LANDON CURT NOLL
Short form resume, for detailed info see my Bio / Vita and Home links below

I am seeking to make a Positive Difference in the development and use of the Internet. Computers are a means, not an end. It takes an easy to use and widely used Internet to make them useful.

The purpose of Security is to enable an appropriate level of Availability, Integrity and Privacy for the services offered. Well designed and maintained security is a Positive, not simply something that denies certain actions. It Enables one to function well in the real world with your eyes wide open.


Experience

  • 32+ years experience with Unix (since 1974) (Linux, OS X, Solaris, IRIX, etc.)
  • Knowledge of Key Management Services
  • Knowledge of Linux system internals
  • POSIX P1003.1 and P1003.2 standards work
  • ISO 17799 assessments
  • Ported, tuned and maintained numerous Unix kernels
  • Verifiable Red Hat Certified Engineer (RHCE) certificate number 803004803110157
  • ISACA/CISM

  • Cryptographic Research
  • Cryptographic Development
  • Knowledge of Cryptography, Cryptology, Digital Signatures, Digital Certificate Hierarchies, etc.
  • Experience with Authentication and Authorization systems
  • Knowledge of MIT Kerberos v1.3 client and server code

  • Application security design and analysis
  • Extensive software architecture, design and development experience
  • Extensive Security background: System, Network and Applications
  • Created and maintained Linux ipchains based 3-way firewall

  • Experience with TCP/IP and UDP/IP based communication
  • Experience with Un*x sockets / message passing / inter-process communication
  • Knowledge of NNTP, NTP, FTP, SMTP, HTTP and misc Internet Protocols
  • Significant contributor to the development of INN - InterNetNews
  • Designed and maintained several award winning web sites
  • Author / co-author of several programs used throughout the Internet

  • 32+ years experience with C (since 1974)
  • Extensive knowledge of Perl, Awk, Shell
  • I have also used Java, C++, Javascript to some extent

  • Founder and judge of the International Obfuscated C Code Contest
  • Published numerous papers (Mathematics, Cryptography, Software, etc.)
  • Co-holder of LavaRand patent, a Lava Lite® based cryptographically strong seed generator
  • Co-developed the Fowler/Noll/Vo hash also known as the FNV hash
  • Elected to public office, established Sunnyvale's method of web service
  • Discovered or co-discovered many large primes
  • Eight World records for large prime numbers; Guinness Book of Records (1980, 1990)

  • Some hardware experience: CPU, MMU, FPU design

Recent Employment

  • Cisco Systems - Nov 2007 to date
    Cryptologist / Security Architect: Do interesting things in the Cisco Research group. :-)

    Key Management Service Architect: Co-developed the URL model for Key Management Services (KMS). Founding member of the IEEE P1619.3 Key Management working group. Made significant design contributions to the IEEE KMS model. Authored major sections of the P1619.3 Key Namespace model. Chair of the P1619.3 Key Management Objects & Operations Ad-hoc committee.
  • SystemExperts Corporation - Nov 2005 to Nov 2011
    Security Consultant: Provided Security consulting, Security architecture, Emergency response, System management to SystemExperts clients.
  • NeoScale Systems - Nov 2005 to Nov 2007
    Cryptologist / Chief Security Architect: Test and improve existing cryptographic products. Provide design, vision, and cryptographic expertise for new cryptographic products.

    Key Management Service Architect: Conceived, designed and architected the URL model for Key Management Services (KMS). Founding member of the TGC Key Management Services Subcommittee. Founding member of the IEEE P1619.3 Key Management working group. Made significant design contributions to the IEEE KMS model. Authored major sections of the P1619.3 Key Namespace model. Chair of the P1619.3 Key Management Objects & Operations Ad-hoc committee.
  • SystemExperts Corporation - Nov 2000 to Nov 2005
    Security staff: Provided Security consulting, Security architecture, Emergency response, System management to SystemExperts clients.

    Client services: Fixed memory leaks, malloc problems and initialization problems in MIT Kerberos v1.3. Performed entropy analysis on web authentication. DoS (Denial of Service) testing against a client's router product. Tested security of baseline Linux distributions and made recommendations to further harden systems. Scanned external and internal networks. Tested the security of multiple web applications. Performed numerous security-based source code reviews. Examined numerous network architectures. Performed ISO 17799 assessments. Web application security testing. Computer & Network forensics.

  • Certive - Jan 2000 to Nov 2000
    Architecture: Architecture development for Certive business to business services. Development: Created and developed product demos showing that the required level of service integration was possible. (Sorry, NDA's do not allow me to give more details.)
  • SGI - Apr 1995 to Jan 2000
    IS Services: Setup/tuned internal and external INN news servers; Served as cryptographic architect for ISI (Information Security Infrastructure).
    Network Architecture: Senior architect for design and build-out of a wide number of Internet and Intranet services within SGI.
    Professional Services: Tuned INN, XFS, I/O sub-system, IRIX kernel; created news server that supported customer base of 1.8 million users Created 1st PS web based service methodology.
    Linux Networking: Distributed memory architecture for Linux clusters Designed and built Low cost Linux based firewall for home/small office use.
  • City of Sunnyvale - Nov 1993 to Nov 1997
    Sunnyvale City Council: Vice Mayor 95-96; Tech sub-committee chair, 97 County Emergency Preparedness Council chair, 94-97; Established city domain and co-authored 1st city Web site, 93 Presided over a $150 million performance based budget; balanced for 20 years.
  • See my Bio/Vita link below for a complete employment list going back to 1979.

Education


Recent Cryptographic / Host / Network Security Experience

  • Designed the Management Service client/server model used by IEEE P1619.3
  • Created the Key Management Service URL model
  • Authored the specification for the km, rn, and 00 key address families for IEEE P1619.3
  • Worked in a team that created the first Key Management Service (KMS) toolkit
  • Designed and wrote an PKI for corporate enterprise
  • Designed and wrote API for smartcard authentication using RSA BSAFE
  • Discovered/reported public key prime selection flaw in a public key product
  • Designed recovery process for lost root CA certificate servers
  • Evaluated, discovered, reported security flaws in several security products
  • Researched/implemented method for estimating security risks: attack trees
  • Improved Shamir's on a partial key escrow idea
  • Implemented and released a faster SHA-1 cryptographic hash
  • Wrote tool to distribute search that discovered a MD5 hash collision
  • Helped improve a HTTP re-direction proxy to process with SSL sessions
  • Implemented SSL access to imap using stunnel/openssl
  • Discovered and reported cryptographic flaw in JDK v1.1
  • Entropy to cryptographically strong random data research
  • Implemented, patented method for generating cryptographically strong seeds
  • Designed and wrote daemon for emitting cryptographically strong random data
  • Fixed memory leaks, malloc problems and initialization problems in MIT Kerberos v1.3
  • Web cookie Entropy analysis
  • Web application security testing
  • Router DoS (Denial of Service) testing
  • Linux distribution security baseline testing
  • Network scanning
  • security-based application source code reviews
  • ISO 17799 assessments
  • Computer & Network forensics
  • Designed, wrote tool to hide customer identity in NNTP activity logs
  • Configured, tuned a single inn (NNTP) server to support 1.8 million users
  • Wrote/contributed tools to help distribute Netnews via inn (NNTP)
  • Wrote tool to simulate high speed multi-host NNTP feeds
  • Performed statistical cryptographic analysis on AES round 2 block ciphers
  • Implemented and maintained a 3-legged firewall using ipchains and ipmasqadm
  • Wrote TCP/UDP port blocker to block common system cracker ports
  • Implemented isolation zones for DNS, NTP, boa, wu-ftpd services
  • Designed, implemented isolation for multiple virtual web servers on a host
  • Configured bind v8 (DNS) server to be resistant to some common DNS attacks
  • Enhanced SafeTP (RFC 2228 FTP) to permit passthru on a firewall
  • Designed, wrote tool to compute CIDR ranges between IPV4 addresses
  • Designed, wrote tool to sort IPV4 addresses
  • Designed, wrote tool to filter out dangerous HTML from SMTP streams
  • Tested network security of several major corporate networks under contract
  • Designed and maintained time (NTP) infrastructure service
  • Wrote a multi-host syslog monitor to visually report suspect events
  • Wrote tool for safely rolling log files
  • Wrote tool for tailing security logs across log rollovers

Additional Experience

  • Web development
  • Professional service methodology design
  • Professional service delivery
  • Mathematical computation
  • International Obfuscated C Code Contest
  • Holding public office

See my Bio/Vita for information on those topics.


 
Landon Curt Noll's postal contact info
Home page: http://www.isthe.com/chongo/
Resume: http://www.isthe.com/chongo/resume.html
Bio / Vita: http://www.isthe.com/chongo/bio.html
Wikipedia entry: http://en.wikipedia.org/wiki/Landon_Curt_Noll
Contact info: http://www.isthe.com/chongo/address.html
Access #: $Revision: 1.56 $ $Date: 2011/11/08 22:31:20 $
Landon Curt Noll's phone and e-addr

Valid HTML 4.01!