SUMMARY:

Providing over 20 years of experience in Professional Services Consulting to a variety of industries in the areas of application, system, process improvement, automation and security. I architect, design, develop, implement, test and integrate identity and access management solutions.

PROFESSIONAL EXPERIENCE

Confidential, Nashville, TN

Responsibilities:

• Design and develop the LDAP schema, Directory Information Tree (DIT) and security for a multi - tenancy solution.
• This will allow departments to manage their own application data for entitlements, roles, groups, users, administrators and delegated administration.
• This required special attention to access control to allow for delegated administration and global administration of groups and users.
• Macro ACI/ACL design was used to achieve security between tenants.
• Provided coding for bash scripting to convert SQL, CVS and LDIF for migration from legacy systems for docket and case management.
• Developed Java code using the UnboundID / PingDirectory SDK for authentication and management of users, groups, roles, entitlements, security, administration requirements.
• Implemented SSL with self-signed certificates and CA for internal management.

Confidential, NYC, NY

Software Architect

Responsibilities:

• Member of the Global Information Security (GIS) team. I was tasked with design and development of solutions, systems, architectures, data models and software to provide Multi-Factor Authentication for Privileged User Access to critical banking systems.
• This role required consulting to application owners on integration points and strategies to enable MFA capabilities into their products and services.
• I developed an LDAP authentication solution to enforce MFA for privileged users on a per-application scope for Privileged Access Management (PAM).
• The solution can identify users of any specific application with privileged access and inject MFA validation. Using proxy and virtual directory design concepts I was able to isolate specific user and application contexts for selectively enforcing MFA on a per-application scope. This ability is currently lacking in all known industry implementations of MFA.
• The solution also required a custom LDAP plugin controlling the UnboundID/Ping Directory Proxy Server.
• The purpose of the plugin is to integrate external services with LDAP authentication. The plugin does this by intercepting LDAP authentication requests, then lookup an MFA rule (defined by application owner) from the identity repository for a specific application context and evaluate the returned 'MFA Rule' to determine if MFA is required for the current user and application combination. When MFA is required, the OTP validation is performed by calling a 3rd Party SOAP service and parsing the response as part of the LDAP authentication life cycle.
• This solution includes a variety of documentation, scripts, tools and code to deploy the plugin, configure the proxy services, RBAC / ABAC rules and manage the life cycle of the solution. GIT and Team Foundation Server (TFS) was used to document the solution and manage the source code.
• Using the above solution, I was able to integrate MFA for privileged user access with a variety of products, services and protocols - including: CA Directory, CA SiteMinder, Ping Federate, Ping Access, LDAP, Active Directory, TACACS+, RADIUS, RadiantLogic VDS, Ping Directory Server, Ping Proxy Server, CyberArk, WebLogic and others. MFA solution now protects all SWIFT transactions globally.
• Due to a long history of performance issues related to using external vendor processing of tokens, there is an interest in providing this capability on premise. I am currently in the design and development phase of a FIDO Universal Authentication Framework (UAF) system to register, authenticate and manage any FIDO compatible token. This would allow BYOD use cases for expedited on boarding of internal and external clients.
• Additional python solutions to manage the migration of over 100,000 WebLogic domains to use the new MFA solution.

Confidential, Monroe, LAIAM Architect

Responsibilities:

• Deployment of the IAM infrastructure based on the Oracle 11.1.2.2.x stack on the Solaris 11 platform.
• I was contracted to demonstrate and document the DEV environment installation and configuration of OIM, OAM, SOA, BIP/BIEE, WebLogic.
• This includes deployment and configuration of the LDAP and AD connectors for basic provisioning and reconciliation.
• The deliverables are a working DEV / TEST environment and a cook book + scripts for production deployment by UML staff.

Confidential, Tallahassee, FL

Directory Architect

Responsibilities:

• I performed a co-existence migration of Sun DSEE 6.3 to Oracle Unified Directory (OUD) 11.1.2.3.
• As part of the migration I had to clean up the legacy iplanet, sun, netscape and legacy object classes and attributes from the schema and data.
• Made compatibility schema for DSEE and OUD co-existence through the replication gateway.
• The customized DSEE and OUD schemas allowed for 2way password and account life cycle controls. I was able to fixed numerous standards issues in the legacy SUN DSEE data which allowed strict compliance in OUD. I assisted in analysis and resolution of code and migration issues for various applications custom and COTS.
• I provided guidance on usage, optimization and best practices. FSU had a 1M+ user base with high modification rates.
• The External Change Log (ECL) was configured for synchronization with other application identity stores.
• I created custom password policies and enabled assignment to different users based on dynamic group filters and virtual attributes. aurionPro SENA

Confidential, NJ

Senior Security Architect

Responsibilities:

• I am very fortunate to work for an organization that offers a diverse set of challenges in the Identity and Access Management domain.
• As an architect, I advise and guide our clients through the requirements gathering process and I collaborate with our clients to design solutions to meet their unique challenges.
• I enjoy supporting multiple projects throughout the various phases of design, development, implementation and go - live.
• At any given time I am performing several of the following tasks:
• Troubleshooting performance issues from the Kernel to the JVM and beyond.
• Root cause analysis of the most perplexing development and production issues.
• Tweaking and tuning servers until we maximize performance.
• Development of custom code to support the many unique requirements we are exposed to across a variety of industries.
• Demonstrating the proof of concepts to show our clients how we can meet their challenges through design and application of Oracle technologies.
• Data Modeling, ETL, Migration and Cleansing.
• Testing - Unit, Functional, Integration, Throughput
• High Availability design
• Disaster Recovery Planning

Technologies I work with: Maximum Availability Architecture, Oracle Database, ASM, RAC, Oracle Access Manager, Oracle Identity Manager, Oracle Identity Federation, Oracle Adaptive Access Manager, Oracle HTTP Server, Oracle Unified Directory, Oracle Internet Directory, Oracle Directory Server Enterprise Edition, Oracle Virtual Directory, Oracle Entitlements Server, Application Policy Manager, Oracle Access Gateway, Service Oriented Architecture, Web Logic Server, Oracle Enterprise Linux, Oracle Solaris -versions include 10G(R1,R2,R3), 11G(R1,R2

Confidential, Raleigh, NC

Enterprise Architect

Responsibilities:

• Design and implement AD and OUD connectors.
• Designed and implemented HA architecture using Oracle Maximum Availability Architecture (MAA).
• Design reconciliation for SuccessFactors.
• Design integration and policy modeling for multiple hosted applications and internal applications using SSO and Federation features of OAM.
• Customize OES for OIM access policy enhancements for new access roles.

Confidential, Newport Beach, CA

Software Architect

Responsibilities:

• Consulted on implementation and architecture related issues for OIM, OAM/OIF, OES, OHS and WLS.
• Additionally I implemented a two node cluster of OIM 11GR2 and the Novell Edirectory Connector as a POC for provisioning/de-provisioning users, groups and organizations.
• POC for DIP synchronization from Edir to OUD/OVD for OAM/OIF integration with pre-existing and multiple data stores for identityrepositories. Confidential LLC

Confidential, CA

IAM Architect

Responsibilities:

• Providing support to the Confidential staff during the golive in production.
• This includes deployment of the custom developed OIM packages, scripts and components to support Day0 and Day1 activities.
• Products supported include OES, OIM, OAM, OUD, OHS, WebLogic.

Confidential, Detroit, MI

IAM Architect

Responsibilities:

• I performed the initial requirements gathering and documentation. I documented the High Level Design (HLD) providing the requirements, logic, use cases, constraints and approaches to the solution that included the integration of OIM, OAM, OHS, OES and OUD.
• I implemented the solution including all High Availability aspects for reverse proxy, F5 load balancing, Weblogic Server Migration.
• Implementation utilized SSL communication for front and back end communications.
• Developed scripts for PKI management of certificates and internal CA.
• Used DIP to integrate AD and ODSEE LDAP data to the OUD directory server with custom OVD views for OAM/SSO/Federation assertions.

Confidential, Hershey, PA

IAM Architect

Responsibilities:

• Performed root cause analysis for performance issues in production system.
• Determined cause of issue to be tuning related.
• Performance tuning and testing performed to resolve issue with threads, heap management in the JVM and JMS messaging tuning.
• I wrote several utilities to help monitor heap usage, garbage collection, thread usage and heap dumping for profiling.

Confidential

System Architect

Responsibilities:

• Determine cause for GUI slowness and poor performance in web tier.
• Troubleshoot performance issues related to network/SAN storage.

Confidential, Cleveland, OH

System Architect

Responsibilities:

• I was asked to assist with performance tuning and stress testing of a large integrated solution utilizing OIM, OUD, CMS, Portal and OAM.
• I performed SLAMD LDAP stress testing of the OUD directory and directory proxy services.
• I analyzed indexing and ACI on OUD for tuning exercises.
• Code review and solution fix for performance issues in the custom Java application code for the portal servers.

Confidential, Monica, CA

IAM Architect

Responsibilities:

• Documented requirements and designed architecture for Oracle Directory Services to support the IDM implementation for 6 million users.
• Oracle Unified Directory and Oracle Virtual Directory were used to create the identity repositories .
• Designed DIT and extended LDAP schema to support custom objectclass and attributes for a customized authorization strategy.
• Developed Java code for application integration, IDM import and password synchronization.
• Utilized Oracle DIP to synchronize Active Directory security groups and roles for SSO enabled applications.

Confidential, Milwaukee, WI

Security Architect

Responsibilities:

• I was assigned to consult with project teams across the enterprise to assist in implementing best practices for security of networks, software, identity and access management.
• Participated in ED / SSO meetings to define next generation of IAM security architecture.

Confidential, Chicago, Il

LDAP Specialist for Secure Access Management (SAM)

Responsibilities:

• I designed a Solution Blueprint that documented the process for application owners to migrate from the MSI directory services (Sun DSEE 6.x) to the NSN directory services (11g DSEE7.x).
• This included schema analysis and development of a schema compatibility matrix for application developers to use as a guide for conversion of application LDAP data models to the destination schema.
• To assist migrations, I developed a series of coding examples in a number of programming languages including PHP, Java, VB.NET, Perl, C#, C++ and others. Throughout the migration process I provided technical support to MSI developers and managers to insure successful migration of their applications.
• I also developed a database and GUI (MS Access/VBA/SQL) to manage the migration data for issue management, tracking and reporting to PMO.

Confidential, Livingston, NJ

Enterprise Architect

Responsibilities:

• Mergers, Acquisitions and Divestment. I was contracted to develop design and implement an updated Sun Messaging Server solution. This included upgrading and migrating Sun Application Server / Sun Access Manager 7 to Glassfishv2/OpenSSO 8 with additional provisioning glue added. In addition to the new environment, I performed a migration of the current 6.3 user mailboxes to the current 7.3 Messaging Server environment with the latest version of all the associated components of the architecture. Due to the sale of the company (Alico), business required the masquerading of the old aig.co.jp domain until the official sale date. The domain cut-over process involved mail header rewriting, domain aliases and mail routing rules to maintain appearances until the official cut-over date.
• Other tasks included updating the Java application controlling the integration of LDAP data between MS Exchange 2007 and Sun Java System Directory Server 6.3.1 with attribute mapping across incompatible schemas. This program allowed synchronization of the MS Exchange Global Address List (GAL) and provided data for routing mail users from multiple domains and sites.
• Developed a Java/JNDI based migration tool to move users between domains and environments and setting up mail routing, forwarding and rewrites for migrated users. Due to the nature of the application logic each user took a while to process to completion. The Java tools were rewritten with JNDI/JMS interfaces to utilize a JMS provider messaging communication scheme to send requests to multiple consumer clients to migrate users concurrently. Using this method we were able to decrease a 1,000 user migration batch from 25 minutes to just under 4 minutes. This significantly cut down our migration windows. This development made use of the Sun GlassFish Message Queue 4.x and Java 1.6. The Directory Topology was a 2-Way Multi-Master Replication design with 2 replica consumers. This included performance tuning Solaris 10 installations for I/O and TCP settings. Design and install password policies, Access Controls (ACI) and general tuning of the database settings, cache, indices, etc. Mesaging stores utilized Sun Cluster 3.2 for asynchronous failover. This design including a separate messaging store implementation to archive all inbound and outbound mail that hits the MTAs. Messaging stores and Journaling Server was implemented with ZFS tuned for messages (128k), databases(8k), indices(4k).
• Setup Sun 5240s, Ultra27 Workstation, ST6180 Disk Array, ST SL24 Tape Library, Cabling diagrams, ILOM ports, Solaris 10, Common Array Manager, ZFS, RAID (2) mirrors 1 data and 1 o/s.
• Implemented and configured Delegated Admin 7, Messaging Server 7.3x, OpenSSO 8, and Glassfish 2.1 Application Server. Configured NTP on all servers. Configured IPMP network failover for all servers.
• Install, configure and run loads to test Sun Java System Messaging Server with SLAMD stress testing tools. Implemented resource monitoring on all client and target servers. Presented reports showing configuration, optimization and tuning has been performed.
• Additional work was done to migrate the aig.co.jp employees from the old mail system to the new sunmail environment. This involved documentation for the migration procedures and contingency rollback procedures. To accomplish the migration of the users; several scripts were developed to run on the server and the desktop. Java, JNDI, shell script and VBA were employed to create a transparent migration experience for the users using login scripts and policy objects in Active Directory.
• Documentation generated: System Design Document, Requirements documentation, install procedures, user/admin guides, changeover process, System Integration Test (SIT), Unit Test, Functional Test, User Acceptance Tests, test procedure plans, test reports, Domain Cutover Plan and Desktop Support Plan.

Confidential, Grapevine, TX

IDAM Support

Responsibilities:

• Provided problem resolution for all messaging related issues.
• This included supporting messaging components, Access Manager, LDAP, JAVA, Networking, Solaris 9/10.
• I worked closely with Verizon management and engineers and SUN engineers to facilitate analysis, root cause determination and resolution. I performed regular coding and scripting to assist in data collection, automation of administration activities and reporting to monitors and tools in various formats.
• Utilized JNDI/RMI/JMS and core Java and J2EE to accomplish this. Setup Messaging server 6.3 in test labs for migration testing.