street address available upon request
faigin -at cahighways -dot org
Computer Security, Information Assurance, Software Engineering
Methodology, Criteria Development
- December 1988-Present
- The Aerospace Corporation. El
Segundo CA. Senior Engineering Specialist.
- In support of Air Force programs, participated in system
penetration studies and security engineering working groups, reviewed
contractor software designs and documentation, developed security plans for
installed systems; worked on development of DITSCAP documentation and Program
Protection Plans; conducted assessments of proposed security architectures; and
participated in Security Test and Evaluation activities. Reviewed Certification
and Accreditation documents, and provided in-depth analysis of both DOD 8500.2
and NIST 800-53 IA Controls. Provided support for AFSPC/PI on DIACAP
Certification and Accreditation. Provided special expertise on Cross Domain
Solutions (CDS) and multilevel systems. This included support for program such
as the Air Force Launch Test Range System (LTRS), the Air Force Command and
Control System - Consolidated (CCS-C); the Air Force Satellite Control Network
(AFSCN), SBIRS, GPS, GBS, and DSP. Developed Technical Operating Reports
analyzing DOD Instruction 8500.2, interpreting IA controls and expressing them
in the form of functional security requirements and statement of work
- In support of the National Information Assurance Partnership
(NIAP) and the Common Criteria Evaluation and Validation Scheme (CCEVS), served
as a member of the NIAP Interpretations Board (NIB), the Observation Decisions
Review Board (ODRB), and the Technical Oversight Panels (TOP). Served as a
Senior Validator, and participated in that capacity on a large number of
Validation Oversight Reviews (VORs). Served as lead validator for a number of
product and protection profile evaluations. Reviewed protection profiles, and
provided support on the development of the CCEVS process.
- In support of NSA's Trusted Product Evaluation Program (TPEP) and
Trusted Technology Assessment Program (TTAP), served as a member of NSA's
Technical Review Board (TRB) and Interpretations Working Group (IWG). Served as
team leader (a role that provides team management, vendor coordination, and
technical leadership) for the Army Secure Operating System evaluation (TCSEC
C2), Data General's DG/UX (TCSEC/TNI B2), and the Gemini Trusted Network
Processor (TNI A1 M-Component). Served as technical lead for Amdahl UTS/MLS
(TCSEC B1). Member of Hewlett-Packard's HP-UX (TCSEC B1) and Wang Federal's
XTS-200/300 (TCSEC B3) evaluation teams. Served as editor for evaluation
reports. Developed and coordinated team schedules. Participated in functional
and penetration testing. Participated in covert channel analysis. Participated
in formal functional specification review and proof activities. Made formal
product presentations to the TRB. Developed IWG database management tool suite
(which performed automatic conversion between Multics LISTER format, text
format, LaTeX, HTML, and Framemaker) and maintained IWG database. Nominated by
NSA three times as a member of an outstanding evaluation team (Gemini, Amdahl,
Data General), twice as outstanding team leader (Data General), three times for
most productive evaluators, and four times for significant contributions to the
TPEP program. Awarded NSA Most Productive Evaluator award, 1995 and
1996. Awarded NSA's Outstanding Team Leader, 1998.
- In support of the development of the Common Criteria,
participated in the development of functional and assurance components;
coordinated the activity of others in component development; made significant
contributions to the structure and organization of the criteria and component
presentations. Provided technical reviews of the Common Criteria. Provided
support for the handling of Common Criteria Observation Reports (CCORs), and
developed a tool to translate the delivered text versions of the CCORs into
HTML. Participated in the development of the Common Evaluation Methodology.
Participated in the development of a protection profile for Web Servers.
- In support of general department activities, developed tools
that provided a standard monthly activity report style, issued reminders for
late reports, and monitored disk space usage. Maintained various department
tools including Xfig and Perl.
- Developed instructional modules for The Aerospace
Institute, including modules on Penetration Testing, Multilevel Security,
and the Security Engineering Process. Developed a four-hour hands-on course on
the User's Role in Information Security.
- Coordinated the First Workshop on Innovations in Secure Access
Control (WISAC), a workshop on multilevel security and other forms of
strong access control (Monterey, California, September 2000).
- April 1985-December 1988
- Unisys Corporation, Defense Systems, System Development Group
(originally System Development Corporation, now
Lockheed/Martin). Santa Monica CA. Senior Program Analyst
- For the BLACKER program (a TCSEC A1 MLS Wide Area Network),
performed system engineering and design for the Access Control Center
component. This included being principal designer for component subsystems, as
well as providing design support. Designed the specification for the
lower-level secure operating system. Served as editor for design documentation.
Participated in the penetration analysis of the component, as well as
coordinating rework of the system architecture and analysis. Coordinated the
Device Functional Specifications and developed tools to extract requirements
from the specification source. Developed tools to support project activity
under both UNIX and CP/M, including source code preprocessors, file generators,
data dictionary management tools, and table generators.
- For the Secure Distributed Database Management System (SD-DBMS)
program (targeted for TCSEC B3), served as principal author and editor of the
security policy description. Interpreted the B3 level for supporting policies,
and coordinated the formal model with the prose policy description.
- July 1983-December 1984
- Quadratron Systems
Incorporated. Encino CA. Programmer.
Designed and programmed major commercial software products for UNIX
platforms, including an interactive menu system (Q-MENU), a printer spooling
system (Q-SPOOL), an electronic mail system (Q-MAIL), and an interactive
directory manipulator. Supported other Quadratron office automation projects.
Designed menus to interface with other Quadratron products and the UNIX shell.
Performed system management functions.
- September 1982-June 1983
- University of California at Los
Angeles. Los Angeles CA Graduate Teaching Assistant.
Performed teaching and administrative support for introductory
- January 1984-June 1983
- Faigin and Wynn: An Accountancy Corporation. Los Angeles CA.
Served as system engineer for the design and operation of a job
costing system for client billing. Redesigned product as platform changes
occured. Supervised installation and operation of General Ledger and Payroll
- December 1975-November 1981
- DABCO Computer Systems Inc. Los Angeles CA. Systems
Principle designer and programmer for multi-faceted business
solutions, including Job Costing and Purchase Order Tracking. Served as
maintenance programmer for Payroll and Accounts Payable systems. Developed and
wrote users manuals for applications.
- M.S. Computer Science.
University of California at Los Angeles.
Los Angeles CA.
Specialization: Programming Languages and Systems (GPA
Thesis Title: "Development of an Electronic Office Automation
Honors: School of Engineering and Applied Science
- B.S. Mathematics/Computer Science (Cum Laude).
University of California at Los Angeles.
Los Angeles CA.
GPA: 3.51/3.87 (Computer Science Courses only)
- Operating Systems: UNIX, Microsoft Windows/Windows NT,
- Programming Languages: Perl, Basic+, C, Pascal, PL/I,
Fortran. I'm familiar with numerous other languages.
- Word Processing/Text Formatting Systems: LATEX,
nroff/troff/ditroff, WordPerfect, Framemaker, Word
- Database Systems: Lotus Approach, Microsoft Access
- Spreadsheets: Lotus 1-2-3
- Presentation Programs: Lotus Freelance Graphics, WordPerfect
Presentations, Microsoft Powerpoint, Xfig
- ACM: The First Society in
Memberships: ACM (1978-2008), ACM Special Interest Group on Security, Audit,
and Control (SIGSAC) (1978-2008), Los
Angeles Chapter of the ACM (1978-Present)
Offices Held: Treasurer, ACM/SIGSAC (1995-Present); Chair,
ACM/SIGSAC (1991-1995); Chair, Los Angeles Chapter (1992-1993); Vice Chair, Los
Angeles Chapter (1991-1992); Government Chair, Los Angeles Chapter (1992);
Chair, Los Angeles ACM Technical Activity Committee on Security, Audit, and
- Aerospace Computer
Security Associates: Senior Fellow (1994-present); Secretary
- Annual Computer Security
Applications Conference: Tutorial Chair (1990-Present); Conference
Chair (2001-2004); Local Arrangements Chair (2008)
- California State University, Northridge. Member School of
Engineering and Computer Science Industrial Advisory Board.
Honors and Publications
- NSA Most Productive Evaluator: 1995, 1996.
- NSA Team Leader of the Year: 1998.
- Aerospace Subdivision Recogniation Award: 1996, for Common
- Numerous ACM Recognition of Service awards.
- Numerous Aerospace Performance Recognition Awards
- NSA Most Productive Evaluator: 1995, 1996, 1997, 1998.
- NSA Team Leader of the Year: 1996, 1997, 1998.
- NSA Member of Evaluation Team of the Year: 1994 (2 times:
Gemini and Amdahl), 1997 (Data General).
- NSA Significant Achivement Award: 1994, 1995, 1996, 1997.
- Introduction to the Common Criteria, Los Angeles Chapter of the
ACM, October 2000.
- Penetration Testing Tutorial, Workshop on Education in Computer
- Penetration Testing Tutorial, Annual Computer Security
Applications Conference, 1997.
- "A Rigorous Approach to Determining Objects", Proceedings Ninth
Annual Computer Security Applications Conference, Orlando Florida,
December 1993. Pages 159-168.
- "A Multilevel Security Integration Module" (with C. Lavine and M.
Maier), INCOSE Mid-Atlantic Regional Conference, April 5-8, 2000. Reston
- "Space Systems IA Acquisition Handbook: Guidance on Application of
DoD 8500.1/8500.2 Controls." Aerospace TOR-2007(8583)-6702.
- "Space Systems IA Acquisition Handbook: Use of the Common Criteria in
Acquisitions". Aerospace TOR-2008(8583)-6707.
- Numerous Validation Reports and Evaluation Technical Reports for
- US Citizen.
- Active in many community volunteer support programs.
|©2008 Daniel P.
Daniel P. Faigin.