Matt Hargett Mountain View, California Goal: To drive light-weight engineering practices to improve productivity and deliver quality software for business advantage. I strive to commoditize everything I learn through quality execution, hands-on mentoring, writing books and articles, and presenting at conferences. Work History: Riverbed Technology 3/2012- - strategic planning and tactical execution for incremental Lean/Agile rollout across multiple product teams responsible for $700m in revenue - drove light-weight improvements in project planning, estimation, exec-level visibility - train 70+ developers, executives, product managers in Lean/Agile practices - improve business continuity by removing SPoF and arranging paid support for critical infrastructure - configure and deploy a Jenkins CI, and project 10' status used by 50+ developers - reduce code breakages with highly parallel virtualized Acceptance Test framework - dramatically improve product performance by coordinating validated toolchain upgrade - coordinate with Google and FSF GCC developers to implement improvements - decrease build times by >30% through various networking, tool, and OS improvements BlueCoat Systems 10/2008-2/2012 - strategic planning for incremental, worldwide rollout of lean/agile practices - drove dramatic improvements in quality and delivery times for demonstrable ROI - created 3-day course on OO, Lean, and TDD; trained 100+ employees worldwide - hands-on mentoring of executives, project managers, programmers worldwide - refactoring, unit testing, and static analysis of legacy C++ & Java - heavily leveraged open source by arranging funding, contributing patches, filing bugs, and coordinating both public and private deployments - improve product performance and developer productivity by designing and arranging funding for improvements to GCC and Eclipse Pivotal Labs 8/2006-8/2008 - improved profitability and team scalability with agile practices for clients - hands-on mentoring with project managers, junior and senior programmers - refactoring, unit testing, and static analysis of large, dense legacy codebases and new projects in JS, Ruby, Java, C++, and Python - leveraged and contributed to various open source projects imeem, inc. 1/2006-7/2006 - mentored executives and geographically disparate developers in XP practices - integrated user stories, planning game, and velocity into PM process - hands-on refactoring, unit testing, and static analysis of C# code - implemented continuous build that unit tested, measured code coverage of tests, and did static code analysis - funded, leveraged, and contributed to various open source projects LogicLibrary, Inc. 9/2004-9/2005 - director of local and outsourced agile development teams - represented company in technical presales, analyst/press presentations, etc - deployed new features every week and maintained strict quality - managed/mentored junior and senior engineers locally and remotely - reverse engineering, programming, debugging, and unit testing - discovered several novel, exploitable security vulnerabilities - funded, leveraged, and contributed heavily to various open source projects BugScan, Inc. (acquired by LogicLibrary, Inc) 2/2003-9/2004 - founder of company, director of development - brought product to market in 6 months in a self-funded environment - drove company to profitability and then high ROI acquisition - hired, managed, and mentored several local and remote developers - programming, testing, debugging, reverse engineering - discovered several novel, exploitable security vulnerabilities Cenzic, Inc. (formerly ClickToSecure, Inc.) 9/2001-1/2003 - defined/implemented agile development, QA, and source control processes - designed/implemented use case and defect tracking in ClearQuest - automated builds, blackbox testing, static/runtime analysis - programming, debugging, unit testing, reverse engineering - discovered several novel, exploitable security vulnerabilities TurboLinux 3/2000-3/2001 - managed QA engineers through a product release cycle - manual code review and automated static analysis - created automated test suite for dozens of Linux packages Network Associates, Inc. (now McAfee) 12/1997-2/2000 - created whitebox QA and automation teams, improving quality and delivery times - designed/deployed company-wide defect tracking system, using ClearQuest - managed QA teams on several product releases - worked with product managers to ensure product security and reliability - discovered several novel, exploitable security vulnerabilities Blackburn College 8/1996-6/1997 - created and deployed Netscape/POP3 mail migration tool for entire campus - administration, security, and other systems management on NT and HP-UX Cityscape Communications 6/1995-6/1997 - administration and network security on Linux 1.x and Windows NT Education: - Blackburn College, CompSci Major, 1996-1997 Publications/Speaking Engagements: - speaker, ACCU: Pragmatic Unit Testing in C and C++ - speaker, Seacure.it: Automated Exploit Detection - speaker, Bay XP: Pragmatic Unit Testing, a tour of open source tools - co-author, Pragmatic Unit Testing in C#, 2nd edition - speaker, SecurityOpus: Automated Exploit Detection in Binaries - teacher, BlackHat USA: Cutting Edge Code Analysis Techniques 2-day class - speaker, Defcon 14: eXtreme Programming on Open Source Projects - speaker, Defcon 14: Automatic Exploit Detection in Binaries - author, Software Test & Performance: Test-Driven Development from the Trenches - speaker, Software Security Summit: Software Security Without the Source Code - speaker, EclipseCon: Finding Security Vulnerabilities using Eclipse - speaker, North Bay Linux User Group: Finding Exploitable Bugs in COTS Software - author, Security Advisory: Trillian 3.1 Remotely Exploitable Overflow Vulnerability - speaker, Software Security Summit: Application Security from the Inside-Out - speaker, Google Tech Talk: Finding Exploitable Buffer Iteration Bugs in COTS Software - book contributor, Exploiting Software: gave extensive notes, listed in acknowledgements - co-teacher, Blackhat Europe and Blackhat Windows: Rootkit Training 2-day class - speaker, Blackhat Windows: Implementing Security in the Development Process - author, Security Advisory: Internet Explorer 5 for UNIX Multiple Vulnerabilities - speaker, Defcon 8: Testing Firewalls, VPNs, and IDSes with open source tools - author, Security Advisory: NetBSD Remote Denial of Service Vulnerability Open source contributions: - cgreen, mockitopp, pmccabe, GCC, nmap, Eclipse, Cygwin, scummvm, FreeSCI, findbugs, SharpDevelop, mono, CruiseControl, bugreport