-----BEGIN PGP MESSAGE----- Comment: GPGTools - http://gpgtools.org
hQEMA6qprSR9RgU9AQgAiQGiKSOuTSMuTUQIU9Xqo4dczmdlInE2Dn3/G2/ADDbd +ZTgiPa+W8GBMezuTWCXvJLJq+OBai2z/DxazsRjN2q/6QKiLBM0gbWqqQHUCwIP 5585zDInSO4HGoUPgjIqyPnPMuQWcMzhmI9OxuBe5QvLVFdFTk/7bmDcdqK3vccb qnApDl7akZcBFST7nVh3bW5OkHQ8JtNVPqorP4ZkwYPVKKwgXm815BpxMspT03sz yEUKkpi93S97Jd/SFZvgrMYFoKQhlZhij4Hgl8DiqIJ20v/CK6mKBIPXjuIoaQgM K6FZaY0ln8+aw+7KPPnDeHRkuWyCFcDI9XHfXbK0JNKxAThCWMuhTM/1HSP6uFWJ 9dckj2SRWDeIy6upinvEBVFkdkOs6vEg9tzFSI4KvBDR7PmwkCt8WXTE2EWTvx9X GKHO/iWilFg/d5SeR34TxmFlMRm/8uRa9hVXyHceJAq+9qAWo1cf5PRO6UlQDOw3 Rw6fltyGf36lnki4VHgl5VtcnnRR4x7hkjPGuZ41piOupdNJPdSllIxU+MgsZDei f/yLKNfJQJz6Y3WA/L6QqNVO =wzUV -----END PGP MESSAGE-----
- Key skills
- Key professional achievements
- Experience
- Education
- Certifications
- Research
- System Development and Management
- Software Development Projects
- Honors & Awards
- Program Committees and Boards
- Teaching and Advising
- Students
- Teaching
- CISSP training
- CFEngine one-day training class (8 hour class)
- “Virtualization” lecture (2 hours), Systems Security class, Computer Science Dept.
- “Intrusion detection: Basic concepts and current research at IBM” class (3 hours), Information Technology Security Spring School
- “Introduction to Computer Security” class (40 hours)
- EE495 (“Information Extraction, Retrieval and Security”) course
- “SSH: Achieving secure communication over insecure channels” class
- “Protecting your computing system” class
- Supercomputing Internship Program Courses
- Other Professional Activities
- Publications, Talks and Intellectual Property
- References
I am a senior computer security expert, IT architect, computer scientist, team and project leader with 29 years of professional experience, and much longer of being fascinated and passionate about computing. I specialize in the areas of Computer Security, Cloud Computing, Self-healing Systems and Configuration Management.
I possess a strong combination of leadership, conceptual and technical skills that enable me to lead teams in analyzing complex problems, designing and implementing elegant and pragmatic solutions. I have excellent communication abilities, with ample experience in writing, teaching and public speaking. I can interact and work fluently at the strategic, tactical and technical levels. I have a Ph.D. in Computer Science and have experience in both academic and business environments.
This page presents a summary of my qualifications — please see the following pages for the full details.
- Leadership
- 29 years of team and project leadership experience; systems architecture; Scaled Agile Framework (SAFe) methodology and processes.
- Computer Security
- Enterprise security architecture; risk management; compliance; intrusion detection and prevention (Ph.D. in this area); operating systems and network security; software security and secure software development; virtualization and cloud computing security; CISSP.
- Communications
- Excellent written and spoken communication skills, with more than 30 years of written and spoken communication and teaching experience in different contexts and topics. I love teaching and writing.
- Systems and Development
- Unix/Linux systems engineering and administration, system health management and monitoring, cloud platforms (Amazon EC2, Cloud Foundry), software development experience (C, Python, Ruby, Perl, LISP, etc.).
- Configuration management
- CFEngine, Ansible, Puppet.
- Attitude
- Always willing to learn about technology, management, and any topic that allows me to continue growing. I am passionate about both technology and people.
- Languages
- Spanish (native), English (100%), German (B1 level).
- Responsible for security architecture, risk management and compliance (ISO27001, FINMA, ISAE3402/3000, etc.) of Swisscom’s IT Clouds platforms and related services and components.
- Established and currently lead the Swisscom IT Clouds security community of practice.
- Established and managed the Health and State Management team at Swisscom, which designs, implements and operates a framework for scalable monitoring, logging and alerting.
- Designed the Orchard monitoring framework for Swisscom’s Application Cloud platform, and led the team that implemented it and brought it into production.
- Managed the CFEngine language product roadmap.
- Managed customer relationships at HP Enterprise Services in the area of security. This included overseeing the activities of operational and engineering teams, risk and compliance management, requirements discussion and reporting.
- Established and led the first incident response team at UNAM, which has grown into the university’s Information Security Organization/UNAM-CERT.
- Designed and implemented the Billy Goat malware capture and analysis system at IBM.
- System administration and security monitoring for UNAM’s Cray Y-MP supercomputer and Unix workstations.
- Authored multiple books including /Learning CFEngine/ (published by O’Reilly Media), /Learning Hammerspoon/ and /Literate Configuration/.
- Designed and implemented the first version of the CFEngine Design Center.
- Program chair and program committee member for multiple conferences including RAID symposium, DIMVA conference, the first instances of the International Computer Security Day and the Computer Security conference at UNAM, and others.
- Member of the Editorial Board of the Computers & Security Journal.
- Dual role as a member of the Swisscom Enterprise Architecture team, and as a Solution Security Architect for the Swisscom Cloud Platforms, which include offerings targeted at both the Enterprise and the SMB segments: Enterprise Service Cloud (IaaS), Enterprise Application Cloud (PaaS), Dynamic Computing Services (IaaS), Enterprise Cloud for SAP Applications (IaaS).
- As Solution Security Architect for IT Clouds, I am a member of the leadership team, and my job is to ensure Swisscom’s cloud platforms are secure and compliant. I define, prioritize and drive security-relevant product features, compliance and business goals of the cloud platforms built by Swisscom. I also head the IT Clouds Security Community of Practice, advise on compliance, governance and operational activities.
- Selected achievements and ongoing activities:
- Ensure ongoing cloud platform and service compliance with contractual and regulatory standards, including ISO27001, ISAE3402/3000, FINMA and GDPR.
- Launched the Security Champions initiative to promote and improve a culture of security responsibility within the team.
- Brought various platforms and services within the Swisscom cloud ecosystem to compliance with internal security standards and with external requirements for financial and banking customers, by defining the requirements and working with the engineering teams to prioritize and review the corresponding implementations.
- Coordinate and oversee periodic threat modeling, audits and penetration tests against the various cloud platforms and services.
- Establish organization- and team-wide processes for risk management.
- Selected achievements and ongoing activities:
- As Enterprise Architect, I participate in the design of the future products and solutions offered by Swisscom, in collaboration with architects from all other divisions of the company. These result in proposals that are brought to approval by management and planned for implementation over the next 5-10 years.
- In this role, I built and lead a team which evolved on par with the Swisscom cloud platforms to provide monitoring and logging capabilities for Swisscom’s cloud platforms. My responsibilities included people management (up to 16 people), requirement definition and prioritization in collaboration with Product Managers and other stakeholders, roadmap and architecture definition for the monitoring, logging and alerting platforms, driving the planning and execution of the work within the team, and participation in the technical implementation.
- Selected achievements:
- Oversaw the transition of the Enterprise Cloud 1 LEMM (Logging, Event Management and Monitoring) and Access & Inventory frameworks into maintenance mode as the platform was retired.
- Oversaw the transition of the Application Cloud platform from the Orchard monitoring framework into a new framework based on the TICK stack.
- Defined the scope and mission of the Health and State Management (HSM) team as part of the new /Enterprise Service Cloud/ project.
- Defined logging and monitoring architecture for the Enterprise Service Cloud platform based on vRealize Operations and vRealize Log Insight.
- Defined requirements, oversaw planning and execution of the HSM team’s mission to design, implement and manage Health Management and Monitoring components as the IT Clouds scope expanded to other platforms, including Application Cloud, Enterprise Cloud for SAP applications (EC4SAP), Dynamic Computing Services, and related services and components.
- Defined architecture and oversaw implementation of Customer Log Forwarding service.
- Managed business relationship and technical implementation of OpsGenie for alert management in IT Clouds.
- Defined and implemented integrations between Jira and OpsGenie for alerting of user-reported incidents.
- Main technologies involved: VMware vSphere (ESX, vCenter, NSX), VMware vRealize Operations Manager and Log Insight, Ansible (configuration management), OpsGenie (alert management).
- Managed team of three people and lead the Orchard project through its implementation, production release and further improvements and development.
- Designed the architecture for the Orchard health-management and self-healing components of Swisscom’s Application Cloud Platform-as-a-Service Offering. This system performed self-monitoring and self-healing of the infrastructure and platform components.
- Implemented initial prototype of the Orchard platform.
- Main technologies involved: OpenStack (cloud computing infrastructure), Plumgrid (SDN), Cloud Foundry (application platform), Consul (health management and service discovery), RabbitMQ (message bus), Riemann (event stream analysis).
- Coordinated the CFEngine Design Center project.
- Participated in the development of the CFEngine language roadmap.
- Coordinated the work on CFEngine third-party integration (e.g. AWS EC2, VMware, Docker and OpenStack).
- Developed code for both the Design Center and some of the integrations.
- CFEngine Advocate, with a special focus on security.
- Gave talks, wrote articles and blog posts, taught classes, and in general spread the word about CFEngine.
- Worked on developing and implementing the strategy for CFEngine in security.
- Acted as first point of contact for all security-related issues for five HP enterprise customers in Mexico, some of them with international presence.
- Initiated, advised and managed security-related projects.
- Handled communication and coordination between technical teams involved in security initiatives.
- Involved in all security-related decisions at the sales, design, implementation, delivery and ongoing maintenance stages of IT Outsourcing projects.
- I helped customer teams by solving complex problems in customer environments.
- Performed analysis, design and implementation of solutions in multiple areas of expertise, including system automation, configuration management, system administration, system design, virtualization, performance and security.
- I worked in intrusion detection, malware detection and containment, and virtualization security research projects. See /Research/ for details of my research.
- Participated in the development of the Bruce host vulnerability scanner, later released as the Sun Enterprise Network Security Service (SENSS).
- Designed and implemented the first version of the network-based components of Bruce, which allowed it to operate on several hosts in a network, controlled from a central location.
Head of Computer Security Area
- Founded UNAM’s Computer Security Area, the University’s first team dedicated to computer security, which has since evolved into a much larger organization.
- Supervised up to nine people working on different projects related to computer security.
- Supervised and participated in the direct monitoring of the security of a Cray supercomputer and 22 Unix workstations.
- Provided security services to the whole University, including incident response, security information, auditing and teaching.
- Established the celebration of the International Computer Security Day (sponsored by the Association for Computing Machinery) at UNAM. Acted as the main organizer of the event for two years (1994 and 1995). This event has grown and divided into the Computer Security Day (a one-day event) and the Seguridad en Cómputo (Computer Security) conference (a multi-day event).
- Designed and headed development of an audit-analysis tool for Unix systems (SAINT).
- Part of the system administration team at the University’s Supercomputing Center, managing UNAM’s Cray Y-MP Supercomputer (the first supercomputer in Latin America) and related systems.
- Managed the Network Queuing Subsystem (NQS).
- Collaborated in other aspects of the supercomputer administration, including user administration, operating system installation, resource management, and policy making and implementation.
- Directly managed three Unix workstations, provided support for 19 more.
- Monitored the security of the Cray supercomputer and related workstations.
- Thesis title: /Using Internal Sensors for Computer Intrusion Detection/.
- Advisor: Eugene H. Spafford.
- Advisor: Eugene H. Spafford.
- Thesis title: UNAM/Cray Project for Security in the Unix Operating System (in Spanish, original title: Proyecto UNAM/Cray de Seguridad en el Sistema Operativo Unix).
- Security for VMware virtual environments using virtual machine introspection (based on the VMware VMsafe API) to provide detection and prevention capabilities with increased security and reliability.
- Publications: {{{cvcite(Christodorescu:2009:CSV:1655008.1655022)}}}.
- Exploration of code instrumentation and low-level monitoring mechanisms for efficient and accurate intrusion detection and prevention.
- An active worm-detection system, in wide deployment in the IBM worldwide internal network. Billy Goat listens for connections to unused IP address ranges and actively responds to those connections to accurately detect worm-infected machines, and in many cases capture the worms themselves. Billy Goat is engineered for distributed deployment, with each device containing standalone detection and reporting capabilities, together with data centralization features that allow network-wide data analysis and reporting.
- Publications: {{{cvcite(riordan06:_build_billy_goat:first2006\, riordan05:bg_techreport)}}}
- An active worm-capture device deployed at the network boundary and coupled with the border router, that allows the Billy Goat to effectively and automatically spoof every unused IP address outside the local network. This makes it possible for the Router-based Billy Goat to accurately detect local infected machines and prevent them from establishing connections to the outside, limiting the propagation of the worms to the outside network.
- Publications: {{{cvcite(zamboni07:sruti07-rbg)}}}
- Integrated device containing multiple security tools: intrusion detection, worm detection, vulnerability scanning and network discovery.
- Host-based, behavior-based intrusion detection using sequences of system calls.
- Study of data collection methods for intrusion detection systems.
- Implementation of novel methods for data collection in intrusion detection systems.
- Analysis of the properties, advantages and disadvantages of internal sensors and embedded detectors as data collection and analysis elements in intrusion detection systems.
- Publications: {{{cvcite(zamboni01:phd-thesis\, zamboni02:sensors_detectors\, kerschbaum00:network-embedded-sensors\, zamboni00:thesis-proposal\, zamboni:raid2000)}}}
- Design and documentation of an architecture (AAFID) to perform distributed monitoring and intrusion detection using autonomous agents.
- Implementation of a prototype according to the architecture. This prototype is published as open source.
- Exploration of research issues in the distributed intrusion detection area.
- Publications: {{{cvcite(spafford00:intrus_detec_auton_agent\, zamboni:aafid-acsac98\, zamboni:aafid-architecture\, zamboni:raid98\, zamboni00:build_aafid_with_perl\, zamboni:raid99)}}}.
- Collaborated in the analysis of the SYN-flooding denial-of-service attack against TCP and in the implementation of a defense tool.
- Publications: {{{cvcite(schuba97:synkill)}}}.
- Programming languages
- C, Perl, Java, AWK, Unix shells (Elvish shell, Bourne shell, C shell, Korn shell), Python, PHP, Ruby, Objective C, Clojure, Racket, Emacs LISP.
- Development environments
- Unix/Linux, Cloud Foundry, Amazon EC2, macOS.
- Unix system administration
- Linux (experience with multiple distributions including RedHat, Ubuntu, Debian, Gentoo, and others), OpenBSD, FreeBSD, MacOS X, MacOS X Server, Solaris.
- Configuration management
- CFEngine 3, Puppet, Chef, Ansible.
- Virtualization, containers and cloud
- VMWare (ESX, vSphere), OpenStack, Amazon EC2, Docker, Cloud Foundry.
- Health Management and Monitoring
- VMware vRealize Operations Manager, vRealize Log Insight, Nagios, Icinga.
- Other
- REST APIs, Riemann (event stream processing), XML and related technologies, network programming, database programming (SQL), kernel programming (OpenBSD and Linux), HTML.
Publicly-available software projects: see https://gitlab.com/zzamboni and https://github.com/zzamboni/
A system installer that allows arbitrary system installation and configurations, allowing for both proprietary and open source components to be installed in an automated fashion. Open source components can be downloaded directly from their original source to avoid distributing them.
A specialized Linux distribution containing multiple security services for integrated security monitoring in small and medium networks. Implementation includes also backend infrastructure components for system installation, configuration and upgrade; and data centralization, analysis and reporting.
A specialized Linux distribution containing multiple sensors for detection of large-scale automated attacks. Implementation includes also backend infrastructure components for system configuration and upgrade, data centralization, analysis and reporting.
A system of sensors for intrusion detection developed in OpenBSD through code instrumentation. Developed as part of my Ph.D. thesis work. Programming done mostly in C.
Member of Phi Beta Delta
Member of Upsilon Pi Epsilon
- Project: Design and implementation of process injection using virtual machine introspection.
Project: Implementation of a proof of concept Hyperjacking attack on Intel platform.
“Intrusion detection: Basic concepts and current research at IBM” class (3 hours), Information Technology Security Spring School
- Collaborated in the design of eight security-related lectures and taught two of them.
- Participated in the design of the class project.
- Participated in the design and teaching of the syllabus, structure and contents of multiple courses 10–40 hours long, including the following topics:
- Introduction to Unix
- Unix utilities
- Unix security
- Basic Unix administration
- Advanced Unix administration
- UNICOS system administration on Cray supercomputers
Purdue.pm, the Purdue Perl Users Group
Available by request.