the best available by coordinating POCs and the Security Testing of potential cyber-security solution partners. Saw to it that security was always maintained as I supported the integration of PCI RapidComply with the TransArmor Solution, START, EDW, and other First Data systems. Assisted large merchant clients to effectively resolve technical and regulatory security issues with their cardholder data environments as a consultant to both the Sales and Merchant Compliance teams. Towards more effectively helping the Sales and Compliance teams, I was certified by the ISC2 as a CISSP, and by the PCI SSC as an Internal Security Assessor (ISA). Protected First Data’s interests by participating in industry standards bodies: PCI SSC Taskforces and SIGs, Conexxus, PPISC Acquirers Working Group.Enterprise Security, Risk and Compliance: Helped keep First Data safe by contributing to long term strategy directions for First Data’s Global Information Assurance and Risk department, where I also defined and delivered security services for internal and external partners. Contributed to First Data’s successful M & A program by coordinating cyber-security vetting of potential partners, and working closely with new initiatives such as Clover, Perka and Palantir to help them through all phases of cyber security engagement, from due diligence through full production of the products. Supported other high-priority cyber security engagements (e.g., needed to replace 200 SSL certificates used by 400,000 merchants in the least disruptive manner).

Architect: Worked closely with product management, business development, and software development teams to ensure that the set of products and features developed are optimal for Panoptic Security’s ability to penetrate the markets for scalable SAAS compliance tools.Developer: Conceived, developed, and guided the implementation of Panoptic’s application security strategy and secure software development lifecycle. Key designer and developer of Panoptic Security’s award winning ExpertPCI product, written in Java and JavaScript on the Spring MVC framework. Ensured timely delivery of software features and components to support Panoptic’s sales and marketing.CISO: Successfully defended Panoptic, leading all aspects of our information security and cyber defense efforts.Qualified Security Assessor (QSA): Certified by PCI council as Qualified Security Assessor (QSA) in order to perform security assessments of client companies who need to demonstrate compliance with the Payment Card Industry Data Security Standard.Board Member: Helped lead the company to a successful acquisition by Sysnet in 11/2012, representing Panoptic’s common stock shareholders on the Board of Directors.

Security Architecture Team Lead: Worked closely with product management, business development, and the software development team to ensure that the set of products and features developed were optimal for Senforce's ability to penetrate enterprise markets for endpoint security, network security, and wireless security. Intelligent Network Access Control Team Lead: Lead a team of developers creating Senforce's iNAC product, which quarantines endpoints that are not properly configured, keeping them out of sensitive areas of the network until the problems are remediated in order to prevent the endpoints from corrupting corporate assets or spreading malware infections. Common Criteria Evaluation Technical Lead: Completed the EAL 4+ evaluation of ESS: https://www.commoncriteriaportal.org/files/epfiles/st_vid10000-vr.pdf Cryptographic Software Development: Designed and implemented cryptographic modules for Endpoint Security Suite, and Senforce Wi-Fi Security, which are used to protect the confidentiality and integrity of the centrally managed security policies. The cryptography also plays a crucial role in the products' tamper-proofing against attempts by malicious software to disable the policy enforcement mechanisms. Patent Coordinator: Managed Senforce’s patent program and was co-inventor of Senforce’s security-related patents.

See Senforce Technologies, Inc. for a description of my experience at Rappore. Rappore changed its name to Senforce in 2004.

Engineering Security Expert Responsibilities: Technical lead for the Export Classification Review (ECR) program, including in-depth, regulatory technical oversight and guidance to the various development groups and coordination between them and the International Trade Services department. Provided security architecture and design feedback to relevant development groups. Worked closely with the NSA. Responsible for export oversight for all engineering departments and their export review processes, administering the Export Licensing Classification Procedure for Engineering, and coordinating program participation of Engineering Directors, Managers, Technical Leads and Key Contributors. Maintained supportive program evidence and accountability records for Engineering Directors responsible for the various products and services. Managed the discovery and disclosure process, pursuing indicators of possible security concern. Software Development Accomplishments: Developed software that runs on NetWare to allow the configuration files of the Novell International Cryptography Infrastructure (NICI) to be securely backed up (and restored). Developed software in Java that installs the Novell International Cryptography Infrastructure (NICI) for NDS 8.5 on NT. Developed Java plug-ins to allow users of Novell's ConsoleOne product to manage login methods for the Novell Modular Authentication Service (NMAS). Developed software that runs on the B3-evaluated secure system, providing secure generation of public key (e-commerce) certificates for all NetWare and NDS customers. Secure System Administration: Administered the B3-evaluated secure system, in a restricted-access room, where Novell's E-Commerce certificates are produced, and where the Cryptographic modules are digitally signed to prevent replacement with unauthorized modules.

Multilevel Secure DoD Directory Prototype: Technical lead for the development of software that replaced a hierarchical X.500 database with a Multilevel Secure Relational DBMS to allow secure multilevel sharing of classified and unclassified DoD Directory data. Alpha Real-Time Secure Distributed Operating System: Contributed to the architecture and design of B3 trusted Real-Time distributed Operating System. Wrote the Secure Alpha Descriptive Top-Level Specification. Contributed to the Security Architecture, and to the Formal Security Policy Model. Portable Command and Control: Developed security architecture for a portable map-based command and control system that uses a distributed database connected over a radio network. Designed a flexible access control mechanism, and a multicast membership-control protocol. Certificate Authority: Performed a security requirements analysis for the US Postal Service's electronic commerce project. Key Escrow System: Performed an audit requirements analysis for the Key Escrow System proposed for use with the Clipper Chip. Commercial Communications Technology Test bed: Developed an RPC-based gateway interface that allows a distributed database system to communicate with other Army command, control, communications and intelligence systems. Database Interoperability: Lead the development of two database applications, and a graphical user interface for them, that use an intelligent mediator to give the users of each DBMS access to the data in both systems. SeaView Multilevel Secure Trusted DBMS: Design and implementation of A1 Trusted DBMS. Wrote the FTLS-to-code correspondence. Designed and implemented Foreign Key support and Discretionary Access Controls.

Contributed to the NCSC's Trusted Database Interpretation development. Supported a major software vendor's effort to develop a B1 DBMS and have it evaluated by the NCSC. Developed security training course materials. Security engineering tasks supporting the USAF for the Joint Inter-operability Avionics Working Group's Trusted Software Engineering Environment. Security engineering tasks supporting the USAF for the Military Airlift Command's MLS Global Decision Support System.

Designed and implemented modules of the Mandatory and Discretionary layers of the GEMSOS A1 TCB. Co-developed and presented Gemini's training course on developing MLS end systems and applications using the GEMSOS A1 TCB. Developed the GEMSOS Inter-Segment Linkage System. Developed modules of the GEMSOS System Generation Utility.