 |
Board of Trustees
2000 Board Election
Candidates
Barbara Fraser
<byfraser@cisco.com>
Nominated by: Geoff
Huston <gih@telstra.net>
Country: USA
Barbara Y. Fraser
Cisco Systems, Inc. 5103 Scenic Road
170 West Tasman Drive Murrysville, PA 15668
San Jose, California 95134-1706 (412) 325-3759
(408) 525-1735 byf123@ibm.net
byfraser@cisco.com
EXPERIENCE
Cisco Systems, Inc.
San Jose, California
Consulting Engineer, Office of the Chief Technology Officer
September 1999 to present: A member of the Security and Integrity Group
that focuses on strategic issues impacting Cisco products and services.
Currently investigating security issues associated with networked appliances
and CoS/QoS. Interested in ensuring that Cisco products provide the security
functions needed in the Internet community as well as ensuring that methods
used to design and develop products will result in products that are robust
and free of security vulnerabilities. In support of Federal Infrastructure
needs, she has prepared a presentation that describes key network security
practices used by Cisco to provide protection, detection, response, and
mitigation.
Software Engineering Institute (SEI)
Carnegie Mellon University, Pittsburgh, PA
Senior Member of the Technical Staff
Networked Systems Survivability Program/CERT Coordination Center, 1991-
present: Member of internationally recognized expert team on Internet/network
security and Internet security incident handling. Currently developing
a comprehensive adaptive security management model for networked systems
that will allow organizations to adapt to technology and organization
changes while maintaining an appropriate level of security in their networks
and systems. Responsible for the technical direction of an international
team of personnel working on this project. Also, technical contract manager
for major government customer, focused on network survivability of their
large, highly distributed heterogeneous environment. Current activities
also include designing, developing, and delivering a course for executives
on intrusion detection.
Formed and led one of the first team-based projects for the NSS Program,
which was used as an example for other teams. Managed $2 million security
improvement project with administrative and technical responsibilities
for planning, designing, and developing security-related products, including
managing costs, technology, and schedules, as well as administrative management
of the staff. Successfully championed the area of work in improving the
security of infrastructures so that it has become a major development
area in the Software Engineering Institute. Participated in strategic
planning for the institute and for the program, and was a member of the
program advisory board and the SEI sponsor’s review team.
Led a team in the design and development of a security assessment method
and supporting tools. The prototype security assessment methodology allows
individual organizations to identify and analyze their security strengths
and weaknesses, and to define a process for setting improvement goals
and working towards them. Have performed field tests of the assessment
technology at major financial institutions, technology producer corporations,
and government agencies and organizations.
Led the design and development of a set of technical security improvement
documents describing sets of activities organizations should use to meet
one or more of their security needs. Each document describes what to do,
why it is important to do, and technical guidance in how to do it.
Developed and presented many courses and lectures on CERT, Internet security,
and related topics to national and international audiences.
Other work within NSS/CERT has included assessing vulnerabilities of computer
systems, coordinating the search for ways to reduce those vulnerabilities,
and packaging those techniques to meet the needs of the CERT constituency;
helping coordinate the activities of CERT Associates during computer emergencies,
including understanding the problem, calling appropriate associates to
alert them to the problem, and lending technical assistance where possible;
writing technical summaries of vulnerabilities and emergencies; helping
build and maintain contact with vendors and other technical resources
within the computer community; and participating in conferences and workshops
where security-related issues are discussed.
1989-1991: On-going development and maintenance of the SEI’s networked
computer systems enterprise. These activities included systems programming
and administration support for UNIX software within the institute’s
client/server environment, and the design, development, and documentation
of systems programming policies and procedures (mail/message services,
software configuration and maintenance, networking software components).
Martin Marietta Corporation (now Lockheed Martin Corporation)
Electronics and Missiles Systems Division
Orlando, Florida
Senior Engineer, 1987-1989, Task Leader, LANTIRN Software Aircraft Simulator
Group. Managed cost and scheduling of simulator software development and
presented to senior level managers and program directors. Responsible
for design, implementation, verification testing and maintenance of 16
aircraft simulators. This required coordinating the simultaneous development
of multiple products. The software was written in FORTRAN and VAX Macro
Assembler, conformed with MIL standard 1553B and was comprised of both
real time and non-real time modules. Also responsible for hardware and
VMS operating system configuration design and management of 19 DEC MicroVAX
II computer systems supporting the simulator software. Designed and wrote
software test procedures for formal testing of software for Quality Assurance
personnel, independent auditors, and the customer. Coordinated hardware
resource allocation and supported users. Traveled to field to support
flight test activities. Responsible for training of new engineers and
the maintenance of two classified MicroVAX II computer systems.
Independent Consultant
October 1986 until December 1986: Worked at Westinghouse Electric Corporation
in Orlando, Florida. Analyzed IMS parts database to reorganize into relational
databases format for SQL/DS on an IBM 4381. Work involved designing a
parts categorization system using SQL/DS. Related work involved word recognition
and classification.
Westinghouse Electric Corporation,
Orlando, Florida
Summer Student Program, July 1986 until October 1986,
Designed and implemented functional enhancements for GRASP (GRAphic SPecification).
GRASP is a menu-driven, syntax-directed editor for creating and maintaining
structured control flow diagrams with embedded text. Programming was in
C with the integration of HALO graphics. The software was developed on
a 3270 PC to run on an IBM XT.
Computer Science Department
University of Central Florida
Orlando, Florida
Graduate Assistantship, September 1983 until May 1986,
Taught Programming I and II to Computer Science majors. Courses included
instruction in program design, analysis and algorithmic development. The
advanced course included data structures. Students were also instructed
in the use of computer systems. Graduate projects included extensive C
programming and the study and use of the UNIX operating system.
Naval Training Systems Center
Orlando, Florida
Computer Programmer Analyst, May 1984 until August 1984, Engineering Department.
Developed the initial implementation of a manpower projection system for
the department. The project involved designing a system that would support
large amounts of data that had been collected and provide reasonable output
forms. Coordinated the activities of other team members. Received letter
of commendation from the Commanding Officer.
Independent Consultant,
Division of Student Affairs,
University of Central Florida
Orlando, Florida
March 1983 until July 1983. Conducted a study of selected units of the
Division of Student Affairs. The study included analysis of work flow
and information needs focusing on the possible employment of computer
technology. Findings and recommendations were presented to the Dean of
Students.
Emory University Hospital
Atlanta, Georgia
Medical Technologist, ASCP, Microbiology and Immunology,
September 1973 until August 1976. Liaison to committee for the selection
and implementation of a computer system for the clinical laboratory facilities
at the hospital. Assembled specifications for the information needs of
the Serology department and communicated them to the selection committee.
EDUCATION
Master of Science, Computer Science ("An Interactive Data Flow Analyzer
and Program Specializer for Pascal Programs"), University of Central
Florida, 1986
Bachelor of Science, Biology, Florida State University, 1972
Internship Medical Technology, ASCP certification obtained, Emory University
Hospital, 1973
TEACHING EXPERIENCE
Co-taught graduate course in "The Economics of Information Security",
Heinz School of Public Policy, Carnegie Mellon University,
recently offered during spring semester 1999.
Created and taught Internet Security seminars 1992-present
Internet Security for Managers
Internet Security for System/Network Administrators
Graduate Teaching Assistant: Computer Programming I and II 1984-86
PUBLICATIONS
Was Melissa Really Different?, Internet Protocol Journal, June 1999.
An Approach for Selecting and Specifying Tools for Information Survivability,
SEI-97-TR-009, 1998.
Preparing to Detect Intrusions, SEI-SIM-005, 1998.
Security for Information Technology Service Contracts, SEI-SIM-003, 1998.
Detecting Signs of Intrusions, SEI-SIM-001, 1997.
Security for a Public Web Site, SEI-SIM-002, 1997.
RFC 2196, Site Security Handbook, 1997.
Proceedings of INET ‘93, "CERT Incident Response and the Internet",
San Francisco, CA, USA, 1993. Published in August 1994 issue of Communications
of the ACM.
Proceedings of INET ‘92, "The CERT experience: Past, Present,
and Future", Kobe, Japan, 1992.
RFC 1244 Site Security Handbook, 1991 (superseded by RFC 2196)
RFC 1281 Guidelines for the Security Operation of the Internet 1991
Publications, cont’d.
Contributions to Technical Publications:
"Convenience vs. Security on the Internet," The Chronicle of
Higher Education, July 13,1994.
"CERT Provides Emergency Hotlines," Open Systems Today, Oct.
1992
"Special on Data Security," IEEE Spectrum, Aug. 1992
Other: Have reviewed books on networking security for several US publishers.
TUTORIALS AND COURSES
Detecting Intrusions for Technical Staff January 1999
Detecting Intrusions for Manager January 1999
Responding to Intrusions for Technical Staff January 1999
Responding to Intrusions for Managers January 1999
Internet Security: An International Perspective INET Networking Technology
Workshops T4
San Jose, California, 6/99
Geneva, Switzerland, 7/98
Kuala Lumpar, Malasia, 7/97
Toronto, Ontario, Canada, 6/96
Honolulu, Hawaii, 7/95
Prague, Czech Republic, 7/94
Forming an Incident Response Team Open Systems Security Conference,
Orlando, FL, 3/95
Internet Security for Managers SEI Symposium, 9/95
CERT Security Seminars, Washington DC, 6/93
4th Incident Handling Workshop, 8/92
Internet Security for System CERT Security Seminars, Washington DC, 6/93
and Network Administrators USENIX Security Symposium, 9/92
Networkshop ‘92, U. of Queensland,
Australia, 12/92
Computer and Network Security Information Networking Institute,
Carnegie Mellon University, 2/94
CERT and Internet Security Information Networking Institute,
Carnegie Mellon University, 5/93
Special Security Seminar Requested by Canadian RCMP, US
FBI and Secret Service, 11/92
REWARDS and RECOGNITION
Customer Satisfaction Evaluation: received a perfect evaluation; one of
only two given by SEI customers for FY98
Numerous Letters of Appreciation
Customer Satisfaction Award SEI 1993
Customer Satisfaction Award SEI 1992
Certificate of Appreciation SDIO 1992
Letter of Commendation NTSC 1984
PROFESSIONAL MEMBERSHIPS AND ACTIVITIES
Internet Engineering Task Force (IETF)
Member, Security Area Directorate
Current Chair: Guidelines and Recommendation for Incident Procedures working
group
– 1) Published RFC 2350 Expectations for Security Incident Response
Teams, 1998.
– 2) draft documents on Security Expectations for Internet Service
Providers, and Security Expectations for Technology Producers in progress
ACM
IEEE, IEEE Computer Society
Current member IEEE working group on Internet security practices
Member of McMillan Technical Publishing’s Network Technology Technical
Advisory Committee
Internet Society
Technology Advisory Board Member, Franklin Regional School District 1996-present
NIST Workshop on Information Security Training and Education Needs - Invited
participant
Past Advisory Board Member, National Institutes of Health Grant Award
Program
Program Committee Member, 1993 USENIX Security Symposium
|
Donate Now
