View My VisualCV Online: http://www.visualcv.com/jepstein

Summary

  • Security architect/engineer with over 20 years experience in product development, academic research, standards development, requirements analysis.
  • Skilled communicator, with a strong aptitude for writing.
  • Internationally recognized expert in software security and voting systems with numerous public presentations and over 20 publications in peer-reviewed conferences.

Work History

SRI International

Arlington, VA, United States
Jan 2009 - Present
Senior Computer Scientist 

Support Department of Homeland Security Science & Technology research program

Investigator on ACCURATE voting research program

Self

Fairfax, VA, United States
Jan 2001 - Present
Independent Consultant 

Cigital, Inc.

Dulles, VA, United States
Oct 2008 - Jan 2009
Principal Security Consultant 
  • Advise government and commercial clients on software security.
  • Write proposals for government research projects.
  • Support sales and marketing organizations with customers/prospects.
  • Represent company in OWASP, including chairing northern Virginia chapter.
  • Participate in conference organizing, including ACSAC, DHS CATCH, and Metricon.

Software AG, Inc. (formerly webMethods)

Fairfax, VA, United States
Jan 2000 - Sep 2008
Senior Director, Product Security & Performance 
  • Advise executive team on security strategy, directions, M&A activities.
  • Supervise product security efforts; provide oversight for corporate IT security.
  • Supervise development of performance benchmarks for all webMethods products.
  • Establish & manage relationships with key security and performance technology partners, including @stake (now Symantec), Entrust, Fortify Software, Forum Systems, Layer 7, Hewlett-Packard, IBM, Mercury Interactive (now HP), Netegrity (now CA), Segue Software (now Borland), Sun, White Hat Security, & others.
  • Responsible for security aspects of all webMethods products, including requirements definition, architectural direction, vulnerability analysis, customer alerting processes, standards conformance, developer training, government criteria conformance, technology partnerships, and customer / field consulting.
  • Co-founder, Common Criteria Vendors Forum.
  • Program Chair, 16th & 17th Annual Computer Security Applications Conference.
  • Contributor to CLASP; participated in SAML & XKMS standards.

Network Associates Inc, Network Security Research Division

McLean, VA, United States
Dec 1997 - Dec 1999
Manager, Security Integration Group 

Led development and integration of security technologies for use on the DARPA Information Assurance program. Technologies include CORBA-based guards, firewalls, VPNs, switched workstations, and other products to allow safe interconnection of networks from TS/SCI to Unclassified. Inventions led to issuance of patents 6,584,508 and 6,684,329.

Security Clearances

Current Clearance
Updated Jan 2008
Counter Intelligence Polygraph

Issued

Highest Clearance Ever Held
Held Jan 2008 - Jan 2008
Counter Intelligence Polygraph

Issued

Education

George Mason University

Fairfax, VA, United States
Sep 1990 - Jun 1995
Completed coursework for PhD, Information Security

Purdue University - School of Science

West Lafayette, IN, United States
Jan 1981 - Dec 1981
M.S., Computer Sciences

New Mexico Institute of Mining & Technology

Socorro, NM, United States
Sep 1976 - Aug 1980
B.S., Computer Science

Interests

  • Software security
  • Electronic voting security 

Recent Publications and Presentations

Recent presentations and publications

  1. Internet Voting: Threat or Menace?, Cambridge University (UK) seminar, April 2010.
  2. Internet Voting, Threat or Menace?, invited keynote to 9th Symposium on Identity and Trust on the Internet (IDtrust 2010), April 2010.
  3. Internet Voting: Will We Cast Our Next Votes Online?, ACM Computing Reviews, December 2009.
  4. A Survey of Vendor Software Assurance Practices, 25th Annual Computer Security Applications Conference, December 2009.
  5. Lessons Learned In Election Technology From The 2008 Elections (panel chair), RSA Conference, April 2009.
  6. Invited panelist at Representative Bobby Scott (D-Virginia) town hall meeting on voting systems, December 2008.

  7. Lessons Learned In Election Technology From The 2008 Elections (panel chair), 24th Annual Computer Security Applications Conference, December 2008.

  8. Lessons Learned in Election Technology from the 2008 Elections, University of Hawaii, December 2008.

     

  9. What did Virginia learn about voting systems in 2008?, op-ed in Augusta (VA) Free Press.

     

  10. Invited testimony to the District of Columbia Board of Elections and Ethics Investigation Special Committee regarding voting system security, Oct 3 2008 and Nov 13 2008.

  11. What Measures do Vendors Use for Software Assurance?, Making the Business Case for Software Assurance Workshop, Carnegie Mellon University Software Engineering Institute, September 2008.

  12. How Can Researchers and Election Officials Better Work Together? (panelist), USENIX EVT '08 Workshop, July 2008.
  13. Security Lessons Learned from Société Générale, IEEE Security and Privacy magazine, May 2008.
  14. Towards Trustworthy e-Voting: An Open Source Approach? (panelist), Computers Freedom and Privacy 2008, May 2008
  15. Information Assurance Technology Forecast 2008, IEEE Security and Privacy magazine, January/February 2008.
  16. Interview on Voice of the Voters, February 2008 on Virginia legislation and voting system security.
  17. Interview on The New Dominion Show, January 2008 on Virginia legislation and voting system security.
  18. Interview on The Kenny Rahmeyer Show, WLBJ (Austin TX), January 2008 on voting system security.
  19. Electronic Voting 2008: What Are The Technical Issues?, Pew Charitable Trusts ElectionLine.org Forum, December 2007.
  20. Electronic Voting Options (panel chair), 23rd Annual Computer Security Applications Conference, December 2007.
  21. Electronic Voting 2007: What’s New in the US, University of Virginia, April 2007; Illinois Institute of Technology, October 2007; Olin College of Engineering, November 2007; Worcester Polytechnic Institute, November 2007.
  22. How Things Work: Electronic Voting, IEEE Computer, August 2007.
  23. Is SOA Governance a 10 Letter Word for Access Controls?, 2007 Web Services Security Conference and Exposition, May 2007.
  24. Electronic voting 2007 – what works, what doesn’t, and how can technologists affect the future, RSA Conference, February 2007.
  25. Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing (Invited Paper), Proceedings of the 22nd Annual Computer Security Applications Conference, December 2006.
  26. Challenges for Web Services Security (panel), 22nd Annual Computer Security Applications Conference, December 2006.
  27. Brief appearance on CNN Lou Dobbs (recounts for electronic voting), November 2006.
  28. Architecting Secure webMethods Solutions, Integration World 2006, November 2006.
  29. Alternate Assurance Methodologies for Increasing Product Security, 7th International Common Criteria Conference, September 2006.
  30. “Good Enough” Metrics, Metricon 1.0 workshop at USENIX Security, August 2006.
  31. Why Applying Standards to Web Services Is Not Enough, IEEE Security and Privacy magazine, August 2006.
Full list available on request

Professional Affiliations

Senior Member, Association for Computing Machinery (ACM)

Senior Member, Institute of Electrical and Electronic Engineers (IEEE)

Member, USENIX Association

Member, US Public Policy Committee of ACM (USACM)

Vice President and Senior Fellow, Applied Computer Security Associates

Recent Articles

Icon_pdf_16 IEEE S&P Societe Generale article

Jeremy Epstein, Security Lessons Learned from Société Générale, IEEE Security & Privacy, May 2008.

Icon_pdf_16 IEEE S&P Security - Security Roundtable

Sami Saydjari (moderator), Steven Bellovin, Terry Benzel, Bob Blakley, Dorothy Denning, Whitfield Diffie, Jeremy Epstein, Paulo Verissimo, Information Assurance Technology Forecast 2008, IEEE Security & Privacy, Jan/Feb 2008

Icon_pdf_16 IEEE Computer Voting Machines article

Jeremy Epstein, How Things Work: Electronic Voting, IEEE Computer, August 2007.

 

Icon_pdf_16 ACSAC classic paper

Jeremy Epstein, Fifteen Years After TX: A Look Back at High
Assurance Multi-Level Secure Windowing, 22nd Annual Computer Security Applications Conference, 2006 (invited paper).

Hobbies

Turkey Run

Turkey Run

Colonial Reenactor at Claude Moore Colonial Farm, McLean VA. (www.1771.org)  Demonstrate life of pre-Revolutionary War tenant farmers at the only privately operated park in the National Park Service.

UNATL

UNATL

What's this?  Ask me!