Work History

10/06 - present Certeon, Inc., Burlington, MA Tech Lead
2/06 - 10/06 SAS Global Retail, Middleton, MA Contractor
6/03 - 2/06 Fidelity eBusiness Authentication, Boston, MA Senior Software Engineer
6/01 - present HTML Tidy, Open Source Project Project Admin, Developer
5/00 - 1/02 JPMorgan Private Bank, Cambridge, MA Project Lead
12/98 - 5/00 Shym Technology, Needham, MA Architect
3/98 - 11/98 Fidelity Investments, Boston, MA Contractor
4/97 - 3/98 IMB Simplex, Cambridge, MA Project Manager (Contractor)
1/97 - 4/97 Eagle Development, Newton, MA Contractor
10/95 - 12/96 Cybersmith, Cambridge, MA Contractor
6/94 - 10/95 SmartRoute Systems, Cambridge, MA Sr. Software Engineer
5/93 - 5/94 Health Payment Review, Boston, MA Sr. Software Engineer
1/93 - 5/93 Response International, Burlington, MA Contractor
9/92 - 12/92 Dynamics Research Corp., Andover, MA Contractor
8/91 - 7/92 Graphic Systems, Inc., Cambridge, MA Project Leader
8/89 - 7/91 Cambridge Systematics, Cambridge, MA Sr. Programmer / Analyst
8/87 - 7/89 General American Life Insurance Co., St. Louis, MO Systems Analyst
2/87 - 7/87 Citicorp Mortgage, Inc., St. Louis, MO Financial Analyst
1/86 - 2/87 Citicorp Mortgage, Inc., St. Louis, MO Programmer / Analyst

Selected Projects

Certeon, Inc. 10/06 - present

CIFS and SSL WAN Acceleration Proxy

Tools:C, C++, Linux, tcpdump, WireShark, OpenSSL

Participated in design and development of CIFS protocol acceleration proxy. Contributed tear-away buffer management scheme that simplified code and decoupled modules. Applied perfect hash algorithm to locale-independent case folding for Unicode file names. Applied efficient, generalized hash function for cache entry lookup. Mentored team members on principles of re-entrancy and asynchronous, non-blocking I/O. Mentored college interns on OO development and test-driven development. Re-factored OpenSSL to perform asynchronous decryption as part of SSL handshake. Oversaw design and development of automated, extensible test rig to execute smoke tests as part of nightly build process. Performed complex, timing-dependent debugging of two-headed proxy accelerating HTTP, HTTPS, CIFS and custom network protocols.

SAS Global Retail 2/06 - 10/06

i18n Project

Tools:C++, Perl, CVS, Windows, AIX, ICU

Performed Internationalization of large software system (>2K source files). Worked on both client (MFC/ActiveX) and server (Windows/AIX) modules. Tasks included code updates, refactoring of core string classes, tool development, test harness development. Designed and wrote mechanism to perform date, numeric and currency formatting consistently with Java/ICU tools. Tools developed included pseudo-translation of Windows GUI resources, bulk modification of C++ source code, and branch/merge support.

Fidelity eBusiness Security Architecture (FeBSec) 6/03 - 2/06

Authentication Server, Authentication Monitor

Tools: Java, J2EE on WebSphere (Solaris), C++ on iPlanet, IIS and Domino (Solaris and Windows), Perl, Shell

Responsibilities include: Authentication server development (J2EE, WebSphere); Working with application teams to analyze and develop security policies; Production support in high-availability, high-volume web site ( Also performed maintenance on authentication web server plugins for iPlanet and IIS web servers on Unix and Windows. Ported all plugins to Domino. Designed and wrote regression test harness for all of the above. Wrote miscellaneous tools to query collection of XML policy documents. Co-designed test harness for login servers. Wrote regression test plans for same. Wrote Systems Requirements Analysis for Corporate PIN Server enhancements. Wrote Technical Systems Design documents for several projects. Development environment includes use of Rational Rose for design. Designed and wrote a new iPlanet plugin to preserve POST data in event of redirection to Authentication/Authorization service.

HTML Tidy 6/01 - present

Tools: C, Source Forge, C++, SWIG/Perl, ATL, .NET

Started using Dave Raggett's HTML Tidy to assist in conversion of Word documents to HTML and to validate HTML documents submitted to CMS. With Dave's blessings, a few of us started a Source Forge project to maintain and release HTML Tidy. We have fixed many HTML/XML parsing and XHTML conversion bugs and added new diagnostics and accessibility checks. I personally have also converted the code base to a re-entrant, callable library. Tidy is a very forgiving HTML and XML parser. Its basic operation is to parse sloppy HTML or XML, build a DOM-like tree, perform tree cleanup and "pretty print" the result. In addition to parsing HTML and XML, it also handles embedded ASP, JSP and PHP code. The library builds OOTB on Linux, Unix, Mac, OpenVMS, BeOS and Windows. I also maintain C++, Perl, COM and .NET wrappers for the core library. For details, see the HTML Tidy Project and my Tidy Add-Ons.

JPMorgan Private Bank 5/00 - 1/02

Content Management System

Tools: Object-Oriented Perl, BerkleyDB, XML, XSLT, HTML Tidy, Java, mod_perl

Collected requirements, designed and managed development of a full content management system consisting of three main parts: 1) bulk publishing and syndication service, 2) web based publishing interface and 3) load-balanced query engine as Web Service. Publishing / Syndication service (aka Collector) pulls hundreds of research documents from various sources daily and replicates content to permissioned subscribers. Web-based publishing interface allows simple setup of new content "collections" and allows authors to upload new content on demand, subject to editorial review, and automatically distributed to permissioned subscribers. Features include collection-specific metadata, support for HTML forms based editing XML documents according to DTD. Also, HTML documents are validated and converted to XHTML by HTML Tidy. The query engine supports querying by multi-valued attributes via a simple query language. Superior performance is derived both from load balanced query server instances and from direct support of multi-valued attributes (which bog down SQL). System also supports on-demand XSLT rendering of XML documents, based on metadata. Access to query services is via an HTTP web service, with results available either in XML or text. A Java client kit simplifies access to services by encapsulating the HTTP protocol and interpreting query results. HTTP clients turn out to be much lighter weight and more routable than either EJB or SQL. The service was developed to support of the Morgan Online website for Research and other content.


Tools: Java, JSP, Servlet, WebSphere

After contracting to provide access to JPMorgan Research to other groups within JPMorgan Chase, a project to rebuild the current Morgan Online Research user interface to handle much larger concurrent users and allow the software to be deployed to external data centers. To achieve the needed scalability, the existing EJB command processor (an in-house abstraction layer, much like Struts) was streamlined into a pure Servlet implementation. Also, existing utility classes were re-factored to remove application dependencies and, thus, allow external deployment. Created an improved HTTP Session-based caching mechanism to reduce hits on back-end services. Achieved order of magnitude throughput improvements with better response time. Managed development team.

Personalization Service

Tools: Object-Oriented Perl, BerkleyDB, Java, mod_perl

To allow the Research Java code base to support multiple user bases, a general purpose Personalization system was developed that allows users to save their Research subscriptions, but also allow system administrators to manage permissioning at the group or user levels as needed. Allows conditional granting of roles by evaluating logical expressions at run-time against a user's own parameter data (country of domicile, investor qualification, etc.). Written quickly and easily by re-using Perl modules from the Content Management System (see above) for query evaluation, data management and the administrative user interface. Managed development team.

Shym Technology 12/98 - 5/00

PKEnable Version 2.1

Based on 2.0 designs, directed the efforts of software engineers working on web / network and management station portions of product. In this version, these efforts include user interface in support of Email security policies, development of the SHYM Java toolkit, layered transparently over either JNI or CORBA - depending on customer network configuration.

PKEnable Version 2.0

Provide ongoing training and mentoring to software engineering team. As part of a 3 member architecture team, am responsible for reviewing all system designs and code. Wrote majority of functional specification for product as a whole. Designed LDAP schema for product data. Wrote detailed system designs for web and network based products, management station and certificate based identity management. Managed development of these same components by directing the efforts of full-time and contract software engineers and QA personnel. Wrote initial drafts of user documentation (handed off to tech writer).

Web products consisted of authentication proxy layered over network adapters for core services of product. Design calls for Java+JNI, Java+CORBA, and COM/DCOM adapters. Web integration is performed by accessing these services from the selected web development environment. Non-repudiation is supported by browser components which use certs and keys resident in the browser to sign posted HTML forms. The initial environment is PeopleSoft HTML Access, which uses IIS/ASP. Wrote J++ component to integrate IIS interfaces and the SHYM DCOM interface with the PeopleSoft / Tuxedo Java interface. Strong authentication is provided to the PeopleSoft application server based on either mutually authenticated SSL or a signed web page.

PKEnable Management Station Version 1.0

Tools: Visual C++, MFC, LDAP API, LDAP Schema Design

Wrote production version of management console application for enterprise PKI-based security product. Cleaned up user interface. Re-factored code for clarity, maintainability and performance. Designed LDAP schema. Designed and developed schema based LDAP data management layer to provide ADO-style programmatic interface to LDAP data. Schema layer ported to Unix for integration with command line LDAP tools.

PKEnable TCP/IP Shim (AutoShym)

Tools: C++, ACE, Winsock2 SPI, LDAP API, LDAP Schema Design, MS Crypto API, GSS-API

Wrote Winsock Layered Service Provider (LSP) to transparently authenticate and encrypt data communications. Wrote functional requirements and detailed design document. Designed data access permissions model to allow customer to configure PKI operations per host and port. Developed service interface for all applications to interact with PKI engine. Implemented shared session key negotiation. LSP implements a state machine that adapts to all forms of asynchronous I/O possible with Winsock2 (OVERLAPPED, IO Completion Ports, non-blocking). Fine-tuned synchronization for thread safety without performance penalties. Performed extensive testing against shrink-wrapped applications. Debugged PKI Engine and PKI SPI's for use in "session" mode.

Fidelity Investments (NFCS) 3/98 - 11/98


Tools: Threads, Visual C++/MFC, NT, Netscape Enterprise (NSAPI on Solaris/NT), HTTP protocol, HTML 3.2, JavaScript 1.1, NT Service Interface, sockets (TCP/UDP). Rational Rose. ActiveX

Programmed enhancements and bug-fixes for the National Financial division's (NFCS) multi-threaded Internet stock and mutual fund trading system. NFCS provides private label trading web sites to dozens of banks for both brokers and consumers. Analyzed source to identify reusable application server components for other NFCS Internet products. Reorganized main transaction and thread pool classes to simplify and ease reuse. Developed and documented SourceSafe version control procedures and provided assistance to developers new to source control systems. Redesigned and rewrote server administration module for reliability and extensibility for inclusion in general purpose library. Wrote requirements, designed and wrote, using general purpose classes, a fault-tolerant monitoring service to page tech support if processing is interrupted on any application server. Wrote requirements document and developed enhancements to NSAPI reverse proxy that connects bastion web servers to application server. Added support for arbitrary HTTP transfers, performance logging, improved thread-safety and portability between Solaris and NT. Trained new developers in database and multi-threaded programming.

IMB Simplex 4/97 - 3/98

Standards Management System (SMS)

Tools: Visual C++/MFC, NT, Stingray Objective Grid, ER/Win, ODBC, Crystal Reports

Managed full life cycle of this application, from spec to sales. IMB is a labor management ISV. Application manages labor standards for large retail chains and performs annual labor budgeting. Worked with IMB's initial customer to define project requirements. Wrote functional spec and system design. Hired additional staff and managed work. Performed code reviews and provided technical guidance. Made design changes to existing code to allow reuse in SMS. Added several general purpose classes to system: threaded "batch" job run-time interface (API and UI) allows for interactive use or to be scheduled using NT schedule service. Implemented standard approach to resizable forms. Wrote code generator for database interface objects (C++ headers and source) from case tool (ER/Win) data model. Although system was written for a specific customer, it was designed for general use. Participated actively in successful sales presentations (P.O.'s received) to two additional customers.

Eagle Development 1/97 - 4/97

Investment Accounting Data Dictionary

Tools: Visual C++/MFC, NT Workstation, SQL Server, Rogue Wave db.h++ and tools.h++, ER/Win

Designed and wrote user interface to maintain data dictionary and rules for a custom Tax Lot Accounting system. Rapidly acquired working knowledge of MFC sufficient to build a sophisticated Document/View application. System provides complete cross references between data dictionary and rules and provides a simplified interface to rule development appropriate for use by accountants, rather than programmers. The application produces text files which are used by the accounting engine to process transactions according to the defined rules. Core rule/dictionary classes (about 50% of code) are portable to Unix and designed for reuse.

Cybersmith 10/95 - 12/96

Cybercard Windows 95 Client

Tools: Win32 SDK, Winsock, Threads w/ Synchronization, Registry calls, NT and Win95 Security, DIBSection bitmap API, Toolhelp32, Oracle 7.3 on NT and Unixware.

Designed and wrote Win95 client system that supports per minute charges and generates customer tracking data for using Windows 95 workstations in a mixed environment including Unix servers, Macintosh and various game station clients. System written to be fast, reliable and consume minimal resources. Participated in design of custom client/server protocol. System uses a custom messaging protocol implemented using Berkeley sockets (Winsock API) to communicate with server. Configurable to start and stop any Win32, Win16, DOS or DOS Extender application. Devised security scheme that uses NT Domain security and Win95 Registry manipulation to secure desktop but allow access to store systems from headquarters. Dynamically updates registry with customer info from Cybercard server. Threaded app uses Critical Sections and Events for synchronization. System uses toolhelp to find and kill new processes spawned by customer apps (i.e. Netscape helper apps) and uses Win95 DIBSection API to render a bitmaps. Designed and implemented multi-store maintenance scheme to allow easy administration of Windows systems.

Misc: Designed and built management reporting database (Data Mart) at corporate headquarters using Oracle using custom C++ class library to generate summary reporting tables with minimum I/O. Wrote data loading program in C++ and basic reports in SQL*Plus. Initially built on NT, entire reporting system ported to UnixWare with only a few lines (< 10) of source changes. System grew by ~1M transactions per month.

SmartRoute Systems 6/94 - 10/95

Emergency Notification and Complaint Resolution Tracking

Tools: Oracle 7.1 running under NT Server, VB 3.0 using misc. VBX controls, Crystal Reports, Custom database interface to data aware controls, FaxMan Fax Library, Custom DTMF Paging Library, Windows SDK w/ Message Crackers (16/32 bit portable), Help Yourself help file editor.

Wrote functional requirements document and project schedule. Designed and wrote call tracking application using VB as front end to C/C++ libraries and an Oracle Server. SmartRoute Systems operates the 24/7/365 call center for the Central Artery/Tunnel project (617-CAT-HELP). The basic application is a Call Logging application, which must log information and complaint calls from the public as well as Incident and Emergency calls from CA/T Project staff. The system includes a user maintainable rule-base, which generates notification lists at the time of the call. The system includes extensive reports and on-line data browsing functionality. Notifications by fax and pager are automatically spooled, performed and logged (and re-submitted on failure) by a custom fax server.

Wrote Access/DAO replacement library for Oracle/OCI. Because of extensive functionality and performance problems with the Access database engine and the VB data control (including the Data Access Objects or DAO), it was necessary to write a C++ library, which performed the primary functions of the data control and DAO. This library allows the VB programmer to attach any data aware custom control to an Oracle table and column. Use of this library allowed standard transaction processing, eliminated nearly 2MB of excess memory consumption, allowed fast, efficient parent / child forms design by using parameterized queries associated with a grid control. This library, which allows high-level programmatic access to ODBC databases from any language capable of calling a DLL, took 2 months to write. The VB code size was reduced after converting from Access and the Data Control.

Health Payment Review (HPR) 5/93 - 5/94

Provider Analysis and Review System (PARS)

Tools: Running on DOS-Windows, ForeHelp help file editor, Crystal Reports

Version 1.0 - VB 3.0 and Q+E Data Controls, Pilot Lightship, Greenleaf Database Library

Version 1.1 - Open Interface Portable GUI Library, Raima Data Manager

Working at Health Payment Review, a commercial software vendor serving health insurance companies, I designed, wrote major portions of system and supervised work of contractors. PARS is a provider profiling tool that summarizes and analyzes historical medical claims data. The software ranks providers (doctors) by several measures allowing health insurance companies, PPO's and HMO's to recruit cost-effective physicians and exclude those who consistently exceed cost standards. PARS was designed to work in concert with HPR's other medical claims software packages, which perform claim-by-claim edits for medical appropriateness and correct coding. While analytically sound, a major shortcoming of the product was its lack of a robust database engine, which is necessary to process large volumes (millions) of claims. Version 1.1 eliminated tools requiring royalty payments and began the migration to a SQL server (Raima).

Graphic Systems 8/91 - 7/92


Tools: Oracle 6.0 running under DEC/Ultrix and DOS/Windows, SQL*Forms 3.0, SQL*ReportWriter, C using OCI and XVT Portable GUI Library, AutoCAD / AutoLisp

This product is a suite of Facilities Management tools including Construction and Move Scheduling, Utilities Tracking, Space Usage and Requirements Tracking, Cost Accounting and Space Planning. Several modules were straightforward database modules built using Oracle tools (data entry and reporting). Others required an interface to AutoCAD and our graphical Space Planning tool. I built a custom database interface to AutoCAD, making the SQL language accessible from AutoLisp. I designed modules and coordinated efforts of programmers writing the AutoCAD resident portions of system and porting the space planning tool (an existing product being ported from DOS/Graphics).

Cambridge Systematics 1989-1991

Capital Planning System - TBTA

Tools: Oracle 5.1 running on MS-DOS, SQL*Forms 2.3, C using OCI, SQL*Plus

Working on a civil engineering team for Cambridge Systematics, an economics and transportation consultancy, I designed and wrote a system to store a complete component list, including condition information, for the seven major bridges and tunnels operated by the Triborough Bridge and Tunnel Authority (TBTA). Designed the component deterioration model used to project component condition over 20 years. System included repair policies used to simulate repair actions and determine costs. Designed elicitation interface allowing bridge and tunnel engineers to specify a deterioration profile for each component type in familiar terms. The Authority used the program to develop a 5-year capital program authorized by the New York state legislature.

General American Reinsurance System (GARE) 8/87 - 7/89

Tools: Oracle 5.1 running under VAX/VMS, SQL*Forms 2.3, SQL*Plus, SQL*Report, PL/I and C using Pro*SQL precompiler

Working for the Reinsurance division of a large life and health insurance company, I worked on a small team developing a full administration and accounting system. I designed and wrote the policy administration system for all three types of administration: individual, bulk and tape-to-tape. This sub-system included the database and logic to assign policies to correct insurance contract and enforce compliance of contract terms and rates. Designed and implemented retrocession (re-reinsurance) module. Designed accounting system monthly and annual rollover logic and chart of accounts. Researched EDI and fax interface for claims department, which was later implemented. Designed claims subsystem.