- Information security professional with success directing a broad range of corporate IT initiatives.
- Areas of expertise include Security Infrastructure Design, Application Security Assessment, Enterprise Architecture,
- Web Hosting, Application Delivery/Load Balancing, IP Services, Identity and Access Management, SSO, Identity Federation, Enterprise Architecture, Innovation and Vendor Management.
- Outstanding project leader with experience coordinating complex projects and cross - functional resources to optimize IT operations and support business objectives.
Network: F5 GTM, LTM, Infoblox, Diamond IP, McAfee Web Gateway, Squid, LAN/WAN
Operating Systems: Linux (Red Hat, Suse, Ubuntu), Unix (AIX, HPUX, Solaris), Windows (Server 2008 and 2012)
Single Sign On: CA SSO (SiteMinder), OpenSSO
Directory Services: Sun Directory Server, OpenLDAP, Active Directory
Security: Splunk, McAfee SIEM, Venafi
Multi-Factor Tools: RSA Authentication Manager, RSA Adaptive Authentication
Web Servers: Apache, IIS, iPlanet web server, IBM HTTP Server, Nginx, lighttpd
Identity Federation: SAML 2.0, CA Federation
Monitoring Tools: HP OpenView, Nagios, Cacti, CA APM, custom scripts, CA Nimsoft
Application Servers: Oracle WebLogic, IBM WebSphere, JBOSS, Tomcat
Web Analytics: WebTrends, CoreMetrics, WebLog Expert, Sawmill
Confidential, Richardson, TX
AVP - Cybersecurity
- Participated in the insourcing of key functions in the SRF area that included ADC functions, DDI, TLS certificates, Proxy, and ITSM and change management.
- Lead a design and implementation team of up to 11 members, including full-time employees and contactors working on-site and remote. Responsible for overseeing the day to day operations of the team including but not limited to the following duties:
- Allocating requests to team members based on ability and workload.
- Establishing team targets for performance.
- Giving prompt and accurate information on individual staff members performance and providing mentorship to improve performance.
- Making sure all assignments given to staff are completed within OLA/SLA and to standard.
- Managing staff sickness and vacation and providing necessary cover.
- Providing accurate information to senior leadership on KPI, productivity, and key issues.
- Created internal peer review process that improved rejections from 29% to 3%.
- Team member hiring including candidate identification, screening, interviewing and selection.
- Maintained regular communication with stakeholders regarding pertinent IT initiatives
- Participated in technology discussions to shape the technological roadmap and future state of the infrastructure.
- Performed design and implementation duties within the ADC environment (F5 LTM/GTM/ASM).
- Created, renewed, and implemented TLS certificates against internal and external CA.
Confidential, Plano, TX
Global Identity and Access Management Services Lead
- Management of WAM engineering and production support including daily operations, analyzing workflow, establishing priorities, developing standards, setting deadlines, capacity planning and forecasting.
- Expansion of SSO offering globally to remediate an audit issue. Included deployment of new hardware across multiple datacenters, publication of global IAM policies and procedures, and the governance and enforcement of those policies.
- Management of the identity federation infrastructure with third party hosted and cloud solutions.
- Adhered to and enforced corporate policies regarding network security, data, identity and access.
- Consulted with application support teams on remediation steps to eliminate issues found in vulnerability scans.
- Skilled in building strong relationships with leadership, staff, customers, vendors and third party contractors.
- Participate in staffing decisions including candidate selection, interviewing, and hiring of employees and third party contractors. Employee leadership responsibility include onboarding, mentoring, and training.
- Architect of global identity and access management strategies and systems to meet the demands of various sectors and business needs. Technologies included SSO, Federated Identity Management, Multi-factor Authentication, and Adaptive Authentication. Systems utilize F5 GTM and LTM for high availability and data center redundancy.
- Identity and Access Management SME for global security assessment process. All enterprise projects are required to go through the assessment process to ensure they meet or exceed all relevant security policies.
- Responsible for creating and upholding global security policies in regards to web access management and identity federation.
- Participate in multiple AOP projects in various roles to support business needs.
- Responsible for disaster recovery plans of critical identity and access management systems and participate in multiple business continuity exercises to prove recoverability. Up to 13 exercise annually.
- Designed and implemented new identity federation infrastructure using CA SSO (SiteMinder). Benefits over previous system: reduced licensing cost associated with the previous offering, provided standards based framework (SAML 2.0), and reduced integration time and cost. Evangelized improved solution and service offerings. Enterprise ERP system was able to make full use of authentication services closing a known security vulnerability.
- Support and enhancement of the web hosting environment. Environment spans multiple datacenters and includes webservers, application delivery controllers (F5 devices), DNS infrastructure, and application servers.
- Multi-year experience in ADC space using F5 LTM and GTM responsibilities included software upgrades, application integrations (WIP, VIP, Pool setup), irule creation, SSL off-load.
- Managed enterprise projects across multiple data center domestically and internationally. Often serving different roles from project manager to architect.
- On-boarded new applications and provide consulting services for application delivery. Determined LB methods based on business needs and application tier.
- Managed and upgraded enterprise certificate authority. Migrated from OpenSSL solution to Microsoft based CA. Maintained the relationship with external certificate authorities that included Symantec, Thawte and Entrust.
- Established Web and Application Hosting COE, this cross-functional team was able to reduce SLA's by 90% though process improvement and automation.
- Served as coordinator in multiple disaster recovery and business continuity exercises supporting LTM, web hosting and IP services.