Information Assurance Consultant
Work Experience:
GTE Government Systems Corp, Information Systems Division, July 1999 - Present
Information Assurance Consultant
GTE Information Assurance expert developing and structuring Critical Infrastructure Protection (CIP) offerings for non-DOD agencies. Consulting to a variety of Division customers for INFOSEC and Information Assurance issues.
CygnaCom Solutions, Inc., October 1997 - Present
Senior Security Engineer
Active member of the Key Management Infrastructure (KMI) Security Architecture Working Group involved with national policy and interoperability issues. Developing strategy for KMI architecture development in harmony with the Defense Information Assurance Program (DIAP) and Information Assurance Technical Framework (IATF). Providing security evaluation expertise to NSA on the Wang High Assurance Guard in support of the Defense Message System (DMS) and Defense Information Infrastructure (DII). Developed Philosphy of Protection, Formal Security Policy Model and Security Architecture Report (Code Review). Prepared Working Group report on X.500 Directory Shadowing through the High Assurance Guard. Contributed to NSA Protection Profile for High Assurance Guards for the Network Security Framework Forum (NSFF). Participated in the assurance portion of a Common Criteria Evaluation of major database application. Developed compliance test assertions for Public Key Infrastructure in support of NIST. Researched evolving security technology for the FAA.
SAIC, August 1989 - September 1993; August 1996 - October 1997
Senior INFOSEC Systems Engineer
Performed security evaluation of the Joint Computer-Aided Acquisition and Logistics Support System (JCALS) in support of the Program Office.
Analyzed security architecture for the MLS F-22 Integrated Maintenance Information System (IMIS) in support of the Air Force Information Warfare Center. Identified baseline configuration for SCO CMW+ Unix to support MLS applications. Monitored CERT advisories and security mailing lists for relevant Unix vulnerabilities.
Contributed to CONOPS and Program Management Plan for incorporating intrusion detection technology throughout the Defense Information Infrastructure (DII).
Performed research and analysis of state-of-the-art computer misuse/intrusion detection technology. Developed detailed criteria for the comparative analysis of intrusion detection (ID) systems. Analyzed five major ID systems in depth to select the system most appropriate to identification of espionage-related activity by authorized users. Developed and applied test program including detailed evaluation criteria, test plans and procedures. Presented technical paper at SRI International Misuse Detection System Symposium highlighting the system selection criteria and the evaluation results.
Performed analysis of security features of commercial-off-the-shelf (COTS) operating systems and database management systems. Developed integration approach to maximize use of non-developmental items while achieving system security objectives for the Navy Key Distribution System. Identified appropriate configuration of COTS audit and access control mechanisms.
Developed 5-year plan to identify and integrate secure commercial products in a major Marine Corps tactical C3I system upgrade. Evaluated near-term COTS alternatives against program cost and schedule considerations.
Produced Security Operational Concept Document for the Contingency TACS Automated Planning System (CTAPS), describing the role of security in accomplishing the CTAPS mission and the security mechanisms implemented in hardware and software.
Developed work plans in support of the Navyís OPINTEL Five Year Plan, focusing on the application of emerging security technology.
Bobby G. Miller Consulting, February - August 1989
INFOSEC Consultant
Developed security plans and procedures for Air Force base-wide LAN processing unclassified and sensitive but unclassified (SBU) data. Evaluated impact of AFR 205-16 revisions.
Compusec, Inc., February 1982 - February 1989
Senior Systems Engineer/Director of Marketing
Conceived and directed development of an integrated development and formal verification environment for the Ada language to support DOD 5200.28-STD requirements in the Beyond A1 class. Specified requirements and design of a multilevel secure (MLS) executive to support theater communications and tactical C3.
Specified requirements and hardware/software architecture of a trusted interface unit for local area networks employing cryptographic authentication.
Developed course materials and conducted training in verification technology.
Authored a plan for a centralized facility for the standardization, maintenance, enhancement, distribution and promotion of secure software engineering tools and technologies.
Performed system security analysis for the Joint Service Imagery Processing System. Developed Security Test Plan for DIAM 50-4 accreditation.
Formed and staffed New England Operations office. As Program Manager and Senior Scientist, provided security analysis and certification/accreditation support to the WWMCCS Information System (WIS) Program Office. Represented Program Office at Security Certification Working Group meetings and Technical Interchange Meetings with subsystem prime contractors and WWMCCS user community. Liaison with JCS certifier, NSA and NCSC.
Specified security interface for the Common Ada Programming Support Environment Interface Set (CAIS) proposed MIL-STD.
Directed security technology development for a major Army C3 system. Designed security features to support MLS, data integrity and delivery assurance. Specified and managed implementation of an automated tool for information flow analysis of Ada program design language specifications.
Integrated commercial systems development methodology with automated security analysis tools and techniques in support of the NORAD Communications System Segment Replacement (CSSR) program. Authored CSSR security policy.
As Program Manager and Security Engineer for the MLS Tactical Bus program, specified a prototype LAN product for MLS/Compartmented mode tactical intelligence applications.
Provided security engineering support to the Minimum Essential Emergency Communications Network Diversity Reception Equipment (MEECN/DRE) program.
Authored security policy, security model and formal verification approach for the Secure Distributed Systems program. Contributed to system architecture and countermeasures specification.
Provided security model, requirements analysis and accreditation support documentation for the Korean Air Intelligence System Security Interface. Developed formal specification for the Secure Crypto-Authenticated Message Processor.
Performed formal verification of security-critical Used the Hierarchical Development Methodology (HDM) and tools for design specification, design verification and program proof-of-correctness. Led first NSA operational system evaluation using the Orange Book A1 criteria.
Merdan Group, Inc., December 1979 - February 1982
Formal Verification Analyst
Task Leader for the security verification and validation team on the message processing unit design and implementation of the AN/GSC-40 Command Post Terminal. Directed the adaptation and application of the Hierarchical Development Methodology to the critical review of design documents and rigorous analysis of system security implementation to the object code level. Researched and selected PASCAL programming language verification tool. Participated in technical interchange meetings with NSA and the program office.
Performed security validation of the AUTODIN II message switching system top level specification. Assisted in the development of an automated analysis tool.
Naval Personnel R & D Center, October 1977 - December 1979
Data Analyst
Performed data analysis for mathematical skills project in training research. Developed statistical procedures in FORTRAN. Composed technical reports of findings.
Developed software to support man-systems simulation research. Wrote graphics simulation and database software. Designed a simulator for a hypothetical computer. Monitored tasks of 20 contractors.
Education: B.S., Applied Math/Computer Science, San Diego State University, 1979
A.A., General Liberal Arts, Palomar C.C, 1977
Clearance: Secret
Email: bgmiller@dc.jones.com