Oct. 2008 - onward, Software security consultant, Cigital Inc.
Architectural risk analysis, threat modeling, code review (security/quality, automated a/o manual), penetration testing (web apps, mobile phone applications, thick clients, etc.). Data analysis to help customer understanding their data better (descriptive, exploratory, data-mining), focus on system security and fraud detection.
May 2006 - Sept. 2008, Computer Security Scientist at NIST
Study the impacts of the static analysis tools (source code analysis) such as Coverity, Klockwork K7, Fortify SCA, etc., contribute to the SAMATE Reference Dataset, study tools behavior on source code variations (creation of PHP-Ast/Oracle).
Work on the evaluation methodologies of Web Application Scanners such as Acunetix WVS, Cenzic Hailstorm, Watchfire AppScan, HP WebInspect, Parosproxy etc. (creation of a proof-of-concept minimum bar web apps scanner/hybrid tool: Grabber).
Co-organizing the NIST Static Analysis Tool Exposition (SATE) 2008.
Development of various websites: SAMATE Reference Dataset, SATE 2008's
Expertise: Web Applications Security, Source Code Security, Static Analysis Tools, Web Apps Scanners, C, C++, Python, PHP, MySQL
April 2005 - Sept. 2005, Data-Mining/Computer Scientist at GERAD
I worked on automatic generation of conjectures and theorems for the graph theory. I developed software in C++ with Qt and XML: "database on graph theory information", "automatic generation/refutation of conjectures and theorems" and "generation of a dissimilarity matrix".
I did this internship under the direction of Pierre Hansen and Gilles Caporossi from the Group for Research in Decision Analysis (GERAD), HEC, Montréal, Québec, Canada.
V. Okun, R. Gaucher and Paul E. Black, "Static Analysis Tool Exposition (SATE) 2008", U.S. National Institute of Standards and Technology (NIST) Special Publication (SP) 500-279, June, 2009
R. Gaucher, "Automated tools for security, the challenge 2.0?", Presentation, CSI 2008, Web 2.0 Summit, Nobember 18, 2008, Washington DC, USA.
R. Gaucher, "SATE 2008: Automated Evaluation", Presentation, PLDI 2008, Static Analysis Workshop, June 12, 2008, Tucson, AZ, USA.
R. Gaucher, "Web Application Security Scanners: Problems and Solutions for testing the tools", Presentation, DHS Software Assurance Working Groups Session, Jan 31, 2008, Virignia, USA.
R. Gaucher and E. Dalci, "Web Application Security Scanners: Building a test suite for the tools", Presentation, HICSS-41 Conference (IEEE), Jan 6, 2008, Hawaii, USA.
E. Fong, R. Gaucher, V. Okun, E. Dalci and P. Black, "Building a Test Suite for Web Application Scanners", in Proceedings of HICSS-41 Conference (IEEE), Jan 7-10, 2008, Hawaii, USA.
E. Fong and R. Gaucher, "Testing web application scanner tools", Presentation, Verify Conference 2007, Oct 30, 2007, USA.
V. Okun, W. Guthrie, R. Gaucher and P. Black, "Effect of Static Analysis Tools on Software Security: Preliminary Investigation", in Proceedings of 3nd International Workshop on Quality of protection (QoP 2007) Conference, Oct 29, 2007, Alexandria VA, USA.
P Black, E. Fong, V. Okun and R. Gaucher, "Software Assurance Tools: Web Application Security Scanner, Functional Specification Version 1.0", NIST Special Publication 500-269, Aug. 29, 2007, USA.
M. Koo, R. Gaucher and V. Okun "Source Code Security Analysis Tool: Test Plan", NIST Special Publication 500-270, March. 9, 2007, USA.
Education
2003-2006: Graduate from ISIMA (Master degree) grad school. Speciality in modelling and applied mathematics. Clermont-Ferrand, France (ISIMA Website)
2000-2003: Classes préparatoires (specific advanced classes: maths, physics and electronics) at Troyes, France.
2000: Baccalauréat in electronics at Troyes, France
Others: Operational Research, Data-Mining, Finites Elements Methods, Trolltech Qt (3.3 and 4.x), Parallelism (OpenMP and MPI), OpenGL programming, Constraint programming, Simulation, Modelling and Mathematics
School projects history
Third year project: A least squares cluster wise regression heuristic using Variable Neighbourhood Search (VNS)
We have to improve the robustness and the efficient of this model. We are using C++<, Java and Python for some tests and implementations of data-mining algorithms and meta-heuristics. This study aimed to prove the solvability of data-mining problem (clustering) using operational research tools (meta-heuristics).
You can download the project sources (full C++): clusterwise-VNS This project comes from collaboration with Pierre Hansen and Gilles Caporossi from the GERAD.
Second year project:. Building a modeller for linear programming problems. It calls ILOG CPLEX solver or the gnu equivalent solver: GLPK. This project uses C++ and have a binding in Python< (with Boost).
The current "Modelib" implementation supports LP and MPS format.
This project is not active anymore, but can be found here: http://rgaucher.info/modelib (French comments etc.)
First year project: 3D simulation of space explorer. Made in C++ with OpenGL, this simulator works by loading space information, planets definition and render it in full 3D.
Sports: Golf, Rugby (Used to be a member of the ISIMA team), Squash, Tennis, Mountain-bike, Foosball.
References
Professor at HEC Montréal. Holder of the Data Mining Chair at HEC Montréal. Member of the Group for Research in Decision Analysis (GERAD).
Mr. Hansen Pierre.Hansen _AT_ hec _DOT_ ca + 514 340 6486
HEC Montréal, 3000, Chemin de la Côte-Sainte-Catherine, H3T 2A7 Montréal (Québec), Canada.
Professor at ISIMA Clermont-Ferrand. In charge of speciality: Development, Optimization and Graph Theory
Mr. Duhamel Christophe.Duhamel _AT_ isima _DOT_ fr +33 473 405 037
ISIMA, Campus Universitaire des Cézeaux, BP 125 63173 AUBIERE Cedex, France.