Jan 2009 - Present
Jan 2001 - Present
- Assist VCs in due diligence process.
- Commonwealth of Virginia: Advise legislature by serving on the Hugo Commission and JCOTS Electronic Balloting studies, and State Board of Elections on technology risks and approaches for electronic voting.
- Commonwealth of Kentucky: Advise Attorney General on voting security issues.
- Cyber Defense Agency LLC: DARPA research on Mobile Ad hoc Networks security.
- Technical advisory boards for Open Source Digital Voting Foundation, Savoir, Cap Epsilon, Visual CV, Kenai Systems (acquired by Forum Systems), Platform Logic (acquired by Symantec), Secure Software (acquired by Fortify Software).
- National Science Foundation: Review and recommend funding for academic research proposals.
- Brennan Center for Justice at New York University Law School: Expert reviewer for The Machinery Of Democracy: Protecting Elections In An Electronic World .
- Schade vs. State of Maryland et al: Expert witness on security of electronic voting.
- Co-founder, Virginia Verified Voting and Verifiable Voting Coalition of Virginia.
Oct 2008 - Jan 2009
Principal Security Consultant
- Advise government and commercial clients on software security.
- Write proposals for government research projects.
- Support sales and marketing organizations with customers/prospects.
- Represent company in OWASP, including chairing northern Virginia chapter.
- Participate in conference organizing, including ACSAC, DHS CATCH, and Metricon.
Jan 2000 - Sep 2008
Senior Director, Product Security & Performance
Software AG, Inc. (formerly webMethods)
- Advise executive team on security strategy, directions, M&A activities.
- Supervise product security efforts; provide oversight for corporate IT security.
- Supervise development of performance benchmarks for all webMethods products.
- Establish & manage relationships with key security and performance technology partners, including @stake (now Symantec), Entrust, Fortify Software, Forum Systems, Layer 7, Hewlett-Packard, IBM, Mercury Interactive (now HP), Netegrity (now CA), Segue Software (now Borland), Sun, White Hat Security, & others.
- Responsible for security aspects of all webMethods products, including requirements definition, architectural direction, vulnerability analysis, customer alerting processes, standards conformance, developer training, government criteria conformance, technology partnerships, and customer / field consulting.
- Co-founder, Common Criteria Vendors Forum.
- Program Chair, 16th & 17th Annual Computer Security Applications Conference.
- Contributor to CLASP; participated in SAML & XKMS standards.
Dec 1997 - Dec 1999
Manager, Security Integration Group
Led development and integration of security technologies for use on the DARPA Information Assurance program.Technologies include CORBA-based guards, firewalls, VPNs, switched workstations, and other products to allow safe interconnection of networks from TS/SCI to Unclassified.Inventions led to issuance of patents 6,584,508 and 6,684,329.
Sep 1990 - Jun 1995
Completed coursework for PhD
Jan 1981 - Dec 1981
Sep 1976 - Aug 1980
New Mexico Institute of Mining & Technology
- Security architect/engineer with over 20 years experience in product development, academic research, standards development, requirements analysis.
- Skilled communicator, with a strong aptitude for writing.
- Internationally recognized expert in software security and voting systems with numerous public presentations and over 20 publications in peer-reviewed conferences.
- Software security
- Electronic voting security
Recent presentations and publications
- Internet Voting: Threat or Menace?, Cambridge University (UK) seminar, April 2010.
- Internet Voting, Threat or Menace?, invited keynote to 9th Symposium on Identity and Trust on the Internet (IDtrust 2010), April 2010.
- Internet Voting: Will We Cast Our Next Votes Online?, ACM Computing Reviews, December 2009.
- A Survey of Vendor Software Assurance Practices, 25th Annual Computer Security Applications Conference, December 2009.
- Lessons Learned In Election Technology From The 2008 Elections (panel chair), RSA Conference, April 2009.
- Invited panelist at Representative Bobby Scott (D-Virginia) town hall meeting on voting systems, December 2008.
Lessons Learned In Election Technology From The 2008 Elections (panel chair), 24th Annual Computer Security Applications Conference, December 2008.
Lessons Learned in Election Technology from the 2008 Elections, University of Hawaii, December 2008.
What did Virginia learn about voting systems in 2008?, op-ed in Augusta (VA) Free Press.
Invited testimony to the District of Columbia Board of Elections and Ethics Investigation Special Committee regarding voting system security, Oct 3 2008 and Nov 13 2008.
What Measures do Vendors Use for Software Assurance?, Making the Business Case for Software Assurance Workshop, Carnegie Mellon University Software Engineering Institute, September 2008.
- How Can Researchers and Election Officials Better Work Together? (panelist), USENIX EVT '08 Workshop, July 2008.
- Security Lessons Learned from Société Générale, IEEE Security and Privacy magazine, May 2008.
- Towards Trustworthy e-Voting: An Open Source Approach? (panelist), Computers Freedom and Privacy 2008, May 2008
- Information Assurance Technology Forecast 2008, IEEE Security and Privacy magazine, January/February 2008.
- Interview on Voice of the Voters, February 2008 on Virginia legislation and voting system security.
- Interview on The New Dominion Show, January 2008 on Virginia legislation and voting system security.
- Interview on The Kenny Rahmeyer Show, WLBJ (Austin TX), January 2008 on voting system security.
- Electronic Voting 2008: What Are The Technical Issues?, Pew Charitable Trusts ElectionLine.org Forum, December 2007.
- Electronic Voting Options (panel chair), 23rd Annual Computer Security Applications Conference, December 2007.
- Electronic Voting 2007: What’s New in the US, University of Virginia, April 2007; Illinois Institute of Technology, October 2007; Olin College of Engineering, November 2007; Worcester Polytechnic Institute, November 2007.
- How Things Work: Electronic Voting, IEEE Computer, August 2007.
- Is SOA Governance a 10 Letter Word for Access Controls?, 2007 Web Services Security Conference and Exposition, May 2007.
- Electronic voting 2007 – what works, what doesn’t, and how can technologists affect the future, RSA Conference, February 2007.
- Fifteen Years after TX: A Look Back at High Assurance Multi-Level Secure Windowing (Invited Paper), Proceedings of the 22nd Annual Computer Security Applications Conference, December 2006.
- Challenges for Web Services Security (panel), 22nd Annual Computer Security Applications Conference, December 2006.
- Brief appearance on CNN Lou Dobbs (recounts for electronic voting), November 2006.
- Architecting Secure webMethods Solutions, Integration World 2006, November 2006.
- Alternate Assurance Methodologies for Increasing Product Security, 7th International Common Criteria Conference, September 2006.
- “Good Enough” Metrics, Metricon 1.0 workshop at USENIX Security, August 2006.
- Why Applying Standards to Web Services Is Not Enough, IEEE Security and Privacy magazine, August 2006.