Sam Hartman

Had responsibility for the technical direction of the MIT Kerberos Consortium, for managing the Kerberos development team and as primary contact for consortium members and Kerberos vendors. The consortium produces a reference implementation of the Kerberos Authentication Protocol which is used by many operating systems such as Apple's OS X, Redhat, Sun Solaris , Novell SUSe Linux and others. Kerberos is the dominant enterprise authentication protocol. As part of setting technical direction, I established product requirements, reviewed and worked on designs, worked with Kerberos vendors and users to get input on our direction, and worked with my team to implement the direction. I took a strong role in Kerberos standards efforts, including working as an author of RFC 4120, the base Kerberos specification and as a lead designer behind RFC 3961, the Kerberos cryptography framework. Design work also included a joint proposal with Microsoft on how AES encryption could be supported in Kerberos GSS-API. Before taking on the role of chief technologist I worked as the manager, team leader and as an individual technical contributor. Projects in these roles included adapting the Yarrow pseudo-random number generator to work with Kerberos, implementing support for Microsoft's RC4 encryption and writing a library to abstractly handle Unix pseudo-terminals.

Served on the IESG, the managing body for the internet standards process. In this role, I was one of two area directors leading the security area of IETF internet standards. Groups I managed included Kerberos, GSS-API, PGP, and an effort to standardize low-infrastructure/anonymous IPsec. In addition, I reviewed all standards produced within the IETF for security. In this role I helped contribute to the security of SIP and voice over IP. I gained significant experience with a wide variety of internet standards including those listed above, internet mail, TLS, IPsec, IPV6 and MPLS routing.

Worked as primary designer for Netzah's VPN appliance, helped train Netzah's engineers, and provided problem solving resources for networking and other problems. Netzah was a small company that developed a wireless VPN appliance targeted at medium-sized banks. Netzah integrated existing open-source VPN technology with software for performing secure updates, status monitoring and configuration. I provided architecture and network consulting. Netzah's technology was eventually purchased by ERF Wireless.

Worked to create easy-to-use integration of enterprise security features in the Debian operating system, coordinating with vendors of security technologies to improve their products in server environments. Debian provides an open-source operating system based on the Linux kernel. As a developer, I focused on improving the usability of security software within Debian. I integrated MIT Kerberos, the OpenAFS distributed file system, and the necessary PAM and SASL modules so that users of Debian could receive an enterprise-quality security experience from Debian. My goal was to minimize the necessary configuration of security components so that as much as possible, security and single-sign-on worked out of the box with little or no configuration. I gained significant experience with software release management, making server software usable and software packaging.

At that time, Permabit was a new startup designing very secure network attached storage solutions for use over a wide area network or the internet. I worked to design the network protocol and file system layer that Permabit used. I also helped to set up the internal infrastructure for Permabit. Since then, the business model and functional requirements of Permabit's technology have changed significantly.

As architect, I had overall responsibility for the design and future direction of the Fundsxpress system; I worked with technology partners, regulators and customers to explain our technology and to integrate our technology into that of partners. Fundsxpress provides hosted online banking service to over 100 small and medium sized banks. I was one of the founding programmers. As architect, I worked with product managers to develop requirements and worked with engineering staff to design solutions to these requirements. I evaluated potential technology partners and worked with them to integrate our technologies. I was responsible for operational security both of internal assets and of our hosted service. I worked on the design of a framework similar in concept to JSP for database-driven websites. I was heavily involved in the design of our central account switch, a technology that combined banking information from a variety of real-time and batch sources and dispatched transactions to the appropriate handler, while presenting a unified view of the account to our users and the rest of the software. I was the principle designer and heavily involved in the implementation of our entitlement/authorization management system and work flow management system. In the early days of the company, I implemented an object database layer on top of traditional relational databases. I was heavily involved in building the software engineering and software release process.