Lev Walkin vlm@lionet.info +1 650 575 0955 * Objective I love programming simple, correct systems to automate the complex world. Therefore, I would be seeking a position of a largely hands-on software architect in a security conscious company. * Qualifications summary Strong hands-on knowledge of an extensive set of TCP/IP based technologies and network protocols in Unix environment. Implemented the complete TCP/IP stack from scratch for the IP networks simulation software. Implemented the servers for BGP, DNS, HTTP and other protocols from scratch as part of other projects. Implemented an open source, standards-compliant ASN.1 compiler (http://lionet.info/asn1c) widely used for dealing with X.509, RSA PKCS, LDAP, GSM TAP3, CDR and other telecom and security applications. * Programming languages, development systems and tools + Expert Unix programmer: GNU C/C++, x86 and mips assemblers, Perl, shell programming, GNU toolchain, a range of SCM systems. + Led a 10+ person development team transition from a set of imperative/OO languages to a more dynamic programming environment using a combination of Erlang, OCaml, Haskell. + Attentive to presentation and usability aspects of information systems. * Employment history + October, 2007 - present Co-founder and CTO JS-Kit (js-kit.com). San Mateo, California. Directly hired, trained and managed an off-shore development team developing dynamic web services for a wide range of customers. Architected and led implementation of a scalable, distributed, multi-datacenter software back-end, and a feature-rich web front-end. Scaled the system from 0 to 20M page views a day. Successfully shifted the development team from using Perl/C/C++ to Erlang/OCaml/Haskell on the back end to maintain pace, development agility, and high availability of the developed services. + June, 2005 - September, 2007 Software Engineer at Cisco, Inc. Security Technology Group (STG) (San Jose, California) Developed the hardware abstraction and OS portability layer for the ASA/PIX VPN applications, running on multiprocessor Intel, MIPS and AMD boards. Built foundation for new WebVPN architecture, LDAP, CIFS/SMB subsystems, being part of ASA 7.1 to 8.0 successful releases. Designed and implemented an RAM based object filesystem, slab memory allocator with GC, streams/channels/FS abstraction layer. Implemented an I/O triggered threading library, with scheduler capable of utilizing heavily multicore CPUs (32-core MIPS) and x86 SMP systems. Implemented PKCS#1,7,8 JAR and CAB code signing framework for on-board cryptographic operations. + December, 2001 - April, 2005 Principal Engineer at Netli, Inc. (Palo Alto, California) http://www.netli.com/ Designed and developed an extensive set of Unix applications, libraries and IP-based protocols as part of a system for speeding up HTTP[S]/TCP throughput. Designed and implemented: * Fault-tolerant distributed RSA key server architecture and software. Used to speed-up SSL (HTTPS) web applications throughput and provide secure key storage utilizing dedicated remote HSMs. OpenSSL-pluggable. * Secure UDP communications layer (protocol and library) supporting AES/Rijndael cipher, dynamic session keys management, session keys scheduling. Predates DTLS. * DNS server/proxy/cache: special purpose DNS responder for serving tens of thousands requests per second. Utilizes multi-factor, dynamic target selection logic driven by real time application server availability, system configuration and network topology information. * Network heartbeat protocol: supporting a status bearing partial mesh between hundreds of geographically and topologically distributed applications. Key features: dynamic reconfiguration, link redundancy, fault tolerance, low convergence time and scalability. * Language and parser to support uniform access methods to the system configuration. Key features: configuration language supports hierarchy, inheritance, value assignment, value references with in-place and deferred resolution. Configuration library provides an OO approach for reloading configuration on the fly without requiring full process reload. * Implemented an OpenSSL adaptation layer to mix SSL and non-SSL data within a single connection; also made OpenSSL "ENGINE" calls pseudo-asynchronous for otherwise single-threaded application. + September, 2001 - November, 2001 Sr. Software Engineer at Netli, Inc. Moscow branch (Moscow, Russia) Development of DNS-based Global Redirection System, design and implementation of core Netli GRS components, including custom DNS server and other accompanying software. Designed and implemented a DNS-specific network delay emulator. + October, 2000 - August, 2001 Lead Information Security Engineer at Ulyanovsk GSM, JSC (Ulyanovsk, Russia) * Set up and maintained a distributed, secure (IPSec) high-speed MAN corporate network. * Designed and implemented an SMPP gateway for GSM SMS handling. Implemented an appropriate services set: E-Mail to SMS, SMS to E-Mail, and other interactive SMS services for mobile customers and intra-company restricted use. * Designed and implemented a TCP/IP-based, secure solution for accessing the SMS center from within neighbor organizations. * Consulted the local staff on the technical questions related to security and confidential data handling. + December, 1999 - September, 2000 Network Administrator and Software Developer at Vens, JSC (Ulyanovsk, Russia). Brought to life a new Internet Service Provider center, which involved custom software development, selecting hardware and doing initial maintenance. * Designed and implemented an integrated system of interconnected software components to support the set of ISP services pioneered in the region by Vens JSC. * Set up the local NOC network with the Internet connectivity. * Implemented support of the dial-up and leased line clients (authorization, authentication, accounting, billing systems, initial access servers configuration and tuning). * Designed and led the development of the unified LDAP database for managing customers accounts and related data. * Modified AAA (RADIUS, TACACS) software for the "Internet-cards" service handling. * Designed and implemented an advanced Web mail system with integrated PGP support. * Designed and implemented a unified accounting, statistics and billing system with a Web management front-end. + July, 1999 - August, 1999 ITC Intern at United Nations Organization, UNDP/UNOPS, Informational Technologies Center, (Kigali, Rwanda) * Designed and implemented the distributed Inter/intranet users directory software, integrated with LDAP for information exchange with UN HQ. Implemented a Web interface for its maintenance. * Set up the UNOPS Equipment database and implemented the Web interface for offloading its maintenance to a responsible party. * Provided intensive 2-week group training in "Networking and configuring Cisco routers" organized by UNDP for national counterpart institutions. + October, 1997 - August, 2001 Network Administrator at Ulyanovsk State Technical University's NOC Setting up and maintaining critical systems (DNS, routing, email). * Uniform distributed database for managing users of multiple types of Internet/intranet services (LDAP SDK, C, Perl). * Designed and implemented an electronic mailing subsystem with mail traffic back up. * Developed and implemented an accounting and rationing system for managing the department's Internet resources. * Created the visual TCP/IP network simulator software for educational purposes (lionet.info/ne/ne3). * Designed and led the development of the indexing, morphology-aware Web search system for the campus resources (hundreds megabytes of HTML data). * Background * Authorized to work in the U.S. (GC) * Education: MSCS, 2003 Up to date version of this resume can be found at http://lionet.info/CV Additional information and references available upon request.