Cryptosmith

I am available for consulting to commercial organizations, government contractors, and government agencies. Click here for contact information.

Here are examples of consulting activities I have performed over the years.

Legal consulting

A law firm requires a technical expert in security technology. This most often occurs in patent cases. I help the attorneys understand the technical issues and develop explanations for the judge or jury. I also draw on my 30 years of experience in computing to locate documents addressing key elements of the dispute.

Security design, analysis, and related trade studies

The client has certain security and program requirements and must determine which alternative best meets those requirements. For example, the designers are using cryptographic mechanisms and need an independent review, or they need to incorporate cross-domain or multilevel features into a new system design. Or, an organization is building a device that requires a third-party security evaluation. I provide the needed analysis, recommendations, or tutorial. I will also draft evaluation documents if needed.

Training

The client has a team that needs to be brought “up to speed” on a particular set of security concepts or technologies. Typically the result is a seminar based on PowerPoint slides, though this is not what I usually do in my undergraduate college classes.

Defense Related Work

I have extensive experience with multilevel security, cross domain systems, and cryptographic systems designed to US government specifications. Security clearances are handled through contract arrangements with Cyber Defense Agency.

Work Outputs

Here are typical outputs of my work:

Reports – I prefer to produce written reports, since it is the clearest way to present the conclusions and supporting data for a complex study.

Presentation Slides (PowerPoint) – When necessary or appropriate, I produce PowerPoint slides. This happens most often when developing training or proposal-related materials.

Document Archive – If the work involves extensive Internet research, I will usually try to save copies of significant source materials. These will be placed on a CD-ROM or DVD-ROM for the customer, if desired.

Workshops and Technical Meetings – Some people can absorb the information from a document, and some from a presentation, but others absorb it best when there’s a give-and-take between writer and reader. Technical meetings give the client’s technical experts a chance to talk over the concepts, evidence, and conclusions. This often gives them the most benefits from the work I have done.

Certifications

I hold a CISSP: Certified Information System Security Professional.

I hold the companion certifications in Security Architecture and Security Engineering; the latter is the NSA-sponsored certification that reflects familiarity with defense-related information security concerns.

Security clearances are handled through contract arrangements with Cyber Defense Agency.