Julien Pierre - Software developer E-mail: cv@madbrain.com 990 Tybalt Dr San Jose, California, 95127 Home: 408 985 1744 Cell: 408 571 8987 Professional Experience
January 2023 - current : Software Engineer,
Thales Group in San Jose, California.
Developer on CipherTrust Manager, an enterprise key management security appliance.
August 2021 - December 2021 : Software Engineer,
Insight Global.
Working
for Verizon Emerging Technology Group on post-quantum cryptography
projects.
Greatly simplified the very complex process for building a post-quantum enabled version of Chromium, down to a single command-line using Bash, Ubuntu, and libOpenQuantumSafe, making the project much more accessible to the open-source community at large
Allowed importing and trusting post-quantum certificate
authorities into PQC-enabled version of Chromium using C, C++, NSS,
Docker, nginx, Apache, and BoringSSL, making for a successful
proof-of-concept demonstration of post-quantum cryptography.
July 2018 - January 2021 :
Software Engineer, Google
in Mountain View and Sunnyvale, California.
Developer on
the Folsom project, a service used for encrypting Android backups in
the cloud.
Designed an instruction set and implemented a prototype for the Azkaban very low footprint virtual machine, which can run on an embedded Titan chip at 33 Mhz with as little as 32KB of memory.
Fixed security timing vulnerabilities in the firmware for the Gneiss HSM using the Titan chip.
Implemented new features in the Folsom service and Gneiss firmware.
August 2011 - May 2018 :
Consulting Member of Technical Staff, Oracle
Corporation in Santa Clara, California.
January 2016
- May 2018 : developer on the NZ security library, an SSL library
used in multiple Oracle products, including Oracle database.
August 2011 - December 2015 :
Lead security developer for the Oracle Traffic Director product. This is a software load-balancer that provides SSL security on the front-end and back-end.
Porting Oracle Traffic Director 12c away from NSS security library and on to Oracle NZ security library. This was a major effort involving vastly different APIs and feature sets. An NSPR SSL I/O layer was implemented using NZ APIs to replace the NSS libSSL APIs.
Performed analysis, design, implementation, and code reviews.
Implemented OTD SSL session cache.
Interfaced with performance team to benchmark SSL performance.
Communicated many new feature requirements to NZ team to meet feature gaps, and acted as liaison between OTD and NZ teams.
Security Point of Contact for iPlanet Web Server, iPlanet Web Proxy Server, and Oracle Traffic Director, which involved reviewing exploits, and fixing security vulnerabilities.
January 2010 - August 2011 : Technical
Leader, Engineering Cisco Systems,
Inc. in Santa Clara, California.
February 2011 -
August 2011 : developer on the Jabber XCP XMPP server.
January 2010 - February 2011 : developer on the Cisco WebEx Mail server, also known as PostPath, which provided enterprise hosted e-mail services in the cloud.
Maintained ActiveSync PostPath synchronization server component (PPSS).
Worked on providing server-side support for Android 2.x mobile clients, iPhone 3.x and 4.x and iPad.
Worked on ActiveSync protocol support upgrade from revision 2.5 to 12.1 to provide parity with Microsoft Exchange 2007
February 2004 - September
2009 : Staff Engineer, Sun
Microsystems, Inc., in Santa Clara, California.
Incorporated the Network Security Services version 3.9 libraries to Java Enterprise System (JES) release 3 and to Solaris 10 . This work involved API binary compatibility testing, performance evaluations, and bug fixes, while interacting with multiple server and operating system teams accross the globe.
Provided support to a number of internal application developers for NSS and NSPR (Netscape Portable Runtime) libraries; and escalation support for products using these libraries.
Added support for on-the-fly Certificate Revocation List loading to NSS.
Mentored several employees new to the NSS team.
Single-handedly ported the NSPR and NSS libraries to the new Solaris 10 AMD64 architecture.
Ported the NSPR and NSS libraries to Win64 on x64 processors
Jumpstarted a team effort to improve SSL server performance in NSS, with a 250% target.
acquired knowledge of the Solaris dtrace profiling tool directly from its developers
performed numerous measurements of SSL performance, as well as low-level crypto algorithms
wrote a number of optimizations for various NSS layers : SSL, PKCS#11 softoken, low-level crypto
evaluated compiler and operating system performance
provided valuable feedback to Solaris 10 developers during its inception
helped build a lab of 50 systems with multiple gigabit ethernet switches
winner of Sun FY05 Q4 Software People's Choice award
Ensured compatibility of NSS with the Solaris Crypto Framework PKCS#11 libraries
Took over integration of libpkix library from Sunlabs into NSS. Remotely managed two contractors from Burlington, MA.
Created nssutil shared library for FIPS140-2 validation of softoken
March 1999 - February 2004
: Sr Software Development Engineer, Netscape
Communications Corporation, a divison of America
On-Line, Inc., in Mountain View, California and Santa Clara,
California .
2001 - 2004 : Netscape Communications
Corporation, in Mountain View, California
Maintained and enhanced the cross-platform Network Security Services (NSS) library which is used in many Netscape products, including the Netscape & Mozilla browsers, all Netscape servers, as well as internal AOL projects and products
Designed and implemented the revocator, a PKCS#11 module used to implement certificate revocation support in Netscape servers . This work tremendously improved revocation capabilities and benefitted the server products' primary customer, the US DoD (Department of Defense)
Implemented CRL partial decoding to improve revocation checking performance in all Netscape products.
Designed and implemented the Certificate Revocation List (CRL) cache for NSS to respond to performance concerns from the US DoD. This work improved the revocation checking performance of NSS in web servers by several orders of magnitude, allowing for extremely large deployments.
Supported the Netscape browser and AOL Communicator product teams to implement security features, notably S/MIME secure e-mail, as well as SSL and TLS.
Designed and implemented a new Quick ASN.1 DER decoder with greatly improved performance and much better maintainability
Contributed to the Netscape Portable Runtime library, a portability library providing low-level services such as threading and sockets on Unix, Windows, Mac, and OS/2.
Maintained, supported and tested client-side components for smartcard support, including a PKCS#11 module and a Javacard applet derived from the Linux Muscle effort
1999 - 2001 : iPlanet, a
Sun-Netscape Alliance, in Santa Clara, California. This was a joint
venture between Netscape and Sun
Primary responsibilities included development of the core HTTP engine and cryptographic support for Netscape Enterprise Server (NES) and iPlanet Web Server (iWS), which is now known as Sun ONE web server
Worked on SSL/TLS performance very closely with the developers of the NSS security library ; as well as with SSL hardware cryptographic accelerator vendors (nCipher, Rainbow) . These efforts resulted in iPlanet posting the highest benchmark SSL numbers for any web server ever using iWS 4.1.
Designed and implemented new support for secure virtual servers using an XML-based configuration in iWS 6.0
Updated the security CGI programs in the administrator's user interface tool to support new PKCS#11 features and the dynamically loadable NSS Root Certificate module for iWS 6.0
Designed and implemented the Quality of Service subsystem for managing bandwidth and connections in iWS 6.0
Enhanced the web server and the NSAPI to be fully HTTP/1.1 compliant according to RFC2616, including better support for persistent connections, partial content and chunked-encoding. in iWS 4.1
Created an automated HTTP client test tool that runs server tests as part of each build for NES 4.0 and subsequent releases. This client uses the Netscape Security Services SSL/TLS strong crypto libraries, and also supports client certificates. Widespread use of this tool by the server development engineers, quality assurance engineers and customer support engineers allowed the development and escalation cycles to be shortened as well as the quality of the product to dramatically improve.
Worked with OEM partners to resolve platform-specific issues for NES 4.0, iWS 4.1 and iWS 6.0 releases. The development platforms for NES and iWS included Sun Solaris, Microsoft Windows NT, HP-UX, Red Hat Linux, IBM AIX, Digital OSF1, and SGI IRIX.
February 1997 - March 1999 : Software
Developer, Edify Corporation, in
Santa Clara, California .
Took over the development of web server network interface clients providing connectivity between the Edify Electronic Workforce application server and several commercial web servers. Redesigned and reimplemented the client architecture to be object oriented using C++, while keeping it portable between Microsoft Windows NT, Sun Solaris, SGI Irix, IBM AIX, HPUX and IBM OS/2 platforms. Improved scalability by adding Microsoft ISAPI, Netscape NSAPI and Lotus GWAPI support for Electronic Workforce release 6.0.
Contributed to the Electronic Workforce migration tool to automatically convert Electronic Workforce web applications from the 4.3 OS/2 product to the 5.2 Windows NT product.
Developed the web security option using RSA encryption in an OS/2 TCP/IP network server program for the Electronic Workforce 4.3 application server. Also developed the OS/2 version of the secure CGI client program, in parallel with the Electronic Workforce 5.0 for Windows NT development team, using a common security protocol. Managed OS/2 Warp 4 compatibility issues during the development of Electronic Workforce 4.3 for OS/2.
February 1996 - February 1997 : Developer,
Infresco Corporation, a subsidiary of Computer
Associates, in Sarasota, Florida .
Developed core software components and automatic software updating via web browser by the means of a Netscape plug-in on Windows 95 and NT platforms for the OPAL product, all while acting as interface between development team and QA.
November 1994 - March 1995 : Quality assurance, IBM Personal Software Products in Noisy-le-Grand, France.
Validated IBM OS/2 Warp with Win-OS/2 NLS French version.
November 1994: Presenter for IBM Personal Software Products France at Paris' SuperGames show.
Showed the benefits of OS/2 Warp to gamers.
June 1994 : IBM Personal Software Products in Paris-la-Defense, France.
Provided technical advice in a marketing operation involving games and OS/2. Produced end-user documentation distributed with OS/2 in French computer magazines to help run games under OS/2.
June 1992 : Silmarils. Lognes, France.
Wrote multiple soundcard device drivers including Sound Blaster
in Intel 8086 assembly using MASM for all Silmarils' game products
running under MS-DOS. The hardware was programmed directly via
registers, IRQs and DMA.
2003 - Present : harpsichord and piano player, learning as an adult. YouTube channel is at http://youtube.com/madbrainDotCom .
1997 - 2004 : founder and developer at Theta Band Software LLC, a company specializing in multimedia software for the IBM OS/2 operating system.
September 1996 : developed the first plug-in for the OS/2 version of Netscape Navigator, that allows embedding of music files into web pages by taking advantage of the Digital Sound & Music Interface for OS/2.
May 1996 - October 1996 : co-developed Flight for OS/2, a spectacular multimedia demonstration using the Digital Sound & Music Interface for OS/2.
November 1995 - July 1996 : developing Dual Module Player for OS/2, a player of popular music module files relying on the Digital Sound & Music Interface for OS/2. The GUI version of DMP is object-oriented, written with IBM's Open Class Library. It also supports plug-in internationalization and has been translated by its users into many languages.
July 1994 - December 1997 : developing the Digital Sound & Music Interface for OS/2, a multi-threaded real-time sound mixing library written in C, C++ and assembly, aimed at developers of OS/2 multimedia applications. DSMI/2 sits on top of MMPM/2 in order to be hardware independent, and provides 32 simultaneous PCM digital sound channels through software mixing, as well as music synthesis. The DSMI/2 toolkit was first shipped on the IBM Developer's Connection for OS/2 Volume 10 CD-ROMs in April of 1996. Authored an article on programming with DSMI/2 for the Devcon 11 newsletter.
October 1993 - February 1996 : founded the Team OS/2 France non-profit organization and acted as volunteer BBS operator.
October 1990 - April 1991 : developed ROLPLAY for
DOS, a freeware music player for the Ad Lib Music Synthesizer Card
written in Turbo Pascal and assembly. Made the source code available
for licensing to DOS developers.
Programming : strong C, C++, Intel 80x86 assembly, Pascal. Also REXX, Perl and Basic. Strong knowledge of object-oriented design and implementation, multi-threaded and multi-process applications, IPC, synchronization, highly scalable server applications, security, networking.
Operating systems : Linux, Windows NT/2000/7/10, Solaris, HP-UX, AIX, IRIX, OS/2, DOS. Very strong porting and cross-platform development skills. Certified OS/2 Engineer in August 1994.
Technologies : POSIX API, Win32 API, OS/2 API, Netscape client plug-in API (NCAPI), Netscape Server API (NSAPI), Microsoft Internet Server API (ISAPI), Netscape Portable Runtime API (NSPR), Netscape Security Services API (NSS), Common Gateway Interface (CGI), Windows & BSD TCP/IP sockets, HTTP, HTML, Secure Sockets Layer (SSL), TLS, S/MIME, x.509, ASN.1, XML, Lotus Domino Go Webserver API, OS/2 and Windows Media Control Interface, Rogue Wave Tools++, RSA BSAFE Toolkit, Microsoft Foundation Classes.
Extensive experience and knowledge in PC hardware, architecture and peripherals. Some experience with device drivers, OS/2 kernel debugger, MIDI, internationalization.
Tools experience :
Compilers : gcc, clang, MS Visual C++, LLVM, Sun Workshop C/C++, IBM Visual Age C++
Assemblers : gas, MASM, TASM.
Version control : git, Subversion, Mercurial, cvs, perforce, MS Visual Source Safe, PVCS Version Manager
Bug tracking : bugzilla.
Lycée de la Vallée de Chevreuse, France, 1991 to
1993.
Autodidact. Started programming at the age of 12, and
working as a software engineer since high school.
Languages : English, French.
Dual citizenship :
French and US citizenship.