ELEANOR SAITTA 1023 Summit Ave. E #2 ella@dymaxion.org Seattle, WA 98102 http://dymaxion.org +1.206.423.5410 _____________________________________________________________________________ EXPERIENCE: Security Innovation, Inc., Seattle, WA Computer Security Engineer (January 2006 - October 2008): Led threat modeling Center of Excellence and performed consulting work in a variety of security-related roles. While at Security Innovation: o Analyzed architectural and implementation security of multi-tier applications. o Managed other engineers on a per-project basis. o Audited code, designed mitigations, reviewed designs, and created threat models. o Worked with clients to design and revise architectures and mitigate threats within constraints of budget and schedule. o Continued research and defined offerings and positioning for threat modeling. o Trained other engineers in threat modeling. o Helped create a professional development program and recruited security personnel. o Assisted on sales engineering restructuring and advised on offerings and positioning. Public Nerd Area, Seattle, WA Co-Founder (April 2005 - Present): Created and helped run a collective work shop and research facility specializing in robotics, electronics, and security work. Helped host a weekly event. Taught others to use machine tools; managed issues of resource contention, funding, and group dynamics. Provided technical assistance on community projects. IOActive, Inc., Seattle, WA Computer Security Analyst (September 2003 - January 2006): Performed consulting work auditing the security of large multi-tier applications at architectural and implementation levels through code auditing, threat modeling, and design reviews. At IOActive: o Designed solutions to security problems within business constraints. o Managed teams and simultaneous projects with heavy client interaction. o Performed sales engineering, scheduling and project management work. o Wrote and delivered presentations to external and internal audiences. o Performed research in threat modeling to further formal understanding of the security of complex systems. Used the research to guide development life-cycles and workflows. o Developed and designed tools to support knowledge capture and data analysis. o Received a SANS GIAC Security Certificate (July 2005) Optimal Engineering Solutions, Inc., Cleveland, OH Programmer (September 2001 - January 2002): Wrote and optimized a distributed automation system with interfaces to existing APIs. Built a parallel computation cluster. Automated administrative tasks across the cluster and other machines. GIE Media, Inc., Cleveland, OH Consultant (October 2000 - February 2001): Analyzed and redesigned GIE's network and servers to modernize infrastructure and improve workflow with a limited budget. Documented the network and implemented network security systems. S/390 Porting Feasibility & Development, IBM Poughkeepsie, Pleasanton, CA Programmer (June 2000 - August 2000): Worked on-site at PeopleSoft, Inc., programming, debugging, and performance tuning on OS/390 and Linux for an ERP product, including work with cross-platform Unicode issues, build automation, and Oracle integration. MyOwnEmpire.com, Inc., San Jose, CA Network Administrator (May 1999 - January 2000): Installed, configured, maintained, and tuned all servers for an Internet start-up, including fault-tolerance, failover, and scalability for DNS, web, JVM, and databases. Implemented data backup, mail services, NTP, CVS, and automated build servers. Automated administrative tasks. RESEARCH: Autonomous Panoramic High-Altitude Photography Hackerbot Labs (2007) An autonomous high-altitude balloon equiped with redundant communications and positioning systems and multiple synchronized cameras for near-space panoramic photography. The Trike Threat Modeling Methodology Independent (2003-Present) A unified conceptual framework for security auditing from a risk management perspective in a reliable, repeatable manner. Intended for use by security auditing teams to describe the security characteristics of a system from architecture to implementation and to enable communication among members and between teams and other stakeholders. Distinguished from other methodologies by the high levels of automation, a defensive perspective, and a high degree of formalism. GYRE: Reduced Gravity Robotics The University of Washington (2002-2003) An autonomous free-floating robot capable of orienting itself using visual servoing and cold gas thrust and performing station-keeping and navigating in a microgravity environment, based on commerical off the shelf hardware, and tested on NASA Johnson Space Center's KC-135 Reduced Gravity Test Platform. SKILLS: Computational: Threat modeling, application security testing, object oriented design and analysis, user interface design, Unix system programming, database design and normalization, protocol design. Soft Skills: Problem solving, team management, public speaking, client interaction, technical writing, sales engineering, project management, process and workflow design. Languages: Python, C++, C, C#, Unix Shell, Lisp, Smalltalk, SQL, XML, HTML, CSS Applications: Checkmarx, Visual Studio, emacs, Visio, Office, Lyx EDUCATION: Case Western Reserve University, Cleveland, OH (1997-2002) Coursework towards a Bachelor of Science in Computer Science with a minor in Artificial Intelligence. o Design theory seminar (grad.) o Architecture and city design (year long) o User interface design (grad.) o Systems analysis and organization design (grad.) o Software engineering (grad.) o Complex systems modeling & analysis (grad.) o Object oriented software development (grad.) o Artificial intelligence o Database systems o Numeric methods Robert E. Noyce Foundation Valley Scholar (1996) INTERESTS: o Security and risk analysis o Traffic analysis and cryptography o Computer-mediated communication o Data visualization o Mobile device interactions o Experience design o Physical interface design o Ubiquitous computing