OBJECTIVE:

• Seeking challenging opportunities in a mainframe environment supporting RACF, ACF2 and Top - Secret sub system applications. Over eighteen-years reviewing corporate security policies and procedures regarding security exposures and investigating breaches. Recommending and implement security policies and procedures to protect system and client resources across multiple Z/OS platforms. To expand my expertise in areas of mainframe security, DB2 and web-enabled technologies. Confidential PC & Compatibles LAN, PC configuration and software setups.

SUMMARY:

• Over Twelve years of RACF experience includes project management, RACF systems engineering, security assessments, product rollout, security analyst work, and remediation of major subsystem components. Excellent understanding and outstanding communications skills serve as an invaluable asset in team or individual roles, responsible for providing appropriate security, while promoting understanding and acceptance by affected business areas. I have been extensively involved with Installation, maintenance and support of various releases ofRACFfrom 1.8 to current. I have also participated in design and development of RACFInstallation Exit Code, and testing and implementation of a variety ofRACFutilities.
• Involved with Completed conversion of Connect:Direct by restructuring logic related to security process, allowing for a more secure environment that still met customer requirements. Experienced in various sectors, completing multiple operating system upgrades, converting a variety of subsystems to external RACF security, developed, tested, and implemented a variety of security tools, and educated peers and management in a wide variety of security concepts and requirements.

TECHNICAL SKILLS:

Technology and Tools: RACF, ACF2, Top Secret, TSO, ISPF, Confidential Utilities, JCL, CICS, IDMS, DB2, W2k, MS Office, VRA, CONSUL, HTML, XHTML, JAVA, CSS, XSitePro, Web Studio

PROFESSIONAL EXPERIENCE:

Confidential, Atlanta, GA

Webmaster

Responsibilities:

• A friend asks me to assist them in the development of an ecommerce web site. Limited prior knowledge of web design I taught myself the use of two primary web design tools XSitePro and Web Studio 4. After many weeks I launched the ecommerce

Confidential, Atlanta, GA

Senior RACF Security Specialist

Responsibilities:

• Conducted Security Assessments and participated in Remediation Projects for major software components of the mainframe. Provided technical expertise in the design of solutions, customization, code development and testing, migration planning and production implementation
• Conducted z/OS security and RACF implementation reviews providing comment and recommendations on RACF implementation and customization, improvements to logical access security, in order to meet audit and regulatory requirements
• Designed, implemented, and documented a new Group Tree, and trained Access Control personnel on its structure and function
• Authored technical security standards for the mainframe and involved with Develop and document RACF Classes and groups on the mainframe.
• Assessed, designed and documented new Program class structure, minimizing exposure
• Assessed, designed, and documented Authorized Program Facility (APF) library structures, validating content, location, and access to libraries
• Facility Class cleanup, assessed, designed, implemented and documented the remediation
• Reviewed and corrected a variety of system-level attributes (system- and group-special, Operations, Class authority), wrote new system standards to support this new structure
• Performed the implementation of RACF controls for CA-7, CA-1, and migrated CA-7 to Control-O
• Develop, document and maintain all RACF policies and procedures for RACF security on the mainframe.
• Served as technical expert during an extended engagement for creation of access granting groups (known as profiles). This work required knowledge of security requirements and business requirements

Confidential, Atlanta, GA

RACF Standard Engineer III

Responsibilities:

• Primary responsibilities included designing RACF security requirements based on cooperate standards for development/test/production applications/systems. Working with system support application development to resolve security issues and to implement new client applications. Reviews and update cooperate application documentation related to RACF security. Document and perform self - Assessment MAINFRAME security audit reviews.

Confidential, Columbia, SC

RACF Data Security Analyst

• Perform RACF security administrative task. Document and write procedures related to auditing and granting access through request processing. Provide after hours RACF technical support on rotational bases. Reviewed and recommended changes associated with the DSMON report. Perform complete audit of all application ids ensuring adequate RACF profiles existed for those without profiles.

Confidential, Dallas, TX

RACF Security Consultant

Responsibilities:

• Primary responsibilities included performing a complete review of Production, Quality and Development RACF DB2 security profiles. Reviews covered all RACF DB2 profiles for accuracy related to data owner and insuring the data field contained a descriptive text identifying the specific function of each profile. A comparison and clean up was performed on any RACF DB2 profiles that were not protecting any DB2 Objects.
• Performed the task of ensuring that all RACF DB2 profiles were standardized and complied with Corporate security policy while at the same time allowing the DBA’s and Systems to perform support functions.

Confidential, Weehawken, NJ

RACF Security Consultant

Responsibilities:

• Primary responsibilities included assisting the Information Security Department with RACF security subsystem cleanup. There were many areas that required immediate attention, but initially I was asked to focus on the removal of most inactive and all terminated employee’s ids. Revalidate accesses and authorities from operations to regular system users. Investigated several incidents where RACF security allowed an individual access to restricted programs or applications that impacted batch production and or delayed startup of online applications.

Confidential, Long Island, NY

RACF Database Security Consultant

Responsibilities:

• There was no accountability of who or what had access to Production datasets and resources on the production system. The task involved removing all none essential individual users from all production resources with the exception of batch. This process was done beginning with the most critical applications reviewing all dataset access lists. This process had to be done with as little interference with batch production job execution.
• Remove the availability and capability for individual users to modify new or existing RACF profiles. Reviewed individual user RACF profiles and implement changes that disabled the ability to modify security profiles and parameters.
• Implementation of the system security parameter “Protect All”. This project required the task of identifying all undefined resources on the production system. Once resources were identified security profiles were defined to the system limiting individual user access yet at the same time prevent any disruption to the normal daily production batch runs. Once all resources were defined to the system “Warning Mode” was enabled and monitored for several weeks. Finally system security parameters were changed to “Fail Mode”. Foreign data could no longer be introduced or examined without the knowledge and aid of Data Security.
• Assist system support with the upgrade/testing and the implementation of RACF Security 1.9 on SP5.2.2 to RACF 2.6 on OS390 2.7.
• Assisted with the upgrade and customization of RACF administration tool VRA 2.1 to VRA 3.1.
• TSO logon parameters were defined using UADS. This project required the conversion of UADS to RACF TSO Segments.
• CICS and TSO users had two separate ids for the same LPAR. This project required the merger of TSO ids accesses with their existing CICS user profile.

Confidential, Atlanta, GA

Information Security Advisor

Responsibilities:

• Successfully completed mainframe security sub-system conversion over a four-month period. The conversion included the application Top Secret V5.0 to RACF V2.2. The application controlling access to the CICS database was Top Secret, Natural, and L910. An LPAR consisted of OS/390 RACF V2.2 was customized to the Atlanta based client production system standards. Created RACF V2.2 profiles to support CICS applications, as it existed under the Top Secret V5.0 environment.
• Testing conducted over a one-month period resulted in the cutover to the OS/390 RACF V2.2 environment.

Confidential, Raleigh, NC

System Configuration / Sales

Responsibilities:

• Primary responsibilities included PC Desktop/Server hardware/software configuration, problem determination and sales.

Confidential, Raleigh, NC

Senior System Security Analyst

Responsibilities:

• Senior Analyst level in security, responsible for the administration of data security systems and managed risk through prevention of unauthorized access, modification, destruction, or disclosure of data. Analyzed user and management security needs and recommended security products solutions. Participated in technical security reviews, investigations, and operating system integrity review. Ensured the integrity, confidentiality, and security of information by applying consistent security processes across the computer enterprise. Provided appropriate and authorized access based upon business requirements and enforced controls to safeguard integrity and confidentiality.
• Planned and managed each project by developing projects milestones and tasks. Made presentations to management and end users on various aspects of security administration. Work with project managers in order to successfully implement an entire system projects. Managed multiple - platforms with a user community of . Responsible for the daily security administration on both ACF2/TOP SECRET platforms. Performed user access modification based on management-authorized security needs.

Confidential, Lexington, KY

Senior Systems Security Specialist

Responsibilities:

• RACF Security Administrator for Lexington- Confidential Business Systems. Provided recommendations for security enhancements. Represented department in security audits. Assisted with the move of the Racf security application from Mechanicsburg, PA to Lexington, Ky.

Confidential, Raleigh, NC

Telecom Technician

Responsibilities:

• Responsible for the operations of the DCS (Digital Communications System). Coordinated service request with vendors to resolve DCS network problems.

Confidential, RTP, NC

Senior Computer Operator

Responsibilities:

• Responsible for the operation of local and remote systems. Assisted remote system users with varied system problems. Monitored fixed network environment. Wrote and updated technical procedures.

Confidential, Raleigh, NC

Senior Computer Operator

Responsibilities:

• Assisted in the of non-qualified personnel. Monitored the master console activity and respond to such activity in a procedural manner.