William Herrin's RESUME
I am a computer networking generalist with deep expertise in resilient and scalable Linux software
development, C and Perl programming, UNIX and Linux systems administration, Cisco
networking and Internet security. I have a broad knowledge base and I am diligent and
thorough in my work. I am a fast learner with or without formal training, and I have a
burning desire to learn more.
I seek to funnel my experience through my creativity and invent useful things
which expand the edge of the possible. I desire roles which are heavy on
creative problem solving, requiring both deep insight in to and mastery of the
given subject matter as well as sufficient breadth of skill to chase any
problems to the root cause. My dream job involves research and development in
computer network protocols.
Amazon Web Services (Seattle, WA)
Senior Software Engineer, November 2018 - November 2019
- Worked on the data plane team for Global Accelerator, a load
balancer with BGP-anycasted global entry points.
- Wrote high performance Internet packet handling code in C
using Intel's DPDK framework.
- With deep research, solved a TCP throughput degradation that
bedeviled the first release due to an unexpected secondary
effect from network address translation.
- Led design of a core part of the source address preservation
effort, delivering packets to customers without obscuring the
original Internet source.
- Managed devops and software deployment including
participation in a 24/7 operations on-call rotation.
Tesla Government, Inc. (Vienna, VA)
Devops Lead, April 2017 - October 2018
- Transitioned a system from a physical rack environment to
Amazon Web Services' Govcloud, including VPCs, Red Hat Linux and
Windows 2012 EC2 instances, AWS security groups, Route 53 DNS,
MySQL RDS databases, etc.
- Designed the AWS Virtual Private Cloud (VPC) to overcome
routing limitations so that all data traffic was forced through
appropriate EC2-based security appliances.
- Built Perl software which interacts with the Amazon IAM APIs
and Microsoft Active Directory to implement password changing
and multifactor authentication compliant with NIST Special
Publications 800-63 revision 3 and 800-53 draft revision 5. This
included collecting and implementing a database of more than 17
million compromised password patterns which are used to reject
- Implemented Microsoft Active Directory with custom software
in C for the Linux servers to rely on Active Directory via LDAP
for passwords only.
- Implemented Linux shell users by creating a Red Hat RPM
package for each.
- Implemented compliance with DoD's Risk Management Framework
based on NIST Special Publication 800-53 revision 4 with
Identity and Authentication inserts from draft revision 5.
- Shepherded the new system from concept through the full DoD
Authority to Operate (ATO) and Final Operational Capability
(FOC) process including continuous monitoring with ACAS/Nessus.
- Designed a Continuous Integration / Continuous Deployment
(CI/CD) process using git, Jenkins, Red Hat packages (RPMs) and
- Using a combination of Linux iptables logging rules, Snort
and Splunk, implemented a Network Intrusion Detection System
(IDS) based on building a profile of expected data traffic and
alerting on packets which fail to fit the profile.
- Implemented a primary system firewall using Linux and
iptables, with remote access to the system using OpenVPN.
- Implemented automatic backups for Mac OSX laptops using
shell scripts, network drives and Time Machine.
University of Maryland University College. (Adelphi,
Linux Engineer III, April 2016 - March 2017
- Member of a team supporting a large Amazon Web Services
(AWS) cloud deployment including EC2 virtual servers, Amazon
virtual private cloud networks, security groups, elastic load balancers and Route
- Managed Apache Tomcat Java web servlet containers. Wrote a
health check servlet in Java which checked
operation of multiple servlets in a background thread and
reported a consolidated status to the AWS load balancers.
Dirtside Systems, Inc. (Falls Church,
Owner, May 2014 - April 2016
- Contractor supporting software development for
unusual computer network applications.
- Work for undisclosed company.
- Major network security work including expansive use of
Linux iptables, ip rules, multiple routing tables and
SELinux for server hardening
- Supported pure software developers, mentoring to help them
understand operations-level needs and requirements.
- Wrote glue code in Perl and Python, integrating
disparate software systems
- Some work with Asterisk VoIP servers and SIP trunking
- Some work with Raspberry Pi-based embedded systems
- Designed specialty VPN solutions based on OpenVPN and Cisco Anyconnect.
- Work for Digital Globe Marine Services.
- Worked on the Orb Map fish finder back end Linux system
including cloud virtualization
- Wrote and deployed daily production system using Perl.
- Assisted with debugging of C++ science code.
- Established custom networking and email services connecting
ships with satellite modems to the data source.
ITT Exelis (Dulles, VA)
Principal Engineer, March 2010 - April 2014
- Led the design and implementation of a resilient computer room with standard n+1 power
and air conditioning systems, as well as the structured cabling system for a company
- Built a "distributed responsibility" developer network, facilitating
development of many Internet-connected products. Compartmented systems accessed via VPNs
from engineers' desks permitted parallel development of systems with divergent security
architectures. Included a building-wide roaming wifi network.
- Built a network of more than 70 virtual machines distributed through a dozen countries.
- Designed and built a system for managing hundreds of millions of
geographic map imagery tiles using C, Perl, some Python and the Linux FUSE
- Defined HTTP-based service oriented architecture APIs for a large
- Built two more BGP-using multi-site continuity of operations networks
- Managed a team of three engineers responsible for around 100 servers, routers and
switches serving multiple government projects.
ITT (Dulles, VA)
Senior Software Engineer, May 2008 - March 2010
- Architected, led the implementation and delivered a geographically diverse (Virginia
& Hawaii) continuity of operations system for an Iridium satellite base-end station.
Used Linux LVS load balancers controlled by custom Perl-based software to
access active-active redundant servers. OSPF and Quagga attached IP
addresses to the active firewalls while BGP brought packets into the network
at both sites.
- Implemented a thorough hardware and software monitoring and reporting system
comScore, Inc (Reston, VA)
Senior Software Engineer, November 2007 - April 2008
- Using C++, C, Perl and shell scripting, developed a Linux-based network appliance that
captured and analyzed HTTP packet traffic.
Democratic National Committee (Washington, DC)
Internet Infrastructure Manager, September 2005 - November 2007
- Managed a staff of three engineers responsible for 70+ Linux servers used by three
Democratic Party organizations.
- Designed and built a resilient computing infrastructure including two collocation data
centers, a 56-mile fiber optic ring connecting them with national headquarters, multiple
Internet backbone connections and BGP reciprocal peering.
- Implemented thorough hardware monitoring and reporting to identify and replace ailing
servers before they break.
- Helped specify and deploy an Avaya VoIP phone system for 300 users.
- Performed professional management in the following areas: computer/system operations,
systems administration, communications network administration, software development,
systems software support, hardware support, database administration.
Cambridge Communications Systems, Inc. (Suitland,
Research Analyst - Linux, December 2004 - September 2005
- Contractor for the United States Bureau of the Census, Telecommunications Office.
- Designed and built custom spam control software using Sendmail, multi-threaded C and
Perl with individual customer settings and an intelligent recovery method for false
Democratic National Committee (Washington, DC)
Senior Information Technology Generalist, August 2004 - December 2004
- Helped the DNC scale up their Internet operation for the 2004 election. Rebuilt the link
redirector part of the web application that couldn't withstand the higher load.
- Constructed an online UNIX backup solution that backed up multiple terabytes of data and
successfully restored data following several database crashes and an accidental file
CrossLink Internet Services (Springfield,
Director of Engineering, November 1998 - May 2004
- Led a team of three engineers to construct and maintain a wide area network (WAN) and
Internet server system deploying Cisco, UNIX, and Windows Server technologies.
- Developed and deployed server-based E-Mail antivirus software using multi-threaded C and
Perl on a Linux platform.
- Constructed robust network monitoring software suitable for identifying faults in and
notifying operations staff in an Internet Service Provider network consisting of more than
40 sites in 5 states and more than 200 Cisco routers, including a multihomed BGP backbone.
- Performed cost analyses on proposed company products. Assisted sales staff with product
More information is available.
George Mason University (Fairfax, Virginia)
Bachelor of Science in Computer Science, January 1997
GPA - In Major: 4.0, Overall: 3.3
More information is available.
- More than two decades of professional software development experience.
- Programming Languages: Expert: C and Perl. Experienced: Unix shell
scripting. Minor or out of date experience in many others.
- Robust software development skills. I rapidly learn new programming languages.
- Expertise in both single-threaded and multi-threaded programming and a strong
understanding of both procedural and object oriented programming techniques.
- Experience developing software for MySQL. Some experience with other SQL databases including
Postgres, Oracle and Netezza.
- Extensive Internet-related expertise.
- Recognized Internet routing expert. Strong experience with BGP and
OSPF. Active participant in the Internet Research Task Force's Routing
Research Group. Participated in the American Registry for Internet
Numbers' public policy process.
- TCP/IP expert including development of software applications using TCP, UDP, IP, ICMP,
GRE and DNS.
- Broad experience with Cisco routers including automated updates and
management via SNMP and telnet. Built software which automatically backs
up the router configurations. I have used IOS 10.0 through the latest.
- I've worked with a variety of data circuits including: POTS lines, ISDN BRIs (ni1), ISDN
PRIs (5ess and dms100), T1s, T3s, frame relay, ATM, CWDM, dark fiber, various
technologies and 802.11 wireless.
- Two decades of experience developing software in UNIX environments including Linux (SuSE,
Red Hat, Fedora and Debian), Sun Solaris, Dynix, Ultrix, Irix and HP/UX.
- Deep understanding of Internet security technology including firewalls, packet
filtering, NAT, Unix security, content filtering (anti-porn, anti-spam) and encryption
including IPSec, SSL/TLS, Kerberos, and LDAP.
- Extensive expertise with Internet mail protocols including SMTP, POP, and IMAP. Have
written delivery agents, spam and virus filters, glue code and helper programs for major
software packages including Sendmail and Postfix.
- Considerable experience with the Domain Name System (DNS) and Berkeley Bind.
- US Citizen. Active a DoD Top Secret clearance last adjudicated 2019. Have
held SCI in the past.
- Willing to relocate.
References and work samples are available on request.
Monday, November 25, 2019 09:33 AM.