present-
2009

As a member of Sun's Chief Architect's Office, Glenn leads Sun's security initiatives for Cloud Computing and other highly-scalable and dynamic architectures. Realizing that Cloud Computing models have the real potential to raise the bar for IT security, Glenn has created architectures, patterns, recommended practices, and tools to drive improved security for Cloud Computing environments. Many of these works have been integrated into Sun's Cloud Computing initiatives and made publicly available. Glenn is responsible for developing Sun's Cloud Computing security strategy and evangelizing it at both Sun and industry events, and he represents Sun's perspectives as a member of industry groups such as the Cloud Security Alliance. Glenn is the security liaison to the Cloud Computing product group and the security lead for Sun's Cloud Architecture Group, an internal governance team chartered with defining standards and practices for Sun's public Cloud Computing offerings. Further, Glenn works with customers from around the world to help them better understand and apply Cloud Computing security concepts and practices.

2009-
2008

In parallel with his duties as Director and Chief Architect of the Global Security Office, Glenn led a global, virtual team focused on driving awareness and growth in the area of high performance computing (HPC). Focusing on both traditional and commercial HPC opportunities, Glenn and his team have supported over $175M in global customer wins and opportunities. This Tiger Team has captured architectural artifacts and lessons learned to improve our products, services and sales processes, developed HPC-related training for the Global Systems Engineering community, and worked with leaders from across Sun to ensure alignment across various HPC-related activities in order to promote greater efficiency and effectiveness across the field organizations.

2009-
2005

Leads a team of principal security architects and professionals on the development and execution of the corporate and divisional security strategy. Works in concert with executive security leadership throughout Sun on key cross-organizational strategic security initiatives and architectures including Sun Systemic Security. Works to define and promote a consistent and comprehensive security vision and architectural model for Sun's entire portfolio of products and services. Provides both strategic and tactical subject matter expertise in the field of information security to groups across Sun and throughout the industry. Drives the development and integration of "security as a systemic quality" into Sun's products, services and customer solutions. Evangelizes and leads architectural and technical security solutions in open-source and Internet forums, at conferences and customer workshops, and through publication of recommended practices.

2005-
2004

Works as a member of both the Global Data Center CTO and the Global Security Team. In these roles, Glenn worked to define and evangelize the security strategy and vision for Client Solutions as well as to design security into Client Solutions training, solutions and offerings. Provided both strategic and tactical subject matter expertise in the field of information security to groups throughout Sun to help improve the overall consistency, quality and security of Sun's products and services. Drove the development of security recommended practices, architectures, training, services, and tools used both by Sun, its partners and its customers. Provides executive and tactical engineering, sales and delivery support to teams throughout the United States and globally.

2004-
2002

Lead the development and execution of the region's information security strategy. Responsible for raising the baseline security awareness and skills of the SunPS US field organization through the development of the Security Everywhere! program. Provided both strategic and tactical subject matter expertise in the field of security to groups throughout Sun to help improve the overall consistency, quality and security of Sun's products and services. Drove the development of security recommended practices, training, services, and tools used both by Sun, its partners and its customers. Provided engineering, pre-sales and delivery support to Sun teams throughout the United States.

2002-
2000

Same responsibilities as below.

2000-
1999

Lead the development and execution of layered security solutions for Sun Professional Services in the region. Responsible for comprehensive security service delivery in the areas of assessment, architecture, implementation and management. Provided both strategic and tactical guidance to clients in matters of information security with a special focus on platform and network security, security architecture and management. Assisted clients in designing and deploying secure, highly available, and scalable mission critical environments. Customers have included major financial services firms, service providers, new media and life sciences, academic and government organizations.

In addition to contact services, responsibilities include the development of security methodologies, best practices, training and tools through close cooperation with the Engineering, Enterprise Services, Marketing and Computer Systems divisions. Participated on two security-focused teams whose goals were to identify and recommend security-related improvements for Sun's products and services. Managed a highly utilized team of security architects and engineers.

1999-
1998

Responsible for developing and teaching an advanced computer programming course using the C++ programming language. In addition, this course offered students an overview of object-oriented analysis and design techniques.

1999-
1997

Lead technical contact for Sun Microsystems hardware and software products, Unix, and system and network security for the Mid-Atlantic region (Boston, MA to Washington, D.C.). Develop structure to drive Sun and related (Veritas, Legato, Netscape, Checkpoint, etc.) product sales and services for offices in the Northeast U.S. corridor. Design, install and support heterogeneous network infrastructures for Fortune 1000 clients, from desktops to mission/business critical database and compute servers. Provide performance, redundancy, reliability and security recommendations to clients in order to increase overall network availability. Render pre-sales configuration in addition to availability and capacity planning to customers. Develop and present general and customized presentations that cater to individual client's requirements. Complete sales cycle by providing post-sales consulting and maintenance for all facets of Unix-based solutions. Manage and execute regional trade show including the coordination of literature, equipment and personnel from multiple vendor sources. Integrate solutions into a cohesive demonstration suitable for general audiences. Provide custom technical and business training for clients, as well as CRI internal sales and support staff. Specialize in operating systems, networking, Unix/PC Interoperability (especially Unix/NT Interoperability), in addition to system and network security.

1997-
1993

Installed, diagnosed and maintained a network of 50 Sun/HP/SGI workstations and servers. Provided secondary support for over 140 Sun/HP/SGI workstations and servers. Planned, budgeted and installed network, server and desktop upgrades, while managing and training junior level administrators. Responsibilities also included software engineering. Designed and developed advanced concept systems for distributed Command and Control (C2) environments, satellite test systems and sensor emulation tools using the C, C++ and Java programming languages. Responsibilities included project management (>150K budgets, 5+ software engineers), knowledge acquisition, system architecture design and development, and portable multi-platform development, integration, and deployment for government, military and commercial customers. Special responsibilities included management of classified computer processing servers, porting of applications between computing environments, in addition to performing security administration on the non-classified network.

1993-
1991

Designed, installed and supported a campus-wide network management system based on SNMP; designed and developed departmental and campus-wide database systems using the Ingres RDBMS. Managed hardware and software installation and support for over 50 networked desktops and servers (DOS, MS Windows, Macintosh, UNIX, Terminals) in the one of the country's first networked dormitories. Provided direct hardware, software, network, and security support for 500+ nodes on the campus academic network.

Champion of the "Common Security Configurations" Working Group.

On December 3rd, 2003, the Technical Standards and Common Criteria Task Force was formed by members of academia, industry and government at the first National Cyber Security Summit in Santa Clara, CA. This Task Force along with four others chartered that day by the National Cyber Security Partnership in conjunction with the U.S. Department of Homeland Security ("DHS") was directed to identify gaps and develop recommendations to promote the adoption and implementation of the President's National Strategy to Secure Cyberspace. These recommendations will be presented to the DHS, various U.S. Congressional subcommittees focusing on cyber-security and other stakeholders for consideration in planning next steps.

This Task Force was co-chaired by:

• Mary Ann Davidson, Chief Security Office, Oracle Corporation
• Chris Klaus, Chief Technology Officer, Internet Security Systems
• Ed Roback, Chief, Computer Security Division, NIST

As a member of this team, Glenn led the Common Security Configurations working group, a team comprised of academia, industry, government and other consortia. This working group was formed to meet the challenge of responding to risks identified by the lack of common, baseline security capabilities, settings and documentation in all information technology (IT) infrastructure components and to develop and document recommendations for the collection and promotion of these common capabilities.

The result of this effort was a report highlighting 28 specific recommendations across 6 core focus areas. The recommendations include a range of actions to encourage better security recommendation development and maintenance, to increase industry and government coordination and collaboration, and to promote the development and management of more secure product configurations by default and in deployment. The final Technical Standards and Common Criteria Task Force recommendations report (which includes this working group's report) is available at: http://www.cyberpartnership.org/.

As a member of the Center for Internet Security's Unix Security Benchmark Team, Glenn works to develop consensus-based security recommendations for Unix-based platforms. Glenn is a driving force behind aligning the Solaris Security Benchmark published by CIS with the Sun BluePrints recommendations for Solaris security as well as security recommendations published by the U.S. National Security Agency and Department of Defense.

The result of this multi-year-long effort is a more consistent and stronger set of security recommendations that are supported officially by Sun worldwide. Sun, CIS and all of our users benefit from this work through the publication and use of common security recommendations. A version of the recommendations targeting the Solaris 10 OS was published in August 2005 and a new version was published in September 2007. This new version was co-developed with support from the CIS, NSA, DISA and NIST - a clear demonstration of what is possible when the public and private sectors work well together. More information on the Center for Internet Security can be found at http://www.cisecurity.org/.

Glenn is recognized as a contributor to the CIS Benchmark effort.

In 2007, Glenn negotiated a contract between Sun and CIS to more easily facilitate sharing and (re-)publication of information developed by the two companies. This work enables both organizations to more readily share content developed by the other to reach even more communities and customers. In 2009, Glenn worked with the Center for Internet Security to develop the first vendor-provided, CIS compliant virtual machine image for Amazon EC2.

As the workshop chair for "Setting Requirements for Commercial Users" team, Glenn lead a team that developed a number of ideas focused on making the Common Criteria more relevant and useful for commercial end-users. These recommendations were shared with DHS, NIST, NSA as well as industry organizations such as CSIA and TechNet who were the event organizers. Glenn presented these recommendations to the entire Forum audience and provided content in support of the Forum's final recommendations report.

As the vice-chair of the EGA's Security Working Group, Glenn has helped to set the technical direction and charter for the group. The group identified security risks, threats and use cases that are specific to enterprise grid architectures. Working with members of the group as well as other EGA working groups, Glenn has helped to craft a report outlining the issues uncovered as well as recommendations for vendors and customers to better secure their enterprise grid products and architectures. More information on the Enterprise Grid Alliance can be found at http://www.gridalliance.org/.

Glenn was interviewed by GRIDtoday regarding the work published by this team.

As one of the OpenSolaris Security Community Leaders, Glenn has worked to promote a greater understanding of Solaris 10 and OpenSolaris security controls and technologies. In addition to his Sun BluePrints publications on this topic, Glenn has also developed and enhanced a number of tools made available from the OpenSolaris Security and Install Communities. In addition, Glenn has also contributed to the community extensions to the Solaris Security Toolkit that enable over 30 new and different Solaris OS auditing checks not previously available. Finally, Glenn maintains the Security Community Library and Presentation pages to provide up to date references on Solaris and OpenSolaris security related books, articles, white papers, presentations, etc.

Glenn has also conducted security testing of the Solaris operating system and has logged hundreds of bug reports and requests for enhancement that have directly contributed to significant improvements in the operating system in terms of functionality, security and integrity.

As one of the founding members of the Cloud Security Alliance, Glenn has worked to drive security recommendations and best practices for Cloud Computing environments. Glenn supported the initial release of the group's publication, "Guidance for Critical Areas of Focus in Cloud Computing" by providing subject matter expertise in the review of the group's 15 strategy security domains.

Since the initial publication, Glenn has taken on a leadership position as co-leader of the Editorial Working Group chartered with the publication of an updated set of cloud computing security issues, opportunities and recommendations. Further, Glenn is often requested by the CSA to present on a variety of cloud computing security topics including architecture, virtualization, and other areas.

1. Sun Systemic Security (Team Leader). Developed a cross-SMI security strategy, architectural model, and product mapping used to help sell and deliver Sun and partner-based solutions capable of meeting stringent customer security requirements.
2. Immutable Service Containers (Team Leader). Lead the development and evangelism of an architectural deployment strategy (with associated use cases, reference configurations, etc.) used to describe a (virtualized) platform for highly secure service delivery.
3. SMI Security Strategy Working Group (GSS Core Team Representative). (Co-)author of several engineering architecture strategies, policies, and best practices related to security.
4. Security (Technology) Ambassadors (Chairman). Provided strategic direction to the Security Ambassadors community, assisted in content development and sharing, training and certification and similar efforts.
5. Solaris Product Approval Committee (GSS Core Team Representative). Represented the Global Sales and Services division as a member of the Solaris PAC chartered defining the policy, process and managing the status of the Solaris product portfolio.
6. Supportability of Secured and Minimized Configurations (Core Team Leader). Developed policy, guidance and cross-Sun stakeholder support regarding best practices and requirements related to the supportability of secured and minimized operating system configurations.
7. Services Patent Review Board (Core Team Member). Reviewed invention disclosures and was responsible for recommending how that intellectual property should be protected (patents, defensive publications, etc.)
8. Sun Security Curriculum Advisory Board (Core Team Member). Provided strategic direction, content, and recruited resources for the development and maintenance of Sun's security training and certification exams.
9. Global Security Team Consulting Services Development (Core Team Member). Assisted in the development, technical vetting, training and delivery of a variety of fixed-price and T&M security consulting services made available to Sun's customers and partners.

1. Solaris Engineering. Core Team Member of the Secure by Default and Auditing Enhancement projects; Contributing member of the Solaris Code Sweep project. Contributor to the Solaris Product Requirement Document and many product requirements, fixes and enhancements.
2. Java Enterprise System. Contributor to the JES Product Requirements Document and several product requirements, fixes and enhancements.
3. Cloud Engineering. Core Team Member of the Architectural Advisory Council. Security Liaison to the Cloud Engineering team for both public and internal matters.
4. OpenSolaris on EC2. Provided security expertise, software and support for the development of the "Hardened OpenSolaris AMIs"