Phil Dibowitz's Resume I am a Systems Architect with 10 years of experience designing and running systems on both Linux and Solaris and a degree in Computer Science and Computer Engineering. I enjoy designing large UNIX-based infrastructures, as well as systems security and related areas. I'm not currently seeking employment; however, I'm always open to the right opportunity. I have a strong presence in the open source community, having not only my own software (IPTState, concordance, check_x509, mime_dump), but also contributing to many projects from the Linux kernel to IP Filter. As a systems administrator, I pride myself on always solving problems the right way - not the easiest or quickest way - but the best way possible. Putting forth the effort to do something properly the first time may take a little longer initially, but reduces downtime and cost while increasing manageability, reliability, and scalability in the long run. Lastly, I'm very proactive; I have the drive to seek out projects that need to be done and tackle them. Thank you for your time, Phil Dibowitz +41 (79) 247-2510 phil@ipom.com ____________________________________ WORK EXPERIENCE Google (2008 - present - Zurich, Switzerland) Site Reliability Engineer, Gmail - Planned and tested migration of Gmail to next-generation internal storage infrastructure, including training of other team members - Oncall duties for Gmail's infrastructure including web frontend, imap/pop frontend, backend, storage, delivery, anti-spam, anti-abuse components - Worked with developers to productionize next-generation anti-abuse and anti-spam systems - Near-complete re-write of Gmail-specific machine-management software - Developed scripts to ensure correct load balancing configurations - Extended existing software deployment systems for new products and needs - Developed new procedures for integrating with other teams and core Google infrastructure - Restructure how new releases get their first production traffic to provide greater flexibility, monitoring, and reliability - Wrote software to audit and correct file permissions issues - Wrote and organized documentation for many of Gmail's existing and upcoming systems - Taught classes for new employees and engineers transferring to SRE Ticketmaster (2005 - 2008 - Los Angeles, CA) UNIX Systems Administrator (2005 - 2006) Senior UNIX Systems Administrator (2006 - present) - Managed ~3000 Linux systems - Architected and implemented a large-scale PKI infrastructure using RSA Keon software for more than 60,000 certificates spanning more than than 16 Certificate Authorities (CAs) including writing policy and training staff - Co-designed the PKI-based authentication system for web-services project for interfacing with partners - Developed a plug-in to the preexisting system configuration software to effectively handle Identity, User, and Access management (Perl) - Developed dynamic pluggable software for provisioning, modifying, and decommissioning DNS, NFS storage, and VMWare (GSX) virtual machines (Perl) - Developed daemon to report and graph incoming sessions across load-balancing layer (Perl) - Developed utility to generate utilization reports for on-sale periods (Perl) - Part of the team that developed and maintained in-house system configuration software (Perl, C, Ruby) - Wrote various scripts such as Netscaler configuration generator, monitoring aggregator, and others to improve team efficiency (Perl and Ruby) - Rolled out hardware, OS, and configuration for several new projects such as TicketExchange and Web Services - Worked directly with application developers to debug various production problems - Rolled out keepalived to single-point-of-failure systems to ensure redundancy and reliability - Trained new staff on our systems, software, and policy - Wrote lots of documentation for various systems, products, and software Information Services Division - USC (2003-2005 - Los Angeles, CA) Systems Architect and Administrator - Managed ~300 Solaris SPARC systems - Restructured and redesigned the DNS servers to achieve higher reliability, better performance, and easier maintainability - Rolled out a Shibboleth (shibboleth.internet2.edu) infrastructure, a system for data release approval and implementation, and documentation, as well as provided feedback and documentation to the Internet2 community - Worked with the portal team to setup Load Balancing and SSL offloading for our uPortal roll out. Found and reported bugs with Apache and Tomcat for SSL offloading issues - Replaced all console servers with Cyclades and Conserver to give better performance, redundancy, and desired features - Designed and deployed a key-management system for passphraseless keys that need to be securely distributed, managed, and updated for automated systems - Helped design next-generation Identity and Rights Management system being developed in-house - Designed and implemented a system for maintaining Active Directory DNS records on the USC UNIX DNS servers (for 30+ AD domains across campus), which were previously maintained by hand - Maintained the MIT Kerberos V realm - Acted as a signer for the USC Certificate Authority, helped in Certificate Policy decisions, created the KCA as a subordinate Certificate Authority - Deployed Nagios as a group-wide monitoring service, and provided monitoring services to other groups within our organization giving our department better response time to problems, and a better idea of what effect problems have (Nagios monitored 320 hosts and 1175 services) - Organized PGP education and documentation as well as key signing parties to enable encrypted and/or signed email as appropriate - Trained various student employees on software installation, UNIX theory, and shell scripting - Planned and implemented the disabling of telnet and FTP in favor of SSH to increase security Stream Exchange (2002-2003 - Los Angeles, CA) Systems Administrator - Planned and implemented a central user information and authentication database with OpenLDAP, nss_ldap, and pam_ldap - Setup a secure multi-domain mail server using Qmail, Vpopmail, Qmailadmin, and Courier IMAPd - Wrote full system documentation for all 14 servers, the network in general, and multiple procedures and services - Wrote many scripts to automate load balancing, booting, and other procedures - Authored new, as well as edited and commented existing Perl/CGI scripts for secure transactions using Verisign Payflow Pro for processing - Installed, configured, supported, and trained staff on Oasis Ad Server - Installed, configured, and trained staff on RT2 Ticketing for customer support issues - General maintenance and patching of 14 Linux web servers MySmart Solutions (2001-2002 - Los Angeles, CA) Unix and RADIUS Systems Administrator and Network Engineer Previous positions left off for brevity ____________________________________ EDUCATION University of Southern California B.S. in Computer Engineering Computer Science ____________________________________ SKILLS - UNIX: Solaris 2.6 - 9, Linux (2.2 - 2.6) - SERVICES & FIREWALLS: IP Filter, IP Tables, IP Chains, Apache, MySQL, BIND, MIT Kerberos, Sun Disk Suite, OpenSSH, Linux Software Raid, TCP Wrappers, Cyrus IMAPd, LVM2 - DEVICES: NetApp, Decru, Foundry, Netscaler - LANGUAGES: Perl, Shell (bash, korn, bourne), Python, C++, C, CGI, (X)HTML, CSS - CERTIFICATIONS: Sun Security Administrator - Solaris 9 ____________________________________ PERSONAL PROJECTS - Wrote and maintain IPTState, a popular open-source tool for monitoring Linux IPTables firewalls (http://www.phildev.net/iptstate/) - Maintain the unusual devices table in the Linux USB-Storage driver - Co-authored "Over-Zealous Security Administrators Are Breaking The Internet"; Published in the 2002 USENIX LISA Proceedings (http://www.usenix.org/events/lisa02/tech/vanderberg.html) - Official IP Filter FAQ (http://www.phildev.net/ipf/) - Co-founded the MSS Initiative (http://www.phildev.net/mss/) - Documentation for Sun PPPoE (http://www.phildev.net/solaris/) - Other software including Concordance, check_x509, and mime_dump and documentation projects including PGP and SSL/X.509 (http://www.phildev.net) References available on request. Phil Dibowitz +41 (79) 247-2510 phil@ipom.com