Kimmo Suominen

New York, NY, USA


Innovative technology leader with a wide-ranging skill set. Designed, built, and supported best-of-breed systems infrastructure for applications in derivatives trading, large-scale Internet access, and web/mobile content management. Extensive software development experience with hands-on contributions to noted open source projects (NetBSD, BIND, Sendmail, Emacs). Deep knowledge of modern network, operating system, and database technologies from both an engineering and operations perspective. Capable team leader and able communicator.

Professional Experience

Vice President,
Head of Cloud Security

2016 to present

Vice President

2014 to 2016

Vice President,
Head of Core Systems

2010 to 2012

Vice President

2009 to 2010

Two Sigma Investments, LP

New York, NY, USA

Two Sigma Investments is a finance and technology firm that actively manages money across the world markets using process-driven investment trading strategies.

I am currently responsible for security on public cloud platforms.

After first moving to Security I worked on various research and engineering projects, mostly in the area of incident response tooling.

  • Evaluated intrusion detection solutions, and analyzed the data and traffic leading to detections.
  • Researched electronic discovery methods for local, networked, and high-performance file systems. Engineered electronic discovery solutions based on the research.

As Head of Core Systems I managed a team of a dozen UNIX and network administrators. My areas of responsibility were the core trading systems, the simulation farm, the corporate network, and Internet connectivity.

  • Achieved better focus in operational and engineering tasks through clearly defining goals, duties and schedules, using supportive technologies such as dynamic call routing, scripting of maintenance tasks, code reviews, and maintaining a configuration history.
  • Increased the stability of the group through advocating consistent goals and values.
  • Migrated the simulation and trading platforms to Ubuntu 9.10 from an 8-year-old SuSE release. Provided an environment that supports frequent upgrades in a phased rollout.
  • Migrated from a statically routed spanned layer 2 network design to a fully routed design with dynamic routing, and separation and prioritization of different classes of traffic.
  • Created a standard data center design to unify the environment over time. Selected and implemented a new remote site in Pittsburgh to benefit from lower costs in the area by relocating less critical systems.
  • Created a standard office network design and implemented it in 2 new office locations. Converged telephone and data networks for physical backhaul over shared fiber on separate wavelengths, preserving traffic separation for security.
  • Designed and implemented symmetrical use of ISPs through BGP-based routing, improving service quality and failover characteristics.

Initially I worked remotely on an independent project.

  • Went through the code base of the company to make it compile and pass unit tests using modern versions of tools (compilers, interpreters, libraries).

Professional Experience (continued)

CTO, Director ICT

2006 to 2009

Product Manager,
Social Media Technologies


Oy Red Tail Media Ltd

Helsinki, Finland

Red Tail Media develops social media strategies and licensable service formats for brand marketers and media. It also provides implementation and hosting of the formats. Their customers included Finnish market leaders such as Kauppalehti (financial newspaper), MTV3 (broadcast television), SMT (travel agency, owned by Finnair) and Kiinteistömaailma (real estate agency). I was with the company from its very first customer and I was one of its owners.

  • Developed a syndication engine for near real time activity information across all products and on external systems using standard interfaces such as RSS and XML-RPC.
  • Implemented a powerful blogging service platform, used by most customers.
  • Enabled mobile blogging by designing an MMS to XML-RPC gateway.
  • Enhanced service scalability and management using a database driven DNS architecture.
  • Designed a comprehensive search service for cross-product deployment. Implemented an XML-RPC interface for the service.
  • Expanded server capacity to facilitate better separation of development and production environments and to establish a controlled environment for software upgrade testing.
  • Designed a new server environment to better address service isolation, resource allocation, software maintenance, and security, replacing an earlier out-sourced solution.
  • Planned service routines and customer coordination for efficient server maintenance.

Vice President,
Head of Network Infrastructure

2001 to 2005

Commerzbank Capital Markets Corporation (CCMC)

New York, NY, USA

CCMC is a wholly owned registered broker-dealer of Commerzbank AG, trading, selling and structuring bonds and equities.

  • Automated network connectivity fail-over using a combination of dynamic routing and layer 2 redundancy techniques, completely replacing manual fail-over procedures.
  • Established centralized logging, log monitoring and reporting, and availability, bandwidth and service level monitoring for all network infrastructure.
  • Engineered and implemented a centrally managed authentication service using replicated RSA SecurID and RADIUS servers.
  • Migrated to a unified 3-layer Internet firewall that supports transparent use of multiple incoming and outgoing access paths for added capacity and fail-over.
  • Redesigned market data connectivity to address several problems:
    • Improved router CPU utilization over 70% by reconfiguring IOS features.
    • Engineered and implemented a packet-filtering firewall for added security.
    • Designed, engineered and implemented transparent multi-site fail-over.
  • Enhanced Disaster Recovery environment to provide constant service to support use as a Business Continuity Center that can also augment normal production capacity.
  • Established and enhanced a wiki platform encouraging regular documentation updates. Technical groups at other Commerzbank offices also adopted the system.
  • Provided technical review for overall architecture and especially for network connectivity and security issues for both internal and vendor-proposed applications.
  • Managed and handled day-to-day operational activities for network and data center infrastructure (problem resolution, capacity management, planning, vendor relations).

Professional Experience (continued)

Network Strategist

2000 to 2001, Inc.

New York, NY, USA

Blink created a smarter Internet through its interactive community where members could access and share their bookmarks from any wired or wireless Internet-enabled device.

  • Migrated to a global VPN structure that provides secure and resilient connectivity.
  • Implemented a transparent fail-over scheme for Internet connectivity, first at application level and later also at transport level using dynamic routing.
  • Established network traffic and route monitoring.
  • Reconfigured e-mail delivery to utilize multiple redundant systems for high availability.
  • Implemented a fully automated custom installation of Red Hat Linux.
  • Migrated the office workstations to a uniform Windows 2000 environment.
  • Developed documented routines for maintaining the computing environments.
  • Developed enhancements for proprietary web portal software.

Network Operations Manager
Manager, Systems
Systems Programmer

1993 to 2000

Juno Online Services, Inc.
D. E. Shaw & Co., L.P.

New York, NY, USA

Juno was a leading provider of Internet online services in the United States. It was the largest technology venture investment to date by the D. E. Shaw group.

  • Designed and implemented a multiple autonomous system network that provides a high level of redundancy, extended control of traffic flows and complete support for VLSM.
  • Developed a configuration library for Cisco IOS to unify router configurations.
  • Managed the Systems department supporting the office and development environments.
  • Evaluated and selected Internet and network service providers and co-location facilities.
  • Designed the beta test system and expanded it into a scalable production environment.
  • Configured LANs, leased lines, CSU/DSU hardware and channel banks.
  • Provided primary support for standards conformance of proprietary e-mail software.
  • Drafted and implemented security measures and policies.
  • Developed telecommuting solutions for secure access via ISPs, analog and ISDN dialup.
  • Evaluated VoIP solutions for replacing a traditional PBX/Voicemail system.
  • Provided second-level support and participated in UNIX system maintenance.

D. E. Shaw & Co. is a global securities and investment firm whose activities center on various aspects of the intersection between technology and finance.

  • Maintained and expanded local and wide area networks.
  • Designed global dynamic routing policy with automatic connectivity fail-over.
  • Designed and installed several remote stand-alone and office systems.
  • Developed and supported telecommuting solutions over analog lines and ISDN.
  • Evaluated and enhanced open source software to provide desired functionality.
  • Wrote tools for UNIX system maintenance and support tasks.
  • Provided primary support for electronic mail and Usenet News.
  • Provided system support for trading application environments.

Professional Experience (continued)

Systems Analyst

Summer 1992
Summer 1991

DS-Konsultit Oy

Lappeenranta, Finland

  • Designed and deployed a local area network.
  • Deployed and managed UNIX and XENIX systems for the new LAN environment.
  • Designed and implemented additional security features for the production environment.
  • Provided support for LAN and dialup networking, and UNIX and XENIX systems.
  • Developed enhancements for custom accounting and cashier database applications.

Senior Systems Analyst

Summer 1990
1988 to 1990

Teaching Assistant

Semester 1991–1992
Semester 1990–1991
Spring 1990

Lappeenranta University of Technology,
Computing Centre

Lappeenranta, Finland

  • Designed and coordinated the integration of multiple UNIX platforms to a common environment through extensive use of services on the local area network.
  • Planned the use of applications in a networked multi-vendor environment.
  • Installed and managed HP-UX systems (HP9000 Series 800, 700 and 300).
  • Ported open source software to multiple UNIX platforms.
  • Supported users on UNIX, VMS, ConvexOS, Apollo DomainOS and MPE.
  • Taught exercise classes and graded home assignments and assignment projects for Data Structures and Algorithms, Information Systems and Systems Design, and Languages, Compilers and Interpreters.


Summer 1988
Summer 1987


Spring 1988

Finnish Air Force Headquarters,
General Staff Office

Tikkakoski, Finland

  • Upgraded, managed and supported Vax/VMS.
  • Reduced daily data transfers from 6 to under 1 hour through careful procedure analysis.
  • Automated manual daily procedures with friendly menu-driven scripts on PDP/RSX.
  • Ported the simulation model of the Hawk fighter jet engine written in FORTRAN to an IBM 4381 running VM/SP.
  • Developed an automated online bank payment module for the reserve rehearsal salary payment system using dBase II. Later ported the application to Oracle V5 tools.
  • Developed applications for grading and selecting students for the Fighter Pilot School.


B.S. equivalent, Information Technology
Lappeenranta University of Technology, Lappeenranta, Finland

Studies include a one year scholarship in the Master of Science program of the Department of Computer and Information Sciences at the University of Delaware, Newark, DE, USA.

Related Interests

NetBSD Developer

I was sponsored and accepted as a member of the NetBSD Foundation and gained full commit privileges to the NetBSD code repository in 1998. I had selected NetBSD as my primary operating system in 1994. Access to source code allowed me to properly and permanently fix problems in the operating system. NetBSD also has extensive multiplatform support, and over time my network has included i386, shark, sparc and vax machines. Earlier UNIX-like operating systems I have run include Dell SVR4 and ISC.

Open Source Software

When I started working on UNIX systems I very soon was introduced to the concept of Open Source (or Public Domain). I am a strong supporter of the concept, and have contributed to numerous efforts over the Internet. I have actively participated in developing several commonly used pieces of software (e.g. BIND 1993-1998, Sendmail 1990-1998, Emacs 1989-1995). Since 1998 my primary channel for supporting Open Source initiatives has been through the NetBSD Packages Collection (pkgsrc), which is a framework for building third-party software on NetBSD and other UNIX-like systems.

Key Words




Cisco (series 7500, 7200, 6500, 5500, 4700, 3600, 3550, 2900, 2600, 2500, 1900, 1000, 800), IOS 10-12. Extreme Networks. Bay Networks. Wellfleet. Intel Shiva. Netopia. Xylogics Annex. Ascend. Netgear. 3Com. Allied Telesyn. Xylan. Chipcom. MorningStar. Adtran. Larscom.
IPv4. IPv6. AppleTalk. IPX. X.25.
HDLC. PPP. Frame Relay. ATM. CDMA.
Ethernet (1000BaseSX, 1000BaseTX, 100BaseTX, 10BaseT). DS-3. T-1. DS-0. Wireless LAN (IEEE 802.11a/b/g, Symphony). DSL. ISDN. Dialup.
IP-Filter. Cisco IOS/FW/IDS (CBAC). Cisco PIX. Check Point FW-1. IP Chains.


Linux (Debian, Fedora, Ubuntu, Red Hat). Qubes. NetBSD. FreeBSD. Solaris. SunOS 4. HP-UX (3.10-10.20). Digital Unix. IRIX. SCO. Dell SVR4. Apollo DomainOS. ConvexOS.
BIND. Unbound. NSD. MyDNS. Netfilter. IP-Filter. Postfix. Sendmail. Cyrus. Procmail. Anomy Sanitizer. Nginx. Apache. MySQL. Sphinx. Icecast. Leafnode. C-News/NNTP. Zebra. Quagga. GateD. IRRd. UUCP. AMD. AutoFS. Automount. Samba. MMDF. CVS. RCS. Subversion. svk. KickStart. X11. Rsync. Amanda.

Other Systems

Mac OS X.
Windows 8/7/Vista/XP/2000/NT/98/95/3/2.


Shell Programming (e.g. sh, awk, sed, make, m4).


Network Design.
Dynamic Routing.
Global Routing Policies.
Network Security.
Business Continuity.
Disaster Recovery.
Design of UNIX Environments.
UNIX Integration.
UNIX System Tools.
Open Source Software Development.