resume.shardy 2010.05.10

Seth Hardy

2001-100 Spadina Rd.
Toronto, ON M5R 2T7
Canada

+1 (647) 890-1452
shardy@asymptotic.ca

Objective

Seeking employment in the field of computer security at a position that encourages learning and developing my skills.

Education

Worcester Polytechnic Institute, Worcester, MA.
Master of Science in Computer Science, expected Summer/Fall 2010

Worcester Polytechnic Institute, Worcester, MA.
Bachelor of Science in Computer Science, Highest Distinction, received May 2002
Bachelor of Science in Mathematics, Highest Distinction, received May 2002

Boston Latin School, Boston, MA.

Work Experience

January 2008 -- Present

Symantec (formerly MessageLabs)
Toronto, ON

Senior Malware Analyst
Responsible for the detection and prevention of malware as part of the MessageLabs Research and Response team.
Response focused on working with the Antivirus Operations and Development teams to detect malware and improve the AV scanning engine and associated tools. AV engine development included heuristics and proof-of-concept tools written in Perl, C, and C++. Malware analysis and detection included reverse engineering using disassemblers and debuggers (IDA Pro, OllyDbg), as well as related tools and utilities.
Research included analysis of malware trends, studying new types of malware with a particular focus on PDF/document based malware, antivirus bypass techniques, integrating the antivirus engine with Web and IM scanning services, and developing new techniques and related intellectual property for the purpose of stopping malicious software.

November 2004 -- January 2008

Imperfect Networks / Spirent Communications
Burlington, MA

Lead Vulnerability Researcher
Responsible for the research and development of existing and new network-based attacks, and management of the threat development team. Research focused on analysis of threats using techniques including network protocol analysis, protocol and binary reverse engineering, and behavioral modeling. Development included both specialized threat creation from advisories and existing exploits, writing proof-of-concept exploit code in multiple languages including C and Perl, writing fuzzing tools suited for particular protocols, and use of existing automated threat tools. Was directly responsible for the addition of WiFi capabilities to the ThreatEx appliance, including creating the wireless protocols and the suite of wireless attacks.
Additionally assisted in a number of roles which contributed to the success of the startup company (Imperfect Networks), including on-site sales engineering support in customer security labs; coordinating with representatives from vendors of other vulnerability databases and security products; and performing audits, penetration testing, and general security testing as part of Spirent's professional services.

January 2001 -- August 2003

Cryptography and Information Security Research Laboratory
Worcester Polytechnic Institute, Worcester, MA

System Administrator
Managed lab resources, including system administration and network security for more than ten Solaris and Linux workstations, two Linux servers, and an OpenBSD firewall.

Summer 2002

Force Matrix Software
Worcester, MA

Lead Software Developer
Was responsible for the design and development of proof of concept bioinformatics software written in assembly language to be run on NVIDIA graphics cards.

June 2000 -- August 2001

Institute for Data Communications Systems
University of Siegen, Siegen, Germany

Software Developer
Was responsible for the design, creation, testing, and documentation of a software package in Java to generate elliptic curves suitable for use in cryptography, as part of the ELIAS elliptic curve cryptography library.

Other Experience

April 2001 -- Present

aculei animi
Toronto, ON

System Administrator
Am responsible for all aspects of administration, support, and security for multiple production level servers (OpenBSD, NetBSD) used to provide roughly one hundred users with free Internet services (email, web hosting, data storage, messaging, secondary DNS, secondary MX).

Certifications

GIAC Reverse Engineering Malware (GREM) Gold

(ISC)² CISSP

Computer Skills

Languages: C, Perl, Assembly (x86, AVR, NVIDIA), Java, C++, Scheme, Cg, Shell Scripting (sh, bash), Maple, SQL.

Operating Systems: Windows (9x/NT/2000/XP/7), BSD (Open/Net/Free), Linux, Solaris.

Honor Societies

Eta Kappa Nu -- National Computer and Electrical Engineering Honor Society, inducted in 2003
Tau Beta Pi -- National Engineering Honor Society, inducted in 2001
Pi Mu Epsilon -- National Mathematics Honor Society, inducted in 1999
National Honor Society -- Inducted in 1998

University Capstone Papers

"Elliptical Curve Generation by CM in Java." Major Qualifying Project in Computer Science (December 2000)
"Games, Play, and the Student's Dilemma." Interactive Qualifying Project (April 2002)
"Combinatorial Structures in Cryptography." Major Qualifying Project in Mathematics (April 2002)

Presentations and Talks

"Distributed Cracking of Elliptic Curve Cryptosystems." Rubi-Con 4 (April 2002)
"Prowessful Counterassertion, Intercommon Sunshining in Synentognathous Crossbreeds." Rubi-Con 5 (March 2003)
"/dev/erandom: The Inner Workings of a Provably Secure PRNG." Toorcon 101 (September 2003)
"Computers Without Hardware; Programming Without Coding." Northern Ohio Technical Advancement Conference (April 2004)
"Pseudorandom Number Generation, Entropy Harvesting, and Provable Security in Linux." Black Hat Europe (May 2004)
"Making Use of the Subliminal Channel in DSA." The Fifth HOPE (July 2004)
"Subliminal Channels in Digital Signatures." DEF CON 12 (July 2004)
"Learning OpenPGP by Example." 21st Chaos Communicaton Congress (December 2004)
"Applied Cryptography? Oh, I skimmed through that book once." Shmoocon (February 2005)
"Building Communities in Self-Destructive Environments." Northern Ohio Technological Advancement Conference (April 2006)
"Breaking Down the Web of Trust." 22nd Chaos Communication Congress (December 2005), HOPE Number 6 (July 2006)
"Your Name, Your Shoe Size, Your Identity? What Do We Trust in This Web?" DEF CON 14 (August 2006)
"Key and Identity Management With PGP" Toronto Area Security Klatch (February 2007)
"Online Communities and the Politics of DDoS" Northern Ohio Technical Advancement Conference (April 2007)
"A Crash Course In The Math of Public Key Cryptography" Chaos Communication Camp (August 2007)
"An Introduction to Reverse Engineering Malware" Toronto OWASP (August 2008)
"Portable Document Malware, the Office, and You - Get owned with it, can't do business without it" SecTor (October 2009)

References available upon request.

January 2008 -- Present	Symantec (formerly MessageLabs) Toronto, ON
Senior Malware Analyst Responsible for the detection and prevention of malware as part of the MessageLabs Research and Response team. Response focused on working with the Antivirus Operations and Development teams to detect malware and improve the AV scanning engine and associated tools. AV engine development included heuristics and proof-of-concept tools written in Perl, C, and C++. Malware analysis and detection included reverse engineering using disassemblers and debuggers (IDA Pro, OllyDbg), as well as related tools and utilities. Research included analysis of malware trends, studying new types of malware with a particular focus on PDF/document based malware, antivirus bypass techniques, integrating the antivirus engine with Web and IM scanning services, and developing new techniques and related intellectual property for the purpose of stopping malicious software.
November 2004 -- January 2008	Imperfect Networks / Spirent Communications Burlington, MA
Lead Vulnerability Researcher Responsible for the research and development of existing and new network-based attacks, and management of the threat development team. Research focused on analysis of threats using techniques including network protocol analysis, protocol and binary reverse engineering, and behavioral modeling. Development included both specialized threat creation from advisories and existing exploits, writing proof-of-concept exploit code in multiple languages including C and Perl, writing fuzzing tools suited for particular protocols, and use of existing automated threat tools. Was directly responsible for the addition of WiFi capabilities to the ThreatEx appliance, including creating the wireless protocols and the suite of wireless attacks. Additionally assisted in a number of roles which contributed to the success of the startup company (Imperfect Networks), including on-site sales engineering support in customer security labs; coordinating with representatives from vendors of other vulnerability databases and security products; and performing audits, penetration testing, and general security testing as part of Spirent's professional services.
January 2001 -- August 2003	Cryptography and Information Security Research Laboratory Worcester Polytechnic Institute, Worcester, MA
System Administrator Managed lab resources, including system administration and network security for more than ten Solaris and Linux workstations, two Linux servers, and an OpenBSD firewall.
Summer 2002	Force Matrix Software Worcester, MA
Lead Software Developer Was responsible for the design and development of proof of concept bioinformatics software written in assembly language to be run on NVIDIA graphics cards.
June 2000 -- August 2001	Institute for Data Communications Systems University of Siegen, Siegen, Germany
Software Developer Was responsible for the design, creation, testing, and documentation of a software package in Java to generate elliptic curves suitable for use in cryptography, as part of the ELIAS elliptic curve cryptography library.