Access and Identity Management Expert

• Twenty eight years of IT consulting experience in the following industries automotive, health care, state and local government and financial services.
• Extensive knowledge/experience with increasing responsibility developing and implementing access identity management solutions.
• Demonstrate a natural ability working with technology.
• Highly effective solving complex problems.
• A natural mentor, who leads by example, inspires others to perform.
• Good team leader/player and self - motivator.
• Earned many customer satisfaction awards.
• Perform well under pressure and interact with all levels of customers.
• FBI security clearance.
• Federal Bureau of Prisons clearance.

PROFESSIONAL EXPERIENCE

Confidential,Provo Utah

Senior Technical Specialist ( )

Provided consulting services for architecting, designing and deploying Access and Identity Management solutions for fortune 500 customers.

• Designed large Clustered and Fault Tolerance corporate access solutions providing access from both the internet and intranet.
• Developed authentication contracts using userid & password, smart cards, token-based, X.509 digital certificates, and Identity Federation (SAML).
• Designed LDAP Directories that work efficiently with over a million objects.
• Provided Single/Reduced Sign-On (SSO) solution using identity injection/form fill.
• Deployed role-based access control to provide a convenient way of assigning a user to a particular job function or set of permissions in order to control access to enterprise assets.
• Implemented electronic audit logging and file logging for each component of the access solution.
• Assumed technical manager and subject matter expert roles on many engagements.
• Continuously obtained 100% of annual utilization target. Generated approximately 600.000 in revenue annually.

Consultant II ( )

Provided consulting services to fortune 500 customers.

• Provided design, deployment and tuning consulting to customer in the areas of eDirectory, Zen Works, GroupWise, Managewise and iChain.
• Continuously obtained 100% of utilization target.

Confidential, Michigan

Consultant

Contracted to Ford Motor Company by Novell to proved Novell expertise.

• Developed technology standards, build out and expansion of distributed data centers, LAN/WAN, servers, desktops, security strategies and solving complex technical problems.
• Managed global help desk.

PROFESSIONAL SKILLS

• Novell Access and Identity Management, Novell iChain, Novell Audit, Novell eDirectory design, SecureID, PKI, CA/Netegrity, Jupiter, SAML, Liberty Alliance, RSA Infrastructure and Citrix Terminal Services.
• LDAP DIRECTORIES: Microsoft Active Dir, NDS/Novell eDirectory, and Sun One Directory Server.
• BACKOFFICE SOFTWARE: Database (mySql/SQL/Oracle), Webserver (IIS, Apache, Microsoft Sharepoint, Novell NPS).
• Application Server: BEA Weblogic, IBM Websphere, Java and Tomcat.

COMPUTER SKILLS

OPERATING SYSTEMS: Microsoft Windows 2003 Enterprise Edition, SOLARIS 2.x, LINUX, NetWare and MS-DOS.

NETWORKING: Ethernet, TCP/IP, DNS, WINS, NFS, Samba, NIS, NIS+, and NetBIOS.

Project Experience

Confidential Designed large, clustered and fault-tolerant access solution providing 2,000 concurrent connections to an employee portal. Deployed five iChain servers and one Session Broker in the DMZ fronted by a Layer 4 switch. The switch provided load balancing and fault tolerance for the iChain servers. iChain accelerated 46 applications that consisted of 93 protected resources. User IDs, passwords and RSA tokens were used for authentication. The user ID and password authenticated to a LDAP authentication vault. The RSA token authenticated to a Microsoft RADIUS platform. The users’ credentials were passed in the header to simulate single sign-on to the backend web applications. Along with the users’ credentials, Object-Level Access Control (OLAC) was used to pass other required attributes. Access Control List’s (ACL) rules were used to check to see if the user were allowed to access the protected web sites. iChain was used to accelerate Citrix MetaFrame servers with Nfuse. Multi-homing was utilized in this solution. The complete solution was deployed using third-party SSL certificates. To complete the solution, Novell Nsure Audit was implemented for each component of the access solution.

Novell Access Manager: Confidential,

Designed large, clustered and fault-tolerant access solution providing 5,000 concurrent connections from both the Internet and intranet. Deployed three Linux Access Gateways (LAG as cluster members in the DMZ fronted by a Layer 4 switch. The switch provided load balancing and fault tolerance for the LAGs. Two identity servers were deployed as cluster members along with two admin consoles inside the corporate firewall. This solution was designed for a very large customer and employee portal. Access Manager was used for customer facing that included SSL authentication and role-based access control to multiple backend applications. The solution also required the use of Identity Federation (SAML) with a third-party application. The SSL VPN Gateway was implemented to provide user access to the Citrix environment. Policies to assign roles, to control access, and to enable single sign-on to resources that require credentials were also utilized. Backup and restore processes were developed. The complete solution was deployed using third-party SSL certificates. To complete the solution, Novell Nsure Audit was implemented for each component of the access solution.

Confidential Worked with other consultants and client technician to establish the requirements for a single sign-on (SSO) solution. Implemented a pilot to demonstrate authentication and SSO functionality on both nursing kiosk workstations and normal workstations with both eDirectory and Active Directory integration. Established card-key based initial authentication and application graded-authentication. Worked with the client to plan for the Phase I implementation.

Confidential Worked to implement an IdM solution in a proof of concept environment for a large healthcare client in West Michigan. Configured the AD and eDirectory drivers with rules for placement to and from a flat ID Vault. Configured the CSV driver to emulate the HR system and implemented rules for role-based user provisioning. Configured password synchronization and installed and customized self-serve password service. Installed and configured the GroupWise driver.

Confidential Worked as technical lead to upgrade three client sites of 0 users from ZENworks 2.x to ZENworks 4.01 in 2003. Provided custom training for these clients on ZfD imaging, NAL scripting, Remote Management, Inventory and Policy Management. Worked with other consultants to create workstation imaging and application delivery systems for a number of these clients.

Confidential Managed day-to-day operations of Novell, Linux, OS2 and Windows server based data center:

• Provided first line helpdesk support to VPN connected dealers nationwide.
• Managed WAN and LAN connectivity for as many as 1,000 remote project offices.
• Supported World Wide network attached devices on the production line floor.
• Designed and deployed Token-Ring and Ethernet LAN’s.
• Designed and deployed World Wide Novell eDirectory tree.
• Designed and deployed Novell 3270 solution consisting or 42 Novell 3.12 servers to support North America Purchasing.
• Provided budgeting, purchasing, and licensing for all hardware and applications.

Network Infrastructure Design and Deployment: Confidential,

The network consisted of 13 Token-Rings one on each floor. One Token-Ring ran vertically between the North and South side of the building. Each floor ring was attached to the vertical ring with two IBM bridges. The operating system was a combination of IBM OS2 and Netware 3.12. This environment supported 55 serves and 600 users.

Lead Network Engineer: Confidential,

Responsible for setting up communications between AS 400, System 32 and System 36 (5250 emulation) and evaluating LAN’s. Worked on VTAM and CICS.

Authentication, Access Control Solution: Confidential,

Responsibilities included:

• Designed and developed Identity Manager 2/DirXML connector between the NDS file and print tree and the iChain authentication tree to synchronize identities needing remote access.
• Deployed eGuide under the Extend framework.
• Planned, staged, and completed the production cutover of Hyperion and the Extend framework.

Shibboleth Secure Identity Management Initiative: Confidential,

Worked on Shibboleth Secure Identity Management (SSIM) initiative to appropriately centralize, secure, synchronize, federate, and automate identities and passwords while reducing redundancy, cost, errors and increasing user satisfaction and productivity. The objectives of this initiative where:

• Meet UT-Systems Shibboleth mandate.
• Establish Shibboleth Identity Tree and Identity Provider.
• Develop business processes necessary to comply with Shibboleth requirements regarding access provisioning and de-provisioning for Client employees.
• Establish identity management governance process.
• Increase security through a centralized secure identity vault and password synchronization features.
• Simplify, streamline and increase security features of existing account management business processes.
• Facilitate the sharing of resources between client and Health Science Center.
• Design of PeopleSoft as the automated authoritative source for identity management.
• Design of automated one way account provisioning / de-provisioning from PeopleSoft to the identity vault.
• Implementation of iManager for manual creation, modifications, deletions and password resets.
• Design of one way account provisioning / de-provisioning to a master Active Directory from the identity vault.
• Design of password Set/Reset to the master Active Directory.
• Design of one way account provisioning / de-provisioning to a Shibboleth Access Tree from the ID Vault.
• Design of password Set/Reset to Shibboleth Access Tree from the ID Vault.
• Configuration design of Shibboleth Identity Provider to enable federated access to UT-Systems resources such as Blackboard.
• Design of one way account provisioning / de-provisioning to a Health Science Center Cooperative Access Tree from the identity vault.
• Design of password Set/Reset to Health Science Center Cooperative Access Tree from the ID Vault.

Authentication and Access Control: Confidential Assisted the DOT in project to provide employees with a single point of access to web-based resources. Assisted the DOT IT department in creating a pilot Employee Access Portal that was rolled out to 5,000 users. To provide DOT employees with a single point of access to web-based resources, a pilot Employee Access Portal was created and rolled out to approximately 1,000 users.

Worked on this pilot employee Access portal solution, which consisted of:

• iChain to secure portal site and other applications accessed through portal.
• GroupWise system through GroupWise gadget.
• Citrix sessions thorough the Citrix gadget.
• Network File access through the NetStorage gadget.
• DOT Intranet site access.
• RCA, a web-based application, access.
• I-Hub access.