SUMMARY

• Highly skilled IT Professional with over 12 years of experience in the field. Background includes the installation, configuration and management of Confidential and Tivoli Identity and Access Management products such as Security Access Manager (SAM) V7, V8, V9, Security Identity Manager (SIM) V6, V7, Tivoli Access Manager (TAM) V6 and Tivoli Identity Manager (TIM) V5. Additional experience with SAM for Web and SAM Runtime for Java.

AREAS OF EXPERTISE

• Security Identity Manager (SIM) V6,V7
• Security Access Manager (SAM) V7,V8,V9
• Security Directory Integrator (SDI) V7
• Tivoli Identity Manager (TIM) V5,
• Tivoli Access Manager (TAM) V6
• Tivoli Directory Integrator (TDI) V7
• Tivoli Federated Identity Manager (TFIM) V6
• Confidential Security Access Manager Federation Module V9
• Confidential Security Access Manager Advanced Access Control V9
• Tivoli Directory Server (TDS) V6.0, V6.1, V6.2, V6.3
• Security Directory Server (SDS) V6.3.1, V6.4
• Confidential Security Directory Suite Directory Server V8

PROFESSIONAL EXPERIENCE

Confidential, Atlanta, GA

ISAM V9 Administrator

Responsibilities:

• Deploying Confidential Security Access Manager (ISAM) to Amazon Elastic Compute Cloud ( AWS EC2) Environment as a Proof of Concept (POC); Setting up the Amazon EC2 CLI Tools. Creating an Amazon Machine Image (AMI) from the ISAM virtual Hard Disk (VHD) image; Launching ISAM Instances from the AMI using Amazon Elastic Compute Cloud ( Amazon EC2) Console in separate AWS availability zones within the same region; Creating a Jump Server Instance to access the ISAM management interface; Configuring the management interface, application interface, the runtime component, the reverse proxy instances, and the cluster.
• Setting up Auto Scaling to automatically increase the number of ISAM/Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs. Creating Auto Scaling Group, attaching Amazon EC2 instances to Auto Scaling Group.
• Integrating Confidential Security Access Manager (ISAM) Federation Module with Salesforce for Single Sign - on; Setting up Federated Single Sign-on (SSO) to SalesForce using ISAM9. Configuring ISAM 9 Federation Module Runtime, Create a Federation to establish a partnership with SalesForce. Configuring ISAM Reverse Proxy for Federation; Configuring SSO settings in Salesforce and export the metadata, Use the metadata to create the partner in ISAM.
• Upgrading Confidential Tivoli Directory Server (TDS) V6.2 to Confidential Security Directory Server (SDS) 6.4, install latest fix levels.
• Integrating Confidential Security Access Manager(ISAM) Federation Module with Microsoft Office 365 to enable Confidential Security Access Manager end users to single sign-on to MS Office 365.
• Deploying Security Access Manager to Microsoft Azure as a Proof of Concept (POC) ; Uploading the ISAM VHD file to Azure and creating an Azure Image; Creating Security Access Manager virtual machines from the image in Azure; Configuring the runtime component, the cluster, the Reverse Proxy servers and Distributed Session Cache.
• Deploying Confidential Security Access Manager(ISAM) Containers in a Docker environment as a Proof of Concept (POC). Configuring the Configuration Container to manage the configuration of the ISAM environment. Publish the configuration so that other containers can consume it. Configuring the Reverse Proxy container, Runtime Profile Container, and the Distributed Session Cache (DSC) container.
• Configuring Confidential Security Access Manager Appliance and Advanced Access Control ( AAC ) to allow Context-based Authorization risk decision on user authentication to protect sensitive resources; Creating and configuring Reverse Proxy instance; creating context-based authorization policy for device registration and multi-factor authentication; Define a Resource, attach policy to the resource and publish the policy.
• Migrating from Confidential Tivoli Directory Server 6.3 to Confidential Security Directory Suite Server 8.0.1 Virtual Appliance.
• Configuring Federated Directory Server (FDS) to provide synchronization services from Active Directory to Confidential Security Directory Suite Directory Server; Defining the connection parameters for the target Directory Server; specifying endpoints for synchronization with Confidential Security Directory Suite Directory Server.
• Creating a flow that defines the relationship between Active Directory and Confidential Security Directory Suite Directory Server; create a schedule to synchronize data on the Confidential Security Directory Suite Directory Server.

Confidential, Montvale, NJ

ISAM V9 Administrator

Responsibilities:

• . Modifying the copied WebSEAL configuration files to remove entries that are not applicable to the new WebSEAL instances.
• . Creating a compressed file that contains the copied files.
• . Creating blank WebSEAL instances.
• . Importing the compressed file on to the appliance.
• . Configuring Distributed Session Cache (DSC) to provide a centralized cache to store and maintain user session data and state across a clustered server environment.
• . Modifying the Session Cache configuration for the cluster to support internal and external clients
• . Configuring WebSEAL/Reverse Proxy to use the Distributed Session Cache.
• . Investigating and Resolving Confidential Security Access Manager (ISAM) v9 migration issues.
• . Solving issues with SSL junctions, Resolve incident tickets.

Confidential, Washington, DC

ISIM / ISAM Administrator

Responsibilities:

• Install the ISAM V9 appliance firmware in a virtual machine environment. Configure the management interface, application interface, the runtime component, the reverse proxy instance, and the cluster.
• Import the signature output file into the secondary master.
• Enable Distributed Session Cache (DSC) to provide failover authentication and high availability protection in the event of hardware or software failure.
• Create a virtual machine on ESXi 5x, installing Confidential Security Identity Manager V7 (ISIM) virtual appliance, setting up the initial ISIM virtual appliance, a primary node for the ISIM cluster, and a member node for the ISIM cluster. Configure ISIM using a response file.
• Install Confidential Security Directory Integrator (ISDI), ISIM Dispatcher and Confidential Security Access Manager (ISAM) Adapter.
• Configured the ISAM Runtime for Java system, ISAM Registry Direct API for Java system, and the ISDI Java Runtime environment into the ISAM secure environment domain.
• Install the ISAM Adapter utilities package.
• Install and configure Tivoli products such as Tivoli Directory Server (TDS), Security Directory Server (SDS), Policy Server, Authorization Server, WebSEAL, Tivoli Directory Integrator (TDI), Tivoli Identity Manager V5.1 (TIM), and External Authentication Interface (EAI) application to work with Security Access Manager (SAM) and Anakam.
• Install the RMI Dispatcher and TAM Combo Adapter. Install and configure Access Manager Runtime for Java.
• Create adoption policies to assign existing accounts to people imported into ITIM and identity policy to create all new accounts with the desired scheme. Create services, and import service profiles into ITIM.
• Create organizational roles and assign users to roles based on their responsibilities. Create provisioning policies for each role.
• Create password policies and implement challenge response system for forgotten password.
• Define and configure authentication and authorization policies and policy enforcement through ITAM to satisfy internal security and regulatory security policies.
• Create and configure WebSEAL instances.
• Install and configure Session Management Server (SMS) for session management.
• Install Tivoli Federated Identity Manager (TFIM) and fixpack. Configure TFIM domain and deploy the Runtime. Use WebSEAL as a point of contact.
• Use TDI to import identity information into ITIM. Manage accounts in ITIM and external managed resources.
• Responsible for troubleshooting TDS replication, diagnosing replication errors, monitoring replication status using idsldapsearch, viewing replication errors and status using idsldapsearch, verifying that suffixes and replication agreements exist, and resolving replication issues.
• Responsible for tuning Confidential WebSphere Application Server, adjusting the Java Virtual Machine (JVM) size, configuring WebSphere JDBC connections, and optimizing Confidential HTTP Server connections.
• Responsible for tuning ITIM, configuring LDAP connection pooling, working with reconciliations, limiting attributes returned from the adapter, reducing policy enforcements, and limiting attributes evaluated during reconciliation.
• Configured reconciliation threads, the maximum duration of reconciliation, paged searches, and controlling the size of the database.
• Responsible for tuning TDI, configuring logging levels for TDI, tuning the RMI Dispatcher, configuring timeouts for large reconciliations, and configuring assembly line caching and the number of concurrently running assembly lines.
• Responsible for tuning TDS, configuring cache sizes, paging parameters, configuring database buffer pools and transaction logs for the TDS database.
• Configure database statement heaps, system limits, attribute indexes for TDS, DB2 indexes, and automatic statistics collection for the TDS database.
• Responsible for configuring the maximum open files, identifying performance bottlenecks, and monitoring system resources.
• Tune TAM components such as the Policy Server, WebSEAL, and the Authorization Server.
• Enable the LDAP cache for Java authentication. Configure the Policy-cache-size and WebSEAL worker threads.
• Tune Session Management Server (SMS), and configure the SMS handles with WebSphere Application Server clustering.
• Perform WebSphere Application Server and Confidential HTTP Server installations. Apply WAS and HIS fixpacks.
• Configure external authentication interface, set external authentication interface protocol, external authentication Trigger URL, HTTP header names for authentication data, TAM authentication strength policy, authentication levels, and authentication strength login form.
• Create TAM protected object policy, attaching protected object policy to protected resources, and enforcing user match across authentication levels.
• Configure local response redirection and macro support for local response redirection.
• Create WebSEAL junctions to backend servers. Also manage WebSEAL junctions with pdadmin command tool, and configure extended attributes on WebSEAL junctions.
• Install Anakam for second-factor factor authentication, add Tomcat as a service, and deploy the USCIS custom.
• Provide support for the deployment of releases to Production and the lower environments. Technical support includes manual deploy of ITIM, TAM, WAS, IHS, TDS schemas, and the implementation of CRs.
• Provide operations and maintenance to all environments, and input into the solution architecture primarily related to fail-over and high availability.

Confidential

Tivoli Identity Manager (TIM) 

Responsibilities:

• Installed the TIM suite of products to include configuration as specified by the system level requirements, TDS, TDI and TIM.
• Applied fixes to TIM components.
• Installed and configured TIM adapters.
• Configured the TDI Server as a TAM Server.
• Created services and password policies, and imported service profiles into TIM.
• Created organizational roles and assigned users to roles based on their responsibilities. Created provisioning policies for each role.
• Deployed and configured Java Runtime Environment, GSKit, TDS client, Policy Server, Authorization Server, and TAM WebSEAL.
• Created and configured WebSEAL instances.
• Integrated WebSphere Application Server and WebSEAL using TAI++.
• Created TAM users and groups and assigned users to groups.
• Secured WebSphere applications using TAM.
• Attached policy templates to objects in the object space to provide protection of the resources.
• Configured failover cookies to prevent forced re-authentication.
• Configured WebSEAL to handle the processing of absolute URLs embedded in scripts, and server-relative URLs.