Cryptosmith

I am available for consulting to commercial organizations, government contractors, and government agencies. Click here for contact information.

Here are examples of consulting activities I have performed over the years.

Security design and related trade studies

The client has certain security and program requirements and must determine which alternative best meets those requirements. I will provide recommendations, plus the background research data. This gives customers the flexibility to reassess the conclusions when their requirements change.

Technical assessment

The client has has developed a product or technology and needs an outside opinion before sharing it with potential customers. This usually involves reviewing the technology descriptions and providing an assessment.

Proposal support

The client has a business prospect and has identified a solution to offer, but needs help developing the concepts that will best present their solution. This is particularly important in subtle areas of security (like cryptographic systems or cross domain solutions).

Training

The client has a team that needs to be brought “up to speed” on a particular set of security concepts or technologies. Typically the result is a seminar based on PowerPoint slides, though this is not what I usually do in my undergraduate college classes.

Legal Research

A law firm is representing a client whose legal problem involves security technology. Typically I provide documentation regarding the technology in question. For patent disputes, for example, I may try to locate documents illustrating prior art relating to a patent claim.

Defense Related Work

I have extensive experience with multilevel security, cross domain systems, and cryptographic systems designed to US government specifications. Security clearances are handled through contract arrangements with Cyber Defense Agency.

Work Outputs

Here are typical outputs of my work:

Reports – I prefer to produce written reports, since it is the clearest way in which I can present the conclusions of a complex study.

Presentation Slides (PowerPoint) – When necessary or appropriate, I produce PowerPoint slides. This happens most often when developing training or proposal-related materials.

Document Archive – If the work involves extensive Internet research, I will usually try to save copies of significant source materials. These will be placed on a CD-ROM or DVD-ROM for the customer, if desired.

Workshops and Technical Meetings – Some people can absorb the information from a document, and some from a presentation, but others absorb it best when there’s a give-and-take between writer and reader. Technical meetings give the client’s technical experts a chance to talk over the concepts, evidence, and conclusions. This often gives them the most benefits from the work I have done.

Certifications

I hold a current CISSP: Certified Information System Security Professional.

I hold the companion certifications in Security Architecture and Security Engineering; the latter is the NSA-sponsored certification that reflects familiarity with defense-related information security concerns.

Security clearances are handled through contract arrangements with Cyber Defense Agency.