Phil Dibowitz's Resume

I am a Systems Architect with 10 years of experience designing and running systems on both Linux and Solaris and a degree in Computer Science and Computer Engineering.

I enjoy designing large UNIX-based infrastructures, as well as systems security and related areas. I'm not currently seeking employment; however, I'm always open to the right opportunity.

I have a strong presence in the open source community, having not only my own software (IPTState, concordance, check_x509, mime_dump), but also contributing to many projects from the Linux kernel to IP Filter. As a systems administrator, I pride myself on always solving problems the right way - not the easiest or quickest way - but the best way possible. Putting forth the effort to do something properly the first time may take a little longer initially, but reduces downtime and cost while increasing manageability, reliability, and scalability in the long run. Lastly, I'm very proactive; I have the drive to seek out projects that need to be done and tackle them.

Thank you for your time,
Phil Dibowitz
+41 (79) 247-2510
phil@ipom.com

WORK EXPERIENCE

Google (2008 - 2010 - Zurich, Switzerland)

Site Reliability Engineer, Gmail

Planned and tested migration of Gmail to next-generation internal storage infrastructure, including training of other team members
Oncall duties for Gmail's infrastructure including web frontend, imap/pop frontend, backend, storage, delivery, anti-spam, anti-abuse components
Worked with developers to productionize next-generation anti-abuse and anti-spam systems
Near-complete re-write of Gmail-specific machine-management software
Developed scripts to ensure correct load balancing configurations
Extended existing configuration management systems for new products and needs
Developed new procedures for integrating with other teams and core Google infrastructure
Restructure how new releases get their first production traffic to provide greater flexibility, monitoring, and reliability
Wrote software to audit and correct file permissions issues
Wrote and organized documentation for many of Gmail's existing and upcoming systems
Taught classes for new employees and engineers transferring to SRE

Ticketmaster (2005 - 2008 - Los Angeles, CA)

UNIX Systems Administrator (2005 - 2006)
Senior UNIX Systems Administrator (2006 - present)

Managed ~3000 Linux systems
Architected and implemented a large-scale PKI infrastructure using RSA Keon software for more than 60,000 certificates spanning more than than 16 certificate authorities (CAs) including writing policy and training staff
Co-designed the PKI-based authentication system for web-services project for interfacing with partners
Developed a plug-in to the preexisting system configuration software to effectively handle Identity, User, and Access management (Perl)
Developed dynamic pluggable software for provisioning, modifying, and decommissioning DNS, NFS storage, and VMWare (GSX) virtual machines (Perl)
Developed daemon to report and graph incoming sessions across load-balancing layer (Perl)
Developed utility to generate utilization reports for on-sale periods (Perl)
Part of the team that developed and maintained in-house system configuration and other software (Perl, C, Ruby)
Wrote various scripts such as Netscaler configuration generator, monitoring aggregator, and others to improve team efficiency (Perl and Ruby)
Rolled out hardware, OS, and configuration for several new projects such as TicketExchange and Web Services
Worked directly with application developers to debug various production problems (C++)
Rolled out keepalived to single-point-of-failure systems to ensure redundancy and reliability
Trained new staff on our systems, software, and policy
Wrote documentation for various systems, products, and software

Information Services Division - USC (2003-2005 - Los Angeles, CA)

Systems Architect and Administrator

Managed ~300 Solaris SPARC systems
Restructured and redesigned the DNS servers to achieve higher reliability, better performance, and easier maintainability
Rolled out a Shibboleth (shibboleth.internet2.edu) infrastructure, a system for data release approval and implementation, and documentation, as well as provided feedback and documentation to the Internet2 community
Worked with the portal team to setup Load Balancing and SSL offloading for our uPortal roll out. Found and reported bugs with Apache and Tomcat for SSL offloading issues
Replaced all console servers with Cyclades and Conserver to give better performance, redundancy, and desired features
Designed and deployed a key-management system for passphraseless keys that need to be securely distributed, managed, and updated for automated systems
Helped design next-generation Identity and Rights Management system being developed in-house
Designed and implemented a system for maintaining Active Directory DNS records on the USC UNIX DNS servers (for 30+ AD domains across campus), which were previously maintained by hand
Maintained the MIT Kerberos V realm
Acted as a signer for the USC Certificate Authority, helped in Certificate Policy decisions, created the KCA as a subordinate Certificate Authority
Deployed Nagios as a group-wide monitoring service, and provided monitoring services to other groups within our organization giving our department better response time to problems, and a better idea of what effect problems have (Nagios monitored 320 hosts and 1175 services)
Organized PGP education and documentation as well as key signing parties to enable encrypted and/or signed email as appropriate
Trained various student employees on software installation, UNIX theory, and shell scripting
Planned and implemented the disabling of telnet and FTP in favor of SSH to increase security

Stream Exchange (2002-2003 - Los Angeles, CA)

Systems Administrator

Planned and implemented a central user information and authentication database with OpenLDAP, nss_ldap, and pam_ldap
Setup a secure multi-domain mail server using Qmail, Vpopmail, Qmailadmin, and Courier IMAPd
Wrote full system documentation for all 14 servers, the network in general, and multiple procedures and services
Wrote many scripts to automate load balancing, booting, and other procedures
Authored new, as well as edited and commented existing Perl/CGI scripts for secure transactions using Verisign Payflow Pro for processing
Installed, configured, supported, and trained staff on Oasis Ad Server
Installed, configured, and trained staff on RT2 Ticketing for customer support issues
General maintenance and patching of 14 Linux web servers

MySmart Solutions (2001-2002 - Los Angeles, CA)

Unix and RADIUS Systems Administrator and Network Engineer

Previous positions left off for brevity

EDUCATION

University of Southern California
B.S. in Computer Engineering Computer Science

SKILLS

UNIX: Solaris 2.6 - 9, Linux (2.2 - 2.6)
Services & Firewalls: IP Filter, IP Tables, IP Chains, Apache, MySQL, BIND, MIT Kerberos, Sun Disk Suite, OpenSSH, Linux Software Raid, TCP Wrappers, Cyrus IMAPd, LVM2
Devices: Netapp, Decru, Foundry, Netscaler
Languages: Perl, Shell (bash, korn, bourne), Python, C++, C, CGI, (X)HTML, CSS
Certifications: Sun Security Administrator - Solaris 9

PERSONAL PROJECTS AND PUBLICATIONS

Wrote and maintain IPTState, a popular open-source tool for monitoring Linux IPTables firewalls (http://www.phildev.net/iptstate/)
Maintain the unusual devices table in the Linux USB-Storage driver
Co-authored Over-Zealous Security Administrators Are Breaking The Internet; Published in the 2002 USENIX LISA Proceedings (http://www.usenix.org/events/lisa02/tech/vanderberg.html)
Official IP Filter FAQ (http://www.phildev.net/ipf/)
Co-founded the MSS Initiative (http://www.phildev.net/mss/)
Documentation for Sun PPPoE (http://www.phildev.net/solaris/)
Other software including Concordance, check_x509, and mime_dump and documentation projects including PGP and SSL/X.509 (http://www.phildev.net/)

References available on request.

Phil Dibowitz
+41 (79) 247-2510
phil@ipom.com