PROFESSIONAL SUMMARY:

• Innovative IT leader with deep expertise in a breadth of IT disciplines across software, security, and infrastructure with an entrepreneurial mindset. I constantly look for new ways to apply technology to enable new capabilities to drive growth and improve security and efficiency. One of my key skills is thinking outside the box and looking for new ways to improve Confidential the status quo.
• Skilled Confidential bridging the gap between business and technology with a strong capacity to lead large cross - functional teams. Over 24 years of experience designing and implementing technical solutions for Fortune 100 clients and 20 years managing complex project teams. Able to engage cross-departmental teams to define a vision and overall strategy and then deliver a cutting-edge well architected solution. Wide scoping technology background with specialties in the design and implementation of software development, cloud infrastructure, access management, anti-fraud solutions, web application development, identity management, and security architecture. Can easily switch between business and technology domains and excels Confidential coordinating cross-functional teams.
• I have deep technical expertise, especially in the area of security. I understand how security works Confidential the root level and thus I can spot improper implementations and potential attack vectors which need to be addressed.
• Functional Expertise: Software and Infrastructure Security, Cyber Security, Leadership, Cloud Architecture, Identity and Access Management, Security Architecture, DevOps, SDLC Streamlining, Multifactor Authentication, Mobile and Web Channel Security.
• As a leader in the Platform Engineering team, I worked in the Application Security and DevOps domains.
• I built the Application Security function from the ground up to ensure all software products and infrastructure are secure.
• Established a cross functional team of twenty-two security champions across software and infrastructure teams and leveraged them effectively to drive the security roadmap. This also involved collaboration with business stakeholders on budgeting and prioritization of the security roadmap.
• The Application Security function drives standards and processes throughout the 900 person R&D organization.
• Created an 18-point security roadmap based on OWASP, NIST Cybersecurity Framework, CIS benchmarks, and AWS Security Pillar to establish modern security capabilities.
• Collaborated with AWS security team when migrating our products to the cloud to ensure comprehensive coverage of security aspects and meet AWS architecture best practices.
• Created playbooks for automated and manual validation of software and infrastructure security.
• Worked with 25 product teams to remediate security vulnerabilities across the R&D portfolio of products.
• Performed extensive penetration testing on all software products and worked with teams to address security issues.
• Created a comprehensive security program for developers to train over 600 people.
• Defined security standards for web and API security.
• Reviewed product team’s security implementations in detail. I uncovered multiple technical mistakes in various products such as a SAML login implementation which due to improper configuration allowed any attacker to authenticate with spoofed credentials due to a lack of proper digital signature verification.
• Created the Product Architecture Review Committee to perform architecture reviews of all product teams releases to review their infrastructure meets security guidelines and overall architecture best practices.
• Worked with DevOps team to establish high maturity and consistent workload architectures for common services.
• Created the DevSecOps toolchain for automated security testing which consists of multiple tools and accommodates a variety of technologies.
• Integrated security tooling into all data center and cloud infrastructure automation.
• Automated CI/CD build pipelines provide security issue feedback quickly and enforce governance of security policy through automation.
• Deployed a centralize logging service for all product teams in the AWS cloud using big data technologies to reduce the cost of logging by 97% vs. the traditional database logging used by teams, saving millions of dollars in the cost of long-term regulatory audit logging.
• Worked with product teams to re-architect their cloud infrastructures to improve overall maturity, reduce cost, and reduce complexity while improving scalability.
• Developed DevOps Capability Framework which is used for standardization of infrastructure blueprints and building pipeline capabilities. This drives reuse and standards across the many product teams.
• Implemented Quality Gates in CI/CD build pipelines to ensure quality of production deployments and significantly raise the bar on code and infrastructure configuration quality.
• Implemented Web Application Firewall for all AWS cloud web-based workloads.
• Proposed automated cost management solutions for cloud infrastructure.
• Responsible for the overall strategy, architecture, development, and operational support of the Web Login portal which served all customer-facing banking systems and was integrated with Single Sign-On to all the bank’s web products.
• The team consisted of onshore, offshore, and vendor resources and has ranged in size from 25-45 members depending on yearly demand and averaging $5MM in delivery per year with a 100% record of on time and on budget project delivery.
• I developed the “Next Gen IAM” strategy to modernize the legacy IAM platform. This entailed migration from a legacy custom code platform to a standards-based, layered security architecture. This approach is targeted to enable cost and time to market benefits of upwards of 50% when integrating new systems by reducing custom code, as well as simplifying and standardizing security development for teams across the division.
• Work with leadership from Retail, Commercial, and Wealth Management lines of business to define technology strategy needed to meet current and future business needs and propose new capabilities to product management teams.
• Work with management from all IT departments to continually improve the technology platform by proposing innovative ways to improve many aspects of the process and technology we use every day. When I see an opportunity for improvement I reach out to other leaders to brainstorm ideas and drive solutions.
• Proposed an enterprise security framework standard for java application development (yet to be fully adopted but in partial use by key commercial customer portal). The framework leverages standards such as Spring Security, OWASP, and integrates applications seamlessly with the IAM platform to allow centralized management of entitlements.
• I created an access management platform architecture proposal which provides a security abstraction framework to centralize security policy and reduce custom development and maintenance of security policies. The key benefit is abstraction of security out of application code, leading to better manageability of the platform over time, improved security, and improved time to market. This framework is a unique integration of security technologies which provides maximum benefit by substantially reducing custom code and development time.
• Integrated access management and anti-fraud platforms to provide seamless transaction level anti-fraud with no code changes required in many cases. This solution allows custom developed applications and vendor applications to leverage fine grained security with no development required in the downstream application, reducing integration cost and time to market significantly while improving maintainability of security policies over time.
• Created an authorization architectural service layer to extract business rules for fine grained security policy out of the code by leveraging a XACML security framework. This service was integrated with the IAM platform to provide codeless transaction level authorization for applications and simplified the management of complex security policy which was prone to error.
• Consolidated four disjointed SAML platforms to a single enterprise SAML solution leveraging SiteMinder Federation Services. Implemented 19 SAML integrations in 3 years to key affiliate vendors who provide commercial banking solutions. Implemented SAML solution for new enterprise intranet portal which provides seamless authentication from 4 geographic locations, East and West coast U.S., Brazil, and Argentina.
• Established a model to gain higher leverage of offshore resources by more clearly defining onshore and offshore team roles and responsibilities and SDLC practices which lead to improved efficiencies. A strict checklist for handoffs between teams reduced issues and improved efficiency. This approach was then applied throughout the eCommerce division and was a contributing factor to enable rapid department growth from $12MM to $27MM in project execution in a single year within the eCommerce group while onshore staff was increased only 25%.
• Championed and helped to charter an architecture and standards review board within the eCommerce division which is responsible for ensuring technology standards are applied consistently across teams and provides a venue for cross team collaboration and technology strategy.
• Brought key technologies to the bank such as CA LISA for test automation and test data management, JIRA for Agile program management, CA IAM Suite for the core security and provisioning platform, and Axiomatics for authorization policy management.
• Have submitted many SDLC improvement ideas to streamline and standardize the SDLC process. Working with the SDLC governance team to integrate the requirements, development, testing, and reporting into a seamless process leveraging multiple vendor tools.
• Supported multiple mergers and acquisition projects. Those projects resulted in 50% customer growth over 5 years by integrating customer data and systems.
• While Confidential Hitachi Consulting, I played a dual role of managing teams and architecting solutions for our clients. Due to my ability to understand the technology and effectively communicate with business counterparts I was a good fit as a project leader who could bridge the gap between business and technology and ensure a smooth transition from requirements planning to the delivery of the project.
• I was instrumental in building and leading teams in both technical and business domains. As a project leader I gained experience leading client meetings, architecting solutions and documenting technical design specifications, planning project phases and staffing, developing project plans, managing daily activities against that plan, and mentoring team members.

TECHNICAL SKILLS:

Technology and Tools: AWS Cloud, Azure Cloud, DevOps, CI/CD, Infrastructure as Code, Security Policy, Security Architecture, WAF, SSDLC, DevSecOps, Microfocus Fortify, Static and Dynamic Application Security Testing (SAST, DAST, IAST, RASP), Software Component Security SBOM, Tenable Nessus, Penetration Testing, SUN Identity Manager, Oracle Identity & Access Management Suite, CA SiteMinder, CA Identity Manager, CA AuthMinder, CA RiskMinder, LDAP, Active Directory, SAML, Single Sign-On. Background in Angular, Java Script, Java, HTML, CSS, jQuery, Jenkins, GIT, JIRA, Blueprint.

PROFESSIONAL EXPERIENCE:

Confidential

IAM Integration Architecture

Responsibilities:

• Managed a core team of twelve developers and coordinated efforts across multiple technology units to improve the customer experience when navigating the Toyota, Lexus, and Scion web sites. This entailed integrating the customer account information for the Financial and Consumer Portal web sites for the three distinct brands. The project included a detailed analysis of business requirements to form a consensus between the consumer and financial business units and then design a technical solution which would allow users to seamlessly navigate across the various web sites with a unified view of the customer, utilizing the company's SiteMinder security platform.
• Developed technical design document to be used for the project development phase.

Confidential

Security Architecture Strategy

Responsibilities:

• Collaborated with the national manager of enterprise security to develop a five-year plan for improving the security platform Confidential Toyota. The plan focused on leveraging the Sun Identity Manager platform which had not been utilized effectively thus far, as well as expanding the security platform to provide federation to partner sites. Security of mobile devices and desktop single sign-on options were also proposed.
• Created five-year roadmap strategy documentation.

Confidential

Web Portal Content Management

Responsibilities:

• Led a team of fourteen engineers from requirements gathering through end user to develop a custom designed Knowledge Management system based on the WebLogic Portal platform (J2EE). The custom WebLogic portal used Documentum as a document repository and Autonomy for search engine capabilities. Additional work was done to define requirements to expand the system for access by affiliated business partners across the US. Many customizations were made to the portal to include features desired by the client. Some of these were customized navigation, customized search filtering rules within Autonomy (e.g. search by user rating), integration of a separate intranet portal into the site framework, and custom content rating system for users.
• Created and/or reviewed all technical design specifications and client deliverables.

Confidential

Federated Security

Responsibilities:

• Team lead for several projects within the Identity & Access Management team including design and implementation of the first ever federated solution Confidential Toyota utilizing SAML and web services security for secure communications with business partners utilizing CA SiteMinder and CA Web Services Security products. Provided web site security for key internal and partner web sites including design of user synchronization across companies. Provided guidance for the installation of a new user provisioning system and assisted with vendor evaluation of the top 4 vendors in the market. LDAP analysis and recommendations were made to smooth the integration of new user provisioning and security products.
• Created numerous security integration design documents, vendor selection analysis, and federation plan for partner sites.
• Confidential Confidential I gained a great deal of experience in the security domain, including systems hardening and Identity and Access Management Security along with general solution architecture. I was a key resource in growing the Los Angeles regional security practice from 25 to over 300 people in 5 years. As a lead security architect in the practice, I was called on to lead project teams as well as take part in sales meetings and work closely with client counterparts to deliver cutting edge solutions.

Confidential

IAM & Network Security

Responsibilities:

• Security team lead and security architect for a $105MM call center upgrade project. Designed and implemented the Oblix Netpoint Identity Management System (now Oracle IdM Suite) to provide identity management and Single Sign-On for Siebel and other internal applications for call center representatives globally. Integrated the Netpoint product with PeopleSoft for identity lifecycle maintenance and the company’s custom “My Passwords” system which is used for password reset requests. The Netpoint interface was customized to provide administrators with extended functionality such as user deactivation information and high-level application access controls.
• Responsible for finding the root cause (Siebel security plug-in bug) and resolution to repeating system wide Siebel outages after go-live, impacting the entire call center. The result was to save the $105MM project from reverting back to the old systems and a cost savings of over $1MM/hour of downtime.
• Completed preliminary analysis of enterprise security risks and provided solutions for various critical security areas. Designed and implemented an IPSec security plan to provide authentication and data integrity between internal systems used Confidential the client.
• Developed extensive technical documentation for all project areas.

Confidential

Responsibilities:

• Security architect for a project to consolidate multiple disparate systems into a single web-based platform using the Tivoli Access Manager platform. The project consisted of consolidating the security platform of several in-house websites and a new web portal site so that users were able to seamlessly navigate between sites.
• Provided all technical documentation for the project.
• Created recommendations for RBAC security model used for consolidation of security roles across the organization.

Confidential

Software Development Process Improvement (SDLC)

Responsibilities:

• Analyzed problems with enterprise Java web application development teams to determine why they were consistently missing their target deadlines. Work was done to assess the processes involved in the software development life cycle and detailed recommendations were made for improving time-to-market and ensuring the quality of the delivered product within the project timeframe.
• The Partner Confidential Confidential commented that the assessment was the best he had ever seen.
• Detailed recommendations were submitted directly to the CIO of Confidential who then implemented a plan to address the recommendations. One year later I was specifically requested by the CIO to perform a follow-up analysis of the progress on the recommendations.

Confidential

Sun Identity Manager Provisioning

Responsibilities:

• Implemented SUN Identity Manager to provide user provisioning across the six main systems within the client’s infrastructure. These included Windows Domains, LDAP, ACF2 Mainframe, CICS-RACF Mainframe, Oracle Forms Applications, and Audix voicemail. Custom configuration of the SUN Identity Manager product and internal systems was completed to fully integrate the product. This included customization of the Identity Minder code base to allow SUN IM to connect to three of the internal systems. Worked extensively with the ACF2, and RACF integration to ensure full compatibility during user account reconciliation cycles.
• Delivered all technical documentation for the project.

Confidential

Responsibilities:

• Implemented a customized Single Sign-On security solution utilizing Computer Associate's SiteMinder product. Deployed a J2EE application with customized security API to integrate SiteMinder with a proprietary security system, and backend mainframe systems. Specific experience involved installing and configuring vendor applications on Solaris and AIX, deploying a full IBM WebSphere environment, JSP front end development, Oracle and DB2 database administration, database schema development, iPlanet LDAP administration, EJB development, and configuration of SiteMinder.
• Deliverables included the working SSO system, custom developed code, and extensive technical documentation of the systems.