Resumé Photography
Viren Shah Applied Research & Development, Python, Java, Project Management, System Administration, Rapid Prototyping, Bytecode, FreeBSD, Infrastructure, Linux, C++, C, Software Security, Lisp, Natural Language Processing (NLP), Machine Learning (ML), Perl, Software Analysis, Software Design, Shell Scripting, Networking, Proposal Writing
Software technologist with broad experience in applied software security R&D, team/project management, technology infrastructure, and consulting services. Bringing together my knowledge of security, software practices and infrastructure, I have also enjoyed policy creation and implementation as part of the CIO/CTO organization. I am passionate about bringing my diverse background and expertise to bear on practicable solutions to difficult problems.
1997 2005 2011 2018 2020
Visix
Software Developer
Cigital (was RST)
Sr Research Alchemist/Program Manager
Raytheon (was VTC)
Sr. Technical Advisor/Principal Software Engineer
Leidos (was SAIC)
Sr Cyber Scientist
BlackBoiler
Director of Engineering
Developer Researcher
  • Designed and developed mobile Android apps to display real-time data using the TENA (distributed simulation) protocol
  • Architected and implemented distributed infrastructure to store and analyze ~22TB of "big software" code and features
  • Helped port TENA middleware to Android
  • Led development of a security vulnerability scanner for program executables by reusing source-based pattern-detection engines
  • Developed suite of tools to help expose security vulnerabilities with the J2ME reference implementation
  • Designed and developed an Aspect-Oriented Programming (AOP) framework for security vulnerabilities in C
  • Researched and developed one of the first static and dynamic analysis tools suites for Java Bytecode
  • Developed a tool to automatically generate large sets of testcases of vulnerable code to verify and validate research prototypes
  • Principal Investigator on multiple government-funded (DARPA, IARPA, etc) research projects
  • Researched and developed software for automatic blind building of unknown software applications (C, C++, Android, Java)
  • Researched and developed a new constraint-optimization technique for whole path-based software analysis of C programs
  • Researched a new Aspect-Oriented Programming language and aspects for C security vulnerability prevention
  • Developed new static analysis techniques to extract behavior profiles from android apps for use in malware analysis tool
  • Led efforts to looking into language-based security issues with resource-constrained wireless devices resulting in a suite of tools to help expose security vulnerabilities with the J2ME reference implementation
Team Lead/Manager Technical Advisor
  • Successfully led several research, development and infrastructure teams
  • Managed and mentored junior developers and researchers as well as co-managed a small research division
  • Led infrastructure IT team in improving reliability of servers (> 99%), rearchitecting backup and restore solutions for corporate data and establishing a solid security posture during acquisition of company
  • Led multi-company and multi-division collaboration efforts to ratify processes, plans and roadmaps for technical efforts
  • Advocated for and moved sales team to customized Salesforce platform from disparate Excel spreadsheets
  • Designed and implemented a corporate-wide developer infrastructure including issue tracker, wiki, continuous integration and version control
  • Developed product roadmap for commercial products with feedback from management, product team and clients
  • As part of leadership team, helped draft IT and development process policies based on business goals and led their implementation
Selected Publications
  • Viren Shah, Using Aspect-Oriented Programming to Address Security Concerns, International Symposium on Software Reliability Engineering, November 2002, Annapolis, MD.
  • Viren Shah, The Holy Grail of Software Quality, International Conference on Dependable Systems and Networks (DSN 2002), June 2002, Bethesda, MD.
  • M. Weber, Viren Shah and Chris Ren, Case Study in Detecting Software Security Vulnerabilities Using Constraint Optimization, IEEE Workshop on Source Code Analysis and Manipulation, November 2001, Florence, Italy.
  • T.J. Walls, Viren Shah and Anup Ghosh, Towards Certifying Software for Security, Proceedings of ISACC 2000, September 2000, Reston, VA.
  • A.K. Ghosh, Viren Shah, and M. Schmid, An Approach for Analyzing the Robustness of Windows NT Software, Proceedings of the 21st National Information Systems Security Conference (NISSC98), October 1998, Arlington, VA. S. Bhattacharjee, M. H. Ammar, E. W. Zegura, V Shah, and Z. Fei. Application-layer Anycasting, In Proceedings of the IEEE INFOCOM '97, 1997.
  • Carlson D., Guzdial M., Kehoe C., Shah V. and Stasko J. WWW Interactive Learning Environments For Computer Science Education. Proceedings of SIGCSE `96, February 1996.
Selected Workshops/Panels
  • Workshop Organizer: AOSD Technology for Application-Level Security, Aspect-Oriented Software Development, Lancaster, UK, 2004.
  • Panelist: Wireless Security: Vulnerabilities and Solutions, ACSAC, Las Vegas, 2002.
Patents
  • Walls, T. J., Shah Viren and Ghosh, Anup, System and method for identifying and eliminating vulnerabilities in computer software applications, US Patent Number 7,284,274
  • Weber M., Shah V. and Ren C., Systems and methods for detecting software buffer security vulnerabilities, US Patent Number 7,302,707