Kimmo Suominen

Espoo, Finland

Summary

Innovative security and technology leader with a wide-ranging skill set. Designed and built best-of-breed security and systems infrastructure for applications in derivatives trading, large-scale Internet access, and web/mobile content management.

Extensive experience in implementing security controls on AWS, GCP, and G Suite. Deep knowledge of modern network technologies and operating systems from both an engineering and operations perspective.

Extensive software development experience with hands-on contributions to noted open source projects (NetBSD, tcsh, BIND, Sendmail, Emacs).

Capable team leader and able communicator.

Professional Experience

Managing Partner,
Founder

7/1998 to present

Global Wire Oy

Espoo, Finland

Global Wire specializes in customer-focused security and IT infrastructure solutions — be it planning, advising, or implementing. Its customers have ranged from hedge funds to marketing and manufacturing.

Vice President,
Head of Cloud Security

2/2015 to 3/2018

Vice President

10/2014 to 2/2015

Consultant

4/2014 to 9/2014

Vice President,
Head of Core Systems

3/2010 to 2/2012

Vice President

9/2009 to 3/2010

Consultant

4/2009 to 9/2009

Two Sigma Investments, LP

New York, NY, USA

Two Sigma Investments is a finance and technology firm that actively manages money across the world markets using process-driven investment trading strategies.

As Head of Cloud Security I built a team of security engineers that was responsible for maintaining a solid and uniform security posture across different cloud infrastructure and service platforms.

  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • G Suite

After first moving to Security I worked on various research and engineering projects, mostly in the area of incident response tooling.

  • Evaluated intrusion detection solutions, and analyzed the data and traffic leading to detections.
  • Researched electronic discovery methods for local, networked, and high-performance file systems. Engineered electronic discovery solutions based on the research.

Professional Experience (continued)

Two Sigma Investments, LP (continued)

New York, NY, USA

As Head of Core Systems I managed a team of a dozen UNIX and network administrators. My areas of responsibility were the core trading systems, the simulation farm, the corporate network, and Internet connectivity.

  • Improved focus in operational and engineering tasks by clearly defining goals, duties, and schedules; using supportive technologies such as dynamic call routing, scripting repetitive tasks, code reviews, and maintaining a configuration history.
  • Increased the stability of the group through advocating consistent goals and values.
  • Migrated simulation and trading platforms to Ubuntu 9.10 from an 8-year-old SuSE release. Built an environment for frequent upgrades in phased rollouts.
  • Migrated a statically routed spanned layer 2 network design to a fully routed design with dynamic routing, and separation and prioritization of different classes of traffic.
  • Created a standard data center design to unify the environment over time. Selected and implemented a new remote site in Pittsburgh to benefit from lower costs in the area by relocating less critical systems.
  • Created a standard office network design and implemented it in 2 new office locations. Converged telephone and data networks for physical backhaul over shared fiber on separate wavelengths, preserving traffic separation for security.
  • Designed and implemented symmetrical use of ISPs through BGP-based routing, improving service quality and failover characteristics.

Initially I worked remotely as a consultant.

  • Went through the code base of the company to make it compile and pass unit tests using modern versions of tools (compilers, interpreters, libraries).

CTO, Director ICT

9/2006 to 3/2009

Product Manager,
Social Media Technologies

3/2006 to 8/2006

Oy Red Tail Media Ltd

Helsinki, Finland

Red Tail Media develops social media strategies and licensable service formats for brand marketers and media. It also provides implementation and hosting of the formats. Their customers included Finnish market leaders such as Kauppalehti (financial newspaper), MTV3 (broadcast television), SMT (travel agency, owned by Finnair) and Kiinteistömaailma (real estate agency). I was with the company from its very first customer and I was one of its owners.

  • Developed a syndication engine for near real time activity feeds across all products and on external systems using standard interfaces such as RSS and XML-RPC.
  • Implemented a powerful blogging service platform, used by most customers.
  • Enabled mobile blogging by designing an MMS to XML-RPC gateway.
  • Enhanced service scalability by deploying a database driven DNS architecture.
  • Designed a comprehensive search service for cross-product deployment. Implemented an XML-RPC interface for the service.
  • Expanded server capacity to better separate development and production environments and to establish a control environment for testing upgrades.
  • Designed a new server environment to better address service isolation, resource allocation, maintenance, and security, replacing an earlier out-sourced solution.
  • Planned service routines and customer coordination for efficient server maintenance.

Professional Experience (continued)

Vice President,
Head of Network Infrastructure

12/2001 to 6/2005

Commerzbank Capital Markets Corporation (CCMC)

New York, NY, USA

CCMC was a registered broker-dealer of Commerzbank AG, trading, selling and structuring bonds and equities.

  • Automated network connectivity fail-over using a combination of dynamic routing and layer 2 redundancy techniques, completely replacing manual fail-over procedures.
  • Established centralized logging, log monitoring and reporting, and availability, bandwidth and service level monitoring for all network infrastructure.
  • Engineered and implemented a centrally managed authentication service using replicated RSA SecurID and RADIUS servers.
  • Migrated to a unified 3-layer Internet firewall that supports transparent use of multiple incoming and outgoing access paths for added capacity and fail-over.
  • Redesigned market data connectivity to address several problems:
    • Improved router CPU utilization over 70% by reconfiguring IOS features.
    • Engineered and implemented a packet-filtering firewall for added security.
    • Designed, engineered and implemented transparent multi-site fail-over.
  • Enhanced Disaster Recovery environment to provide constant service to support use as a Business Continuity Center that can also augment normal production capacity.
  • Established and enhanced a wiki platform encouraging regular documentation updates. Technical groups at other Commerzbank offices also adopted the system.
  • Provided technical review for overall architecture and especially for network connectivity and security issues for both internal and vendor-proposed applications.
  • Managed and handled day-to-day operational activities for network and data center infrastructure (problem resolution, capacity management, planning, vendor relations).

Network Strategist

9/2000 to 12/2001

Blink.com, Inc.

New York, NY, USA

Blink created a smarter Internet through its interactive community where members could access and share their bookmarks from any wired or wireless Internet-enabled device.

  • Migrated to a global VPN structure that provides secure and resilient connectivity.
  • Implemented a transparent fail-over scheme for Internet connectivity, first at application level and later also at transport level using dynamic routing.
  • Established network traffic and route monitoring.
  • Reconfigured e-mail delivery to utilize multiple redundant systems for high availability.
  • Implemented a fully automated custom installation of Red Hat Linux.
  • Migrated the office workstations to a uniform Windows 2000 environment.
  • Developed documented routines for maintaining the computing environments.
  • Developed enhancements for proprietary web portal software.

Professional Experience (continued)

Network Operations Manager
Manager, Systems
Systems Programmer

6/1993 to 3/2000

Juno Online Services, Inc.
D. E. Shaw & Co., L.P.

New York, NY, USA
 

Juno was a leading provider of Internet online services in the United States. It was the largest technology venture investment to date by the D. E. Shaw group.

  • Designed and implemented a multiple autonomous system network that provides a high level of redundancy, extended control of traffic flows and complete support for VLSM.
  • Developed a configuration library for Cisco IOS to unify router configurations.
  • Managed the Systems department supporting the office and development environments.
  • Evaluated and selected Internet and network service providers and co-location facilities.
  • Designed the beta test system and expanded it into a scalable production environment.
  • Configured LANs, leased lines, CSU/DSU hardware and channel banks.
  • Provided primary support for standards conformance of proprietary e-mail software.
  • Drafted and implemented security measures and policies.
  • Developed telecommuting solutions for secure access via ISPs, analog and ISDN dialup.
  • Evaluated VoIP solutions for replacing a traditional PBX/Voicemail system.
  • Provided second-level support and participated in UNIX system maintenance.

D. E. Shaw & Co. is a global securities and investment firm whose activities center on various aspects of the intersection between technology and finance.

  • Maintained and expanded local and wide area networks.
  • Designed global dynamic routing policy with automatic connectivity fail-over.
  • Designed and installed several remote stand-alone and office systems.
  • Developed and supported telecommuting solutions over analog lines and ISDN.
  • Evaluated and enhanced open source software to provide desired functionality.
  • Wrote tools for UNIX system maintenance and support tasks.
  • Provided primary support for electronic mail and Usenet News.
  • Provided system support for trading application environments.

Systems Analyst

5/1992 to 7/1992
5/1991 to 8/1991

DS-Konsultit Oy

Lappeenranta, Finland

  • Designed and deployed a local area network.
  • Deployed and managed UNIX and XENIX systems for the new LAN environment.
  • Designed and implemented additional security features for the production environment.
  • Provided support for LAN and dialup networking, and UNIX and XENIX systems.
  • Developed enhancements for custom accounting and cashier database applications.

Professional Experience (continued)

Senior Systems Analyst

6/1990 to 9/1990
12/1988 to 2/1990

Teaching Assistant

9/1991 to 5/1992
9/1990 to 5/1991
1/1990 to 5/1990

Lappeenranta University of Technology,
Computing Centre

Lappeenranta, Finland
 

  • Designed and coordinated the integration of multiple UNIX platforms to a common environment through extensive use of services on the local area network.
  • Planned the use of applications in a networked multi-vendor environment.
  • Installed and managed HP-UX systems (HP9000 Series 800, 700 and 300).
  • Ported open source software to multiple UNIX platforms.
  • Supported users on UNIX, VMS, ConvexOS, Apollo DomainOS and MPE.
  • Taught exercise classes and graded home assignments and assignment projects for Data Structures and Algorithms, Information Systems and Systems Design, and Languages, Compilers and Interpreters.

Systems Intern

6/1988 to 8/1988
6/1987 to 8/1987

Programmer

1/1988 to 4/1988

Finnish Air Force Headquarters,
General Staff Office

Tikkakoski, Finland
 

  • Upgraded, managed and supported Vax/VMS.
  • Reduced daily data transfers from 6 to under 1 hour through careful process analysis.
  • Automated manual daily workflows with friendly menu-driven scripts on PDP/RSX.
  • Ported the simulation model of the Hawk fighter jet engine written in FORTRAN to an IBM 4381 running VM/SP.
  • Developed an automated online bank payment module for the reserve rehearsal salary payment system using dBase II. Later ported the application to Oracle V5 tools.
  • Developed applications for grading and selecting students for the Air Force Academy.

Education

B.S. equivalent, Information Technology
Lappeenranta University of Technology, Lappeenranta, Finland

Studies include a one year scholarship in the Master of Science program of the Department of Computer and Information Sciences at the University of Delaware, Newark, DE, USA.

Key Words

Languages

Finnish:
Native.
English:
Fluent.
Swedish:
Good.
German:
Basic.

Networking

Hardware:
Cisco (series 7500, 7200, 6500, 5500, 4700, 3600, 3550, 2900, 2600, 2500, 1900, 1000, 800), IOS 10-12. Extreme Networks. Bay Networks. Wellfleet. Intel Shiva. Netopia. Xylogics Annex. Ascend. Netgear. 3Com. Allied Telesyn. Xylan. Chipcom. MorningStar. Adtran. Larscom.
Routing:
BGP4+. OSPF. RIP. EIGRP. PIM. IGMP. RPSL. MHSRP.
Transport:
IPv4. IPv6. AppleTalk. IPX. X.25.
Link:
HDLC. PPP. Frame Relay. ATM. CDMA.
Media:
Ethernet (1000BaseSX, 1000BaseTX, 100BaseTX, 10BaseT). DS-3. T-1. DS-0. Wireless LAN (IEEE 802.11a/b/g, Symphony). DSL. ISDN. Dialup.
Services:
DNS. NIS. DHCP. BOOTP. NFS. SMTP. NNTP. HTTP. XML-RPC. SNMP. RADIUS. IPsec. Kerberos 5. Kerberos IV. RSA SecurID.
Firewalls:
IP-Filter. Cisco IOS/FW/IDS (CBAC). Cisco PIX. Check Point FW-1. IP Chains.

UNIX

Systems:
Linux (Debian, Fedora, Ubuntu, Red Hat). Qubes. NetBSD. FreeBSD. Solaris. SunOS 4. HP-UX (3.10-10.20). Digital Unix. IRIX. SCO. Dell SVR4. Apollo DomainOS. ConvexOS.
Software:
BIND. Unbound. NSD. MyDNS. Netfilter. IP-Filter. Postfix. Sendmail. Cyrus. Procmail. Anomy Sanitizer. Nginx. Apache. MySQL. Sphinx. Icecast. Leafnode. C-News/NNTP. Zebra. Quagga. GateD. IRRd. UUCP. AMD. AutoFS. Automount. Samba. MMDF. CVS. RCS. Subversion. svk. KickStart. X11. Rsync. Amanda.

Other Systems

Mac OS X.
Windows 8/7/Vista/XP/2000/NT/98/95/3/2.
Vax/VMS.
DOS.
MPE.
VM/SP.
PDP-11/RSX.

Programming

Shell Programming (e.g. sh, awk, sed, make, m4).
PHP.
Perl.
Tcl.
C.
C++.

Topics

Network Design.
Dynamic Routing.
Global Routing Policies.
Network Security.
Firewalls.
Business Continuity.
Disaster Recovery.
Design of UNIX Environments.
UNIX Integration.
UNIX System Tools.
Open Source Software Development.