OBJECTIVE:

Infrastructure Security Analyst

SUMMARY:

Leverage 27 years in Information Technology to reduce client time to delivery of secure solutions. Rapid acquisition of product knowledge coupled with extensive windshield time in Enterprise Security, Compliance, and Risk Management.

PROFESSIONAL EXPERIENCE:

Security Analyst

Confidential, Centennial, CO

Responsibilities:

• Security Analyst for established electronic learning platform leader
• Management of QRadar SIEM to include feeds, offenses and reporting
• Management of Qualys Enterprise VM to include assets, scans, reporting and remediation
• Management of Risk I/O Threat Management to include identifying assets, connectors and dashboard
• Management of SNORT IDS/IPS deployment to include configuration, logging and daily maintenance
• Leverage Appscan Standard/Netsparker to conduct light application security reviews
• Selection process for Enterprise DAST tool to include Appscan Enterprise, HP WebInspect, Qualys Guard AS
• Enhance Vulnerability Management Program to reduce vulnerability footprint for systems
• Enhance SDLC to include SAST/DAST; Developer security training (OWASP); QA Test training
• Collaboration with Network team for incident response procedures, Dev/Ops & SOC
• Remediation of vulnerabilities across platforms and teams
• Participation in SOC1 and SOC2 audit, internal and external
• Collaboration across business units to implement technical and compensating controls post audit

Application Security Consultant

Confidential, San Jose, CA

Responsibilities:

• Application Security Consultant to large ecommerce corporation
• Test applications in support of SPLC to include Source Code Analysis (SCA), DAST, and manual techniques
• Test all Internet facing applications for security vulnerabilities to include OWASP Top 10 2013
• Validate vulnerabilities against false positives; review with Development staff; enter defects in JIRA
• Supported deployment of Fortify SCA (Source Code Analyzer) as deployed; greater than 1000 Development staff
• Enhance Dynamic Application Security Testing (DAST) for existing Secure Programming Lifecycle (SPLC)
• Repair non - functional Appscan Enterprise deployment to include custom Proxy coded by IBM for Selenium Grid
• Evaluate Appscan Enterprise tool for metrics on vulnerabilities found, false positives and performance
• Evaluate market challengers for DAST such as NTObjectives, Veracode, and Contrast from Aspect Security
• Manage and train junior level personnel specific to Risk Management and Application Security
• Implement/deploy multiple enterprise software products across Linux/Unix/Windows and Hypervisors
• Identify and scope hardware/software requirements in support of enterprise Security projects

Security Advisor

Confidential, Tampa, FL

Responsibilities:

• Security Advisor to Big Six Accounting firm; Short term project to provide augmentation
• Reviewed external 3rd Party application security assessments; validated remediation efforts by internal Confidential staff
• Manually tested applications scheduled for internal security review and assessment
• Executed, reviewed, and analyzed Web Application scan results for Dynamic application scanning via BuRP Suite/Acunetix
• Provided CMSS/CVSS scoring to project teams upon delivery of application assessments
• Reviewed Web Application reports and validate against false positives; reported defects to project teams
• Reviewed additional security tools for usage by internal Confidential Compliance
• Provided assistance and guidance to Confidential employees on security flaws and remediation

Security Analyst

Confidential, Neenah, WI

Responsibilities:

• Security Analyst at Confidential 100 corporation with over 600 active web applications
• Executed, reviewed, and analyzed Web Application scan results for Dynamic application scanning
• Reviewed Web Application reports and validated against false positives; reported defects to Development
• Leveraged tools such as SQLMap, Nikto, Nmap, Nessus, SQLCat, Skipfish, W3F, and others to manually inspect results
• Assisted with installation/configuration of Alien Vault for file integrity monitoring
• Provided assistance to Development staff in remediating Web Application security defects
• Participated in rollout of Imperva WAF to include review of rule sets and “training” mode
• Assisted client with re-assessment of Application scanning and reporting process/procedures
• Architected existing Application Scanner deployment (Acunetix) to increase performance and decrease scan times
• Published Security Standards and Scan Review guides to assist Development staff in providing more effective code
• Assessment of competing products in RFP to include IBM Appscan, HP Fortify, HP WebInspect, and Veracode
• Executed IBM Appscan against two Web Applications chosen for POC testing, gathered results and evaluated
• Executed HP Fortify on Demand against code trunk for Static scan of source code; reviewed with Development team
• Executed HP WebInspect against two Web Applications chosen for POC testing, gathered results and evaluated
• Executed Veracode against code trunk for Static scan of source code; reviewed with Development team
• Provided assistance and guidance to Confidential employees on security flaws and remediation

Security Architect

Confidential, Orlando, FL

Responsibilities:

• Validated security paradigm based on AOP principles designed to scale millions of user entities
• Validated design for internal employee Authentication/Authorization via AD/SiteMinder/Keystone and oAuth
• Validated design for external guest Authentication/Authorization via AD and a custom Authentication mechanism
• Mapped data to determine which data classification categories data relates to include Confidential
• Created Data Flow Diagrams to assist with data classification for data traveling intrasystem
• Performed security assessments against various application components
• Performed threat modeling (STRIDE/DREAD) against application to establish risk
• Conducted vulnerability assessments on source code with HP Fortify for commercial Secure Code Analysis (SCA) tools
• Validated Fortify reports against false positives and entered true defects in HP Quality Center
• Conducted vulnerability assessments on Web UI with HP WebInspect against multiple application modules
• Validated WebInspect reports against false positives and entered true defects in HP Quality Center
• Leveraged Symantec for commercial HIDS (Host Intrusion/Detection Systems) tools
• Participated in POC with vShield from VMWare
• Assessed overall application design for security flaws that may result in data loss, corruption, or other malicious events
• Authored a Security Architecture document to illustrate the various security related system components and integration points with the application infrastructure
• Created test plans for penetration testing and vulnerability assessments with tools such as Qualys, WebInspect, and Core Impact

Senior Security Resource

Confidential, Colorado Springs, CO

Responsibilities:

• Provided a Penetration Testing program for a non-profit organization
• Developed Penetration Testing program to assist client with PCI compliance
• Reviewed Tripwire deployment configuration/administration per PCI-DSS requirements
• Leveraged PTES framework to create a structured set of program tasks for assessing security vulnerability footprint
• Developed an exhaustive list of open source security tools to support Penetration Testing
• Assisted client with developing a methodology for Penetration Testing for tactical and strategic goals

Senior Security Resource

Confidential, Denver, CO

Responsibilities:

• Provided web-application security for new external facing application for constituents on the 311 web site
• Provided expertise in secure design of Oracle Identity Management 11g software to protect public facing application for external user identities
• Assessed vulnerabilities of IIS Web Tier infrastructure as it relates to deployment of Oracle 10g WebGate agents
• Leveraged Wireshark, Nmap, Nessus, and other open source tools to probe application security and SOA orchestration
• Provided guidance on setting OAM 11g Policy Server objects for protected application resources; header variables set to return data to application
• Assisted staff in assessing .NET application security specific to the application deployed to the 311 web site
• Secured Oracle Internet Directory (OID) at ACL level to provide reduced vulnerability footprint for LDAP services
• Secured communication via SSL between Oracle Virtual Directory (OVD) and OID via Certificates
• Integrated OVD DSML interface over SSL to provide secure interface between SOA interface and LDAP services
• Secured OAM communication to OVD via SSL Certificates
• Assisted client with setting Password Policy on OID to govern access for external constituents; assisted in created new Information Security Policy to govern the addition of a large base of external user entities

Senior Security Architect

Confidential, Omaha, NE

Responsibilities:

• Participated in all projects assigned as a security resource; provided security requirements that map to corporate Information Policy cataloged in Archer
• Enforced business Compliance mandates via technical controls as dictated by GLB, PCI, PII and other regulatory mandates
• Leveraged Tenable Nessus Enterprise, Cenzic Hailstorm, Burp proxy and other tools to assess the trading software for security defects to include cookie manipulation, injection flaws, input validation, and other basic secure coding principles
• Created Threat Matrix and Threat Models for applications and systems from the parent company, acquisitions, and overseas data centers
• Leveraged Wireshark, Nmap, Nikto, Backtrack and other tools to provide penetration/vulnerability assessment of existing network and systems security in protecting sensitive data
• Assisted client with establishing a Center of Software Excellence to increase the quality of code to include all security aspects
• Provided remediation scans to assure defects properly addressed by development staff; Scan reports delivered to executive and technical staff
• Supported existing staff during systems breach to include triage, forensics, remediation, and recovery
• Analyzed current security posture; identified gaps in coverage for critical security related aspects such as sensitive data, data leakage, compliance, etc.

Senior Security Resource

Confidential, Denver, CO

Responsibilities:

• Provided Information Security Governance program for small company in the software development vertical
• Provided security policies and procedures for multiple compliance requirements including HIPAA, GLB, PCI, and others
• Worked with large firms interested licensing software built by client to display due diligence in security and compliance by demonstrating security policies, compliance with regulatory bodies, and application security
• Leverage Nessus & HP WebInspect to assess the software products developed by the client for security defects to include injection flaws, input validation, and other basic secure coding principles
• Provided consultation on technical controls in Compliance for newly developed applications to illustrate due diligence to prospective customers interested in licensing software applications
• Leveraged Wireshark, Nmap, Nikto, Backtrack, and other tools to provide penetration/vulnerability assessment of existing network and systems security in protecting sensitive data
• Provided consultation in establishing CVS to check code and maintain a change history as a first step in code consistency and security
• Introduced development staff to OWASP publication “A Guide to Building Secure Web Applications and Web Services” also known as OWASP Development Guide
• Introduced development staff to OWASP publication “OWASP Code Review Guide”
• Assisted client with establishing a Center of Software Excellence to increase the quality of code to include all security aspects
• Assisted QA and Test teams in establishing test plans that included security as a major component; introduced vendor SSA tools such as Fortify 360 PTA; provided workflow framework that included collaboration between development and QA/Test teams for security defects
• Provided remediation scans to assure defects properly addressed by development staff; scanned reports delivered to executive and technical staff
• Supported existing staff during systems breach to include triage, forensics, remediation, and recovery
• Analyzed current security posture; identified gaps in coverage for critical security related aspects such as sensitive data, data leakage, compliance, etc.
• Assisted client with Business Continuity Planning (BCP) for Disaster Recovery components relative to Information Security

Senior Security Resource

Confidential, Portland, OR

Responsibilities:

• Provided web-application security for Confidential 500 company with core business in vehicle manufacturing
• Provided expertise in Authentication/Authorization mechanisms for high-volume web applications running on IBM WebSphere Application Server
• Assessed vulnerabilities of servers and applications with QaulysGuard Enterprise Suite
• Leveraged Wireshark, Nmap, Nessus, and other tools to provide penetration/vulnerability assessment of application systems security
• Audited CA SiteMinder Policy Server objects for protected application resources for quality control; audited Apache Reverse Proxy directives (proxypass, reverseproxypass) to maintain consistency
• Participated in secure code reviews with application development teams to ensure compliance with SOX and proper technical controls are in place
• Assessed all applications for security vulnerabilities in major project to migrate applications to new system in Stutgart
• Supported existing staff during systems breach to include triage, forensics, remediation, and recovery

Senior Security Resource

Confidential, Denver, CO

Responsibilities:

• Provided Information Governance assistance for private company with core business in healthcare vertical
• Provided consultation on technical controls in HIPAA Compliance in newly developed applications to prevent Personal Healthcare Information (PHI/HIPPA) and Personally Identifiable Information (PII/PCI DSS) from being divulged to entities other than those authorized
• Assessed existing toolset to include Cenzic Hailstorm, HP WebInspect, McAfee Foundscan, 8e6 content filter, and Fortify 360 application firewall; provided recommendations for increased performance and efficiency in application security
• Leveraged Wireshark, Snort, Cenzic Hailstorm, HP WebInspect, Fortify SCA, Nmap, Nessus, SQL Injector, Metasploit, Cain/Abel and other tools to provide penetration/vulnerability assessment of existing network and systems security
• Provided a framework that introduced Application Security in the SDLC; supported lifecycle Security management by using reports from Security tools to record defects into the MKS system along guidelines of NIST publication ; followed through defects to resolution (e.g. OWASP top 10 2007); ran remediation scans to assure defects properly addressed
• Supported existing staff during systems breach to include triage, forensics, remediation and recovery
• Penetration/vulnerability assessments against internal network to include 2 data centers; Cisco 6509 switches, ASA, MARS, RA and other Cisco network gear and IDS systems
• Organized Enterprise Security and Risk Management department via assessment of existing Security products, usage, gap analysis and determination of information productivity in streamlining logging and monitoring; provided reporting to system owners and managers to better utilize Security products and reduce vulnerability footprint; support outside auditing
• Investigated FISMA certification at request of senior management
• Prepared documentation for a Risk Management Framework against NIST 800 series publication standards to include A
• Contributed to Business Continuity Plan (BCP) for Disaster Recovery components relative to Information Security

Lead Security Architect

Confidential, Denver, CO

Responsibilities:

• Lead Security Architect for all IT infrastructure projects; assisted all Enterprise Architects with Security for their projects; introduced Security into project life cycles (Security Development Lifecycle - SDLC)
• Assessed and validated sufficient controls in place to guarantee compliance with FERC/NERC regulatory measures for the energy industry
• Participated in Security team assessment of physical facilities, electronic systems, SCADA and plant access for NERC-CIP compliance
• Assisted Confidential IT Security with Information Governance, triage during Security systems breach; recovery from breach; forensics and reducing vulnerability footprint
• Investigated and reported on White Hat SCADA penetration; produced blind report on means breach most likely executed; presented to CIO
• Investigated intrusion that compromised existing website; validated report by IBM Xforce on incident; discovered attack originating from Turkish IP block may have been discovered real time if host-based IDS sensor was enabled; reported my findings upon request of CIO
• Re-architected xcelenergy.com site featuring highest possible Security to include DMZ, Ntier network architecture (DMZ, Name Services, Application, Data); segregated network segments with IDS/IPS (NIST publication ), NBA and proxy; reduced service footprint (OS hardening); and exceptional logging and auditing
• Worked with Xcel Security team on triage, incident management, threat assessment, risk analysis and other fundamental security processes/procedures from NIST publication references
• Reviewed Xcel Business Continuity planning and recommended reference to SANS publication on Disaster Recovery (Bahan 2003)
• Architected and designed for secured provisioning solution at Confidential 500 corporation spanning mainframe, Active Directory, and Oracle ERP applications
• Directed requirements gathering, mapped business process, and assisted client with documentation of business process workflow
• Assessed existing infrastructure technical controls against PCI/DSS/SOX compliance such that new system would adhere to regulatory measures imposed on publicly traded company
• Assessed network and application vulnerabilities via non-intrusive penetration testing leveraging tools such as HP Webinspect, Nessus, Nmap, Wireshark, WebScarab and others
• Measured existing security posture by baseline of existing vulnerability footprint; referenced NIST 800-series publications
• Presented Architecture to client lead architects, weighed tradeoffs and defined integration points
• Governed design and technical execution, led project team of 10 individuals and completed milestones against aggressive timelines
• Supervised team providing Enterprise solution based on CA suite of Provisioning and Identity Management products to include eTrust LDAP, eTrust Admin, Identity Minder, and SiteMinder
• Validated J2EE and .NET applications followed adequate security in the development lifecycle to include declarative and non-declarative security within the application along such standards as OWASP
• Short term contract to provide validation of CSU’s provisioning and Security for applications
• Assessed CSU process/procedures for FERC/NERC compliance upon request; participated in discussions on NERC-CIP for CSU
• Discussed CSU network architecture to include outside entities such as Colorado Springs police department accessing CSU network and technical controls in place to verify restrictions and validate security controls (e.g. NIST )
• Reviewed IT Security Information Governance, user on-boarding practices, password policies, user off-boarding, and application security from Authentication/Authorization standpoint
• Discussed control systems such as SCADA related to consideration of a blended security assessment including physical access to plants and sub-stations
• Provided report of findings and recommendations to CSU management
• Consultant to an innovative biometric payment provider and market loyalty program leader
• Provided expertise in Oracle Identity Management 10g (OID) LDAP Architecture, Oracle Access Manager (OAM), Oracle Federated Identity (OIF), and openLDAP
• Provided Identity Management and Security architecture for biometric ACH payment solution for retailers; similar solution for online banking featuring integrated biometric Authentication
• Provided Compliance controls following CobIT and ISO 17799; introduced increased auditing of systems to include PCI/DSS in addition to SOX compliance
• Executed vulnerability and penetration tests to assess Pay By Touch network security on Cisco gear via tools such as Cisco Torch; assessed application and database security via tools such as Nmap, Webscarab, SQL Injector, Cenzic Hailstorm, and Ratscan
• Provided process methodology for application vulnerability assessment and remediation via NIST guidelines
• Referenced NIST 800-series publications for a Risk Management Framework to include A, and
• Assisted with refinement of Pay by Touch Disaster Recovery Plan (DRP)

Technical Manager/Enterprise Security Architect

Confidential, Denver, CO

Responsibilities:

• Provided security architecture featuring Oracle Fusion Middleware, in the Secure Enterprise group
• Designed implementation strategy for multiple Oracle Fusion Middleware products, enabling client to successfully implement licensed software in complex environments with extensive security
• Provided delivery methodology for field enablement to successfully and securely deploy Fusion Middleware Solutions, trained staff and partners
• Participated in Oracle Discovery program to serve as SME in areas of client interest to include FISMA, NIST, and others such as Canadian government security regulations
• Lead projects involving complex product mix, integration of Oracle software across lines of business, and highly advanced network topology architectures to include WAN, LAN, IPS/IDS, RADIUS, and other network protocols/technologies
• Participated in client engagements for discovery and pre-sales prospecting to enable $million sales of licensed software
• Managed staff and provided leadership, governance and empowerment of bright technical resources
• Reviewed and assessed all current Security measures for Government Agency (with clearance) for the Food Service Agency (FSA)
• Reviewed NIST 800 series publications such as to engage as closely as possible a Risk Management Framework covering many areas of the FSA
• Assessed technical controls currently in place against areas where technical controls were absent; provided gap analysis of findings to be included in security control documentation following NIST specifications
• Wrote several IBM architectural decisions to map out future state of the access and authorization systems within the FSA to include systems within the USDA in Ft. Collins Colorado
• Designed Security models to include defense in depth, RBAC, and PEP
• Provided leadership and guidance on integration of secured one-way hash per NIST specifications for document management (ECM)
• Reviewed and assessed all current Security measures to include Firewall, Network, Intranet, and Extranet facing applications
• Ran non-intrusive penetration and vulnerability assessments by leveraging tools such as Nmap, Nessus, Ethereal and others to ascertain weaknesses in Confidential Access infrastructure for servers and networks
• Provided requirements to server support team for hardening of Solaris OS (e.g. library exclusions, minimal running services, /etc./passwd & /etc./group, password policies, etc.)
• Designed LDAP Directory and Security architecture for J2EE applications
• Designed Security RBAC paradigm for fine and coarse grain access control
• Sized, procured, and designed platform infrastructure based on SunFire series Solaris Servers
• Designed Netegrity 6.X architecture (IdentityMinder and SiteMinder) to protect J2EE applications and provide management of user base (Delegated Administration)
• Directed Confidential resources in implementation of design architecture, installation, configuration, and integration of Netegrity products on Solaris 9 infrastructure
• Provided leadership in an Enterprise Architect role to assist in management of project tasks, requirements discovery, critical path, and other management functions
• Reviewed and implemented SOX (Sarbanes Oxley) regulatory compliance technical controls against ISO 17799
• Educated Confidential on Best Practices for performance tuning, backup/recovery/disaster and monitoring of Production resources
• Short term project at leading mortgage lending provider
• Reviewed and audited security policies for .NET applications Internet facing; provided consultations on recommendations for improved security based on ISO 17799
• Inspected Web Application security policy enforcement points within Netegrity SiteMinder 6.x; reviewed policies/rules/resources as defined within the system; provided gap analysis of technical controls against SOX regulatory compliance requirements
• Reviewed SunOne LDAP Directory structure and records for RBAC model; reviewed individual attribution for security context of user based on role; assessed adherence of LDAP user records to user security context as originally intended
• Reviewed Netegrity SiteMinder design and provided recommendations for auditing and reporting in support of security policies documented, security policies set within the SiteMinder system, and security policies set within LDAP ACL
• Wrote comprehensive findings and recommendations document exposing Security risks and compliance issues as well as highlighting improvements
• Major financial institution required increased security for new .NET applications supporting customer base financial needs
• Reviewed existing network topology and design to include DMZ, application tier, data tier and firewall rule sets
• Performed non-intrusive fingerprinting of internal network and services via tools such as Nmap, Nikto, Ethereal, and others
• Provided expertise in PCI/DSS compliance; auditing and reporting
• Designed LDAP Directory and Security architecture for .NET applications based on improved HTTP layer (DMZ) recommendations for securing web based applications
• Designed coarse/fine grain security paradigm based on RBAC principles, referencing NIST 800-series publications for greater security technical controls
• Sized, procured, and designed Directory/Security infrastructure based on Intel software for Windows 2003 infrastructure
• Provided recommendations for hardening Windows 2003 OS after establishing VISA DPS processes for OS updates
• Designed Netegrity SiteMinder 6.x architecture to protect .NET applications leveraging declarative security via RBAC providing URL protection and fine grained access via attribute/value pair
• Directed Visa DPS resources in implementation of design architecture to include installation, configuration, and integration of Netegrity SiteMinder 6.x against Windows 2003 Server infrastructure
• Provided Enterprise level leadership to assist in management of project tasks, requirements discovery, critical path, and other management functions
• Educated Visa DPS on Best Practices for Directory tuning, backup/recovery/disaster, and monitoring of Production Directory Services
• Designed initial Identity Management architecture to include mapping of business processes, workflows, Delegated Administration, and integration with existing SiteMinder policy
• Tested security via technical and functional vulnerability assessments to include physical security, network security, and application security
• Provided set of polished, detailed documentation for Directory, Identity, and Security
• Revised LDAP Directory and Security architecture for J2EE Applications
• Revised RBAC and Identity Management for Banking Portal application
• Resized, recommended Directory/Security infrastructure (Sun Microsystems)
• Redesigned Identity Management architecture leveraging RBAC paradigm and Nth level Delegated Administration (Oblix CoreID)
• Redesigned IBM Tivoli Access Manager 4.x architecture to protect J2EE Applications via RBAC paradigm providing URL protection based upon attribute/value pairs
• Directed bank resources in implementation of design architecture (to include hardware and OS) installation, configuration and integration of IBM Tivoli Access Manager, IBM SecureWay Directory, and Oblix CoreID 6.1.1
• Provided Enterprise level leadership to assist in management of project tasks, requirements discovery, critical path and other management functions
• Tested security infrastructure design via non-intrusive technical and functional security tactics
• Provided set of polished, detailed set of documentation for Directory and Security
• Designed LDAP Directory and Security architecture for J2EE Applications
• Designed RBAC and Identity Management for HIPPA Portal application
• Assisted in assessments of HIPPA compliance to include technical controls preventing loss of Personal Healthcare Information (PHI) to unintended providers or other entities
• Referenced NIST document for security services model, access control, non-repudiation, auditing, and other sections
• Sized, procured, and designed Directory/Security infrastructure over $1 million
• Designed Identity Management architecture leveraging RBAC paradigm and Nth level Delegated Administration (Oblix CoreID)
• Participated in network review of security components; firewall rule sets requiring changes or additions; Apache reverse proxy server settings; Ntier architecture in support of security requirements
• Designed Netegrity SiteMinder 5.5 architecture to protect J2EE Applications via RBAC paradigm providing URL protection based upon attribute/value pairs
• Directed State resources in implementation of design architecture (to include hardware and OS) installation, configuration, and integration of Netegrity SiteMinder 5.5 and Oblix CoreID 6.1.1
• Provided Enterprise level leadership to assist in management of project tasks, requirements discovery, critical path, and other management functions
• Educated DHS on Best Practices for OS tuning, backup/recovery/disaster, and monitoring of Production resources
• Performed exhaustive stress testing to identify benchmark performance, determine areas of improvement, and increase throughput of major components within architecture
• Performed non-intrusive technical and functional testing of architecture from a security standpoint
• Provided set of polished, detailed documentation for Directory and Security

Directory/Security Architect

Confidential, Troy, MI

Responsibilities:

• Enhanced Confidential Directory/Security teams on 4 month project for Confidential VSP Portal
• Provided critical eye to review Directory Services and Web/Auth Security architectures for Confidential Dealer Services portal
• Performed detailed analysis of Oblix CoreID 6.1.1 and IBM Access Manager 3.9 against SunOne Directory 5.1 SP1 for user acceptance, performance testing, and benchmarking
• Analyzed hours of Directory access and error logs, provided input on findings and identified a major design flaw in Confidential code written for Oblix PPP function eliminating more than 80 unnecessary Directory operations per specific function
• Identified bug in Oblix CoreID that prompted vendor to write patch, thus providing gain in system performance
• Identified un-indexed attributes thus providing gain in system performance
• Provided detailed tuning of Solaris 8 OS and SunOne Directory 5.1 SP1 that provided proven performance increase in stress testing
• Formally tested Directory performance via DirectoryMark benchmark software for data sets ranging from 600,000 to 1,800,000 LDAP entries
• Provided Confidential expert level troubleshooting and 3rd tier support moving forward to Production

Directory Services, Directory/Security

Confidential, Charlotte, NC

Responsibilities:

• Planned Directory Services strategy for large scale customer deployment for Customer Relationship Management System (CRS) at one of America’s largest financial institutions
• Formally tested 10,000,000 entry Directory at Sun iForce labs on substantial Sun hardware to include 4800 Enterprise servers and 36 WWW instances supporting Netegrity SiteMinder 4.61 Web Agents
• Refined existing LDAP Directory architecture, enhanced DIT structure to handle over 100 million Directory entries in a complex state that provided RBAC in a unique configuration involving roles and entitlements stored in LDAP
• Technical lead in designing a complex, secure replication scheme that would extend Sun Directory product to limitations that required Sun to assist in engineering a redundancy solution that would allow MMR over a WAN and provide a mechanism to promote the Secondary Master Directory to Primary Master in automated fashion
• Designed, tested, and implemented Sun iDAR to secure front-end Directory requests and balance load in an environment where SiteMinder 4.61 persistent connections challenged security design and iDAR failover shortcomings required a custom hot fix from Sun
• Worked with vendors to introduce secure Provisioning and Identity Management solutions (Oblix CoreID, Netegrity DMS) to staff and management, piloting a solution that featured Oblix CoreID and Netegrity SiteMinder with BMC provisioning via Oblix IDlink
• Provided necessary leadership in establishing Best Practices for Directory and Security on CRM project, coordinated daily with Project Managers to provide tasks, present issues and track project progress
• Performed migration of iPlanet Application Server 6.0 SP0 to 6.0 SP4 against iPlanet Directory Server 4.16 to support iPlanet Application Server 6.0 clustering involving 4 critical Production applications on Windows NT platform
• Determined requirements of migration project, managed task plan, and tracked project progress with small number of individuals
• Developed a migration plan and tested plan in Janus Staging environment successfully before attempting Production migration by deploying 4 critical Janus J2EE applications, troubleshooting issues as encountered and supporting existing staff with limited experience
• Provided detailed migration plan for Production, incorporated Staging issues in Staging that posed potential threat to successful Production deployment
• Provided technical leadership to small team in deploying four business critical Production applications in one day on Windows NT platform, providing existing reduced staff with knowledge bridging gaps that challenged Application Support team after layoff of 2500 employees
• Designed Directory Architecture for fastest growing county in Colorado to include Intranet, Extranet, and Internet access
• Provided scalable, extensible architecture to accommodate future growth potential, provided extensive knowledge of integrated security, replication, and disaster recovery
• Extended Directory Services Architecture to provide a Meta Directory Architecture featuring Data Repositories for JDE ERP, Seimens PBX, NT PDC, and NDS
• Provided expertise in driving requirements, managing small team of SME, providing roadmap for data flow from Data Repositories to LDAP
• Piloted Netegrity Siteminder 4.61 architecture to include DMS protecting Web resources for Intranet, Extranet, and Internet access to iPlanet Application Server applications