I have been an independent consultant for more than 15 years, working on
My résumé is available in HTML, PDF, and plain text.
I live in Ocean City, NJ and have worked remotely since the mid 90s, across time zones and continents.
I've worked on computer security research, software quality, development processes, web applications, general applications, operating systems, file systems, user communications, privacy, e-commerce.
I would like to work on some of these topics going forward... and learn new things. I want to solve problems with computers, by creating high quality trustworthy programs.
In 2013-2020 I was a part time remote consultant for a financial services company in Denver that managed billions of dollars of clients' money. I did multiple projects to help them with security, security metrics, Unix administration, SOC2 and FINRA audit planning, evaluation of third-party security software, and so on. (They laid off all their contractors in 2020 due to COVID.)
From 2007-2013 I was a full time remote consultant, working with one other person on e-commerce security and Internet web search for a Swiss company. We designed an unforgeable "authorized dealer" seal for retailer web sites; we also built a Java-based system that searched the World Wide Web monthly for unauthorized and counterfeit product sales and presented this activity to management.
I have many years of experience designing and building complex systems and applications to support business requirements and growth. I've designed and built security into operating systems and applications. Security and quality are deeply intertwined. My ideal role would let me contribute to both areas.
I have worked on operating systems development in research and commercial organizations, on security research as a contributor and as a principal investigator, on Internet commerce protocols and software, on software quality assurance and metrics, and on Web development, deployment, search, security, and usage reporting.
I've been working on computer security since the 60s. I learned from the best, and shared what I learned. Operating system security was where I began, but as computer use spread, the need for security spread too. I have worked on application level security and electronic commerce. I was one of the authors of the CORBA Security Specification in the mid 1990s. I was a member of the Program Committee for the IEEE Symposium on Security and Privacy in the 1990s. While working at CyberCash I assisted JavaSoft in design of the Java Electronic Commerce Platform and contributed to the Java Security Specification. I also led CyberCash's team in a multi-company test of the Secure Electronic Transaction protocol.
While consulting for the financial services company, I worked with development, system admin, and computer support organizations. This included interviewing candidates for a full time Security Manager post; creating an internal Security Dashboard website that displayed security metrics and information; evaluating and installing third-party security products; business continuation planning; planning for SOC2 type 2 and FINRA audits; and providing advice on Unix, Macintosh, and Internet security.
I was a key contributor to the development of Multics, which influenced most modern operating systems. I contributed to system initialization, security, login, administration and accounting, operations, system management, documentation, error handling and recovery, development process, file system, transaction processing, and many programming tools. I worked at MIT Project MAC on Multics as an ARPA-funded computer systems research project, then took operational and management roles at MIT to deploy Multics as a service, and then joined Honeywell's Multics team to work on operating system internals, features, and management.
At Tandem Computers, I worked on the file system and architecture for a future generation operating system.
At Taligent, I worked in the File System team on computer security issues for the Taligent Pink and Mach based systems.
I was invited to be a member of the SRI/Cambridge CTSRD External Oversight Group, reviewing plans for CHERI.
I have been learning about and advocating software quality for my entire career. Building quality into computer systems is a major concern for me.
I have been a Quality Assurance manager at a computer manufacturer, and have contributed quality strategies and tactics to many development teams.
I'm interested in how a team's culture and development process affect a project's success. I have used many different processes, and helped specify and evolve successful approaches.
I'm effective in teams and on my own, when designing, building, documenting, and assuring complex software systems.
I began system administration in the mid 60s, and designed and implemented system administration facilities for multiple systems. I believe in principle driven design, systematic design and operational documentation, and comprehensive assurance for system administration, and have built these facilities into deployed tools.
I produce attractive web sites that present complex data in useful forms. My web design portfolio describes these.
My home page has my articles on quality and security, open source code for web page enhancements, and thorough documentation for expandfile.
... design them, build them, improve them, and maintain them
I have been building web sites since 1994. https://multicians.org/ is one I am proud of. See Multics Website Features.
... explain what's possible, what isn't possible, and what's worth doing.
... catalogue risks in an existing system and suggest what to do first.
Since the 1960s, I have worked on building protection into systems. I have focused on vulnerability prevention and system recovery for large systems of programs, and on designs and protocols for proposed future systems.
... design, build, document, and assure complex systems of programs, using appropriate processes and technology.
I've written essays about how to do it right. If a project is having problems meeting its goals, I can help.
I've worked on operating systems internals for many systems, and seen how these systems work and what their limits are.
I have released useful code on my website and GitHub under the MIT license.
... help teams understand how to accomplish quality objectives.
... describe programs and processes in sufficient detail.
... manage teams to produce high quality results