Jonathan A. Zdziarski

jonathan@nuclearelephant.com 

Experience

            (22 Years) Total Computer and Software Development Experience

            (12 Years) UNIX & Linux Systems, Advanced Development, Network Security

            (10 Years) Enterprise Software and Database Development

            (10 Years) Full Development Life Cycle, Methodology, Process and Procedure

            (8+ Years) Secure Protocol Development

            (6+ Years) Computer Forensics

            (6+ Years) Physical Security and Social Vulnerabilities

            (4+ Years) Machine Learning and Artificial Intelligence

            (4+ Years) Director-Level Management 
 

Trade Skills 

STRONG UNIX  12 Years  (Linux, Sun Solaris, HP/UX, BSD, DEC, SCO, others)

Systems design and architecture, performance tuning, low-level diagnostics, extensive security, topology layout, scripting, and enterprise class systems experience. Experience with all standard Internet protocols including POP3, HTTP, SSH, SSL, DNS, SNMP, etcetera. Experience includes proprietary protocol design and encryption. 

STRONG C/C++  10+ Years (UNIX C/C++ and Win32/Visual C++/Embedded C++ and MFC)

Design of applications and system tools from scratch primarily under Linux, FreeBSD, Solaris, Windows, and Embedded Windows. Experience includes proprietary protocol design and implementation, databases, blowfish encryption, compression, neural networking design, bayesian networks, algorithm design, dynamic data structures, secure programming, local and network sockets and multi-threaded applications, and real-time data access middleware. 

STRONG Security 10 Years  (Application Layer and Network Layer + 802.11 Wireless)

Security auditing, intrusion testing, and secure programming.  Contracted to cracked several wireless networks and provided innovative secure solutions incorporating application-layer encryption, token-based authentication, adaptive intrusion detection analysis, etc. 

STRONG

Machine-Learning 4 +Years

Extensive experience with machine-learning approaches including Bayesian networks, neural networking, Markovian discrimination (weighted markov models), probabilistic fingerprinting, and adaptive lexical and binary analysis. Several white papers published, lectures given, and one book written covering various existing and original approaches. Original works include Bayesian noise reduction, probabilistic digital fingerprinting techniques, and overlapping nGram analysis. 
 

OTHER   Perl (11 Years), JavaScript (3 Years), J2EE (2 Years), Python (1 Year), TCL, Oracle 

Lectures

January 16, 2004  MIT Spam Conference in Cambridge, MA

                        a. Advanced Language Classification using nGrams

                        b. A MIME encoding for message inoculations 

January 21, 2005  MIT Spam Conference in Cambridge, MA

                        Bayesian Noise Reduction: Contextual Symmetry Logic Utilizing Pattern Consistency

                        Analysis 

March 28, 2006  MIT Spam Conference in Cambridge, MA

                        Approaches to Phishing Identification using Match and Probabalistic Digital

      Fingerprinting Techniques 

Books

July 2005   Ending Spam, No Starch Press

                        A scientific guide to fighting spam using statistics and machine learning 

Affiliations   InfraGard Members Alliance - Atlanta Chapter

                        http://www.infragard.net 

Employment History 

Research Scientist - CipherTrust, Inc. (September 2005 - Present) 

Responsibilities

Responsible for the research and development of new technology from conceptual phase to engine development and deployment. Role includes the invention and research of new probabilistic, heuristic, and machine-learning approaches to solve problems relating to messaging security, antivirus, spam filtering, encryption, regulatory and corporate compliance, and other areas covering CipherTrust's suite of products.  

Accomplishments

• Extensive research and development of phishing detection and source author correlation utilizing lexical and binary fingerprinting technique
• Research and development of document fingerprinting techniques in corporate compliance detection
• Statistical corporate compliance enforcement utilizing state-based probabilistic analysis

Sr. Software Engineer - Cybera, Inc. (September 2001 - September 2005) 

Responsibilities

Responsible for all aspects of the software development cycle as it pertains to in-house developed applications utilizing C, C++, Perl, and J2EE on an Oracle platform. Integration of systems including real-time data access EDI middleware and custom sales, ordering, provisioning, billing, and auditing systems.  

Accomplishments

• Designed Cybera's internal information systems (the lifeblood of all operations) from scratch
• Designed and implemented Cybera's IT/MIS infrastructure from scratch, handed off.
• Received special commendations from the company's CEO for design of core systems

Model Development Engineer - Micromuse, Inc. (May 2001 - July 2001) 

Responsibilities

Design and development of code and analytical models to perform predictive failure analysis, which involved in-depth research and analysis of SNMP MIBs for many network devices, performing exhaustive SNMP mining, and OID mapping. Collaborated with 11 other engineers, perform peer-review and pre-certification of data. Performed several UNIX based administration tasks such as configuration of Sun Management Center and other third party software packages. 

Accomplishments

      Learned Netcool/Visionary's complete inner-workings within a matter of days.

      Designed several of Micromuse's commercial rulesets which make up the Host Rules including:

• Sun Solaris performance monitoring and predictive failure (SMC v3.0 MIBs)
• Sun Solaris hardware monitoring for NEBS compliant machines (Sun Netra MIBs)
• Compaq performance monitoring and predictive failure (Insight Manager MIBs)

Director of Development - NetRail, Inc (June 2000 - April 2001)

(Employee number 3 of what grew to a company of ~200 between 1997 and 2001) 

Responsibilities

• Building the company's entire department and development infrastructure
• Performed hands-on in all development functions.
• Managed a team of 13, two managers and a five-million dollar budget

Accomplishments

• Designed from scratch a custom OSS (operational support system) supporting real-time data access middle-ware to interface with partner EDI systems
• Designed and implemented all process and procedures, implementing and maintaining metrics for the department and managing to them.

Director of MIS  - NetRail, Inc (December 1999 - June 2000) 

Responsibilities

• Infrastructure and LAN systems design, administration, security, and support
• Software development of several key pieces of mission critical software
• Managing a 5 million dollar budget, 13 employees, and inter-departmental protocol

Accomplishments

• Designed from scratch a carrier class MIS/IT infrastructure including basic Internet services (DNS, HTTP, SMTP, etc.) and personally oversaw and participated in implementation of Oracle 8i, SAPR3, InfoVista, Micromuse Netcool, Remedy ARS, HP OpenView, and several other enterprise applications. 
• Managed server topology layout and design, deployment, and maintenance for over 50 points of presence.
• Development of company-wide security policy including access control policies, data protection and encryption methods, emergency process and procedures, token authentication and etcetera
• Design and implementation of post-mortem in-house forensics process and procedures

Developer and Sr. Systems Administrator  - NetRail, Inc (July 1997-December 1999) 

Responsibilities

• Installation, configuration, and staging of systems, administration and security
• Load balancing and performance tuning, backups, etc.
• Training entry level personnel
• Software development for special purposes

Network Operations Engineer - RCN (Nov 1996-Jul 1997) 

Responsibilities

• Customer support for multi-megabit customers
• Tools development using Perl
• Internal support for company's systems infrastructure

Escalation Technician - TIAC; The Internet Access Company (Jun 1995-Nov 1996) 

Computer Tech - TMC; The Micro Connection (September 1994-Jun 1995) 

Recent Open Source Contributions 

The DSPAM Project

http://dspam.nuclearelephant.com

A popular and highly accurate statistical two-concept language classifier geared specifically at learning and filtering unsolicited bulk email. DSPAM operates as both a shared library for developers and a server-side agent and has delivered up to 99.991% accuracy using advanced machine-learning techniques.  

mod_evasive: Evasive Maneuvers module for Apache

http://www.nuclearelephant.com/projects/mod_evasive/

A module for Apache 1.3, 2.0, and SunOne NSAPI enabling a web server to detect, report, and fight off request-based DoS/DDoS attacks or brute force attacks while conserving system resources and bandwidth. Integrates with many IDS tools and firewalls.