Brian Korver

briank@cs.stanford.edu

Objective

To act as the Development Manager or Senior Technical Lead designing, developing, and shipping interesting products.

Qualifications

• 15+ years experience managing and leading technical development of shipping products.
• 25+ years programming professionally, developing toolkits, and creating end-user products.
• Extensive hands-on experience with many major Internet security protocols.
• Excellent project management and communication skills.
• Extensive participation in standards organizations, such as IETF, on behalf of 5 companies.

Work Experience

Sr Software Engineer

Apple, Inc.

January 2009 – current

Member of the Server Foundations and Performance team, developing the next generation of Mac OS X Server.

• Improved performance of LDAP and Kerberos integration components.
• Added Active Directory support to authentication and authorization components.
• Improved performance of Xsan SAN file system.
• Driving the development of the next generation Server infrastructure technologies.
• Primarily develop in either Objective-C with Cocoa, C with CoreFoundation, or C with the POSIX APIs, depending on project requirements.

Sr Engineering Manager

Symantec, Inc.

April 2008 – November 2008

Led the team responsible for maintaining and improving the Linux-based platform for Symantec's 8300 series anti-spam appliances.

Director of Engineering

Network Resonance, Inc.

March 2005 – November 2007

Successfully led the software development team that designed and developed the Passive Capture Engine (PCE), for passively capturing network traffic, including encrypted SSL traffic, and the Certified Data Trail (CDT), which builds on the PCE to provide verifiable proof of electronic transactions. Responsibilities and accomplishments included:

• Managed a geographically distributed development team.
• Developed product specifications.
• Set the schedule and was responsible for keep/cut decisions to meet product delivery milestones.
• Responsible for the design and implementation of:
  
  • Modular, pluggable CLI shell engine, which also permits the syntax to be dynamically changed at run time, including full support for tab completion, context-sensitive help, and so forth. Used this engine to write the entire CLI for both the PCE and CDT products;
  • CLI compiler toolchain, using Lex and Yacc, which takes a Unix-command-synopsis-like syntax and compiles into into a human-readable (and -editable) CLI description macro language, and also compiles that language into C code that instantiates the CLI;
  • Distributed configuration management database, using Sun (ONC) RPC for the remote interface;
  • Modular, pluggable, distributed statistics reporting system;
  • Web-based management UI in PHP;
  • Simple Traversal of User Datagram Protocol (STUN, RFC 3489) and TURN, released as part of the nICEr component of reSIProcate.
• Handled all SQL-related work, including designing a schema using Postgres 8's partitioned tables to boost the performance of database inserts by over 12x.
• Primary development environment was C on MacOS X, using the gcc toolchain, as well as Linux and FreeBSD.

Software Development Manager

Xythos Software, Inc. (acquired by Blackboard, Inc.)

April 2002 – March 2005

Played an integral role in architecting and implementing the WebFile Server product, a Java-based, high performance, distributed WebDAV server with web-based UI. Responsibilities included:

• Supervised the core development team.
• Mentored junior staff.
• Provided strategic direction for future product development.
• Implemented advanced features such as a distributed event notification mechanism, thread pooling, and network file sharing support.
• Carried out performance and optimization work.
• Developed a framework so that SQL schemas could be written in Java in order to auto-generate the SQL code for object persistence and simple object query operations.

Primary development environment was Java on MacOS X, using Sun's Java toolchain.

Software Development Manager

Nokia, Inc.

January 2000 – July 2001

Successfully led the software development team that designed and developed a clustered SSL accelerator appliance (rtfm.com/sslacc.pdf). The product was based on a proprietary distributed OS and resulted in 6 patents being submitted. The end product successfully provided exceptionally high reliability, performance, scalability, and fail-over. Responsible for the original product idea and ran the entire project for over four months and the technical side for over two years. Responsibilities and accomplishments included:

• Managed a geographically distributed development team spread over two countries and seven time zones.
• Developed product specifications in coordination with product management and product marketing. Set the original schedule and was responsible for keep/cut decisions to meet product delivery milestones.
• Created and supervised the development team. Mentored junior staff.
• Trained non-engineering stakeholders on the product and the field.
• Wrote code as necessary, including the design and implementation of the SNMP MIB.

Primary development environment was C on FreeBSD 4 and AlchemyOS, a FreeBSD-based multiuser, high performance, embedded OS supporting clustering on commodity hardware.

Senior Software Engineer

Network Alchemy, Inc. (acquired by Nokia, Inc.)

November 1998 – December 1999

Lead engineer on the PKI subsystems for a family of clustered IPSec VPN appliances. Responsibilities and accomplishments included:

• Developed feature specifications with product management.
• Implemented all PKI functionality for the entire certificate lifecycle, including key generation, certificate requests, and all certificate management; Implemented Certification Authority functionality, including certificate signing and certificate revocation; Wrote extensive user documentation.
• Added public key cryptography to the IKE product.
• Implemented the Cisco Enrollment Protocol (CEP), precursor to the Simple Certificate Enrollment Protocol (SCEP)
• Added SSL to the kernel and to the Java-based GUI using OpenSSL and SSLava.
• Designed and implemented the secure remote management bootstrap protocol.

Primary development environment was C on FreeBSD 4 and AlchemyOS, a FreeBSD-based multiuser, high performance, embedded OS supporting clustering on commodity hardware.

COMSEC Engineer

Terisa Systems, Inc. (acquired by SPYRUS, Inc.)

January 1996 – October 1998

Lead engineer for Terisa's Secure Electronic Transactions (SET) effort, including development of SETREF, the reference implementation distributed by Visa and MasterCard, and SecureWeb Payments (SWP), Terisa's commercial SET toolkit. Responsibilities and accomplishments included:

• Managed nearly all aspects of both SET products including product specification, scheduling, testing, documentation, and release.
• Responsible for the designed and implementation of:
  • Both SETEF and SWP, including as test tools and documentation;
  • Core ASN.1 tools used for Terisa's SET, SSL, and TLS projects, including an ASN.1 to C compiler, based on Lex and Yacc, with a runtime codecs for BER and DER (ISO/IEC 8825-1 / ITU-T X.690);
  • Build system makefile generation tool, written in Perl;
  • C++-like ODL to C compiler, based on Lex and Yacc, that generated object-oriented C code to process SET PDUs, complete with multiple inheritance, RTTI, polymorphism, and data encapsulation;
  • Spyrus' Server-to-server Translating Replication Adaptor Plugin (STRAP) plugin for the slapd LDAP directory server, enabling on-the-fly translation between different LDAP schema.
• Participated in the design of the SET protocol with MasterCard and Visa.
• Assisted in performing due diligence during acquisition proceedings.

Primary development environment was C on SunOS 4.

Previous work experience available on request

Publications

The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX

Korver, B., RFC 4945, August 2007

Quota and Size Properties for Distributed Authoring and Versioning (DAV) Collections

Korver, B., Dusseault, L., RFC 4331, February 2006

Guidelines for Writing RFC Text on Security Considerations

Rescorla, E., Korver, B., IAB, RFC 3552, July 2003

SSLACC: A Clustered SSL Accelerator

Rescorla, E., Cain, A., Korver, B., Proceedings of the 11th USENIX Security Conference, August 2002

The Monte Carlo Method and Software Reliability Theory

Korver, B., Portland, OR: Portland State University Computer Science Department, PSU TR 94-1

Patents

Delivery of push notifications to an inactive computing device

Korver, Brian E. (Cupertino, CA, US), Thorpe, Jason R. (Cupertino, CA, US), Thirumalai, Gokul P. (Cupertino, CA, US), Wood, Justin (Sunnyvale, CA, US), 2014, United States, Apple Inc. (Cupertino, CA, US). Patent 9277530.

Method and apparatus for clustered SSL accelerator

Rescorla, Eric (Palo Alto, CA, US), Cain, Adam (Madison, WI, US), Korver, Brian (San Francisco, CA, US), Kroeger, Tom (Santa Cruz, CA, US), Kashtan, David (La Selva Beach, CA, US), Watkins, Craig (State College, PA, US), 2007, United States, Nokia Corporation (Espoo, FI). Patent 7305450.

Education

MS Computer Science, Specialized in Systems

Stanford University

Winter 1996

BA in Linguistics and Mathematics with minors in Computer Science and Spanish

Portland State University

Spring 1994

Languages

English, Spanish, and a little Japanese

References

Available upon request

Keywords

Algorithms, ASN.1, BER, BSD, C, C++, CEP, Clustering, Cocoa, Compiler, Condition Variable, Cryptography, CVS, DER, Distributed Systems, Embedded OS, Encryption, Foundation, FreeBSD, GCD, GIT, ICE, IETF, IKE, IP, IPC, IPSec, ISAKMP, Java, LDAP, Lex, Linux, Macintosh, Multi-Programming, Multi-Threaded, Mutex, NetBSD, Object-Oriented, Objective-C, OOD, OOP, Perl, PHP, PKCS, PKIX, RCS, Read-Write Lock, RFC, RPC, RSA, S-HTTP, S/MIME, SCEP, Security, Semaphore, SET, SNMP, Shell Script, SQL, SSL, STUN, SVN, TCP/IP, Threaded, TLS, TURN, Unix, X.509, XDR, Yacc.