Security Engineer
Resume:
Eric Murray
*****@***.***
Los Gatos, CAObjective
Architect or senior engineer position that allows me to use my
security, cryptography and software engineering expertise to design
and build products that succeed.
Summary
Highly experienced software
engineer and architect with a focus in security analysis, design,
and development. Strong background in issues related to application
security, cryptography, secure network protocols, and embedded
systems security.
Deep knowledge of multi-platform
software development in C and C++ including most Unix variants,
Windows, embedded systems and mainframe computers.
Well-versed in development issues
concerning memory management, performance and multi-threaded
software development.
Experience with the complete
software project life cycle. Have shipped multiple commercial
products.
Experience managing engineering
groups and mentoring junior engineers.
Participated in various standards
organizations including ANSI X9 and IETF.
Inventor of seven patents (6,321,333, 6,111,660, 6,092,202,
7,243,341, 7,617,396, 7,644,279, 7,802,108), others applied for.
Knowledge & Skills
Systems: Unix (Linux, Solaris,
HP/UX, AIX), WebOS, Windows (NT, 2000, XP), Z/OS, AS400
Tools: gcc, gdb, vi/vim, make,
VisualStudio, SVN, git, SCCS, CVS, Teamware.
Languages: C, C++, Perl, XML, SQL,
TCL
Cryptographic Algorithms: RSA,
DES, AES, SHA
Digital Certificates: X.509,
ASN.1, PKCS11
Certification: FIPS 140-2, Common
Criteria
Protocols: SSL, TLS, HTTP, SMTP, FTP
Experience11/09-present: Sr Engineer, WebOS division, Palm/HP
Handled all aspects of security incident response, from
communicating with external researchers to finding the fault and
fixing it to writing the press release to improving the incident
response plan.
Designed and implemented a secure key manager for WebOS. The keymanager
keeps keys securely and allows authenticated users to perform
cryptographic operations without the keys leaving the key
manager.
Designed and implemented a native app sandboxing scheme, so WebOS could
safely support native games. The sandbox is configureable for different
applications types. I had to reverse-engineer numerous games to
determine what they needed in their sandbox.
Designed and implemented a disk encryption scheme to protect user
data in WebOS. This included a reliable way of migrating data on the
plaintext partitions to the same partitions once they were encrypted.
Served as a company resource for security and cryptography issues,
especially X.509 and SSL.
Represented WebOS on the HP FIPS/CC SIG.
8/02-4/09: Manager/Sr. Architect, Ingrian
Networks/SafeNet
Ingrian was the leading company in database encryption software
and appliances. It was acquired by SafeNet in 2008.
Responsible for the security
architecture for all Ingrian hardware and software products.
Designed first and second
generations of a centrally managed file encryption product.
Designed and developed
cryptographic APIs for internal and customer use.
Designed, managed and implemented
a combined hardware and software product to satisfy US government
and international security certifications (FIPS 140-2 and Common
Criteria (EAL2)).
Managed a team that developed the
protocol and clients for Ingrian's flagship Network Attached
Encryption (NAE) products.
Developed methods for code
protection (anti-debugging features).
Performance tuning of software,
algorithms, and protocols. Increased speed of NAE protocol by 300%
through tuning NAE client and it's XML parser.
Network protocol design for NAE.
Produced internal seminars on
cryptography and was the corporate resource for security,
cryptography, SSL and digital certificate knowledge.
Developed and enforced the company's security incident
response plan.
6/01-8/02: MTS/Manager of Security, Quicksilver Technology
Defined a secure architecture for
downloading configuration information to reconfigurable processors.
Worked with other groups within
the company to define requirements, create specifications and ensure
the security architecture would be implemented as designed.
Designed and developed a low-level secure architecture and
API.
10/99-6/01: Principal, SecureDesign LLC
Security-related consulting work including:
Design advice and research for a
company making high-speed SSL hardware.
Security review of a B2B network
protocol and network design.
Design of a security model and
secure download protocols for a Software-Defined Radio product.
Security review of an existing
content-protection product.
Review of third-party software
tamper-resistance technology for a content-protection company.
Design and development for a
software layer to add OpenSSL to an embedded web server.
Design and development of a French smart card payment
application for an embedded smart card keyboard.
9/97-10/99: Chief Security Scientist, N*Able Technologies
(acquired by Wave Systems)
Developed the security model for
the N*Able's N*Click, a smart card reader /keyboard chip and
software package with full cryptographic capabilities including
support for SET, X.509, RSA and DES.
Specified the security features of
the chip for hardware engineers.
Designed the overall architecture
for the chip's OS and software, including components, interfaces,
key APIs and protocols.
Developed new and innovative ways
to perform complex protocols in limited memory devices (patents
granted in this and related areas).
Participated in standards
development in both public and industry standards groups including
ANSI X9A, the X9.59 payment protocol, SET.
Managed a team of security
researchers and provided technical leadership to the N*Able software
engineering staff.
Developed research/demo projects
including a biometric-authenticated smart card reader (shown at
Comdex) and a smart card authenticated RADIUS login process.
Advised the CEO on business
implications of new products and developments in the
security/cryptography space.
Considerable software development- for our own embedded OS,
Linux, and Windows.
8/96 - 9/97: Independent Security Consultant
Security-related consulting work including:
Designed a security model,
assisted on a hardware specification, and began designing the OS,
communications protocol and application framework for a secure smart
card product (N*Able, was hired in 9/97)
Provided input on the security
model, cryptographic protocols and the problems of digital rights
management on consumer equipment for a startup delivering encrypted
music over the Internet.
Consulted on network security and
authentication for a startup developing an Internet-based travel
agent system, including analyzing the security implications of their
vertical market, recommending solutions to problems involving data
security, authentication and non-repudiation, and performing
security analysis on existing and proposed CORBA and Java
technologies
Designed and developed an implementation SSLv3 for a PDA
product.
4/95 - 9/96: Contractor, Network Security Group, Sun Microsystems
Developed two SSLv3
implementations -- One to the initial SSLv3 draft and based on
pre-SSLv3 SSLeay and BSAFE, and one written from scratch to the
final SSLv3 spec, also using BSAFE.
Participated in the design of
SSLv3 by giving feedback to Netscape on SSL design issues.
Developed a version of sendmail to
encrypt and decrypt PGP-encoded messages.
Modified the SOCKS and TIS proxy
gateways for use on Sun's corporate gateway to the Internet.
Wrote a library to convert PGP keys to and from the PKCS#1
format.
7/91 - 3/95: Lead System Administrator, MicroUnity Systems
Engineering
9/87 - 6/91: Various technical positions, IBM Advanced
Workstation Division
Education
Bachelor of Science, Humboldt State University, 1985.
Contact this candidate