Dug Song

Founder, Scio Security

Greater Detroit Area

Current
  • Advisor at Olark
  • Advisor at Peekok
  • Board member at Appropriate Technology Collaborative
  • Advisor at Mobiata
  • Founder at Scio Security
  • Advisor at VMCraft
  • Co-Founder at Ann Arbor Skatepark Action Committee
  • Advisor at Mu Dynamics
  • Founder at monkey.org

see less...

6 more...

Past

see less...

8 more...

Recommended
Dug has 10 recommendations 10 people have recommended Dug
Connections
500+ connections
Industry
Computer Software
Websites

Dug Song’s Summary

Startup cofounder with extensive experience building and leading diverse, distributed, world-class technical teams to deliver amazing products in enterprise security, telecom, consumer Internet, and broadcast media. Strong, pragmatic technical leader who cares deeply about the teams, products, and companies he builds. Consistent history of driving the growth of early-stage companies through lean engineering and market-focused innovation.

Dug Song’s Experience

  • Advisor

    Olark

    (Computer Software industry)

    2009Present (less than a year)

    Olark (formerly Hab.la) adds easy live chat to your website to engage visitors and convert sales. Chat with your website visitors while they browse, using your mobile device or instant messenger.

    Seed funding from YCombinator, Summer 2009.

  • Advisor

    Peekok

    (Computer Software industry)

    2009Present (less than a year)

    Peekok provides a suite of brand-transparent, turnkey, digital services for retail sales, increased fan engagement, and viral marketing for the music industry.

  • Board member

    Appropriate Technology Collaborative

    (Design industry)

    2009Present (less than a year)

    The Appropriate Technology Collaborative (ATC) is a nonprofit organization whose mission is to design, develop, demonstrate and distribute appropriate technological solutions for meeting the basic human needs of low income people in the developing world. ATC works in collaboration with its clients and other nonprofits (NGOs) to create technologies that are culturally sensitive, environmentally responsible and locally repairable in order to improve the quality of life, enhance safety, and reduce adverse impacts on their environment.

  • Advisor

    Mobiata

    (Privately Held; Computer Software industry)

    2009Present (less than a year)

    Mobiata creates best-selling applications for the iPhone and iPod touch, with an emphasis on elegant user interface design. Since its founding in December 2008, Mobiata applications have been featured by the New York Times, Wall Street Journal, Forbes, Washington Post, TechCrunch, USA Today, Macworld, PC Magazine and others. Apple features FlightTrack in full-page ads in the New York Times and Wall Street Journal, and in iPhone television commercials.

  • Founder

    Scio Security

    (Privately Held; Computer & Network Security industry)

    October 2009Present (2 months)

    In Scientia Securitas

  • Advisor

    VMCraft

    (Computer & Network Security industry)

    2007Present (2 years )

    VMCraft is a small, elite Korean security firm with a fast, secure desktop virtualization product that inverts the usual paradigm: instead of sandboxed execution of untrusted code to protect the host OS, they provide secure (failsafe) virtualized execution environments safe from underlying host compromise. Sounds impossible? Think exokernels...

  • Co-Founder

    Ann Arbor Skatepark Action Committee

    (Civic & Social Organization industry)

    2007Present (2 years )

    With Ann Arbor Public School teacher and lifelong skater Trevor Staples, built a grassroots organization of over a thousand community members and civic leaders to build a free, public, concrete skatepark at Veterans' Memorial Park in Ann Arbor, MI.

    We are also supported in our mission by members of the Ann Arbor City Council, Parks and Recreation Services Unit, Park Advisory Commission, Ann Arbor Area Community Foundation, Community Action Network, Neutral Zone Teen Advisory Council, Ann Arbor State Street Area Association, Ann Arbor Main Street Area Association, Ann Arbor South University Area Association, Ann Arbor Commission in Art in Public Places, and many other institutions and local businesses.

    With the unanimous approval of the memorandum of intent and fund agreement by City Council on Dec 1, 2008, we are currently raising $1M for our design/build fund, including an endowment to be granted to the city for maintenance.

  • Advisor

    Mu Dynamics

    (Privately Held; Information Technology and Services industry)

    2006Present (3 years )

    Mu Dynamics pioneered the security analyzer market, and is shipping the industry's first security analyzer product - an automated test platform to methodically break and analyze any network device that speaks TCP/IP, especially for VOIP, IPTV, and IMS NGN applications at global service providers and MSOs. Scary good stuff.

  • Founder

    monkey.org

    (Privately Held; 1-10 employees; Internet industry)

    1996Present (13 years )

    International online monkey cult.

  • Advisor

    After The Deadline

    (Computer Software industry)

    2009September 2009 (less than a year)

    After The Deadline brings cutting-edge contextual spell checking, grammar checking, and style checking to the web, in a seamless service integration with the most popular online publishing tools and platforms (WordPress, TinyMCE, etc.). Through a combination of carefully-tuned statistical machine learning and NLP techniques, AtD's sophisticated language models can catch and suggest corrections to subtle errors in context - even in poetry! http://bit.ly/badpoetry

    Acquired by Automattic (Wordpress.com), July 2009.

  • Chief Architect

    Barracuda Networks

    (Privately Held; Computer & Network Security industry)

    August 2009September 2009 (2 months)

    Technical due diligence on two of Barracuda's subsequent acquisitions - Phion AG (Austrian/Swiss firewall vendor) and Purewire (cloud web filter in Atlanta), architectural review of their cloud-based products (Control Center, Backup), line management of the Ann Arbor-based product teams. Decided I'd rather be on the sell-side of such deals as an entrepreneur, although I miss the great people and teams I met there.

  • VP Engineering

    Zattoo

    (Privately Held; Internet industry)

    20072009 (2 years )

    Responsible for the development and delivery of Zattoo's Internet TV service, including application and server development, quality assurance, service infrastructure and operations, and tools acquisition and development.

    - Built and mentored a lean, elite international development and operations team from 6 full-time engineers
    - Grew our userbase from 400k in Switzerland and Denmark (in previous 2 years) to 5 million across UK, Spain, Germany, France, Belgium, and Norway
    - Coordinated new channel, radio station, and ad product launches and campaigns for delivery in as little as 2 days
    - Integrated with the largest third-party ad networks in Europe
    - Serviced Europe's biggest flash crowds during Euro 08 and the Olympics
    - Deployed full PAL-resolution IP multicast service with a national telecom provider
    - Co-branded P2P service with one of Europe's largest pay TV operators
    - Subscription payment platform for high-quality and premium channels
    - Successfully migrated from our proprietary P2P stack to commodity Flash CDNs as the market shifted, allowing the decommissioning of much of our fixed infrastructure

  • Technical Board member

    VOIPSA

    (Non-Profit; 11-50 employees; Computer & Network Security industry)

    20062007 (1 year )

    Vendor-neutral industry alliance leading the charge on securing Internet telephony through research, advocacy and open standards work.

  • Chief Security Architect

    Arbor Networks

    (Privately Held; 51-200 employees; Computer & Network Security industry)

    20032007 (4 years )

    Built and led 3 teams to deliver 3.5 products over 7 years to address both service provider and enterprise markets. Arbor has doubled revenue every year since inception to become a $80M company with customers in over 20 countries.

    Architect of Peakflow X, the world's first network behavioral analysis system for internal security, safe worm quarantine, and behavioral threat detection. Moved to NYC briefly to land our first Fortune 100 financial accounts. Led the market through customer wins, innovation, press, and our first enterprise sales channel: an OEM deal with ISS (now IBM). Now protecting the internal networks of the largest enterprises in the world.

    Architect of ATLAS, an Internet-scale early warning and intelligence service fed by global Peakflow SP and X deployments, third-party data feeds, automated malware and botnet analysis systems, and the world's largest distributed honeynet, capturing traffic destined for pullup routes at major providers across the globe.

  • Team Member

    The Honeynet Project

    (Computer & Network Security industry)

    20012003 (2 years )

    The Honeynet Project was the first organized, public attempt to capture and study Internet attacks in a low-level, systematic way through the use of deception, funded in part by the CIA's National Intelligence Council. The project's tools and publications paved the way for globally-scoped Internet threat monitoring and analysis years later by research groups in both industry and academia.

  • Principal Security Architect

    Arbor Networks

    (Privately Held; 51-200 employees; Computer & Network Security industry)

    20002003 (3 years )

    Founding architect - recruited the dev team, bootstrapped the company from day one with management, infrastructure, and a fun, engineering-driven culture. Represented Arbor to investors, customers, press and analysts. Authored several patents.

    Managed Peakflow DoS through the first customer wins that positioned us in a year to expand into traffic engineering and managed services applications. Survived the telecom nuclear winter to achieve market dominance, now deployed at over 70% of the world's Internet service providers, successfully protecting the Internet from the largest distributed denial of service attacks since 2000.

    Developed the world's first blackhole monitor, instrumenting a legacy class A network to track global worm, scan, and DDoS backscatter activity (commercialized as an Internet early warning system for the US Department of Defense). Caught and tracked the rebirth of the Internet worm (CodeRed, Nimda, etc.), the first since the Morris worm of 1988.

  • Hacker

    OpenBSD

    (Non-Profit; 11-50 employees; Computer & Network Security industry)

    19962001 (5 years )

    Userland, kernel hacks, mailing lists, documentation, rides to Canada for crypto commits, etc. Spun out OpenSSH, and pulled a bunch of {umich,monkey,security} developers into the project. Produced the first OpenBSD t-shirts at Defcon 6, designed by nemickol@monkey (who went on to do graphics through 2.4), and edited the monkey FUQ, which became the OpenBSD FAQ.

  • Technologist

    Center for Information Technology Integration, University of Michigan

    (Research industry)

    19992000 (1 year )

    Developed the IETF reference implementation of RPCSEC_GSS (portable userland and Linux kernel code) for NFSv4 sponsored by Sun Microsystems (now shipping in Mac OS X and Linux).

    In the course of a pentest ordered by DrHoney: Cracked Citrix's proprietary ICA encryption algorithm, wrote the ARP + DNS spoofing / SSH + SSL man-in-the-middle / password + mail + file + IM sniffing / traffic shaping tools that became dsniff, added Kerberos v4 support to John the Ripper to crack an entire AFS cell remotely, and ended up with all the passwords for the Regents of the University (and a few thousand extra ;-)

    Published the first successful security breaks of Check Point Firewall-1 with horizon and Thomas Lopatic at the Blackhat Briefings, resulting in Service Pack 4 and NG.

    Developed traffic analysis attacks against the SSH protocol with Solar Designer, presented at HAL 2001 (and independently developed by Dawn Song and David Wagner).

  • Security Architect

    Anzen Computing

    (Privately Held; 1-10 employees; Computer & Network Security industry)

    19971999 (2 years )

    Developed a network intrusion detection system that modelled vulnerabilities, not exploits, through deep protocol analysis and statistical and specification-based anomaly detection. Lead developer, pre-sales engineer, technical marketing, training, post-sales support, and everything in-between. Classic startup burnout. Acquired by NFR Security.

    fragrouter, tcpreplay, and some other IDS testing tools presented at RAID '99 came out of this as well.

    Integrated TIS Gauntlet, Checkpoint Firewall-1, and F-Secure VPN products in their heyday for financial service providers, fed/gov, and Fortune 100 enterprises when we were a well-regarded boutique consultancy with a booming VAR business.

  • Systems Research Programmer / Security Administrator

    University of Michigan Information Technology Division

    (Educational Institution; 10,001 or more employees; Higher Education industry)

    19941997 (3 years )

    Managed security for the general-purpose campus computing environment: >30k active users, over 200k principals across the world's largest production Kerberos realm / AFS cell. Wrote the first Kerberos/AFS support for SSH. Heavy-duty realtime log analysis, deep forensics, incident response, AFS-hosted machine re-imaging via synctree, adaptive IP filter firewalling, sneaky (self-trojaned) host security.

Additional Information

Dug Song’s Websites:

Dug Song’s Interests:

humanitarian and development work, open source, computer security, skateboarding, subcultures of every stripe

Dug Song’s Groups:

USENIX, ACM, VA-NGO, w00w00, OpenBSD, OpenSSH, a2geeks, a2newtech, a2skatepark

  •    a2b3 - Ann Arbor Bi Bim Bop
  •    The Residential College
  •    Black Hat Speakers
  •    University of Michigan Alumni
  •    USENIX Association
  •    Center for Information Technology Integration
  •    NANOG - North America Network Operators Group
  •    OpenBSD
  •    MPowered Entrepreneurship (UofM)
  •    monkey.org
  •    Zattoo
  •    SpringStage Startup Network
  •    The Honeynet Project
  •    University of Michigan EECS Alumni Society
  •    a2skatepark
  •    a2geeks
  •    DEFCON Groups Chapter 734
  •    Arbor Networks
  •    University of Michigan Tech Transfer
  •    Ann Arbor Startup Execs
  •    Mu Dynamics
  •    Ann Arbor New Tech Meetup
  •    Momentum-MI
  •    Cloud Security Alliance
  •    CoffeeHouseCoders
  •    Geeks On A Plane
  •    Ignite Ann Arbor
  •    HERT
  •    Lakeshore Advantage
  •    Appropriate Technology Collaborative

Dug Song’s Honors:

Program Committee, USENIX Workshop On Offensive Technologies (WOOT), 2009
Panelist, Futurtech, 2008
Program Committee, Bellua Cyber Security, 2008, Indonesia
Program Chair, USENIX WOOT, 2008
Program Committee, USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008
Program Committee, VNSECON 2007, Vietnam
Presenter, EUROSEC 2007, France
Program Chair, USENIX WOOT, 2007
Program Committee, USENIX Security, 2007
Program Committee, USENIX Workshop On Recurring Malcode (WORM), 2006
Presenter, Korea University CCS, 2006
Presenter, Microsoft Bluehat, 2005
Presenter, IAAC Secure Britain Masterclass, 2004, UK
Presenter, SyScan, 2004, Singapore
Presenter, FIRST, 2002
Presenter, CanSecWest, 2002
Presenter, Hackers At Large, 2001, Netherlands
Presenter, Information Security Olymfair, 2001, Korea
Presenter, CanSecWest, 2001
Presenter, Black Hat Briefings, 2000
Presenter, USENIX Technical, 2000
Presenter, Recent Advances in Intrusion Detection (RAID), 1999

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View Dug Song’s full profile:

  • See who you and Dug Song know in common
  • Get introduced to Dug Song
  • Contact Dug Song directly

View Full Profile