PROFESSIONAL PROFILE:

• Over 20 years of experience in designing and building software - based, secure solutions across various industries.
• Strong technical background in Microservices Architecture, Cloud Infrastructure, Systems and Data Integration and Application Security.
• Designed and built complex, integrated solutions using relevant technologies across multiple platforms in on-premises, cloud and hybrid-cloud environments.
• Effective, hands-on leader with exceptional communication skills and proven experience in working with diverse teams of business and technical professionals in some of the most well-known organizations.
• Distributed Node.js microservices framework running in Docker, under auto-scaling Azure Kubernetes Clusters (AKS) on Microsoft Azure and AWS Elastic Container Services (ECS).
• Scripted infrastructure using AWS CloudFormation to generate AWS VPCs, security groups, load balancers, ECS services, task definitions, auto-scaling groups and CI/CD pipelines on AWS Fargate for multiple containerized applications.
• Scripted infrastructure using Azure Automation to generate auto-scaling Kubernetes clusters on Azure Container Services (AKS) as a CI/CD pipeline integrated with Git, Jenkins and Docker for microservices-based applications.
• Rules-based workflow engine written in Java using Drools and JBPM to manage workflow, process real-time events and evaluate business logic for multiple streaming applications.
• Event-driven, message-based data processing system written in Java using Talend ETL, Apache Kafka and JBoss Drools that responds to data changes, evaluates rules, processes streaming data and updates downstream systems in near-real-time.
• Custom Kafka components built with Kafka streaming API to process and transform data and populate multiple Kafka topics based on external, rules-based business logic.

TECHNICAL SKILLS:

Disciplines: Cloud Architecture, Microservices design/development, Identity and Access Management, Business Process Engineering and Automation, REST-based Web Services, Master Data Management, Data Protection, Fraud Detection, Role Engineering, Regulatory Compliance

Industries: Financial, Retail, Transportation, Government, Utility, Higher Education, Healthcare, Media & Communications, Auto Insurance and Pharmaceuticals

Methodologies: Agile, Scrum, Iterative, Six Sigma

Regulatory Compliance: SOX, GLBA, PCI DSS, SAS70, NERC CIP, FERPA, FISMA

Standards: ISO/IEC, COBIT, ITIL, NIST, FIPS, ESIGN, UETA, BPMN, TOGAF

Packaged Solutions: Talend Integration Suite, Talend ESB, Talend MDM, Talend Big Data, Apache Kafka, Kafka Connect, Kafka Streams, Oracle Fusion Middleware (Oracle API Gateway, Oracle Identity Manager, Oracle Access Manager, Oracle Identity Governance, Oracle Unified Directory), MSSql Server, MySQL, DB2, Oracle, MongoDB, Various Open Source Solutions

Languages/Frameworks: Java, JavaScript, Node.js, Docker, Hapi, Express, React/Redux, OAuth2, JWT, JWE, Async/Await, HTML5, CSS3, jQuery, REST, JSON, XML, UML, SQL, Perl, C, VB, SAML, SPML, Bootstrap, Ionic

Server/Cloud Platforms: Amazon Web Services: ECS, Fargate, EC2, Lambda, Cognito, API Gateway, CodeBuild, CodeDeploy, CodeCommit, CodePipeline, RDS, IAM, KMS, DynamoDB, S3, CloudFormation, CloudWatch, CLI, Glacier, VPC, VPN, Route 53, CloudFront, ELB, Alexa Skills Kit, SES, SNS, SQS

Microsoft Azure: Virtual Machines, Container Instances (ACI), Container Service (ACS Engine), Kubernetes Service (AKS), Container Registry (ACR), Functions, Content Delivery Network (CDN), Cosmos DB, API Management (APIM), Azure Automation, CLI, PowerShell, Azure Active Directory (AAD), AAD Connect, Office 365

EXPERIENCE:

Confidential, Birmingham, Alabama

Responsibilities:

• Designed a multi-phase IT plan to migrate existing IT infrastructure and application services to Azure cloud.
• Built a new Identity and Access Management (IAM), provisioning system and application development platform.
• Responsible for technology stack selection, cloud migration strategy, end-to-end solution design, process improvement, microservices design and development, documentation, prototyping, training and knowledge transfer.
• Primary goals were to deliver a platform that would be the foundation for cloud-based application development, identity management, systems integration and data exchange throughout the University.
• This included the definition and adoption of new standards and practices as well as the in corporation of a DevSecOps approach for how software and services will be designed, built, secured and deployed to the cloud for UAB.
• Designed and built a new and application development platform based on Java, JavaScript, Node.js, Docker and React/Redux running as containerized microservices on Azure Kubernetes Clusters (AKS).
• Built a CI/CD pipeline using Git, Jenkins, Docker and Azure Containers to build, test, deploy and scale services across Azure clustered environments.
• Implemented Kafka Consumers, Kafka Producers and Kafka Topics to reliably capture user actions, log API calls and audit events within the system for security and compliance purposes.
• Annotated API routes with auto-generating Swagger (OpenAPI) code for easy documentation export and simplified integration with Azure API Gateway.
• Used Azure API Management (APIM) to deploy and configure Azure API gateway with Json Web Tokens (JWT) and JWT Claims for securing microservices deployed on Azure.
• Implemented test-driven development (TDD) principles as a new model for application development.
• Trained UAB IT development team in microservices design, Docker containerization and security, Azure CI/CD deployment and React/Redux to reliably build and deploy full-stack applications and services to Azure.
• Worked closely with UAB IT Operations and Security to prioritize and coordinate efforts for establishing a DevSecOps model and approach for deploying, securing and monitoring containerized applications.
• Re-designed their legacy Identity Management (IdM) provisioning system to be fully event-driven, message-based and built as REST-based microservices.
• Integrated Kafka Connect and Kafka Streaming API to reliably trigger and process events and messages to transform and stream data between Kafka topics and into other downstream systems.
• Implemented Talend Integration Suite and Talend Big Data Suite to build and deploy Java services, exposed through REST APIs to extract, transform and load data in batch and streaming modes.
• Incorporated an external JBoss Drools and JBPM rules/workflow engine to manage workflow, run provisioning rules and process business logic for messages and data flowing throughout the system.
• Built custom Kafka components, in Java and integrated with Java-based services to call external rules and reliably exchange data between systems using Kafka as the messaging backbone.
• Deployed the new IdM system in hybrid-cloud, mode using a combination of on-premises servers, cloud-based servers and serverless technologies running on Azure.

TECHNOLOGIES IN USE:

Microsoft Azure: Azure Active Directory (AAD), Office 365, Azure Active Directory Connect (AAD Connect), Azure Cosmos DB, Azure Automation, Azure API Management (APIM), Azure Container Services for Kubernetes (AKS), Azure Content Delivery Network (CDN)

Programming Languages / Frameworks: Java, JavaScript, Docker, Node.js, React/Redux, Git, Jenkins, PowerShell, Microsoft Graph API, OpenAPI (Swagger)

Messaging / Events / Streaming: Zookeeper, Kafka, Kafka Connect, Kafka Streams

Business Logic / Workflow / ETL: Talend Integration Suite, Talend Big Data, Talend Connectors, Talend Custom Components for Kafka, JBoss KIE, JBoss JBPM, JBoss Drools

Backend Systems: Oracle, Lawson, Banner, MySQL, LDAP, Active Directory

Application Security: Apereo Central Authentication System (CAS), Shibboleth, JSON Web Tokens (JWT), OAuth2

Confidential, Atlanta, Georgia

Senior Solutions Architect

Responsibilities:

• Worked with Confidential to understand their short-term goals and long-term vision and provide guidance and leadership for internal and external product development initiatives.
• Collaborated with Confidential Enterprise Architects to in corporate new design principles, patterns and standards.
• Reinforced technology alignment with the business by introducing new approaches to development, identifying options for reuse and promoting consolidation wherever possible.
• Worked with various business units, department heads and application owners to prioritize initiatives, manage risk, develop new product solutions and plan for integration into existing environments.
• Mentor and provide guidance to individual team members through ongoing education and awareness sessions incorporating new and emerging cloud technologies, development methods and strategies.
• Work with various teams to design and deliver new solutions to bridge the gaps and assist in transitioning and upgrading legacy systems using more mobile, cloud and REST-based microservices toolsets.
• Interface with multiple Confidential divisions to facilitate cross-divisional knowledge transfer and information sharing for new and existing services.
• Redesigned Confidential ’s Identity and Access Management environment to in corporate a distributed, modular microservices-based approach to solution development, user provisioning and application security.
• Delivered a new framework for application delivery and integration using lightweight, event-driven APIs built on REST, and serviced by over 100 loosely-coupled microservices and ready for cloud deployment.
• Integrated Oracle API Gateway into the existing Confidential environment providing security, flexibility and context-based routing providing internal and external clients access to multiple protected REST APIs.
• Designed and delivered an enterprise-wide, access control mechanism by extending Oracle Access Manager with multi-step, two-factor authentication, custom captcha and fine-grained, context-based authorization using API gateway policies and filters.
• Extended Oracle Identity Manager by wrapping OIM’s proprietary JAVA provisioning API with lightweight REST services providing multiple, secure entry points to the existing provisioning framework.
• Designed and delivered a secure, web-based, responsive UI, fully decoupled and independent from OIM, enabling user self-registration, HR verification and role-based access control built on Angular2.
• Introduced new documentation processes and methods for capturing business processes using proven practices and standards such as BPMN, TOGAF and ArchiMate.
• Incorporated new design practices using reusable frameworks, design patterns and development standards to simplify and automate the process of creating and maintaining project artifacts during software builds.
• Trained and led various business and technical teams on how to leverage new tools and technologies.

Confidential, Atlanta, Georgia

Responsibilities:

• Delivered a comprehensive, cloud-based, policy and claims management system for the ‘non-standard’ auto insurance industry that allows carriers to issue, manage, endorse and renew policies online. Deployed as a SaaS on Amazon AWS, it provides a microservices-based solution that can quote and bind policies, initiate and process claims online, accept payments, pay commissions, run real-time and month-end reports and interfaces to multiple third-party services using only a web browser or mobile device. It includes SMS messaging and IVR capabilities to accept and process payments, issue payment reminders and automate account inquiry and runs on multiple, private Amazon EC2 and RDS instances with MS SQL Server, Amazon DynamoDB and S3 for distributed storage, high-availability and service redundancy.
• A flexible, consumer-facing, ‘online binding’ system for real-time quoting, selling and credit card / eCheck payment collection over the web.
• An external rules engine responsible for calculating rates, quoting policies and adjusting policy changes.
• A web-based, digital signature software platform allowing for the capture, signing and verification of legally binding electronic signatures using desktop and mobile devices.
• A custom hybrid-mobile ‘photo-push’ application that guides users through the process of taking and uploading photos of vehicle damage using their mobile device and linking them with policy information to initiate claims processing.
• An SMS-based, admin UI for requesting photos of vehicles or vehicle damage by triggering the ‘photo-push’ application directly on their mobile device and walking them through the process.
• An SMS-based payment reminder service including ‘pay-now’ options using credit card or bank deposit using their phone (via IVR) or mobile device.
• Interfaces to various third-party service providers including DocuSign, EchoSign, Authorize.net, NMI, EVO Payment Services, PaymentXP, OFAC, GEICS, TransUnion, CVExchange, AccuAuto and TurboRater.
• Java-based integration services that communicate with various systems through direct API and loosely-coupled REST-based services running on Amazon AWS cloud.

Confidential, Columbus, Indiana

Director of Global Information Security

Responsibilities:

• Interfaced with Confidential ’ Executive Management Team to address overall security, compliance and product development initiatives for Identity & Access Management.
• Mentored internal analysts on strategies for integrating disparate systems, conducting data analytics and undertaking data forensics across various departments, divisions and groups.
• Implemented a scalable, modular solution for consolidating, synchronizing and managing identity data using Master Data Management (MDM) principles, ETL processes and a role-based access control (RBAC).
• Worked with various groups to determine data migration/synchronization approach for connectivity, data classification, data sensitivity, data transfer and role-mining strategies.
• Led Confidential development team and third-party consultants in deploying Oracle Identity Analytics (OIA) for automated entitlement certifications, compliance reporting and closed-loop compliance to various lines of business.
• Built an identity data integration platform using open-source tools and methods to integrate data mapping, data cleansing, identity synchronization and reporting capabilities across various authoritative sources.
• Worked with Confidential Enterprise Security team to explore cloud-based platform options with various providers including Verizon, Microsoft Azure and Amazon AWS.

Confidential, Whitehouse Station, New Jersey

Director of Global Information Security

Responsibilities:

• Engaged with Confidential management and sponsors to define strategy and approach, capture scope and requirements, establish metrics and prioritize deliverables.
• Worked with Information Security and Applications teams to install and configure base product, connect authoritative sources and extract, transform and load user and account information into OIA.
• Delivered a repeatable, template-based approach for integrating and reporting on various applications in the OIA framework including Active Directory, LDAP, Oracle DB and multiple Confidential SharePoint sites.
• Built and deployed a file-based, data extraction, transformation and loading (ETL) process to integrate various Unix, Linux, AS400, and DB2 systems.
• Delivered technical architecture and roadmap for extending the solution and provided training and knowledge transfer to Confidential management and technical teams for operating and managing the service.

Confidential, Athens, Georgia

Identity Management Consultant

Responsibilities:

• Worked with Confidential executives and management to institute a comprehensive IdM Program with formal Charter, executive board, a campus-wide communications plan and an IAM Governance Framework.
• Conducted various analysis and discovery sessions with faculty and staff to outline a strategy and plan.
• Initiated and chaired various steering, functional and technical committees throughout all project phases.
• Built and led a core implementation team, consisting of both internal and external members using agile.
• Conducted hands-on Role Mining and Role Definition exercises, using various tools and products.
• Reviewed and prototyped various RBAC solutions (Oracle Identity Analytics, Novell, Sun).
• Delivered a long-term roadmap for follow-on phases.

Confidential, Austin, Texas

Identity Management Consultant

Responsibilities:

• Integrated authoritative source data from over 100 of EROCT’s SAS 70 applications and addressed access across 70 different departments for both employees and consultants.
• Developed ETL processes for unifying identity data across multiple authoritative sources.
• Conducted role mining efforts for employee and consultant groups residing in multiple source repositories.
• Interfaced with ERCOT Identity Management through Service Provisioning Markup Language (SPML).
• Conducted a comprehensive gap analysis to determine current versus desired state.
• Led the development team under the guidance of a newly-formed steering committee.
• Delivered an execution strategy, roadmap and action plan for delivering the solution.
• Implemented an ongoing IAM Governance Framework including a formal governance board