props to my Java 2D mix master Vincent H.
	     watch for his book.

 

http://www.interhack.net/people/gfe/

 


 

Specialties
Designing security platforms including authentication mechanisms and cryptosystems. Architecture and development of secure Internet technologies utilized in building trusted computing bases.
 
Technical Experience
Operating Environments:
Solaris 2.x, LINUX, SunOS 4.1.x, IRIX 6.x, IRIX 5.x, HP-UX, Windows NT, Windows 95, VAX/VMS, RSX-11
 
Languages:
Java, Lisp, Perl, Tcl/Expect, C++
 
Cryptographic Tools and Technologies:
JCE, JCrypto, SSLref, SSLeay, RSAref, BSafe, Cryptolib, SSH, PGP
 
Smart Card Technologies:
JavaCard, OpenCard Framework, Mondex
 
Firewall Technologies:
Application Gateways, Packet Filtering Routers, PIX, VPN, NAT
 
 
Professional Experience
Sun Microsystems(October 1997 -- present):
Senior Security Architect, Reporting to Technical Manager Java Security and Networking Development
Responsible for Java Security Architecture including the implementaion of the java.security APIs. This includes aspects of authentication, authorization, PKI and cryptographic services.
 
Senior Java Architect, Reporting to Technical Manager Java Computing Enterprise Engineering
Responsible for specification and implementaion of the security aspects of JavaOS such as authentication. This includes the design and implementation using traditional software mechanism as well as security tokens such as smart cards.
Act in a consultative capacity in support of thin client computing pilot activities in the areas of architecture and development of class loaders, security managers and applications.
 
AT&T Laboratories (November 1991 - September 1997):
Principal Technical Staff Member, Reporting to Technical Manager Internet Services Group.
Lead engineer responsible for security, architecture, deployment and implementation of AT&T's corporate web server, www.att.com. Additional responsibilities include architecture of web hosting services. Principal architect for extranet services for www.att.com.
Designed and implemented extranet access architecture to securely access intranet systems and services from the Internet (see: AT&T Universal Card Account Center). Architecture provides for authentication, authorization, confidentiality, and integrity of data.
Designed and implemented common gateway interface for a secure credit card application between a web browser and server. Application utilizes a asymmetric key cryptosystem to safeguard confidential personal information.
Member of technical team responsible for architecture and deployment of the www.disney.com. Specific responsibilities included security of bastion hosts, back end databases, and transaction architecture.
Responsible for Architecture and implementation of web publishing system which manages and controls content to be published on the corporate web server www.att.com. Architecture includes an internal mirror of the site as well as a full web development and test environment.
 
Battelle Memorial Institute (August 1990 - October 1991):
Principal Research Scientist. Reporting to Vice President Manufacturing Systems Implementation.
Responsible for architecture and implementation of application protocols utilized within Computer Integrated Manufacturing systems.
 
IRD Mechanalysis, Incorporated (October 1988 - July 1990):
Staff Engineer. Reported to the Vice President of Product Development.
Responsible for architecture and design of distributed data collection systems.
 
CRISP Automation, Incorporated (February 1984 - September 1988):
Senior Firmware Engineer. Reporting to the Director of Technology.
Responsible for design and implementation of network protocols utilized within real-time process control systems.
 
OSU Integrated Pest Management Program (April 1983 - November 1983):
Programmer/Analyst. Reported to the IPM Coordinator.
Developed information management systems to track state-wide pest activity.
 
Industrial Commission of Ohio (December 1980 - November 1983):
Programmer/Analyst and Computer Operator. Reported to the Director of Data Processing.
Implemented information systems providing statistical data related to industrial safety and hygiene.
 
Education
Ohio State University (December 1983):
Bachelor of Science, College of Mathematical and Physical Sciences, Department of Computer and Information Science.
Publications
Snake Oil Warning Signs: Encryption Software to Avoid
http://www.interhack.net/people/cmcurtin/snake-oil-faq.html
``What's Related?'' Everything But Your Privacy
http://www.interhack.net/pubs/whatsrelated/
 
 
Professional Affiliations
Technical Representative, OpenCard Consortium
Member, Association for Computing Machinery
Member, IEEE Computer Society
Member, USENIX Association