Ryan Lackey

Ryan Lackey
[email protected]
+1 415 704 3498

Objective

An opportunity to apply cutting-edge Internet technologies to solve real world problems in the security infrastructure or payment infrastructure space, using UNIX and standard Internet Protocols as a base.

Skills
Principal competencies:

Management of technical teams and startup-phase technical organizations, including staff relations, budgeting, investor relations, technical and administrative policy development, and pre/post sale customer service
Practicalities of international business and finance, including customs mitigation, security, corporate formation, and regulatory compliance
Secure facilities/infrastructure design for high reliability, availability, and servicability
Secure application architecture -- distribution for tamper-resistance, replication for performance and reliability, multiparty administrative control
Agoric systems to solve financial and non-financial problems
Technical sales and sales engineering, particularly in the security and Internet arenas
Legal and technical structuring of organizations to overcome crypto export, financial reporting, and taxation difficulties to maximum advantage
Operations manuals, disaster plans
Security review/penetration testing from published specifications, marketing literature and intuition, or system access
Reengineering existing systems and processes for high security, reliability, availability, and servicability
Extensive involvement with the next generation of open systems financial technology, including electronic cash and automated markets
Familiarity with theoretical/research work in cryptology, electronic commerce, and scalable open systems and experience preparing reference implementations of new advances

Knowledge and experience working with, implementing, and/or defeating:

Operating Systems: UNIX (Linux (especially Debian), BSD, Solaris, HP-UX, AIX), PalmOS, Symbian/EPOC32, IOS, Windows NT, QNX, VxWorks, MacOS, JavaCard, Multos
Kernel Programming: Linux, OpenBSD, FreeBSD (security modifications, not yet released)
Programming: Java, Python, XML/SGML, Postscript, Scheme, C, LISP, Pocket C, Perl, Shell, TCL, LabVIEW, Z80 asm, PHP
Tools: BIND, JDK, dnsjava, PAM, Apache, Apache-JServ, CVS, Zebra, GateD, Kerberos (4/5/KTH), SSH, mrtg/rrd, snmpd, inn, SQL, Oracle, Postfix, Exim, Sendmail, GnuPG, apt, LPRng, OpenSSL, xntpd, firewalls (ip filter and proxy), matlab, SAS, MicroStation, DHCPD
Protocol Details: Electronic cash protocols, DNS, common EGPs and IGPs, SSL, OpenPGP, SMTP, HTTP, SSH1 and SSH2, x509, SNMP, NTP, DHCP, OTP, SET
Facilities: 3-phase power systems, large UPSes (battery and rotational), power generation (petrol, diesel, turbine, solar, wind), lasers and laser scanners, biometric ID products, smartcard and magnetic stripe cards and card readers
Devices: PC hardware, PC104, Unix workstation hardware (Sun, Digital/Compaq, IBM RS/6000, HP), iButton, IBM 4758, Biometric ID products (retina, iris, hand geometry, fingerprint, voice), Compaq Atalla, key and combination locks, commercial safes and vaults, secure timebases (cesium, gps, wwv, maser), Wiegand-protocol security systems, wireless networking (satellite, WaveLAN, 802.11, microwave, laser, FH SS HF, Ricochet, CDPD), Palm and EPOC handhelds, RFID card systems, security microcontrollers, Point of Sale systems, magnetic strips
Major Algorithms: Radiosity/heat-transfer, SHA-1, MD5, Tiger, DES (DES, DESX, 3DES), CAST5, Blowfish, RC2, RC4, RC5, AES submissions (primarily MARS, RC6, Serpent, Twofish), RSA, Elliptic Curve systems, RSA, DH, ElGamal, Schnorr, Brickell-McCurley
Financial Systems: ACH, ATM networks, debit and credit card fraud detection systems, e-gold, realtime trading systems, e-check, electronic token systems, micropayment schemes, SET, gift/prepaid cards, loyalty card systems, private wire systems

Detailed Project List and Descriptions/Links

Experience and Education

metacolo (Winter 2002 - Present): Founder of a distributed global network of technical and business infrastructure, allowing Internet-based businesses to pick and choose from 16+ jurisidctions around the world for incorporation, financial transaction processing, and secure servers with reliable network bandwidth. Negotiated with local business partners, governments, and global technology providers, managed technology development, and supervisied and coordinated infrastructure rollout in multiple locations in parallel. Developed operations and marketing plans, and directed ongoing sales, publicity, and operations.
HavenCo (Summer 1999 - Winter 2002): Founder and CTO of a global colocation company designed to provide the best secure, reliable, high-performance colocation in a variety of regulatorily interesting jurisdictions worldwide. Participated in development of business concept, business plans, and budget from the founding of the company through the present. Responsible for all technical aspects of the company, and hired/managed development and operations staff. Developed and implemented anti-DDoS high-speed global network architecture, tamper-resistant server computer technology, and a highly manageable, high density, low marginal administration server architecture. Additionally, attracted and managed several major press contacts, including the cover of Wired Magazine and an interview with Slashdot, which helped raise HavenCo's visibility. Also negotiated aggressive discount/payment/financing terms with several vendors despite limited trading history and offshore incorporation.
Systemics AI (Summer 1998 - Spring 1999): Co-founded an Anguillan operation to develop electronic payment systems for the Internet. Architecture and initial implementation of an anonymous privacy-protecting electronic cash system, as well as development of a schema of electronic cash systems and several novel protocols. Designed and constructed a datacenter with redundant power, redundant cooling, firewalling, and multi-site networking in a country where importation of ordinary equipment is difficult to impossible.
Venona Secure Solutions (1994 - 1998): Conducted security reviews for a variety of clients, as well as consulted with a range of startups in the areas of applications and systems architecture for security as well as regulatory compliance. Participated in several open source software efforts and attended conferences to stay current on developments in security and open systems. Major projects included developing design requirements, specification, and implementation plans for a major electronic cash project still underway. including facilities, network infrastructure, and some of the application software.
MIT Media Lab Wearable Computing Project (1996): As an undergraduate research student, worked to implement advanced 3-d imaging technology on a wearable platform. Developed system to distribute high-computation parts of the application over a heterogenous farm of high-end UNIX workstations. Additionally, did general UNIX systems administration and Linux hacking to adapt Linux to a wearable embedded computing platform with video I/O and wireless communications.
Massachusetts Institute of Technology (Summer 1995 - Fall 1997): Enrolled as an undergraduate/M.Eng. student from 1995 through 1997, beginning with advanced standing due to prior work. Primarily took courses in advanced mathematics, computer science, and cryptography. In-depth participation in MIT Entrepreneur's Club and $50k New Venture competition. Additionally, worked on developing user documentation and user technical support in a volunteer computer service organization. Did not complete degree due to financial pressure; left to move to Anguilla, British West Indies to participate in a startup venture.

Interests

My primary interests are the same as my professional interests -- computers and computer security on the cutting edge. Additionally, I enjoy historical security devices and the impact of security systems on history, competitive target shooting, travel, following advances in technology of any kind, and participating in the Open Source/Free Software movement. I have some experience and comfort with primarily written Latin, French, and German, in that order. I run archives and am a regular contributor to several electronic mailing lists discussing computer security, and have recently become involved in standards organizations.

Publications and Presentations

(partial list)
2003-10-07: San Francisco OpenBSD Users Group (SFOBUG): Tamper-resistant security modules for secure applications
2003-08-03: Defcon XI: HavenCo: What Really Happened
2003-08-01: Defcon XI: Behind the Remailers
2003-04-15: RSA Security Conference 2003: Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership
2002-10-20: ACM UIUC Reflections/Projections 2002: Practicalities of Internet Freedom
2002-08-01: Defcon X: Anonymous, Secure, Open Electronic Cash
2002-07-13: H2K2: The Ultimate Co-location Site
2002-02-10: RSA Conference 2002: Jurisdictional Arbitrage for Risk Management
2002-02-10: RSA Conference 2002: P2P Taxonomy
2001-08-15: HAL 2001: In Defense of Privacy: Offshore Datahavens and Hosting Controversial Data
2001-07-13: Defcon 9: HavenCo: One Year Later
2001-04-02: Jupiter MediaMetrix Plug-In Europe: File Sharing: How the Music Industry Can Work With Users
2000-07-29: Defcon 8: Secure Server Hosting
2000-08-15: DNSCON 2000: How to Host Applications Securely
1999-02-15: Financial Cryptography 1999: Summary of FC99 conference for IEEE Cipher
1998-08-02: Digital Commerce Society of Boston Symposium on Electronic Payments: Working around the DigiCash ecash patent monopoly

References available upon request.