SUMMARY:

• Security technologies professional providing simple and creative solutions that have led to immediate sustainable progress, utilizing existing and new technical security platforms.
• Held several critical positions, reporting to Program Director and Commissioner/Deputy Commissioners.
• Created multiple infrastructure security processes and security policies for the Confidential including architectural technical design for security processes and policies, technical Directory Services and PKI design and implementation, disaster recovery systems architecture policy and design and enterprise initiatives.
• Architected and implemented 300,000 user Confidential for Confidential of the art Time & Resource Management System.
• Wrote SOX based compliance policies, procedures based on NYC Department of Investigations guidelines. Developed network and application security controls.
• Performed Risk Assessments and internal audit for technology and audit compliance. Instantiated Incident Response Team and processes Designed and deployed Identity and Access Management solution for 400,000+ nodes.
• In less than 12 months designed, developed, and implemented very sophisticated information technology solution for Bear Stearns to deliver market - critical trade execution and status information online for clearing customers. Leveraged prior investment in back-end databases, proxy, and firewall technologies by utilizing commercial-off-the-shelf (COTS) software. Outstanding project execution delivered on-time and within budget.
• Proven senior technical team leadership success with full P&L experience and responsibilities.
• Strategic and hands-on technical expertise in Information Security & Infrastructure Technology
• Recruited as an expert for high-profile technical security tasks throughout career; engineering repeated successes at designing and building entire secure information and telecommunications infrastructures; directed staffs and proven ability to obtain cross-organization collaboration; established partnerships with leading industry players; exceptional ability to find simple and creative solutions to complex technical environments.

EXPERTISE AREA:

Security Technologies Expert / Emerging Technology Assessment

Regulatory Compliance / Rapid Prototyping & Programming

Core Infrastructure Development / Strategic Technology Initiatives

Systems Integration - Administration / Client Needs Analysis & Solutions

Development Tools Expertise / Strategic Business Planning

Full System Life Cycle Expertise / LAN & WAN Technologies

Team Leadership and P&L Experience

TECHNICAL EXPERTISE:

OS: Windows, Linux, Cisco IOS, Solaris, HP-UX

DB: Oracle, MySql, Postgresql

Programming Languages & API: Java, Javascript, and Perl, sh/ksh script, C, Visual Basic

Business Intelligence: Cognos BI

Application Security Tools: nCipher nFast, GPG, PGP, OpenSSL, WebInspect, AntiSamy, AppSensor, CAL9000, Code Crawler, DirBuster, JBroFuzz, SQLiX, Scrubbr, Scrawlr, WebGoat, Skavenger, WebScarab, Webslayer, Sprajax, Rats, Yasca, dnstracer, dnswalk, dns-bruteforce, dnsmap, Metagoofil, Mbenum, Netenum, Nmbscan, PsInfo, PsFile, Scanner, SMTP-Vrfy, PBNJ, Absinthe, Bed, CIRT Fuzzer, Checkpwd, Fuzzer, GetSids (Oracle), HTTP PUT, Httprint, ISR-Form, Jbrofuzz, Metoscan, Mezcal HTTP/S, Mistress, Nikto, OAT (Oracle Auditing Tool), OpenSSL-Scanner, Paros Proxy, RPCDump, SQL Inject, SQL Scanner, SQLLibf, SQLbrute, Sidguess, Spike, Stompy, Wapiti, Yersinia, sqlanlz, sqldict, sqldumplogins, sqlquery, sqlupload, Framework3-Msfweb, URLsnarf, Rootkithunter, GDB GNU Debugger, Hexdump, Metasploit Framework, CA SeOS, Safenet Luna SA HSM

Network Security Tools: Snort, Cisco IDS, QualysGuard, SNORT, NAI Sniffer, Dsniff, Etherape, CDP Spoofer, Crunch Dictgen, DNSspoof, Kismet, MDK3, MacChanger, WifiTap, Wicrawl, WifiZoo, SpoonWEP, Wireshark, AFrag, AirSnarf, airbase-ng, airodump-ng, Airsnort, FakeAP, Hotspotter, Cisco Auditing Tool, Cisco Enable Bruteforcer, Cisco Global Exploiter, Cisco OCS Mass Scanner, Cisco Scanner, Cisco Torch, Netdiscover, Nmap, Amap, Angry IP Scanner, Autoscan, Firewalk,Fport, InTrace, Maltego, Fping, Hping3, IKE-Scan, IKEProbe, Netcat, GFI LanGuard 2.0, SNMP Scanner, SNMP Walk, Checkpoint Endpoint Security, Nokia Firewall/VPN appliance, MRTG, Tivoli, Cyberoam iView, Cisco PIX. AirWatch, OpNet AppXpert, Nexthink, Countertack Sentinel, Accelops

Identity & Access Management Tools: Tivoli Access Manager, Tivoli Directory Integrator, Oracle Identity and Access Manager, Novell IDM, Sun IDM, CA Siteminder, SAML, MS WSE SOAP Protocol Factory, MS Rights Management Service, MS AD Certificate Services, MS Forefront Identity Manager, MS Unified Access Gateway, CA Identity Manager

Directory & Middleware Services: SunOne Directory, Oracle Internet Directory, Oracle Virtual Directory, Novell eDirectory, MS Active Directory, IBM Secureway LDAP Directory, JBoss, Websphere, JBoss, Radiant Logic Virtual Directory, Liferay Enterprise Portal

Network Protocols: MPLS, IPSEC, EIGRP, OSPF, RIP v2, BGP4, VRRP, HSRP, TCP*IP, DHCP, DNS, SNMP, HTML, XML, IPX, SCSI, Token Ring, Ethernet.

Network Equipment: Cisco 6500/5000/4000/2900 Switches, Nortel ARN & ANS Routers, Nortel 28K Switches, Cisco 7200 Routers. Cisco ACE

Virtualization: VMWare, HyperVisor, VirtualBox, MS Hyper-V

PKI: Baltimore Technologies, Rainbow Technologies, Entrust, RSA DCS, Miscrosoft ADCS

EMAIL: MS Exchange 2010, cc Mail, Lotus Notes, Sendmail, Worldtalk Messaging Server, and IMAP4 .

SAN: Dell SAN, IBM SAN, Sun SAN, NetApp

Emergency Systems: PlantCML VESTA, NICE Storage Center, NICE Inform, NICE LMR

Policy/Process/Regulatory Frameworks: CobiT, ITIL, NIST-800, PCI DSS, HIPAA, SOX 404, GLBA, ISO 27001/17799

PROFESSIONAL EXPERIENCE:

Enterprise Security Architect

Confidential

Responsibilities:

• Created business cases and presentations to Corporate Enterprise Architecture Board for re-architecting of directory and database infrastructure as well as the associated regulatory compliance controls. This encompassed authentication, authorization and data modeling of data for corporate clients (Retail, Financial Professional, Corporations etc.)
• Created business cases and presentations to Corporate Enterprise Architecture Board the creation of a comprehensive analytical database structure, as well as the associated regulatory compliance controls, based on client data distributed across numerous enterprise applications in several business units.
• Designed and implemented Virtual Directory services, with custom connectors to disparate user databases, directories and WebServices, to provide an unprecedented 14 Million user account management repository allowing for user record management, authentication and authorization (SSO) across, previously disparate and disconnected, enterprise and Cloud (Federated) based applications.
• Designed and implemented a no-SQL database solution to house 45 Million client records and provide a comprehensive view of client data from a corporate perspective.
• Saved the enterprise approximately $99 Million compared to the cost incurred by a competitor to implement a similar analytical database.
• Authored Application Solution Architecture and Interface Connection Design documents Enterprise Event Management and Identity and Access Management System software development efforts
• Authored Interface Connection Design documents for connectivity to several Cloud Service Providers to enable B2B connectivity, data exchange, Single Sign-On, centralized user and RBAC, etc.
• Co-defined the program information security strategy across multiple business unit stakeholders and environments
• Provided thought leadership in the instantiation of program wide controls for threat monitoring, business transaction monitoring and consolidated incident response to address the new and progressive computing environment
• Assisted in the recruitment and mentorship of Architects and technical staff.
• Provide thought leadership in system, network, and security standards, monitoring and remediation methodologies and tools
• As the security architect for the program, security issues are addressed with timely, appropriate responses to minimize the impact to the enterprise, customers and reputation.

Security Consultant

Confidential

Responsibilities:

• Install and configure Tripwire Enterprise infrastructure
• Write Tripewire checks for Windows filesystem, Registry and AD Group Policy monitoring in Visual Basic and Powershell
• Write Tripewire checks for *nix filesystem monitoring and validation Perl and Shell

Identity and Access Management Architect

Confidential

Responsibilities:

• Architected and implemented CA Siteminder & CA Identity Minder based IAM solution
• Designed and implemented geographically dispersed LDAP directory architecture spanning multiple continents
• Designed and implemented SSO based on Liferay Enterprise Portal, Siteminder Web Agents, IWA, and Federation Services
• Designed and implemented Disaster Recovery Infrastructure and Business Continuity Plans for IAM environment
• Enhanced current Windows and Linux systems to accommodate high performance IAM transaction requirements.
• Presented architectural solutions for Microsoft based Internal PKI strategy
• Identified gaps in corporate Active Directory structure and presented solutions for remediation

Senior Solutions Architect

Confidential

Responsibilities:

• Architected and implemented high performance server infrastructure to support global implementation of Oracle RPAS software
• Co-Architected in-house ETL platform based on MS SQL and .Net
• Co-Architected and implemented Virtual Server environment on AIX and VMware ESX servers to support project
• Co-Architected and implemented Disaster Recovery Infrastructure and Business Continuity Plans for Global GPI environment
• Provided performance tuning directives for Unix, Windows, Citrix and networks thereby achieving approximately 25% greater combined efficiency
• Introduced and deployed endpoint user desktop performance tuning software thereby increasing desktop PC performance and delaying device upgrade cycle by a minimum of 1 year.
• Introduced RBAC into operating environment thereby enhancing security controls on back-end and user devices
• Introduced SDLC management concepts to environment in order to achieve structured program management

Enterprise Security Consultant

Confidential, NJ

Responsibilities:

• Re-architect and design for global AD and LDAP directory deployment across 160+ operating companies.
• Re-architect global PKI infrastructure
• Architect next generation application delivery strategy and design
• Architect centralized global Identity and Access Management infrastructure (130,000+ users) with delegated administration involving user access, application access, file share access, device access, process flow, and audit & compliance
• Architect Fine Grain Authorization mechanisms for object level access control in applications.
• Architect global “Borderless Workplace” for Axa users
• Architect global Wireless Access infrastructure managed by centralized IAM infrastructure.
• Architect management infrastructure for handheld devices
• Produce strategy for Data Loss Prevention and container security for Workplace Service Delivery
• Produce technology integration and standard service delivery models for mergers and acquisitions.
• Reduce operational costs by %25 in the next two years with additional projected efficiencies over the next 5 years.

Senior Security Consultant

Confidential, NJ

Responsibilities:

• Create security business cases for Confidential Enterprise Security Architecture group relating to Realtime-Malware Analysis, Secure Communication DRM, Rogue Wireless Detection, IPS Expansion, CIRC, and Centralized DB Protection
• Created architecture standards for MS AD, Database Protection, Data Loss Prevention, Internet Security, Email Security, Rogue Wireless Detection, Security Log Management, Virtualization Security, and WLAN Security

Senior Security Consultant

Confidential, MN

Responsibilities:

• Architect, design, and implement MS 2008 AD Certificate Services (PKI) utilizing HSM for key generation and storage.
• Designed and implemented Disaster Recovery Infrastructure and Business Continuity Plans for PKI environment
• Implement OCSP Responders to support PKI
• Implement custom certificate templates for various applications ( SCCM, IIS, etc) and devices
• Migrate physical Oracle database servers to Virtual machines running on RHL.
• Migrate physical hosts to MS Hyper-V based virtual environment

Senior Security Consultant

Confidential

Responsibilities:

• Architect, design, and implement MS 2008 AD Certificate Services (PKI) utilizing HSM for key generation and storage.
• Implement OCSP Responders to support PKI
• Implement custom certificate templates for various applications and devices
• Design authentication and authorization architecture based on RBAC to applications, databases, and computing resources using MS Forefront Identity Manager (FIM) and MS AD Role Management System (RMS).
• Designed and implemented Disaster Recovery Infrastructure and Business Continuity Plans for PKI environment
• Create Secure Transport Rules with MS AD RMS integration for MS Exchange 2010
• Design SSO infrastructure for databases (Oracle and SQL), applications (.NET and Java), and mobile computing resources
• Design directory services (LDAP and MS AD) for credential and attribute management
• Design and implement end point security solution (Encryption, authentication, AV, etc) using Forefront End Client Management
• Migrate physical hosts to MS Hyper-V based virtual environment
• Architected and implement pilot secure MS SCCM & SCDPM infrastructure to manage and protect hosts in various US, European, and Middle Eastern locations.
• Design and implement MS Unified Access Gateway (UAG) for application deployment.

Senior Security Consultant

Confidential

Responsibilities:

• Authored, edited Security policies.
• Proposed Security Architecture Framework for MTA agencies.
• Developed technical and business requirements for IAM project.
• Developed Federated Identity consolidation and access management SSO architecture framework for MTA applications.
• Assisted in HIPAA and PCI DSS compliance strategy and audit tool development.
• Developed application vulnerability assessment platform.
• Developed and deployed SEIM pilot.
• Deployed centralized logging pilot.
• Re-architected agency firewall rules and policies.
• Provide Market strategies and Market assessments to confidential contractors
• Assist in Life Cycle Capture Management by providing
• Initial Requirement, RFI Support, Call Plans
• Bid / No-Bid Decision Support, Capture Plan, Teaming Support
• Positioning, Themes, Support Proposal Development, "Color" Team Reviews
• CR / DR Response, Orals Support, BAFO
• Technical Architecture Design Support including
• Requirements gathering
• Project management Network infrastructure design
• Storage design
• Application architecture
• Security
• Risk assessments
• Regulatory Compliance (SOX 404, PCI DSS, HIPAA, GLBA, etc.)
• Capacity planning

Project Manager & SME

Confidential

Responsibilities:

• Managed multiple vendors contributing to the analysis and characterization of FDNY and NYPD applications for new e911 environment.
• Contributed to Gartner design for Consolidated Managed Services.
• Managed several vendors during application and process lifecycles.
• Negotiated multi-million dollar support contracts for 24x7 operations with project vendors.
• Designed application, host, and network security models and provided scripts to enforce the models for Windows, Linux, Cisco IOS, JBoss, and a host of other niche systems.
• Co-authored Citywide Security Policies based on HIPAA, ITIL, NIST, FIPS, and CIS standards.
• Spearheaded analysis application characterization roadmap development with DoITT project managers.
• Provided input and guidance for tool selection for products utilized in the project.
• Provided guidance on tool/software licensing and ROI.
• Provided guidance on testing and statistics gathering methodology.
• Provided framework for Threat and Vulnerability assessment and incident response processes.
• Developed security guidelines for J2EE, and client/server applications.
• Spearheaded Security Risk analysis for E911 environments and systems.
• Led development of Security Architecture for ECTP/E911 project.
• Setup requirements gathering process for Citywide SOC.
• Spearhead consensus building among various City agencies regarding management and incident response processes.
• Coordinated vendor service delivery and directed technologies (COTS & OTS) to be implemented for initiative.
• Envisioned web-based portal for Security Monitoring and Incident Management for City agencies.
• Managed vendor resources in pilot implementation.
• Presented vision for Citywide SOC to City Agency Commissioners and assured design compliance with City-wide security policies and regulations as well as industry standard practices.
• Participated in SOAP and SAML based Web Services and Single SignOn design & Implementation for application security.
• Part of PKI design team PKI pilot for City projects.
• Participated in LDAP/AD architecture and policy design and implementation for E911 Desktops and servers.
• Co-Architected Disaster Recovery Infrastructure and Business Continuity Plans for E911 systems
• Configured and Deployed SOAP Router for Web Services pilot
• Participated in Architecture team for E911 Workplace design and implementation.
• Designed rule sets and controls for AD and Windows Registry for servers and desktops.
• Participated in desktop sizing, builds, software deployment and maintenance strategy development.
• Setup Entrust Security Manager pilot

Security Consultant

Confidential, New York

Responsibilities:

• Setup Incident response and escalation process for Confidential Project.
• Coordinated external Penetration Test for Confidential environment.
• Instantiated Threat and Vulnerability assessment and incident response processes.
• Review all technical and physical security processes and initiatives for Confidential and Confidential NY operations.
• Technical Manager for Technical Infrastructure Architecture Team for Confidential Project.
• Provided budgetary planning, training guidelines and curriculum for project.
• Led strategic and tactical planning efforts. Created technology roadmap and tied it to the five year business plan. Presented strategy to client agencies and City Commissioners.
• Authored various strategic vision documents addressing topics such as Identity Management, Single Sign-On, Security Architecture, and leveraging of existing technological investments for current and future projects for The City of New York.
• Co-created the SLAs and the introduced of a formal project security management framework.
• Introduced CobiT for governance.
• Assessed the strength of internal controls of applications, operating systems and networks based on various Audit regulations. Worked with Confidential and City Agency auditors to review controls, test policy compliance, and write up findings.
• Member of Application Architecture team for Confidential project based on Solaris, JBoss, AJAX, J2EE, Oracle, Synopsis Rules Engine, Apache Tomcat, Axis, ESB, and Websphere technologies.
• Designed and implementing Federated Single Sign-on and Identity Management (User Management, Authentication, & Authorization) Solution for Citywide deployment for approximately 400,000 users Using Tivoli Access Manager, Tivoli Directory Integrator, SunOne Directory Server, and Oracle 9i.
• Wrote software in Java, Javascript, and Perl to manage application authorization Object Space within TAM.
• Wrote ID Creation and User Provisioning scripts in Perl.
• Assisted in the creation of Functional Model to Central Agency Administration of various application and infrastructure components.
• Designed mechanism to manage Cognos Users via Centrally through Tivoli Identity Management Product Suite.
• Instantiated Federated Identity Management model using virtual directories connected to MS Active Directory, LDAP, Oracle DB, and custom user ID repositories.
• Participated in SOAP and SAML based Web Services and Single SignOn design & Implementation for application security.
• Created Threat Models for various architecture and application components in order to produces qualitative risk
• Designed and implementing Web Based Training application infrastructure for approximately 400,000 users.
• Produced and presented Basis Of Estimation for multi-million dollar Confidential .
• Designed Multi*tiered .Carrier Class. Network for Confidential Project.
• Co-authored capacity planning documentation for network, storage, and SAN solutions.
• Co-architected multi Terabyte Storage Area Network.
• Co-authored and implemented Disaster Recovery Infrastructure and Business Continuity Plans for Confidential environment
• Designed solutions. Worked with internal departments to identify needs and design IT solution. Examples include: redesigning WAN, LAN, security, remote access, data protection solutions for Metropolitan infrastructure.
• Reduced Support Costs and maximized uptime. Restructured server and network architecture to maximize application uptime and minimize risk from application conflict and equipment failure. Developed server consolidation strategy reducing number of servers by 30% while increasing availability. Developed network strategy to enhance performance without compromising availability.
• IT Infrastructure Operations Audit.
• Co-architected in LDAP/AD architecture and policy design and implementation for user Desktops, and access control infrastructure.
• Developed IT disaster recovery / business continuity plan for corporate HQ and put procedures in place for ongoing review and testing of the plan. Redesigned corporate data backup procedures.
• Performed audit of IT operational policies and provided input on human resource allocation and scheduling.
• Co-Authored Security Architecture for Wireless Network Project for The City of New York.
• Led strategic and tactical planning efforts for Security design, implementation, remediation, and monitoring services for the City of New York.
• Strategic and tactical planning and design efforts for the redesign of the NYPD Badge Access Control System.
• Project Manager for development and deployment of custom Badge encoding and printing application.

Information Technology Auditor/Consultant

Confidential

Responsibilities:

• Designed solutions. Worked with internal departments and global subsidiaries to identify needs and design IT solution. Examples include: redesigning WAN, security, remote access, data protection solutions for global infrastructure.
• Reduced Support Costs and maximized uptime. Restructured server and network architecture to maximize application uptime and minimize risk from application conflict and equipment failure. Developed server consolidation strategy reducing number of servers by 30% while increasing availability. Developed network strategy to reduce cross-continent WAN costs by 40% without compromising availability.
• Developed IT disaster recovery / business continuity plan for corporate HQ and put procedures in place for ongoing review and testing of the plan. Redesigned corporate data backup procedures.
• Architected Disaster Recovery hot*site. Defined data center requirements (physical, environmental, network, etc), selected vendors, sold project to CFO and managed implementation.
• Architected AD architecture and policy design and implementation for user Desktops, and servers.
• Redesigned Citrix MetaFrame architecture
• Defined password protection policy.
• Presented audit reports to Global CIO.

Confidential

Senior Project Manager

Responsibilities:

• Created Training curriculum for End Users and Administrators.
• Co-Authored PGP Architecture Design.
• Trained users and IT Security administrators on PGP usage and administration/ debugging respectively.
• Designed and implemented Secure (encryption/decryption) File Transfer Server for automated transmission and receiving of files using Perl, GPG, PGP, Linux, Direct Connect, and LDAP technologies.
• Implemented Sarbanes-Oxley compliant auditing mechanism for Secure File Transfer Server.
• Designed Single Sign-on Architecture using Solaris, Windows 2000, Linux, Netegrity Siteminder and Apache 1.3.x, Apache 2.0.x, iPlanet Web Server, IIS, Openssl, and nCipher nFast hardware.
• Collaborated with software developers to implemented Pilot of Single Sign-on Solution.
• Built custom Linux Kernel for enhanced security and performance.
• Assisted in Risk Management and Threat Management and Response policy design.
• Wrote Apache Web server configuration interface in Perl.
• Authored Security Policy and Guidelines for Securing Linux and Solaris.
• Wrote Linux and Solaris OS hardening scripts in Perl. Scripts provided various levels of hardening depending on location and applications residing on the hosts.

Confidential

Product Manager

Responsibilities:

• Created recovery strategies in the event of the loss production sites.
• Audited plans to improve Recovery Time Objectives for production systems.
• Presented Strategies for Information Protection and Security Policy Compliance.
• Authored Business Continuity Plans for Confidential Product.
• Authored Test Plans for Disaster Recovery.
• Managed Capacity Planning for Confidential .
• Coordinated Confidential Security awareness programs.
• Authored Security Policy and Guidelines for Securing Linux and Solaris systems deployed in Confidential .
• Architected Citrix MetaFrame infrastructure for developers and remote access

Senior Security Consultant

Confidential

Responsibilities:

• Administered Solaris, AIX, and HPUX hosts.
• Installed and configured IBM Secureway LDAP Directory and DB2.
• Redesigned Citrix environment for developers and remote access.
• Co-authored Directory Services & PKI Policy and procedures.
• Project Manager for Directory Services Design and Deployment.
• Develop High Availability/Disaster Recovery Systems Architecture Policy and Design
• Authored BCP and DR test plans.
• Presented Strategies for Information Protection and Security Policy Compliance.
• Created custom Roaming Profiles for Trader desktop Web Browsers using DCE, HPUX, LDAP, PERL, and C. Product is currently in use on the Confidential trade floor.
• Led Negotiations on high monetary value contracts with technology vendors.
• Performed Risk Analysis of Confidential infrastructure with subsequent design, and implementation of SSL based remote access infrastructure for Confidential to accommodate legacy applications.
• Authored and co-authored multiple infrastructure security policies process.
• Design, deployment and implementation of: Directory Services; C based API for application interaction with LDAP Directory; Secure Web browser based deployment of legacy applications; Policy and implementation plan for Intrusion Detection Systems; and OS hardening policy and rule sets for hosts deployed in Confidential and intranet environments.
• Implemented customized Linux Kernel for enhanced Security and performance of proxy servers.
• Conducted security code reviews for various custom software; performed penetration tests on firewalls and custom applications; and produced ACLs for firewalls.
• Authored VPN policy for Confidential remote access for employees and member firms.
• Assisted in Capacity Planning for Confidential using NAI Sniffer.