Charles Wilson's Blog

Who	Dräger Medical Systems
Logo
Where	Andover MA
When	10/2016 – 12/2019
What	Senior Architect

Overview:

Dräger Medical Systems designs, manufactures and sells patient monitoring systems.

Achievements:

• Designed a decentralized multicast cryptography system usable by highly-constrained embedded system
• Served as Infinity product line security architect
• Served as cyber security subject matter expert
• Served as C/C++ subject matter expert
• Led the effort to perform a modern threat modeling across the entire Infinity product line
• Trained and mentored threat modeling facilitators
• Designed and oversaw the refit of a conference room for use in threat modeling efforts
• Created and presented (multiple times) a 2 hour software security fundamentals class for managers and software developers
• Created and presented an 8 hour threat modeling class for software developers and risk managers
• Designed and led an effort to do modern threat modeling on company products
• Designed and led and effort to move code signing to a self-contained, FIPS-compliant, HSM-based system
• Led an effort to uplift 3M lines of C89 / C++98 code to C11 / C++11
• Mentored junior developers
• Served as subject matter expert on C and C++ development
• Member of the ISO C committee
• Member of the ISO C++ committee
• Chair of ISO JTC1 SC22 WG14 TS17961 (Safe and Secure C)
• Served as subject matter expert to legal department on open source library integration
• Created and presented (multiple times) a 15 hour Python class for software developers
• Created and presented (multiple times) a 15 hour C++14/17 jumpstart class for C developers
• Created and presented (multiple times) a 15 hour C++14/17 advanced class for C++03 developers
• Championed modern secure software development practices
• Championed open source software best practices
• Championed adoption and use of C++14/17
• Wrote code to support Windows-specific cryptographic operations (C++)
• Designed and led an effort to move a 20 year old Sun SPARCstation-based Unix cluster to a virtualized environment capable of producing binary-identical programs

Papers:

• Software Security Fundamentals [PowerPoint presentation] (~60 slides)
• Threat Modeling [PowerPoint presentation] (~90 slides)
• C++ State-of-the-Art [PowerPoint presentation] (~90 slides)
• Modern C++ Jumpstart Class [PowerPoint presentation] (~450 slides)
• Modern C++ Class [PowerPoint presentation] (~500 slides)
• Python Class [PowerPoint presentation] (~450 slides)

Industry Participation:

• Member of the ISO C committee
• Member of the ISO C++ committee
• Chair of ISO TS 17961 (Safe and Secure C Code)