Ryan Lackey
[email protected]
+1 212 372 7595


An opportunity to apply cutting-edge Internet technologies to solve real world problems while advancing the state of the art in technology.

Principal competencies:
Knowledge and experience working with, implementing, and/or defeating:

Operating Systems: UNIX (Linux (especially Debian), BSD, Solaris, HP-UX, AIX), PalmOS, Symbian/EPOC32, IOS, Windows NT, QNX, VxWorks, MacOS, JavaCard, Multos
Kernel Programming: Linux, OpenBSD, FreeBSD (security modifications, not yet released)
Programming: Java, Python, XML/SGML, Postscript, Scheme, C, LISP, Pocket C, Perl, Shell, TCL, LabVIEW, Z80 asm, PHP
Tools: BIND, JDK, dnsjava, PAM, Apache, Apache-JServ, CVS, Zebra, GateD, Kerberos (4/5/KTH), SSH, mrtg/rrd, snmpd, inn, SQL, Oracle, Postfix, Exim, Sendmail, GnuPG, apt, LPRng, OpenSSL, xntpd, firewalls (ip filter and proxy), matlab, SAS, MicroStation, DHCPD
Protocol Details: Electronic cash protocols, DNS, common EGPs and IGPs, SSL, OpenPGP, SMTP, HTTP, SSH1 and SSH2, x509, SNMP, NTP, DHCP, OTP, SET
Facilities: 3-phase power systems, large UPSes (battery and rotational), power generation (petrol, diesel, turbine, solar, wind), lasers and laser scanners, biometric ID products, smartcard and magnetic stripe cards and card readers
Devices: PC hardware, PC104, Unix workstation hardware (Sun, Digital/Compaq, IBM RS/6000, HP), iButton, IBM 4758, Biometric ID products (retina, iris, hand geometry, fingerprint, voice), Compaq Atalla, key and combination locks, commercial safes and vaults, secure timebases (cesium, gps, wwv, maser), Wiegand-protocol security systems, wireless networking (satellite, WaveLAN, 802.11, microwave, laser, FH SS HF, Ricochet, CDPD), Palm and EPOC handhelds, RFID card systems, security microcontrollers, Point of Sale systems, magnetic strips
Major Algorithms: Radiosity/heat-transfer, SHA-1, MD5, Tiger, DES (DES, DESX, 3DES), CAST5, Blowfish, RC2, RC4, RC5, AES submissions (primarily MARS, RC6, Serpent, Twofish), RSA, Elliptic Curve systems, RSA, DH, ElGamal, Schnorr, Brickell-McCurley
Financial Systems: ACH, ATM networks, debit and credit card fraud detection systems, e-gold, realtime trading systems, e-check, electronic token systems, micropayment schemes, SET, gift/prepaid cards, loyalty card systems, private wire systems

Detailed Project List and Descriptions/Links

Experience and Education
Blue Iraq, Balad, Iraq (Winter 2004 - Present)
Founded and led a DOD and Western contractor focused integrated networking and IT company. Built relationships with DOD and government customers throughout Iraq, Kuwait, and developed technical and marketing plan, raised capital, and implemented sales and technology strategy.
SSI Iraq, Baghdad, Iraq (Summer 2004 - Winter 2004)
Responsible for developing new products, business relationships, and managing major multi-site clients from initial contact throughout entire relationship, in the challenging and rapidly changing reconstruction Iraq market. Rebranded company, and developed a comprehensive marketing and technical plan to go after the US DoD/western contractor market. Built substantial relationships with DOD and Contractor customers. Transitioned to an outside contractor in order to implement this plan with external capitalization.
metacolo (Winter 2002 - Present)
Founder of a distributed global network of technical and business infrastructure, allowing Internet-based businesses to pick and choose from 16+ jurisidctions around the world for incorporation, financial transaction processing, and secure servers with reliable network bandwidth. Negotiated with local business partners, governments, and global technology providers, managed technology development, and supervisied and coordinated infrastructure rollout in multiple locations in parallel. Developed operations and marketing plans, and directed ongoing sales, publicity, and operations. Also directed consulting efforts, both leading contracts in RFID payments and cryptographic applications, and managing other contracts for network implementation, security audits, and application development.
HavenCo (Summer 1999 - Winter 2002)
Founder and CTO of a global colocation company designed to provide the best secure, reliable, high-performance colocation in a variety of regulatorily interesting jurisdictions worldwide. Participated in development of business concept, business plans, and budget from the founding of the company through the present. Responsible for all technical aspects of the company, and hired/managed development and operations staff. Developed and implemented anti-DDoS high-speed global network architecture, tamper-resistant server computer technology, and a highly manageable, high density, low marginal administration server architecture. Additionally, attracted and managed several major press contacts, including the cover of Wired Magazine and an interview with Slashdot, which helped raise HavenCo's visibility. Also negotiated aggressive discount/payment/financing terms with several vendors despite limited trading history and offshore incorporation.
Systemics AI (Summer 1998 - Spring 1999)
Co-founded an Anguillan operation to develop electronic payment systems for the Internet. Architecture and initial implementation of an anonymous privacy-protecting electronic cash system, as well as development of a schema of electronic cash systems and several novel protocols. Designed and constructed a datacenter with redundant power, redundant cooling, firewalling, and multi-site networking in a country where importation of ordinary equipment is difficult to impossible.
Venona Secure Solutions (1994 - 1998)
Conducted security reviews for a variety of clients, as well as consulted with a range of startups in the areas of applications and systems architecture for security as well as regulatory compliance. Participated in several open source software efforts and attended conferences to stay current on developments in security and open systems. Major projects included developing design requirements, specification, and implementation plans for a major electronic cash project still underway. including facilities, network infrastructure, and some of the application software.
MIT Media Lab Wearable Computing Project (1996)
As an undergraduate research student, worked to implement advanced 3-d imaging technology on a wearable platform. Developed system to distribute high-computation parts of the application over a heterogenous farm of high-end UNIX workstations. Additionally, did general UNIX systems administration and Linux hacking to adapt Linux to a wearable embedded computing platform with video I/O and wireless communications.
Massachusetts Institute of Technology (Summer 1995 - Fall 1997)
Enrolled as an undergraduate/M.Eng. student from 1995 through 1997, beginning with advanced standing due to prior work. Primarily took courses in advanced mathematics, computer science, and cryptography. In-depth participation in MIT Entrepreneur's Club and $50k New Venture competition. Additionally, worked on developing user documentation and user technical support in a volunteer computer service organization. Did not complete degree due to financial pressure; left to move to Anguilla, British West Indies to participate in a startup venture.
Certifications and Licenses

I am a Certified Information Systems Auditor (CISA), licensed US driver, and hold a valid US passport. Please contact me for any information related to security clearances or other credentials required for DOD/Government contracts.


My primary interests are the same as my professional interests -- computers and computer security on the cutting edge. Additionally, I enjoy historical security devices and the impact of security systems on history, competitive target shooting, travel, following advances in technology of any kind, and participating in the Open Source/Free Software movement. I have some experience and comfort with primarily written Latin, French, and German, in that order. I run archives and am a regular contributor to several electronic mailing lists discussing computer security, and have recently become involved in standards organizations.

I am a member of the American Civil Liberties Union (ACLU), Association for Computing Machinery (ACM), Amnesty International (AI), Information Systems Audit and Control Association (ISACA), Alpha Phi Omega service fraternity (APO), Electronic Frontier Foundation (EFF), International Association for Cryptologic Research (IACR), European Internet Registry (RIPE), North American Network Operators Group (NANOG), Internet Engineering Task Force (IETF), American Motorcyclist Association (AMA), and the Institute of Electrical and Electronics Engineers (IEEE).

Publications and Presentations
(partial list)
2004-01-19: Security Architecture and Implementation Guidelines book project (currently in editorial review)
2003-12-11: Bay Area FreeBSD Users Group (BAFUG): Networking with FreeBSD: Routers and more (with Tom Sparks)
2003-10-07: San Francisco OpenBSD Users Group (SFOBUG): Tamper-resistant security modules for secure applications
2003-08-01: Defcon XI: Behind the Remailers
2003-04-15: RSA Security Conference 2003: Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership
2002-10-20: ACM UIUC Reflections/Projections 2002: Practicalities of Internet Freedom
2002-08-01: Defcon X: Anonymous, Secure, Open Electronic Cash
2002-07-13: H2K2: The Ultimate Co-location Site
2002-02-10: RSA Conference 2002: Jurisdictional Arbitrage for Risk Management
2002-02-10: RSA Conference 2002: P2P Taxonomy
2001-08-15: HAL 2001: In Defense of Privacy: Offshore Datahavens and Hosting Controversial Data
2001-07-13: Defcon 9: HavenCo: One Year Later
2001-04-02: Jupiter MediaMetrix Plug-In Europe: File Sharing: How the Music Industry Can Work With Users
2000-07-29: Defcon 8: Secure Server Hosting
2000-08-15: DNSCON 2000: How to Host Applications Securely
1999-02-15: Financial Cryptography 1999: Summary of FC99 conference for IEEE Cipher
1998-08-02: Digital Commerce Society of Boston Symposium on Electronic Payments: Working around the DigiCash ecash patent monopoly

References available upon request.