Summary:

Systems Engineering and Security Related Work:

Over thirty years in the design, development, and implementation of computer systems and system security engineering. Positions have included management, systems design, systems level programming and metrics definition for system development. Work has concentrated in communications arena for DoD systems, to include local area networks, message switching systems, packet switching systems, and the development of communications and security related protocols.

Certified Information Systems Security Professional (CISSP) #3959 (inactive)

Internet Related Work:

In general, internet security work concentrated on the definition of security requirements and processes for connecting DoD computer systems to the Internet environment. As part of Internet-related work, have developed Common Gateway Interface (CGI) routines to administer Unix (tm) passwords and encrypt files using a forms interface. (Demo available at http://www.schaft.com/password/passwords.shtml).

Over twenty five years of daily use of the Internet as a tool for security work and as a Windows software consultant. Was the moderator of the Windows Special Interest Group (SIG) for a Cupertino, CA based nationwide Internet Service Provider. In return for an account, was responsible for the maintenance and update of a 2,000 plus Windows file area. Was a volunteer assistant in the provider's new user help area where users interactively asked questions relating to Windows programs, the provider's services, and connectivity to the Internet.

At a new provider established a Windows and Internet related file area available via either FTP or the World Wide Web. Supplied answers via Usenet news groups and email to questions pertaining to the use and access of the Internet and its tools, specifically establishment of World Wide Web sites, Perl programming, CGI scripting, FTP, e-mail, and telnet. In part due to this effort, was hired as Special Assistant to the CEO and Director of Customer Satisfaction for the Internet Service Provider.

Have been Webmaster for several sites, including an Internet/Intranet site for a USAF organization at Onizuka Air Station in California.

Current Security Clearance: DoD TOP SECRET

---------------------------------------------------------------------------------
(Details of professional experience)

Lockheed Martin (5/98 - Present)

Currently working in Fort Worth, Texas as part of the System Security Engineering group for the F-22 Raptor. Also have worked in the System Security Engineering area of the Joint Strike Fighter (JSF F-35) Program. Both of these efforts entail the definition, decomposition and development of the security requirements for the aircraft software systems. This work involves the integration of JAFAN 6/3, NISPOM, DITSCAP, GIG-IA, and Common Criteria approaches to security certification and accreditation for the programs.

Previously, in California, worked as part of the team defining the system security architecture for the Spacelift Range System (SLRS) and the Range Standardization and Automation Phase IIA (RSA IIA) program. Addressed the security approach to the Flight Operations/Analysis (FOA) delivery in the Range Delivery Increment three portion of the program as well the end to end connectivity of the system segment in the Range Delivery Increments one and two. Earlier, worked on the definition of the requirements and design of the Network Manager segment of the same program.

Systems Research Group (3/97 - 5/98)

Worked as a subcontractor to Lockheed Martin on the Navy Standard Integrated Personnel System (NSIPS). Began as System Security Engineer. Participated in architecture definition study (network, hardware, and software). Results of this study defined the approach to development of NSIPS. Was promoted to Systems Engineering manager. Presented at successful System Requirements Review (SRR), System Design Review (SDR), and numerous customer technical reviews. Promoted to Technical Director, with Systems Engineering and Software Engineering as reporting departments. Lead for Integrated Product Teams (IPTs) that finalized the architecture and design. Presented at successful Preliminary Design Review (PDR) and Critical Design Review (CDR) for the system. Responsible for technical direction of the program and 70-plus systems and software engineers.

Allied Signal Aerospace (7/96 - 3/97)

Webmaster and System Security Engineer for AF SMC/CWO's Web site and System Engineering Network (SENet) at Onizuka Air Station, CA. Responsible for the design and development of internal Web site (intranet) and development of external presence pages. Responsible for the design of the security architecture of the SENet and ensuring that it is sufficient to be accredited. Essentially a continuation of the work begun on the same system when employed by LORAL Corporation (details below).

Worldlink International (2/96 - 7/96) and BEST Internet Communication (12/95- 01/96)

At Worldlink, was full time Internet consultant. The job entailed establishing a Web presence, developing Windows-based back office systems for processing of orders and fax requirements, and assisting the CEO in technology planning.

At BEST, was "Director of Customer Satisfaction". The job entailed handling customer inquiries about Internet connectivity, World Wide Web site and page setup, Perl programming, Unix commands, and assistance in establishing accounts. As an advisor to the CEO, was responsible for evaluating new software, reviewing work processes, and assisting the CEO in strategic planning. This was a short time job that formalized a role I had filled as a volunteer for several years with the company. It reverted to a volunteer position when the CEO was replaced.

LORAL Corporation (Space and Range Systems and WDL) (10/91 - 12/95)

System Security Engineer (SSE) for the Air Force Satellite Control Network (AF SCN). Developed and documented the process for security engineering and review of modifications to the installed hardware and software base. Participated in the development and execution of security test and evaluation of new systems. Received two awards for development of processes for security review and job performance. Final task was the definition of system and security requirements for access to the Internet and World Wide Web by Government systems through a firewall. The purpose of this system was to enable sharing of technical design data over the World Wide Web between AF program offices in Sunnyvale, Los Angeles, and Colorado.

Martin Marietta Corporation, I&CS (6/88 - 5/91)

Developed a definition of the system and software security requirements for classified Government programs. The security vulnerabilities of existing and planned systems and the role of security engineering were documented for the customer. Wrote the System Security Analysis for the accreditation of a DoD tactical intelligence fusion system.

Syscon Corporation (7/86 - 6/88)

Wrote the Engineering Change Proposal (ECP) for system security requirements for an Army tactical intelligence fusion system (All Source Analysis System - ASAS) developed at the Jet Propulsion Lab. Responsible for the development, design review, and successful implementation and test of the software and system security requirements.

INCO Inc. (11/82 - 7/86)

Principle design engineer for the "Formal Message Service" of the Inter-Service/Agency Automated Message Processing Exchange (I-S/A AMPE) Program. Prior to that, was responsible for the management of programs concerned with networking and protocol development in support of Defense Intelligence Agency (DIA) and DoD customers.

System Development Corporation (10/78 - 11/82)

Managed the design and implementation of an internal R&D local area network to research DoD network protocols and security policies. Also worked on the study and development of end to end encryption protocols for DoD message systems.

E-Systems, MELPAR Division (7/78 - 10/78)

One of the lead designers for the communications processor subsystem of the Remote Tactical Airborne SIGINT System/Tactical Ground Intercept Facility.

Computer Sciences Corporation (7/75 - 7/78)

Responsible for the software development for the Network Control Center for a DoD message network (AUTODIN-II). Responsible for the management of the software development for a USAF Automated Tech Control system.

Sperry UNIVAC (5/73 - 7/75)

Systems programmer and principal designer of the operating system and communications interface for an Army computerized message switching system (AMME).

U.S. Air Force (1/69 - 5/73)

All military computer experience was in support of the Office of the Secretary of the Air Force, Office of Space Systems on classified programs.