Seth Arnold |
Seth Arnold - sarnold(7)
- +1-503-577-3453 - seth.arnold@gmail.com
I am versatile, able to quickly adapt to and excel in complex systems, especially those with subtle security and reliability problems. I enjoy talking with customers and users; my most recent supervisor noted I have a very good sense of the customer's voice. I support co-workers with enthusiasm, improving a team's productivity and morale.
I have expertise with Linux kernel internals, cryptography, security issues, software development and maintenance, and the TCP/IP family of protocols. I am familiar with the constraints and freedoms of open source licenses.
I give confident, credible, and effective presentations about complex subjects.
I participate in Free Software and Open Source communities. I have been part of the Open and Free Technology Community's NOC and a staff member on Freenode.
I joined the SuSE Labs research and development team when Novell acquired Immunix. My responsibilities at Novell / SuSE included:
Primary developer of AppArmor Mandatory Access Control policies for the SuSE Linux family of distributions.
Primary responsibility for internal code reviews; mentored team members to improve our team's code quality and reliability.
Invented, designed, and developed a client-server architecture to integrate an online profile repository into AppArmor profile development tools to reduce the cost of deploying AppArmor.
Sole developer on XMLRPC/SOAP/HTTP server (Ruby on Rails, PostgreSQL) first deployed for openSUSE 10.3, Ubuntu Gutsy; over 300 users created accounts in the first month after release.
Performed public code quality reviews of IBM's SLIM and EVM kernel security modules, Casey Schaufler's SMACK kernel security module, Serge Hallyn's Filesystem Capabilities kernel patch, and Stony Brook's UnionFS kernel patch.
Educated internal and external developers how to make the most of AppArmor with both application design and policy design, through in-person trainings, email conversations, and IRC conversations:
Served as a sounding board for co-workers; provided guidance, explored and analyzed architecture alternatives, discussed priorities.
Primary contact for community users for bug reports and contributed policies.
Second-level support for Novell's enterprise client support and deployment engineers.
Primary author of technical documentation of AppArmor.
Gave our technical writer review and feedback on our end-user documentation.
Wrote a detailed AppArmor walk-through to introduce the software to new users and serve as community marketing material.
Community AppArmor evangelist:
Occasional technical sales support.
After graduating from Willamette University I joined Immunix, a pioneering startup company that invented the influential StackGuard, FormatGuard, PointGuard, and SubDomain security technologies, and sold a secure Linux distribution built with our unique tools. My responsibilities at Immunix included:
Primary developer of SubDomain mandatory access control policies.
Developer of SubDomain profile authoring tools.
Primary developer of the CryptoMark signed executable support:
Primary responsibility for migration to Subversion from CVS and Subversion administration.
Distribution packaging duties: repaired broken package builds when upgrading toolchain, integrated security and feature patches into packages, integrated new drivers and features into the kernel.
Supported users on Immunix's public and private mail lists. Supported internal developers. Occasional conference calls and meetings with customers to discuss new features to support unique installations.
Authored technical documentation for Immunix's unique features, intended for technically-savvy end-users and developers.
Technical sales and on-site customer meetings, roughly one visit every three months.
Administered the vendor-sec community of Linux distribution security teams.
Created, tested, integrated, and documented security fixes for the Immunix Secure Linux distribution. Coordinated with other vendors through vendor-sec.
Performed source code audits; I found 21 buffer overflows in Samba and one in the Linux kernel ELF loader, and many off-by-one address validation errors in the Linux kernel memory management subsystem.
Co-inventor on US patents 7,490,072 and 7,752,459.
Willamette University, BS in Computer Science, Mathematics, and Religious Studies. Work-study employment in the University computer lab.
Design and cryptanalysis of distributed offline song proof of purchase protocol.
Design generic cryptographic library layer.
Deployment of new WinNT developer workstations, helpdesk duties.
I worked at NBHC, a non-profit mental health organization, part-time during high-school and full-time during holidays.
Deployment of new WinNT, NetWare domains at off-site locations.
User and application administration on Unix, NetWare, and WinNT domains.
SQL report authoring and maintenance.
Win3.1 and Win95 user deployments and helpdesk duties.
I wrote the Ruby on Rails server application running http://apparmor.opensuse.org to allow users to collaboratively create security policy; full use of the server requires client tools to use the SOAP or XMLRPC backend (API at http://apparmor.opensuse.org/backend/wsdl; the clients are published in openSUSE 10.3 and Ubuntu Gutsy).
http://en.opensuse.org/AppArmor_Geeks AppArmor technical walk-through.
http://immunix.org Website to document and market features unique to the Immunix Secure Linux distribution. (This website can still be viewed at http://web.archive.org/web/20040102171929/http://immunix.org/ in a reduced-functionality version.)
Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, Chris Wright, and Adam Shostack. Timing the application of security patches for optimal uptime. In Proceedings of The 16th USENIX Systems Administration Conference (LISA 2002).
I helped organize several international online conferences with the Uninet organization, to provide an opportunity for community members to interact with popular community mainstays and little-known authors of promising software, including one conference with a focus on security.
I have been a member of the Network Operations Committee for the Open and Free Technologies Community http://www.oftc.net/ (a member of Software in the Public Interest).
I have been a staff member of Freenode http://www.freenode.net/.
I continually read books to expand my knowledge and abilities; a link to a partial reading log of professional development books is kept at http://careers.stackoverflow.com/sarnold/#books.
Seth Arnold |