William Herrin's RESUME

Overview:

I am a computer networking generalist with deep expertise in network protocols, resilient and scalable Linux software development, C programming, UNIX and Linux systems administration, and Internet security. I have a broad knowledge base, I chase new knowledge deep to mastery, and I am diligent and thorough in my work.

Objective:

I seek a small company or a small independent team within a larger company where I can funnel my experience through my creativity and invent useful things which expand the edge of the possible. I desire roles which are heavy on creative problem solving, requiring both deep insight in to and mastery of the given subject matter as well as sufficient breadth of skill to chase any problems to the root cause. I prefer roles with a mix of system operations and software development.

Employment Experience:

Dirtside Systems LLC (Seattle, WA)
Owner, April 2022 - present

• As an expert consultant, assisted clients with thorny technical challenges related to Linux and networking.
• Work for the Center for Applied Internet Data Analysis (CAIDA) at the San Diego Supercomputer Center.
  • Assisted research scientists understanding the nuances of common network protocols including Anycast BGP Routing combined with TCP.
  • Implemented an open-source decoder and error-checker for MRT-format BGP update dumps from Routeviews and RIPE RIS. The decoder explicitly traces data back to the exact bytes in the file and offers references to the relevant section of the RFC document that describes the encoding. When errors are suspected, the user can drill all the way down.
  • Investigated and addressed flash write mitigation issues on the fleet of Raspberry Pi Internet data collectors.
  • Updated and packaged legacy software for Debian Linux for use in a continuous integration / continuous deployment (CI/CD) system.
  • Implemented multiple-architecture software builds from Git using Docker and QEMU.
• Designed and implemented a conditioned server closet suitable for one rack-mount cabinet.
  • Built a raspberry-pi controlled winter cold-air bypass for the server closet.

Anduril Industries (Seattle, WA)
Senior Software Engineer, February 2021 - April 2022

• Architected replacement mission comms for the Space Force's Space Surveillance Network. Used a publish/subscribe software model under NixOS Linux, redundant ground and satellite TCP/IP pathways and Viasat HAIPE encryptors. Employed techniques such as TCP stream interception and Linux network namespaces to transparently interface with the legacy comms endpoints for a safe period of parallel operation with the incumbent system. Employed the Babel routing protocol to automatically use the best available network pathways between sites.
• Designed and prototyped the network link layer for a device-agnostic self-constructing mesh network. Used Linux network namespaces, IEEE Macsec, Google GRPC, Golang and Bash. The prototype formed an optimal set of encrypted layer-2's based on the dynamic proximity of each piece of equipment to its peers. Machines self-constructed the network addresses and architecture starting with only an identity and an initial shared cryptographic key.
• Wrote extensions to Free Range Routing's Babel protocol module in C. The FRR extensions imported external wireless signal quality knowledge for use in packet routing decisions.
• Championed and initiated an effort to create a DISA STIG (Security Technical Implementation Guide) for NixOS Linux.
• Mentored junior staff, teaching the finer points of TCP/IP networking, Linux software, network security and DoD security policy.

Facebook (Seattle, WA)
Production Engineer, March 2020 - November 2020

• Member of the operating systems team responsible for the worldwide fleet of Linux servers.
• Wrote an automation safety plugin for Red Hat's DNF software installation tool.
• Automated large-scale software deployment and configuration in Chef (Ruby).
• Built system management tools in Bash and Python.

Amazon Web Services (Seattle, WA)
Senior Software Engineer, November 2018 - November 2019

• Worked on the data plane team for Global Accelerator, a load balancer with BGP-anycasted global entry points.
• Wrote high performance Internet packet handling code in C using Intel's DPDK framework.
• With deep research, solved a TCP throughput degradation that bedeviled the first release due to an unexpected secondary effect from network address translation.
• Led design of a core part of the source address preservation effort, delivering packets to customers without obscuring the original Internet source.
• Managed devops and software deployment including participation in a 24/7 operations on-call rotation.

Tesla Government, Inc. (Vienna, VA)
Devops Lead, April 2017 - October 2018

• Transitioned a system from a physical rack environment to Amazon Web Services' Govcloud, including VPCs, Red Hat Linux and Windows 2012 EC2 instances, AWS security groups, Route 53 DNS, MySQL RDS databases, etc.
• Designed the AWS Virtual Private Cloud (VPC) to overcome routing limitations so that all data traffic was forced through appropriate EC2-based security appliances.
• Built Perl software which interacts with the Amazon IAM APIs and Microsoft Active Directory to implement password changing and multifactor authentication compliant with NIST Special Publications 800-63 revision 3 and 800-53 draft revision 5. This included collecting and implementing a database of more than 17 million compromised password patterns which are used to reject insecure passwords.
• Implemented Microsoft Active Directory with custom software in C for the Linux servers to rely on Active Directory via LDAP for passwords only.
• Implemented Linux shell users by creating a Red Hat RPM package for each.
• Implemented compliance with DoD's Risk Management Framework based on NIST Special Publication 800-53 revision 4 with Identity and Authentication inserts from draft revision 5.
• Shepherded the new system from concept through the full DoD Authority to Operate (ATO) and Final Operational Capability (FOC) process including continuous monitoring with ACAS/Nessus.
• Designed a Continuous Integration / Continuous Deployment (CI/CD) process using git, Jenkins, Red Hat packages (RPMs) and the Yum.
• Using a combination of Linux iptables logging rules, Snort and Splunk, implemented a Network Intrusion Detection System (IDS) based on building a profile of expected data traffic and alerting on packets which fail to fit the profile.
• Implemented a primary system firewall using Linux and iptables, with remote access to the system using OpenVPN.
• Implemented automatic backups for Mac OSX laptops using shell scripts, network drives and Time Machine.

University of Maryland University College. (Adelphi, MD)
Linux Engineer III, April 2016 - March 2017

• Member of a team supporting a large Amazon Web Services (AWS) cloud deployment including EC2 virtual servers, Amazon virtual private cloud networks, security groups, elastic load balancers and Route 53 DNS.
• Managed Apache Tomcat Java web servlet containers. Wrote a health check servlet in Java which checked operation of multiple servlets in a background thread and reported a consolidated status to the AWS load balancers.

Dirtside Systems, Inc. (Falls Church, VA)
Owner, May 2014 - April 2016

• Contractor supporting software development for unusual computer network applications.
• Work for undisclosed company.
  • Major network security work including expansive use of Linux iptables, ip rules, multiple routing tables and SELinux for server hardening
  • Supported pure software developers, mentoring to help them understand operations-level needs and requirements.
  • Wrote glue code in Perl and Python, integrating disparate software systems 
  • Some work with Asterisk VoIP servers and SIP trunking
  • Some work with Raspberry Pi-based embedded systems
  • Designed specialty VPN solutions based on OpenVPN and Cisco Anyconnect.
• Work for Digital Globe Marine Services.
  • Worked on the Orb Map fish finder back end Linux system including cloud virtualization
  • Wrote and deployed daily production system using Perl.
  • Established custom networking and email services connecting ships with satellite modems to the data source.

ITT Exelis (Dulles, VA)
Principal Engineer, March 2010 - April 2014

• Led the design and implementation of a resilient computer room with standard n+1 power and air conditioning systems, as well as the structured cabling system for a company expansion.
• Built a "distributed responsibility" developer network, facilitating development of many Internet-connected products. Compartmented systems accessed via VPNs from engineers' desks permitted parallel development of systems with divergent security architectures. Included a building-wide roaming wifi network.
• Built a network of more than 70 virtual machines distributed through a dozen countries.
• Designed and built a system for managing hundreds of millions of geographic map imagery tiles using C, Perl, some Python and the Linux FUSE filesystem hooks.
• Defined HTTP-based service oriented architecture APIs for a large messaging product.
• Built two more BGP-using multi-site continuity of operations networks for customers.
• Managed a team of three engineers responsible for around 100 servers, routers and switches serving multiple government projects.

ITT (Dulles, VA)
Senior Software Engineer, May 2008 - March 2010

• Architected, led the implementation and delivered a geographically diverse (Virginia & Hawaii) continuity of operations system for an Iridium satellite base-end station. Used Linux LVS load balancers controlled by custom Perl-based software to access active-active redundant servers. OSPF and Quagga attached IP addresses to the active firewalls while BGP brought packets into the network at both sites.
• Implemented a thorough hardware and software monitoring and reporting system using Perl.

comScore, Inc (Reston, VA)
Senior Software Engineer, November 2007 - April 2008

• Developed a Linux-based network appliance that captured and analyzed HTTP packet traffic.

Democratic National Committee (Washington, DC)
Internet Infrastructure Manager, September 2005 - November 2007

• Managed a staff of three engineers responsible for 70+ Linux servers used by three Democratic Party organizations.
• Designed and built a resilient computing infrastructure including two collocation data centers, a 56-mile fiber optic ring connecting them with national headquarters, multiple Internet backbone connections and BGP reciprocal peering.
• Implemented thorough hardware monitoring and reporting to identify and replace ailing servers before they break.
• Helped specify and deploy an Avaya VoIP phone system for 300 users.
• Performed professional management in the following areas: computer/system operations, systems administration, communications network administration, software development, systems software support, hardware support, database administration.

Cambridge Communications Systems, Inc. (Suitland, MD)
Research Analyst - Linux, December 2004 - September 2005

• Contractor for the United States Bureau of the Census, Telecommunications Office.
• Designed and built custom spam control software using Sendmail, multi-threaded C and Perl with individual customer settings and an intelligent recovery method for false positives.

Democratic National Committee (Washington, DC)
Senior Information Technology Generalist, August 2004 - December 2004

• Helped the DNC scale up their Internet operation for the 2004 election. Rebuilt the link redirector part of the web application that couldn't withstand the higher load.
• Constructed an online UNIX backup solution that backed up multiple terabytes of data and successfully restored data following several database crashes and an accidental file deletion.

CrossLink Internet Services (Springfield, Virginia)
Director of Engineering, November 1998 - May 2004

• Led a team of three engineers to construct and maintain a wide area network (WAN) and Internet server system deploying Cisco, UNIX, and Windows Server technologies.
• Developed and deployed server-based E-Mail antivirus software using multi-threaded C and Perl on a Linux platform.
• Constructed robust network monitoring software suitable for identifying faults in and notifying operations staff in an Internet Service Provider network consisting of more than 40 sites in 5 states and more than 200 Cisco routers, including a multihomed BGP backbone.
• Performed cost analyses on proposed company products. Assisted sales staff with product pricing.

netFilter Technologies (Falls Church, Virginia)
Co-owner, August 1996 - November, 1998

• Lead developer on a network-hosted HTTP web content filter.

Why? Internetworking (Annandale, Virginia)
Owner, October 1995 - August 1998

• Developed and operated all World Wide Web services for CrossLink, a regional Internet Service Provider.

Office of Naval Research, Ocean Acoustics Program (Arlington, Virginia)
Office Automation Clerk, June 1993 - September 1996

• College internship involving Sun Solaris system administration including shipboard support during experiments.

More information is available.

Education:

George Mason University (Fairfax, Virginia)
Bachelor of Science in Computer Science, January 1997
GPA - In Major: 4.0, Overall: 3.3

More information is available.

Skills:

• A quarter century of professional software development experience.
  • Programming Languages: Expert: C and Perl. Experienced: Unix shell scripting. Minor or out of date experience in many others.
  • Robust software development skills. I learn new programming languages at need.
  • Expertise in both single-threaded and multi-threaded programming.
  • Experience developing software for MySQL. Minor experience with other SQL databases including Postgres, Oracle and Netezza.
• Extensive Internet-related expertise.
  • Recognized Internet routing expert.
    • Strong experience with BGP and OSPF.
    • Operate BGP AS 11875 announcing 199.33.224.0/23 using Free Range Routing (FRR), Quagga and Cisco routers.
    • Participated in the Internet Research Task Force's Routing Research Group.
    • Participate in the American Registry for Internet Numbers' public policy process.
    • Credible run for election to the American Registry for Internet Numbers Board of Trustees: earned 73 votes out of 138 needed.
    • Developed an experimental routing overlay leveraging GRE and DNS.
    • Designed and prototyped a base layer for a high-scalability self-constructing mesh network.
    • Estimated the actual dollar cost of BGP's scalability problem.
  • TCP/IP expert including development of software applications using IPv4, IPv6, TCP, UDP, IP, ICMP, DNS, GRE and VPNs.
• Experience with Software Defined Networking (SDN) and the Intel Dataplane Development Kit (DPDK) framework
• Did theoretical design work on a resilient anycast TCP solution that is able to continue the TCP connection even when a customer’s packets are split between multiple nearest servers.
• Hosted Internet Domain Names (DNS) using ISC Bind since 1993. Used DNS as the map resolver for an experimental routing protocol including low-level work on DNS packets in C. Did theoretical design work on DNS-specific stateless anycast TCP.
• Broad experience with Cisco routers including automated updates and management via SNMP and telnet. Built software which automatically backs up the router configurations. I have used IOS 10.0 through 15.
• I've worked with a variety of data circuits including: POTS lines, ISDN BRIs (ni1), ISDN PRIs (5ess and dms100), T1s, T3s, frame relay, ATM, CWDM, dark fiber, various Ethernet technologies and 802.11 wireless.
• Three decades of experience developing software in UNIX environments including Linux (SuSE, Red Hat, Fedora and Debian), Sun Solaris, Dynix, Ultrix, Irix and HP/UX.
• Deep understanding of Internet security technology including firewalls, packet filtering, NAT, Unix security, content filtering (anti-porn, anti-spam) and encryption including IPSec, SSL/TLS, and LDAP.
• Extensive expertise with Internet mail protocols including SMTP, POP, and IMAP. Have written delivery agents, spam and virus filters, glue code and helper programs for major software packages including Sendmail and Postfix.
• US Citizen. Have held DoD Top Secret clearances with SCI eligibility.
• Fully vaccinated.
• Open to in-office, remote and hybrid work. Some travel OK. No relocation.

References and work samples are available on request.

Last updated Friday, June 21, 2024 01:25 PM.