Alex Russell (317) 514-8455 403 Main St. #118 San Francisco CA, 94105 alex@dojotoolkit.org industry experience ------------------- JotSpot Inc., Senior Engineer Jan 2005-Present Palo Alto, CA Work nearly full-time on Dojo, an Open Source JavaScript and DHTML toolkit for enhancing web applications. Responsible for developing Dojo and integrating it into the Jot platform, thereby making it available to developers using Jot. Responsible for community development, infrastructure, and technical leadership of the Dojo Project. Informatica Corp., Senior UI Engineer Nov 2003-Dec 2004 Redwood City, CA Enhanced the responsiveness, scalability, and portability of Informatica's web-deployed products. * Worked with other UI engineers, interaction designers, back-end engineers, third-party vendors, and management to understand and alleviate performance bottlenecks throughout the product UI. Improvements to interface responsiveness contributed to a 6x decrease in interface latency on the analysis portion of the product. * In response to a sales force need, worked with contractors and direct reports to port IE-only widgets to be cross-browser capable in a very compressed time-frame. The results allowed for limited demos of the upcoming full port of the product UI for high-value partner and sales scenarios. * Provided training to developers on portable in-browser development and advanced JavaScript programming topics such as closures and prototype-based inheritance. * Worked with other skilled DHTML developers to isolate, track, and eliminate IE and Adobe SVG viewer specific memory leaks. Developed solutions which reduce the chance for recurrence of these issues on the broken browsers which exhibit leakage. * Initiated work with an invited Open Source developer community of DHTML experts to create the next-generation client-side UI framework necessary to meet Informatica's strategic product goals. This work continues under the umbrella of the Dojo Project. Technologies Employed: nWidgets, Dojo, JavaScript, DHTML, (X)HTML, CSS, HTTP knowledge and debugging tools, Java, JSP, J2EE, Ant, Jython, Python, ClearCase, Subversion, Unix shell scripting SecurePipe Inc., Web App/Infrastructure Developer May 2002-Oct 2003 Madison WI Worked to develop, extend, and enhance core infrastructure and reporting systems necessary for operation of SecurePipe's Managed Security Service Practice. * Responded to competitive pressure by assisting in the development of an Intrusion Prevention System (IPS) to compliment the core IDS product line. Created tools and processes for review of IDS signatures, allowing an efficient review of the entire SecurePipe IDS signature library. Identified IPS candidates while improving quality, accuracy, and documentation of several thousand signatures. The resulting improvements provide SecurePipe with better visibility of security-relevant network events on client networks. * Participated in the audit of several web applications, working with application authors to understand and fix problems as necessary. * Applied expertise in web application design and security to the overhaul of SecurePipe's reporting tool, SecurityConsole.com. Improved accessibility of reports through standards-compliant interface design (XHTML and CSS2). Designed and implemented an access control system, including a custom LDAP schema, to allow for simple management and modeling of complex inter- and intra-organizational relationships. Combined with the ability to easily re-brand the reworked reporting tool, the new access control system provides SecurePipe with distinctive reporting and co-marketing capabilities. * Worked to benchmark IDS performance, thereby allowing SecurePipe to ensure that clients remain protected even in worst-case network usage scenarios. * SecurePipe had a good understanding of deployed system status, but inventory management of pre-deployment and returned systems and components proved a constant and time intensive challenge. In response I developed an internal web application for improving inventory management and tracking, resulting in improved business understanding of resource allocation. * Made weekly contributions to the IDS signature research and authorship process, a key component of SecurePipe's network protection services. Technologies Employed: Snort and IDS signature development, Linux, RPM, Python, distutils, LDAP (schema authoring, configuration), MySQL, Apache, SSL and stunnel, Perl, PHP, (X)HTML, CSS, PostScript (direct generation of), fuzzing tools (SPIKE, @Stake Web Proxy, etc.), DocBook, J2ME, MIDP 1.0 & 2.0, Motorola i95cl security, assorted network security tools, security system design and analysis Schlumberger, Intern, InfoSec R&D May-Aug 2001 Austin TX * Responded to market pressure of a competitor's announced phone-as-token solution with a prototype that could be to market first at lower design and deployment cost. At the end of a three month internship, was able to demonstrate a proof of concept "virtual card" solution that did not require hardware integration. The virtual card can be quickly and inexpensively deployed on J2ME devices and seamlessly integrated with existing authentication frameworks (such as SiteMinder), providing Schlumberger with a strategic alternative that preserved existing infrastructure investments. * Worked with the author of the Linux SmartCard stack to prototype the virtual card applet conforming to his draft specification. The applet provided uniform access to on-card crypto and storage primitives. Since SmartCards are not largely interoperable at the access API level, this specification provides card developers with a much needed common platform. Technologies Employed: J2ME (MIDP), micro-SSL, OpenSSL, JavaCard, Cryptographic primitives, Linux, MUSCLE, PAM, PalmOS development tools, security system design and analysis Thomson Consumer Electronics, Consultant May-Aug 2000 Indianapolis, IN Worked with E-commerce team to extend the RCA.com infrastructure while at Thomson, an $8 billion consumer electronics manufacturer. * A planned reuse of business and application logic between e-commerce initiatives was in jeopardy. Much of the code to be shared was captive in the front end tier of the progenitor system, and therefore not portable or reusable. In response I researched, designed, and prototyped a transition system and architecture that allowed allowed RCA.com's business logic to be moved incrementally into the database layer, returning XML messages formatted for display via XSLT; those technologies were previously dismissed as unworkable or unavailable at RCA. * Developed GUI and command line tools to support transition and provided the e-commerce team with a method and documentation for using the new framework. * Worked with creative services vendors to improve deliverable quality and structure for a medium unfamiliar to them. Assisted contractors in understanding work flow issues challenging the content team during a rework of the purpose-built CMS tool used in RCA.com, leading to a more efficient content creation and editing process for RCA.com. Technologies Employed: Java (SWING, JDBC, SQLJ, Java stored procedures, SAX), Oracle 8i, XML, HTML, CSS, Photoshop, Vignette 4.0/4.5, TCL, Solaris, AIX Thoroughbred Consulting, Consultant/Web Developer June 1999-Dec 1999 Indianapolis, IN As a member of the development group I completed successful engagements at: * Dow AgroSciences - completed a months-long project in less than half the time projected, saving the customer tens of thousands of dollars and bolstering the young firms reputation. * Thomson Consumer Electronics - assisted in launch of RCA.com Technologies Employed: HTML, CSS, JavaScript, DHTML, Photoshop, Flash, ASP, MS Access, SQL server projects -------- Dojo, Project Lead 2004-present Dojo is a web interface toolkit built on JavaScript and DHTML. Dojo allows application authors to quickly prototype and use widgets across varying client rendering contexts (HTML and SVG initially) from a single XML dialect. A diverse team of DHTML and web application developers are working on Dojo and multiple commercial products are based on or incorporate the platform that Dojo provides. As project lead and President of the Dojo Foundation, I manage many aspects of the project including coordination and planning of development, build system maintenance, management of intellectual property issues, and project infrastructure. Technologies Employed: Advanced DOM DHTML and DSVG, JavaScript, Java, Ant, Rhino (custom modifications to), Subversion, Jython, Trac nWidgets (formerly netWindows), Project Lead 2000-present As the development lead of the nWidgets DHTML API project, developed a toolkit for building rich client-side interfaces for web applications that resolves many of the usability and efficiency problems afflicting web applications. * Developed custom netWindows widgets and solutions for Informatica, leading to performance and usability enhancements in several major components of PowerAnalyzer, a web-based Business Intelligence reporting tool. * Developed custom widgets and documentation under contract for Kaiser Permanente for a desktop-replacement web application. Developed fast "live search" for 30K+ items in drop down boxes on the client. Technologies Employed: Advanced DOM DHTML, JavaScript, Signals and Slots, DocBook, XSLT, CVS OWASP Guide, Project Lead, editor, contributing author 2002-2003 Worked to improve the quality, consistency, and accuracy of the Guide's content, culminating in v1.1 of the Guide, and a complete editorial review and structural overhaul for v2.0. Eliminated merging conflicts, improved editorial oversight, widened opportunities for contribution, automated final document generation process by converting Guide source document from proprietary format to DocBook. Technologies Employed: DocBook, CVS, web application security analysis Purdue Internet Olympiad, Member 2nd place team 2000-2001 Our team took second place from a field of 70 in the inaugural Purdue Internet Olympiad. During the three month final round, developed a secure distributed payment architecture using Java RMI, Oracle, and hardened clients as well as a preliminary business plan. Design won 2nd prize among the finalist teams from a panel of industry judges. Technologies Employed: Java ( RMI over SSL, JDBC), Oracle, MySQL, Linux, Python, security system design and analysis activities ---------- Purdue Linux Users Group (PLUG), President 2000-2002 While serving as President, helped PLUG successfully host multiple installfests, bi-weekly technical talks, a technical mailing list with more than 300 members, work with other student organizations to improve communication and coordinate larger events, provide short courses to various departments of the University, overhaul the PLUG web site, and expand to largest membership ever, making it the largest computer-related student organization on campus. Technologies Employed: Linux (many distributions), FreeBSD, OpenBSD BSA: Eagle Scout, Firecrafter, SPL publications ------------ * Multiple articles describing portions of Dojo, published at dojotoolkit.org * OWASP Guide: editor, author for v1.1 * DevX.com: authored an advanced DHTML article * 13th parallel: article discussing JavaScript Signals and Slots implementation developed for the netWindows project vim:et:ai:ts=2:tw=80:ff=unix