Email: [email protected]
PRINCIPAL IOT SECURITY ARCHITECT AND RESEARCHER
Cloud Security, Architecture, Analytics & Compliance, IOT Design and
Audit
I have helped companies attack modern IOT problems in Azure. I bring an out-of-the-box creative and technically sound perspective to my clients. I serve as their guide, explaining difficult technical problems clearly. I help them make the best choices based upon their needs. All IOTdevices should be secure and safe. They should help businesses bring secure solutions to their clients. Customers' data needs to be private, and still usable, within an increasingly complex international regulatory environment. An open mind is key to having a good working relationship with my colleagues and customers.
| Focus Areas | Skill Areas |
|---|---|
| - Analyzing risk tolerance cost vs cost in iot solutions | - Secure IOT Design/Development |
| - Imparting innovative SecDevOps culture | - Sensible PKI / Usable PKI Solutions |
| - Solving tough security problems unconventionally | - Creatively balancing security vs utility |
| - Forensics & Incident Response | - Evaluating IOT platforms & suggesting alternatives to 'vendor lock in' |
-
OS and Languages: OpenWRT, Windows server 2016, FreeBSD, Linux Variants (RedHat, Debian), Perl, Bash, Ansible, PowerShell
-
Cloud Technology: Azure Ad infrastructure, Azure Sphere, KubernetesDocker, Prometheus, Vagrant, ElasticSearch, Kibana
-
IOT: OpenWrt, Arm Processors, Trusted Boot, Yocto, Image Provenance, Docker, Linux Containers, PKI
-
Technologies: Ansible, Palo Alto, Gitlab, OpenScap, Azure Sphere, Active Directory 2fa, PrimeKey PKI appliance, TrustZone, TPM 2.0, Intel TXT, Secure Boot, Trusted Boot, Artifactory.
Cree Incorporated, Durham, North Carolina 2016 to 2018
Principal IOT Security Researcher
Develop new IOT security product. This included cloud, on-prem, and device security. Also developed secure development pipeline for device and cloud asset updating, and developed a signed openwrt image for final release to manufacturing. Evaluated multiple IOT infrastructure (thingworx, Microsoft Azure IOT, Renesys) platforms.
Selected Achievements:
-
Crafted a custom hybrid IOT infrastructure that delivered micro-services to customers. The solution including research, documentation, testing, and final deployment including the development of a custom Secure RedHat OS on Hyper-V. This served as the template for final VM introduction to the Azure Marketplace. Combined both Unix (Ansible) and Windows (azure cli) tools to automate this process.
-
Created a fully automatic pipeline using secure package signing, binary asset management, and deployment to secure web servers. This was used to update all cloud and IOT assets securely. Developed highly resistant signing architecture to ensure that all assets were safe an untampered.
-
Developed secure PKI implementation which combined security with functionality. We used RSA keys with a hardware anchor of trust to make security based upon physical characteristics of IOT devices. This made data opaque to adversaries, and complied with local and international laws. All data transmissions were protected from viewing or tampering using industry standard RSA 4096 Bit encryption, TLS 1.2 ECDHE keys with custom moduli, and with automatic rekeying every hour.
SAS, Cary, North Carolina 2015 to 2016
Senior Security Architect
Provide security architectural, design and development expertise for
SAS startup developing a Big Data security analytics platform.
Selected Achievements:
- Defined the target architecture, roadmap and principles for client solution deployments.
- Full life cycle solution delivery and executive advisory. This includes strategy, roadmap, assessments and discovery, design, architecture and solution delivery.
Verizon, Cary, North Carolina 2008 to Dec 2015
Principal Security Consultant
Designed and implemented cloud security solutions. Developed reference architectures. Defined application migration strategies.
Selected Achievements:
-
Developed and delivered a hybrid cloud solution for a Fortune 100 financial services client using Mashery, IBM Datapower and F5 technologies.
Impact: Enabled multi-bank financial transactions for over 10,000 mobile clients.
-
Architected, designed and delivered a PCI solution for a Fortune 100 financial client using HPE's Voltage tokenization platform.
Impact: Client passed PCI audit.
-
Architected, designed, and delivered a highly resilient EDI platform using IBM API gateway technology
Impact: Enabled a 21.7 billion dollar merger and acquisition of two Fortune 100 financial clients.
Lead Consultant, (Contract to Hire), Hire Apex Systems for Verizon 2007 to 2008
Designed and delivered security solutions for several Fortune 100 clients. Demonstrated outstanding relationship management and analysis skills.
Selected Achievements:
-
Remediated key infrastructural vulnerabilities for a global financial services firm using Imperva technologies.
Impact: Resolved compliance issues delaying a multi-million dollar financial services merger and acquisition.
-
Participated in one of the largest financial cyber breach investigations, involving the loss of over 100 million dollars.
-
Bachelor of Science (BS), Information Security, DeVry University, expected graduation 2020
-
Certified Information Systems Security Professional (CISSP)
-
ITIL V3 certified
-
Active Member -- ISC2
-
Active Member -- Triangle Devops Meetup
-
Attended: 2018 Linux Embedded Security Conference