Solves “intractable” identity and access technical problems using superior listening, analysis and (re)design skills. Works from the abstract conceptual level through to fine deployment details. Produces and presents reports to explain complex issues in ways understandable to diverse audiences. Partners effectively with C-level executives, marketers, engineers, technical writers, and customers. Has deep enterprise computing expertise along with good coding skills.
Software architecture, security, privacy, identity management, federated systems, authentication and authorization, policy language for access control and privacy, OAUTH/OIDC, SAML, PKI (digital signatures and certificates), communications protocols, RFID, and the Common Criteria (a set of US government security standards).
REST APIs, Swagger, JSON, XML, LDAP, SQL, crypto systems, medical privacy (HIPAA), low-level networking tools, OAUTH/OIDC, servlets, HTTPD, provisioning, software implementation and deployment.
March 2016 - Present
a consortium of US universities and colleges
Architected a system (“CAR”) for consent-informed release of user info. CAR integrates institutional policies with user policies, and provides for fine-grained policy control over specific attributes. CAR is currently being deployed at a major research university, with release set for July 2017. Click here for more info on CAR.
2012 - 2016
Identity & Access Management team
Hired to worked on a variety of projects, especially those that were known to be difficult or lacking traction during earlier attempts. Key projects and outcomes included:
Consulted to CTO of company creating a mobile phone app with a social networking component:
Provided security consulting to C-level executives and senior staf f at this innovative healthcare startup. Topics included identity management, network architecture, and PKI.
HMS researchers needed to give scientists from other institutions (limited) access to HMS resources for collaboration and to meet grant requirements. Existing process was staff-intensive and slow, and the authentication of foreign users had some “issues.”
2005 - 2008
Worked with senior technical staff members to successfully meet the requirements of an EAL4 Common Criteria (CC) evaluation of Datapower’s XML security gateways (XS40 and XI50). Performed technical analyses of the products, did deep code examination (C++) in support of the analyses, provided advice on security-related design and implementation decisions, created low-level protocol validation tests, served as point person for CC rule interpretation, and created/modified the CC-specified documents that serve as the basis for the evaluation.
Analyzed use cases for an LDAP “adapter” that was part of a certificate management system. Systematized use case factors. Analyzed error conditions. Provided initial architecture and operational considerations for the adapter service. Found, and provided a solution for, a major security hole in the client’s current product.
Technical lead on Entitlements & Authorization project in the Information Delivery and Services group within the Wealth and Investment Management group.
1998 - 2004
Consultant working as a member of IBM’s security architecture team within both IBM and its Tivoli subsidiary.
1996 - 1997
Consultant to Development Team: performed a security analysis of the Java Virtual Machine (JVM) and Java Development Kit (JDK). Co-wrote The Java Security Reference Model, a plain-language discussion of security in Java.
Spring & Summer 1996
Worked with management, marketing, and developers on Shiva’s on-going security plans.
1993 - 1995
Served as Banyan’s security lead across the product line. Provided expertise on other enterprise computing issues (X.500, RPC, communications, licensing).
Consultant to Technical Architecture team. Advised team developing enterprise-wide computing strategy for Fidelity. Topics included security (Kerberos), transaction systems, naming, and interoperability.
1985 - 1992
C++ C Java PowerShell assembler SQL Perl etc.
Object-Oriented Distributed Computing System (co-holder) Patent # 5475817, 12/12/95.
Sc.B. (BS) in Electrical Engineering, Brown University, 1983.