------------------------
Moxie Marlinspike
moxie@thoughtcrime.org
415-267-1806

Summary of Qulifications:
 * Languages/Libraries: Java, C, C++, PHP, Delphi, GTK+, xlib, autoconf
 * Operating Systems: Linux, OpenBSD, Solaris, Windows NT
 * Expert Understanding: Security, TCP, Networking, 
   High Perforamnce Server Architecture, Asynchronous Systems
 * Enthusiastic about and enjoys programming
 
Work Experience:
  2000 - 2002  Kenamea		San Francisco, CA
  Senior Software Engineer
  * Developed an asynchronous SSL implementation capable of running in
    fixed memory, with batch RSA operation support.
  * Developed an asynchronous sliding-window protocol for
    transactionally guaranteed once-and-only-once messaging.
  * Developed a high-performance TCP connection multiplexer for 
    supporting hundreds of thousands of concurrent connections.
  * Developed a transactional high-availablity clustering solution using
    the SCSI-2 RESERVE/RESET primitives and Jim Gray's defend/attack protocol.
  * Developed a reliable networking protocol for communication with
    RIM Blackberry devices over the datagram-based MOBITEX network.
  * Worked on transactional logging and storage layers.
  * General design and optimization of high-performance event-based server.

  1999 - 2000  BEA WebLogic	San Francisco, CA
  Java Programmer
  * Worked on code for clustering access to EJBs and Servlet Session State.
  * Gave clustering presentations.
  * General performance optimization and bug fixing.

  1998 - 1999  Iridian Technology	Atlanta, GA
  C Programmer
  * Worked on a natural language processor for an advanced document
    repository.
  * Wrote a parser to process the English language and tag parts of speech.

  1996 - 1998  Penumbra Software	Atlanta, GA
  Java Programmer
  * Worked on SuperMojo, a 100% Pure Java IDE.
  * Developed a set of GUI foundation classes before the existence of Swing.
  * Developed a parser to import existing Java code into a SuperMojo project.

Personal Projects:
  * SSLSniff: Tool for transparently hijacking SSL sessions and exploiting
    the Microsoft certificate chain vulnerability.
    (http://www.thoughtcrime.org/ie.html)
  * Open Shadow Garden:  Real-time edge detection and graphics rendering
    engine for animating shadows cast from a digital projector.
  * Fakeroute: Tool for making a machine appear anywhere on the internet.
    (http://www.thoughtcrime.org/fakeroute.html)
  * WebCam Network: Messaging-based webcam network.
    (http://www.thoughtcrime.org/software/webcam_network/index.html)
  * B-RSA: RSA library capable of batch operations, as proposed by 
    Shacham/Boneh.  Improves RSA performance by a factor of 3.
  * BouncyCastle: Contributions to the BouncyCastle cryptography project.
    (http://www.bouncycastle.org)
  * MSet: Hack to draw and zoom around in the Mandelbrot Set.
    (http://www.thoughtcrime.org/software/mset/index.html)
  * Contention Profiler:  JVMPI library to profile contention points
    in a multi-threaded Java application.
    (http://www.thoughtcrime.org/profiler.html)
  * The Distributed Library Project:
    http://www.communitybooks.org
  * Public Independant Security Research:
    MS Certificate Chain Vulnerability
    (http://www.thoughtcrime.org/ie-ssl-chain.txt)

References available upon request.