SENIOR SOFTWARE ARCHITECT, SOFTWARE DEVELOPER, SDK TSAR
Phone: +1 (408) 676-6612
San Jose, CA
- Yes, I’m U.S. citizen (because everyone asks anyway)
- Over 20 years of commercial software development experience, mostly in C/C++ on Linux, including cross-platform and embedded environments. I write efficient, portable and secure code which works on Windows and Linux, ARM and MIPS, 32 and 64bit.
- More than 10 years of commercially licensing the software security SDKs to hundreds of partners, often built from scratch.
- More than 12 years of being a customer-faced engineer, with excellent understanding of the technology licensing business.
- More than 5 years of SDKAPI designs, development and documentation in multiple languages including C, C++, and Java.
- More than 10 years of reviewing code (both internal and partner) and communication protocols for security, patent and licensing issues; found and fixed those issues.
- In the security (anti-malware) business since 2001, worked for several companies and accumulated significant knowledge.
- Over two years of Android development experience, released commercial applications on several markets.
- Multiple years of experience working with Qt library versions 3-5, writing portable UI applications on Windows, Linux and Mac.
- Developed a number of portable, high-available networking Linux and Windows server applications.
- Ported existing software between different operation systems and architectures.
- Wrote a number of articles on the security topics, educating the community about the security issues and possible solutions. Co-organized several webinars.
- Reviewed existing software and communication protocols for security, patent and licensing issues; frequently found and fixed those issues.
- Reverse engineering experience including analysis of Windows and Linux executables, kernel drivers, and non-x86 executables.
- Team leader experience, worked under no direct supervision during the last 10 years.
- Fluent in English, Ukrainian and Russian languages.
- C, C++, Perl. Proficient with the Qt framework. Those are tools of trade. Most of the time I write performance-critical networking applications which work on Linux, OS X and Windows.
- Ability to communicate well to non-technical people, and understanding and business needs. I work directly with the business people, helping them to understand technical restrictions and still find the ways to achieve what’s needed for the company to succeed.
- Ability to present information in a structured, organized way. Wrote several articles about security for both technical and non-technical audience, co-organized several webinars.
- API design and documentation experience. An example of an API and documentation could be find here: http://sourceforge.net/projects/libircclient/files/libircclient/1.7/libircclient-1.7.pdf
- Expert knowledge in porting existing software to different architectures, operating systems and hardware platforms, including the emerging ones.
- Decent Android development experience, including Java and C w/JNI, and Android NDK. Designed, developed and released several Android applications; some are available at the Google Play and Amazon AppStore.
- Multimedia experience, released several free multimedia applications. Used SDL and FFmpeg libraries to process video and audio on Linux and Windows.
- Decent experience in reverse engineering and binary analysis, including non-x86 architectures. This includes malware analysis, and developing decompilers for the bytecode languages to simplify the automatic malware analysis.
- Expert knowledge in TCP/IP networking applications, building high-available servers, and boosting the application network performance. Familiar with most well-known Internet protocols. Developed several cross-platform networking applications on Linux and Windows using epoll and IO Completion Ports.
- Proficient in using cross-compilers for generating stable, reproducible builds covering all necessary architectures, including creating Windows, FreeBSD and OpenBSD builds on a Linux machine.
- Linux user since 2002. Have experience to install and configure FreeBSD, OpenBSD, NetBSD, Mac OS X, Microsoft Windows, Solaris, HPUX and other operating systems.
- Familiar with development boards, u-Boot, TFTP, NFS, serial consoles and other aspects of embedded development.
- Extensive use of cross-compilers (gcc, mxe, buildroot), virtual machines (VMware and kvm) and build scripts/build systems to simplify simultaneous support for multiple operating systems running on different hardware architectures
FULL TIME EMPLOYMENT HISTORY
(see also part-time projects)
- Designed, developed and maintained the efficient, user-friendly, stable and powerful public API for the majority of Bitdefender SDKs. The major focus was on exposing as many underlying features as possible in an easy-to-understand way while making the integration easier, and supporting full backward compatibility.
- Wrote and maintained the developer-oriented documentation for all the SDKs. The documentation was written for OEM partners, and included generic SDK information, HOWTO section (“If you want that, here’s how to do it”), and the API reference. Carefully explained all known problems the partners might get into during the SDK integration, based on my past experience. The total size of all the documentation written was over 400 pages
- Provided the integration engineering support, including architecture reviews, to the over 100 Bitdefender OEM technology licensees. While working directly with the licensees analyzed the customer requirements and suggesting the best architecture and integration scenario in a customer-facing environment, often in the field.
- Worked with different development teams in the company headquarters in Romania to manage the current action items and open tickets. This includes both everyday email and phone communications, and visiting the headquarters 3-5 times a year. Taught the developers the best practices for portable programming, and enhanced the teams’ productivity by suggesting and helping with deployment of different tools, such as cross-compilers to make builds faster, easier and more reliable.
- Developed the Android bytecode analyzer and the Android malware detection engine while working closely with the anti-malware research team. Created the anti-malware SDK for Android platform which used Java and C modules accessed through the JNI interface.
- Implemented a portable ICAP/SPAMD anti-malware server. The server was implemented using epoll and handled up to 1500 concurrent connections. The project also required implementing a test ICAP client which was used to test both the functionality and the performance of the product. Both the server and the client were written in C++, and supported Linux.
- Participated in code reviews to ensure the company compliance with the 3rd party licenses. This required digging the original library license if necessary, and sometime communicating to the authors. Worked with the legal department to interpret whether the burden is acceptable, and helped to find a suitable alternatives for those libraries when it was not.
- Ported the anti-malware and anti-spam engines to MIPS/x86_64/PowerPC/different ARM platforms on variety of operating systems, supporting a variety of different ABIs, hard/soft floats etc, all with minimal code changes. Involved writing and debugging machine code for a number of different CPUs..
- Participated in patent reviews to ensure that the company technology does not infringe specific patents.
- Participated in creating the new portable SDKs. Ported the existing BitDefender SDKs to Linux/Unix, including x86_64 build. The goal was to keep the code portable between platforms, including future platforms.
- Published several articles on malware and cybersecurity topics:
- 11 Frequently Asked Questions About Malware Botnets – Answered!
- IoT Security: What to Expect as a Vendor When Joining the Connected World
- Why IoT Security Will Be a Nightmare for Everyone
- POS Security: Attack Vectors and Prevention Methods
- POS Security: Lessons for Every Business Employing Such Systems
- 10 Questions to Ask an APT Protection Provider Before Choosing Them
- How to Properly Evaluate an APT Security Solution?
- Sony Security Breach: Unprecedented and Unparalleled. Or Is It?
- Detecting Advanced Persistent Threats: Myths & Realities
- Setting the Record Straight: What’s an Advanced Persistent Threat?
- What You Need to Know About BadUSB
Senior Unix Software Developer at Kaspersky Lab Customized Solutions, San Jose, CA
- Worked closely with multiple development teams of Kaspersky Lab OEM partners to help them to integrate our technology into their products. Provided development help and support in form of e-mail communication, source code review, remote debugging and on-site visits when necessary.
- Developed a kernel module for Mac OS X 10.4+ to provide on-access scanning capatibilities for Kaspersky Anti-Virus for Mac. This required extensive studying of existing MacOS X documentation and available source code, and a lot of experimental work.
- Reviewed Kaspersky implementations, and worked with the legal team to form a legal opinion confirming that the product implementation does not infringe a specific patent. Educated the developers about patents, how to read them and and how to make sure the implementation does not infringe a patent.
- Ported the anti-virus engine to Mac OS X, and PowerPC CPU, AMD x86_64 and Cavium MIPS architectures.
- Modified a gcc compiler source code, for gcc to be able automatically generate byte order independent machine code. This was intended to easy the porting of the software between little-endian and big-endian hardware platforms. The integration patch was written in C and was used during the
- After talking to partners’ software developers who used our technology, created a new API for Kaspersky SDK, and completely rewrote the SDK documentation for developers. Both SDK and documentation addressed most issues the partners complained about. After the new version was released, the number of SDK integration support issues decreased dramatically, and allowed more efficient use of company resources.
Senior Software Developer, Product Architect at Kaspersky Lab HQ, Moscow, Russia
- Led a team of seven, analyzing the product requirements, preparing design documents, developing the components architecture, creating and maintaining project plans, and writing reports using MS Project and MS Office/OpenOffice. Made decisions regarding tools used for development, external libraries and tools.
- Designed and developed an automated software build system, which handled the whole UNIX software building process for all Kaspersky Lab Unix products. The system handled everything from the checking out the application source code to the producing ready-to-install packages. There was no Jenkins at that time.
- Designed and developed a Kaspersky Antivirus on-access kernel driver for Linux and FreeBSD.
- Reverse-engineered the compilers and created two decompilers for proprietary BASIC-type languages, for purpose of malware analysis for the malware written in those langugages.
- Designed and developed Kaspersky Anti-Virus for Sun Messaging Server and HPUX Openmail. Very strict timeline, and undocumented proprietary integration protocol, which needed to be reverse-engineered, made it an interesting project. Solved both of them rather unconventionally, and impressed our technical teams who thought it was not possible.
- Ported several components, including the anti-virus enginel, from MS Windows platform to several hardware and software platforms, including x86 (Linux, FreeBSD, OpenBSD), Sparc (Solaris), HP-UX, and ARM (Linux). The challenge was that the original code was written without having portability in a mind, so a lot of code was simply non-portable, and had to be rewritten. Developed a compatibility library, which goal was to simplify the porting process. Wrote the documentation, and presented it to the company engineers to teach them about the portability issues, with instructions how to write portable code. This was very new at that time in Russia.
Software Developer at ITCS International, Kiev, Ukraine
- Led the team of developers for the fast and secure credit card transaction server for a large financial customer. The server worked with AmEx terminals over Internet using the ISO 8583 protocol. Designed and developed the server part of the client-server solution, using C++ as a primary language. Also developed a test AmEx terminal, using Perl, to simplify automatic testing process.
- Designed and developed a Java-like (but more limited) language compiler, and its bytecode interpreter for an embedded environment. The purpose of language was to enable the non-programmer customers to program certain tasks in a simple way (and they did not want to use LUA). The language compiler was developed using flex/bison as grammar parsers, and the rest of code was written in portable C++, so it worked both under MS Windows and UNIX flavors.
Software Developer at Ukrpage, Lviv, Ukraine
Software Developer at Eles, Ltd, Lviv, Ukraine
Software Developer at Lviv Attraction, Lviv, Ukraine
C++ Software Developer and Architect at Citrix (formerly ScaleXtreme, Inc)
- Participated in designing the complete cloud application architecture. Suggested some key features, created and maintained design documents.
- Designed and developed the networking server which tracks different cloud components, helps them to find each other, retrieve the information about other connected components, and initiate inter-component communications. The server supports up to 50,000 simultaneous connections, uses client and server certificates for mutual authentication, uses TLS for encryption, and will support scaling. The server was written in C++, used epoll and OpenSSL.
- Developed the high performance proxy server for Windows and Linux to work in the disconnected environments. The server used OpenSSL and used epoll on Linux and IOCP on Windows. The challenge was to keep the shared codebase, and it was successful.
Python porting / Qt GUI development at Lexam Research
- Ported a large UI application with over 120 dialogs from Python to C++. The functionality was also extended as requested by the customer. The project was written in C++ using Qt 4, uses gcc on Unix, and MinGW and NSIS installer on MS Windows. Perl scripts were also created to convert a large number of dialogs into UI files. A set of build scripts has been created to build both Windows and Linux version directly from Linux workstation using cross-compiled MinGW compiler and NSIS for Linux.
Networking / ICAP Linux development at Infowatch
- Created an ICAP server for intercepting the HTTP traffic to detect the leaked information. The server supported a requested subset of ICAP commands plus mandatory minimum required by RFC. The server passed the content to an external shared library using the agreed upon interface which was discussed with, and approved by the company. The server supported 204, keep-alive and other advanced options, but provided workarounds for the ICAP clients which did not support them. Written in portable C++, ICAP server was developed primarily for Linux, but should work on any other platform with pthreads.
GUI / Qt development for Linux/Windows at Calabasas Creek Research
- Ported the plasma engine simulation toolkit to Qt4 and Linux. The main challenge was to port the graphics code, which used Dislin graphics library. Dislin was a closed-source library with a sparse documentation, which did not document its internals, so some reverse engineering was necessary. The project was written in C++ using Qt 4. The project has been finished with two people, and I worked with another engineer who I found, trained and supervised.
- Implemented the complex GUI to a scientific application. The GUI was mostly used on Microsoft Windows, but since there was a possibility to run the application on OS X the Qt Toolkit was used again. The GUI was very complex, having more than 60 dialog windows, and a dozen of custom widgets, so the proper architecture and separating common code was a must. While the GUI itself wasn’t a major challenge, the number of windows, and their combinations, required a lot of efforts to keep the code base maintenable, since the whole project has been done by one person. The expression evaluator module required good knowledge of bison and flex as well as their integration into C++ language, and into qmake build system. The project was written in C++ using Qt 4, uses gcc and rpm on Unix, and MinGW and NSIS installer on MS Windows. A set of build scripts has been created to build both Windows and Linux version directly from Linux using cross-compiled MinGW compiler and NSIS for Linux. The project took approximately one man-year of part-time work.
- Ported the physics simulation toolkit to Windows/Linux/MacOSX port using Qt4. The original source code was written in C++ using xlib X Window functions, so X Window knowledge was required to complete the port. An important requirement was to provide the source code compatibility with applications using the toolkit.
System library development at Centromeric, Inc.
- Created a generic abstraction interface to provide the company’s application a consistent interface to intercept and sometime alter the system calls across Linux operating systems. The goal was to add extra functionality to any application without having access to the application source code. This new functionality allowed the application designed to manipulate local files, to access and manipulate files and other objects on remote computers. The project required deep systems level knowledge to overcome implementation differences across multiple operating systems. The project was coded in C/C++ using GCC and has been tested on Linux Red Hat 7.3 and above.
- Created a method to intercept and change the Win32 API calls for a specific Windows binary. The goal was to add extra functionality to any application without having access to the application source code, or patching it. This new functionality allowed the application designed to manipulate local files, to access and manipulate files and other objects on remote computers. The project required deep understanding of PE files format, Windows system calls and good knowledge of x86 Assembler to write a loader and to debug problems. The project was coded in C++ and x86 assembler using mingw and MSVC, and supported Windows 2000, XP and 2003.
GUI / Qt development for Windows at Skyler.
- Developed a GUI according to the draft specification. The company had to make the product available on a very short call. The goal was to develop GUI for the data processing library according to the API provided. While the GUI itself was not that complex, requiring only several custom widgets and had less than ten total windows, the very short deadline was a challenge – five calendar days (with two weekend days) for the whole project, including QA and integration. The development was done on Linux using Qt4, and additionally tested and debugged on Windows. KDevelop and Visual C++ were used as IDEs. The project was finished on time.
OPEN SOURCE PROJECTS
- Sole creator, developer and maintainer of Kchmviewer located at http://sourceforge.net/projects/kchmviewer which is a free open-source Qt/KDE based viewer for CHM (Compiled Help Manual) files, which has a lot of unique features, including tab browsing. It is the only CHM viewer with native KDE support. Stable, mature version, started in early 2005. Successfully ported it to a pure Qt4 application, without using qt3-support, in 2007. Released under GNU General Public License.
- Sole creator, developer and maintainer of Karaoke Lyrics Editor located at http://sourceforge.net/projects/karlyriceditor which is an open-source Qt based lyrics editor for Karaoke songs in popular formats. It used SDL and FFMpeg to play music files, and export the lyric videos. Released under GNU GPL Open Source License.
- Team member of XBMC located at http://www.xbmc.org, which is a full-featured cross-platform media center application, which is also completely open-source. Developed the karaoke backend.
- Creator, project administrator, developer, tech documentation writer and maintainer of libircclient located at http://sourceforge.net/projects/libircclient. This is an open-source IRC client-side library, which handles everything someone needs to build their own IRC client or bot. Stable, mature version, started in 2004 and completed in 2005 but still supported and used by several other projects. Excellent documentation is available here: here: http://sourceforge.net/projects/libircclient/files/libircclient/1.7/libircclient-1.7.pdf. Released under GNU GPL License.
Authored several articles on software development, reverse engineering and system administration:
- select / poll / epoll for system architects (http://www.ulduzsoft.com/?p=816) is an article which covers the difference between those polling methods and explains when each method applicable.
- How does the reverse engineering work (http://www.ulduzsoft.com/?p=636) – this is a series of four posts which explains how the reverse engineering works to the general public usingof the popular file formats as an example. Part 4 (http://www.ulduzsoft.com/?p=651) is advanced, and explains how even an encrypted file format could be reversed in some cases.
- FontPreference dialog for Android (http://www.ulduzsoft.com/?p=579) explains how to implement the font selection dialog on Android. Other articles on the same topic include ChooseFile/ChooseDirectory dialog, and ColorPreference dialog .
- Your personal GMail-like email system (http://www.ulduzsoft.com/?p=298) is a series of articles for system administrators explaining how to set up your own e-mail system for personal or business use based on free software using Dovecot, Postfix, Round Cube and getmail.
- Software Security (Apr 2015) with distinction;
- Hardware Security (May 2015) with distinction;
- Cryptography (May 2015) with distinction;
- Usable Security (Sep 2015) with distinction;
Passed the ‘Writing Secure Code’ course by Stanford (Nov 2014)