Objective
A challenging career in Scientific, Mathematical or
Object-Oriented Software Development in
C++, Python,
XML, JSON,
Assembly, Objective C,
Java, or Scala with
emphasis on Client-Server,
Real-Time, and Embedded
solutions.
Status
Citizenship: U.S. Citizen |
Clearance: Available upon request |
Availability: Immediate | | Ability to Travel: 50% |
Driving Distance: Up to 100 mi (160 km) from Herndon, VA if unable to refuel
Electric Car at work site, 220 mi (350 km) if allowed to Charge at
Work | | Willing to Relocate: Yes |
Summary
A successful Technical Software Lead
and Senior Software Engineer with 25
years of professional Software Development experience. Up
to date technical skills, including expertise in
ISO C++ 2020, Python
3, Embedded and
Object-Oriented development, with
Static and Dynamic
Analysis. Experience with many aspects of
software development, including the design and
development of:
Developed iOS App | | Designer & developer for Hawkeye Tactical Sensor Grid
2.0 |
Built Abstract Syntax Tree of PDFs and
Microsoft Office Documents | | Task master for 3Point
Escalate training |
Wrote Docker component | | Disassembled Malware attack |
Wrote PDFParser, a run-time PDF Malware analyzer | | Developed PROSE documentation format |
Handled network message monitoring | | Developer for PUMP-II Bidirectional Cross-Domain
Solution |
Worte Scala code for
DFDL parser | | Reverse-Engineered RADAR hardware |
Developed XML parser for
Windows executables | | Developed Math routines in PowerPC
Assembly |
Designed many-to-one Byte Code
language for Trusted Platform
Machine | | Wrote browser plugin to interface with
Facebook |
Researched Distributed Denial of
Service attacks within Service Oriented
Architecture | | Designer for PEIP-III |
Designer and Developer for PEIP-II | | Designed and Developed Single Point Keying Command and
Control software |
Developed Stock Market analysis algorithms | | Designed and developed Stock Market event logging
system |
Expertise
Operating Systems: Windows 8/10, UNIX/Linux/Ubuntu/CentOS/RedHat/Solaris, REMnux, DOS, X-Windows, KDE, NeXT, MacOS
Computer Languages: ISO C++, STL, boost, Python 3, Python 2, Scala, C, Objective C, Java, Flex, Bison, LLVM, XML, XSLT, XML Schema, XPath, XQuery, BaseX, JavaScript, JSON, Docker SDK, REST, Active Server Pages, SeaMonkey JavaScript API, JQuery, UNIX Shell, POSIX, Regular Expressions, VHDL, ATL, COM+, ASM, MFC, Excel Basic, Facebook Client Code, CXX Test, Apple Developer Program, iOS, deprecatedVisual C++, Generic Programming (Templates), Object-Oriented Analysis (OOA), Object-Oriented Design / Development (OOD), Object-Oriented Programming (OOP), SQL, HTML, MS Platform SDK, PowerPC Assembly, ARM Thumb, Antlr 2, deprecatedLisp, TCL/TK, CLIPS (SmallTalk)
Applications: deprecatedSQL Server, Visio, MS Office (Word, Excel, Access, Powerpoint), Libre Office, OpenOffice XML, Escalate by 3Point, IDA Pro, x64dbg, x32dbg, ThreadGRID, Cuckoo, OPSWAT, VMWare, Abbyy Fine Reader, Rational Rhapsody, Rational Rose (Case Tools), MS Project, Adobe Photoshop, Intellij, Eclipse, JBuilder, GRUB, ALDO, Facebook Security, CodeSurfer, deprecatedVisual
SourceSafe, git, mercurial, Subversion, CVS, make, Autotools, Trac
deprecatedOther Skills: Agile Development, Test-Driven Development, Team Development, Solo Development, Full Life Cycle, Design Documents, COA Documents, Abstract Syntax Tree, Open XML Markup Documents, PDF Parsing, Malware Detection, Portable Executable Format, bitbake, rsyslog, Common Vulnerability Exposures, Dynamic Analysis, Static Analysis, gdb, SFTP, Xerces, Apache, Coverity, SAXON, RSA, IRC, UDP, SICD, MPEG, zero-mq, JOVIAL, Dynamic Byte Code, Trusted Platform Machine, CoreBoot, Service Oriented Architecture, Security Assertion Markup Language, Distributed Denial of Service, Firefly, Elliptic Curve Cryptography, Cross-Domain Solution, Security Kernel, Single-Point Keying, OpenSource, Data Format Description Language, VirtualBox, el Gamal, AES, Fourier Analysis, DES, Galois Fields, Sink-Source & Dykstra’s Algorithm, χ², Gaussian Distribution, Error & Unit Propagation, GraphViz, DOT Graphics Library, OpenGL, Optical Character Recognition, ASN.1, 1-Wire Protocol, Full-Scale Development Article, H.263, SNMP, TCP/IP, RS232, TL-1, SONET, AVI
Languages: English (native), French (fluent), German (conversational), Italian (conversational)
Work Experience
TimeHorse, LLC, Herndon, Virginia | |
2009
–
present
|
CEO, CTO |
Objective C, Apple Developer Program, iOS, Subversion, Trac: Designed, developed and released the
Lothar app for the
iPhone. The app challenges users
to solve the long-standing 3n+1 mathematical problem known as
the Collatz Conjecture. Available in the App
Store |
The US Naval Research Laboratory, Washington, District of Columbia | |
2002
–
present
|
Senior Staff Software Engineer |
Python 3, git, MS Word, Confluence, Test-Driven Development, Agile Development, Team Development, Design Documents, COA Documents:
Member of the Hawkeye Tactical Sensor Grid 2.0 development team. This project has a one year development timeline. Was involved in the early planning, including initial development and writing design documents and Course of Action (COA) Documents. Developed some code for this system in Python 3 using Git
|
Python 3, ISO C++, Abstract Syntax Tree, Open XML Markup Documents, PDF Parsing, Malware Detection, Solo Development:
Principle developer on the Majestic research project. The project endeavors to use Abstract Syntax Tree (AST) analysis to look for common patters of malware in the shape of these trees. Modified PDFParser to provide AST data in XML. Wrote Python 3 to parse Microsoft Open XML Markup documents (DocX, XlsX, PptX, etc) into AST via XML
|
Escalate by 3Point, Malware Detection, Solo Development:
Managed section account with 3Point for the Escalate training software. Completed many of the Escalate challenges in rapid order
|
Python 3, REST, JSON, git, Docker SDK, Solo Development:
Wrote a Docker component for PDFParser in the Malware Catalog using the REST API and JSON in git
|
Malware Detection, IDA Pro, x64dbg, x32dbg, REMnux, Portable Executable Format, VMWare, Windows 10, Active Server Pages, Dynamic Analysis, Static Analysis, Solo Development:
Analyzed a piece of malware found by NCIS, examined encoded document payloads, the including Active Server Pages (ASP), and 4 Portable Executable (PE) using REMnux, IDA Pro, x64dbg, and x32dbg on Windows 10
|
MFC, UNIX, CentOS, Ubuntu, JavaScript, PDF Parsing, SeaMonkey JavaScript API, Dynamic Analysis, Common Vulnerability Exposures, ThreadGRID, Cuckoo, OPSWAT, git, Solo Development:
PDFParser is a sandboxed runtime analyzer using Dynamic Analysis of PDF files which can detect numerous known Common Vulnerability Exposures (CVE) and other common PDF malware exploits. Ported PDFParser from Windows to UNIX. Adapted it for CentOS and Ubuntu, using the SeaMonkey JavaScript library. Tested with 30,000 sample corpus and compared with ThreatGRID, OPSWAT and Cuckoo. Researched competing PDF malware detection tools in preparation for public, OpenSource release of git repository
|
LLVM, Flex, Bison, IRC, UDP, SICD, MPEG, Python 2, Cross-Domain Solution, Full Life Cycle, Solo Development:
Developed the Protocol Reference Overview Specification Enumeration (PROSE) standard. PROSE allows an interface to be defined in such a way that, using Flex, Bison, and LLVM, a software interface can be built conforming to the PROSE-specified API. Examined the Internet Relay Chat (IRC) and User Datagram Protocol (UDP). PROSE was tailored for the Resilient Embedded Environment (REE) under the Advanced Sensor Technology, High Assurance Guard (AST HAG) Cross-Domain Solution (CDS). Studied the Sensor Independent Complex Data (SICD) and Motion Picture Experts Group (MPEG) protocols for potential security holes using Python 2
|
zero-mq, ISO C++, Solo Development:
Modified the Enabling Capability (EC) messaging system by updating the Panser Daemon, PanserD, to use zero-mq messaging
|
ISO C++, Generic Programming, UNIX Shell, bitbake, rsyslog, gdb, SFTP, XSLT, Xerces, Apache, Coverity, Cross-Domain Solution, Team Development:
The Network Pump-II was a project which would upgrade the original Network Pump Cross-Domain Solution (CDS), which only allowed data flow from low-to-high, to be a fully bi-directional CDS with traffic allowed to go from both low-to-high and, once scrubbed, high-to-low. Worked on Watchdog and Monitor Daemons to perform housekeeping functions on Pump-II in ISO C++, Generic Programming, and Unix Shell Script. Configured logging for Pump-II including interfacing with rsyslog. Implemented the Pump-II Task Orchestrator. Designed a patch for SFTP. Wrote XSLT to generate Trusted Subject configurations with Schema validation in Xerces. Worked with Apache. Analyzed Pump-II code with Coverity and other code efficiency tools.
|
Scala, XPath, XML, Regular Expressions, Data Format Description Language, VirtualBox, IntelliJ, OpenSource, Team Development:
Worked, with Tresys, on Scala-based Daffodil. Daffodil is an one of two canonical specifications for the Data Format Description Language (DFDL) specification which at the time was under ISO review. Now apart of the Apache Incubator, the OpenSource Daffodil project was developed to convert any, arbitrary specification into a concise XML or JSON. Developed Daffodil as part of the Tactical Assured Information Sharing (AIS) effort with NSA and sponsored by Assistant Secretary of Defense for Research and Engineering(ASD R&E). Used XPath to transform data and Regular Expressions to identify fields
|
Python 2, ISO C++, XML, XQuery, XSLT, Excel Basic, VHDL, Abstract Syntax Tree, Antlr 2, JOVIAL, Optical Character Recognition, Abbyy Fine Reader, Rational Rhapsody, SAXON, Solo Development:
In order to provide upgraded firmware to the Raytheon AN/AGP-73 RADAR, which Raytheon no longer supported, analyzed the schematic diagrams for the equipment and generated Excel spreadsheets of connection diagrams using Optical Character Recognition (OCR) using Abbyy Fine Reader and Excel Basic. Used XML, XQuery, and XSLT, via SAXON, to transform the data retrieved from the spreadsheets and then created VHDL mnemonic op codes to build a functional model of the components in firmware. Documented the design using Rational Rhapsody, using it to then generate C++ code and designed a build system using Antlr 2, building Abstract Syntax Tree (AST). Parsed JOVIAL and built JOVIAL tests. Used Python 2 to parse the 1750A processor spec into XML
|
Python 2, XSLT, XML, XQuery, XPath, BaseX, XML Schema, ARM Thumb, Portable Executable Format, OpenGL, GraphViz, DOT Graphics Library, Subversion, OpenOffice XML, Visio, PowerPoint, Solo Development:
Used Python 2 to parse the Common Language Interface (CLI) of the Partition II Metadata document which defines the Portable Executable (PE) Format, building XML. Converted code to XSLT and, with SAXON, converted documents to XML. Optimized XPath queries. Based on the BaseX definitions, used XQuery to analyze various Intel programs. LoadedPE Data into an SQL Database and generated XML from SQL requests. Wrote an XML Schema to define the PE format. Researched OpenGL, GraphViz, and DOT Graphics Library Programming languages. Used GraphViz to generate PDF from XML. Code stored in Subversion; Researched parsing ARM Thumb, .NET, OpenOffice XML, Visio, and PowerPoint formats to see if they could be generated from XML
|
PowerPC Assembly, Galois Fields, AES:
Wrote an implementation of AES in PPowerPC Assembly, using Galois maths, modulo products, and Counter Mode, as well as careful use of registers
|
Dynamic Byte Code, Trusted Platform Machine, GRUB, CoreBoot, ALDO, Solo Development:
Designed a many-to-one, dynamic Dynamic Byte Code language to allow Just-In-Time execution without a disk footprint as codes would be interpreted in memory alone. Because multiple opcodes could do the same thing, it would be difficult to piece together the code logic from straight static inspection. Developed a Trusted Platform Machine (TPM) for the proposed Secure Hardware Execution Platform (SHEP), modifying the GNU GRand Unified Boatloader (GRUB) and installing CoreBoot into the machine BIOS. Actively developed CoreBoot to add necessary features. Adapted to use ALDO Morse e Code interpreter. Documented all work
|
JQuery, Facebook Security, Facebook Client Code, Team Development:
Developed a browser plugin, which added a button to automatically configure Facebook to lock down a given account’s Security using JQuery and calling the Facebook Client Code
|
Service Oriented Architecture, Security Assertion Markup Language, Distributed Denial of Service, PowerPoint, Team Development:
Researched Service Oriented Architecture (SOA) wish Security Assertion Markup Language (SAML) 2.0. Researched Distributed Denial of Service (DDOS) attacks on SOA. Wrote summary paper and PowerPoint presentation
|
Agile Development, Cross-Domain Solution, Team Development:
Designed elements of the Programable Embedded INFOSEC Product (PEIP) III (MILES) software including data channel acceleration, memory map layout, and documenting these components. Documented meetings to design page
|
Agile Development, Python 2, C, CodeSurfer, Firefly, Elliptic Curve Cryptography, PowerPC Assembly, Subversion, CVS, VMWare, HTML, ASN.1, make, Autotools, CXX Test, 1-Wire Protocol, Test-Driven Development, Full-Scale Development Article, Cross-Domain Solution, Security Kernel, Design Documents, Full Life Cycle, Team Development:
Designed and Developed the PEIP-II (KG-3x) multi-channel Cross-Domain Solution with data isolation satisfying NSA. Developed requirements and wrote design documents in the Full-Scale Development Article (FSDA). Design Lead some elements of the project. Developed code using Test-Driven Development and CXX Test. Wrote parsers for various hardware components, including ASN.1, in C. Wrote Firefly and other Elliptic Curve Cryptography algorithms in C. Analyzed Security Kernel in C. Developed a series of big number maths routines in C and PowerPC Assembly. Wrote a mock ISO C99 implementation of printf to aid in hardware testing. Wrote Python to generate proper code documentation. Used Autotools and complex make options. Optimized code using CodeSurfer, reporting program deficiencies to makers of the tool. Prepared verbal presentations about architecture for NSA. Hired software contractors
|
ISO C++, Qt, Benign Fill Keying, TCP/IP, UDP/IP, Boost, Visual SourceSafe, Subversion, Trac, XML, DTD, Python, Team Lead:
Designed and Developed the Last Mile Key / Product Management Prototyping architecture subsystem for Benign Fill Keying. The chief products were the Single-Point Key (SPK) and later Single-Point Command and Control Keying (SPC2K). Both products interfaced with key loading hardware following military specifications. Prototyped functionality in Python. They communicated via TCP/IP and UDP/IP protocols and were developed in ISO C++ using Boost and Qt. Used XML, with DTD, to allow for dynamic user interfaces based on site needs. Interfaced with PEIP software. Initially used Visual SourceSafe but migrated to subversion and Trac. Developed funding proposals
|
The Nasdaq Stock Market, Gaithersburg, Maryland | |
2000
–
2001
|
Development Lead |
ISO C++, STL, OOA, OOP, OOD, real-time, client-server, MSVC++, Win2k, ATL, COM+: Design, Develop complex market algorithms for Stock Market
Analysis system |
XML, ISO C++, STL, OOA, OOP, OOD, MSVC++, ATL, COM: Design, Develop data Logger |
Education
SANS Institute, Rockville, Maryland | | 2018 |
FOR610: Reverse-Engineering Malware: Malware Analysis
Tools and Techniques |
Studied IDA Pro,
REMnux, and various malware tools to
investigate Portable Executable,
Microsoft Office, and
PDF malware vectors |
Arnewsh, Inc, Fort Collins, Colorado | | 2003 |
MPC860 PowerQUICC/MPC821 PowerPC
Microcontrollers |
Attended course in California going over the specifics
and nuances of the PowerPC architecture and the MPC860
specifically |
Montgomery College, Rockville, Maryland | | 2002 |
Advanced Java Language and Certification |
Teaching Assistant as well as study, Certification in
Progress |
McGill University, Montréal, Québec | | 1995 |
B.Sc. in Computer Science |
Originally studied 2 years in Physics |
deprecated |
Interests and Activities
Computer Languages,
Scientific Literature,
Writing (See The Witness Paradox),
Electric Cars,
Music Composition,
Acting,
Cosplay,
Linguistics,
Doctor Who,
National Popular Vote Interstate Compact,
The Equal Rights Amendment,
Exotic Travel,
Toastmasters,
Modern Board and Card games,
Vegetarian,
deprecatedAviation
Bibliography
A collection of short stories of Time Travel gone
wrong, featuring Let’s Kill John A. or John Wilkes Booth Must
Die.
A collection of short stories of ancient and forgotten
artifacts, from Virginia writers, featuring The Twin
Dilemma.
Lori Mitchell,
Jeffrey C. Jacobs et al.
Bleed.
Perpetual Motion Machine Publishing,
16 August 2013 An anthology of horror stories and personal tales;
proceeds from the sale are donated to The National Children’s Cancer
Society, featuring The Unstoppable
Annihilation.
A collection of short stories of strangers coming to
town, from Virginia writers, featuring HOX D2: A Love
Story.
A collection of short stories of long lost works of
art, from Virginia writers, featuring The
Arctanthropist.
A collection of short stories from Virginia writers,
featuring Mission, Empty, and
Branes, 3 Twelve-Word Stories.
A collection of short stories from Virginia writers,
featuring Mission, Empty, and
Branes, 3 Twelve-Word Stories.
deprecateddeprecateddeprecateddeprecateddeprecateddeprecateddeprecated
Follow my socials!