| Who | Dräger Medical Systems |
|---|---|
| Logo |  |
| Where | Andover MA |
| When | 10/2016 – 12/2019 |
| What | Senior Architect |
Overview:
Dräger Medical Systems designs, manufactures and sells patient monitoring systems.
Achievements:
- Designed a decentralized multicast cryptography system usable by highly-constrained embedded system
- Served as Infinity product line security architect
- Served as cyber security subject matter expert
- Served as C/C++ subject matter expert
- Led the effort to perform a modern threat modeling across the entire Infinity product line
- Trained and mentored threat modeling facilitators
- Designed and oversaw the refit of a conference room for use in threat modeling efforts
- Created and presented (multiple times) a 2 hour software security fundamentals class for managers and software developers
- Created and presented an 8 hour threat modeling class for software developers and risk managers
- Designed and led an effort to do modern threat modeling on company products
- Designed and led and effort to move code signing to a self-contained, FIPS-compliant, HSM-based system
- Led an effort to uplift 3M lines of C89 / C++98 code to C11 / C++11
- Mentored junior developers
- Served as subject matter expert on C and C++ development
- Member of the ISO C committee
- Member of the ISO C++ committee
- Chair of ISO JTC1 SC22 WG14 TS17961 (Safe and Secure C)
- Served as subject matter expert to legal department on open source library integration
- Created and presented (multiple times) a 15 hour Python class for software developers
- Created and presented (multiple times) a 15 hour C++14/17 jumpstart class for C developers
- Created and presented (multiple times) a 15 hour C++14/17 advanced class for C++03 developers
- Championed modern secure software development practices
- Championed open source software best practices
- Championed adoption and use of C++14/17
- Wrote code to support Windows-specific cryptographic operations (C++)
- Designed and led an effort to move a 20 year old Sun SPARCstation-based Unix cluster to a virtualized environment capable of producing binary-identical programs
Papers:
- Software Security Fundamentals [PowerPoint presentation] (~60 slides)
- Threat Modeling [PowerPoint presentation] (~90 slides)
- C++ State-of-the-Art [PowerPoint presentation] (~90 slides)
- Modern C++ Jumpstart Class [PowerPoint presentation] (~450 slides)
- Modern C++ Class [PowerPoint presentation] (~500 slides)
- Python Class [PowerPoint presentation] (~450 slides)
Industry Participation:
- Member of the ISO C committee
- Member of the ISO C++ committee
- Chair of ISO TS 17961 (Safe and Secure C Code)
