Seth James Nielson, Ph.D.
`410.497.7384
`seth@harborlabs.com
`
`
`
`
`Profile
`I am a Principal at Harbor Labs with specialties is network security, network communications, software architecture,
`and programming languages. With over a decade of industry and academic experience providing software
`development, software reviews, security reviews, cryptographic analysis, and technical training, I enable clients to
`succeed in their technology projects. I also have extensive experience as a technical expert having supported legal
`teams with analysis and insight on patents, DMCA, code theft, and trade secrets. In addition to providing numerous
`code reviews, expert reports, and technical analyses, I have been deposed several times and have testified at trial.
`
`
`
`
`
`
`
`Rice University
`Brigham Young University
`Brigham Young University
`
`
`
`
`
`Ph.D. in Computer Science
`M.S. in Computer Science
`B.S. in Computer Science
`
`
`
` I
`
`
`Education
`2009
`2004
`2000
`
` completed my Ph.D. at Rice University in 2009 where my thesis investigated questions of security and anonymity
`in peer-to-peer (P2P) systems like BitTorrent. In addition to my professional work at Harbor Labs, I am an Adjunct
`Associate Research Scientist at Johns Hopkins University where I teach network security classes, mentor student
`capstone projects, and engage in academic research.
`
`Adjunct Associate Research Scientist
`
`Lecturer
`
`Principal
`Senior Security Analyst
`Summer Intern
`
`
`Software Engineer II
`
`
`
`
`
`
`Academics and Research
`
`
`12/2014-Present Johns Hopkins University
`
`
`Teach graduate level courses on network security
`
`
`Advise student capstone projects
`
`
`Engage in academic research
`
`
`
`
`Johns Hopkins University
`1/2014-12/2014
`
`Teach graduate level courses on network security
`
`Advise student capstone projects
`
`
`
`
`Industry Positions
`
`
`
`2011-Present
`Harbor Labs
`2005-2011
`Independent Security Evaluators
`2005
`
`Google
`
`
`
`
`2001-2003
`Metrowerks (Formerly Lineo, Inc.)
`
`
`Academic Awards
`Brown Fellowship
`John and Eileen Tietze Fellowship
`
`
`
`PHONE
`
`FAX
`
`WEB
`
`3 Thornhaugh Ct., Baltimore, MD 21208
`
`410-415-3305
`
`410-264-2406
`
`www.harborlabs.com
`
`
`
`1
`
`USAA 1004
`
`

`
`2
`
`
`
`
`
`Patents
`
`Co-inventor: Orsini, R. 2014. Systems and methods for security data in motion. U.S. Patent 8,745,372 filed
`November 24, 2010 and issued June 3, 2014.
`
`Co-inventor: Orsini, R. 2014. Systems and methods for security data in motion. U.S. Patent 8,745,379 filed August
`20, 2012 and issued June 3, 2014.
`
`Co-inventor: O’Hare, R. 2014. Systems and methods for security data. U.S. Patent 8,677,148 filed January 27,
`2012 and issued March 18, 2014.
`
`
`JHU MSSI Capstones
`
`Research on the Heartbleed Vulnerability, Jingru Chen, Yaning Liu, Yifan Yu, Zhiyue Zu (May 2015)
`
`Buying Friends: Identifying Botnet Customers and Mapping Out Botnets on Twitter, Richard Eaton (May 2015)
`
`Security Techniques for Developing iOS Applications, Kartik Thapar (February 2015)
`
`Privacy and Threats in Bitcoin, Jie Feng, Jianxiang Peng, Likai Zhang (January 2015)
`
`
`
`
`
`
`
`
`Publications
`Seth James Nielson, PLAYGROUND: Preparing Students for the Cyber Battleground, Submitted to the Journal of
`Computer Science Education.
`
`Aviel D. Rubin, Seth J. Nielson, Sam Small, Christopher K. Monson, Guidelines for Source Code Review in Hi-Tech
`Litigation, Harbor Labs White Paper (September 2013)
`
`Seth James Nielson, Reintroducing Pylogical, BYU SEQuOIA Technical Report, (March 2012)
`
`Seth James Nielson and Dan S. Wallach, The BitTorrent Anonymity Marketplace, arXiv Technical Report
`1108.2718, (August 2011)
`
`Seth James Nielson, Caleb E. Spare, and Dan S. Wallach, Building Better Incentives for Robustness in BitTorrent,
`arXiv Technical Report 1108.2716, (August 2011)
`
`Seth James Nielson, Designing Incentives for Peer-to-Peer Systems, Rice University Department of Computer
`Science Ph.D. Thesis (2010)
`
`Seth James Nielson and Charles D. Knutson, Design Dysphasia and the Design Patterns Maintenance Cycle.
`Information & Software Technology, volume 48, number 8, pp. 660- 675, (August 2006)
`
`
`
`Seth James Nielson, Scott S. Crosby, and Dan S. Wallach, A Taxonomy of Rational Attacks. In Proceedings of the
`Fourth International Workshop on Peer-to-Peer Systems (IPTPS ’05), Ithaca, New York, (February 2005)
`
`
`
`2
`
`

`
`3
`
`
`
`
`
`Seth James Nielson, OO++ Design Patterns, GOF Revisited, Brigham Young University Department of Computer
`Science Master’s Thesis (2004)
`
`Seth James Nielson, Seth J. Fogarty, and Dan S. Wallach, Attacks on Local Searching Tools, arXiv Technical
`Report 1108.2704 (Originally produced in December, 2004, available on arXiv as of August 2011)
`
`Rob Kunz, Seth Nielson, Mark Clement, Quinn Snell, Effective Bandwidth for Traffic Engineering, in Proceedings of
`the IEEE Workshop on High Performance Switching and Routing (HPSR 2001), Dallas, TX, (May 2001)
`
`
`Selected Consulting and Industry Experience
`
`7/2015-Present Medical Device Security
`
`
`Confidential
`Client:
`
`
`Overview: Ongoing security evaluation of medical devices from a major manufacturer
` Principal consultant for a one-year, multi-stage engagement
` On-site interviews and discussion with technical staff
` Evaluation of physical hardware and networks, design docs, etc.
` Confirmation of reported vulnerabilities
` Security recommendations for current and future products
`
`10/2014-Present Device Certification Consulting
`
`Security First Corporation
`Client:
`
`Overview: Evaluate devices and software against regulatory requirements
` Evaluate products against HIPAA, FISMA, SOX, GLBA, NERC, ISO 27002 requirements
`
`8/2013-11/2014 Privacy Analysis in Forensic Data Collection
`
`Center for Copyright Information
`Client:
`
`Overview: Ensure that private information in copyright abuse tracking is adequately protected
` Interviews with technical staff
` Analysis of design and policy documents
` Recommendations for improved privacy protection
` Public executive summary available: http://www.copyrightinformation.org/wp-
`content/uploads/2014/11/Harbor-Labs-Executive-Summary.pdf
`
`7/2011-12/2011 Automated Security Tools
`
`Confidential
`Client:
`
`Overview: Development of automated tools for security testing
` Development of an automated, parallelized code coverage tool based on gcov
` Development of a tool for fuzzing iOS applications
`
`Development of Security-Related Software
`8/2005-9/2011
`Security First Corporation
`
`Client:
`
`Overview: Development of cryptographic library and sundry applilcations
` Technical lead of a secure communication library including prototype, design, and implementation
` Deployment of custom cryptographic library to filesystem encryption
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3
`
`

`
`4
`
`
`
` Hardware acceleration for cryptographic operations using CUDA and GPUs
` Development of custom cryptographic library for data at rest and data in motion
`
`Security Intern at Google
`Summer 2005
`
`Overview: Development of a fix for privacy loss in the Google Web Accelerator
` Analysis of the security flaw
` Design and implementation of a solution to the problem
`
`Software Engineer II at Metrowerks
`1/2001-9/2003
`
`Overview: Development of various applications for embedded Linux development
` Technical lead for the development of the SDK UI
` Technical lead for the development of a software update packaging system
` Technical lead for the development of a transparent remote script system
`
`
`
`
`
`
`
`
`
`
`
`
`Technical Expertise
`
`1/2001-Present Software Development
`
`
`Languages: C, C++, Java, Python, Objective-C, Assembly
`
`
`Targets:
`Applications, libraries, device drivers, simulators, networking stacks, graphics,
`
`
`
`
`server code, security code, pedagogical tools, utilities, automation, GUIs,
`
`
`
`
`intrusion detection systems, attack simulation technology
`
`
`Toolkits: QT, Boost, Twisted, SWIG, test harnesses, CUDA
`
`
`Platforms: Windows, Linux, iOS
`
`9/2004-Present Vulnerability and System Analysis
`
`Examples: Medical device security, Google Desktop Search (2004), crypto protocols, viruses, malware,
`
`
`
`passwords, cryptographic implementation, security policy viability,
`
`
`
`marketplace viability and risks of existing and future products
`
`Tools:
`IDA Pro, port scanning, Formal cryptographic analysis tools,
`
`
`
`GCov and code coverage tools, fuzzing
`
`1/2010-Present Source Code Review and Analysis
`
`Samples: Antivirus software, firewall software, high-frequency trading algorithms,
`
`
`
`wireless protocol implementations, intrusion prevention software,
`
`
`
`email server software, document signature software
`
`Tools:
`Understand, customized scripts
`
`1/2010-Present
`
`Issues:
`
`Technical Analysis of Intellectual Property
`DMCA and copyright
`
`Technical Instruction
`5/2010-Present
`
`Teaching non-technical professionals about relevant high-tech operations
`
`Teaching technical professionals about technologies relevant to intellectual property
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`4
`
`

`
`5
`
`
`
`Technical Project Management
`9/2011-1/2012
`Secure communication application, automated fuzzing tool
`
`Projects:
`Coding guidelines, manpower allocation, quality assurance
`
`Internal:
`
`Customer: Requirements analysis, budget and scheduling, conflict resolution
`
`
`
`
`
`
`
`
`
`
`
`
`Cryptographic Library Development
`9/2005-9/2011
`
`Algorithms: AES-GMAC, Shamir Key Splitting, Client-custom algorithms
`
`Special:
`GPU-accelerated AES (CUDA), file system integration, FIPS certified
`
`
`
`
`
`
`Expert Witness
`3/2015-8/2015
`Afilias PLC v. Architelos Inc. and Alexa Raad
`
`
`
`Afilias PLC
`
`Client:
`
`
`
`Philip Hampton (of Haynes Boone)
`
`Counsel:
`
`
`
`Misappropriation of Proprietary Information
`
`Issues:
`
`Technology:
`
`
`Domain name registrars, domain name anti-abuse
`
`Status:
`
`
`
`Testified 8/2015, Deposed 6/2015
`
`
`2/2015-Present Sensus USA Inc. v. Certified Measurement Inc.
`
`Client:
`
`
`
`Sensus USA
`
`Counsel:
`
`
`
`Rafael A. Perez-Pineiro, Javier Sobrado (of Feldman Gale)
`
`Issues:
`
`
`
`Claims construction, IPR
`
`Technology:
`
`
`Cryptography, certified measurements
`
`Status:
`
`
`
`Declaration submitted
`
`12/2014-Present Chad Eichenberger v. ESPN
`
`Client:
`
`
`
`Chad Eichenberger
`
`Counsel:
`
`
`
`David Mindell (of Edelson PC)
`
`Issues:
`
`
`
`Declaration in support of amended claim
`
`Technology:
`
`
`Privacy
`
`Status:
`
`
`
`Declaration submitted
`
`Fortinet Inc. vs Sophos Inc., et al
`9/2014-Present
`
`
`
`Fortinet
`
`Client:
`
`
`
`Michael Niu, Jordan Jaffe, Kristen Lovin (of Quinn Emanuel)
`
`Counsel:
`
`
`
`Claims construction, IPR, Infringement, Invalidity, Non-infringement
`
`Issues:
`
`Technology:
`
`
`Network security devices, anti-virus, anti-spam
`
`Status:
`
`
`
`Deposed 10/2014; Tech tutorial for Court 12/2014
`
`3/2014-Present M2M Solutions vs Motorola Solutions, Telit Communications, and Telit Wireless
`
`Client:
`
`
`
`Telit
`
`Counsel:
`
`
`
`David Loewenstein (of Pearl Cohen)
`
`Issues:
`
`
`
`Collaborating expert on both patent infringement and invalidity
`
`Technology:
`
`
`Authentication
`
`Status:
`
`
`
`Deposed 6/2015
`
`5
`
`

`
`6
`
`
`
`1/2013-8/2015
`Rmail limited vs. Amazon, Inc. and Paypal
`
`
`
`RMail
`
`Client:
`
`
`
`Lewis Hudnell (of Colvin Hudnell)
`
`Counsel:
`
`
`
`Patent infringement and validity
`
`Issues:
`
`Technology:
`
`
`Secure email, message authentication
`
`Status:
`
`
`
`Deposed 5/2013
`
`9/2014-4/2015 Microsoft v. Optimum Content Protection
`
`Client:
`
`
`
`Microsoft
`
`Counsel:
`
`
`
`Herman Webley (of Sidley Austin)
`
`Issues:
`
`
`
`IPR declaration
`
`Technology:
`
`
`Network security
`
`Status:
`
`
`
`Declaration submitted
`
`Via Vadis, LLC vs. Skype, Inc.
`5/2012-3/2014
`
`
`
`Via Vadis, LLC
`
`Client:
`
`
`
`Steven Taylor (of Whiteford, Taylor, Preston)
`
`Counsel:
`
`
`
`Patent infringement
`
`Issues:
`
`Technology:
`
`
`Peer-to-peer networking
`
`
`
`
`
`Litigation Support
`
`1/2010-Present
`Technical (Non-testifying) Expert
`Cases:
`
`More than twenty cases involving patents, DMCA, and other IP matters
`
`
`Technologies:
`Firewalls, databases, electronic voting, email, wireless protocols, network communications
`
`
`
`
`Source code reviews and analysis, interviewing technical staff,
`Services:
`
`
`
`
`
`
`prior art searching of academic and industrial sources,
`
`
`
`
`
`creating claims charts, drafting expert reports, developing
`
`
`
`
`
`infringement and (in)validity theories, rebutting opposing experts,
`
`
`
`
`
`assisting counsel in depositions, preparing demonstrables for trial,
`
`
`
`
`
`training counsel on technical matters, patent portfolio review
`
`Special Projects
`Creator and maintainer of a PROLOG-style logic programming module for Python available at
`http://www.multiparadigm-python.org.
`
`Development of PLAYGROUND, a pedagogical model for network security instruction. Public Release 2015.
`
`
`
`6