Confidential, Minneapolis, MN
- Red Forest (ESAE) architecture project with lab and production implementations.
- Confidential (Host Guardian Service) deployment in a dedicated forest to secure Hyper - V cluster VM’s in both production environments and the Red Forest.
- Dynamic local group membership management implemented through a combination of built-in group policy preferences and PowerShell automation which allows for granular temporal server access.
Confidential, San Diego, CA
Active Directory Architect
- High security ESAE/Red Forest architecture projects for government clients and other high profile customers.
- Local admin permission creep was becoming an issue and needed to be addressed. Through wildcard group policy preferences and PowerShell temporal admin membership, management of local admins through domain security groups was implemented.
- Long term health and performance trending was needed for domain controllers in multiple domains. Using a backend of SQL with PowerShell doing the heavy lifting we were able to identify trending patterns on a web front end as well as receiving performance alerts.
Confidential, Seattle, WA
- PowerShell automation project for Active Directory object provisioning in a large healthcare environment.
- The automation was the first stage in a high security migration project involving an acquisition that was AWS based.
- Scripts performed error checking as well as verbose logging and SMTP alerts. All credentials obscured and encrypted.
Confidential, San Francisco, CA
- Red Forest analysis and design project. Investigated current state then implemented design and deployment documentation detailing the requirements for the install process.
- As a prerequisite for the Red Forest implementation a full role-based access control model was implemented for multiple security tiers.
- IAM controls were hooked in to prevent access loopholes and elevation through provisioning solutions.
- AD security risk analysis with a focus around solutions using current application space in order to reduce app sprawl.
- With many SAAS and partial IAAS implementations needing to be roped in during the process.
Confidential, Hartford, CT
- Domain Admin reduction security initiative for human and non-human accounts, architecting role based solutions to remove the need for these domain admins.
- Domain Admin level accounts were replaced with least privileged accounts following a new RBAC standard.
- Analysis and design recommendation for a Red Forest implementation to help mitigate pass the hash vulnerabilities.
- IAM policy audit for privileged account management along with a directory security audit revealing accounts that were violation of the company security policy.
Confidential, Tukwila, WA
- Brought in to establish a working IDM system where only a piecemeal solution existed.
- Working closely with HR and data source owners to setup workflows in the RSA IAM suite to automate user/service account/group provisioning and de-provisioning.
- Security delegation to remove the need for wide spread domain admin usage. Role based access control model implemented for different usage tiers allowing the removal of the domain admins.
- OU and GPO consolidation project to ease maintenance and troubleshooting.
Confidential, San Jose, CA
- Project goal was to identify all non-human accounts in the AD structure and correlate them with owners with as little staff interaction as possible.
- Remaining time was spent performing a security audit with an emphasis on Red Forest implementation benefits.
- This was accomplished by gathering data using PowerShell and storing it in SQL then performing table references to determine owner(s) and details.
- Data was gathered from audit logs to show login source/destination, DNS for short name of server, inventory for server owners, a ticketing system for account owners and active directory for object data.
Confidential, Redmond, WA
- Brought in to develop an independent forest for the Windows phone project.
- All aspects of data gathering design and implementation in addition to deployment for a new forest for the Windows phone development group that enables all the functionality that currently exists in the present environment.
- Dynamically updated geographical site map with logical site link data implemented to display replication routes.
- PowerShell updated pivot table with detailed site/subnet information for IP planning and networking monitoring in relation to geographical location.
Confidential, Cleveland, OH
- At Confidential I worked closely with the AD engineering team to help improve their operational efficiency and security through Group Policy Preferences utilization.
- Specifically we implemented a deeper OU hierarchy to replace the relatively flat structure that currently existed. This allowed a tiered out RBAC setup utilizing a least privileged model.
- In addition I analyzed current startup/logon VB scripts with the goal of improving login time and presenting a more standardized model. The end results are improved startup time and logins for desktops as well as a more efficient maintenance methodology.
- Some of my other work at Confidential included advanced PowerShell scripting to enable single/bulk AD item restores through the use of the AD Recycle Bin. These scripts enabled Confidential the ability to quickly and recursively restore entire OU structures or just a single user based on the time it was deleted and the name of the object.