| Contact Information | |
| Name: | Hemant Thakkar |
| Email: | hemant (at) trusttone (dot) com [email concealed] |
| Location: | Cupertino, California, United States |
| Resume | |
| Position/Title: | Application Security Architect |
| Resume: |
Hemant Thakkar (408) 507 0587 ? hemant (at) trusttone (dot) com [email concealed] ? 10685 Morengo Dr. Cupertino, CA 95014 Background ========== Provide significant contribution by architecting technology solutions right for the organization and the users. As Enterprise/SOA security Architect, my objective is to help define, evaluate system architecture and deployment with focus on security aspects. Particularly of interest are J2EE systems, Single Sign-On, Federated Single Sign-On, Certificate Management, Authentication and Authorization infrastructures. Experience and skills ===================== Strong technology knowledge and wide ranging business experience. Ability to understand details as well as big picture of technology and its impact on users and business. Technology: Deep understanding of security architecture, networking and database software technologies. Thorough understanding of Public Key Cryptography, Identity Based Encryption, Digital Rights Management (for media and for enterprise), Identity Management Systems, Object-oriented methodology and Software architecture. Skills: ------ RSA Public Key Cryptography, AES, 3DES, X.509, SMIME, SAML, WS-Security, WS-SecurityPolicy, Certificate management, Single Sign-On, Federated Single Sign-On, HP Select Federation UML modeling, XML, Eclipse IDE, J2EE, Java, PHP. Product requirement analysis and definition, project management, Product delivery. 11/2007 – TrustTone Communications, Inc Architect, Developer ================================================================ Architected and developed Web-based document signing portal for TrustTone. The system uses true digital signatures using asymmetric cryptography and significantly reduces paperwork-time for businesses for NDAs, contracts etc. The project is developed in PHP 5 using Symfony MVC framework. 10/2007 – 11/2007 Intel Corporation Security, Service Architect =================================================================== Consultant for security and backend service architecture for Intel’s Smart Card project. Used Global Platform standards and 3-tier service design for defining high level use cases and architecture for the system. 4/2007 – 10/2007 TrustTone Communications, Inc Security Architect, Product Marketing ========================================================================================= Productization of new releases of TrustTone Stealth encryption and rights management (DRM) product. Architecture for new TrustTone products for digital signatures and non-repudiation. 9/2006 - 3/2007 Kaiser Permanente Federated Single Sign-On Security Architect =================================================================================== Architected (use cases, design, and configuration) and implemented Federated Single Sign-On (FSSO) infrastructure for Kaiser Permanente. Also implemented automated test harness using Selenium for verification of FSSO environment. The architecture used HP's Select Federation product for in-bound and out-bound FSSO sessions and supported both Idenitity-Provider and Service-Provider partners of Kaiser. The implementation supported partners with SAML 2.0, SAML 1.1 and Liberty protocols. The project went into operations without any significant issues. 2/2006 - 8/2006 TrustTone Communications, Inc Security Architect, Product Marketing ========================================================================================= Re-architecture of TrustTone PKI server. Better, more modular, architecture supports cleaner protocol for certificate management, revocation. It also supports newer Identity Based Encryption model for seamless support for encryption and digital signature. Designed the interface to connect with the Paypal payment system for eCommerce. The system supports eCommerce transaction and integrates the transaction results with the TrustTone IB-PKI server backend. It supported Web-based payments using Paypal accounts and credit cards in B2C and B2B environements. Project with Schwab for authorization use cases analysis and architecture for policy based authorization. 6/2005 - 2/2006 Kaiser Permanente SOA Security Architect ============================================================== Under Service Oriented Architecture (SOA), Kaiser has initiated a project for deploying an Enterprise Service Bus (ESB) to serve as a common infrastructure for Web service deployment and enterprise application integration. As the ESB Security Architect, I analyzed WS-Security products leading to final product selection, defined design patterns to be used in various deployment phases, defined deployment of authentication, authorization and data secrecy and integrity components along with identity management infrastructure as pertinent to ESB. Deep knowledge of WS-Security standards and industry practices in the space (e.g. SAML, WSSE, WS-Trust, WS-Policy, XACML) Environment was based on WebSphere 6.0, Oblix CoreID, Tivoli Access Manager, AmberPoint, Systinet and used RAD 6.0 for development environment. 2002 – 6/2005 TrustTone Communications, Inc Founder, CEO ============================================================ Co-founded and led the company through the market and product definition, architecture, strategy and implementation stages. Built the team, set up board of advisors and delivered a large, complex product based on innovative technology solving a critical problem in information security space. The technology, called Identity Based Public Key Infrastructure (IB-PKI), created the first true peer-to-peer, zero administration infrastructure for authentication, data encryption, rights management, secure transactions and electronic signatures. The technology combines strong security (PKI-based) and ease of use to bring encryption and signatures to a large non-tech-savvy population. The architecture is highly scalable and resource efficient for its functionality. The IB-PKI provides a building block for single-sign-on and is architected to support SAML and WS-Trust models. Analysis and architectural design of PIV (Personal Identity Verification) smart card system for interfacing TrustTone IB-PKI system with the Government Smart Card Specifications. 2000 - 2001 Clearwater Networks, Inc. Product Management Consultant ===================================================================== Clearwater Networks had developed massively hyper-threaded CPU for networking applications. I defined the hardware-software architectural partition and custom software architecture to match and leverage the unique dynamic multi-threading based processor architecture. The software architecture allowed operating system to leverage hardware threads available in the processor. As an interface between the engineering and marketing team, I helped with the product management. Managed system products (Software and Hardware Developer’s Kits) suitable for design wins for Clearwater Network Services Processor. This involved driving multiple teams to deliver the products. Convinced the teams and the management to take a different direction for software products to better suit the customer needs. 1996 - 1999 Angara Database Systems Founder, V.P. of Engineering ================================================================ Co-founded the company to serve the need for an extremely high performance in-memory relational database (IMDB) in telecommunications and eCommerce market. We successfully raised $2.5 million in the first round of funding from Kleiner-Perkins and $8 million in the second round of funding from tier-1 venture firms. Created and released enterprise-class IMDB products for Unix and Windows NT platforms. Both products were shipped to and deployed by the customers. As VP of Eng., I was responsible for the project planning, design, hands-on implementation, team-building and promoting the product to numerous customers and investors. 1992 - 1996 Taligent Technical Manager ========================================= Technical Lead, EMail Messaging Framework Managed the engineering group and delivered an object-oriented messaging framework for Taligent platform. I lead the project from its inception, built a team for the project, defined the market requirements, provided the design leadership and delivered the product. I also managed relationships with marketing group and associated companies, IBM and HP. The technology developed created a foundation for the groupware applications. Also designed and implemented security foundation including DES encryption and key chain packages needed for the messaging system. Senior Engineer, Networking Framework Along with a team, I designed the object-oriented networking framework. Designed and implemented ASP (a Session Protocol) and AFP network protocol plug-ins for Taligent’s networking framework. Prior Apple, Convergent Tech., … Senior Software Engineer ============================================================ From 1983 to 1992, I worked at Apple, Convergent Technologies, Viatel and Incomnet as senior software engineer designing and implementing various networking software products. Patents ======= 1 5,758,153 Object oriented file system in an object oriented operating system 2 5,504,892 Extensible object-oriented file system 3 Three patents pending on Identity Based Encryption using Public Key Infrastructure Education ========= 2002 Advanced Management College Stanford Business School Executive Education 1982 Master of Engineering in Electronics and Communications Engineering Indian Institute of Science, Bangalore, India. 1980 Bachelor of Engineering in Electronics and Communications Engineering L. D. College of Engineering, Ahmedabad, India. Affiliations ============ Member of IEEE (Institute of Electrical and Electronics Engineers) Member of ACM (Association for Computing Machinery) Member of Infragard (Information professionals for protection of infrastructure) |