Greater Detroit Area
- Current
-
- Advisor at Hab.la
- Advisor at Peekok
- Advisor at After The Deadline
- Board member at Appropriate Technology Collaborative
- VP Engineering at Zattoo
- Advisor at VMCraft
- Co-Founder at Ann Arbor Skatepark Action Committee
- Advisor at Mu Dynamics
- Founder at monkey.org
- Past
-
- Technical Board member at VOIPSA
- Chief Security Architect at Arbor Networks
- Team Member at The Honeynet Project
- Principal Security Architect at Arbor Networks
- Hacker at OpenBSD
- Technologist at Center for Information Technology Integration, University of Michigan
- Security Architect at Anzen Computing
- Systems Research Programmer / Security Administrator at University of Michigan Information Technology Division
- Recommended
-
6 people have recommended Dug - Connections
-
500+
connections
- Industry
- Computer Software
- Websites
Dug Song’s Experience
-
Advisor
Hab.la
(Computer Software industry)
2009 — Present (less than a year)
Hab.la is 'Dial 0 for operator' on the web! Website visitors can chat via Hab.la's hosted web widget, connecting to website operators using their favorite instant messaging service (AIM, Google, Yahoo, MSN, Jabber, etc.).
Several thousand website operators are connecting with their audience through Hab.la to guide a sale, answer a question, or simply have a chat. Do you hab.la with your users? :-) -
Advisor
Peekok
(Computer Software industry)
2009 — Present (less than a year)
Peekok provides a suite of brand-transparent, turnkey, digital services for retail sales, increased fan engagement, and viral marketing for the music industry.
-
Advisor
After The Deadline
(Computer Software industry)
2009 — Present (less than a year)
After The Deadline brings cutting-edge contextual spell checking, grammar checking, and style checking to the web, in a seamless service integration with the most popular online publishing tools and platforms (WordPress, TinyMCE, etc.). Through a combination of carefully-tuned statistical machine learning and NLP techniques, AtD's sophisticated language models can catch and suggest corrections to subtle errors in context - even in poetry! http://bit.ly/badpoetry
-
Board member
Appropriate Technology Collaborative
(Design industry)
2009 — Present (less than a year)
The Appropriate Technology Collaborative (ATC) is a nonprofit organization whose mission is to design, develop, demonstrate and distribute appropriate technological solutions for meeting the basic human needs of low income people in the developing world. ATC works in collaboration with its clients and other nonprofits (NGOs) to create technologies that are culturally sensitive, environmentally responsible and locally repairable in order to improve the quality of life, enhance safety, and reduce adverse impacts on their environment.
-
VP Engineering
Zattoo
(Privately Held; Internet industry)
2007 — Present (2 years)
As VP Engineering, I oversee the development and delivery of Zattoo's Internet TV service, including application and server development, quality assurance, service infrastructure and operations, and tools acquisition and development.
- Built and mentored a lean, elite international development and operations team from 6 full-time engineers
- Grew our userbase from 400k to ~5 million registered users in 24 months
- Expanded service to the UK, Spain, Germany, France, Belgium, and Norway
- Coordinated new channel, radio station, and ad product launches and campaigns for delivery in as little as 2 days
- Integrated with the largest third-party ad networks in Europe
- Serviced Europe's biggest flash crowds during Euro 08 and the Olympics
- Deployed full PAL-resolution IP multicast service with a national telecom provider
- Co-branded P2P service with one of Europe's largest pay TV operators
- Subscription payment platform for high-quality and premium channels -
Advisor
VMCraft
(Computer & Network Security industry)
2007 — Present (2 years)
VMCraft is a small, elite Korean security firm with a fast, secure desktop virtualization product that inverts the usual paradigm: instead of sandboxed execution of untrusted code to protect the host OS, they provide secure (failsafe) virtualized execution environments safe from underlying host compromise. Sounds impossible? Think exokernels...
-
Co-Founder
Ann Arbor Skatepark Action Committee
(Civic & Social Organization industry)
2007 — Present (2 years)
With Ann Arbor Public School teacher and lifelong skater Trevor Staples, built a grassroots organization of over a thousand community members and civic leaders to build a free, public, concrete skatepark at Veterans' Memorial Park in Ann Arbor, MI.
We are also supported in our mission by members of the Ann Arbor City Council, Parks and Recreation Services Unit, Park Advisory Commission, Ann Arbor Area Community Foundation, Community Action Network, Neutral Zone Teen Advisory Council, Ann Arbor State Street Area Association, Ann Arbor Main Street Area Association, Ann Arbor South University Area Association, Ann Arbor Commission in Art in Public Places, and many other institutions and local businesses.
With the unanimous approval of the memorandum of intent and fund agreement by City Council on Dec 1, 2008, we are currently raising $1M for our design/build fund, including an endowment to be granted to the city for maintenance. -
Advisor
Mu Dynamics
(Privately Held; Information Technology and Services industry)
2006 — Present (3 years)
Mu Dynamics pioneered the security analyzer market, and is shipping the industry's first security analyzer product - an automated test platform to methodically break and analyze any network device that speaks TCP/IP, especially for VOIP, IPTV, and IMS NGN applications at global service providers and MSOs. Scary good stuff.
-
Founder
monkey.org
(Privately Held; 1-10 employees; Internet industry)
1996 — Present (13 years)
International online monkey cult.
-
Technical Board member
VOIPSA
(Non-Profit; 11-50 employees; Computer & Network Security industry)
2006 — 2007 (1 year)
Vendor-neutral industry alliance leading the charge on securing Internet telephony through research, advocacy and open standards work.
-
Chief Security Architect
Arbor Networks
(Privately Held; 51-200 employees; Computer & Network Security industry)
2003 — 2007 (4 years)
Built and led 3 teams to deliver 3.5 products over 7 years to address both service provider and enterprise markets. Arbor has doubled revenue every year since inception to become a $80M company with customers in over 20 countries.
Architect of Peakflow X, the world's first network behavioral analysis system for internal security, safe worm quarantine, and behavioral threat detection. Moved to NYC briefly to land our first Fortune 100 financial accounts. Led the market through customer wins, innovation, press, and our first enterprise sales channel: an OEM deal with ISS (now IBM). Now protecting the internal networks of the largest enterprises in the world.
Architect of ATLAS, an Internet-scale early warning and intelligence service fed by global Peakflow SP and X deployments, third-party data feeds, automated malware and botnet analysis systems, and the world's largest distributed honeynet, capturing traffic destined for pullup routes at major providers across the globe. -
Team Member
The Honeynet Project
(Computer & Network Security industry)
2001 — 2003 (2 years)
The Honeynet Project was the first organized, public attempt to capture and study Internet attacks in a low-level, systematic way through the use of deception, funded in part by the CIA's National Intelligence Council. The project's tools and publications paved the way for globally-scoped Internet threat monitoring and analysis years later by research groups in both industry and academia.
-
Principal Security Architect
Arbor Networks
(Privately Held; 51-200 employees; Computer & Network Security industry)
2000 — 2003 (3 years)
Founding architect - recruited the dev team, bootstrapped the company from day one with management, infrastructure, and a fun, engineering-driven culture. Represented Arbor to investors, customers, press and analysts. Authored several patents.
Managed Peakflow DoS through the first customer wins that positioned us in a year to expand into traffic engineering and managed services applications. Survived the telecom nuclear winter to achieve market dominance, now deployed at over 70% of the world's Internet service providers, successfully protecting the Internet from the largest distributed denial of service attacks since 2000.
Developed the world's first blackhole monitor, instrumenting a legacy class A network to track global worm, scan, and DDoS backscatter activity (commercialized as an Internet early warning system for the US Department of Defense). Caught and tracked the rebirth of the Internet worm (CodeRed, Nimda, etc.), the first since the Morris worm of 1988. -
Hacker
OpenBSD
(Non-Profit; 11-50 employees; Computer & Network Security industry)
1996 — 2001 (5 years)
Userland, kernel hacks, mailing lists, documentation, rides to Canada for crypto commits, etc. Spun out OpenSSH, and pulled a bunch of {umich,monkey,security} developers into the project. Produced the first OpenBSD t-shirts at Defcon 6, designed by nemickol@monkey (who went on to do graphics through 2.4), and edited the monkey FUQ, which became the OpenBSD FAQ.
-
Technologist
Center for Information Technology Integration, University of Michigan
(Research industry)
1999 — 2000 (1 year)
Developed the IETF reference implementation of RPCSEC_GSS (portable userland and Linux kernel code) for NFSv4 sponsored by Sun Microsystems (now shipping in Mac OS X and Linux).
In the course of a pentest ordered by DrHoney: Cracked Citrix's proprietary ICA encryption algorithm, wrote the ARP + DNS spoofing / SSH + SSL man-in-the-middle / password + mail + file + IM sniffing / traffic shaping tools that became dsniff, added Kerberos v4 support to John the Ripper to crack an entire AFS cell remotely, and ended up with all the passwords for the Regents of the University (and a few thousand extra ;-)
Published the first successful security breaks of Check Point Firewall-1 with horizon and Thomas Lopatic at the Blackhat Briefings, resulting in Service Pack 4 and NG.
Developed traffic analysis attacks against the SSH protocol with Solar Designer, presented at HAL 2001 (and independently developed by Dawn Song and David Wagner). -
Security Architect
Anzen Computing
(Privately Held; 1-10 employees; Computer & Network Security industry)
1997 — 1999 (2 years)
Developed a network intrusion detection system that modelled vulnerabilities, not exploits, through deep protocol analysis and statistical and specification-based anomaly detection. Lead developer, pre-sales engineer, technical marketing, training, post-sales support, and everything in-between. Classic startup burnout. Acquired by NFR Security.
fragrouter, tcpreplay, and some other IDS testing tools presented at RAID '99 came out of this as well.
Integrated TIS Gauntlet, Checkpoint Firewall-1, and F-Secure VPN products in their heyday for financial service providers, fed/gov, and Fortune 100 enterprises when we were a well-regarded boutique consultancy with a booming VAR business. -
Systems Research Programmer / Security Administrator
University of Michigan Information Technology Division
(Educational Institution; 10,001 or more employees; Higher Education industry)
1994 — 1997 (3 years)
Managed security for the general-purpose campus computing environment: >30k active users, over 200k principals across the world's largest production Kerberos realm / AFS cell. Wrote the first Kerberos/AFS support for SSH. Heavy-duty realtime log analysis, deep forensics, incident response, AFS-hosted machine re-imaging via synctree, adaptive IP filter firewalling, sneaky (self-trojaned) host security.
Additional Information
Dug Song’s Websites:
Dug Song’s Interests:
humanitarian and development work, open source, computer security, skateboarding, subcultures of every stripe
Dug Song’s Groups:
USENIX, ACM, VA-NGO, w00w00, OpenBSD, OpenSSH, a2geeks, a2newtech, a2skatepark
-
International TV Professionals -
Python Community -
a2b3 - Ann Arbor Bi Bim Bop -
The Residential College -
Black Hat Speakers -
Black Hat -
Information Security Community (30,000+ Members) -
University of Michigan Alumni -
iptv -
Michigan Engineering -
USENIX Association -
Center for Information Technology Integration -
NANOG - North America Network Operators Group -
Internet TV -
OpenBSD -
MPowered Entrepreneurship (UofM) -
monkey.org -
Television Broadcast Technologies -
Security Leaders Group -
Zattoo -
University of Michigan EECS Alumni Society -
a2skatepark -
TIECON MIDWEST 2009 -
a2geeks -
DEFCON Groups Chapter 734 -
Arbor Networks -
University of Michigan Tech Transfer -
Ann Arbor Startup Execs -
Mu Dynamics -
Ann Arbor New Tech Meetup -
Momentum-MI -
University of Michigan Bay Area Entrepreneurship Trip -
Cloud Security Alliance -
CoffeeHouseCoders -
Geeks On A Plane -
Ignite Ann Arbor
Dug Song’s Honors:
Program Committee, USENIX Workshop On Offensive Technologies (WOOT), 2009
Panelist, Futurtech, 2008
Program Committee, Bellua Cyber Security, 2008, Indonesia
Program Chair, USENIX WOOT, 2008
Program Committee, USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008
Program Committee, VNSECON 2007, Vietnam
Presenter, EUROSEC 2007, France
Program Chair, USENIX WOOT, 2007
Program Committee, USENIX Security, 2007
Program Committee, USENIX Workshop On Recurring Malcode (WORM), 2006
Presenter, Korea University CCS, 2006
Presenter, Microsoft Bluehat, 2005
Presenter, IAAC Secure Britain Masterclass, 2004, UK
Presenter, SyScan, 2004, Singapore
Presenter, FIRST, 2002
Presenter, CanSecWest, 2002
Presenter, Hackers At Large, 2001, Netherlands
Presenter, Information Security Olymfair, 2001, Korea
Presenter, CanSecWest, 2001
Presenter, Black Hat Briefings, 2000
Presenter, USENIX Technical, 2000
Presenter, Recent Advances in Intrusion Detection (RAID), 1999
