SUMMARY:

• I have over 15 years focused on the Architecture of Identity & Access Governance and Security Technologies and with a total of 18 years in IT. Extensive experience in leading the enhancement of IAM technologies (LDAP, SSO, Provisioning) for large global environments.
• Designed on - premises and cloud IDM (AWS/Azure) solutions: AWS/Azure/Openstack).
• Used vendor stacks: Sailpoint, Microsoft (MIM/FIM), Oracle IDM, NetIQ, Okta, Ping, and CA (Siteminder, IdentityMinder). I’ve lead highly technical architects, team leads, and SME’s while delivering details to executive stakeholders. Strong documentation skills. Bachelor of Arts with multiple industry s and .

PROFESSIONAL EXPERIENCE:

Confidential, Monterey Park, CA

IAM Architect

Responsibilities:

• Designed new high-level solution for enterprise-wide IAM infrastructure upgrade comprised of: Azure AD, AD, F5, CyberArk (PAM), SailPoint (provisioning, deprovisioning, IAG), SAAS/local/mainframe apps, CIAM (Customer IAM), and Workday (along with other sources of identities.)
• Identified Roles Management gap. Reconciled existing roles-permissions models with NIST standards. Started top-down and bottom-up roles discovery (CA ICM/IGM) initiatives, coaching 2 SMEs and 3 Business Analysts on how to approach and complete this project.
• CIAM solution - evaluated vendors, wrote SOWs, started POCs. Robust solution to scale to 4million.
• Screened, interviewed, and will be coaching full-time IAM Architect.
• Created detailed architecture documents to Enterprise Architecture review board for the above solution, roles management, and CIAM design.
• Engaged stakeholders, C-level management, employees, contractors, and customs.
• Defended design and implementation considerations.

Confidential, Milpitas, CA

Identity Management Consultant

Responsibilities:

• Architecture lead for IAM/ GRC solution for Oracle Cloud ERP. Performed discovery of current infrastructure and worked with vendors through software selection (IBM, Sailpoint, and Saviynt), SOWs, and final purchase of software solution (Saviynt Cloud). Worked closed with delegated admins, application developers, BA’s, and various cross-functional teams on Roles Engineering, IDM workflows, use cases, and UI changes.
• Provided C-level stakeholders a new IDM vision and roadmaps for strategic IDM initiatives such as 1. AD consolidation. 2. Integration of Saviynt and OneLogin. 3. integration opportunities between on-premises Oracle Identity Manager (OIM) AD, Azure, AWS, Openstack, MIM/FIM.

Confidential, Raleigh, NC

Identity Management Architect

Responsibilities:

• MFA (Multifactor Authentication)Process improvement of (both technical and personnel-based) of current IDM (NetIQ) infrastructure
• Cost reduction of IDM infrastructure
• Identity Governance/ Standards
• Authoritative source feeds hart roadmap for the future IDM infrastructure to respond to changing security and user requirements.
• (FBI’s) Criminal Justice Information Services (CJIS) Security Policy 5.32, PCI DSS, IRS 1075, and FIPS 140-2 standards. Assist in various compliance efforts as needed, including HITRUST, HIPAA, and PCI.

Confidential, Anaheim, CA

Identity Management Architect

Responsibilities:

• As IDM Architect, I inherited an unstable IDM infrastructure full of user complaints and transformed it to a stable and reliable environment. Recruited and 5 team members. Evaluated and stabilized current IDM infrastructure (OIM) via process improvement and interview gathering user requirements from major stakeholders. This included selective patching of OIM components, changing the way identities are loaded. Addressed concerns about conflicting identity provisioning.
• Established new and improved processes to onboard new applications into the IAM infrastructure.
• Ensured team members were trained on these processes: dealing with incorporating identities of new departments and affiliated organizations.
• Evaluated new NetIQ product and provided roadmap for upper management and board members for the direction of the Identity Access Management infrastructure.
• Worked with all levels of technical teams: Devops (Windows/Unix), networking Oracle (DB), VMware (vSphere), and proprietary software teams.

Confidential, Los Angeles, CA

IDM Architect

Responsibilities:

• In the role of IDM Architect, guided technical teams of various number of people from 2 to 8 at different times for various IDM projects. Ensured various team leads and operations staff maintained SLA for IDM service. IDM projects included implementation and support of 1. Federation agreements with the VA and US Air force, 2. CD SSO (Cross Domain Single Sign On) with over 20 DoD/MHSS (Medical) applications and websites. 3. Evaluated new projects, wrote project charters, SOWs, budgeting, identifying and mitigating risks, and negotiated with vendor. 4. Lead team to ensure that there is a roadmap for future change and extensibility in the IAM infrastructure. User population at size of 2.8 million.
• Ensured successful of project status with the DoD. Responsible for successfully leading team through the DoD comprehensive security audit of security service. This is a required security audit that affects each DoD application/ service in order for that application/ service to gain "Authorization to Operate" (ATO) . Failure to gain would require that we stop operations immediately.
• This includes understanding and interpreting detailed U.S. Military security requirements on both general and specific/technical levels. Then responsible for providing security solutions or any mitigation that meet those DoD security requirements. Implementing and delegate to others on the team (i.e. coding/programming and Oracle-specific requirements). The DoD security requirements are comprehensive, covering all aspects of our security service: application/ web servers, LDAP and relational (Oracle) database servers, web services, code-review, physical security, backup, use cases, DR, etc. Security requirements are divided into three levels of criticality

Confidential, Los Angeles, CA

IDM Architect

Responsibilities:

• As IDM Architect, I provided ongoing architectural support for the company’s IAM infrastructure, which includes Sun’s Access and Identity Manager Software for the company’s web-based, mission-critical, and revenue-producing software. Provided full cycle project management for solution (discovery, functional and security design, piloting, and implementation for replacing proprietary security software.
• The solution satisfies DoD mandated protection of certain DoD (specifically Military Health) websites with a centralized authorization/ authentication point. To illustrate, the most important use case is: a user accesses a website with a DoD issued CAC (Common Access Card; i.e. "DoD-issued Military ID") on a website protected by the centralized authorization/ authentication point supported by company. The user's CAC is validated by company's service.
• Our solution included: SUN IDM, AM, LDAP, Proxy Server, and Java components on Solaris 9 and10. There are three environments: Prod, DR, and Prodtest. Number of servers: 30.
• Responsible for leading various GOTS (Government Off-the-Shelf) additions to the above solution.
• Installation, piloting, and troubleshooting of server and client components including the SUN JES (IDM, AM, LDAP, and Proxy).
• Installation of test, staging, and production servers.
• Provided prototype connector for Oracle adapter to developers. Provided prototypes for server support personnel.
• Provided programmers with prototype bulk user loading xml files (IDM) and LDAP/ LDIF file (AM/LDAP).
• Provided initial prototyping of XPRESS interface (and rules) pages for subsequent IDM customization by main developers.
• Infrastructure included virtualization stack: IDM apps, vSphere 5.x (ESXi 5.5), HP ProLiant BL600c. Installed hypervisor software ESXi and vSphere solution.
• Evaluated Cisc UCS vs HP OneView / HP BladeSystem

Confidential, Jacksonville, FL

Project Manager

Responsibilities:

• Architectural and Project Management
• In the role of Security Architect, migrated proprietary security access to SUN’s Access and Identity Manager Software for the company’s web-based, mission-critical, and revenue-producing software.
• Provided full cycle architectural solution (discovery, design, piloting, and implementation for replacing proprietary security software.
• Solution included: SUN IDM, AM, LDAP, Proxy Server, and Java components on Solaris 9 and10, and Exchange 2007).
• In the role of Technical Project Manager, lead team of 5 fulltime and 1 part-time staff.
• Successfully revived a (year-long) non-performing project in 2 months.
• At the year-end (12/2007), our project (large $2.5 million budget) was the only successful project in the company. Decision maker in defining project phases.
• Assigned and evaluated tasks.
• Accessed performance of and hired staff.
• Interceded to remove technical and managerial roadblocks.
• Motivated team and resolved conflicts.
• Responsible for delivery of prototype and implementation strategy.
• Reported to Project Sponsor and Steering Committee members.
• Managed expectations of stakeholders, sponsors, and end users.
• Negotiated the use of interdepartmental resources.
• Clarified business requirements with parent companies.
• Hands-on installation, piloting, and troubleshooting of server and client components including the SUN JES (IDM, AM, LDAP, and Proxy).
• Installation of test, staging, and production servers.
• Provided prototype connector for Oracle adapter to developers. Provided prototypes for server support personnel.
• Provided programmers with prototype bulk user loading xml files (IDM) and LDAP/ LDIF file (AM/LDAP).
• Provided initial prototyping of XPRESS interface (and rules) pages for subsequent IDM customization by main developers.
• Architectural
• Ensured scalability and high availability of website: synclive.com.
• Solution included: software load balancer (balanced), load balanced Apache servers with vertical scaling, Tomcat 5 with session affinity (to be migrated to shared sessions), MySQL replication and backup/restore strategies, Hyperic monitoring, Flex Media Server redundancy.
• Single sign-on for applications - external and internal users, including Unix/ Linux pam-ldap synchronized with Active Directory 2003r2 via a perl script.
• Hands-on installation, piloting, troubleshooting, and maintaining of server and client components including the CentOS (Redhat) 4.4, 4.5, 5.1.
• Installation and configuration of QA and production servers: Apache 2.x, mod jk, MySQL 4 and 5, Jboss 4, Eclipse IDE, and Tomcat 5.5, OpenLDAP/ Active Directory synchronization.
• Responsible for testing new infrastructure components such as RedHat LVS (linux virtual server) and Jboss 4 clustering, implementing DNS, and XEN Server.
• Provided migration plan from Java to .NET platform.
• Virtualization environment included ESX and VMware Infrastructure 3.

Confidential, New York, NY

Directory Services Consultant

Responsibilities:

• Provided full cycle architectural solution (discovery, design, piloting, and implementation) for UNIX authentication/ authorization against Active Directory 2003 R2.
• Used Kerberos and LDAP clients provided by Quest’s Vintela Authentication Services (VAS) software.
• Evaluated business requirements for the administration of UNIX machines (Solaris 2.8, 2.9, 2.10, and Redhat) across various functional units.
• Defined new AD domain’s OU structure and GPOs according to business needs and legacy automation Korn shell scripts.
• Modified perl scripts to specify Exchange 2003 mailboxes.
• Hands-on installation, piloting, and performance testing of server and client components including VAS Active Directory snapins and GPO templates. pam/nss LDAP modules (pam vas, nss vas).
• Established troubleshooting procedures for level 3 administrators consisting of Vintela gui / command line queries to both the local SQLite database and AD.
• Wrote PERL script to automate the migration GPOs from one domain to another, which includes obtaining GUIDs for GPO displaynames, modifying the gpLink attribute of OU’s to which a particular GPO is linked, saving the data to files, and then uploading to a new domain.
• Wrote documentation for both architectural and hands-on procedures for knowledge transfer.