Lev Walkin vlm@lionet.info +1 650 575 0955 * Objectives Position of Software Engineer or hands-on Architect in a security conscious company. * Qualifications summary * 10+ years experience in Unix software development and systems administration (BSD, Linux, Solaris, OSX) * Design and development of high performance, special purpose network-oriented software for IP-based networks * Network security: cryptographic applications, protocols; secure programming practices * Protocols and technologies Strong hands-on knowledge of extensive set of the TCP/IP based technologies and network protocols. Implemented a TCP/IP stack from scratch for the IP networks simulation software. Implemented BGP, DNS, HTTP and other protocols (servers) from scratch as part of other projects. Implemented an open source, standards-compliant ASN.1 compiler (http://lionet.info/asn1c). + Secure communications foundation: ASN.1, X.509, RSA PKCS series. + Transport: 802.3, 802.11, IPv4, Frame Relay, SLIP, PPP + Routing: RIP 1/2, BGP 3/4, OSPF + Mobile exchange protocols: ETSI GSM OTA, SMS/SMPP. + Mail, News, Directory: SMTP, POP3/IMAP4, LDAP/X.500, NNTP + HTTP/HTTPS, DNS In-depth knowledge of AAA and security applications. + SSL (HTTPS/OpenSSL SDK), PGP SDK programming + TACACS+, RADIUS + IPSec (Cisco Systems and WIDE/KAME implementations) * Programming languages, development systems and tools + Expert Unix programming: GNU C/C++, x86 and mips assemblers, Perl, shell programming, GNU toolchain, a range of SCM systems. + DOS/Wintel programming: C/C++, Asm x86 * Employment history + June, 2005 - present Software Engineer at Cisco, Inc. Security Technology Group (STG) (San Jose, California) NDA + December, 2001 - April, 2005 Principal Engineer at Netli, Inc. (Palo Alto, California) http://www.netli.com/ Designed and developed an extensive set of Unix applications, libraries and IP-based protocols as part of a system for speeding up HTTP[S]/TCP throughput. Designed and implemented: * Fault-tolerant distributed RSA key server architecture and software. Used to speed-up SSL (HTTPS) web applications throughput and provide secure key storage utilizing dedicated remote HSMs. OpenSSL-pluggable. * Secure UDP communications layer (protocol and library) supporting AES/Rijndael cipher, dynamic session keys management, session keys scheduling. Predates DTLS. * DNS server/proxy/cache: special purpose DNS responder for serving tens of thousands requests per second. Utilizes multi-factor, dynamic target selection logic driven by real time application server availability, system configuration and network topology information. * Network heartbeat protocol: supporting a status bearing partial mesh between hundreds of geographically and topologically distributed applications. Key features: dynamic reconfiguration, link redundancy, fault tolerance, low convergence time and scalability. * Language and parser to support uniform access methods to the system configuration. Key features: configuration language supports hierarchy, inheritance, value assignment, value references with in-place and deferred resolution. Configuration library provides an OO approach for reloading configuration on the fly without requiring full process reload. * Implemented an OpenSSL adaptation layer to mix SSL and non-SSL data within a single connection; also made OpenSSL "ENGINE" calls pseudo-asynchronous for otherwise single-threaded application. * A number of application and systems level software enhancements to speed-up data processing and/or to secure communications. + September, 2001 - November, 2001 Sr. Software Engineer at Netli, Inc. Moscow branch (Moscow, Russia) Development of DNS-based Global Redirection System, design and implementation of core Netli GRS components, including custom DNS server and other accompanying software. Designed and implemented a DNS-specific network delay emulator. + October, 2000 - August, 2001 Lead Information Security Engineer at Ulyanovsk GSM, JSC (Ulyanovsk, Russia) * Set up and maintained a distributed, secure (IPSec) high-speed MAN corporate network. * Designed and implemented an SMPP gateway for GSM SMS handling. Implemented an appropriate services set: E-Mail to SMS, SMS to E-Mail, and other interactive SMS services for mobile customers and intra-company restricted use. * Designed and implemented a TCP/IP-based, secure solution for accessing the SMS center from within neighbor organizations. * Consulted the local staff on the technical questions related to security and confidential data protection. + December, 1999 - September, 2000 Network Administrator and Software Developer at Vens, JSC (Ulyanovsk, Russia). Brought to life a new Internet Service Provider center, including custom software development, hardware consulting and initial maintenance. * Designed and implemented an integrated system of interconnected software components to support the set of ISP services pioneered in the region by Vens JSC. * Set up the local NOC network with the Internet connectivity. * Implemented support of the dial-up and leased line clients (authorization, authentication, accounting, billing systems, initial access servers configuration and tuning). * Designed and led the development of the unified LDAP database for managing customers accounts and related data. * Modified AAA (RADIUS, TACACS) software for the "Internet-cards" service handling. * Designed and implemented an advanced Web mail system with integrated PGP support. * Designed and implemented a unified accounting, statistics and billing system with a Web management front-end. + July, 1999 - August, 1999 ITC Intern at United Nations Organization, UNDP/UNOPS, Informational Technologies Center, (Kigali, Rwanda) * Designed and implemented the distributed Inter/intranet users directory software, integrated with LDAP for information exchange with UN HQ. Implemented a Web interface for its maintenance. * Set up the UNOPS Equipment database and implemented the Web interface for offloading its maintenance to a responsible party. * Provided intensive 2-week group training in "Networking and configuring Cisco routers" organized by UNDP for national counterpart institutions. + October, 1997 - August, 2001 Network Administrator at Ulyanovsk State Technical University's NOC Setting up and maintaining critical systems (DNS, routing, email), consulting the local staff on technical, administrative and political questions. Projects done: * Uniform distributed database for managing users of multiple types of Internet/intranet services (LDAP SDK, C, Perl). * Designed and implemented an electronic mailing subsystem with mail traffic backup'ing. * Developed and implemented an automatic system for accounting and shaping the department's Internet resources consummation. * Created the visual TCP/IP network simulator software for educational purposes (lionet.info/ne/ne3). * Designed and lead the development of the indexing, morphology-aware Web search system for the campus resources (hundreds megabytes of HTML data). Also taught the IATP courses (Internet Access and Training Programme) sponsored by the Bureau of Educational and Cultural Affairs, U.S. Department of State. * Education * MSCS (Ulyanovsk State Technical University, 2003) * BSCS (UlSTU, 2001) Up to date version of this resume can be found at http://lionet.info/CV Additional information and references available upon request.