Resume of Vinnie Moscaritolo

Vincent Moscaritolo

541-840-9152

SUMMARY
Senior level software architect / project leader with demonstrated ability to quickly scale steep learning curves and deliver products on time. Exceptional communication and customer service skills with extensive real world experience (30+ years) in the design of system software and network applications with a focus on cryptographic engineering and Internet security.
A number of my publications and presentations are available online.

TECHNICAL SKILLS

Languages

C / C++
Cocoa
Asm
PHP
Perl
JavaScript
HTML/CSS

Operating Systems

Mac OS-X
Unix (BSD)
Embeded Systems

AVR
Basic Stamp

Technologies

Network Protocols
Cryptography
User Interfaces

EXPERIENCE

PGP Corporation. Menlo Park,CA 03–

Senior Cryptographic Engineer

FIPS Validation FIPS-140-2 validation is a requirement to sell into the federal sector. I established and remain responsible for obtaining and maintaining validations for NIST Cryptographic Module Validation Program (CMVP) FIPS-140-2 and algorithm validation (CAVP). Drafted Security Policy, designed, developed, and integrated code changes necessary to meet such certifications and established internal standards to make these certifications a standard part of the development process. PGP Software Development Kit (PGP SDK) 4.0 - IN PROGRESS 3.12 1101 3/11/09 3.11 1049 10/17/08 3.10.3 1049 10/17/08 3.8.1 765 10/22/07 3.7.1 765 05/02/07 3.5.3 630 03/03/06 PGP Cryptographic Engine 4.0 Also known as the mini SDK, used in kernel mode operations such as the Whole Disk Encryption. FIPS validation of both the algorithms and module was required for both Common Criteria status and selling WDE into the Federal market.I added in FIPS-140 support to the mini SDKand repackaged it as the PGP Cryptographic Engine 4.0.This involved adding in states for FIPS FSM and integrity and self test support for FIPS mode.Validated t the code on Windows,OSX and CentOS. Drafted Security Policy and FInite State machine Documents, developed operational test code and algorithm test suite. Japan Cryptographic Module Validation Program (JCMVP) I was responsible for technical issues related to PGP SDK 3.12.0 achieving JCMVP validation #F0011. This process although similar to FIPS-140 was very detail oriented. PGP is the only non-Japanese company to achieve this validation. Desktop Client and SDK Engineering While primary responsibility is software development for PGP's cross platform cryptographic core library, I on occasion develop code for the OSX PGP Desktop client. Items I have been responsible for or contributed to include: PGP SDK - FIPS 140 Self Tests, Algorithm Validation and Operational tests. - Cross platform secure file deletion. - Cross platform Persistent passphrase caching (OSX Keychain) - OSX Token support - OSX intel 386 and x86_64 support - Tar Cache (PGP Zip Archive editing) - Export and Import of PGP sub-keys. - Unix and OSX pgp-agent backend daemon - OSX internationalization support - Passphrase secure input - MacBinary issues - Support for http keyservers - general bug fixes and API enhancements as needed. - Algorithm Performance tests (cmdline --speed-test) Desktop Client - PGP Virtual Disk Client and kernel driver OSX development - Network Kernel Engine (PGPnke) SMTP,POP, IMAP and AIM redirection - pgpdisk command line utility - PGPShredder (secure file deletion app) - OSX Virtual Disk compatibility with PGP Portable, - Duress Key for OSX Virtual Disk - PKCS-11 module token support. - Anonymized Recipient support. - FIPS support in client. - Key Reconstruction for both managed and unmanaged users - X.509 Certificate import wizard. - Service Menu support, (Finder Context Menu removed in OSX 10.6). - Managed features: ADK policy, Disk engine prefs, master keys, - PGP Archive processing - Apple MobileMe Keychain Syncing - PGP command line OSX issues. - general bug fixes and enhancements as needed. Architecture Papers Using PGP to Secure Content to Groups. This paper presents a simple method to secure content in a many-to-many relationship that is compatible with the existing OpenPGP protocol. While this method is described using the metaphor of email operations, it is also easily adapted to the social network space and file sharing as well. As proof of concept, I have developed and checked in a code library and server code that can easily be added to any PGP application. Using PGP to Secure Content in the Clouds This paper details some ideas/building blocks that enable an OpenPGP packet to describe, encrypt and sign items that are stored separate from the packet itself. This has applications in securing cloud storage, managed file transfer and social networking. As proof of concept, I have developed and checked in a code library that will encrypt and upload content to Amazon Simple Storage Service (AWS S3) using this method. New Directions for Self-Destructing Data Systems (Contributor to University of Washington USENIX paper) This paper seeks to advance the state of the art in practical self-destructing data systems that secure sensitive data from disclosure in our highly mobile, social- networked, cloud-computing world. Our work facilitates the automatic, timed, and simultaneous destruction of all copies of a self-destructing data object (such as a message or file) without any explicit action by the user and without relying on any single trusted third party. Securing data in web applications with PGP This paper discusses the various options for using PGP technology to extend the web client with the goal of securing web data with and without the consent of the web site operator. As proof of concept, I have developed and checked in a NPAPI web browser extension that makes select SDK functions such as encrypt and decrypt available to the web developer through a javascript toolbox . This plugin also can display decrypted PGP content in the web browser. Web Service Login using PGP Public keys This interactive paper demonstrates an alternative to the password that employs PGP keys to access a web-service. As proof of concept, I have developed and checked in a NPAPI web browser extension that enables cryptographically strong user authentication and web service login. PGP Identity Management This paper discusses ways to implement federated identity management using strong-cryptography and the same PGP key infrastructure that is widely deployed on the Internet today. Pretty Good Authentication A discussion of the limitations of traditional user authentication and authorization methods to control access of services over the Internet. Why passwords are risky; attacks and exploits. As an alternative, how to use OpenPGP to create a lightweight but very secure authorization protocol to grant and transfer user access privileges using authorization certificates signed with strong public key cryptography. PGPticket - A Secure Authorization Protocol A lightweight but very secure authorization protocol based on the SPKI and OpenPGP standards is designed to control access of services over a public network. PGPticket grants and transfers user access privileges through authorization certificates signed with strong public key cryptography. Patent support Duress Key for OSX Virtual Disk Per request of Jon Callas, I implemented support for duress key feature for unmanaged users of OSX Virtual Disk.Given a virtual disk, in an emergency a user might wish to remove their ability to access the disk, but give a trusted third party agent that ability. In effect arecovery token for unmanaged users.. Brown bag presentations 2/17/2010 - Using PGP to Secure Content in the Clouds 12/18/2008- Securing Web Content 12/18/2008- Cloud Service Authentication 2/18/2009 - FIPS 140-2 and the PGPsdk PGP Public Blog entries: Vinnie's Views http://blog.pgp.com/index.php/category/vinnies_views/ - Data Security Is Not Just for the Big Guys - Trust Us, It's Secure Encryption Technology - Send Lawyers, Spies and Log Files - Stimulating the Security of Medical Records. - Securing Content in the Clouds. - Some Thoughts About Facebook, OpenID and Secure Authentication - PGPsdk and FIPS-140 - PGP Identity Management: Secure Authentication and Authorization over the Internet Law Enforcement/ Intelligence Community I am very concerned about the use of PGP and encryption technology by criminal and terrorist actors. In an effort to assist and train law enforcement and also gather feedback about potential vulnerabilities and threats I have made it a priority to represent PGP at the following venues. Most are invite only and require the participant to be vetted by some form of background check. Information Technology Study Group (ITSG) Workshop Oct 2008,Apr 2009, Oct 2009, Apr 2010 The ITSG workshop is by "invitation only" and is intended for law enforcement organizations and members of the information/communications technology industry community.The purpose of the ITSG is to bring together key individuals from law enforcement and industry in a study group to examine the relationship and advancements in the area of information/communications technology, its impact on effective law enforcement, and the need for improvements in the area of technical investigative technology. The intent of the workshop is to establish a forum for ongoing discussions and information exchange between the information/communications technology industry and the law enforcement community. Aug 2009- Cloud Security Alliance / NRO Panel Member - Encryption & key mgt.
InfraGard InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

VM Engineering. Medford, OR		02–03
President/Owner

	RVMRC-1. Designed and produced module to control block signal lighting for Rogue Valley Model Railroad Club. The module is based on Atmel AVR/Atmega-8 and communicates to via a shared serial bus to other modules which can be used to detect track presence and perform rule based block signaling.

	LC-3. Updated LC-2 design (below) to use the Atmel AVR/Atmega-8, MAX3713 and MAX6818. This provided lower cost and added higher reliability to the LC-3 Hot Rod Lighting Controller Module.

BlueSpruce.
I architected and developed BlueSpruce, a request tracking and management tool designed for customer support organizations with a web presence. Based on php/MySQL, it is 100% web based and runs on a variety of Unix-based server platforms (MacOS-X/Solaris/FreeBSD/Linux).

LC-2.
I designed and prototyped LC-2 a microprocesser based lighting control module for Hot-Rod and Custom Car fabricators. LC-2 intelligently controls the headlights, parking lights and interior lights of a vehicle based on a number of inputs and conditions. Based on the Parallax Basic Stamp, this module is easily installed as an aftermarket component.

Apple Computer Inc. Cupertino, CA 98–02

Senior Engineer/Scientist

Application Frameworks Engineer.
Upon delivery of CarbonLib 1.6, I transitioned to Application Frameworks team and became quickly familiar with Mac OS X source base. Contributed to MacOS X Jaguar release by fixing bugs in HIToolBox (Carbon) Framework.
Carbonlib Team Lead.
Carbonlib 1.6 was designated to be the final release, focusing on performance and reliability. As team lead I was responsible for: defining and identifying areas to be improved, drafting the ERS, screening, prioritizing and assigning bugs to appropriate engineers, weekly builds, release notes, fixing bugs and implementing new features. In addition I represented Apple as primary Carbonlib engineering contact for Adobe Corp.
Carbonlib Engineer.
I transitioned to CarbonLib team (8/00) and quickly became familiarized with CarbonLib source base. Contributed to CarbonLib 1.1.1 to 1.5 release by fixing bugs and implementing new features related to Carbon event management and various other toolbox functions. I also implementing new features and/or API calls for Carbonlib. Acted as Integration Engineer for CarbonLib process. Responsible for weekly builds and release notes.
Mac OS Release Engineer.
Contributed to Mac OS Fortissimo System release by fixing bugs and implementing new features and/or API calls to areas such as the Alias, Resource Manager, Folder Manager and PPC Toolbox.
Developer Technical Support Engineer
Provided developer engineering support for OpenTranport Network programming, Power Management, Storage Management (ATA,SCSI, CD-ROM) and Mac OS security issues. In addition I produced a number of educational materials including sample code, technical notes and seminars.

Pretty Good Privacy Inc. Redwood Shores,CA 97–98

Chief Consulting Engineer

I was responsible for establishing and managing the Developer Services group at PGP/Network Associates. This included both technical and legal (export control) support programs for both OEM and business development, developer services problem escalation process, support knowledge base, fee based programs for consulting services and a developer services web presence (Pearl/PHP). I was also responsible for overseeing all cryptographic and security consulting operations.

Apple Computer Inc. Cupertino,CA 95–97

Senior Engineer/Scientist

Developer Technical Support Engineer
I worked closely with third party developers and engineering teams at Apple to resolve developer questions and concerns and provide engineering support and consulting on Apple Network, Communications & Hardware products. I produced a number of educational materials including sample code, technical notes, seminars. I also designed and implemented a website to act as a comprehensive resource for Apple's OpenTransport Network developers. This website was used as a timely delivery medium for SDKs and beta releases, repository for White papers, FAQ's, user documentation, developer notes, references, industry specifications, Sample Code, Snippets, Mailing Lists information, and other Programming Tools. Founded and produced the Macintosh Cryptography and Internet Commerce Software Development Workshop.

Software Studios. San Luis Obispo, CA 94–95

Chief Software Architect

I conducted research on the implications of object oriented technology and software agents to workflow management and business process reengineering. I architected and prototyped Black Rhino, a workflow management framework targeted at business unit owners who wish to reduce direct processing costs, by visually identifying and implementing the business process. Black Rhino can be tailored to automate the business process workflow without the overhead of a programming staff, and improve it by visually identifying critical steps. Unlike other workflow management systems, Black Rhino employs agent technology to address the needs of mobile users and to make intelligent workflow decisions.

VM Engineering. Cambridge, MA 86–94

President/Owner

VM Engineering provided Mac OS systems software development services. I have worked with a wide variety of clients, delivering both consulting and development of network & communication drivers, protocol stacks, routers, e-mail gateways, and external file systems. I have also been responsible for the development of several NuBus cards and ADB peripherals. (See contract experience below)

Datavox Corp. Salem, MA 86–88

Vice Pres/Engineering

Cofounder and chief architect of a startup which produced voice response systems for the financial marketplace. I was responsible for management of engineering efforts, budgets, personal. I architected BankTalk(TM) and ATM-Locator; A user tailorable audio menu system that can provide general information, balance queries, and account transactions and interfaced to transaction processors via 3270, SDLC/SNA and async protocols.

Digital Equipment Corp. Burlington, MA 85–86

Principal Software Specialist

I provided advanced professional software consulting services to DEC customers for VMS, RSX-11 and Ultrix-32 products. Specializing in DECnet, multivendor network configuration, programming, security and performance management.

Accupoint Inc. Lowell, MA 84–85

Senior Electrical Engineer

Accupoint produces bare PC board automated test equipment. I was responsible for the design of a fault tolerant memory and cache subsystem interfaced to a 6809 multi-tasking test computer. I also designed a SCSI disk interface and wrote several pieces of system software and drivers in Microware OS-9 C. In addition I was responsible for parts qualification for product engineering.

Phoenix Associates. Bethesda, MD 83–

Consulting Engineer

Phoenix is an international management and consulting firm located in the Washington D.C. area. I was involved in consulting and system building, security assessment, troubleshooting, user requirements analysis, documentation, prepared and made corresponding presentations. I consulted on technical and security matters for the Nuclear Regulatory Commission's Incident Response Center, US Dept of State, and several other US Federal government agencies. Operated under several clearance levels.

G.O. Graphics. Lexington, MA 83

Junior Electrical Engineer

G.O. Graphics is a small manufacturing firm which produces microprocessor based intelligent data communication interfaces to electronic typesetting machines. I gained first hand experience in system design, prototyping, PC design/layout, debugging, manufacturing, field service, installation, and product management. Designed and implemented microprocessor based data communication interfaces to SDLC, BiSync, Bell 212, 103. I also provided custom programming of interface devices.

EXPERIENCE (Contract)

Common Knowledge Corp. Palo Alto, CA 93

Consulting for multi user PIM database (WebArranger, formally Arrange) synchronization software.

Quest Development Corp. San Luis Obispo, CA 93

Consulting for network backup and storage management architecture.

The AG Group. Walnut Creek, CA 91–93

Design consulting for TokenPeek, MacOS TokenRing network analyzer.

Developed EtherPeek protocol decoder module for DEC LASTport.

Digital Products Inc. Walnut Creek, CA 92–93

Development of embedded AppleTalk half router.

Digital Equipment Corp. Littleton, NH 91–93

InfoServer team lead

I architected and developed the InfoServer Client for Macintosh. A network disk driver that enabled the mounting and access of remote devices such as CD-ROMs, tape storage, hard disks, and magneto-optical jukeboxes. The software communicated with the Infoserver hardware over a proprietary protocol (LAST/LAD) which provided high speed data transfers over a local area network. The Infoserver Client also featured load balancing and automatic failover to duplicate media.

Avatar Corp. Hopkinton, MA 89–91

Developed MacMainFrame TMS380 TokenRing driver and AppleTalk extension.

Developed MacTCP TokenRing extension.

Prototyped PowerTalk personal gateway to IBM PROFS.

Prototyped MacOS NetBIOS protocol stack and external file system.

Provided on-site customer network management and troubleshooting.

PictureTel. Peabody, MA 91

Design consulting for integration of video teleconference system with Macintosh telephone manager, ISDN hardware and AppleTalk remote access.

Banyan Systems. Westboro, MA 89–91

Assisted in development of network client for Vines mail & file services.

Consulted in the development of PowerTalk personal gateway.

Provided MacOS user interface consulting

Phoenix Technologies Ltd. Cambridge, MA 90

Debugging of LocalTalk protocol stack in network printer products

Provided DECnet, PCSA and TCP/IP network configuration services.

CasaBlanca Works. Sausilito, CA 90

Architected LocalTalk implementation based on M68302/68195 chipset to be used in a standalone AppleTalk application.

Relevant Equity Systems, Inc. Cambridge, MA 90–93

Consulted in development of network servers architecture.

Developed MacOS OCR scanning server

Developed fax-on-demand server

Serca Communications. Las Vegas, NV 89

Consulted in development of AppleTalk fax server.

Ported AFP to a standalone 68K environment

Foster Miller Associates. Waltham, MA 89

Consulted in development of MacOS holographic projection software

Standard MicroSystems Corp. Hauppage, NY 89–90

Development of ARCnet Appletalk extension.

Mac OS Device driver development consulting

Gensym Corp. Cambridge, MA 88–91

Developed marketing information system and bug report tracking system.

Developed customer interfaces in Allegro Common Lisp and C for MacOS and VMS version of G2 real-time expert system; network interface, ADSP,DECnet, TCP/IP, and various process control hardware interfaces.

Developed MacOS based DECnet management (NICE) client/servers.

Designed network interfaces to Oracle, and CL/1.

Reliable Water Company. Boston, MA 88–91

Developed Macintosh interprocessor communication and fault tolerant hardware and software used in an expert system based water desalination plant.

Designed ADB peripheral to control power failure recovery of Macintosh hardware.

Technology Concepts Inc. Sudbury, MA 88

Assisted in development of CommunityMac; DECnet external file system.
Developed Macintosh DECnet printer driver and chooser interface.

Cognition Technology Inc. Carmbridge, MA 88

Assisted in development of MacSMARTS expert system.

Budnick and Associates. Cambridge, MA 87

Provided data communications and RSX-11 systems consulting to Logan International Airport VideoText center.

Authored and presented disaster recovery seminar.

Salem Five Cent Savings Bank. Salem, MA 86

Developed FRED; an expert system that specializes in the recovery of damaged PIN/Account databases.

VoiceTek Waltham, MA 85

Architected interprocessor communication standard for coupling VTK digitized voice hardware to Datavox BankTalk Communication Services.

Digital Equipment Corp. Littleton, MA 84

Provided design verification and testing services for subsystems used in DEC VAX 8800 internal VAXBI interface adapter. Verified and updated customer diagnostics used in both prototype debugging and field service testing.

Project Software and Development Inc. Cambridge, MA 83

Developed marketing information and customer purchase tracking system, utilizing Oracle/SQL.

MicroBit Corp. Lexington, MA 83

Developed highly reliable process control and pattern decomposition software for an electron beam lithography machine.

Developed user interface for hardware system maintenance.

Robert M. Electrical. Boston, MA 79

Developed and installed microprocessor based energy management system for use in commercial buildings. The system monitored temperatures remotely and activated HVAC equipment utilizing a customer controlled activity table.

EDUCATION and TRAINING

Zadian Technologies. San Jose, CA

SCSI, the Nuts and Bolts

ATA, the Nuts and Bolts

Worcester Polytechnic Institute. Worcester, MA

Electrical Engineering / Computer Science / Management

Compiler design

P-Code machine design (project work)

Data Base systems design

Digital Equipment Corporation. Ed-Services. Burlington, MA

VAX Macro

Ultrix (Unix) Internals

VMS Internals

Advanced C Programming

Northeastern University. Boston, MA

Bit Slice (AMD 2900) Design

Massachusetts Institute of Technology. Cambridge, MA

Computational Structures

University of Massachusetts. Boston, MA

Advanced Data Structures

Boston Latin School. Boston, MA

EXPERIENCE
PGP Corporation. Menlo Park,CA		03–
Senior Cryptographic Engineer
	FIPS Validation FIPS-140-2 validation is a requirement to sell into the federal sector. I established and remain responsible for obtaining and maintaining validations for NIST Cryptographic Module Validation Program (CMVP) FIPS-140-2 and algorithm validation (CAVP). Drafted Security Policy, designed, developed, and integrated code changes necessary to meet such certifications and established internal standards to make these certifications a standard part of the development process. PGP Software Development Kit (PGP SDK) 4.0 - IN PROGRESS 3.12 1101 3/11/09 3.11 1049 10/17/08 3.10.3 1049 10/17/08 3.8.1 765 10/22/07 3.7.1 765 05/02/07 3.5.3 630 03/03/06 PGP Cryptographic Engine 4.0 Also known as the mini SDK, used in kernel mode operations such as the Whole Disk Encryption. FIPS validation of both the algorithms and module was required for both Common Criteria status and selling WDE into the Federal market.I added in FIPS-140 support to the mini SDKand repackaged it as the PGP Cryptographic Engine 4.0.This involved adding in states for FIPS FSM and integrity and self test support for FIPS mode.Validated t the code on Windows,OSX and CentOS. Drafted Security Policy and FInite State machine Documents, developed operational test code and algorithm test suite. Japan Cryptographic Module Validation Program (JCMVP) I was responsible for technical issues related to PGP SDK 3.12.0 achieving JCMVP validation #F0011. This process although similar to FIPS-140 was very detail oriented. PGP is the only non-Japanese company to achieve this validation. Desktop Client and SDK Engineering While primary responsibility is software development for PGP's cross platform cryptographic core library, I on occasion develop code for the OSX PGP Desktop client. Items I have been responsible for or contributed to include: PGP SDK - FIPS 140 Self Tests, Algorithm Validation and Operational tests. - Cross platform secure file deletion. - Cross platform Persistent passphrase caching (OSX Keychain) - OSX Token support - OSX intel 386 and x86_64 support - Tar Cache (PGP Zip Archive editing) - Export and Import of PGP sub-keys. - Unix and OSX pgp-agent backend daemon - OSX internationalization support - Passphrase secure input - MacBinary issues - Support for http keyservers - general bug fixes and API enhancements as needed. - Algorithm Performance tests (cmdline --speed-test) Desktop Client - PGP Virtual Disk Client and kernel driver OSX development - Network Kernel Engine (PGPnke) SMTP,POP, IMAP and AIM redirection - pgpdisk command line utility - PGPShredder (secure file deletion app) - OSX Virtual Disk compatibility with PGP Portable, - Duress Key for OSX Virtual Disk - PKCS-11 module token support. - Anonymized Recipient support. - FIPS support in client. - Key Reconstruction for both managed and unmanaged users - X.509 Certificate import wizard. - Service Menu support, (Finder Context Menu removed in OSX 10.6). - Managed features: ADK policy, Disk engine prefs, master keys, - PGP Archive processing - Apple MobileMe Keychain Syncing - PGP command line OSX issues. - general bug fixes and enhancements as needed. Architecture Papers Using PGP to Secure Content to Groups. This paper presents a simple method to secure content in a many-to-many relationship that is compatible with the existing OpenPGP protocol. While this method is described using the metaphor of email operations, it is also easily adapted to the social network space and file sharing as well. As proof of concept, I have developed and checked in a code library and server code that can easily be added to any PGP application. Using PGP to Secure Content in the Clouds This paper details some ideas/building blocks that enable an OpenPGP packet to describe, encrypt and sign items that are stored separate from the packet itself. This has applications in securing cloud storage, managed file transfer and social networking. As proof of concept, I have developed and checked in a code library that will encrypt and upload content to Amazon Simple Storage Service (AWS S3) using this method. New Directions for Self-Destructing Data Systems (Contributor to University of Washington USENIX paper) This paper seeks to advance the state of the art in practical self-destructing data systems that secure sensitive data from disclosure in our highly mobile, social- networked, cloud-computing world. Our work facilitates the automatic, timed, and simultaneous destruction of all copies of a self-destructing data object (such as a message or file) without any explicit action by the user and without relying on any single trusted third party. Securing data in web applications with PGP This paper discusses the various options for using PGP technology to extend the web client with the goal of securing web data with and without the consent of the web site operator. As proof of concept, I have developed and checked in a NPAPI web browser extension that makes select SDK functions such as encrypt and decrypt available to the web developer through a javascript toolbox . This plugin also can display decrypted PGP content in the web browser. Web Service Login using PGP Public keys This interactive paper demonstrates an alternative to the password that employs PGP keys to access a web-service. As proof of concept, I have developed and checked in a NPAPI web browser extension that enables cryptographically strong user authentication and web service login. PGP Identity Management This paper discusses ways to implement federated identity management using strong-cryptography and the same PGP key infrastructure that is widely deployed on the Internet today. Pretty Good Authentication A discussion of the limitations of traditional user authentication and authorization methods to control access of services over the Internet. Why passwords are risky; attacks and exploits. As an alternative, how to use OpenPGP to create a lightweight but very secure authorization protocol to grant and transfer user access privileges using authorization certificates signed with strong public key cryptography. PGPticket - A Secure Authorization Protocol A lightweight but very secure authorization protocol based on the SPKI and OpenPGP standards is designed to control access of services over a public network. PGPticket grants and transfers user access privileges through authorization certificates signed with strong public key cryptography. Patent support Duress Key for OSX Virtual Disk Per request of Jon Callas, I implemented support for duress key feature for unmanaged users of OSX Virtual Disk.Given a virtual disk, in an emergency a user might wish to remove their ability to access the disk, but give a trusted third party agent that ability. In effect arecovery token for unmanaged users.. Brown bag presentations 2/17/2010 - Using PGP to Secure Content in the Clouds 12/18/2008- Securing Web Content 12/18/2008- Cloud Service Authentication 2/18/2009 - FIPS 140-2 and the PGPsdk PGP Public Blog entries: Vinnie's Views http://blog.pgp.com/index.php/category/vinnies_views/ - Data Security Is Not Just for the Big Guys - Trust Us, It's Secure Encryption Technology - Send Lawyers, Spies and Log Files - Stimulating the Security of Medical Records. - Securing Content in the Clouds. - Some Thoughts About Facebook, OpenID and Secure Authentication - PGPsdk and FIPS-140 - PGP Identity Management: Secure Authentication and Authorization over the Internet Law Enforcement/ Intelligence Community I am very concerned about the use of PGP and encryption technology by criminal and terrorist actors. In an effort to assist and train law enforcement and also gather feedback about potential vulnerabilities and threats I have made it a priority to represent PGP at the following venues. Most are invite only and require the participant to be vetted by some form of background check. Information Technology Study Group (ITSG) Workshop Oct 2008,Apr 2009, Oct 2009, Apr 2010 The ITSG workshop is by "invitation only" and is intended for law enforcement organizations and members of the information/communications technology industry community.The purpose of the ITSG is to bring together key individuals from law enforcement and industry in a study group to examine the relationship and advancements in the area of information/communications technology, its impact on effective law enforcement, and the need for improvements in the area of technical investigative technology. The intent of the workshop is to establish a forum for ongoing discussions and information exchange between the information/communications technology industry and the law enforcement community. Aug 2009- Cloud Security Alliance / NRO Panel Member - Encryption & key mgt. `InfraGard InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.`

Pretty Good Privacy Inc. Redwood Shores,CA		97–98
Chief Consulting Engineer
	I was responsible for establishing and managing the Developer Services group at PGP/Network Associates. This included both technical and legal (export control) support programs for both OEM and business development, developer services problem escalation process, support knowledge base, fee based programs for consulting services and a developer services web presence (Pearl/PHP). I was also responsible for overseeing all cryptographic and security consulting operations.

Apple Computer Inc. Cupertino,CA		95–97
Senior Engineer/Scientist
	Developer Technical Support Engineer I worked closely with third party developers and engineering teams at Apple to resolve developer questions and concerns and provide engineering support and consulting on Apple Network, Communications & Hardware products. I produced a number of educational materials including sample code, technical notes, seminars. I also designed and implemented a website to act as a comprehensive resource for Apple's OpenTransport Network developers. This website was used as a timely delivery medium for SDKs and beta releases, repository for White papers, FAQ's, user documentation, developer notes, references, industry specifications, Sample Code, Snippets, Mailing Lists information, and other Programming Tools. Founded and produced the Macintosh Cryptography and Internet Commerce Software Development Workshop.

Software Studios. San Luis Obispo, CA		94–95
Chief Software Architect
	I conducted research on the implications of object oriented technology and software agents to workflow management and business process reengineering. I architected and prototyped Black Rhino, a workflow management framework targeted at business unit owners who wish to reduce direct processing costs, by visually identifying and implementing the business process. Black Rhino can be tailored to automate the business process workflow without the overhead of a programming staff, and improve it by visually identifying critical steps. Unlike other workflow management systems, Black Rhino employs agent technology to address the needs of mobile users and to make intelligent workflow decisions.

VM Engineering. Cambridge, MA		86–94
President/Owner
	VM Engineering provided Mac OS systems software development services. I have worked with a wide variety of clients, delivering both consulting and development of network & communication drivers, protocol stacks, routers, e-mail gateways, and external file systems. I have also been responsible for the development of several NuBus cards and ADB peripherals. (See contract experience below)

Datavox Corp. Salem, MA		86–88
Vice Pres/Engineering
	Cofounder and chief architect of a startup which produced voice response systems for the financial marketplace. I was responsible for management of engineering efforts, budgets, personal. I architected BankTalk(TM) and ATM-Locator; A user tailorable audio menu system that can provide general information, balance queries, and account transactions and interfaced to transaction processors via 3270, SDLC/SNA and async protocols.

Digital Equipment Corp. Burlington, MA		85–86
Principal Software Specialist
	I provided advanced professional software consulting services to DEC customers for VMS, RSX-11 and Ultrix-32 products. Specializing in DECnet, multivendor network configuration, programming, security and performance management.

Accupoint Inc. Lowell, MA		84–85
Senior Electrical Engineer
	Accupoint produces bare PC board automated test equipment. I was responsible for the design of a fault tolerant memory and cache subsystem interfaced to a 6809 multi-tasking test computer. I also designed a SCSI disk interface and wrote several pieces of system software and drivers in Microware OS-9 C. In addition I was responsible for parts qualification for product engineering.

Phoenix Associates. Bethesda, MD		83–
Consulting Engineer
	Phoenix is an international management and consulting firm located in the Washington D.C. area. I was involved in consulting and system building, security assessment, troubleshooting, user requirements analysis, documentation, prepared and made corresponding presentations. I consulted on technical and security matters for the Nuclear Regulatory Commission's Incident Response Center, US Dept of State, and several other US Federal government agencies. Operated under several clearance levels.

G.O. Graphics. Lexington, MA		83
Junior Electrical Engineer
	G.O. Graphics is a small manufacturing firm which produces microprocessor based intelligent data communication interfaces to electronic typesetting machines. I gained first hand experience in system design, prototyping, PC design/layout, debugging, manufacturing, field service, installation, and product management. Designed and implemented microprocessor based data communication interfaces to SDLC, BiSync, Bell 212, 103. I also provided custom programming of interface devices.

Common Knowledge Corp. Palo Alto, CA		93
Consulting for multi user PIM database (WebArranger, formally Arrange) synchronization software.

Quest Development Corp. San Luis Obispo, CA		93
Consulting for network backup and storage management architecture.

The AG Group. Walnut Creek, CA		91–93
Design consulting for TokenPeek, MacOS TokenRing network analyzer. Developed EtherPeek protocol decoder module for DEC LASTport.

Digital Products Inc. Walnut Creek, CA		92–93
Development of embedded AppleTalk half router.

Digital Equipment Corp. Littleton, NH		91–93
InfoServer team lead
	I architected and developed the InfoServer Client for Macintosh. A network disk driver that enabled the mounting and access of remote devices such as CD-ROMs, tape storage, hard disks, and magneto-optical jukeboxes. The software communicated with the Infoserver hardware over a proprietary protocol (LAST/LAD) which provided high speed data transfers over a local area network. The Infoserver Client also featured load balancing and automatic failover to duplicate media.

Avatar Corp. Hopkinton, MA		89–91
Developed MacMainFrame TMS380 TokenRing driver and AppleTalk extension. Developed MacTCP TokenRing extension. Prototyped PowerTalk personal gateway to IBM PROFS. Prototyped MacOS NetBIOS protocol stack and external file system. Provided on-site customer network management and troubleshooting.

PictureTel. Peabody, MA		91
Design consulting for integration of video teleconference system with Macintosh telephone manager, ISDN hardware and AppleTalk remote access.

Banyan Systems. Westboro, MA		89–91
Assisted in development of network client for Vines mail & file services. Consulted in the development of PowerTalk personal gateway. Provided MacOS user interface consulting

Phoenix Technologies Ltd. Cambridge, MA		90
Debugging of LocalTalk protocol stack in network printer products Provided DECnet, PCSA and TCP/IP network configuration services.

CasaBlanca Works. Sausilito, CA		90
Architected LocalTalk implementation based on M68302/68195 chipset to be used in a standalone AppleTalk application.

Relevant Equity Systems, Inc. Cambridge, MA		90–93
Consulted in development of network servers architecture. Developed MacOS OCR scanning server Developed fax-on-demand server

Serca Communications. Las Vegas, NV		89
Consulted in development of AppleTalk fax server. Ported AFP to a standalone 68K environment

Foster Miller Associates. Waltham, MA		89
Consulted in development of MacOS holographic projection software

Standard MicroSystems Corp. Hauppage, NY		89–90
Development of ARCnet Appletalk extension. Mac OS Device driver development consulting

Gensym Corp. Cambridge, MA		88–91
Developed marketing information system and bug report tracking system. Developed customer interfaces in Allegro Common Lisp and C for MacOS and VMS version of G2 real-time expert system; network interface, ADSP,DECnet, TCP/IP, and various process control hardware interfaces. Developed MacOS based DECnet management (NICE) client/servers. Designed network interfaces to Oracle, and CL/1.

Reliable Water Company. Boston, MA		88–91
Developed Macintosh interprocessor communication and fault tolerant hardware and software used in an expert system based water desalination plant. Designed ADB peripheral to control power failure recovery of Macintosh hardware.

Technology Concepts Inc. Sudbury, MA		88
Assisted in development of CommunityMac; DECnet external file system. Developed Macintosh DECnet printer driver and chooser interface.

Cognition Technology Inc. Carmbridge, MA		88
Assisted in development of MacSMARTS expert system.

Budnick and Associates. Cambridge, MA		87
Provided data communications and RSX-11 systems consulting to Logan International Airport VideoText center. Authored and presented disaster recovery seminar.

Salem Five Cent Savings Bank. Salem, MA		86
Developed FRED; an expert system that specializes in the recovery of damaged PIN/Account databases.