Phil Groce

Developed improvements and new features for IronMail email security appliance.

Designed common C-language antivirus API and SPI, and implemented it for several antivirus vendors' APIs. Wrote Python bindings to this common interface using SWIG and integrated the result into the virus-scanning subsystem of the appliance.

Enabled the appliance to resolve delivery of inbound mail using MX records as well as static hosts, allowing inbound users to change their MX records in DNS without also having to update the appliance.

Customized FreeBSD-based appliance operating system through the company's existing framework to enable/disable console access through the serial port and configure listening port of customer support SSH service.

Improved code quality and confidence with unit tests of the DNS and mail delivery host resolution subsystems.

Developed countermeasures for deployment to managed IPS systems ("iSensors") in client networks.

Developed countermeasures for the RPC vulnerability exploited by the Blaster worm and its variants. No clients (out of approximately four hundred) were infected with any of these worms from iSensor-protected network connections.

Wrote a URI preprocessor in C to detect URI buffer-overflow attempts and IDS/IPS evasion attempts via abuse of Unicode and URL-encoding.

Designed and developed managed IPS systems and applications for processing alerts from those systems. Worked with Development Director to coordinate development projects.

Won SecureWorks' President's Award for developing "AutoG," which correlated IPS events into groups representing incidents in real-time. Developed in Java, AutoG read its input from the online data store and sent incident information as XML via SSL to a Microsoft-based CRM for workflow management.

Rearchitected and rewrote C++ server-side infrastructure for receiving alerts from IPS systems via SSL and inserting them into a DB2 database or sending them as XML alerts via SSL to a CRM. Added C++ idioms like templates and IOStreams to improve maintainability without compromising performance. Resulting architecture scaled roughly linearly with hardware, and yielded a 300% performance increase over old system on equivalent hardware.

Introduced Development group to automated unit testing with Junit and other tools. Conducted group meetings between stakeholders and the development group, in which the group reported on its progress and elicited requirements and priorities. Participated in development of software process documentation for SAS70 certification.

Wrote Linux kernel module to configure customized kernel behavior via the /proc filesystem. Debugged problems in Linux kernel using both gdb and the SGI kdb debugger.

Wrote unit testing framework for Linux firewall and IPS system, based on the Linux virtual network interface (TUN/TAP) driver. System sent simulated packets into the kernel through a virtual interface, through the firewall and IPS system, and out another virtual interface, without requiring real network configuration or connectivity. Tests could be written in virtually any programming language -- C, Shell and Python were commonly used.

Wrote web interface for SOC analysts to manually create, inspect and manipulate security incidents. System was based on Model 2 architecture, with a controller servlet to encapsulate business logic and JSP and tag libraries used for presentation.

Helped develop secure protocol for X.509 certificate exchange between a central CA and a sensor in an untrusted network.

Integrated callcenter and database systems with browser-based UIs for users in the callcenter, floor management, sales, and training.

Wrote web-based QA system that won CMC's Superstar award and was considered as a product line.

Wrote backend system to encode raw digital audio of phone calls to RealAudio for browser-based playback. Client/server architecture used a master server which handed out work to a "farm" of encoding clients.

Wrote client for customer representatives that integrated call scripts maintained in XML with data entry and telephony control via CTI. Incoming calls popped the script and data entry forms into the browser; associates could transfer, hold and conference calls via a Java applet connected to the dialer and ACD.