I work as an independent consultant in the field of information security (AKA cybersecurity, computer security, information assurance, or INFOSEC).
I've worked as an independent since 1984 with a break from 1990 through 1996 for graduate work and government service. Since 1996 I've worked almost exclusively in research and development for information security (or related areas) along with some high-level educational stuff and professional service.
I work in all sorts of areas (including non-security ones from time-to-time), but prefer the areas of distributed security, formal methods for security policy modeling/specification/analysis, covert channel analysis, resource-based security, lattice-dependent security, Kuhnian paradigmatic aspects of the computer security mindset and related areas, organizational/enterprise security policy consulting, evaluation, customized high-level training, and architectural review.
You can find out more about me by reading my curriculum vitae (CV) provided in PDF. Nothing dramatic has changed since I last updated it.
I've also provided some of my selected peer reviewed publications in PDF (with BibTeX source).
I've included my academic genealogy, which contains some fascinating scientists.
For ancient historical (pre-Google) purposes, you can look at my 1999
(last update), ancient hand-coded HTML web page for an example of a
typical personal web page circa 1994-1999 (I never throw anything away).