J.R. ("Vic") Winkler

Founder/Principal
Ground-Wire.COM

Reston, Virginia 
Vic@VicWinkler.COM
(703) 622-7111

Overview

Vic has 30 years leadership experience in Information Security (INFOSEC), Cyber and Cloud Security, Cloud Computing, systems and applications development, IT operations, testing, and management. Vic is a technologist who also develops business and marketing strategies, and his work led directly to contracts and products.  He has written and presented numerous conference papers and other technical and marketing materials -- Including the technical book: "Securing the Cloud" (Elsevier, 2011).  He represented Booz Allen Hamilton, PRC Inc. and Sun Microsystems as a speaker and panelist at conferences and events.   Vic has developed deep and broad expertise with leading edge technologies.   He has conceived and built systems that solved critical needs in US National Security spaces as well as commercial Internet facing infrastructure.   In his career, he assembled and managed extraordinary teams of researchers, engineers, and developers.   He has concurrently managed multiple projects/contracts, in all aspects including technical and staff.   He has managed budgets in excess of $1,000,000 (and never needed a bailout).   He is a published researcher in INFOSEC and a trail-blazing expert in intrusion/anomaly detection in complex systems, including in cyber/cloud and utility computing.

As Chief Technologist for Security, Vic was responsible for security vision, planning, technology evaluation, implementation and operation of Cloud Computing at Sun Microsystems.   He developed strategies, procedures, security policies, operations standards, security assessments and reports, along with design specifications and engineering documents).   Previously, he was Chief Technologist for Security at Network.COM (noted for the retail "$1/CPU hour" offering.)

Previously, as Chief Technologist for Security in US Client Solutions, Vic was responsible for enabling Sun government and military security sales and services in the US, as well as in numerous countries, including in 2003: Singapore, Spain, Lisbon, Greece and Romania.   He conceived and developed the Sun security ROI story for use by Sun's executives.   He frequently served as the Sun representative for industry groups and Government/Industry Committees.   He was a frequent invited panelist at industry, government, and other public events.   He served for several years as the Chairman of the Board for the Sun Security Technology Ambassador program.


Previously at Sun, Vic was on the staff of the Business Strategy group where he was responsible for identifying solutions components for various industries, and performed a technical review of potential acquisitions and solutions partners.   He worked with diverse Sun product and business units toward common strategic and sales goals.   He authored security white-papers, and wrote the security policy for the Government of Malaysia.   He was the Sun technical representative to the Technology Working Group for the Center for Strategic and International Studies (CSIS) commission for reforming U.S.   information technology export control policy.   He represented Sun on the Steering Committee for the Information Systems Security Board (a spin-off of NSTAC Presidential NII Task Force).


Previously at Litton PRC Inc., Vic was a Principal Engineer and Manager on the PRC National Systems staff.   In that capacity, he was the point of contact for Information Warfare and INFOSEC and managed several teams of researchers and developers.   Concurrently, he was the Principal Investigator for an IR&D effort in Information Warfare; and he was fully responsible for integrating a PRC developed intrusion detection system (ISOA) into the PRC security audit product `PRCis'.


Earlier at Litton/PRC, Vic spent 9 years as a technical member of the PRC R&D staff where he was the Principal Investigator for 4 separate IR&D efforts in INFOSEC:   Trusted UNIX TCB (he designed a Trusted Computing Base for UNIX System V.3); Intrusion Detection (he conceived, designed, and implemented a system for detecting intrusions and/or anomalous behavior); Knowledge-Based Extensions (he designed a system for mirroring complex systems via object networks); and System Security Audit Tools.   Previously as a developer, he was in a variety of roles as a systems and applications developer in the US national security community.


Current Position Description


2010-current Booz Allen Hamilton. Vic is responsible for SOA security architecture and cloud security strategy and business development at Booz Allen Hamilton.

Experience Detail

2010-2011 Founder/Principal of Ground-Wire.COM Cyber Security and Cloud Computing Consulting.  Vic was on the Advisory Board for StratuScape.COM (SW startup), advising cyber security product strategy.  He was the Technical Editor for a book on Cloud Security from Elsevier Publishing.
2004-2010 Chief Technologist, Security Sun Microsystems Cloud Computing.  Vic was responsible for all aspects of operational security for Sun's Cloud Computing infrastructure and operation.  In this capacity, he set security direction, developed strategies, architecture and guided implementation.  He wrote security standards and formal policies that received Sun corporate approval.   In 2008, Sun's Cloud Computing BU evolved out of the Network.COM business unit. (Network.COM was an extremely large and ambitious Internet facing Sun hardware and software computing utility that is noted for the retail SunGrid "$1/CPU hour" offering).   Again, Vic was responsible for all aspects of ongoing security.  This included development and implementation of leading edge concepts for combining security monitoring with feedback control of the utility.  Vic  strategy, policy and standards. He served on the internal technical review board for utility planning and development.

2003-2004. Chief Technologist for Security, US Client Solutions.   Vic was responsible for defining and implementing customer solutions for security comprised of Sun and 3rd party components. These solution sets drove substantial revenue for US sales. He reported to the CTO for US Client Solutions, and in that capacity advised US Sales on strategy for security sales and was active in directly supporting pre-sales with a variety of sales enabling activities. Concurrently, Vic was an active speaker at various security and Government focused industry events and served as a Sun representative to various industry groups.

11/1996-2003.   PSA Principal Architect for Security (Sun Microsystems, US).   Previously, he was on the staff of the Business Strategy group for US Government Sales.   He was the lead engineer responsible for information security expertise throughout Sun Microsystems Public Sector for US DoD, Federal, Homeland Security, and State and Local. He also identified business opportunities and solutions components, and performed a technical review of potential acquisitions or solutions partners.   On the staff of the Sun Federal CTO, he was responsible for enabling customer security architecture decisions, authoring security white-papers, and had written the security policy for the Government of Malaysia.   He also served in an advisory capacity to several Government and Industry groups focused on information security issues. He frequently served as the Sun representative for industry groups or Government/Industry Committees.   In that capacity, he worked as an equal team member with Director and VP peers in his field.   He is a frequent invited panelist at industry, government, and other public events.  


In those various positions, he influenced the technology direction for Sun security products.   In addition, he performed security technology assessments, and collaborates with his peers in Sun and with Sun's customers.   He was responsible for enabling customer security architecture decisions, authored security white-papers, and wrote the security policy for the Government of Malaysia.   He was a member of the Sun Board for defining the internal Security Ambassador program.   He was the Sun technical representative to the Technology Working Group for the Center for Strategic and International Studies (CSIS) commission for reforming U.S.   information technology export control policy.   Previously he represented Sun on the Steering Committee for the Information Systems Security Board (ISSB, spin-off of NSTAC Presidential NII Task Force).   In his position, he has been on numerous conference panels and has presented numerous security talks at conferences and symposia.


He was on the Sun-wide Global Security Team (GST) as well as on several other SMI internal security activities.   Previously, he was the Chairman of the Board for the Sun Security Technology Ambassador program, where he also collaborated with the chairs of the various ambassador programs toward the broader Ambassador program.   He was a Sun Liberty ACE, N1 ACE, and also served as a Security Ambassador.   He was responsible for enabling Sun government and military security sales and services in the US, as well as in numerous countries, including in 2003: Singapore, Spain, Lisbon, Greece and Romania.   He has active contacts with high-level (CIO, Director) with numerous US Government and DoD activities.   He is responsible for conceiving the Sun security ROI story and for developing it for use by Sun's executives and security ambassadors.

6/1995-11/1996.   Principal Engineer and Manager, and Principal Investigator (IR&D), National Systems Division of Litton PRC.   In this capacity his responsibilities included:   Concept formulation and development of an infrastructure and tool-suite for a leading IR&D effort in IW, integration of the ISOA system into the PRC PRCis product, development of INFOSEC business at the National Systems level, and development Information Warfare capabilities at the National Systems level.   He also supported the MISSI/NSM contract with security engineering and intrusion detection expertise under an NSA sub-contract with Motorola.


1/1994-5/1995.   Principal Engineer and Associate Manager, PRC Inc.   As a member of the R&D staff in Technology Division, PRC, Vic was the principal researcher and project manager for the computer security IR&D project System Security Audit Tools (SSA).   His responsibilities included conceptualization of the research problem area, system design, and development of the system.   In addition, he was a Technology Division member of a PRC TQM team.   Vic presented his Data Fusion Framework at Wright-Patterson/Avionics Directorate (WL/AA) under invitation by the Information Fusion Working Group.


1/1987 - 12/1993.   Principal Engineer and Associate Manager, PRC Inc.   As the Senior Security Expert he was responsible for computer security on the DOJ Consolidated Asset Tracking System (CATS).   For CATS his responsibilities included development of numerous DOJ security documents for CATS security accreditation and certification.   As a member of the R&D staff in Technology Division, PRC,Vic was also responsible for designing and implementing the Information Security Officer's Assistant (ISOA) IR&D prototype.   This project is a state-of-the-art system for Intrusion and Anomaly detection in trusted systems.   During this time he was the Senior Security Expert for the DEA El Paso Intelligence Center (EPIC) project, and was responsible for Accreditation documentation and identifying, designing, and implementing security countermeasures for the El Paso site.   He also developed the communications software for the R&D distributed AI research project, and was a reviewer for IEEE Sixth Annual Security Applications Conference (1990).   During this period Vic ported AI software for the CAESAR project under contract to RADC.   Vic was also a TQM team member for a company-wide focus team, and a TQM team leader for defining the PRC policy for rewarding Quality Achievement .


1/1987 - 12/1987.   Senior Systems Analyst, PRC Inc.   On the PRC R&D staff, Vic was responsible for a research project in designing a Trusted Computing Base (TCB) for UNIX System V.3, at the operating system source code level.


3/1986-1/1987.   Programmer Analyst, PRC Inc.  Vic was a Programmer Analyst on Space and Naval Warfare Systems Command (SPAWAR) Ocean Surveillance Information System (OSIS).   He was responsible for performing software upgrades and development on the Analysis Processing Subsystem (APS) as well as on the Security Processing Subsystem (SPS).


1/1986 - 2/1986.   Programmer Analyst, PRC Inc.  Vic performed software and design analysis for the Defense Intelligence Agency (DIA) AIRES/TELNET project.   He was also involved in the production of various design documents.


10/1985 - 1/1986.   Programmer Analyst, PRC Inc.  Vic was responsible for converting the DIA Collection Requirements Management Architecture (CRMA) prototype from dBASE III to C, as part of the DIA "proof of concept" for an integrated collection management plan.   This PRC project utilized IBM PC/XTs and ATs running MS-DOS, dBASE III, C, and a variety of support packages for C.


10/1985 - 11/1985.   Programmer Analyst, PRC Inc.   As the PRC Subcontractor to INCO on the Work Station Processor (WSP) contract, was responsible for the success of three demonstrations that served as "proof of concept" for the WSP LAN integration.   The project utilized PDP-11/70, SARP, IAS, MILNET, Ethernet, Sun Workstations and IBM PCs.


7/1985 - 9/1985.   Programmer Analyst, PRC Inc.  Vic was Programmer Analyst performing software maintenance and enhancement at the Department of Army Field Station at Kunia, Hawaii.   Among his responsibilities were software and computer system training of military personnel, the design of software changes, and the performance of general system maintenance in support of Pacific Intelligence Operations.


9/1984 - 6/1985.   Programmer Analyst, PRC Inc.  Vic was a Programmer Analyst on the AIS project responsible for the development of enhanced capabilities using PDP-11/70 computers, the IAS operating system, FORTRAN, MACRO-11, GAL (graphic independent language), Vector General Series 3 graphics terminals, and CalComp Graphic plotters.   He was also responsible for training NMIC ELINT analysts.


6/1984 - 8/1984.   Associate Programmer Analyst, PRC Inc.  Vic was responsible for CCFSS transfer and installation at the Atlantic Command, Navy (LANTCOM) located at Norfolk, Virginia.   He was solely responsible for the LANTCOM CCFSS interface which involved modification of the CCFSS and additions to the LANTCOM system.


10/1981 - 5/1984.   Associate Programmer Analyst, PRC Inc.   On the PRC NMIC CCFSS project, Vic was responsible for the development of enhanced capabilities of the CCFSS using PDP-11/70 computers, IAS/RSX-11D operating systems, and MACRO-11.   He developed and implemented the CCFSS interface to the COMIREX Automated Management System (CAMS) II.   Previously, he developed additional enhancements for the CCFSS, was the key programmer for the PAIS-MC design and implementation task, and improved the terminal code which controls the Sperry 1652 Dual Screen CRT used by NMIC intelligence analysts.   He has designed and developed application software for use at NMIC and played a major role in supporting the project's software development laboratory located in McLean, Virginia.


3/1981 - 10/1981.   Assistant Programmer Analyst, PRC Inc.   On the PRC Core project (DIA, Pentagon),Vic analyzed, modified, and documented software which originated at NMIC and the PACOM Data Systems Center (PDSC).   He was heavily involved in the final Core Documentation Task for which he wrote applications software to partially automate the process.   During this time, he was responsible for maintaining the operating system and user environment at the PRC System Development Research Laboratory (SDRL).


4/1979 - 3/1981.   Lead Computer Operator, PRC Inc.   At the SDRL, as Lead Computer Operator at the SDRL for two PDP-11/70s, Vic was responsible for billing, inventory control, operator training, user interface, and user support.   He designed and implemented the inventory data base for the SDRL using DBMS Datatrieve.   During this period he also designed and developed a software resume tracking system for PRC's personnel department, which was written in DATATRIEVE and located on SDRL PDPs.   He was a codesigner and assistant programmer of a PRC Insurance Claims Tracking System written in COBOL and also located on SDRL PDPs.


Employment History

Booz Allen Hamilton.  (June 2010-Current).  Security Architecture and Cloud Security business development.

Sun Microsystems.  (November 1996-2010).  In Sun Engineering (2004-2010): Chief Technologist Security, Sun Cloud Computing and SunGrid.  In Sun Microsystems, Federal (1996-2004): Chief Technologist Security, US Client Solutions;Principal Architect, Security and Networks

Litton PRC Inc.  (April 1979-November 1996).   Principal Engineer and Associate Manager; Senior Systems Analyst; Programmer Analyst; Associate Programmer Analyst; Lead Computer Operator

Education 


BS, Computer Science, University of Maryland

Publications & Presentations 


J.R. Winkler (Numerous internal Sun Cloud BU, Network dot COM and SunGrid BU documents, including 2 security policies, a series of security standards, operational security reports and security assessments, along with design specifications and engineering documents), 2004 through 2009.

J.R.  Winkler "Information Security:  The Nature of Threats", Sun Microsystems Whitepaper, June 1999

J.R.  Winkler "Secure E-Mail:  What It Is & Why It Isn't", Sun Microsystems Whitepaper, June 1999

J.R.  Winkler "Public Key Infrastructures:  Why Not Yet ?"  , Sun Microsystems Whitepaper, June 1999

J.R.  Winkler "Analysis and Comparison of Windows NT and Solaris Security", Sun Microsystems Whitepaper, December 1998

J.R.  Winkler "Security Guidelines for Vetting and Fielding Java Solutions", Sun Microsystems Whitepaper, November 1998

J.R.  Winkler "Security in the Enterprise:  Open Issues", Sun Microsystems Whitepaper, March 1998

J.R.  Winkler, C.J.  O'Shea, and M.C.  Stokrp ``Information Warfare, INFOSEC, and Dynamic Information Defense'', Proceedings:  19th National Information Systems Security Conference, October 1996, Baltimore MD.

J.R.  Winkler, C.J.  O'Shea, and M.C.  Stokrp "Information Warfare and Dynamic Information Defense", Proceedings:  1996 Command and Control Symposium, Naval Postgraduate School, Monterey CA.  June 1996.

J.R.  Winkler Techlink Seminar:  ``Information Security and Information Warfare:  Traditional and Emerging Factors", George Mason University, Fairfax VA, February 1996

J.R.  Winkler PRC Firewall Seminar:  "Using Audit to Prevent Sophisticated Hacker Attacks", PRC Kreuger Auditorium McLean VA, April 1995

J.R.  Winkler Invitational Presentation:  Data Fusion Framework, Wright-Patterson/Avionics Directorate (WL/AA), Information Fusion Working Group, Wright-Patterson AFB, Ohio, January 1995

J.R.  Winkler, J.C.  Landry, W.P.  Kahley.  Toward an Open Architecture for Data Fusion Systems, 1994 Joint Service Data Fusion Symposium (DFS-94), Johns Hopkins University Applied Physics Laboratory, Laurel MD., October 1994

Lefler, Mike and Winkler, J.R.  INFOSEC in Law Enforcement:  A Case Study from a DISA Program, Procedings AFCEA DBMS Conference, San Diego, CA, August 1993

Winkler, J.R.  and Landry, J.C.  Intrusion And Anomaly Detection:  ISOA Update, National Computer Security Conference, October 1992.

Winkler, J.R.  and Serrao, F.A.  Intrusion and Anomaly Detection in Large Scale Networks, 1991 Joint Service Data Fusion Symposium (DFS-91), Johns Hopkins University Applied Physics Laboratory, Laurel MD., October 1991.

Winkler, J.R.  Expert System Based Security Monitoring, Proceedings 1991 IEEE Dual-Use Technology Conference, SUNY Institute of Technology, Utica NY, May 1991.

Winkler, J.R.  Centralized Network Security Monitoring And Control, AFCEA Hawaii, Proceedings of the 5th Annual Pacific International Defense Electronics Conference and Exposition at Honolulu, Hawaii, November 1990.

Winkler, J.R.  A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks, National Computer Security Conference, October 1990.

Winkler, J.R.  Centralized Network Security Monitoring and Control , Proceedings of the AFCEA AFCEA Sixth Annual Symposium on Physical and Electronic Security, Philadelphia, PA., July 1990.

Winkler, J.R.  and White, J.S.  Surveillance and Anomaly Detection in Secure Networks, Proceedings of the AFCEA West Intelligence Symposium, San Diego, March 1990.

Winkler, J.R.  and Ambrose, M.T.  A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks, Proceedings of the Convention UNIX 90, Paris, France, March 1990.

Winkler, J.R.  and Page, W.J.  Intrusion and Anomaly Detection in Trusted Systems, Proceedings of the Fifth Annual Computer Security Applications Conference, Tucson AZ, December 1989.

Winkler, J.R., Page, W.J., and White, J.S.  An I&W Model for Intrusion and Anomaly Detection in Trusted Systems, Presented at the 7th Intelligence Community AI/Advanced Computing Symposium, Reston VA, October 1989.

Schmid, Paul and Winkler, Joachim, B1 Trusted Computing Base (TCB) Detailed Design Document, Technical Report TR-RD-87-D-l, November 1987.