Experience

• 

  Sophos

  • United Kingdom
  • Software Development
  • 700 & Above Employee

  • Senior Software Engineer, Network Security

    • Apr 2017 - Present
    • Vanvouver

    Working in the Network Security Group, collaborated in design and maintanace of a firewall/proxy capable of proxying many HTTP(S) connections and blocking connections based on the web content. Worked in a small agile team and developed a module to monitor and control access to various cloud based applications. The proxy was implemented in C running on custom Linux builds.

• 

  Teradici

  • Canada
  • IT Services and IT Consulting
  • 100 - 200 Employee

  • Senior Software Engineer

    • Aug 2011 - Apr 2017

    Specified architecture and defined the communication protocols which enabled thousands of clients to establish remote desktop connections to virtual machines. Working in an agile environment with team of 6 Developers, implemented scalable and redundant software applications that provided user authentication, resource allocation, and firewall functionality. • Security Gateway: Implemented a C++ firewall application that proxied network traffic for thousands of PCoIP remote desktop sessions. Implemented TLS servers and clients as well as AES-GCM encryption/authentication. This gateway product was successfully deployed in over 500 sites and required minimum maintenance for 5 years. • Connection Manager: Led the implementation of a Java /Tomcat application which terminated thousands of TLS connections and provided user authentication and resource allocation. Increased deployment and sales by generating customized variations of this application. • Protocol Specifications: Wrote several specification documents which defined the system architecture and HTTP based communication protocols. Specified several user authentication algorithms for connecting to a remote desktop. These specification documents were implemented in systems used by large customers such as Amazon Web Services. • Security Threat Mitigations: Analyzed the security of the system and its components using threat models and implemented mitigations for a number of security attacks. Implemented one time token, certificate verification, and denial of service rejection mechanisms which significantly improved the security of the system.

  • Staff Engineer

    • Sep 2006 - Jul 2011

    Specified and implemented various layers of the PCoIP remote desktop protocol in firmware and software. These software modules were written in C/C++ and were used in over three million of client and server endpoints. • Data Layer: Implemented a data transport layer providing reliable communication over UDP datagrams that carried the imaging, audio, other media traffic for remotely connecting to a desktop. Implemented a traffic shaper and cubic algorithm to allow many remote desktop sessions share the available network bandwidth. • Encryption: Implemented efficient AES-GCM authenticated encryption algorithms using C and intrinsic instructions. These implementations were used with almost no change for ten years. • Audio Compression: Implemented various audio compression algorithms which automatically adjusted the compression rate and audio quality based on the available network bandwidth. • OS Abstraction: Implemented OS and socket abstraction layers that allowed the client and server endpoints to work on many systems such as Windows, Linux, Mac, iOS, and Android. • Media Transport: Implemented keyboard, mouse, cursor transport layer that provides excellent user experience even over low bandwidth and high latency networks. Implemented a virtual channel layer which allowed customers to write their own plugins for clipboard cut-and-paste and printers.

• 

  Ctf

  • Canada
  • Medical Equipment Manufacturing
  • 100 - 200 Employee

  • Senior Firmare/Electrical Engineer

    • Jul 2003 - Sep 2006
    • Vancouver, Canada Area

    Designed firmware, FPGA code, and digital/analog circuitry for a medical imaging device which reduced the manufacturing cost by 50% and worked more reliably. Working in small engineering team, provided documentation for manufacturing, installation, and certification. • Designed data collection firmware using embedded RTOS and TCP/IP stack • Optimized the embedded TCP/IP stack for high throughput and low latency • Implemented a Linux server application to receive and aggregate many TCP streams • Implemented a high speed packet transfer engine in Xilinx FPGA • Implemented various FIR filters, signal generators, and FIFO’s in FPGA • Utilized fiber channel and SCSI protocols for transferring high speed data • Performed verification and validation testing including EMI and CSA tests

• 

  PMC Sierra

  • Senior System Validation Design Engineer

    • Aug 2000 - Aug 2003

    Validated system level functionality of three telecom chips. Worked in a team of six engineers and collaborated with other teams to develop software and hardware for new telecom devices. • Guided hardware and software design and specified various functional and system level tests. • Utilized a platform consisted of cPCI boards, embedded x86, and traffic generator/monitors. • Involved in detailed s/w and h/w design including FPGA design, TCP communication software, VxWorks device drivers in C, configuration and test scripts in TCL, and bug investigation. • Worked with marketing, silicon development, and application groups to define new features. • Became familiar with TCP/IP, ATM, SONET, IEEE 802.3, Frame Relay, and multilink protocols.

• 

  VTech Engineering Canada

  • Chief Engineer & Senior S/W Engineer

    • Apr 1999 - Aug 2000

    Provided leadership and managed projects for developing cordless phone firmware/hardware. The cordless phones were manufactured in low cost in China and were sold worldwide in high volumes. • Provided group leadership, specified design guidelines, coordinated design and manufacturing. • Responsible for top-level design of a frequency hopping cordless phone. Conducted feasibility study, designed system architecture, estimated memory and CPU requirements, analyzed real-time response, designed the protocol stack, specified functional blocks of the ASIC, developed s/w emulation tools for the DSP core, managed external contractors, and implemented some low-level s/w modules.

• 

  Vtech Technologies Canada Ltd.

  • Canada
  • Computers and Electronics Manufacturing
  • 1 - 100 Employee

  • Senior Software Engineer

    • 1996 - 1999
    • Vancouver, Canada Area

    • Designed and implemented a wireless protocol stack for delivering both audio and data. • Designed and implemented a multitasking scheduler and defined module interfaces. • Improved algorithms for channel searching, caller ID detection, and digital audio processing.

• 

  Alpha

  • Vancouver, Canada Area

  • Firmware/Electrical Engineer

    • 1992 - 1996
    • Vancouver, Canada Area

    Developed firmware for Uninterrupted Power Supply (UPS) systems. Completed product planning, top-level and hardware design, and managed contractors. Implemented firmware which was deployed in millions of USP systems. • Participated in the design of a high-frequency inverter UPS system. Responsible for the mixed C and assembly software. Implemented a real-time multitasking kernel. • Working directly with the marketing department and third party contractors, specified and implemented an SNMP agent to remotely monitor and control UPS units. • Designed and implemented an Automatic Test Equipment (ATE) for testing UPS systems on production line. Utilized various National Instruments cards and wrote C programs for PC.