Ryan Lackey
[email protected]
+1 415 704 3498
Objective
An opportunity to apply cutting-edge Internet technologies to solve
real world problems in the security infrastructure or payment infrastructure
space, using UNIX and standard Internet Protocols as a base.
Skills
Principal competencies:
- Management of technical teams and startup-phase technical organizations,
including staff relations, budgeting, investor relations, technical and
administrative policy development, and pre/post sale customer service
- Practicalities of international business and finance, including
customs mitigation, security, corporate formation, and regulatory
compliance
- Secure facilities/infrastructure design for high reliability, availability,
and servicability
- Secure application architecture -- distribution for tamper-resistance,
replication for performance and reliability, multiparty administrative
control
- Agoric systems to solve financial and non-financial problems
- Technical sales and sales engineering, particularly in the security
and Internet arenas
- Legal and technical structuring of organizations to overcome crypto export,
financial reporting, and taxation difficulties to maximum advantage
- Operations manuals, disaster plans
- Security review/penetration testing from published specifications,
marketing literature and intuition, or system access
- Reengineering existing systems and processes for high security, reliability, availability, and servicability
- Extensive involvement with the next generation of open systems financial
technology, including electronic cash and automated markets
- Familiarity with theoretical/research work in cryptology, electronic
commerce, and scalable open systems and experience preparing reference
implementations of new advances
Knowledge and experience working with, implementing, and/or defeating:
Operating Systems: UNIX (Linux (especially Debian), BSD, Solaris, HP-UX, AIX),
PalmOS, Symbian/EPOC32, IOS, Windows NT, QNX, VxWorks, MacOS, JavaCard, Multos
Kernel Programming: Linux, OpenBSD, FreeBSD
(security modifications, not yet released)
Programming: Java, Python, XML/SGML, Postscript, Scheme, C, LISP,
Pocket C, Perl, Shell, TCL, LabVIEW, Z80 asm, PHP
Tools: BIND, JDK, dnsjava, PAM, Apache, Apache-JServ, CVS,
Zebra, GateD, Kerberos (4/5/KTH), SSH, mrtg/rrd, snmpd, inn, SQL, Oracle,
Postfix, Exim, Sendmail, GnuPG, apt, LPRng, OpenSSL, xntpd,
firewalls (ip filter and proxy), matlab, SAS, MicroStation, DHCPD
Protocol Details: Electronic cash protocols, DNS, common EGPs and
IGPs, SSL, OpenPGP, SMTP, HTTP,
SSH1 and SSH2, x509, SNMP, NTP, DHCP, OTP, SET
Facilities: 3-phase power systems, large UPSes (battery and rotational),
power generation (petrol, diesel, turbine, solar, wind),
lasers and laser scanners, biometric ID products,
smartcard and magnetic stripe cards and card readers
Devices: PC hardware, PC104,
Unix workstation hardware (Sun, Digital/Compaq, IBM RS/6000, HP),
iButton, IBM 4758, Biometric ID products (retina, iris, hand geometry,
fingerprint, voice), Compaq Atalla, key and combination locks,
commercial safes and vaults, secure timebases (cesium, gps, wwv, maser), Wiegand-protocol security systems, wireless networking (satellite, WaveLAN, 802.11, microwave, laser, FH SS HF, Ricochet, CDPD), Palm and EPOC handhelds, RFID card systems, security microcontrollers, Point of Sale systems, magnetic strips
Major Algorithms: Radiosity/heat-transfer, SHA-1, MD5, Tiger,
DES (DES, DESX, 3DES), CAST5, Blowfish, RC2, RC4, RC5, AES submissions
(primarily MARS, RC6, Serpent, Twofish), RSA,
Elliptic Curve systems, RSA, DH, ElGamal, Schnorr, Brickell-McCurley
Financial Systems: ACH, ATM networks, debit and credit card fraud
detection systems, e-gold, realtime trading systems, e-check, electronic
token systems, micropayment schemes, SET, gift/prepaid cards, loyalty card
systems, private wire systems
Detailed Project List and Descriptions/Links
Experience and Education
- metacolo (Winter
2002 - Present)
- Founder of a distributed global network of technical and business
infrastructure, allowing Internet-based businesses to pick and choose from
16+ jurisidctions around the world for incorporation, financial transaction
processing, and secure servers with reliable network bandwidth. Negotiated
with local business partners, governments, and global technology providers,
managed technology development, and supervisied and coordinated infrastructure
rollout in multiple locations in parallel. Developed operations and marketing
plans, and directed ongoing sales, publicity, and operations.
- HavenCo (Summer 1999 -
Winter 2002)
- Founder and CTO of a global colocation company designed to provide the
best secure, reliable, high-performance colocation in a variety of
regulatorily interesting jurisdictions worldwide. Participated in
development of business concept, business plans, and budget from the founding
of the company through the present. Responsible for all
technical aspects of the company, and hired/managed development and
operations staff. Developed and implemented anti-DDoS high-speed global
network architecture, tamper-resistant server computer technology, and
a highly manageable, high density, low marginal administration server
architecture. Additionally, attracted and managed several major press
contacts, including the cover of Wired Magazine and an interview with Slashdot, which helped raise HavenCo's visibility. Also negotiated aggressive discount/payment/financing terms with several vendors despite limited trading history and offshore incorporation.
- Systemics AI (Summer 1998 - Spring 1999)
-
Co-founded an Anguillan operation to develop electronic payment systems
for the Internet. Architecture and initial implementation of an
anonymous privacy-protecting electronic cash system, as well as development
of a schema of electronic cash systems and several novel protocols. Designed
and constructed a datacenter with redundant power, redundant cooling,
firewalling, and multi-site networking in a country where importation of
ordinary equipment is difficult to impossible.
- Venona Secure Solutions (1994 - 1998)
-
Conducted security reviews for a variety of clients, as well as
consulted with a range of startups in the areas of applications and
systems architecture for security as well as regulatory compliance.
Participated in several open source software efforts and attended
conferences to stay current on developments in security and open systems.
Major projects included developing design requirements, specification,
and implementation plans for a major electronic cash project still
underway. including facilities, network infrastructure, and some
of the application software.
- MIT Media Lab Wearable Computing Project (1996)
-
As an undergraduate research student, worked to implement advanced 3-d
imaging technology on a wearable platform. Developed system to
distribute high-computation parts of the application over a heterogenous
farm of high-end UNIX workstations. Additionally, did general UNIX
systems administration and Linux hacking to adapt Linux to a
wearable embedded computing platform with video I/O and wireless
communications.
- Massachusetts Institute of Technology (Summer 1995 - Fall 1997)
-
Enrolled as an undergraduate/M.Eng. student from 1995 through 1997, beginning
with advanced standing due to prior work. Primarily took courses in advanced
mathematics, computer science, and cryptography. In-depth participation
in MIT Entrepreneur's Club and $50k New Venture competition. Additionally,
worked on developing user documentation and user technical support in
a volunteer computer service organization. Did not complete degree due
to financial pressure; left to move to Anguilla, British West Indies to
participate in a startup venture.
Interests
My primary interests are the same as my professional interests --
computers and computer security on the cutting edge. Additionally, I enjoy
historical security devices and the impact of security systems on
history, competitive target shooting, travel, following advances in
technology of any kind, and participating in the Open Source/Free Software
movement. I have some experience and comfort with primarily written Latin,
French, and German, in that order. I run archives and am a regular
contributor to several electronic mailing lists discussing computer
security, and have recently become involved in standards organizations.
Publications and Presentations
- (partial list)
- 2003-10-07: San Francisco OpenBSD Users Group (SFOBUG): Tamper-resistant
security modules for secure applications
- 2003-08-03: Defcon XI: HavenCo: What Really Happened
- 2003-08-01: Defcon XI: Behind the Remailers
- 2003-04-15: RSA Security Conference 2003: Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership
- 2002-10-20: ACM UIUC Reflections/Projections 2002: Practicalities of Internet Freedom
- 2002-08-01: Defcon X: Anonymous, Secure, Open Electronic Cash
- 2002-07-13: H2K2:
The Ultimate Co-location Site
- 2002-02-10: RSA Conference 2002: Jurisdictional Arbitrage for Risk Management
- 2002-02-10: RSA Conference 2002: P2P Taxonomy
- 2001-08-15: HAL 2001: In Defense of Privacy: Offshore Datahavens and Hosting Controversial Data
- 2001-07-13: Defcon 9: HavenCo: One Year Later
- 2001-04-02: Jupiter MediaMetrix Plug-In Europe: File Sharing: How the Music Industry Can Work With Users
- 2000-07-29: Defcon 8: Secure Server Hosting
- 2000-08-15: DNSCON 2000: How to Host Applications Securely
- 1999-02-15: Financial Cryptography 1999: Summary of FC99 conference for IEEE Cipher
- 1998-08-02: Digital Commerce Society of Boston Symposium on Electronic Payments: Working around the DigiCash ecash patent monopoly
References available upon request.