Experience in software development and management of software development, security, publications and quality assurance. This includes systems software, embedded systems, game systems, and high-volume web applications. My passion is creating high-quality, reliable, secure solutions delivered to meet the needs of satisfied users.
When printed using the Print This Page button in the left navigation, all details will be exposed.
Methodologies: Scrum, others.
|June 2013 — present||
ISACA – Silicon Valley
ISACA is an international organization providing education and certification of information security professionals. The Silicon Valley chapter is a large chapter with over 1,000 members who support the needs of San Francisco bay area businesses.
I serve as the President of the Board of Directors of the chapter.
|August 1996 — present||
American Canyon, CA
Tylico is a consulting firm based in northern California. We leverage decades of experience to assist our customers with their Information Security, software development, and IT needs. Our clients include start-ups and publicly-traded enterprises in Silicon Valley and northern California.
|July 2012 — June 2013||
ISACA – Silicon Valley
|February 2009 — December 2012||
In 2009, together with two other CISMs, I formed CSO Compass to provide information security consulting and services.
As a Principal at CSO Compass, I worked on numerous consulting assignments in information security as well as new product development. I led ISO27000-related engagements including Information Security Management System (ISMS) design, review and improvement for companies in the healthcare, B2B services and education markets. I also provided consulting on software development and operational practices to improve compliance with the ISMS and industry best practices.
Working with customers providing SaaS healthcare systems I provided strategies for design, development and operation of service that fell under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
|July 2010 — June 2012||
ISACA – Silicon Valley
Managed the Silicon Valley chapter certification activities. This included recruiting instructors and holding review classes twice each year for individuals preparing for the certification exams for CISA, CISM and CGEIT. Also included was the general chapter-wide education and mentoring of members with respect to Continuing Professional Education (CPE) credits necessary to maintain certifications.
|March 2006 — August 2008||
Thomson Learning / Cengage Learning
I worked with Product Management, Sales and Business Development to define, build and buy online learning solutions for post-secondary education. My team included groups in numerous locations consisting of employees and contractors. The organization planned, coordinated and provided a number of online services.
Within the first 18 months the organization I was in, Thomson Learning Solutions, defined and tested a new developmental math solution that was to be sold with existing textbooks or as a standalone homework solution. The solution involved reuse of existing code, new application coding, licensing of third party application code and a new data center in which to support these applications.
Click Here to Expand…
When Thomson sold Thomson Learning, the parent company of Thomson Learning Solutions, to a private equity firm creating Cengage Learning, I was promoted to a position responsible for solution software development and management for all of the textbook imprints. This involved employees and contractors in at least seven locations. The state of software development management was pathetic at this time (this was one of the major reasons the corporate Chief Strategy Officer had formed the Thomson Learning Solutions organization staffing it with individuals knowledgeable in software product development). This consolidation involved bringing a number of disparate groups together and working to form one software organization. Under my watch the organization recovered from some major failures that had occurred the previous academic year. More stable versions of more software was being released.
With the purchase of Houghton-Mifflin's higher education textbook business in Boston, the west coast management of software was moved to the east coast.
|January 2004 — March 2006||
I consulted with a number of companies on network, system and application security. The security topics included application security architecture, ASP review, security code review, and standards compliance. Customers ranged from small to very large in size and from online game suppliers to major financial services companies.
Click Here to Expand…
I was required to write a customer report for each workshop or code review in which I participated. Liability, intellectual property, privacy, and financial concerns were considered in documented recommendations.
There were a number of report templates that I developed for various reports and security workshop formats. These were developed to provide visual aids to allow rapid consumption of the reports. I also studied the ISO security standards and created the workshop outline and database that we used for ISO17799 workshops the company performed.
The company provided a few online services for customers under the umbrella of the "Security Blanket." These included some manual and some automated services. I wrote a tool framework and some of the tools. I also wrote an internal tool used to manage war dialing projects where team members could check out a series of phone numbers, test them, upload test results and view overall progress.
|November 1996 - August 2003||
Vice President, Engineering
Vice President, Security & Operational Engineering
PlaceWare (now LiveMeeting from Microsoft)
Mountain View, CA
I managed all application software development and QA for the high-availability, high-reliability PlaceWare web conferencing service. Engineering dependably met schedules and PlaceWare consistently met 99.99% uptime. Employee retention in Engineering was better than 90% over the life of the group.
It was also my responsibility to represent the security interests of the customers, which involved reviewing all service changes from 3rd parties and PlaceWare engineering before they were finalized and put into service. I was the company representative for groups like the Internet Security Alliance and constantly monitored security threats and vulnerabilities. PlaceWare had no customer-visible security compromises.
As the first manager in the company I managed many aspects of the company at one time or another. I started the IT, facilities, technical support, hosted service, development, and QA groups. I worked with an HR consultant to define employee guidelines and benefits packages. I developed the company´s first Intranet site and provided much of the content. I managed two facilities moves, including phone and networking services, with a total downtime of less than 2 workdays. I worked with Product Management and Sales to define product road maps. I worked with Finance to develop budgets and consistently met my budget targets.
|May 1994 — September 1996||
Vice President, Console Products
The 3DO Company
Redwood City, CA
I assumed responsibility for all system software development and maintenance for the first generation 3DO game console systems including boot code, kernel, FMV, and runtime libraries. My team shipped products for Panasonic, Creative Labs, and Goldstar on schedule.
For the second-generation system, my responsibilities expanded to include graphics, development systems, QA, and technical publications. I managed the completion of a software technology transfer to Panasonic ahead of schedule resulting in an early payment of $40M to 3DO.
|March 1993 — April 1994||
|March 1989 — March 1993||
Director, Software Engineering
Network Computing Devices
Mountain View, CA
At NCD I created a high performance team that reliably delivered on, or ahead of schedule. My team provided all software, embedded and host-based, for NCD´s entire line of networked X Window terminals. I also managed publications, QA, and IT organizations. I grew the group from 4 developers to an organization of 40 people divided into 6 groups. NCD customer satisfaction and product feature set both improved significantly during this period. Development process, metrics, and technical publications improved as well.
|May 1988 — February 1989||
Manager, Fault Tolerant Services & Commands
Stratus Western Development Center
My original responsibility was to re-implement the Stratus Remote Service Network (RSN) on the new Fault Tolerant UNIX systems being developed. I was promoted to manage the group responsible for RSN as well as all SVR3 commands and libraries, self-test, fault isolation, and boot service software.
|September 1984 — February 1988||
Project Manager, Software Development
Santa Clara, CA
I was hired as a developer to implement UNIX APIs on a proprietary message-based OS. This module provided support for both System V and BSD system call semantics. I added many system calls and BSD job control. I ported BSD and System V utilities.
I was promoted to manager of the software development group responsible for the proprietary OS as well as ports of System V Release 2 and 3 to Ridge systems. I also managed technical publications for the UNIX ports.
|March 1983 — August 1984||
Gavilan Computer Corporation
Gavilan designed, manufactured and sold a laptop computer. The Gavilan Mobile Computer was designed to run proprietary software that provided a point and click user interface with documents that contained numerous application data types (richly formatted text, spreadsheet tables, etc.).
I developed a transaction-based file system for the Gavilan Mobile Computer to support a general undo mechanism for all applications in the proprietary software products. I was recognized as a key resource and assisted in I/O hardware and software bring-up and debug. I provided support for computer systems used in development.
|January 1982 — February 1983||
Tandem Computers (now part of HP)
I was part of a team developing a new system architecture for Tandem. My area of responsibility was software design and development of tape and disk I/O subsystems. I solicited and integrated needs expressed by sales and marketing staff and produced a complete set of specifications for tape formats, processing, and volume cataloging.
|March 1969 — January 1982||
General Electric / Honeywell Information Systems
Phoenix, AZ and Cambridge, MA
Over 13 years, I advanced from an entry-level computer operator position through various software development positions to Consulting Engineer position within the Multics development organization. My development projects included software and CAD development tools, run-time libraries, operating systems, security, and advanced implementation language development. I was personally responsible for coordination of software development efforts for all new Multics hardware including scheduling personnel and equipment for several managers as well as maintaining specifications and participating in design reviews.
Click Here to Expand…
I was hired by a research group within General Electric while I was a student at Arizona State University. I worked on a project that was using high level languages (I Language and Q Language) to write OS-level software. The group was also designing a next generation system architecture for GE's mainframe business. I wrote a number of design utilities and had many hours of mainframe time to myself.
When GE sold it's computer business to Honeywell the research group was moved to Waltham, MA (near Boston) and I stayed in Phoenix and moved to the design automation (DA) group where I ported the I Language compiler and runtime into the time-sharing system of GCOS. This allowed much more rapid development of DA tools. Runtime libraries (rare in those days) that I wrote provided another improvement in DA developer productivity.
I eventually moved from the design automation group to a new group formed to provide developer tools. In that group I continued to develop some of the first language independent runtime libraries. I also provided support for a number of internal developer tools.
Due to my experience with what were at the time 'fringe' implementation languages, I was called upon to work on a high profile customer support issue involving a port of the Multics PL/I compiler to the GCOS system. I lead a team from Honeywell and Toshiba that worked on-site for about a month solving issues the customer had with the PL/I compiler and runtime.
While in the developer tool group I continued my interest in improving productivity by enrolled in an internal class to learn how to use Multics (the 'predecessor' to UNIX). As a Multics user I discovered a serious bug in Multics. Since Multics was at the time the only operating system used by the US military and intelligence community for multi-level secure applications this discovery was considered significant.
At the time the Multics development community at Honeywell and MIT was much like today's Open Source Software (OSS) community in that they welcomed other eyes on their source code. This allowed me to pinpoint the flaw and provide a source modification that resolved the defect. I was now known by the Multics kernel developers.
I moved to the Multics support group and eventually to the kernel group in Cambridge, MA. I worked on various commands and utilities in Multics, especially in the I/O area. Due to my in depth knowledge of the hardware architecture, the hardware engineers in Phoenix and the Multics kernel I was moved into a consulting engineering position (same level as a first line manager) where I acted as the coordinator of hardware/software activities between the Multics kernel group and the hardware engineering group in Phoenix until I left Honeywell.
|September 1967 — May 1971||
Arizona State University
BSEE, Arizona State University
References are available upon request.