SUMMARY:

• Specialties include Enterprise Network and Systems Infrastructure, Virtualization, Private, Hybrid and Public Cloud solutions, IT Security compliance & Governance, advanced analysis, design, p lan n in g, reporting, deployment an d imp le menta tion.
• A Senior Enterprise IT Consultant focused heavily on Architecture, Engineering, IT Governance, Management and Advisory, with more than 20 years of global enterprise IT experience and Team leadership. I’m focused heavily on end to end Cyber Security, IT Governance, and Compliance. I carry decades of consecutive Information Security Expertise based on a functional and technical level for all IT Platforms.
• I come with a broadened and in - depth granular knowledge level focused on the understanding of cyber security policies, Governance, technologies, and all complex IT Platforms. I’m well versed and extremely knowledgeable with information systems security regulations, policies, practices, requirements and processes inclusive of Active Directory, MS Exchange, Identity Management, SIEM, Firewalls, Proxy, Reporting, Azure, AWS, IPS/IDS, PCI/DSS, HIPAA, ISO 2700xx, SOC, FISMA, ITIL and NIST.

PROFESSIONAL EXPERIENCE:

Confidential, Chicago, Illinois

Senior Consultant (Global)

Responsibilities:

• Lead of Identity Architecture & Engineering for Enterprise grade Cybersecurity engagements, focused on Azure AD Identity design, Integration, migration and implementation.
• Provide subject matter expertise and project management experience on Azure Infrastructure migration for Identity focused on Azure IAAS, PAAS, and SAAS solutions
• Zero Trust Expert (NSG’s, MS ATF, Guardicore, Illumio, Palo Alto, Cisco, Pulse Secure, VMware NSX) for On-Premise and Cloud digital Assets.
• Micro-Segmentation Lead for Endpoint Restriction and Containment via Modern SDN
• North\South & East\West Data Flow analysis for Segmentation Policies
• Phased Deployment of SDN agents for Client and Server based Endpoints.
• MicroSegmentation Use Cases development for Test case Piloting
• Endpoint, Application and Data MicroSegmentation lead.
• MicroSegmentation Labeling, Data Flow Analysis and Policy creation.
• EDR integration North\South traffic with Lateral East west traffic Monitoring and Containment.
• Enforcement Policy Creation and implementation for segmentation of Microservices.
• Senior Identity Consultant lead for GAP\OLD NAVY Divestiture
• Senior Identity Consultant lead for ECOLAB\SPINCO Divestiture
• Heavily engaged in designing, Integrating, and deploying Cloud, On-Prem Identity solutions. IDM (AD, Azure AD, IBM LDAP, SUN LDAP, OKTA, RSA, PING), DLP, IPS, IDS, MFA, Conditional access, Authentication, Web Security, Email Security, Vulnerability Security Assessments, SIEM, Encryption, Network Security and Disaster recovery for Cloud and On-Prem platforms.
• Senior Identity Consultant for Houston DC Metro Risk and Remediation RAP, for compliance and Governance requirements and measures.
• Engaged in as Identity lead for Program management design for Sentinel SIEM
• Heavily engaged in designing the workload processes and deployment plans using SCCM for all Application tiers 1, 2, and 3.

Confidential, Chicago, Illinois

Senior IT Security Architect (Advisory & Governance)

Responsibilities:

• Coordinate large-scale cybersecurity engagements focused on Azure & O365 Security
• Zero Trust Project Development for 50% of Applications on Prem and Cloud.
• MicroSegmentation implementation lead for Flat based Network remediation
• EDR Cyber readiness and Posture Assesments
• Provide subject matter expertise and project management experience on Azure Infrastructure migration for IAAS, PAAS, and SAAS elements to serve as the "point person" for Cloud engagement teams.
• Heavily engaged in designing and deploying Cloud Security realms Such as IDM, DLP, IPS, IDS, Web Security, Email Security, Security Assessments, SIEM, Encryption, Network Security and Disaster recovery for Cloud and On-Prem platforms.
• Engaged in design and deployment of various NAC’s such as Cisco ISE and Trend Net.
• Design of RSA infrastructure and Identity management platform. Authentication Manager, Secure ID
• RSA VPN integration, Terminal Services Secure ID deployment, Integration with AD.
• Heavily engaged in designing the roadmap and migrating Tier 1, 2, and 3 enterprise business applications to Azure Private and Hybrid cloud IAAS platforms.
• Develop and review reports and presentations for both technical and executive audiences.
• Assist staff by providing mentorship and coaching to grow their technical and consulting skills.
• Heavily focused on Azure Network Infrastructure connectivity model focused on Express route architecture, design and deployment.
• Heavily engaged with over 8 MSP’s in the design and deployment of a complex Azure and Cloud ISP environment.
• Planning and budgeting to motivational and promotional activities expounding the value of cybersecurity.
• Auditing and remediation of cybersecurity frameworks / standards like RMF, ISO/IEC 27001:2013, NIST CSF, NIST 800-53, etc.
• Participate in preparation and implementation of necessary cybersecurity policies, standards, procedures and guidelines, in conjunction with the Security Committee.
• Participate in the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
• Participate in cybersecurity risk assessments and controls selection activities.

Confidential, Oakbrook

Senior IT Security Architect

Responsibilities:

• Architected, Engineered and deployed new AD Security, AD Domain consolidation, AD Cleanup projects in full.
• Expert in Architecture and design of security solutions which are based on PCI, HIPPA, SOCS and ITIL
• Analysis and implementation of Active Directory Enterprise Services & hardened Authentication methods across the Enterprise Infrastructure Platform.
• RSA Secure ID and Authentication Manager device Deployment for IDM integration.
• RSA deployment with VMware integration.
• Implemented Service Now and AD Audit & Management Plus integration and SSO authentication core for application Tier security.
• Active Directory, MS Exchange, Identity Management, SIEM, Firewalls, Proxy, Reporting, Azure, AWS, IPS/IDS, PCI/DSS, HIPAA, SOC, FISMA, ITIL and NIST
• Encryption (Two Factor/SSO/Kerberos/LDAP/SSL/ADFS/LDAPS/SAML)
• Conducted an Active Directory, Exchange and Office 365 Security Risk Assessments and prepared recommendations for Countermeasures.
• Implemented remediation counter measures across enterprise Security core.
• Provisioned input for the determination and analysis of AD, Proxy Security Policies, Risk Analysis, accreditation package analysis, Engineering change proposal analysis, and developing process and procedures such as implementation guides.
• Implementing and standardizing Directory Service, Identity Management, and AD structures. Providing operational engineering and support for AD infrastructure design in the establishment of the AD Enterprise system.
• Developed and implemented a consolidated and standardized Group Policy Object (GPO) and Internet Protocol Security (IPSec) model designs in support of the multiple AD environments across the enterprise.
• Modified the Network Design Infrastructure to identify any need post production support for global Enterprise constructs.
• Reviewed and advised The IT steering committee on the alignment of project requirements with related AD applications, and enterprise designs and plans.
• Providing advanced Engineering integration support to mitigate unforeseen high Level and complex technical issues.

Confidential, Chicago

Principle IT Security Architect

Responsibilities:

• Designed, implemented and deployed new highly secured Enterprise Proxy Infrastructure solutions for Forward, Reverse and Source IP Infrastructure design.
• Analysis of current issues, risks and vulnerabilities within the current Enterprise Proxy layout Enterprise-wide.
• Design and Deployment of O365 with Azure and AWS platforms integrated with AD
• Designed Active Directory integration and Access & Authentication model for O365 deployment.
• Designed Proxy PAC’s security Files for Proxy implementations with Blue Coat and Zscaler
• Created scripts with code focused on ensuring data security and protection.
• Design of enterprise wide Active Directory Kerberos\LDAPS\2 factor authentication integration with Web proxy with O365.
• Oversaw the hands-on engineering and architecture POC of multiple Security Information and Event Management systems such as QRadar, MacAfee SIEM, and Magic Quadrant.
• SIEM product comparisons and capabilities review and testing with integrated infrastructure applications and devices.
• Documentation of performance and functional viability SIEMS.
• SIEM data gathering, analyzing and Proxy integration on network and security devices identity and access-management applications integration with SIEM vulnerability management and policy-compliance tools with SIEM
• Operating-system, database and application logs capabilities configuration and implementation.
• External threat data using SIEMs
• Designed and recommended three large scale enterprise solutions which would be viable and highly secured, for Confidential enterprise wide. Based on Forward, Reverse and Source IP solutions integrating security protocols which include SAML, ADFS, LDAP, SSO, Kerberos, SPM and WS-Security.
• Architecture and design of security solutions which are based on PCI, ITIL, SOX and HIPPA compliance standards.
• Design and implementation of Private, Public, and Hybrid cloud Security solutions for Azure, AWS and proprietary cloud based systems.
• Global Proxy Infrastructure oversight and management control. (F5, TMG, Zscaler & Blue Coat Proxy)
• Designed new Proxy architecture to replace TMG Proxy with F5 APM and SWG within the united Proxy enterprise platform and virtual infrastructure.
• Design and Deployment of Zscaler Web proxy Firewall globally over 795 Global sites.
• Designed Hybrid Zscaler Cloud Firewall solutions and deployment for Edge firewalls.
• Design of Security Policies and access controls for web access and usage.

Confidential, Chicago

Senior IT Consultant

Responsibilities:

• Design, build, maintain and support a Security Event Monitoring Platform (SIEM) using IBM Qradar.
• Integrated applications with Python designing database architecture and server scripting, studying & establishing
• Implemented Qrader SIEM as an enterprise central event and security logging platform.
• Upper Tier levels Application integration with IBM Qradar.
• Senior technical lead and ambassador for Cloud Technologies within the organization
• Development and execution of strategies which increased cloud knowledge throughout enterprise and middle market companies.
• Develop standards and Standard Operating Procedures with regard to Cloud operations.
• Technical Design/Architecture for Exchange and Lync Server and Lync Voice Deployment
• Technical Design/Architecture for Exchange Server and Unified Messaging Deployment
• Confidential Lync and Confidential Exchange Deployment, Migration and Support Services
• Technical Design/Architecture for Integrated UC Platform
• Technology Solutions Consulting and Support Services
• Server Deployment, Administration and Support Services
• Training and Technical Guidance for Engineers, Administrators and End Users
• Extremely Proficient in Micr os oft Infrastructure techn ol og ies (ISA/TMG/UAG/ADFS and /IIS/SQL/Exchange/SharePoint/Lync/SCOM/TS Gateway/Terminal Services/ERP)
• WAN (Public & Private Design, Deployment & Support) MPLS & Tunneling Solutions.
• Redundancy and Load Performance expert using Various Load Balancing Solutions integrated with TMG/UAG for Application Redundancy and performance.
• Tunneling (Public Design of Public Point to Point Network topologies) IPSEC/SSL
• Highly Secured Predictive Dialer Platform, Architect.
• Troubleshooting of complex Server OS based issues along with a wid e vari et y of Systems and Systems in frast ru cture related is s ues.
• Cloud Migration Expert (Off-Premise Migration specialist, All Platforms)
• Proficient in Protocol and Packet Analyzers (WireShark, Confidential Analyzers)
• TMG/UAG Expert Network and Systems Architect and Solutions Engineer.
• De vel op m ent and i mp le men tation of s ecuri t y, traf fic shap in g, and custom poli cies on ser v er, domain, switch in g and r ou ting environments.
• TMG/UAG/ADFS Infrastructure Lead Implementer for Global PCI project.
• TMG/ADFS/UAG Reverse Proxy and Edge Gateway Solutions Architect & Infrastructure Engineer.
• TMG/UAG Firewall Policy design for Reverse Proxy and Edge Firewall designs.
• TMG/UAG firewall design expert (MS Back Office & Cross Platform Infrastructure Base)
• TMG/UAG Encryption expert (Two Factor/SSO/Kerberos/LDAP/SSL/ADFS/LDAPS/SAML)
• TMG/UAG Firewall Policy design expert (Exchange/IIS/SharePoint/SQL/VPN/Direct Access/
• TS Gateway/Custom Protocols, AD Authentication, IPSEC Tunnels/PPTP L2PT and etc.)
• Firewall and security modeling Lead. (Focused on TMG/UAG/Cisco/Juniper solutions)
• Reverse proxy Architect using TMG\UAG\ADFS for Security Platforms.
• Lead on BPO Call center IT Operations for Systems & Network Infrastructure.
• Lead on PCI Compliance Security Architecture, Deployment, and support.
• Lead on VOIP Infrastructure design and implementation of SIP infrastructure and IPPBX integration.
• G r oup p oli cy, Power shell scrip ting, trust rela tion shi p s, and mu lti-d omain / mu lti- for est d es ig n s, Micr os oft Ac tiv e Dir ec tory, Micr osof t Ex chang e Ser ver 20 03, Exchan g e 2 00 7, Exchange 2010, TMG/UAG e xper t and migration specialist.
• Depl oy ment, con fig u rati on and ad min istrati on of Ne t work inf rastru c ture Platforms (IS A, TMG & UAG Gatew ay, Ci sco, Juniper, F5, A10, Barracuda, RSA, SSL,SSO and etc.)

Confidential

Senior Systems Architect (Active Directory-Network Architecture)

Responsibilities:

• Active Directory Infrastructure Lead, Corp wide. National and Global.
• ADFS Infrastructure Lead Implementer for Global PCI project.
• ADFS Reverse Proxy and Edge Gateway Solutions Architect & Infrastructure Engineer.
• Firewall Policy design for Reverse Proxy and Edge Firewall designs.
• Encryption (Two Factor/SSO/Kerberos/LDAP/SSL/ADFS/LDAPS/SAML)
• Proxy and Policy (Exchange/IIS/SharePoint/SQL/VPN/Direct Access Applications
• TS Gateway/Custom Protocols, AD Authentication, IPSEC Tunnels/PPTP, L2PT and etc.)
• AD Forest & Domain Consolidation Project Lead.
• Design of the new Allstate PCI infrastructure for PCI compliance firm wide.
• Lead on AD integration with Hadoop Data warehousing and data scrubbing solutions.
• Design and implementation of AD & Systems PCI complaint Infrastructure, Enterprise Wide.
• Design and implementation of AD sites and Services model for AD replication standards and in conjunction with Exchange 2003/2007/2010 Routing Model. Also implementer.
• Lead member representing AD & Security Architecture on Weekly meetings with Allstate ATO heads. CIO/VP/Director/Senior managers.
• Design of Active Directory domain consolidated infrastructure model, also implementer.
• Design of Active Directory Load balancing model for Cross Platform Designs. Windows and Non Windows Platforms. LDAP & Kerberos Authentication basis integrated with f5 Load Balancers.
• Design of Security & Authentication models for Active Directory Infrastructure.
• Main Author of Enterprise Schematic designs and Policy & Procedure Documentation for Systems.
• Design of internal Active Directory coexistence versioning Models, also implementer.
• Design and lead of Active Directory Redundancy and High Availability Model globally.
• Collaboration with over 600 teams globally on anything which Involved Active Directory
• Infrastructure and PCI compliance.

Confidential

SeniorSystems Engineer

Responsibilities:

• Exchange 2003 Analysis and Stabilization Architect, also lead and implementer of project.
• Design and implementation of TMG\UAG Solutions for reverse proxy and Edge designs focused on (IIS, SharePoint, Exchange, SQL, Lync)
• Design and implementation of Exchange 2003/2010 Coexistence model.
• Design and implementation of Exchange 2010 Routing Model, and implementer.
• Design of Exchange 2003/2010 Internal and external Security model, in coexistence as well.
• Design of Exchange 2010 Network and Systems infrastructure model, also implementer
• Design of Exchange 2003/2010 Load balancing model.
• Design of internal Exchange 2003/2010 coexistence Routing Model, also implementer.
• Design of Exchange 2010 Redundancy and High Availability Model.
• Extremely Proficient with IIS 5/6/7/7.5 solutions and management.
• Cloud migration architect for 3 year Plan towards off-Premise development
• VMware Virtual Center specialist (Virtualized/Physical Exchange 2010/SQL/WEB environment)
• Design of off-premise VMware 4.1 ESXi DR environment of 175 servers used for DR scenarios
• Design of Exchange 2010 DAG design model housed on (EMC V-MAX and VNX SAN Infrastructure)
• Design of DAG resiliency and failover integration model. (Load balancing and failover model)
• Exchange 2010 DAG Replication model and implementer (dedicated MPLS, OC3 pipes for MAPI Exchange network and MAPI services)
• Design of Exchange 2003/2010 Services and functions design model and implementer. (GAL, OAB, Public Folders, ECP.OWA, EWS, Outlook Anywhere, Active Sync and Windows Mobile)
• SharePoint Integration and mail data migration
• Successful Migration into 2010 and successfully migration of 6,000 users from 2003 to 2010.
• Exchange 2010 Archiving Design model and implementer
• Active Directory Risk and health assessment lead and implementer.
• Active Directory Assessment changes implementer.
• TMG ISA 2006/2010 Expert (Firewall Design, Policy creation, routing, Protocol and etc.)
• Full Confidential back office specialist (Windows Server OS, Exchange, IIS, SQL, TMG, SCOM, and DPM)
• Exchange 2010 Training for Exchange administrators.
• Full Documentation of all design and deployment plans.