I've worked as an independent consultant since 1984, with a break from 1990 through 1996 for graduate work and government service. Since 1996 I've worked exclusively in research and development for information security. I mostly work in the areas of distributed security, formal methods for security policy modeling/specification/analysis, covert channel analysis, resource-based security, lattice-dependent security, Kuhnian paradigmatic aspects of the computer security mindset, and related areas, along with organizational/enterprise security policy consulting, evaluation, high-level training (including pedagogical aspects of security), and architectural review. I also offer custom high-level tutorials in specific information security topics.
You can find out more about me by reading my curriculum vitae (CV) provided in PDF.
I've also provided some of my selected peer reviewed publications in PDF (with BibTeX source).
I've included my academic genealogy, which contains some fascinating scientists.
For ancient historical (pre-Google) purposes, you can look at my 1999
(last update), ancient hand-coded HTML web page for an example of a
typical personal web page circa 1994-1999 (I never throw anything away).