People

Resume (Last Updated May 1st, 2025)

Objective: Build computer environments that solve the complex problems of the world faster than what was thought possible. For all networks, configure strong security with low impact on user activities. Make networks faster and more resilient for high speed transfer of their data. Deploy comprehensive monitoring solutions to be able to determine goals are being met.

Education: Received bachelor of Science Degree in Mathematics/Computer Science, May 1989 from Harvey Mudd College (Claremont, CA). Undergraduate research included a project for the Aerospace Corporation designing a database for a satellite design expert system.

Employment Record: 

June 2021 to Present: National Center for Biotechnology Information contract UNIX system admin position in the systems group.

∙ Maintain Linux systems involved in NCBI applications and infrastructure. Maintain environment and processes and 10K core HPC cluster. Puppet, Git, PXE, Kickstart, Jira, Splunk, Grafana, Docker, Altair Gridengine, Python, R and many other Linux applications.

∙In progress migrating from CentOS7 distro to AlmaLinux 8 distro (RHEL family) for all Linux servers. The process involves coordination with developers and in-place upgrades of major database servers.

∙Coordinate with the hardware team on new systems and determine the best way to add support for vendor changes. Debug driver and other details to add to the automated install process. The vendor platform is Dell for all systems.

∙Improve support for GPU systems on a Dell XE9680 system with Nvidia H200 cards. Deploy the system and add needed drivers and CUDA versions to the local module system. System is currently not in the cluster but prepare for possible inclusion. 

March 2020 to June 2021: Curated Networks research contractor to prototype innovative Software Defined Networking (SDN) solution for advanced multi-path routing in MPLS networks. 

∙ Effort involves testing and expanding Ryu Python based Openflow controller, Javascript and NGINX web management portal for controller, test environments based on various Arm chipset platforms and Open vSwitch. Git based development and Github repository Docker containers used for test environments.

∙ Build test environments on virtual technology such as VMware ESXi and AWS and Azure. Also built Raspberry Pi 4 test lab using 20 Pi “Picocluster” product. Maintain test lab configuration in Ansible playbooks for easy reproducibility.

April 2009 to June 2021: Cluster Guys LLC venture to provide quality Compute Cluster design and support services with one additional business partner. Projects include.  

∙ Assist startup with machine learning pipeline efforts in a large scale GPU environment based on the Nvidia DGX/1 platform. Docker, Tensorflow and Slurm based pipeline refined with developers. Networking improvements to aid in data movement with AWS environments using IPSEC tunnels from Palo Alto firewalls in an HA configuration. Egress filter refinements using Palo Alto App-ID methods and custom log processing scripts. 

∙ Cluster computing consultant to government, corporations and education on open source cluster solutions. Several clusters were constructed from ground up. References available. Projects are not listed. Technologies and software includes Spectrum Scale aka GPFS, Lustre, ZFS, CentOS, Ubuntu LTS, KVM (Linux Virtual Machines), Nvidia GPUs, Slurm, SGE, Torque, Moab, ROCKS, 10/25/40/50G and SAS/FC large array deployments in the Petabyte and above scale. Vendor hardware from Dell, Supermicro, NetApp, HPE, Nvidia, Cisco, Juniper and others. 

∙ Maintain a variety of software for clients including Docker, Singularity for more secure containers, Caffe, Relion, Perl, R and Python modules too numerous to count, Jupyter Notebooks via JupyterLab web interface, numerous standard computational biology tools. Provide multiple versions of tools using the environment Modules framework and other similar methods.

∙ Automate the maintenance/building of these cluster environments using Kickstart, Puppet, Cfengine, or scripting depending on local requests. 

∙ Implement and monitor performance with Telegraf, Influxdb, Grafana, RRD, Ganglia and many custom metrics and graphs on all supported clusters. Nagios alert monitoring deployment for all major subsystems and IPMI BMC sensor monitoring. SNMP monitoring of network, power and thermal sensor hardware via LibreNMS and other tools.

September 2001 to June 2021: Independent Security and Systems Consultant. Projects include: 

∙ Security consultant to government and corporations on product, network, and internal security problems and applications. References available. Projects are not listed but involve numerous firewall projects, NIDS/HIDS and other intrusion detection projects, VPN configurations for a variety of products, Multi-Factor Authentication and other authentication projects.

∙ Consultant to the Leidos/UCSC CGHUB project which provided download services of TCGA cancer genomes to researchers in a secure and high performance manner. Assisted with WAN performance tuning and firewall tuning as well as storage consulting. 

∙ Improve client mail server protection with Spamassassin, OpenDKIM, DMARC and SPF methods along with Fail2ban based reactions to spam outbreaks or other attacks.

∙ Implemented further IDS coverage at University of California, Santa Cruz (UCSC) to improve automated worm outbreak response.  Snortsam based reaction system combined with custom hardware used.

∙ Snort, Oinkmaster, Snortsam, and BASE software research and development to improve the performance and power of these open source IDS tools. Created an auto-installing appliance CD ROM for those products based on a FreeBSD operating system. 

∙ Contract systems and network administration support at the School of Engineering and Natural Sciences Division at University of California, Santa Cruz. 

April 2000 to April 2009: Consultant to Howard Hughes Medical Institute funded Human Genome Project at UCSC Center for Biomolecular Science & Engineering . Projects included:

∙ System administrator for several large file servers for the Human Genome project. Various filesystems in use including ZFS, GPFS and Lustre experiments. 

∙ Support and maintenance contract for all Genome clusters (total of 4 active at that time)

∙ Design work and assistance in building the original 1028 processor cluster. Linux compute nodes with automated PXE/Kickstart installation procedure. Cfengine used to automate maintenance. Gridware used for scheduler software followed by an in-house scheduler (Parasol)

∙ Original web server design (Apache based) and operational support and tuning for Genome Browser web site and mirror sites. 

April 2005 to July 2008: Berbee Information Networks, Madison, WI. Network Security Engineer (part time) Projects included:

∙ Perform system and network security assessments for multiple customers. Nessus, Nmap and Metasploit as primary tools but numerous internal toolsets.

∙ Emergency security incident response and forensic work for multiple customers.

∙ Security assessment research and development. Full details on request.

September 2000 to September 2001: Berbee Information Networks, Madison, WI. Network Security Engineer. Projects included:

∙ Projects at three large Midwest companies to roll out intrusion detection systems. Cisco Netranger and later Snort. 

∙ Performed assessments of internal and Internet security for multiple customers. 

∙ Emergency security incident response and forensic work for multiple customers. 

December 1999 to September 2002: CounterSign Software, Pleasanton, CA. Senior Security Engineer. Projects included:

∙ Providing testing and validation of company developed host based intrusion detection software. Provided real world examples of tools operation against common attack methods and DNS BIND security.

∙ Training DOE and DOD personnel on internal IDS product (NIDS) at 5 day training classes on a semi-regular basis.  The project ended in 2002.

July 1999 to December 1999: University of California, Santa Cruz, Network Security Manager for UCSC. Projects included: 

∙ Campus network vulnerability scanning software implemented and customized to local needs. Nessus and Nmap combined with custom scripting. Reduced number of remotely root exploitable systems from over 100 to zero (at least for that period). Provided weekly vulnerability reports to campus system admins and provided consulting and bulletins on security improvements for over 3000 campus computer systems.

July 1997 to July 1999: University of California, Santa Cruz, Senior System Manager for School of Engineering. Projects included:

∙ Security administrator for departments’ computing environment. Implemented intrusion detection systems, developed user login tracking and analysis system, developed file signature scanning system to prevent compromise, secured all operating systems using automated vendor patch checking, controlled network access with firewall and host level tools, implemented regular password cracking for weak passwords, and offered encrypted communications between systems (Ssh).

∙ Tracked all security incidents and interacted with external security organizations including major ISP security groups, CERT, Bugtraq, and the FBI when the situation warranted it. 

∙ Improved security of the department email server and implemented anti-Spam software to control unwanted email. Propagated design of server and filters to other departments on campus.

∙ Managed a team of four administrators to handle all system and user requests for 250 systems of various UNIX operating systems and Windows NT. The user base consists of  300 faculty and graduate students in the School of Engineering.

∙ Project manager for network redesign for the department. Implemented new wiring scheme and fully switched Ethernet backbone on CISCO gear. Upgraded all shared segments to switched networking. Used VLAN technology to provide ease of reconfiguration of subnets and station taps. 

∙ Automated installation servers set up for major operating systems including Windows NT. The goal is to reduce setup time and admin time for new systems and reproduce configurations.

September 1995 to July 1997: Marquette Medical Systems (Milwaukee, WI). Systems manager for the Cardiology division. Projects include:

∙ Redesign of division networking from older shared coaxial Ethernet to switched 10/100 Mbps Ethernet over Category 5 twisted pair networking technology. 

∙ Improved UNIX, NT and Novell file server platforms through upgrade of hardware and software to stable levels. Pushed for all server platforms to implement RAID disk storage.

∙ Improved Sun Solaris networking by configuring a central NIS+ and DNS domain for the division.

∙ Installed a central backup server using DLT tape jukebox and Legato software. Unit backs up all UNIX, NT and Novell systems in the division. 

∙ Supported ISDN networks throughout the world to connect customer platforms to field service. Supported a similar yet separate network for Marquette employees to work at home.

April 1991 to April 1994: University of California, Santa Cruz On team of system managers for the Computer Information Sciences and Computer Engineering Department. Team also provided service for the Math, Physics, Chemistry, Marine Science and Earth Science department UNIX systems. 

∙ Manage the department’s central file server. Responsible for user and project file system that serves the department’s 150 workstations.

∙ System manager for a mixed environment of  Sun,  Silicon Graphics,  Digital,  IBM and HP Unix  systems. Perform all configuration, troubleshooting and development tools support .

∙ Coordinate integration tasks with the system management team. All systems access central file systems, common NIS databases, central DNS, shared mail spools, and printer services. 

December 1989 to April 1991: Digital Sound Corporation (Santa Barbara, CA) Part of a four man MIS team that moved the corporation to a new office site, built a 200 node twisted pair Ethernet network, and supported 100 engineering UNIX systems and 80 business systems.