Chris Wee
Experienced Engineering Director at WhiteHat Security.
| Headline: | Scientist |
| Work status: | Employed Full-Time |
| Industries: | Computing, Information Technology, Internet |
| Skills: | C/C++, Electrical Engineering, Engineering, Java, Management, Perl, Python |
| Interested in: | Advising startups, Brainstorming, Finding business partners, Finding cofounders, Finding engineers, Finding team mates, Joining a startup, Meeting new people, Professional opportunities, Promoting my startups, Recruiting, Recruiting for my startup, Starting a company |
| Schools: | University of California System - Davis |
FEATURED STARTUP
WhiteHat Security
WhiteHat Security
WhiteHat Security is a leading provider of website security services
- Startup type: Company
- Status: Active
- Stage: Growth
WORK EXPERIENCE
| Employer: | Infidel Inc. |
| Position: | Partner |
| Time period: | January 2009 - Present |
| Description: | Software forensics in cases of IP disputes. My duties include examining source-code, documentation and advising counsel. |
| Employer: | LogLogic |
| Position: | Engineering Architect/Director |
| Time period: | January 2007 - December 2008 |
| Description: | My research team studies applications, device logs, develops regex parsers, report rules, collectors and connectors essential to our customers and to win deals. As the team's architect, I wrote tools (e.g. parse IBM manuals for 120+ log record formats (perl) and emitted PL/1 assembler code to mainframe execution). I recruited and hired 3 tool developers and re-trained the analysts (14) while addressing the communications, technical, operational, software lifecycle problems. I designed a tool-based automated workflow (on perl twiki), to support analysts develop additional device support. We use virtual machines; automated parser validation and certification, with metrics to improve and accelerate the development of LogLogic's log recognition and reporting capabilities. |
| Employer: | Symantec (via Sygate acquisition 2005) |
| Position: | Security Response Integration Manager |
| Time period: | January 2003 - December 2007 |
| Description: | My Advanced Threats Research project was to implement a VMware-harness (perl+C+ruby) to execute bot samples with real-time analysis of botnet traffic. The harness had to handle toxic samples in an isolated network, distributed processing over 25 servers, each handling 8 VMs. Next the harness was extended to test Norton AntiBot heuristics. A++ Award for innovative Botnet detection during the creation of Norton AntiBot product. My other role, as SymResponse's integration architect, was to assist product teams (Norton Internet Security 2008, Sym Enterprise Protection, SafeBrowse etc.) use our anti-virus, anti-spyware, honeypots, security research, threat discovery and Symantec's Global Intelligence Network effectively for testing, validation, sample submission. I also shepherded a new engine from SymResearch to product -- NIS Browser Defender. |
| Employer: | Sygate (later acquired by Symantec) |
| Position: | Architect, Development-manager |
| Time period: | January 2003 - December 2005 |
| Description: | Architect, then dev-manager of Magellan network discovery appliance. I developed the core aggregation engine in Perl, MySQL, Berkeley DB, DBI, SAX and Twig. The appliances were FreeBSD-based, and leveraged Java for UI, nmap for stack fingerprinting and Berkeley DB on the slaves for caching. Subsequently, I led the Security Research team at Sygate: developing IDS signatures, Host Integrity, Host protection and Spyware removal. My team extended to developers and QA in Beijing.
Symantec acquired Sygate in October 2005. |
| Employer: | Bloomberg NY |
| Position: | Consulting Security Architect |
| Time period: | January 2000 - December 2003 |
| Description: | Tom Secunda, CIO of Bloomberg, recruited me to assemble a highly capable team of information security experts to conduct a discrete but thorough security inspection of all systems at Bloomberg. We conducted penetration tests, source code inspection (perl tools), redesigned network protocols to incorporate SSL into their Bloomberg Terminal and web services, and dozens of data products/systems. We also conducted security training, implemented network intrusion detection (perl-based), educated NY & NJ Bloomberg employees in incident management, security design and digital forensics. The project also spawned my digital forensics business, Anzuru Technologies that collaborated with insurance companies. As the sole owner, I interviewed employees, hired staff, rented office space, kept the accounts, performed security inspections, canvassed customers, and the dealt with the business logistics. The business, with its attendant successes and failures, taught me invaluable lessons and instilled a greater confidence and compassion as a manager. I was recruited to architect the Magellan project for Sygate and suspended the business. |
| Employer: | Intel |
| Position: | Senior Information Security Analyst |
| Time period: | January 1999 - December 2000 |
| Description: | Designed and audited customers' networks and in the data-center, to mitigate risk to IOS operations. Intel Capital requested 2 due-diligence assessments of start-ups prior to investment. |
| Employer: | Northville Industries, New York |
| Position: | Principal Data miner |
| Time period: | January 1993 - December 1995 |
| Description: | I taught the dev team how to rapid prototype their proprietary trading algorithms in Perl4 and Awk instead of C++ thereby reducing the dev cycle from weeks into hours. I built perl-time technical trading tools for Commodities Trading Desk (perl+C+PDF), processing
historical and real-time data to feed automated models trading their multi-million $ portfolio. |
| Employer: | Computer Security Group, Dept. of Computer Science, University of California, Davis |
| Position: | Researcher/Post-doc |
| Time period: | January 1990 - December 1999 |
| Description: | I developed perl-tools to analyze misuse detection in healthcare records. I was also a perl-developer on the GrIDS project—a scalable intrusion detection system for large Internets. Built policy-directed and visual graph audit-log browsing tools, in perl. Built NFS attack detection from TCPdump logs (perl+C), and modeling audit reduction using security policy specifications (perl+graphviz). |
| Employer: | Syva, then Cooperbiomedical (technology acquired from Cooperbiomedical) |
| Position: | Embedded Systems Engineer |
| Time period: | January 1985 - December 1991 |
| Description: | I added the alcohol and cocaine protocols to the Syva ETS drugs-of-abuse panel, added safety features, and wrote documentation for FDA evaluations. I was Cooperbiomedical's primary SWE for ASSIST blood analyzer, I implemented PWM motion control of robotic steppers, timed-assay photometer controls and reduced the electronics budget by 75%. I created data analysis, I/O and a microkernel in C and Z-80 assembler. When Technicon acquired Cooperbiomedical , I was retained as the sole SWE to transfer ASSIST software technology to Technicon's quartzcell product line. |
EDUCATION
| University: | University of California System - Davis |
| Time period: | 1996 |
| Degree: | Ph.D., M.S., Computer Science |
| University: | University of California System - Davis |
| Time period: | 1989 |
| Degree: | Electrical Engineering/Computer Science, BSc |
PUBLICATIONS
| Papers: | Matt Bishop, Christopher Wee, Jeremy Frank, “Goal Oriented Auditing and Logging,”
ACM Transactions on Computing Systems, 1996. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, “GrIDS—A Graph-Based Intrusion Detection System for Large Networks,” Proc. 19th National Information Systems Security Conference, 1996. Christopher Wee, “LAFS: A logging and auditing file system,” Proc. Computer Security Applications Conference, December 1995. Christopher Wee, LAFS abstract, Proc. IEEE Security and Privacy, May 1995.James Hoagland, Christopher Wee, Karl Levitt, “Audit Log Analysis using the Visual Audit Browser Toolkit,” Computer Science Technical Report CSE 95-11, University of California, Davis. 1995. Ko, D. Frincke, T. Goan, L.T. Heberlein, K. Levitt, B. Mukherjee, C. Wee, “Analysis of an Algorithm for Distributed Recognition and Accountability.” Proc. 1st ACM Conference on Computer and Communication Security. Fairfax, VA, Nov. 1993. Ron Olsson, Richard Crawford, Wilson Ho, Christopher Wee, “Sequential Debugging at a High Level of Abstraction,” IEEE Software, May 1991. |
INFORMATION
| Awards: | 2007 Symantec A++, Botnet detection.
1995 Best student paper award, Computer Security Applications Conference, New Orleans. 90-91 UC Regents Graduate Fellowship, Computer Science. 89-90 MICRO Research Fellowship, State of California. 89-90 Distinguished Scholar Research Award, University of California, Davis. 88-89 Chevron Scholarship, Chevron Information Technology Company. 88-89 UCD Annual Fund Scholarship, University of California, Davis. 1988 Lockheed Scholarship, Lockheed Missiles & Space Company, Inc. |
Chris' Startups (1)
View allChris is Following (4)
View all-
-
-
Offerpal Media
Offerpal media is an advertising company. Their platform is set up for social networks and ecommerce sites, utilizing a point system for participating in advertising offers to target an audience.
-
Chris' Contacts (1)
View all-
Marjan Panic
MSc in Computer science from University of Niš, Serbia. Currently working as a .NET Developer and Consultant at Omada A/S, Copenhagen, Denmark.