Eric Wuehler

Architect. Developer. Leader. As a Senior Principal Engineer within McAfee's Office of the CTO, I bridge the gap between experimental research and global-scale engineering. My career has evolved alongside the tech landscape—from pioneering mobile and IoT security to architecting the next generation of AI/ML cloud platforms. I lead a high-performing team focused on neutralizing threats through hybrid detection layers and real-time efficacy monitoring. Whether I'm collaborating with teams in India, Ireland, or places across the globe, my goal remains the same: solving the world's most complex consumer security problems through elegant, scalable, honest engineering.

Research security and safety concepts for mobile users. Building iOS and Android applications that move beyond "traditional" security. Research security and safety ideas in the context of IoT and Wearables.
Project: Safe Family
‣ Working with teams in the US and China to build the Intel Security Safe Family product.
Project: McAfee Mobile Security
‣ Working with teams in the US and India to build mobile security solutions for iOS.

Working with the larger team to define and deliver a scalable and secure IoT management platform that spans Cloud and on-premise deployments. Deep research into management and security of IoT devices. Building proof of concept devices and software, leveraging technologies for sharing sensor data between devices.
Project: Helix Device Cloud
‣ Worked with cross-company team (Intel, WindRiver, and McAfee) to build a secure IoT Platform for managing devices.

Design and architecture; building a solution for managing security for mobile devices in the enterprise. Working with teams in house as well as partners and acquisitions to create valuable mobile security solutions for Government, Enterprise and Small Business.
Project: Enterprise Mobility Management
‣ Worked with team of 40+ engineers to develop and integrate a mobility management solution into our flagship management platform, ePO. Working with all product owners to continue deeper integration and enhance interoperability across all product lines.

Experienced research, prototyping and developing mobile security products, platforms and libraries for iOS, Android and other mobile Operating Systems. Coordinate with a global development team to deliver mobile products that are available worldwide.
Project: McAfee Mobile Security
‣ Developed App Protection feature of MMS 2.0, which includes evaluating access permissions and URLs accessed by an app to provide the user with a privacy rating. The privacy rating indicates to the user how much of a privacy risk an app is and what URLs are embedded in the app that it might try to send your private data to.
‣ Architect for a "dynamic branding" feature which allows McAfee to publish a single build to the Android market, but have the install/setup procedure "brand" the UI based on how the user came to.

As a senior member of the team, my duties include providing technical leadership and direction for the enterprise product integration with McAfee’s enterprise console, ePolicy Orchestrator. The platform requires a detailed understanding of key enterprise technologies such as Java (J2EE, Servlets, JSP), SQL, XML, Web Services and LDAP.
Project: ePolicy Orchestrator 4.6
‣ ePolicy Orchestrator is McAfee’s industry leading console for Security and Compliance Management. A few of my responsibilities included defining and documenting the core internal and external facing APIs for products integrating with ePO 4.6; building and defining a framework and API for comparing arbitrary policy objects as defined by the product teams in ePO and creating a .NET web service for the ePO 4.6 software catalog feature to allow product updates via a web service within the platform.
Project: ePolicy Orchestrator 4.5
‣ My responsibilities included Rogue System Detection integration, User-based Policy management and consistent integration across a large number of other McAfee products integrating with ePO.
Project: Rogue System Detection
‣ Lead developer for Rogue System Detection. RSD passively monitors a network and reports to the ePolicy Orchestrator server information about devices on the network, allowing the administrator to manage and remediate “rogue” systems in the corporate environment.
Project: ePolicy Orchestrator 4.0
‣ The first release of McAfee’s enterprise console based on a new framework, McAfee Foundation Services. My focus was on helping the ePO team with the new framework integration.
Project: McAfee Foundation Services 1.0
‣ The project’s goal was to build a platform that would allow faster and easier integration of all McAfee’s enterprise products by providing a set of APIs and tools that allowed maximum flexibility, but consistent workflows and visual identity.

Particular embodiments described herein provide for a system that can be configured to facilitate the use of a blockchain for distributed denial of service attack mitigation, the system can include a network security provider and a validating node. The network security provider can recognize that a distributed denial of service (DDoS) attack is occurring, create a block that includes data related to the DDoS attack, and publish the block that includes the data related to the DDoS attack for addition to a blockchain. The validating node can validate the block that includes the data related to the DDoS attack and the block that includes the data related to the DDoS attack can be added to the blockchain. The block that includes the data related to the DDoS attack can be analyzed to determine how to mitigate a similar DDoS attack.

There is disclosed in one example a gateway apparatus to operate on an intranet, including: a hardware platform; and an access proxy engine to operate on the hardware platform and configured to: intercept an incoming packet; determine that the incoming packet is an access request directed to an access interface of a resource of the intranet; present an access checkpoint interface; receive an authentication input response; validate the authentication input response; and provide a redirection to the access interface of the device.

Sharing IoT device (IoTd) profile data is provided, comprising: generating at least one access control rule to protect an IoTd; publishing first IoTd profile data in a first new block (FNB) of a blockchain of a blockchain network (BN), wherein the first IoTd profile data comprises the at least one access control rule; and committing the FNB to the blockchain based on a consensus algorithm by: a manufacturer of the IoTd committing the FNB to the blockchain; a security vendor (SV) participating in the BN committing the FNB to the blockchain when the SV is a sole SV participating in the BN; or the SV committing the FNB to the blockchain based on consensus among at least the SV and a plurality of security vendors when the SV and the plurality of security vendors are participating in the BN.

Example data leakage detection apparatus disclosed herein include a fingerprinter to generate a first data fingerprint of a first data item accessed from a data source. Disclosed example data leakage detection apparatus also include a blockchain scanner to scan a blockchain to detect whether a first blockchain record includes a second data fingerprint that matches the first data fingerprint of the first data item. Disclosed example data leakage detection apparatus further include a blockchain writer to write a second blockchain record to the blockchain when the second data fingerprint matches the first data fingerprint, the second blockchain record to indicate the first data item is associated with a data leak of a protected data item represented by the second data fingerprint. In some examples, the second blockchain record is to include the first data fingerprint and a first timestamp.

Mechanisms for split tunneling are provided, the method comprising: identifying a plurality of user devices; determining that communications for a first device of the plurality of user devices are to be tunneled; receiving a DNS request from a second device of the plurality of user devices; modifying the DNS request to request meta information corresponding to a domain identified in the DNS request; sending the DNS request to a DNS server using the hardware processor; receiving a response to the DNS request including the meta information; determining that communications for the second device are not to be tunneled based at least in part on the meta information; and causing the communication for the first device to be tunneled and the communications for the second device to not be tunneled.

Methods, apparatus, systems, and articles of manufacture are disclosed to securely audit communications. An example apparatus includes a participant list generator to, responsive to a command to provision a secured group of devices in a network to prevent malicious activity, generate a participant device list including one or more endpoint devices and a control plane server; a privilege controller to, based on a policy indicated in the command, set read and write privileges for the one or more endpoint devices and the control plane server; a command controller to, based on the command, determine whether to generate a shared communication key using a shared system key; and a communication processor to encrypt communications between the one or more endpoint devices and the control plane server using the shared communication key.

A steganographic coding detector (and method) analyzes one or more pages of a file. For each page containing text strings, the detector counts a number of A0h and 20h characters for the text string. For each text string for which the number of A0h characters is greater than a first threshold, the detector sets a flag to a first state, The first threshold is computed based on the number of 20h characters in that text string. For each text string for which the number of 20h characters is less than the first threshold, the detector sets the flag to a second state. Responsive to the number of text strings that have a flag at the first state being greater than a second threshold, the detector marks the file as being steganographically encoded.

Example apparatus disclosed herein generate blocks of a blockchain, the blockchain to store a neural network that has input nodes, hidden nodes and output nodes, with respective ones of the blocks of the blockchain including respective code and respective data to represent corresponding ones of the output nodes of the neural network, a first one of the blocks including first code and first data to implement operations to be performed by a first one of the output nodes, the hidden nodes and the input nodes on input data applied to the neural network to determine an output of the first one of the output nodes. Disclosed example apparatus also train the neural network to determine at least portions of the respective data to include in the respective ones of the blocks of the blockchain, and forward the blockchain to a server that is to distribute the neural network to client(s).

An apparatus, related devices and methods, having memory; and a processor operable to execute instructions stored in the memory configured to cache a first data object and a second data object received from a source in a cache group based on metadata received from the source, where the metadata identifies the first and second data objects as related and the first data object as a trigger object; receive a request from a client for the first data object; identify, based on a determination that the first data object is invalid and is the trigger object, the first data object and the second data object as invalid; request a valid first data object and a valid second data object from the source; and cache the valid first and second data objects, received from the source, in the cache group.

Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic network classification using authenticated neighbor detection. An example includes a network comparator to determine whether a network to be connected by a computing device is a managed network based on network configuration information associated with the network, in response to determining the network is not a managed network, a neighbor comparator to determine a number of different computing devices on the network that are managed computing devices, and in response to determining that the number of the managed computing devices satisfies a threshold, a sensor controller to invoke a sensor of the computing device to obtain data from computing devices associated with the network, the computing devices including the managed computing devices.