George Jones' Curriculum Vitae

1 You could find some, but not all of this via Google

  • This is stuff about me, some of which you could find via Google.
  • Google could not give you the sequencing, choice of references, perspective and added personal details, at least until I post this.
  • I've had fun doing a lot of this stuff and have had the chance to work with some awesome people. I hope you have fun reading this.

2 What Drives Me

Contributing to the success of the organization(s) that I work for as a member of a strong technically focused team with emphasis on security, networking, systems operations and/or tools development.

3 George Jones' Work at CERT, February 2011 to present.

Here is a sampling of some of the things I've done at CERT.

Training development and delivery
Developed and delivered a tutorial on "Network Profiling with SiLK" [JW12] for FloCon. Developed targeted exercises and delivered a week-long training on "Introduction to SiLK & Advanced SiLK Training" to multiple SOC staff. See [Ban13]. Developed and delivered a class on "Introduction to Event Analysis". Conducted numerous informal "technical mentoring sessions" with SOC analysts.
Evaluation of Security Analysis Tools and Data
Performed several evaluations per [Shi11] and [Shi12] and helped evolve the evaluation methodology.
Network Security Analysis
Including Anomaly Detection [SJ13], Whitelisting [JS13] and Beacon Detection [AA13].
Data Capture
Organized and executed data collection at several capture the flag events [JC12]
Currently co-PI on a funded research effort into the application of temporal and abductive logic to distributed queries of large scale, diverse security-relevant data sources [SJK13]
Conference Organization
Co-Chair (2013) and general chair (2014) of
Development of various small tools as needed. Mostly in python and bash.

4 "Software I've been involved in that you might have used"

I ported MicroEmacs to the Amiga from the freeware versions provided with the DOS version of Mark Williams C compiler (that's right, on floppies) and posted to comp.sources.{amiga,unix}?. Daniel Lawrence ran with it resulting in MicroGnuEmacs, later renamed mg due to complaints form Richard Stallman. I'm told Linux Torvalds uses one of the variants.
CompuServe Internet Services
In one way or another, I instigated most of the earliest of of CompuServe's Internet offerings [Eng96a]. This was in the days before most people had direct Internet access, not even dial-up: "America Off-Line". But many had CompuServe dial-up connections. I put Karl Kleinpaste and Sam Neely up to implementing what became the CompuServe Internet mail gateway [Eng92], initially over a single Telebit 19.2k modem. I had a minute amount of code in the first release. Karl then went on to implement a USENET gateway [Eng96b]. I then implemented an outbound Telnet gateway and an FTP File Browser that worked through CompuServe's WinCIM interface. After that I implemented a fully functional WinCIM-based web browser along with Greg Leach. The marketing people choose not to release it. They weren't sure, in 2004 or so, if this web thing was going to catch on (!). You can lead a horse to water…
The Router Audit Tool
I wrote a tool for assessing router configurations, originally called NCAT, but Allan Paller didn't like the name so we changed it to the Router Audit Tool [Jon02a]. I ran the project, including the benchmark consensus, for a number of years for the Center for Internet Security who I think still maintain a version [Jon12a]. John Stewart, Neal Ziring and Josh Wright all have substantial bits of code in RAT, and I have to admit I got the original idea from a similar tool that Eric Brandwine wrote at UUNET but never released.
The Security Onion
In the minor-but-you-may-have-touched-it category, the .torrent file for Security Onion is hosted on my domain. I learned to create .torrent files to help out Doug Burks as he was preparing the 12.04 release of Security Onion. The SourceForge download link was getting slammed, even before official release. That's what BiTTorrent was created for, well…

5 "Software I've written that you probably never used"

A VAX/VMS Bulletin Board System in FORTRAN
I wrote a bulletin-board system in FORTRAN for the Advanced Design Methods Lab (ADML) of the Mechanical Engineering department at The Ohio State University while working as a student for the campus computing organization (IRCC). You can do recursion in FORTRAN if you manage variables yourself in the common block.
The CompuServe BASIC and FORTRAN Runtime Libraries
Yes we (well, Steve Wilhite, creator of GIF and WinCIM) wrote our own compilers and runtime libraries. I did some work on nested signal handling. The 36-bit Ada compiler never quite happened. WinCIM and GIF happened instead.
The CompuServe PSAP Library
Think inetd(8) with weird protocols. I originally wrote this on BSD (thank you Richard Stevens for APUE ) then ported to Windows NT 3.51 (!). This was a major piece of glue in one of a series efforts to migrate CompuServe off the DECsystem-10 platform. See [Tru96]. Ask AOL how successful we were :-(

6 Things I've written you might have read

RFC 3871
"Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure", [Jon04]
NANOG Presentation
"Knobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more ?)", [Jon03]
USENIX :login; Article
"The Case for Network Infrastructure Security", [Jon02c]
LISA Paper
"Cloning customized hosts (or customizing cloned hosts)", [JR91] …

7 Things I've contributed to that you might have read

Securing Cisco Routers
"Securing Cisco Routers", a SANS booklet by John Stewart, and Josh Wright that makes heavy use of Router Audit Tool. See [WS03].
RFC 4778
"Operational Security Current Practices in Internet Service Provider Environments" by Merike Kaeo. See [Kae07].

8 Places I've Worked

2011 to Present. Member of the Technical Staff/Senior Network Security Analyst at CERT a.k.a. The Software Engineering Institute at Carnegie-Mellon University. Arlington, VA. .
2003-2011. Lead Information Systems Engineer at The MITRE Corporation. McLean, VA.
1999-2003. Senior Network Security Engineer, Web Hosting at UUNET Technologies/WorldCom. Now Verizon Business. Columbus,Ohio.
1999. IT Architect, Information Security. BankOne, now JPMorgan, Chase. Columbus, Ohio.
1985-1987,1992-1998. Software Engineer/Network Security Engineer CompuServe, now AOL. Columbus, Ohio.
1991-1992. Project Engineer at Formtek then Lockheed-Martin. Carnegie, PA.
1987-1991. Systems Programmer/Systems Administrator. The Ohio State University department of Computer and Information Science. Columbus, Ohio.

9 Recognition

Appointed “Technical Advisor” to the OPSEC working group by the IETF (the Internet standards body). This was done in recognition of my contributions in editing RFC3871. In this role I developed the working group charter, wrote the framework that guided the efforts of the working group and provided feedback to document authors.
SANS/Center for Internet Security
Appointed “Consensus Coordinator” by SANS/The Center for Internet Security. In this roll I coordinated the development of minimum security configuration standards for Cisco IOS Routers and Catalyst switches. I coordinated input from government (NSA, DISA), operators (UUNET/Verizon, Sprint, Qwest, etc.) and vendors (Cisco, Juniper).

10 Professional Activities

11 Education

  • BS, Computer and Information Science, The Ohio State University
  • Graduate work in Computer and Information Science, The Ohio State University

12 Hobbies

I've been using Emacs since the TECO version on TOPS-20 in high-school. Roughly 2 years after Stallman created it.

"But even if TextMate 2 drops from the sky fully-formed and marveled at by all, Emacs will still be there, waiting. It will be there when the icecaps melt and the cities drown, when humanity destroys itself in fire and zombies, when the roaches finally achieve sentience, take over, and begin using computers themselves - at which point its various Ctrl-Meta key-chords will seem not merely satisfyingly ergonomic for the typical arthropod, but also direct evidence for the universe’s Intelligent Design by some six-legged, multi-jointed God." Kieran Healy quoted by Vivek Haldar

For organizing life. See and Org-mode in Your Pocket Is a GNU-Shaped Devil. I have come to the conclusion that I will stop using org-mode when they pry the keyboard from my cold dead fingers.
It took me 20 years to get past the RPG-and-FORTRAN-Column-7-esq syntactical dependence on indentation to group blocks, but I've seen the light. No more PERL. is your friend.
"Cur lingua latina rogas? Cur non, dico."
Hiking and Backpacking
Shenandoah National Park and Philmont Scout Reservation

13 Contact Info

George Jones <gmj AT pobox DOT com>


[SJK13] Dr. Timothy Shimeall, George M. Jones, and Derrick H. Karimi. Quilt: A system for distributed queries of security-relevant data. Poster submitted to IEEE Securtiy and Privacy, 2013, April 2013. [ bib ]
[SJ13] Char Sample and George Jones. Anomaly Detection. In FloCon 2013 Proceedings, Pittsburgh, PA, USA, 2013. CERT., Accessed: 2013-04-06. [ bib ]
[JS13] George Jones and Tim Shimeall. Behavioral Whitelists of High-Volume Web Traffic to Specific Domains. In FloCon 2013 Proceedings, Pittsburgh, PA, USA, 2013. CERT., Accessed: 2013-04-06. [ bib ]
[Ban13] Ron Bandes. Introduction to SiLK & Advanced SiLK Training. In FloCon 2013 Proceedings, Pittsburgh, PA, USA, 2013. CERT., Accessed: 2013-04-06. [ bib ]
[AA13] Brian Allen and Robert Annand. Behavioral Whitelists of Beaconing Activity. In FloCon 2013 Proceedings, Pittsburgh, PA, USA, 2013. CERT., Accessed: 2013-04-06. [ bib ]
[Jon12b] George Jones. SiLK on a Box - Ubuntu 12.04 - Standalone Flow Collection & Analysis, December 2012., Accessed: 2013-04-06. [ bib ]
[Jon12a] George Jones. CIS Cisco Router Audit Tool, 2012., Accessed: 2013-04-04. [ bib ]
[JC12] George Jones and Paul Conrad. “Capture the Flag” Data Capture Experiences. In GFIRST 2012 Proceedings, Pittsburgh, PA, USA, 2012. CERT., Accessed: 2013-04-06. [ bib ]
[JKF12] George Jones, Paul Krystosek, and Sid Faber. From Bandwidth to Beacon Detection, Prism, and Touchpoints. In FloCon 2012 Proceedings, Pittsburgh, PA, USA, 2012. CERT., Accessed: 2013-04-06. [ bib ]
[JW12] George Jones and Austin Whisnant. Network Profiling with SiLK. In FloCon 2012 Proceedings, Pittsburgh, PA, USA, 2012. CERT., Accessed: 2013-04-06. [ bib ]
[Shi12] Dr. Timothy Shimeall. Analytical Tool Evaluation Framework. In GFIRST 2012 Proceedings, Pittsburgh, PA, USA, 2012. CERT., Accessed: 2013-04-06. [ bib ]
[KJ11] Andrew Kompanek and Geoge Jones. Challenges in Network Monitoring above the Enterprise, September 2011., Accessed: 2013-04-06. [ bib ]
[Shi11] Dr. Timothy Shimeall. Analytical Evaluation Framework. In GFIRST 2011 Proceedings, Pittsburgh, PA, USA, 2011. CERT., Accessed: 2013-04-06. [ bib ]
[JR09] George Jones and Dr. Neal J. Rothleder. NETwork Application ID (NETAID), 2009., Accessed: 2013-04-07. [ bib ]
[Kae07] M. Kaeo. Operational Security Current Practices in Internet Service Provider Environments. RFC 4778 (Informational), January 2007. [ bib | .txt ]
[JCB05] George Jones, Ross Callon, and Ron Bonica. Operational Security Requirements for IP Network Infrastructure, 2005. [ bib ]
[Jon04] G. Jones. Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure. RFC 3871 (Informational), September 2004., Accessed: 2013-04-06. [ bib | .txt ]
[Jon03] George Jones. Knobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more ?). In Proceedings of NANOG 29. NANOG, October 2003., Accessed: 2013-04-04. [ bib ]
[WS03] Joshua L Wright and John N Stewart. Securing Cisco routers. SANS Institute, 2003. [ bib ]
[Jon02a] George Jones. Router Audit Tool and Benchmark, February 2002.,,, Accessed: 2013-04-04. [ bib ]
[Jon02c] George M Jones. The Case for Network Infrastructure Security. login: The Magazine of USENIX and SAGE, 27(6), 2002., Accessed: 2013-04-06. [ bib ]
[Jon02b] George M Jones. Conference Reports: 11th USENIX Security Symposium. login: The Magazine of USENIX and SAGE, 27(6), 2002., Accessed: 2013-04-07. [ bib ]
[Jon98] George M Jones. NTnix 98 . . . You Are There. login: The Magazine of USENIX and SAGE, 1998., Accessed: 2013-04-07. [ bib ]
[Eng96a] Adam C Engst. Internet starter kit: For Macintosh. TidBITS, 1996., Accessed: 2013-04-06. [ bib ]
[Eng96b] Adam C Engst. Internet starter kit: For Macintosh. TidBITS, 1996., Accessed: 2013-04-06. [ bib ]
[Tru96] David Truncale. CompuServe Brings NT Online. Windows IT Pro, 1996., Accessed: 2013-04-06. [ bib ]
[Eng92] Adam C Engst. Gateways II/CompuServe. TidBITS, 1992., Accessed: 2013-04-07. [ bib ]
[JR91] George M Jones and Steven M Romig. Cloning customized hosts (or customizing cloned hosts). In Proceedings of the Fifth Large Installation Systems Administration Conference (LISA V)(USENIX Association: Berkeley, CA), page 233, 1991., Accessed: 2013-04-06. [ bib ]

This file was generated by bibtex2html 1.96.

Date: 2013-04-04 Thu

Author: George M. Jones

Org version 7.9.4 with Emacs version 24

Validate XHTML 1.0