- Creating and Driving Security for the Enterprise
- Dynamic career reflecting pioneering experience and record - breaking achievements developing software and security solutions for the enterprise.
- Enterprise security expertise in Ethical Hacking, Data Security, Federation, Identity and Access Management, Authentication, Authorization, and Payment Processing
- Accomplished security architect and developer creating enterprise security applications with Java, C#, ASP.NET, SOA, SQL Server, Active Directory, LDAP, Oracle, and DB2
- Expert in encryption architectures for data protection requiring end-to-end data security, tamper protection, and forensic auditing of transactions
- Seasoned cyber expertise in internal and external application security analysis with targeted penetration and red team testing attacks to uncover and mitigate application vulnerabilities
- Created numerous products and services for Identity and Access Management, transactional engines, e-commerce, eBusiness portals, online marketplaces, virtual storefronts, and credit card processing
- Advanced database designer with numerous patent technologies created for transactional engines on SQL Server and Oracle platforms on distributed architectures
- Currently pursuing contract opportunities where my extensive knowledge and experience in cyber security can be harnessed to create and drive secure software solutions for the enterprise.
Cyber Security: Identity and Access Management (IAM), Authentication, Authorization, Intrusion Detection, Penetration Testing, Red Team Testing, Vulnerability Assessment, White Hat Ethical Hacking, Reverse Engineering, Cryptography, Black Box (SoD) Development, Data Security, Forensic Analysis, Cloud Identity, Federated Identity, Single Sign-On (SSO), Provisioning, Account Self Service, Workflow Automation, Delegated Administration, Access Control (RBAC/ABAC), NIST, TOGAF
Payment Processing: Electronic Banking, eBusiness Portals, Federal Reserve Transactions, Credit Card Processing, PCI DSS, Automated Payment Systems, Wire Transfers, ACH, Central Accounting
Enterprise Architectures: Windows, UNIX, Solaris, Linux, Red Hat, OS X, Amazon Web Services, Microsoft Azure, Software as a Service (SaaS), Multi-tenancy, Cloud Computing, Service Oriented Architecture (SOA), Web Services, Gateways, Message Queues, Clustering, Load Balancing
Enterprise Software: F5 Big IP, Ping Federation Manager, Tivoli Federated Identity Manager (TFIM), Tivoli Access Manager (TAM), Security Access Manager (ISAM), Tivoli Directory Integrator (TDI), Tivoli Identity Manager (ITIM), Tivoli Directory Server (TDS), MIIS, Microsoft Identity Lifecycle Manager (ILM), Microsoft Forefront Identity Manager (FIM), CA SiteMinder, CA IdentityMinder, IBM AppScan, Metasploit, Nessus
Industries: Law Enforcement, Federal Government, State Government, Healthcare, Banking, Financial Services, E-Commerce, B2B, B2C, Military, Staffing, Medical Devices, Telecommunications, Manufacturing, Computer Hardware, Legal, Tradeshow, Education & Training, Credit Card Processing, Utilities
Confidential, Columbia, SC
Enterprise Software Developer
- Architected, developed, and integrated numerous large scale IAM systems
- Architected and developed Confidential ™, a framework for enterprise cyber security
- Created Confidential ™ Labs, a virtual machine laboratory for cyber security development
- Focused on cyber security, secured communication, and data protection technologies and solutions
- Responsible for the development of Confidential a virtual development lab focused on cyber security, data protection, and secured application development for multiple platforms and solutions.
- Currently managing the active development of the Confidential Framework, a framework designed for enterprise security solutions.
- Developed with Windows Server 2012, Active Directory, SQL Server 2014, Visual Studio 2015, ASP.NET, MVC, WCF, C#, SOA, Java, Eclipse, Linux, OWASP/ZAP, Burp Suite, Metasploit, Nessus.
- Responsible for white-hat security efforts concerning IAM, SOA, SSO, payment processing, data security, disaster recovery, and application development.
- Developed a multi-tenant cloud SaaS credit card processing system with hardened services.
- Performed vulnerability and red team testing with threat mitigation for critical applications.
- Created an ethical hacking red team application to spawn multiple attack points and exploit cloud security weaknesses.
- Performed DAST and IAST penetration testing for the SaaS credit card processing system.
- Performed application source code review, reverse engineering, and ethical hacking of security assemblies for application security assessments.
- Developed with Windows Server 2016, Active Directory, SQL Server, Visual Studio 2013, ASP.NET, MVC, WCF, C++, C#, Java, Eclipse, SOA, Amazon Web Services, NIST, TOGAF, F5 Big IP, OWASP/ZAP, IBM AppScan, Nessus.
- Responsible for the analysis and redesign of the ActionLogix policy server for IAM message queue processing from policy server agents deployed in a distributed server environment.
- Designed and created the policy engine, message processing, policy classes, developer API guide for a publisher/subscriber message queue model.
- Created with Visual Studio 2013, WPF, Visual Studio Online, Microsoft Azure, C++, C#, F#, ZeroMQ, NetMQ.
- Responsible for designing and implementing an IAM architecture for extending a clustered Tivoli infrastructure to accommodate federation for internal applications exposed to financial clients of a large credit card processor. Created the IAM solution architecture for federated applications and implemented TFIM in a clustered environment for SAML 2.0 federated application access. Group, ACL, and federated access controls managed with IBM WebSEAL, Security Access Manager and Tivoli Federated Identity Manager. Implemented using AIX, WebSEAL, TAM / ISAM, TFIM 6.2.2, DB2, WebSphere, Arcot Secondary Authentication.
- Responsible for designing and developing an RBAC federation control system for Cardinal Health federated applications. Created Group, ACL, and federated access controls with IBM WebSEAL, Security Access Manager and Tivoli Federated Identity Manager. Created user provisioning assembly line with TDI 7.1.1. Developed with Windows 2008 R2, WebSEAL, TAM / ISAM, TFIM 6.2.2, TDI 7.1.1, DB2, Netezza/PureData, CA SiteMinder Federation Services, IBM AppScan, Netsparker.
- Responsible for designing and developing a Phase II universal web services based transactional architecture for Fedex.com SOA services. Custom authentication is integrated with CA SiteMinder and universal web services are integrated with CA IdentityMinder. Developed the SOAP/JSON Gateway architectures for IdentityMinder and WebLogic transactions with secured web services. Developed with RHEL 5, Oracle 11g, CA IdentityMinder 12.5, CA SiteMinder 12.0, TEWS, BLTH, WebLogic, JSON, Java, Eclipse, SoapUI.
- Responsible for implementing a federation initiative for Google Apps for Government with the Air Force Research Laboratory. Also responsible for security documentation and delivery for specialized task orders. Responsible for the upgrade, documentation, deployment, and testing of Tivoli Directory Integrator assembly line projects into a new high availability environment with a multi-heartbeat configuration. Developed with RHEL Linux, WebSphere, Tivoli Federated Identity Manager, Tivoli Directory Integrator, Tivoli Access Manager, Tivoli Identity Manager, Oracle 11g, Eclipse.
- Responsible for designing and developing a secured authentication and federation service for communication of sensitive user data to federated partner sites for employee benefits management. Web services integration developed for CA SiteMinder custom authentication. Java based SSO router developed for non-standard federation clients. Custom federation created for partner sites with Tivoli Federated Identity Manager. Developed with SUSE Linux, WebSphere, CA SiteMinder 6.0, TFIM 6.2.1, Java, Eclipse, OWASP/ZAP, IBM AppScan, Netsparker.
- Responsible for designing and developing a web services based transactional architecture for Fedex.com to integrate with the CA IAM platform. Custom authentication is integrated with CA SiteMinder and web services are integrated with CA IdentityMinder and feature custom user authentication and identification, transacting against an Oracle virtual directory. Developed BLTH and LAH transactional router architectures for IdentityMinder transactions with secured web services. Developed with RHEL 5, Oracle 11g, CA IdentityMinder 12.5, CA SiteMinder 12.0, TEWS, BLTH, LAH, JMS, Java, Eclipse, SoapUI, Apache Struts.
- Responsible for designing and developing a cloud based service architecture for internal administrative staff to manage Office 365 users and group workflow approval.
- Created an enterprise cloud framework, secured Web Services, and SOA architecture for executing secured PowerShell commands to Office 365 services with password reset handled by ADFS.
- Developed with Windows 2008 R2, SQL Server 2008 R2, Visual Studio 2010, .NET Framework 4.0, PowerShell 2.0, ADFS, and Active Directory.
- Responsible for designing and developing a master SSO Authentication Gateway for Kelly Services employees that provides federated authentication and user self service.
- Created an enterprise IAM framework for federated authentication, provisioning, access control, and auditing of gateway traffic and user self service actions.
- Designed and developed the self service portal application for user account management and administrative workflow approval.
- Developed management agents for Kelly user provisioning from Active Directory to Lotus Notes and Cornerstone HR. Developed with Windows 2008 R2, SQL Server 2008 R2, Visual Studio 2010, .NET Framework 4.0, PingFederate, Microsoft FIM, and Active Directory.
- Responsible for designing, developing and integrating a Federated Trusted Broker for the Confidential ’s CJIS division.
- The Trusted Broker is a DOJ initiative to provide a mission-critical Federated Identity Broker authenticating law enforcement officers and government personnel and providing access to US Law Enforcement and National Security systems. Designed and implemented the federation system, authentication controls, and federated partner trust relationships.
- Developed a security framework for custom authentication, provisioning, access control, and auditing for all inbound and outbound requests. Developed with Red Hat Enterprise Linux, Tivoli Access Manager, Tivoli Identity Manager, Tivoli Federated Identity Manager, Tivoli Directory Integrator, Rational Application Developer, Eclipse, Tivoli Directory Server, DB2, Oracle, J2EE, JSP, IBM AppScan.
- Responsible for conducting a security audit and ethical hacking to determine the security and vulnerability exposure of the Clear Choice Member Portal in preparation for expanding their authentication and SSO capabilities to federated SSO to support authentication for multiple applications. Developed with ASP.NET, IIS 7.0, SQL Server 2005, Confidential Toolkit, Visual Studio 2008, and C#.
- Responsible for designing and developing a Metaverse architecture and provisioning engine for employee and contractor accounts for Microsoft ILM. Creation of Active Directory, Novell eDirectory, and Kronos accounts as well as group provisioning are managed provisioning engine logic, which features a distributed framework and Web activation for pending accounts. Developed with Windows Server 2003, ILM 2007, ASP.NET, IIS 7.0, SQL Server 2005, EMPATH, Kronos, Confidential Toolkit, Active Directory, eDirectory, Visual Studio 2005, and C#.
- Responsible for designing and developing Single Sign-On between Baylor Health Portal users and Sun Identity Manager for user account self-service. Developed a .NET client for the Sun Access Manager’s Authentication Web Service for generating SSO credentials for the Portal user. Responsible for the installation, configuration, and integration of Sun Access Manager to Sun Identity Manager and Active Directory. Developed with Windows Server 2003, Red Hat Linux ES 4.0, Sun Access Manager 7.1, Sun Identity Manager 7.1, Sun Directory Server 5.2, ASP.NET, IIS 6.0, SQL Server 2005, Confidential, Active Directory, Visual Studio 2005, and C#.
- Responsible for designing and developing a secured Web Services architecture and for EDMC’s university brands and student self provisioning efforts. Creation of CampusVue Portal and Active Directory accounts are provisioned with the secured Web Services and synchronized between Active Directory and the Portal information system with MIIS. Single Sign-On authentication is provided by the secured Web Services between the Portal and student self service web application. Developed with Windows Server 2003, MIIS, Windows Forms, ASP.NET, IIS 6.0, SQL Server 2005, Confidential, Active Directory, CampusVue, Visual Studio, and C#.
- Responsible for designing an MIIS Metaverse architecture and technical specification for all of EDMC’s university brands and student self provisioning efforts. Creation of Active Directory accounts as well as Outblaze student email and MS Live student email accounts are provisioned with MIIS. User network space and real-time password synchronization is managed from the Metaverse by a provisioning engine and PCNS, which features a distributed framework and Web provisioning components for self provisioned accounts. Developed with Windows Server 2003, MIIS, Windows Forms, ASP.NET, IIS 6.0, SQL Server 2000, CampusVue, HP-UX, Confidential, Active Directory, Outblaze, MS Live, Visual Studio 2005, and C#.
- Responsible for designing and developing an MIIS Metaverse architecture and provisioning engine for EDMC’s faculty and student information systems. Creation of Exchange accounts, contacts and email distribution lists are managed from the provisioning engine and web activation for newly created accounts. Developed with Windows Server 2003, MIIS, Windows Forms, ASP.NET, IIS 6.0, SQL Server 2000, Lawson, HP-UX, Confidential, Active Directory, Exchange, Visual Studio .NET, and C#.
- Responsible for developing an MIIS Metaverse architecture and provisioning system for multiple domains under a managed Active Directory forest. The collapse will consolidate security accounts and features a provisioning engine for advanced user provisioning tasks. The IdM registration application features a custom MIIS rules engine for advanced user provisioning tasks. Developed a complete end to end framework for auditing, registration, and user provisioning for use in integrating with their internal registration application.
- Developed with Windows Server 2003, MIIS, SQL Server 2000, Active Directory, Confidential, Visual Studio .NET, and C#.
- Responsible for designing and developing a Global ID MIIS Metaverse architecture and provisioning system for CEI employee and contractor provisioning efforts. The provisioning system creates all Global ID Active Directory accounts and synchronizes them with PeopleSoft HR, Plumtree Portal, and nine corporate CEI divisional domains for all CEI subsidiaries, as well as provisions HR and Salary Administration groups and members.
- Developed with Windows Server 2003, MIIS, SQL Server 2000, Confidential, Oracle 9, Active Directory, Exchange, Visual Studio .NET, and C#.
- Responsible for developing and integrating an IdM Analyzer for creating user provisioning and data consistency checks against PeopleSoft and Active Directory. The IdM Analyzer was automated to include specialized reports that determined the success of provisioning operations after deployments and system upgrades.
- Developed with Windows Forms, Windows Server 2003, SQL Server 2000, Confidential, Oracle 9, Active Directory, Exchange, Visual Studio .NET, and C#.
- Responsible for developing and integrating an SSO system for Intranet and secured VPN Extranet between Plumtree Portal, PeopleSoft, Oracle, SQL Server, and Active Directory sources integrated with MIIS management capabilities using custom management agents. The SSO Portal manages all employees as well as HR eBenefits for approximately 175,000 employees. Developed with Windows Server 2003, MIIS, IIS 6.0, SQL Server 2000, Neoteris 4.1, Plumtree Portal 5.02, PeopleSoft 8.19, Apache 2.0.51, WebLogic 5.1, Oracle 9, OpenNetwork UIdP 5.1.1, Active Directory 2003, Exchange 2003, Visual Studio .NET, and C#.
- Responsible for developing java based adapter tasks and adapter task rules for Oracle Xellerate provisioning between Oracle HR, Active Directory, and Exchange all Chick-fil-A users and locations. Integrated password synchronization logic between all systems and unique IdM user ID checks into Xellerate from the Java IdM APIs. Developed with Xellerate, Active Directory, Java, JBoss, Oracle 9i, and Eclipse.
- Responsible for developing a bidirectional provisioning system for Active Directory and Lotus Domino directories using the Confidential provisioning engine architecture for MIIS. Developed a provisioning switch for flipping the authoritative source after Quest migration was completed from Domino to Active Directory. Developed with Windows Server 2003, MIIS, Active Directory, Lotus Domino, Quest, Confidential, Visual Studio .NET, and C#.
- Provided analysis of a medical scheduling application written in C++ for the determination of feasibility of application support and rebuttal of expert witness claims for an inter- corporate litigation case. Reviewed software development methodologies and contract documents to evaluate deliverables. Converted to Visual C++ .NET to determine migration capabilities and support of the application in the .NET environment. Produced affidavit for client concerning supportability of software, migration to .NET, and expert witness claims rebuttal.