Chris Shenton

Arlington, VA 22207


Over 30 years of professional experience in software development and system integration, including many years supporting NASA research and production systems on a variety of projects. Strong background in computer networks, network security, systems administration, and software development. Expertise also includes work with robotic systems, artificial intelligence, mail systems, and computer graphics.

Computer Hardware:
x86, Mac, Sun, SGI, Alliant, HP, Apollo, DEC, IBM, PR1ME.
Operating Systems:
Linux, FreeBSD, OS X, Solaris, NetBSD, IRIX, SunOS, MacOS, DEC UNIX, Ultrix, Domain/OS, Concentrix, DOS/Windows, PR1MOS, VMS.
Amazon Web Services (EC2, S3, RDBMS, Security Groups, ELB, CloudFront, ElasticTranscoder, CloudSearch), Google Application Engine, Docker, Ansible.
Python, JavaScript, C, Java, PHP, Perl, Prolog, LISP, FORTRAN, Pascal, BASIC, PL/I, Oracle Pro*C and PLSQL, csh, sh, awk, Assembler.
Software Packages:
Pyramid/Pylons, Django, Flask; Plone CMS, Drupal; Jenkins, Hudson; Git, SVN, CVS, Perforce, RCS, SCCS, Git; VirtualBox, VMware; Jira, Trac; CircleCI, BuildBot; MongoDB, PostgreSQL, MySQL, ZODB, Oracle; WWW (Apache, nginx, SunONE, Netscape, Stronghold); Tomcat, Ant; CruiseControl; Ethereal, tcpdump, traceroute, MRTG; DNS (BIND, djbdns); postfix, qmail, sendmail; OpenLDAP; SecurID/ACE; SAMBA; WebMacro, Velocity; TIS/Network Associates Gauntlet firewall, TIS fwtk, Checkpoint Firewall-1, SATAN, Ballista, COPS; PGP, S/Key, OPIE; WAIS, Glimpse; MBONE (mrouted, sdr, nv, vic, vat, wb, Icast); USENET (INN); Gopher; gated; ipfilter; TeX; Amanda; CAP.
ISP Systems and Networking Equipment:
Cisco, LinkSys, and other 802.11b/g wireless gear; Ascend Max, Livingston Portmaster; RADIUS (FreeRADIUS, CISTRON, Ascend); Cisco; RND and BIG/ip load balancers.


Principal, Koansys LLC, Arlington, VA
September 2001 to present

Contributed to Team InfoZen's winning proposal for the NASA WESTPrime contract to build a cloud infrastructure and migrate applications into the cloud.
Worked with WESTPrime team to build on Amazon Web Services (AWS) goverment, private and public cloud infrastructure areas, virtual private clouds, and security groups to contain applications with varying access requirements.
Worked with WESTPrime team to migrate about 100 applications implemented in a variety of languages and frameworks with a disparate collection of databases into the WESTPrime AWS cloud.
Currently developing a public-facing Agency level image, video, and audio library which will leverage the elasticity and scalability afforded by AWS to dynamically respond to user load and continuous growth of assets, starting at 10TB and growing to multiple petabytes.
EPA Office of Pesticide Programs
Under Ace Info Solutions, developing a Trac and SVN code repository and software tracking system, with custom built Kanban whiteboard for visualizing tickets and bottlenecks.
Private Startup Company
Building high-volume, social media application for industry-specific domain, based on Repoze.BFG and MongoDB.
FBI Headquarters
Under contract to DHA, worked on new public FBI site in Plone with add-ons, providing code, CSS, as well as Trac, SVN, and Hudson continuous integration.
NASA Headquarters
Under DMI HITSS2 contract (October 2012 to present): Contributed to successful winning technical proposal for HITSS2; developed cloud architecture for targetting the AWS cloud; wrote iSat, an interactive realtime 3D satellite tracker written entirely in JavaSCript; developing iEarth, an interactive 3D visualization of near-realtime Earth science data; designing new Drupal-based architecture for re-implementing as an AWS cloud-native auto-scaling application, and presented architectural work-in-progress to DC and Virginia Drupal MeetUp groups.
Under Indyne HITSS contract (to October 2012) : Lead release, build and deployment engineer for site NASA Science which is built on the Plone CMS, surviving huge loads upon public release. Later worked on reimplementation "bake-off" between Django and Repoze.BFG, and subsequent support and deployment of Django-based system into a VMware infrastructure. Wrote custom Trac authentication modules which provided researchers with RSA Token authentication to Trac Wiki systems. Worked on front end for an internal semantic web application to calculate business impact of system and network outage, based on Pylons.
Under SAIC contract (September 2003 to ...): Supporting HQ manager of IT Engineering at the UMD MIND Lab, developing Semantic Web tools in Python with the Twisted networking framework, and established authentication service using OS X OpenDirectory. Developed software that harvesting data from LDAP, Competency Management and other systems and synthesized them into an RDF semantic database. Developing semantic web software for two new HQ and Agency projects connecting people, systems, applications, and equipment. Architected, designed, and deployed a fault-tolerant email system for all NASA HQ's users with 1GB storage for each user; based on: qmail-ldap, OpenLDAP, courier-imap, Apache, PHP, Network Appliance Filer, and F5 load balancers. Developed a shared email system for the Columbia Action Team and the Return To Flight groups. Co-wrote an "SSL VPN" in Java since no commercial products were available at the time: offered web proxy to intranet and access to internal SMB file shares, with SecurID two-factor authentication. Performed a site security audit of the Satellite Applications Centre outside Johannesburg, South Africa; helped them repair satellite communications equipment whose firmware had become corrupted; wrote a detailed report explaining physical and network security threats, as well as how communication and processes could be improved within the Agency. Developed agile software development environment for our coders including continuous integration tool CruiseControl, Ant build system, SVN code repository, and integrated Trac issue tracker and wiki; migrated existing code from CVS to SVN and taught developers how to use it all. Deployed a pair of audio/video streaming servers using Real Network's Helix server running under FreeBSD. Created testbed for switch port authentication to prevent random users connecting to the wired network, using Cisco switch running 802.1x protocols, Cisco ACS server, Microsoft ActiveDirectory and RSA ACE token authentication.
Pace Global Energy Services
Security audit of Internet-connected customer-premises energy monitoring hardware, made presentation to Pace staff outlining various attack methods, risks, and mitigations.
Information Network Systems
Analysis and comparison between firewalls including one commercial product and an open source Linux-based solution. Short report and recommendation including pro and con for each choice.
ATLAS Seychelles
Continued to support the first ISP in the Seychelles, migrating to new IP address space from their upstream provider, working with outsourced top level domain reseller for .sc, resolving problems with the iPass global dialup system, security issues, and general guidance.

Outbounder, Inc (formerly UUcom), Alexandria and Reston, VA
June 1998 to September 2001

Design and development for Ranger priority messaging product
Worked with senior engineers to develop system requirements and overall architecture and design for robust, highly scalable, massively high-throughput system targeting email, web, instant-messaging, pagers, fax and voice channels. Wrote multithreaded C subsystem to perform network and remote server throughput probing and analysis with storage to Oracle database (Pro*C, PLSQL stored procedures) for use by related delivery subsystems. Wrote Java servlets and code for tracking/reporting. Evaluated and specified Nokia's implementation of the CheckPoint Firewall-1 and BIG/ip load balancers for high-availability security and scalability. developer
UUcom supported venture capitalists who acquired rights to the nascent system for sending huge mail messages bypassing typical mail server size limits, originally based on NT but the design prevented creators from growing. Analyzed weaknesses, and rewrote from scratch on Solaris with Apache, PHP and MySQL in about a month. Currently running on redundant server architecture with user population of over 46,000 accounts.
Security consulting to NASA HQ and Defense Technical Information Center
Worked with NASA team to performed security audit of NASA Johnson Space Center including penetration testing and system acquisition. Presented analyses of vulnerabilities at JSC, where team was presented award for our work. For DTIC, performed analysis and presented report of vulnerabilities and architectural alternatives for a proposed network-based application for use between DTIC and external partners.
Consulting to TotalTel (now Covista): routers and dialin servers
Analyzed security and access requirements for network access, maintained router access lists. Debugged and re-deployed RADIUS (Cistron) dial-in authentication to accommodate complex nailed-up and dialin access. Installed and configured DS3 interface cards on Cisco routers. Developed IP address allocation strategy and initial deployment of DSL customer circuits.
Consulting to Cybercash
Supported mission-critical systems and network components including Gauntlet and TIS FWTK firewalls, extensive installation and configuration of RND and BIG/ip load balancers. Helped develop second-generation data-center server architecture including routers, balancers, firewalls, and servers where paramount goals were security and availability.

Independent Consultant, Washington, DC
December 1995 to Present

Established first ISP in country of Seychelles
In 1995, designed and deployed network using Cisco router, Penril industrial modems, Livingston Portmaster communications server. Installed and configured FreeBSD servers with RADIUS for authentication and accounting, and web, FTP, mail (SMTP, POP) services. Secured machines with ssh. Wrote software to perform analysis of accounting logs for billing. Work had to be completed in one week and system had to be robust, due to remote location of the customer. In 1997, returned to Seychelles and performed a total system upgrade (systems, operating system, server software, and IP address migration) to handle increased load. Continuing to provide long-distance technical support for systems, security, and other issues.
Contributor to SAIC proposal to US News and World Reports (November 1999)
Developed architecture for scalable, highly-available public web server for US News and World Reports proposal. Design included multiple firewalls and load-balancers to provide resilience and also separation of public data from private back-end databases. Was able to satisfy SAIC's urgent request for under-48-hour turn-around. / non-profit ISP, Fairfax, VA
1997 to present

Volunteer technical support for local public-access channel affiliated ISP.
Provided support for DNS and RADIUS dialin authentication, customer subnet delegations, security on Solaris and FreeBSD servers. Wrote custom code which interfaced Cistron RADIUS to Bay Networks dial-in system to gather statistics on logged-in users and detect multiple simultaneous dial-ins by unscrupulous users.

RMS Technologies, Inc., Lanham, MD
November 1994 to June 1998

Internet Engineering for NASA Headquarters
Developed secure web application including client-side certificate-based authentication. Collaborated on design of HQ firewall and migration architecture including redundancy, robustness, routing, network and namespace hiding, etc. Designing PGP key server for NASA Chief Information Officer for secure inter-Center email. Deploying strong-authentication dial-in access by integrating RADIUS with SecurID hardware tokens and ACE software. Authored whitepaper analyzing security issues surrounding Microsoft NetMeeting and augmented architectures to mitigate risk. Prototyped multicast product roll-out of Icast audio/video/text transmission products for use by the Administrator, Public Affairs, training, etc; software runs on PCs and Macs and is inter-operable with existing UNIX-based MBONE tools. HQ system security improvements including lock-down of operational machines, encrypted channel access for administrators, and responding to security incidents. Developed HQ "intranet" infrastructure security requirements; presented as a white paper to other NASA Centers.
Headquarters Dial-in Service
Replaced HQ's aging dial-in service with Ascend Max 4004s and RADIUS authentication/accounting; enhanced RADIUS code to use encrypted password database. Wrote web-based administrator front end so non-technical support staff can maintain users, and users can change passwords securely over the web with SSL (server certificate from VeriSign).
High-Profile Network Events and Demonstrations
Designed, built, and ran a network of UNIX, Mac, and PCs for a "Virtual Conference", connecting over 100 teachers and scientists at HQ to remote network participants by email, live transcription, web, and a variety of live audio and video feeds over the Internet. Designed and implemented an Internet video conference for Vice President Al Gore for an event at a hotel in DC; lead-time was under 48 hours and a phone line was the only network access.
Education and Outreach
Gave presentation to Moscow-area Internet community on Internet applications ranging from email to MBONE conferencing. Met with with representatives from Moscow science community (Institute for Kosmological Investigations, Moscow State University, Institute for Biomedical Problems) on how to take advantage of the growing Internet infrastructure. Met in Kiev with representatives from the United Nations, the International Science Foundation, and local RELCOM affiliate on how best to link the nascent Kiev internet into the NASA Science Internet.
NASA Email Initiative
Co-author for white paper to NASA Chief Information Officer which re-architected the existing, disparate, incompatible systems across the agency into a distributed client/server model; technical, administrative management, and migration issues are addressed as well as the technological challenges.

Sterling Federal Systems, Inc., Palo Alto, CA
October 1993 to November 1994

White House World Wide Web
Brought up the original White House Web server and responsible for significant portions of its design and content. Coordinated connecting the Office of Science and Technology Policy to the Internet from their LAN and remotely via SLIP. System administrator for a Sun Solaris system hosting the WWW development and DNS for Interacted extensively with OSTP and their contacts at NASA, MIT, UNC, ARPA, and other agencies.
Internet applications for NASA Headquarters
Developed and populated first NASA HQ Web server. Developed Internet-based prototypes for publishing NASA policy directives online will full-text searching, and an image database with free-text searching. Systems administrator for SGIs and Suns; technical point of contact for MBONE conferences over the Internet.

Hughes/STX, Lanham, MD
May 1985 to October 1993

NASA/GSFC Network Support Group
Supported NASA Goddard Space Flight Center's Network Support Group for Large Systems. Developed and populated the main Gopher server and co-administered USENET news for the campus. Co-sysadm for the group's Sun network and provided network support to the GSFC community.
STX//FileManager for CalTech
Developed software and performed integration for product comprising UniTree virtual filesystem on Alliant mini-supercomputer with RAID and HIPPI channels to CalTech's Delta MPP supercomputer. Worked on-site at Alliant and CalTech for development and integration. Wrote libraries and code to run FTP and NFS over 80MB/sec HIPPI to Delta.
NASA/GSFC Robotics and Artificial Intelligence
Lead GSFC task in autonomous robotic systems including $600K robot and computer systems purchase. Researched automatic task planning and execution. Developed control/sensor software for GSFC "intelligent end effector", Prolog software to execute plans and respond to dynamic input and recover from errors, FORTRAN and MACRO-11 data acquisition and hardware interface code. Systems administrator for the robotics laboratory: HP/Apollo, SGI, Sun, DEC UNIX and VAX.
Proposals and Other Projects
Contributed to several STX proposals and projects in areas such as AI and geometric reasoning for robotics, migration from IBM/MVS to Cray UNIX with UniTree mass storage, ruggedized portable systems for DoD applications.

Consultant to ENW International, Ltd., Alexandria, Virginia
January 1985 to September 1987

Enhanced and maintained a nuclear damage assessment software model written in Pascal, and developed other utilities to enhance its functionality.

Ketron, Incorporated, Arlington, Virginia
Summers 1979, 1981, and 1982

Enhanced and modified an anti-submarine warfare commander real-time simulation. Developed and implemented the scenario designer and database for the simulation. Evaluated movement algorithms for ground forces in a theater-level war-game simulation used at the Army War College.

Operational Systems, Incorporated, Arlington, Virginia
Summer 1978

Software Tools
Developed software on early 8080-based microcomputers targeted at legal firms and other small businesses including client and inventory database and word processing package.

Fairfax County Public Schools, Falls Church, Virginia
September 1977 to June 1978

Software Tools
Volunteer programming for the director of FCPS Computer Science instruction facilities: developed a facile text editor and microcomputer emulator subsequently used by students in their course work.


Awards, Certifications, Publications