- Confidential has over 15 years of leadership in the sales, design, execution, project management and hands - on implementation experience with leading-edge application security technologies at the most technically complex global organizations in the world.
- I have worked with technology risk management and security functions. This includes experience with all the major product vendors.
- Specifics regarding the opportunity include:
- Managing support offshore teams
- Worked on connected car, flight systems and IoT security initiatives for healthcare and utilities including medical devices and Bulk Electrical Systems
- Developed 1,3,5 year security architecture and IAM plans for large, complex organizations that focused on compliance to automotive standards and information security standards such as NIST and NERC-CIP
- Developed security architecture for enterprise web-based product solutions
- Designing and implementing SAAS and cloud security architectures for large cloud providers and other service organizations
- Introduced new technology and solutions to organizations on a regular basis
- Conducting assessments of SAAS/cloud security architectures
- Introducing new technologies and concepts into organizations and managing POC
- Experience with mobile and BYOD security solutions
- Associations with various information security leaders world-wide in industry and academia
- Worked remotely with development teams all over the globe
- Passed exams - CISSP, CISA, CISM, Certified Financial Services Auditor, Certified Bank Auditor
- Confidential Certified Project Manager
- Certified Ethical Hacker - Confidential
- Qualys and Foundstone Certified
- Consulting experience with Big 4, Andersen and Large System Integrators such as Confidential and CSC
- Experience with all security architecture methodologies including ISO, COBIT, FFIERC, NIST, PCI, Healthcare, CAP, FISMA, FRB and SABSA
- Built all systems to European and US privacy standards
- Lead Information Security positions. In this role:
- Reduced Costs
- Developed Solutions
- Built security delivery teams
- Brought global security architectures to best practice standards
- Introduced more sophisticated and comprehensive risk management practices that included the use of risk registers, data classification and metrics
- Upgraded staff
- Projected improved image of information security
- Integrated and embedded with teams
- Became authority on all areas of security and business risk
- Chaired key committees on security and improved relations with audit and compliance
- Lead Security initiatives in all areas of information security. All the projects involved initial conceptual design, cost-benefit analysis, road-mapping, gap analysis, build-out project plans, leading execution initiatives and post go-live gap analysis along with some post-go-live support. I am an expert at identifying solution and gaps and proactively working with clients to design, build and deploy security architectures. I am known as a take-charge resource and leader who through visual and verbal communications can sell the facts to management while saving money on security initiatives. Finally, I am always up to date on newest trends and technologies that add value to organizations.
- Security Lockdown Experience with the following platforms; Confidential Mainframe (MVS/VSAM), Websphere, Oracle Application Server, SAP, WebLogic, Oracle ERP, Java, SOA and Web Services security in client and mainframe environments, Active Directory, Oracle Internet Directory, DB2, SQL, Custom Java and .NET applications, Windows and UNIX (RedHat and Sun)
- Experience with all major enterprise security tools for SOA/WS Security, Identity and Access Management, Encryption in Transit and at Rest, Operating and Network Security Vulnerability Management and Reduction, DLP technologies such as Vontu and Verdasys, RSA 2 factor authentication and integration with IDM/IAM solutions. IDS and IPS including newer solutions from Palo Alto Networks, Secure Code Application Development, Forensics and Advanced Network Monitoring and Threat Analysis
- All solutions were integrated with Enterprise High Availability, Help Desk, Failover and Disaster Recovery solutions
EMPLOYER HISTORY AND EXPERIENCE:
IoT Security Technical Architect
- Developed and executed a complete Certification, Assurance, Risk Management and Threat Intelligence for a range of medical devices
- Designed and began implementation of an enterprise security architecture around critical IoT devices in auto and medical
- Designed and architected enterprise security architrecture for medical devices. Work included implementation of PKI solutions from digicert, used of cloaking by Tempered Networks and embedded code security from Arxan.
- Designed and implemented security over controller solutions.
- For several large companies, designed, architected and implemented Azure and AWS security
- For a large consumer product company, implemented Tempered Network and Arxam solution over controllers.
Director of IoT Security Practice
- For a medical device company, functioned as a medical device security architect across all domains from requirements, to gap and design.
- Developed security solutions for the device in the areas of encryption, access control, secure code in the form of over 30 services.
- Designed IoT security architectures for various companies. Work included Connected car, utilities, flight systems and IAM IoT and IoT security for medical devices, inflight systems and auto makers.
- Functioned as Cloud Security Architect for a Global Fortune 50 company in their move to cloud. Designed AWS and Azure security architecture
Senior Manager and Enterprise Security Architect
- For a utility, developed an IAM and authentication solution for IoT on utility devices.
- I also brought new ideas on Cloud, DB and IAM security to a Global 50 manufacturer.
- Developed a security architecture for utility IoT systems such as generators and transformers.
- Functioned as a lead security architect for a global retailer and franshisor.
- For a large automotive company, developed a connected car security architecture. Executed security coding reviews and build programs to ensure compliance
- Developed a cloud security architecture for a rental car company.
- Devloped DB PCI security architecture for a large retailer.
- For a large manufacturer in the Fortune 15, functioned as a cloud security architect for the movement of confidential and high risk application from on-prem to AWS
- For a large utility, conducted assessments of IoT products according to NIST and NERC-CIP
- Functioned as a security architect for a cloud based health care solution
- Functioned as a security architect for a cloud based logistics solution
- Designed architected and implemented a Sailpoint IAM solution
- Designed, architected and implemented 3 McAfee, Symantec and NAC endpoint systems including mobile security. The focus was on enterprise protection along with a strong improvement in phishing prevention techniques.
- Executed goodness of fit for IAM product selections for 4 large companies application systems
- Designed, architected and implemented an internal database system that tracked all activity by user ids within the internal system. This discovered unusual access patterns within the organizations that were indicative of hack activity.
- For several large banks conducted security architecture gap assessments and architecture design for mobile. Deployed solutions for companies
- For large FSI, functioned as a cloud security architect for a migration of on-prem applications to Azure cloud
- For 2 FSI organizations, designed, architected and implemented SailPoint IAM solutions and Enterprise IAM and Security Solutions
- For a large insurer, conducted security architecture assessments and developed enterprise security architecture strategies and plans
- For a large manufacturer, developed an IoT security architecture for autos
- For a large insurer, designed an CA Identity, Role, Control and Governance Minder architecture
- For a large software vendor, developed an application security and secure SDLC strategy
- For a large consulting firm, developed a threat management and intelligence solution
- For numerous FSI firms including banks, developed a 1,3,5 year cloud application security architecture strategy
- For 2 large SAAS providers developed web application SDLC security solutions to ensure cloud security
- Conducted security assessments over VM/cloud based environments
- Designed security architecture for a VM environment consisting of over 9000 virtual servers
- For several large cloud providers, implemented a federated identity management solution
- For a large bank, developed an IAM strategy for mobile security and advanced IAM such as OAUTH
- For 2 large SAAS/cloud providers to the banking and healthcare industries, developed an enterprise security architecture
- For a large FSI, developed a secure application development methodology
- For a large bank developed a mobile security solution for web based transactions along with a mobile IAM strategy
- For a large retail cloud provider, designed, architected and implemented an enterprise security solution
- For a large healthcare cloud provider, designed, architected and implemented an enterprise security architecture and supporting solution
- For a large retailer and a large manufacturer, developed a BYOD and NAC security solution for their cloud solution
- For a large government agency, architected and implemented an Oracle IDM/IAM solution over a cloud solution
- For a large government agency conducted a PCI, NIST and FISMA based security assessment. This included developing an application security framework and a GRC framework
- Implemented DLP solutions for WebSense, Symantec and RSA over cloud environments
- Developed a DLP strategy for a large manufacturer
- For a large insurer, developed a vulnerability reduction strategy
- For a large distributor, architected a Confidential Guardium DB Security solution
- Developed an enterprise security architecture for a software developer including the secure development of applications sold to customers via cloud
- For a large manufacturer/distributor, implemented a ITIM/SAP GRC solution
- Current training in latest version of Oracle OIM, OAM and Oracle Role Manager
- Attended Confidential TFIM training for current version.
- Attended Q-Radar Training for Q-Radar version 1.1 MR4. This was hands-on training
- For a large government agency, architected and implemented PCI solutions for P2P encryption, tokenization and Network Enclaving/Zoning
- For a large retail pharmacy working in cloud, designed and architected an enterprise security architecture for SOA/Web Services and in-store encryption this was using the TFIM and Datapower solution. Also introduced a mobile security solution for web users and employee.
- For a large pharmacy, designed, architected and implemented a Q-Radar solution for SEIM for a cloud solution
- For a large financial services company, architected, designed and implemented a role consolidation solution from Oracle. Also, executed a role consolidation project
- For a large retailer, designed, architected and implemented a high-availability solution for CA Identity Manager r12 SP11.
- For a large bank, designed, architected and implemented an enterprise security architecture lockdown and security improvement plan across the entire stack including application and GRC security
- For a large bank, re-designed, re-architected, re-deployed and re-energized a large cloud IAM/IDM solution that had languished for 2 years and spent $8 million with no delivery.
- As a contract architect and security director lead an enterprise buildout of security architecture for a large health insurer offering a cloud-based solution. Included in this efforts was the purchase of numerous security tools, the addition of staff, implementation of enterprise IAM/IDM, 2 factor authentication and SOA/Web Services security and the use of a variety of enterprise security tools including web application security. This was based on TAM, ITIM, TFIM and Datapower
- As a contract architect director, designed, architected, sold, road-mapped and lead the implementation of an enterprise WS/SOA, DB, VM and IDM/IAM/Federation security architecture for a large SAAS/cloud online education institution. This solution would lead the organization to adopt the latest in authentication, authorization centralization and other advanced security solutions. Post go-live, lead various problem resolution sessions. Lead Security Architectural Review Board meetings focused on security roadmapping. Additionally, designed a password self service solution that lowered help desk costs by over $1 million dollars.
- As a contract architect and security director for a large insurer
- Introduced client to an advanced Enterprise Network forensics product that significantly improved forensics, DLP and management of network security.
- Designed and architected an enterprise wide IAM/IDM/Federation/SOA/WS and RSA 2 factor authentication security architecture
- Designed enterprise AS400, Unix and DB security lockdowns to include configuration, encryption and VM ware security.
- Improved staffing levels. Trained teams on cloud and SAAS security
- Functioning as a contract architect and director for a large civilian/military healthcare payer
- Designed, architected and managed an enterprise SSO, SOA/WS, IDM/IAM, web application/secure coding. Designed real-time code review systems that scanned source-code as part of the build. Met military grades of encryption and controls
- Lead reviews of mainframe and DB security systems and managed the implementation of improved security controls.
- Conducted gap-analysis of enterprise SOA/WS security architecture for a large bank. Prepared build-out plans, roadmaps and architectures
- For a large online cloud-based auto retailer that had been subjected to online fraud, designed, architected and managed the implementation of IDS/IPS, IAM/IDM/SSO/Federation, DLP, network, SOA/WS and DB security solutions.
- Developed a web application security strategy for SDLC
- Functioning as a security architect and director for a systems integrator to the FBI, CJIS and DOJ conducted gap-analysis of application security for various classified and unclassified law enforcement systems and then designed, architected and lead implementation efforts of the IAM/IDM/SSO/Federation, SOA/WS, Developed Application Coding, Database, Network, Advanced Authentication including 2 factor, DLP and VMWare server security components. Introduced this highly security centric organization to advanced concepts in VMware, network forensics/monitoring solutions such as NetWitness and advanced adaptive authorization and authentication security. This included RSA AA, TIM, TAM, TFIM and Datapower
- For the Department of Homeland Security Customs and Immigration Division designed, architected and lead pilot implementation of a mainframe and client server SOA/WS, IAM/IDM solution, DB and client server security solution. This was a TIM, TAM and TFIM solution
- For the US Department of Transportation, designed a mainframe and client server security architecture that focused on improvements in the areas of DLP, Network Forensics, SEIM, IAM/IDM/SSO and SOA/WS security. Managed the day to day implementation of the IAM/IDM/SSO solution.
- For a large multi-national pharma manufacturer conducted an enterprise global security architecture assessment. Out of this project came:
- A revised enterprise security architecture roadmap
- Improved data classification and risk management/inventory practices using Archer
- Overhaul of entire enterprise security technology suite and addition of numerous tools
- Elevation of information security function to director status
Senior Director of Information Security and Security Architect
- Implemented vulnerability reduction and management programs with a focus on vSphere, Redhat, McAfee and Tripwire
- Introduced concept of Federation for SSO to multiple sites from vendors and OD. Lead a pilot
- Implemented DLP solutions
- Implemented ISS Proventia
- Implemented IDS solutions
- Implemented SEM solutions
- Implemented a WebServices authorization, authentication and encryption solution using DataPower.
- Managed team of 10 resources and 5 contractors
- Implemented more comprehensive risk registry and data classification program for US and global divisions
- Designed SOA security architecture to support Oracle E-Biz and Retek Deployment
- Implementing Oracle IAM and IDM for Vendor and Internal systems provisioning and access control to provide for Enterprise SSO for thousands of vendors.
- Redesigned Inbox Request process to reduce unworked queue
- Implemented Web-Based access control software from Oracle
- Specific application security tasks included:
- Managed PCI and SOX compliance initiatives
- Conducted ecommerce application security assessments for PCI compliance. Used Rational AppScan, Ounce Labs and other tools. Worked with all impacted compliance and development teams to implement a SDLC application security methodology that is business risk-based.
- Implemented secure coding frameworks using tools, code libraries and process of scanning a rework
- Worked with developers to resolve and correct vulnerabilities
- Implemented ecommerce application security solutions for PCI and SOX compliance. Worked with risk management teams to develop solutions that addressed risks.
- Implemented external authentication/authorization and provisioning systems
- Implemented Tivoli Compliance Insight and Tivoli Compliance Manager
- Conducted security awareness and training for a variety of clients
- Implemented vulnerability reduction and management programs with a focus on vSphere, Redhat, McAfee and Tripwire
- Implemented secure web application solutions for large system product providers
- Implemented DLP solutions from Reconnex and Verdasys
- Implemented ISS PRoventia solutions
- Designed and implemented IDS solutions
- Designed and implemented SEM solutions
- Designed and implemented SOA and Web Services security solutions for encryption, authentication and authorization using DataPower and TFIM
- Conducted security awareness and security training for a variety of clients
- Conducted numerous application security reviews using Ounce Labs and Rational
- Prepared over 40 proposals, SOWs and architecture designs to support pre-sales efforts in the IDM/IAM and application security space
- Implemented Archer GRC and Tivoli Compliance Insight Manager and Compliance Manager
- Conducted numerous application security assessments using AppScan and Fortify
- Conducted WebSphere application security assessments at numerous corporations
- Designed a PCI compliant encryption architecture for several retailers including DB and transmission systems
- Implemented Oracle Identity and Access Manager at a large retailer
- ITIM, ITAM, IDI, Confidential LDAP and TPM architecture, implementation and configuration on a Red Hat Linux operating system for a large telecommunications company.
- Completed SAP and Oracle application security assessments
- Designed Enterprise Security and Identity Management Architecture for a large retail food chain using ITAM, ITIM and RSA. Additionally, assisted in developing ROI justification cases.
- Assisted in installation of ITIM and ITAM for a large retailer.
- Developed an ITAM v5.1/ITIM 4.6 security architecture for a bank. The system ran on AIX and Windows 2003, WebSphere and HTTP Server and utilized single sign-on using a combination of SPNEGO/Kerberos and Active Directory. In addition to the development of technical design, the work included product selection, requirements definition, use case development and product justification.
- Designed security architecture for e-commerce based systems at a large wireless services company and a large utility. Conducted assessments of same.
- Conducted numerous iSeries and DB2 security assessments and security architecture designs.
- Designed Security Operations Center design for a large wireless company.
- Conducted detailed assessments and security architecture re-design for an outsourced web-services system for a state that processed credit-card transactions and handled personal data.
- Conducted several HIPAA and PCI assessments and managed security buildouts for those organizations.
- High level and detailed
- Security architecture designs
- Design of Role-based Access control including roles, functions, design of portlet policy access, data element access and design of provisioning systems
- Token-based system to manage access profiles
- SAML and WS Security
- Specific RBAC work includes; identification of roles and functions, consolidation of roles and functions, development of role management policies and procedures
- Design of LDAP schema
- Design of provisioning system
- Configuration of portlet policy-access server
- Design of Identity and Access Management solution using TIM/TAM
- Developed secure Java coding manuals
- Using Fortify and Web-Inspect tools, conducted secure coding assessments over developed Java code and managed remediation efforts
- Conducted final go-live application penetration tests of the Java-based ecommerce system
- Designed SOA and SOMA security architecture and assisted with implementation of authorization/authentication and encryption solutions
- System involved TIM/TAM, ITDS, IDI, Vignette, webMethods, WebSphere, Java, SOA and WebServices
- DataPower encryption and firewall implementation and architecture to protect WS calls
- Won Confidential S&P Bravo Award for sales and delivery work on project
- Attended Confidential SOA Bootcamp, Confidential Ethical Hacking Class, Confidential Qualys Training Class
- For an extremely large Financial Services, Banking and Insurance Company, performed the following
- Designed security architecture for SOA/SOMA, DataPower, ISS, z/Series, p/Series and WAS environments. These environments complied with Confidential, industry and regulatory requirements while meeting high-volume processing requirements
- Implemented WS security architecture
- Conducted SOA security assessments involving banking applications
- Conducted a high-level HIPAA security assessment
- Served as a liason with Confidential product security SME’s to address client problems and questions
- Was a part of the client Confidential leadership team that defined Confidential strategy at client
- Conducted code assessments using Fortify tool
- Designed improved code assurance process using updated guidelines and integration of Fortify and Rational Tool
- Provided client with state of the art security concepts to improve zoning and segmentation, product compliance and overall strategy
- Conducted DB2 security assessment
- Conducted PCI assessments and development of PCI compliant security architecture
- DataPower encryption and firewall implementation
- For a large automotive manufacturer
- Designed and managed Sun IDM implementation and upgrade and sold a Tivoli TIM.TAM/TDI project. Performed key tasks
- Designed and managed e-directory upgrade
- Managed a staff of 4 offshore resources responsible for coding and upgrading Dir-XML drivers. Designed the new driver systems
- Using ITIL, implemented processes that reduced incidents by over 100%
- Designed new provisioning and password processes that reduced costs by over 200%
- Designed and implemented SUN IDM v7.0 for a large multi-national manufacturer
- Designed revised IDM/IAM architecture for a large financial services and securities processor
- Attended SUN IDM design and deployment class
- Implemented a WebSphere and DataPower based security architecture for an SOA based system
- Implemented ITCAM for SOA and ITCAM for J2EE to monitor database, process and LDAP calls for WebSphere and a Java-Based system
- Conducted SOX compliance reviews and designed controls to address SOW
- Conducted PCI compliance review and encryption strategy design/implementation for a large retailer
- New and add-on consulting sales of over $1.8 million per year.
Contractor - Security and Identity Management Consultant
- Implemented vulnerability reduction programs
- Implemented DLP solutions
- Implemented IDS and ISS PRoventia solutions
- Performed design, requirements definition, use cases, goodness of fit analysis, ROI development along with conducting/managing the implementation of identity/access management and provisioning solutions using CA SiteMinder and IdentityMinder
- Implemented Web Services and ecommerce application security architecture and conducted assessments.
- Conducted e-commerce application security assessments on Java and .Net applications using Ounce Labs, App-Scan and SPI WebDynamics.
- Designed vulnerability reduction program.
- Conducted security awareness and training programs for a variety of clients
- Lead management in re-evaluations of existing security strategies to focus on business risk appropriate, world-class security. Projects returned savings of over $1 million and reduced provisioning time to under 1 minute.
- Managed Federated Identity Management Proof-of-Concept.
- Designed SOA security architecture.
- Designed SOC for US.
- Worked with Eurekify product to identify existing roles within an organization
- Conducted SAP and Peoplesoft security assessments
- Conducted SOX compliance reviews and designed SOX controls
Identity Management Consultant
- Managed team focused on requirements analysis (use case, goodness of fit, business and technical requirements), technical/functional and logical design and implementation of identity management system for access to numerous web-based treasury applications and internal systems. Key value driver was the formation of a identity enablement factory that brought together ad-hoc teams to design and code the connectors that provision various applications. Used SUN IDM and Netegrity systems
- Implemented Web Services security and ecommerce application security solutions including the use of the Reactivity product.
- Conducted Web Services security assessment.
- Designed and built-out a SOC.