Executive Profile

Software technologist with broad experience in R&D, personnel and project management, consulting services, and information technology. Fast learner with the ability to adapt to new situations and technologies and make strong contributions quickly. Strong interest in working with innovative, cutting-edge technologies.

Experience

Sr. Research Associate/Program Manager

Cigital, Inc., Dulles, VA 

1997-Present

Filled several roles across a number of the company’s divisions, including:

Program Manager

·         Managed overall direction of Cigital Labs, including tactical and strategic divisional planning

·         Responsible for achieving division revenue and business goals

·         Mentored senior and junior researchers and developers enhancing creativity, productivity and morale

Sr. Research Associate

·         Led R&D efforts on projects funded by DARPA, NASA and NIST

·         Developed research ideas and wrote successful funding proposals

·         Wrote papers and technical reports for publication

·         Assisted in technology transfer from research prototypes to commercial products

Senior Consultant

·         Performed software security and software quality risk assessments for clients

·         Served as software configuration management (SCM) expert

·         Helped develop a practical software certification approach

Information Technology Liaison

·         Championed and implemented SCM practices company-wide

·         Involved in planning and administration of corporate IT infrastructure

Research Division

·         Principal Investigator (PI) on a project that created a security vulnerability scanner for program executables by reusing source-based pattern-detection engines. Resulted in a shorter development lifecycle and leveraged existing proprietary tool infrastructure.

·         Project Lead (PL) and Co-PI on a $1.8M project looking into language-based security issues with resource-constrained wireless devices. Led analysis and development efforts focused on improving and extending the current security paradigms for Java-based devices. Resulted in a suite of tools to help expose security vulnerabilities with the J2ME reference implementation.

·         PL and Co-PI on a $1.6M project tasked with developing an Aspect-Oriented Programming (AOP) solution for security vulnerabilities. Led a team in designing and implementing a complete system, including an aspect language and a weaver. Created comprehensive, modular solutions to address a wide range of security issues.

·         Technical Lead on a $2M project researching and developing a software certification pipeline for electronic commerce applications. Researched and implemented state-of-the-art techniques for the automated detection of security vulnerabilities in C code. Also developed advanced static and dynamic analysis tools for Java bytecode. Tools are currently the basis for Cigital’s vulnerability detection product

Professional Services Division

·         Subject Matter Expect in software security, reliability and analysis.

·         Performed security risk assessment on a network storage product. Discovered and implemented security exploits on product and traced technical risks back to business impact.

·         Member of team that created a quantitative product-oriented software certification approach for a federal government agency.

·         Architected a SCM solution for an e-commerce client. Also planned and assisted in development group’s migration from Visual Source Safe to CVS.

Information Technology

·         Setup and maintained SCM software. Tutored and mentored coworkers on SCM usage.

·         Instrumental in the planning and design of heterogeneous critical infrastructure servers and network. Duties included ensuring continuous availability of resources and infrastructure and secure architecture, design and administration of systems running FreeBSD and Windows 2000.

·         SMTP, DHCP, NFS, Samba, FTP, HTTP, NIS, Exchange 2000, Active Directory.

Software Engineer

Visix Software, Inc., Reston, VA

1997

Helped develop “Vibe,” a cross-platform application development environment for Java. Also worked on “Galaxy,” a cross-platform class library for developing applications

·         Developed user interface components

·         Worked on library code for networking libraries

Research Assistant

College of Computing, Georgia Institute of Technology, Atlanta, GA

1994-1997

Performed research in educational technology and networking. Also designed systems to promote human learning and problem-solving based on cognitive principles.

·         Built authoring tools that significantly reduced module development time

·         Served as teaching assistant for undergraduate Artificial Intelligence course

Software Engineer

Elemental Interactive Design and Development, Atlanta, GA

1996

Designed and implemented cross-platform Internet and intranet tools.

·         Designed and developed a cross-platform information visualization and presentation system with the ability to deliver information through the web

·         Performed source control and configuration management.

Graduate Assistant/System Administrator

Department of Computer Science, University of Mississippi, Oxford, MS

Research Institute of Pharmaceutical Sciences, University of Mississippi

1993-1994

1992-1994

Performed research in formal methods.

·         Taught undergraduate, senior-level Algorithms course

·         Managed heterogeneous Computer Science department systems, including departmental FTP and web sites.

Publications & Patents

Selected Conference Proceedings

·         Viren Shah, “Using Aspect-Oriented Programming to Address Security Concerns,” International Symposium on Software Reliability Engineering, November 2002, Annapolis, MD.

·         Viren Shah, “The Holy Grail of Software Quality,” International Conference on Dependable Systems and Networks (DSN 2002), June 2002, Bethesda, MD.

·         M. Weber, Viren Shah and Chris Ren, “A Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization,” IEEE Workshop on Source Code Analysis and Manipulation, November 2001, Florence, Italy.

·         A.K. Ghosh, Viren Shah, and M. Schmid, "An Approach for Analyzing the Robustness of Windows NT Software,” Proceedings of the 21st National Information Systems Security Conference (NISSC98), October 1998, Arlington, VA.

·         T.J. Walls, Viren Shah and Anup Ghosh, “Towards Certifying Software for Security,” Proceedings of ISACC 2000, September 2000, Reston, VA.

Selected Workshops/Panels

·         Workshop Organizer: AOSD Technology for Application-Level Security, Aspect-Oriented Software Development, Lancaster, UK, 2004.

·         Panelist: Wireless Security: Vulnerabilities and Solutions, ACSAC, Las Vegas, 2002.

Patents Pending

·         Systems and Methods for Detecting Software Security Vulnerabilities (Provisional Patent Application)

·         Systems and Methods for Detecting Software Buffer Security Vulnerabilities (Provisional Patent Application)

Education

Ph.D. Program

College of Computing, Georgia Institute of Technology, Atlanta, GA

1994-1997

M.S. (C.S)

Department of Computer Science, University of Mississippi, Oxford, MS

1994

B.S.C.S.

Department of Computer Science, University of Mississippi, Oxford, MS

1992

Awards

·         Outstanding Computer Science Junior, University of Mississippi

·         Outstanding Computer Science Senior, University of Mississippi

·         Taylor Medal Honoree, University of Mississippi

Affiliations

·         The Honor Society of Phi Kappa Phi

·         ACM

·         IEEE

References

Available upon request