SUMMARY:

More than twenty (23+) years as Lead Architect ( Confidential Certified) Architecting robust Identity, Access and Security Area especially in: Enterprise IAM, DW, Integration, e - strategy/ process mgmt/ audit/ forensic/ owasp esapi/ grc modules/ compliance on premise, private cloud & agnostic vendor neutral hybrid cloud are just a few examples. Strong technical writing skills, strong communications skills, analyze complex problems, collect data, establish facts and draw valid conclusions: Ability to prepare concise reports to Senior Management.

Strong ‘hands on’ technical skill: Identity Governance ( Confidential ISIM 4.5.1,5.1,6,7 Virtual Appliance, Confidential PIM, IGI, Sailpoint IIQ 7.3, Saviynt AccessHub Cloud 5.2, ForgeRock OpenID, Confidential IGI, Azure IAM, MIM, Azure Graph API, Google Cloud IAM, AWS IAM, AWS Cognito(Oauth2 & OIDC provider), Pivotal CF/CF Release UAA, AWS Savyint Security Mgr, SCIM2) Access Mgmt, PAM & PIM (ISAM / WebSEAL 5,6,7,8 Virtual Appliance, PIM, KDC Kerberos, HashiCorp Vault, CyberArk PAM, CyberArk Conjur, Summon API, AWS Secrets Manager, Azure KeyVault, GCP Cloud KMS, Azure ADFS, CloudFoundry UAA, OKTA, ForgeRock OpenAM, CA Siteminder, TAMOS,TAMESSO, Oracle ESSO, TFIM), Cloud EDW, DI & BI (Saviynt AccessHub Identity & Security Warehouse, Sailpoint Identity Cubes, Azure Arc, SDI/TDI, DirSync, AADSync, GCP BigQuery, ETL transform Apache Spark, GCP Data Transfer Services, Cloud Pub/Sub, DataProc, Apache Beam, Apatar, Talend OpenStudio, Nifi, CloverETL, Tibco Jaspersoft ETL, KETL, Kerberized LDAP, Kerberized AD, Hadoop over KDC Kerberos, Cognos Powerplay /Impromptu /ReportNet, Ascential Data/ Quality Stage(InfoSphere), Business Object Data Quality/Data Integration (SAP BODL/BOBJ), Azure Synapse(SQLDW MPP), DataLake, DataExplorer, DataFactory, DataBricks (Spark), AWS Redshift/Aqua, Kinesis, Elastic MapReduce, realtime logs stream and reporting using Splunk, Apache Flink, Kafka, Prometheus Monitoring, OpenTracing, TensorFlow, Google sheet, Google DataStudio, ELK stack ElasticSearch, Logstash/Flume, Kibana)

TECHNICAL SKILLS:

• Java/J2EE/ JSP/JSF/Servlet/ JNDI/JMS/ JMX/RMI - JRMP/ RMI-IIOP/ CORBA/IDL/IIOP/ JNDI/RMIRegistry/JCA/ORB CosNaming/JTA /JPA /OAUTH2 /SAML/SOAP/ WSDL/XSD/ XSLT/EJB/MDB / SessionBean / JDBC, JavaScript /AJAX/Dojo, Log4J, JACC (Java Authorization Contract for Container: pdjrtecfg), JAAS (Java Authentication & Authorization Services), JNI,JVM, VM & Heap Tuning, JIT, AOT, Java Class Loader, ASP/ASP.Net/Net-framework/VBScript/VBA/VB.Net/WebPart, ColdFusion, XML/DTD, HTML/ DHTML/ XHTML/ XSLT, CSS, UDDI, WSRR(WebSphere Service Registry and Repository), Oracle PLSQL, SQL/Stored Procedure, XPATH /XML-DOM /JavaScript /AJAX /JSTL /JQuery /JSON /DOJO /ILog JVIEW, angularJS2, NodeJS, Lotus Widget Json, SAML2.0, OAuth2, REST-Based API, Web 2.0, Web Service Security Framework, Identity Federation using WS-Federation SAML/ active requestor profile (SOAP enable apps) /passive requestor profile (Browser) pdjrtecfg, svrsslcfg /bassslcfg /mgrsslcfg, LTPA, TAI & TAI++,UNIX vim, fork, truss, cc/gcc, reverse engineering technique(gdb,ddd, hexdump, dbx-unix level debugger, readelf, ndisasm), jar, javac, java, equinox OSGi(dynamic component modules), jprobe 9.6, VisualVM, jprofiler, ar for unix lib, lsof, awk, sed, Ms Visual Studio .Net, Eclipse, Atom, Vi, vim, RAD 6/7.5, Notepad++, Textpad, Ms VS code Remote Dev extension pack, Apache Directory Studio, Softerra LDAP admin, LDAP Admin, Adobe Dreamweaver, Ms FrontPage, ColdFusion Studio, CA Erwin 3.5/4.1, Tools for Oracle Application Developer (TOAD), SQLPlus, Oracle Designer, Oracle Fusion Middleware, Ms Visual Sourcesafe for version control, SCM, SVN, CVS, Mercurial, ACAD AutoLISP/.Net API layer, SourceForge Firebug, IEHTTPHeader, WebSEAL Trace, Fiddler, Firefox DOM Inspector, Confidential Confidential ADT, Management Console for Java, Confidential GCE, HPUX, UNIX, AIX, Solaris, UNIX Shell scripts (Ksh, Bash, sed, awk), Trello, JIRA, GitHub,Slack

• Security & Encryption
• Symmetric(AES, DES, 3DES, Blowfish), Asymmetric(RSA, Dillfie Hellman, DSA), Tokenization using Vault, MD4/MD5 Hashing,KDC Kerberos enabled LDAP Secure on Linux Distro or Ms, Kerberos Enabled Access Manager, TDE Transparent Data Encryption for Data at rest using EFS, BitLocker, Linux DM - Crypt, SafeNet ProtectV, TrueCrypt for AWS EBS (Elastic Block Storage), MySQL Cryptographic, Oracle TDE, Ms T-SQL Data Encryption, ISAMESSO 6(Passlogix)/8(encentuate), Provisioning Adapter(For ITIM-Passlogix), Provisioning Bridge(For ITIM-Encentuate), ISAMESSO Provisioning Agent(For Ms AD-Encentuate), Netegrity/CA Siteminder, Novell IDM, HashiCorp Vault, CyberArk EPV Api, CyberArk Vault, CyberArk Conjure/Summon, Confidential PIM SharedID Vault, ISAMESSO credentials vault, Lotus Notes/Domino ID-Vault,, AWS Secrets Manager, Tivoli Website Analyzer, RSA Securid/CA Keon/Access Manager / Clear Trust/ Remote Access Service, Confidential Ikeyman/ GSKit, VeriSign(Currently Symantec) Managed PKI Services, Issuing CA for: Auto enrollment, General Purposes and Multifactor, HTTP/2, TLS, TLSver2 & SSL, Java Decompiler/.Net IL DASM(ms IL disassembler, Spy++, Winspector, Autoruns.exe, ProcessExplorer.exe, Ole/COM object viewer, UISpy, Unlocker, WinDbg for C/C++, masm32 sdk ver11(ms assembler utility), Unix truss, AIX dbx, iostat, lsattr, netstat, nmon, sar, evmon, tprof, topas, trace, vmstat, lsconf, Cisco Pix FW/Intrusion Detection, Ms FXcop, Ms ISA Svr, Confidential RXA on Unix/Linux and Win, Cisco Radius, Cisco DUO 2FA, ISPIM 2.1.0, IGI 5.2
• SIEM, CASB, GRC, PKI
• RSA Archer GRC, Symantec CloudSOC, McAfee CASB, Ms Cloud App Security, Netskope CASB, AWS Secrets Manager, AWS KMS, Cloud Trail, Conjur, Summon, Prometheus, SAML 2.0 for TFIM, SCIM, CDSSO, Azure ADFS, Oauth2, OpenID, AuthN, AuthZ, AWS GuardDuty, GCP CloudArmor, Confidential DataPower, SIEM Qradar, Confidential Resilient SOAR(Security Orchestrate Automate Response) for SAAS, Kibana for Azure logs realtime monitoring, Qualys cloud vulnerability scan, Site Protector, Splunk, Confidential Tivoli Endpoint Manager, Azure Enterprise Mobility and Security Suite(EM+S), Coverity, AppSpider, Seeker, AquaSec, TDE for data on rest, Owasp top 10, CWE/CVE 25, Ms Endpoint Manager)

PROFESSIONAL EXPERIENCE:

Confidential Security Architect for AccessHub & GIAMA IAM, Global Infrastructure, Confidential

Confidential Enterprise Security Architect and IAM Automation

As Confidential hourly contractor for Confidential Confidential Services, Boulder CO (stimur@us. Confidential .com) managing and architecting hybrid Identity and advanced IAM Governance & Security, using Confidential AccessHub (Governance, Integration, Intelligent, pipeline), REST API to connect to legacy, Cloud AH API using OAUTH2 (Entitlements API, accounts API, endpoints API and Provisioning tasks API, Sailpoint OAUTH, REST, cisco DUO 2FA (2 Factor authentication), Okta IDaas MFA, Azure IDaas, Confidential PIM, Confidential Identity Governor and Intelligent, ISAM 8 and GIAMA IAM (ISIM/Sailpoint). Provide best practice recommendations for Identity Governance (IGA), Multi Cloud/ on-prem/ ci/cd pipeline/ Edge IOT, secure connector cloud gateways integration, ABAC (attribute based Access Control) and SAAS security. Architecting Hybrid Agnostic Cloud/ AWS/ Azure/ GCP infrastructures stack using best practice micro services/ cloud framework/ CASB/ SD-WAN/ ARC/ SIEM/ GRC/ SAAS 12 Factors Apps Methodology that are easily implemented by the entire organization with cloud security best of breed technology, governance, risk and compliance

Accomplishment: Integrating Confidential Complex, IOT, Edge, hybrid multi cloud and on premise architecture, mission critical High Available DRC with diverse IAM infrastructures (on prem and cloud-based) for Confidential North America, Confidential EU (EMEA), Confidential South America, Confidential Middle East, Confidential Asia Division into one single High available instances of AccessHub cloud with REST integration efficiency, secondary Controls enforcement (Privilege Authorization Review PAR, CBN, QEV, Privilege Revalidation, OOP etc) and compliant to Government regulations especially EU GDPR, ITAR, ITCS104, ITSSPCI, US Dept of Commerce NIST 800-53Rev5 Privacy/NIST 800-37Rev2 Risk Management Framework, and US SOX/ SOC2/ HIPAA/ FFIEC/ ISO/ FedRAMP/ CyberSecurity/ PCI/ GRC governance using Sailpoint/ IGI/ PIM/ /Public Cloud IAM/ Saviynt AccessHub Risk-based access recertification, ABAC-based, AI-based IAM Identity Warehouse/ Identity cubes (Cloud-based IAM DW, DataFactory, ETL/ELT, Cloud DataStream and BI)

Confidential Confidential Recon Manager Lead - Stability Team, Confidential

Responsible as Confidential ISIM Reconciliation Manager Lead, handling all Recon and Sailpoint aggregate cases for diverse Endpoint: POSIX Adapters (AIX, SUSE and Redhat Linux), Win Local Adapter, Windows AD Adapter, HMC Adapter virtual appliance ( Confidential System i, Confidential System p, Confidential System z, and Confidential Power System), Saviynt Connect 2.0 and VIOS Adapter (LPAR). Responsible for all connectors/adapter (agent-less or agent based connectors) and IIQServices Gateway, Connector Gateway or Cloud Gateway Responsible for ticketing/ incidents escalation (from TSRM/SCCD/Cloud ServiceNOW to CIRATS), Risk Management, Audit and Compliance specific for IGA Confidential Reconciliation, Resources failed and Unavailable services (QEV, Priv Reval, OOP, PAR) Responsible for Confidential Privilege Identity Manager 2.1.0 config PIM ESSO modules, self services, Cognos, Confidential ESB, Confidential API connect, DataPower, Splunk logs,Kibana reporting, virtual appliance dashboard, Cloud AccessHub (AWS Saviynt Cloud Identity Governance) . Responsible for Confidential IGI 5.2.0 config especially self services, Cognos DW, Sailpoint Identity cubes, logs, virtual appliance dashboard, weekly missing recon, weekly Aged Pending Priv Reval, Weekly Aged Pending OOP, weekly failed recon etc Responsible for Confidential RXA(remote execution and access), IQServices Gateway, Connector gateway, Cloud gateway, tdi connector, rmi adapters, Cisco Cloud duo MFA, Confidential Datapower, SIEM(Sentinel, Qradar), Confidential Api Connect, Confidential MQ, Kafka, Kibana, CASB, Redhat Openshift, CF, db2/ldap cluster design, troubleshoot, monitor, optimize, tune ISAM/ISIM & java/Unix processes for almost 1 million users(+/- 5000-6000+ MES). Comply with PWC SOX 404 audit and Confidential Management Testing (KCFR=Key Control over financial reporting, FFIEC, PCI), EU GDPR using RSA Archer GRC in 6 major areas: Employee Verification, Privilege Authorization/Privilege Revalidation, Attestation, Security Patch, Risk/Compliance and Change Management. This is part of Confidential ITCS104 audit, procedures, IGA enabled SOX/SPI compliant managed separately by PWC

Confidential - Datawarehouse Team, Security & Risk Mgmt Division

Extend ISIM/ Confidential LDAP/RDBMS into IAM Datawarehouse capability using Cognos, Azure SQL Datawarehouse, AWS Redshift, Apache Kafka, Apatar, Talend OpenStudio, Nifi, CloverETL, Tibco Jaspersoft ETL, KETL, Sailpoint IdentityWarehouse/Cubes, Saviynt Identity & Security Warehouse, InfoSphere DataArchitect /DataStage /QualityStage /Optim /DataStudio / Toad SQL Modeler /Erwin /TDI /Ms SQL SSIS /Unix ETL Shell Script for Internal Confidential /ITCS-related/Military/Government/ITAR (Intl Trade of Arm Regulation)-related audit capability, drill down and drill through using Sailpoint IIQ compliance Manager, IIQ Governance Platform, IIQ Lifecycle Management, IIQ user Provisioning. Assist in Kimball/inMon methodology, Sailpoint IIQ Identity cubes Dimensional modeling (star schema, snowflake schema, constellation schema, reverse star schema) and Sailpoint Identity IQ cubes/OLAP design export via ETL (TDI /InfoSphere /Custom) into Datawarehouse/OLAP capable reporting (TCR, Excel Pivot table, SRPM6.0), Audit capable (SOX, HIPAA, Confidential ITCS104/114/300 Audit standard etc) and Cloud based IAM DW/BI modules (Attestation, SOD, Recertification, PR, PAR, QEV for Elevated Account/Admin Account/ root/ Superusers/ superadmins). The overall DW system is divided into mainly 6 sub-layers: Operational Layer (RDBMS, ERP, SCM, Sales, Flat File/ Mainframe/ IOT data stream, XML/Json-based repository, NOSQL, Web Services, REST API), Cloud ETL layer (TDI, Data/QualityStage, Sailpoint Identity Cubes, Kafka, Apatar, KETL, Tibco jaspersoft ETL,Spark), Integration Layer (ODS, Staging Area, Data Virtualization,Spark,Databricks,DataProc), Datawarehouse main (Data Vault), Data Marts and Strategic Marts layer (Exploration, Projection and Mining) and End User Layer (OLAP Analysis, Reporting, Report Mining, Digital Dashboard, Data Mining, Azure Enterprise Mobility and Security Suite(EM+S), Confidential Datapower, SIEM(Sentinel, Qradar), Confidential Api Connect, Confidential MQ, Kafka, Kibana, CASB, Redhat Openshift, Docker, Kubernetes, CF, direct connector is using IIQ OOTB connector to Sailpoint Endpoints, rest/OAUTH jwt API for Sailpoint IdentityNow/Identity Analytics Report or Tunnelling/bastion host for Cloud based endpoints and gateways. Main OS: CentOS/RHEL on Azure. Amazon Linux on AWS. RHEL on prem and private Cloud.

Confidential, Ohio, USA

Enterprise Security Architect

As Confidential ’s Senior Security Architect focusing on Identity, Access and Security automation, Provides direction, leadership, and coaching to resources assigned to Enterprise Identity, Access, Automation, Secondary Control, Governance compliance, Risk/Audit management for Identity Manager Suites: Confidential ISIM, MIMver4.3,Sailpoint IIQ 6.4, ForgeRock OpenIdM, Access Manager Suites: ISAM (WebSEAL), CA Siteminder, ForgeRock OpenAM, OKTA, PIM Confidential PIM, CyberArk Identity Governance suites: Sailpoint, Confidential IGI Cloud & containerization: Mulesoft Microservices, Kubernetes, Docker, ForgeRock identity gateway, Confidential Api gateway, OAUTH, OpenICF 1.5, Azure Graph, Azure AD DS, Azure ADFS, NetApp HCI(Hybrid Cloud) and REST api.