Phil Dibowitz's Resume I am a USC graduate with 8 years experience in systems administration - specifically with Solaris and Linux. I enjoy designing large UNIX-based infrastructures, as well as systems security and related areas. I'm not currently seeking employment; however, I'm always open to the right opportunity. I have a strong presence in the open source community, having not only my own software (IPTState, haromnycontrol, check_x509, mime_dump), but also contributing to many projects from the Linux kernel to IP Filter. As a systems administrator, I pride myself on always solving problems the right way - not the easiest or quickest way - but the best way possible. Putting forth the effort to do something properly the first time may take a little longer initially, but reduces downtime and cost while increasing manageability, reliability, and scalability in the long run. Lastly, I'm very proactive; I have the drive to seek out projects that need to be done and tackle them. Thank you for your time, Phil Dibowitz (213) 923-5115 phil@ipom.com ____________________________________ WORK EXPERIENCE Ticketmaster (2005 - present) UNIX Systems Administrator (2005 - 2006) Senior UNIX Systems Administrator (2006 - present) - Managed ~3000 Linux systems - Architected and implemented a large-scale PKI infrastructure using RSA Keon software for more than 60,000 certificates spanning more than than 16 Certificate Authorities (CAs) including writing policy and training staff - Co-designed the PKI-based authentication system for web-services project for interfacing with partners - Developed a plug-in to the preexisting system configuration software to effectively handle Identity, User, and Access management (Perl) - Developed dynamic pluggable software for provisioning, modifying, and decommissioning DNS, NFS storage, and VMWare (GSX) virtual machines (Perl) - Developed daemon to report and graph incoming sessions across load-balancing layer (Perl) - Developed utility to generate utilization reports for on-sale periods (Perl) - Part of the team that developed and maintained in-house system configuration software (Perl, C, Ruby) - Wrote various scripts such as Netscaler configuration generator, monitoring aggregator, and others to improve team efficiency (Perl and Ruby) - Rolled out hardware, OS, and configuration for several new projects such as TicketExchange and Web Services - Worked directly with application developers to debug various production problems - Rolled out keepalived to single-point-of-failure systems to ensure redundancy and reliability - Trained new staff on our systems, software, and policy - Wrote lots of documentation for various systems, products, and software Information Services Division - USC (2003-2005 - Los Angeles, CA) Systems Architect and Administrator - Managed ~300 Solaris SPARC systems - Restructured and redesigned the DNS servers to achieve higher reliability, better performance, and easier maintainability - Rolled out a Shibboleth (shibboleth.internet2.edu) infrastructure, a system for data release approval and implementation, and documentation, as well as provided feedback and documentation to the Internet2 community - Worked with the portal team to setup Load Balancing and SSL offloading for our uPortal roll out. Found and reported bugs with Apache and Tomcat for SSL offloading issues - Replaced all console servers with Cyclades and Conserver to give better performance, redundancy, and desired features - Designed and deployed a key-management system for passphraseless keys that need to be securely distributed, managed, and updated for automated systems - Helped design next-generation Identity and Rights Management system being developed in-house - Designed and implemented a system for maintaining Active Directory DNS records on the USC UNIX DNS servers (for 30+ AD domains across campus), which were previously maintained by hand - Maintained the MIT Kerberos V realm - Acted as a signer for the USC Certificate Authority, helped in Certificate Policy decisions, created the KCA as a subordinate Certificate Authority - Deployed Nagios as a group-wide monitoring service, and provided monitoring services to other groups within our organization giving our department better response time to problems, and a better idea of what effect problems have (Nagios monitored 320 hosts and 1175 services) - Organized PGP education and documentation as well as key signing parties to enable encrypted and/or signed email as appropriate - Trained various student employees on software installation, UNIX theory, and shell scripting - Planned and implemented the disabling of telnet and FTP in favor of SSH to increase security Stream Exchange (2002-2003 - Los Angeles, CA) Systems Administrator - Planned and implemented a central user information and authentication database with OpenLDAP, nss_ldap, and pam_ldap - Setup a secure multi-domain mail server using Qmail, Vpopmail, Qmailadmin, and Courier IMAPd - Wrote full system documentation for all 14 servers, the network in general, and multiple procedures and services - Wrote many scripts to automate load balancing, booting, and other procedures - Authored new, as well as edited and commented existing Perl/CGI scripts for secure transactions using Verisign Payflow Pro for processing - Installed, configured, supported, and trained staff on Oasis Ad Server - Installed, configured, and trained staff on RT2 Ticketing for customer support issues - General maintenance and patching of 14 Linux web servers MySmart Solutions (2001-2002 - Los Angeles, CA) Unix and RADIUS Systems Administrator and Network Engineer - Setup two RADIUS servers; maintained a total of four RADIUS servers - Configured RADIUS to work with Oracle - Reworked entire internal and external DNS systems - Maintained remote and local Sun Solaris 8 servers and local Solaris 8 x86 workstations - Wrote documentation outlining various procedures including RADIUS updates, DNS updates/layout, and internal network layout - Migrated a T1 including configuration of Cisco hardware - Setup a firewall/NAT box with IP Filter on Solaris 8 x86 - Various Active Directory and Exchange modifications and updates Previous positions left off for brevity ____________________________________ EDUCATION University of Southern California B.S. in Computer Engineering Computer Science ____________________________________ SKILLS - UNIX: Solaris 2.6 - 9, Linux (2.2 - 2.6) - SERVICES & FIREWALLS: IP Filter, IP Tables, IP Chains, Apache, MySQL, BIND, MIT Kerberos, Sun Disk Suite, OpenSSH, Linux Software Raid, TCP Wrappers, Cyrus IMAPd, LVM2 - DEVICES: NetApp, Decru, Foundry, Netscaler - LANGUAGES: Perl, Shell (bash, korn, bourne), C++, C, CGI, (X)HTML, CSS, basic Ruby - CERTIFICATIONS: Sun Security Administrator - Solaris 9 ____________________________________ PERSONAL PROJECTS - Wrote and maintain IPTState, a popular open-source tool for monitoring Linux IPTables firewalls (http://www.phildev.net/iptstate/) - Maintain the unusual devices table in the Linux USB-Storage driver - Co-authored "Overzealous Security Administrators Are Breaking The Internet"; Published in the 2002 USENIX LISA Proceedings (http://www.usenix.org/events/lisa02/tech/vanderberg.html) - Official IP Filter FAQ (http://www.phildev.net/ipf/) - Documentation for Sun PPPoE (http://www.phildev.net/solaris/) - Co-founded the MSS Initiative (http://www.phildev.net/mss/) - Other software including harmonycontrol, check_x509, and mime_dump and documentation projects including PGP and SSL/X.509 (http://www.phildev.net) References available on request. Phil Dibowitz (213) 923-5115 phil@ipom.com