John N. Larson

 
 
 

PO Box 2638

Mill Valley, CA 94942

 

 

Voice: (650) 532-0502
Email: jlarson (at) industries (dot) net


Professional Summary


Exceptional (over 25 years) experience and expertise, specializing in research and innovation in network and security architecture for very large scale Wireless and Wireline Networks as well as mobile devices. Long track record of excellent performance, innovation, and absolute integrity and trustworthiness given positions of very high responsibility for security research and innovation, architectural design, and robust, secure operation of very large telecom networks, corporate Intranets and Firewalls.

As Founder of, and Team Lead for the Security Research Group at the Sprint Advanced Technology Labs over a period of eight years, initiated research and developed expertise in Distributed Denial of Service Attack Detection and Mitigation approaches, Voice over IP Security, Wireless Security (CDMA, WiFI, WiMAX, Bluetooth), very large scale Centralized Security Management systems, and Mobile Device security architecture, among many other projects. Group focus included End-to-End security vulnerability investigations within Sprint’s very large wireless and wireline networks, as well as mobile devices; and identification and validation of possible solutions for issues discovered. Many unique (zero day) security vulnerabilities in both wireless and wireline networks and mobile devices were identified by this team, and solutions were identified and deployed to eliminate these risks wherever possible. Vulnerability investigation work involved development and use of a world class security attack lab with a wide scope of both commercial and custom security attack tools. Solution investigation work involved a multi-stage approach of working with vendors to develop unique solutions, testing in complex lab network environment, and finally pilot test programs in the production Sprint network. Drove Mobile Device Security innovation within Sprint by developing early prototypes of improved mobile device security architectures involving virtualization.

As a Member of the Research Staff at for the Computer Science Laboratory at Xerox PARC, major work was focused on solving many interesting problems on the frontier of network scaling issues in one of the world's largest corporate networks, and laying the foundation for graceful migration of what was the world's largest XNS-only Internet to what became one of the world's largest corporate IP Intranets.

As a primary architect for TCP/IP in the Xerox Corporation, defined and implemented several key pieces of Network Architecture for Xerox, and provided technical direction for the Xerox.COM DNS system until 1999. Network Architecture design efforts included Address Space Architecture, Routing Architecture, Domain Name System Architecture, and Firewall/Security Architecture.

As Founder/CEO of a small consulting company (Internet Industries, Inc.), managed 8 employees which performed network and security consulting, as well as web design and web hosting services. Very large network and security consulting business with Xerox Corporation as the major client. Sprint Labs was also a consulting client for a brief period in 2001 before becoming a full-time employee of Sprint.
 

Career History:

2001-2009 Founder, Team Lead for Security Research Group, Sprint Advanced Technology Labs, Initiated research into Distributed Denial of Service Detection and Mitigation approaches which eventually resulted in a successful Sprint product initiative (IP Defender). Initiated research into Voice over IP Security which spawned successful follow-on work in Session Border Controller security evaluation at the Advanced Technology Labs. Extensive wireless security research including CDMA, WiFi, Bluetooth, and WiMAX. Developed comprehensive security expertise in WiMAX, and worked extensively with Codenomicon to develop WiMAX protocol fuzzing security test capability. Most recent work focused on Mobile Device security research, including Virtualization along with Trusted Mobile Security architecture elements. Mobile Device vulnerability investigation included Android security research and Bluetooth security investigations using Codenomicon protocol fuzzing tools.

2000-2001 Security Architect, Blue Martini Software, Inc. Primary responsibility for design and management of security architecture of Blue Martini, including design, installation, and management of Firewalls and Extranets incorporating Checkpoint/Nokia firewalls, Nortel Contivity Extranet servers, Snort intrusion detection system, RSA authentication systems, auditing (security vulnerability scanning with Nessus, etc) and developing security policies. Evaluated PKI technologies and vendors for possible implementation in Blue Martini. Provided security architecture analysis and advice on the Blue Martini CRM product, and security analysis was performed of various Web Conferencing vendors to select a secure Webinar vendor.

1995-2000 Founder, President of Internet Industries, Inc., an Internet startup company specializing in Internet/Security Consulting, Web Design, Web Hosting, managing 8 employees.

1993-2000 Internet / Security Consultant, specializing in Internet and Intranet security and network architecture. Consulted with numerous organizations including Xerox, Stanford University, Electronic Data Systems, as well as several startup companies. Designed most of the Xerox Corporation firewalls around the world (Rochester, Canada, Brazil, France, and Palo Alto/PARC) with administrative access and technical responsibility for some of these firewalls until 1999. Performed comprehensive security audits of several Xerox firewalls, which I did not design (ex: Japan, Taiwan, and Australia). Was the primary architect and technical manager for the very large worldwide Xerox.COM DNS system until 1999 which included design and maintenance of a custom distributed DNS management software package written in perl and C and a semi-automated network-wide delegation update process.

1990-1993 Independent Network Consultant. Consulted with Xerox Palo Alto Research Center on numerous local area networks and TCP/IP Internet related issues. Designed and installed PARC's original firewall connection to BARRNET. Also consulted for the Xerox WorldWide Network. Defined and installed several components of TCP/IP network architecture for Xerox, particularly in the area of Domain Name Services (DNS) and network routing. Explored and tested various network routing protocols for use on the Xerox backbone network.

1989 Cisco Systems, As one of the first 50 employees of Cisco, developed the first prototype of Cisco's NetCentral network management system written in C and X windows running on a Sun workstation.  In an extraordinary effort, learned C and X-windows from scratch and created a working network management system prototype in only three weeks.

1985-1989 Xerox PARC, Computer Science Laboratory; Member of Research Staff. Provided technical direction for the Xerox Internet, the worlds largest XNS Internet. Created significant components of TCP/IP network infrastructure within PARC including Xerox's external connection to BARRNET. Provided technical direction in the creation of the Xerox IP Internet. As the Xerox Arpanet technical liaison, provided technical management and support for Xerox's external connections including the Xerox.COM Arpanet mail gateway and Arisia.Xerox.COM, a Sun 3/280 connected to both the ARPA Internet and USENET. Wrote and maintained Cedar Domain Name System resolver code. Created a Xerox Internet simulator and successfully simulated a Clearinghouse database update algorithm to select the diffusion parameters used in the current XNS Clearinghouse system.

1982-1985 Xerox PARC, Integrated Circuit Laboratory; Member of Research Staff Silicon device modeling, simulation, graphical data analysis tools.  Completed MSEE degree at Stanford while working full-time at Xerox PARC.

1980-1982 IBM Corporation, Yorktown Heights Research Center: Josephson Junction project researching superconducting devices. Initial start at IBM San Jose as Software Engineer working on MSEE at Stanford while also working full-time at IBM.

1977-1980  Boeing Aerospace, Seattle.  Engineering Aide working in microcircuit Failure Analysis Laboratory while simultaneously completing BSEE degree at University of Washington.
 

Education, Post Grad work:

·       2002, 2003 Visiting Scholar (part time), Computer Security Research Group, Stanford University

·       1984 MSEE degree (Computer Science focus), Stanford University

·       1980 BSEE degree, University of Washington

Conferences / Speaking engagements:

·      2008 Speaker/Panelist LinuxWorld, San Francisco (Mobile Device Security)

·      2008 Speaker, NSF Wireless Security Workshop, GA Tech (WiMAX Security)

·      2008 Speaker, WiMAX Conference, Prague (WIMAX Security)

·      2007 Speaker/Panelist, Usenix Security Symposium, Boston (Cellular Network / WiMAX Security)

·      2007 Speaker, WIMAX Summit, Paris 2007 (WiMAX Security)

·      2004 Session Chair, Speaker IEEE Globecom 2004 (Workshop on VOIP Security / DDoS and VoIP Security)

 

Publications:

·       2001-2009 Numerous Internal Sprint Publications on DDoS, VoIP Security, Wireless Security, Smartphone Security

·       Gobecom 2004 Workshop on VoIP Security: “Defending VOIP Networks from DDoS Attacks”

·       Web Conferencing Vendor Security Evaluation, September 2000, internal Blue Martini Software document

·       Towards a New Xerox DNS Management Architecture, December 1998, internal Xerox document

·       Improving the Xerox Domain Name System; Architecture, Infrastructure, and Support Processes, January 1998 internal Xerox document

·       Xerox Firewall Architecture Template, September, 1998 internal Xerox document

·       Xerox Firewall Analysis: Requirements Survey & Design Recommendation, July 9,1996 Internal Xerox Document with Alan Killenbeck and Mary Bernstein

·       Proposal for OSPF Routing on the Xerox Backbone, January 1993, internal Xerox document.

·       Xerox Domain Name System; Issues, Architecture, and Guidelines, May 1991, internal Xerox document.

·       Architectural Options for the Xerox TCP/IP Internet (Addressing, Routing, Topology), October 1990, internal Xerox document.

·       Towards the Xerox TCP/IP Internet, March 1989, internal Xerox document.

·       Epidemic Algorithms for Replicated Database Maintenance; ACM Symposium on Principles of Distributed Computing; August 1987; with Demers. et al

Patent Applications:

·       Tiered Security Services

·       Centralized Security Management System

·       Method and Apparatus for Processing Mobile-IP Registration Requests

·       Method and System for Facilitating Packet-Based Communications

Awards:

·       2007 Sprint Technology Security Award 2007 (Identified and mitigated major single packet DoS vulnerability on Sprint CDMA devices)

·       2003, 2005, 2006 Sprint Excellence Awards

·       2001 Blue Martini award (High performance, secure, colocated external services design and rollout team effort)

· 1986 Xerox Team Excellence Award (Clearinghouse Algorithms Team)

· 1985 Xerox Special Recognition Award (Arpanet gateway activity)