Apr 2015 – Apr 2022 · 7 yrs

• Principal member and Infrastructure Security Architect of the Yahoo Paranoids, our industry-wide recognized team of information security experts with primary focus on infrastructure architectural design and decisions that impact all of the company's internal systems across all layers of the OSI stack and all data centers and edge locations.
• Recent projects included:
• defining the North Star vision for the tech stacks for the next decade as well as how to move in an agile manner to modern solutions
• develop, champion, communicate, and guide implementation of the company's Zero Trust strategy for the entire company, including both corporate enterprise environments as well as production networks
• leadership in architecture, design, and strategy for all infrastructure security aspects of merging, combining, and creating anew two of the internet's oldest and most respected brands
• strategy, initiative, and planning of reproducible builds, trustworthy artifacts, and attestation and assurance of integrity in the continuous integration and continuous deployment cycle
• consultation and architectural design & review of network level encryption facing nation-state adversaries in various geographic locations and jurisdictions
• setting direction for Edge security, including technical stack, TLS standards, secure boot, and trusted computing

Jan 2013 – Mar 2015 · 2 yrs 2 mos

• Senior member of the Information Security team, team lead for security operations and infrastructure security. We coordinate incidence response for company-wide security issues such as Heartbleed, Shellshock, POODLE etc; we maintain all of Twitter's SSL/TLS certificates; we perform internal and external security reviews, consult on internal and external facing feature development and infrastructure changes or planning.
• Rolled out Kerberos at Twitter and drove migration of Subversion, SSH, sudo(8), Git, and misc. services to use Kerberos; maintenance of monitoring and auditing around TLS certificates and supported cipher suites; wrote and maintained a tool to allow for user-friendly asymmetric encryption of secrets; helped designed key distribution system; wrote system software for and designed end-to-end solution around bootstrapping trust using TPMs in untrusted locations; regular end-user training to reduce risk of phishing and just general education of all engineers on security related issues.

Apr 2012 – Dec 2012 · 8 mos · New York, New York

• Implemented and deployed Two-Factor Authentication for VPN; wrote tools to alert on suspicious activity; performed regular training and education in various security-related best practices and products; review of infrastructure components with regards to internal as well as external security; lead PCI-DSS audit for 2012

May 2011 – Dec 2011 · 7 mos

• Member of Yahoo!'s small central security team in charge of all aspects of product-, infrastructure-, network- and all other security related issues. My main focus there is currently on secure system architecture, conceptual integrity, vulnerability assessment and analysis, intrusion detection, as well as review of existing or new projects with particular focus on scalability and (data and service) integrity.
• I routinely (try not to) break things, fix them and implement and design long term solutions. And I worry.

Jul 2007 – Apr 2011 · 3 yrs 9 mos

• I create secure and scalable infrastructure solutions, ranging from configuration management over centralized and decentralized syslog deployments to massive host scanning, IPv6 implementation and strategy and everything in between, focussing on quality, correctness and the long term impact.
• Member of the Engineering Standards Group setting direction for all technological aspects of the company
• Repeatedly nominated for the internal yearly Superstar Award
• single owner of one of our configuration management systems deployed on nearly 100K hosts
• intricately involved in setting the company's IPv6 direction and strategy
• design and architect scalable solutions in the area of syslogging, massively parallel host scanning, industry breakthrough solutions such as L3DSR load balancing etc.

Sep 2006 – Jul 2007 · 10 mos

• Extended and maintained configuration management system deployed on nearly 100K hosts; wrote rapid deployment system to reduce inventory-to-ready-to-serve turnaround time; wrote miscellaneous tools to automate regular workflow and processes; instituted best software engineering practices.

Aug 2001 – Present · 24 yrs 7 mos

• Teaching Graduate level class "Advanced Programming in the UNIX Environment'', based on the well-known book by W. Richard Stevens, covering such topics as the user/kernel interface, fundamental concepts of UNIX, user authentication, basic and advanced I/O, fileystem, signals, process relationships, and interprocess communication. Online youtube channel: https://youtube.com/c/cs631apue
• This class has been added as a requirement to the Master's degree in Computer Science.
• https://stevens.netmeister.org/631/
• Developed from scratch and am currently teaching graduate level class ``Aspects of System Administration'', covering topics such as hardware configuration, operating system installation, shell programming, security policies, backup deployment and disaster recovery, network design, software installation and maintenance, operating system tuning. (This class played an important role in the certification of Stevens's Computer Science Department as an NSA Center of Academic Excellence in Information Assurance Education; it is now part of the Master's degree requirements.)
• In this class, I pioneered the use of Amazon EC2/AWS cloud services for teaching system administration. Online youtube channel: https://v.gd/cs615asa
• https://stevens.netmeister.org/615/

Jan 2001 – Jan 2006 · 5 yrs

• Administration of the Imperatore School of Sciences and Arts Scientific Computing resources (infrastructure and desktops, NetBSD/IRIX), supporting some 3000 users (students, professors, staff alike) and their varying software needs.

Jan 2001 – Present · 25 yrs 2 mos

• Ported pkgsrc to IRIX.
• Drove initial participation in Google's Summer of Code program.
• Website and ftp mirror maintenance.
• Running OS X? Type 'man stat' and find my name. :-)