Resume
Leroy Lacy
Colorado Springs, CO 80917
408-***-**** *****@****-****.***
Leader developing architectures and applications targeted at the managed security services in the cloud environment.
Extensive experience in secure UNIX Operating Systems, Relational Database Systems, Big Data, IaaS, PaaS, Cloud Computing, Critical Infrastructure, and Formal Software Development Methodologies.
Expertise in secure IP Telephony, Leading Security products, Machine Learning, Artificial Intelligence, Agile Development, Scrum, Kanban, Rally, and Service Oriented Architecture development.
NTTSecurity Inc. (2013 – 2017) – Sr. Director Security Architecture
Leader of architecture group creating and enhancing the NTTSecurity Wide Angle Managed Security Service.
Managed a group of 5 technical architects supporting the development of the WideAngle Global Managed Security Services suite of applications.
Developed the architecture to integrate WideAngle from a series of independent nodes (Pods) regionally supporting WideAngle functionality into a world wide fully integrated managed security service.
Transitioned the WideAngle MSS from traditional datacenter to cloud architecture that allow NTT multinational customers a view of their global estate, while maintaining compliance with regional privacy and data residency laws.
The data broker architecture received a Japanese patent.
Designed the WideAngle Security Appliance (WASA), a completely “no touch” software appliance deployable in any customer environment delivering the WideAngle services to the customer infrastructure.
WASA is easily deployable in any cloud environment (AWS, Assure, Verizon, Rack Space, and many others).
Supports one click deployment, completely hands free, compliant with local architecture.
Led the successful effort to improve the quality and productivity of the Singapore development group.
Provided the leadership to move the Singapore development team (staff of 32) from the traditional waterfall methodology to an agile environment (Kanban and Scrum).
Beat down the “Us vs. Them” environment that existed between the various teams supporting WideAngle product development.
Moved from a “Big Bang” delivery to continuous build environment closely associated with the DevOps staff who were much more involved with the development and deployment process.
Utilized the Atlassian tools suite:
Confluence – Wiki documentation
Jira – bug tracking system
HipChat – communication system supporting our global environment
Bamboo – Continuous build.
Other open source tools
Trans Lattice Inc. (2011 – 2012) – Director Government Technology
Provided leadership for the product development with respect to the security features as well as the assurances necessary to protect government classified information processed by Translattice Applications Platform (TAP).
Created the artifacts package necessary to evaluate the product against the common criteria.
Created artifacts package to allow a successful certification of TAP in support of a cross-domain application using SABI requirements.
Directed the effort to migrate the hardware appliance components to leading cloud environments
AWS
Assure
Rack Space
Verizon
Developed the relationships with the cloud providers to offer TAP as one of their offerings
Configured the software and environment into commands deployable in the various cloud offerings
LynuxWorks inc. (2008– 2011) – Manager Security Technology
Responsible for the security assurance package as well as the artifacts to evaluate the LinuxWorks separation kernel against the Common Criteria at EAL 6.
Managed two subcontracts as part of the evaluation process.
Responsible for the architecture of several security and cryptography features in the LynxSecure product.
Created the artifacts package to support the evaluation at “High Robustness” security level.
Interfaced with several customers to apply Separation Kernel functionality to the end user product.
Acted as interface to government with respect to the evaluation program
Became deeply involved with the LynuxWorks embedded Unix operating system products.
Avaya Inc. (2005 – 2008) - Senior Manager, Security Group
Manage group of 18 software engineers developing security components to enhance the Avaya family of IP Telephony products to a completely secure solution from end to end.
Manage Agile development of new SIP functionality for Avaya's new generation products.
Work with product houses for all Avaya components to understand where and how software assurances as well as end to end cryptography are required.
Led effort to make Avaya products compliant to DOD-JTIC requirements.
Led the development of the VPN phone.
The VPN phone allowed employees of a company using Avaya products to take a phone home and securely access the Avaya phone system securely.
Received the Avaya Labs Cup for the creation of the VPN Phone
Managed development of Java based telephony enabled applications to move Avaya products into the Web 2.0 environment.
Conducted research in security enhancements for secure IP Telephony systems.
Received patent for the SIP Spam filter.
Armadillo Systems (2002 – 2005) –Computer Security Consultant
Acted as an expert witness to defend a firewall gateway product developer in a patent infringement suit over deep packet inspection and virus detection at the gateway level.
As a Consultant, acted as project manager for the evaluation of a leading Network Intrusion Detection System (NIDS) against the Common Criteria.
Authored Security Target Document, Functional Specification, and High-level Design documents.
Lead development team to create necessary documentation and procedures to allow successful evaluation of product at EAL-3.
Created security model document for strength of function proof of the secure communications between various instances of the NIDS communicating using a shared secret and AES encryption.
Conducted seminars in the process of Common Criteria Evaluation.
Exodus Communications (1996 -2002) - Director of Security
Acted as CISSO for Corporation and was responsible for all aspects of Exodus Security policy and products.
Authored the Exodus Communications Risk Management Plan
Authored and enforced Exodus security policies for both the corporation as well as all data centers and the exodus backbone network.
Designed the physical Security for the Exodus award winning secure data centers.
Enforced the security and disaster response policies and procedures.
Conducted exercises to ensure seamless functionality responding to emergency situations encountered by the Exodus Data Centers.
Created the Exodus Managed Security product line of business consisting of managed firewalls, Intrusion Detection, VPN, single sign-on using Kerberos, and vulnerability analysis products.
Led the development of a secure portal that allowed the monitoring and secure management of all the security appliances.
Designed a similar portal to allow customers to view the access logs for the security managed services and monitor security status of their networks.
Managed the group that developed, deployed, monitored, and managed the products in the field.
The Security Managed Services products became the most profitable service offered by Exodus. Thirteen staff members were responsible for over $20 million in annual revenue.
Lockheed Martin (1992-1995) - Director of Engineering
Chief engineer for Los Angles County Emergency Management System project. Program manager and technical leader of group of 6 software and hardware engineers who designed, coded, and implemented the information system that controls the operation of the LAEOC.
The group created the software linking a Geographic Information System (GIS) and relational database to track and control all operations of the LAEOC during any county emergency.
The Emergency Management Information System (EMIS) consisted of over 1million lines of code and provided all protocol and process enforcement during a large county wide emergency.
Chief Technologist for bid and proposal efforts for several US government agencies.
Chief Engineer for the Veterans Administration NOAVA project that provided secure IT solutions to all components of the Veterans Administration.
Armadillo Systems, Inc. (1990 – 1992) – President
President of Product Company that developed secure firewalls, mail gateways, network monitoring systems based on trusted UNIX operating systems.
Won contract to develop a secure mail gateways for Her Majesty’s Treasury United Kingdom.
Won contracts with CESG and Royal Signals Corps to develop secure mail systems.
As a consultant to a start-up corporation, acted as chief engineer and technologist for efforts to provide new services via the national cable television systems in Costa Rica and the Island of St. Vincent and the Grenadines.
As a consultant to Progress Software, I conducted engineering studies to develop a secure version of the Progress RDBMS client-server architecture.
Informix (1989-1990) Director Multilevel Secure Products
Program Manager responsible for all aspects of the development of the multilevel secure Informix relational database product. MLS Informix was the first MLS database product to be successfully evaluated by NSAs National Computer Security Center (NCSC) against the Secure RDBMS criteria (C2 and B1). Led group of 12 software engineers to design, implement, and document the B1 product. Our goal was to accomplish this task with no more than a 15% degradation in performance; however, when complete the product outperformed the existing product by 5% on corporate benchmark tests.
Education
BS Mathematics California State University Hayward.
Papers
Seminars in Common Criteria Evaluation process
Security Managed Services in a Hosting Environment – Net world Interopt
Covert Signaling Channels in an MLS Relational Database – Institute for Defense Analysis
Multilevel Secure Informix – NIST Security Conference
Honors
Lockheed Engineering Achievement Award
Expert Panel Presentation – Aerospace Secure Applications Conference
Design Award Exodus Firewall Chassis
Avaya Labs Cup for Innovative product development
Patents
A Small Air Sampling Device
SCSI Based Encryption Device
SPAM Detection mechanism for VOIP Telephony Systems
Data Broker, Mechanism for Exchanging Information Between Disparate Products (Japanese patent)