Kenneth Duck - Senior Developer, Sonatype Inc.

Home | Regular Employment | Consulting | Skills | Education
Employment History, Regular employment positions
Sonatype Inc.
Senior Software Developer
Dec 2020 - Present
Liverpool, Nova Scotia (Remote)

Ken, upon realizing that product management was not satisfying for him, moves back to a Senior Software Developer role. He moved to the newly formed "Lift" group that is developing Sonatype Lift, a cloud-based continual assurance product. He persisted through several rounds of ideation and prototyping until the desired development track was found, outlasting multiple other developers -- prototyping particularly suits Ken's temprament and skills. His role as a Senior (full stack) developer includes:

  • Prototyping and developing features for Sonatype Lift
  • Mentoring new employees
  • Acting on behalf of the lift team in some meetings
  • Working with other members in the team to develop and advance the architecture
  • Interacting with customers to identify desired product features and improvements
  • Writing unit and integration tests

Of particular note, within the Lift team Ken is an approachable source of knowledge on Sonatype data and products, particularly considering his extensive experience developing and managing the software security teams. This knowledge has helped significantly streamline and improve Lift development and the Lift product itself.

Development on OSS Index has continued apace. The most significant improvement has been migrating the back end to use a subset of Sonatype's commercial data, instead of its own database. Besided being an overall improvement in data quality, this has the added benefit of streamlining the required research and subsequent team (the OSS Index and Commercial research teams were merged). This has resulted in an overall increase in research speed (and more vulnerabilities found!)

Product Manager
Jun 2018 - Dec 2020
Liverpool, Nova Scotia (Remote)

Ken continued his career at Sonatype as Product Manager of the software security teams, where his role included:

  • Interacting with customers to identify their needs, including both internal users and external Sonatype customers.
  • Creating development plans and schedules to deliver features to users and customers. This includes the introduction of security data through research into Sonatype's system, through its delivery and representation to the end user. Development follows agile principles, necessitating an understanding of said principles and how they work within Sonatype's environment.
  • Working closely with other Product Managers to assist in cross-team planning.
  • Providing requirements to development teams such that appropriate features are developed for customers in a timely manner.
  • Act as an interface with customer support to ensure that customer questions and problems are handled appropriately.
  • Work with engineering managers, architects, and team leads to plan and ensure that products are developed in a sustainable way.
  • Assist sales engineers not just in supplying information, but occasionally talking directly with prospects to understand their needs.

Ken continued to develop for and support the public OSS Index, while putting into action plans to move the development and maintenance to Sonatype development teams. Ken has expanded the coverage of OSS Index, and developed and overseen the development of numerous open source scanning tools including:

  • Adding support for multiple ecosystems
    • Alpine Linux
    • Cargo
    • Cloajrs
    • Cocoapods
    • Conan
    • Conda
    • Cran
    • Go
    • Swift (Unreleased)
  • Writing command line scanning tools for a variety of ecosystems
    • Cheque (C/C++ scanner)
    • Nancy (go scanner)
  • Overseeing and being assisting in the development of numerous additional scanners
    • Bach (PHP scanner, unreleased)
    • Speedbump (Swift scanner, unreleased)
    • ...
Senior Software Developer
Jun 2017 - Jun 2018
Liverpool, Nova Scotia (Remote)

Upon acquisition of Vör Security by Sonatype, Ken worked as a senior software developer working on internal software security tools behind Sonatype's products.

Ken continued to support and develop OSS Index during this time.

Vör Security (Previously TwoDucks Inc.)
CEO and Founder
Oct 2013 - Jun 2017
Ottawa

TwoDucks consulting was incorporated in October 2013 and recently renamed to Vör Security. Since its incorporation Vör Security has grown to a small company of three employees.

Vör Security developed the free open source vulnerability tracking system, OSS Index, which together were acquired by Sonatype in June 2017. During this time OSS Index added support for numerous ecosystems and tool integrations and scanners.

  • Ecosystems
    • Bower
    • Chocolatey
    • Debian
    • Drupal
    • Maven
    • npm
    • NuGet
    • PyPi
    • RubyGems
    • RPM
  • Integrations/scanners
    • Audit.js (npm)
    • Audit.NET (Visual Studio)
    • DevAudit (Multi-platform multi-ecosystem scanner written in C#)
    • Maven plugin (java)
    • Gradle plugin (java)
Dalhousie University/Quantum Research Analytics
Senior Software Developer
June 2013 - Present
Halifax (remote)

QRA is "building tools to reduce engineering and testing costs for highly complex systems in the aviation, automotive, and utilities industries. By combining cutting edge technology, including quantum computing, and the latest mathematical techniques, QRA is able to find design flaws very early in the development cycle. QRA is poised to be at the forefront of complex system design through partnerships with leading institutions and corporations."*

I have been heavily involved in the development of the QVTrace web-based front end, built using HTML5 and AJAX technologies and communicating with the QVTrace back end to perform verification and validation of system models. My roles include:

  • Design and development of the front end web service, which manages data from the client and communicates with the back and tools.
  • Design and development of the front end UI, written in client-side Javascript to execute on all major browsers.
  • Implement data importers from Simulink model files, converting them to an internal format
  • Implement the database storage for imported models.
  • Monitor the customer problem tracking system (along with other developers), helping to resolve customer issues as quickly as possible including bug-fix releases if required.

KDM Analytics
Senior Developer & Software Architect
Mar 2007 - Oct 2013
Ottawa

KDM Analytics "is a security assurance company providing products and services for threat risk assessment and management, due diligence assessments, and information and data assurance. Leveraging our decades of experience in static analysis, reverse engineering and formal methods, we have created breakthrough products for the automated and systematic investigation of code, data and networks."

Much of the work performed by KDM Analytics revolves around OMG standards and specifications. My roles include a large variety of tasks in management, design, architecture, and development.

  • Architect of KDM Workbench, the company’s flagship product
  • Engineer SCAP compliance of KDM Workbench and integrate CVE information into KDM models
  • Architect and project-managed integration of KDM Workbench into client’s build, product environment, and assurance lab
  • Architect Threat Risk Analysis modeling environment and integrate it with KDM models
  • Manage R&D programs, assess risk, and ensure estimates are concise and accurate
  • Participate as Chief Architect and senior developer in various R&D projects funded by US Federal Government such as: CWE Formalizations, CWE-driven binary code analysis, CWE-driven Test Case Generator, Software Fault Patterns
  • Perform technical due diligence, security analysis, and report presentation for a number of clients
  • Providing services to customers, which often includes custom solutions
  • Following related developments in the field, with the aim of improving KDM Analytics' offerings
  • Integration of various open source and customized tools to provide new service and tool offerings
  • Conduct sales engineering tasks including technical presentations, build integration, and technical training
  • Translate informational requirements into logical, economical, and practical “system definitions”
  • Synthesize gathered information, prepare project plans, analysis reports, and data for client presentation
  • Provide corporate consulting in the design, development, coding, debugging, and enhancement of security assurance solutions

Klocwork
Senior software developer
Mar 2001 - Oct 2006
Ottawa
Klocwork's product offering continued to change and grew substantially, reflecting the company's growth and increased customer feedback. During this time I was involved in developing several key products, as well as fulfilling many other roles.
  • Lead developer for Klocwork's defect reporting tool (inherited from previous developer who left the company)
  • Lead developer for Klocwork's web-based defect management interface, "Project Central"
  • Developed FlexLM integration code for all Klocwork products, which used JNI. Klocwork's licensing needs are quite complex which required several unique solutions to problems posed by this integration
  • Performed build integration with the InstallAnywhere software installation tool. Our installation required several custom InstallAnywhere modules be written.
  • Located and integrated software used in automatic stress testing of web-based products.
  • Many special projects prototyping tools and ideas. These projects were usually performed under VERY tight timescales and vague requirements. These projects included:
    • Analysis of SQL software data to locate code patterns
    • Rendering of bug traces (extracted using static analysis tools) in graphical tool (inSight Architect)
    • Build log file analyser used by field employees in custom customer integrations
    • A product used to analyse C/C++ software dependencies (based on Klocwork data) and perform automatic edits to code that simplified dependencies, resulting in a customer's build speed improvements of over 30%.
  • Mentored and helped in training many new employees, several whom I worked with on the previously mentioned projects.
  • Used extensive product and general networking knowledge to assist in complex support situations
Third level engineering
Oct 2005 - Oct 2006
Ottawa
In addition to my role in development, during this year I assisted with support by continuing the handling of complex customer problems as well as through the design and development of custom support solutions for the company.
  • Developed/integrated a customer facing website for selling one of Klocwork's developer level products.
  • Integrated sales website with third-party web-service vendor Salesforce.com
  • Developed a knowledgebase system which provides a single location for customer support and sales teams to search through a database of previously handled problems.
  • Developed a system that aggregates the information from customer problem reports and internal bug reports which assists in ensuring no customer problems are lost
  • Continued to resolve complex customer issues and develop software patches for issues that could not be resolved in other ways
  • Assist in the training of new customer service personnel
Nortel Networks
Senior software developer
Nov 1999 - Mar 2001
Ottawa
In addition to my software development roles which included software and product design and development, GUI design and customer service, my responsibilities were expanded to include consulting, project management, and team leading. During this period of time we were also assembling information and performing the many tasks required for preparing to spin out of Nortel. We grew the employee base to 25 by 2001 and achieved spin out (February 2001).
  • Assisted in the re-architecting of the inSight database with an end goal of increasing tool speed.
  • Primary developer of the inSight Architect tool, both managing and performing a re-architecting of the tool to increase its speed.
  • Project leader in supporting one of the lead customers of inSight, valued at over $700 K.
  • Developed several tools and customizations required by our lead customer.
  • Assisted in the collection and development of material required for spin out.
Aug 2000 - Mar 2001
Ottawa
When spinning out of Nortel there was a span of time where, though we had a sales team, an employee with technical product knowledge was needed to assist on customer visits to ensure succesfull product demonstrations. This was especially critical due to the complexity of the product and the depth of software development knowledge required to discuss the product in depth with potential customers' software development teams. Though I have worked directly with customers throughout my career to this point, working with sales was key in improving my communication skills and better understanding customer issues and needs, as well as the difficulties in deploying complex software in diverse environments.
  • Conducted product meetings and demonstrations for many potential clients, including Sun Microsystems.
  • Prototyped several new product concepts
  • Maintained a dialogue with customers to obtain feedback
  • Provided support to new customers
  • Provided development support for some code components for other developers
  • Worked with the sales team to create initial branding and sales initiatives
  • Trained additional sales engineers.
Software developer
May 1997 - Nov 1999
Ottawa
Being a small group (initially three individuals), my roles included software and product design and development, GUI designer, and customer service. Towards the latter half of this time we were selected for spin out by Nortel's Business Ventures Group.
  • Primary developer of the inSight Architect tool.
  • Used own initiative to pursue new ideas
    • Designed and prototyped precursor to inSight's cross-reference tool, which was key in being selected by the Business Ventures Group for spin out over other potential ventures.
    • Designed and prototyped web-based software architecture exploration tool, which has grown to be a pivotal component of Klocwork's offerings.
  • Sole customer service representative for inSight.
  • Performed customer demonstrations (sales engineer role).
Software developer (internship)
May 1995 - Aug 1996
Ottawa
I was involved in a new research project attempting to reverse engineer software systems into a high level modeling language for use in training and software improvements. The work I did here helped lay the foundations for the inSight architectural analysis tool. Concurrently I performed upgrade testing on a major optical network product (OC48).
  • Developed upgrade testing "HOWTO" manual subsequently used for several years
  • Modelled portion of large software product in graphical modelling tool
  • Prototyped tool to translate from a programming language (protel) into a standard modeling language (SDL)
This webpage is hand-crafted HTML using CSS (Cascading Style Sheets) and SSI (Server Side Includes)
Page last modified on 08/23/22