SUMMARY

• Nineteen years of extensive information technology and security experience in identity and access management; enterprise architecture; infrastructure and systems planning, design and implementation; and project management.
• Highly effective leader of technical teams executing multiple projects in fast - paced, large-scale multi-national environments consisting of 10,000 to 300,000+ users; with over 7,000 Windows (2012/2008/2003/2000 ), Novell (6.x/5.x/4.x) and UNIX (Solaris 10, SLES 10/11, RHEL 5/6) physical and virtual file and application servers and storage running on Compaq, IBM, HP, Dell and EMC hardware.
• Design and implementation projects include the architecture and successful rollouts, upgrades and enhancements of numerous company-wide CA Identity Manager (r12.5/r12.6), SiteMinder r12.0, Okta, IBM Tivoli, Courion and federated solutions for single sign-on, user provisioning, deprovisioning and RBAC; external, international, client-facing IAM application portal security solutions (Websphere 6x/7x and plug-ins, IHS, IIS, J2EE, Java, TEWS/REST web services, SQL queries, stored procedures, SiteMinder agents, SSO, federation, single- and multi-factor authentication) for organizations with over 300,000 users and a growth potential into the millions. Additional architecture experience includes configuration of small- to large-scale HP and EMC SANs and clustered environments supporting high-availability, networked and web applications; and enterprise-wide consolidations and the redesign or decommissioning of Data Centers and field sites.
• Significant experience in client-facing positions, defining client needs and translating to and designing corresponding technical infrastructure requirements, including defining data criticality and backup and DR requirements, and designing and implementing DR environments and conducting DR tests.
• Extensive directory/LDAP schema and tree (DIT) design, implementation and support experience with Active Directory, Azure Active Directory, Novell, CA Directory, Okta and Tivoli; and design, implementation and testing (UAT) in development, test, QA and pre-production environments, focusing on IAM (including integrations between CA, Okta, IBM, Oracle, Courion, Sailpoint, FIM/MIM, PeopleSoft, SAS, AD, AAD, AWS, Office 365, RACF, RSA, and commercial, in-house and third-party web-based and mobile (browser/hybrid) applications. Wide range of experience conducting security reviews, and designing and implementing solutions to ensure corporate compliance with regulatory requirements for a variety of industries (including banking, finance, insurance, pharmaceutical, transportation and manufacturing requirements in areas such as SOX, FDA, HIPAA, PCI, PII and mobile and cyber security).
• Excellent management, analytical, documentation and communications skills, and the ability to "think outside the box," lead to the identification and implementation of innovative, cost-effective solutions. Extremely experienced self-starter who is highly effective working remotely and on virtual teams.

TECHNICAL SKILLS

• Architecture
• SSO
• Identity Management
• Access Management
• Windows Server
• RHEL v5/v6
• CA IdentityMinder
• SuSe Linux
• Websphere v6/v7
• HTML
• CA Directory
• Solaris
• SOA
• DNS
• CA SiteMinder
• MSSQL Server 2008
• J2EE
• TCP/IP
• Active Directory
• EMC
• Outlook/Exchange
• Security
• Tivoli Directory
• Novell/eDirectory
• Capacity planning
• Auditing
• Websphere v6/v7
• VMWare
• Disaster Recovery
• Scripting
• HTTPServer
• Wily
• MS Office Suite
• 802.11
• SQL Queries
• Optier
• PCI Compliance
• DHCP
• LDAP
• Apache
• SSH
• SMTP
• XML
• IIS
• Oracle Directory
• SFTP
• Azure AD
• NFS
• JIRA
• Firewalls
• MFA
• Office 365
• Confluence
• Cisco
• Juniper
• CyberArk
• Agile/SCRUM
• Sailpoint
• DataPower
• ServiceNow
• Okta
• AWS
• Virtual Directories
• Radiant Logic

PROFESSIONAL EXPERIENCE

Confidential, Los Angeles, California

Senior Consulting IAM and Security Architect

Responsibilities:

• Senior consulting Identity and Access Management (IAM) and security architect for Confidential for confidentialaccount. Member of confidential’s Identity Lifecycle Management Architecture team, which is responsible for identity and access management architecture, roadmaps, and identity-related architecture and security reviews for Toyota North America. Lead Information Security Intake team, which interfaces with all areas of the business and works closely with application teams
• Enterprise Architecture, Enterprise Services and all InfoSec teams to ensure new and redesigned SaaS, custom off-the-shelf and in-house developed applications comply with Toyota’s IAM roadmaps and approved authentication, authorization and provisioning patterns. Conduct architecture evaluations and architecture/security reviews, create solution architecture design and associated documentation, and facilitate engagement of governance, risk and compliance application and network security, security operations, enterprise architecture and other areas as required to ensure timely, comprehensive delivery of IAM solutions. Additionally, conduct in-depth analysis of identity data and systems to determine causes of production-related issues, and design solutions and/or architectural modifications to resolve and eliminate those issues.
• Design, implement and manage a comprehensive company-wide intake system/team that provides a single point of contact for application teams and/or business areas that are onboarding new or rewriting/upgrading existing applications. The resulting process streamlines InfoSec engagement by conducting an evaluation to identify recommended architecture options, engaging all appropriate InfoSec or other information technology teams, providing consolidated ROM estimates and/or consultations.

Confidential, Irvine, California

Principal IAM Consulting Architect

Responsibilities:

• Analyze Northwestern Mutual IAM environment and publish formal recommendations for improvements in and updates to IAM strategy. Develop gap analyses, remediation plans, and design on-premises and cloud-based IAM and IDaaS solutions. Lead team responsible for implementation of remediation and enhancements to IAM/IDaaS solutions.
• Plan migration away from legacy Oracle and CA IAM environment to Azure, Sailpoint and Microsoft (Forefront) Identity Manager by creating a comprehensive overall view of Northwestern Mutual’s existing IAM environment, identifying opportunities for consolidation and improvement, and designing a new cloud-based IDaaS environment. Build and deploy test and QA environments for on-premises and cloud-based testing and validation of environment functionality.
• Collaborate with application modernization teams to develop roadmap for authentication and authorization strategies. Design IAM/IDaaS infrastructure and set standards for protocols, SSO, web services and application integration and help application developers understand implications for application modernization and transformation. Develop in-depth, comprehensive architectural diagrams and supporting documentation detailing changes to application authentication and authorization and web services modernization.
• Analyze existing/legacy data models and recommend structural and strategic direction changes to facilitate migration from existing legacy Oracle/SUN directory services to a consolidated virtual directory, which correlates disparate on-premises identities from Active Directory, CA, Oracle/SUN, RSA, RACF, and on­premises and third-party applications. Design new directory information tree and update provisioning policies to leverage new attributes, thereby streamlining user on-boarding and enabling consolidation and modernization of provisioning into a centralized access management portal.
• Develop and architect roadmap, set requirements and standards, and architect new Azure/MIM/Sailpoint-based IAM environment that enables the organization’s identity transformation and facilitates implementation of a new cloud-based application portal for over 10,000+ users. This design also enables future migration of hundreds of thousands to millions of Okta-based external users to a new, centralized client portal.
• Develop consolidation and streamlining plans for IAM modernization to reduce data integrity issues. Interface with application teams to redefine attribute definitions, requirements and utilization to facilitate modern authentication and enhanced security, permitting formerly on-premises-only applications to be utilized by field sales personnel via the Internet by leveraging new, more comprehensive, supportable, and dynamic SSO architecture.

Confidential, Irvine, California

Senior IAMArchitect/IAMService Owner

Responsibilities:

• Architect and lead technical teams integrating application internet portals into an accessible, user-friendly SSO (authentication and authorization) experience for hundreds of thousands of external users. Developed customized application portal provisioning and self-service solutions in conjunction with platform services teams utilizing Force with Okta and OpenSSO, SAML 2.0 and OAuth solutions. Led companywide effort and gain consensus and support among various business units in developing a centralized portal user IAM strategy.
• Defined, designed and implemented virtual directory solutions to facilitate quick and seamless on-boarding of existing applications and new systems to provide a true SSO experience, while supporting legacy identity stores in disparate backend systems. This enabled speedy integration with application portals, including SSO, authentication and authorization, user provisioning and deprovisioning processes; self management processes such as forgotten reset, forgotten user ID retrieval and self registration; and role-based provisioning. Developed automated access management workflow systems that exceeded audit requirements, provided accountability and transparency in provisioning, and reduced provisioning time and errors significantly.
• Architected and led implementation of IAM solution for Office 365 integration of 10,000+ users with existing on-premises Active Directory, Okta, CA IdentityMinder, as well as SharePoint, Outlook and other applications. Planned and facilitated initial migration of all users, as well as roadmap for on- and off-boarding and migration from on-premises Microsoft applications.
• Developed long-term roadmap for future IAM solutions that defined future state support models, thereby advancing the existing support structure to accommodate new services, and enabling the integration of cost- effective technology solutions to reduce application on-boarding time and increase M&A and divestiture capabilities.

Confidential, Denver, Colorado

Lead IAM Security Engineer

Responsibilities:

• Architected and led technical teams implementing multiple application internet portals utilizing CA IDM r12.6, CA SiteMinder 12.5 and federated security solutions to support authentication and authorization, provisioning and self service (utilizing Websphere, Apache, IHS, IIS, TEWS/SOAP, web services, DataPower, SQL queries and stored procedures) for 300,000+ external users worldwide (APAC, LA, EMEA, NA).
• Defined, designed and implemented integration solutions to onboard existing applications and recently-acquired systems to application portals, including SSO, authentication and authorization, user provisioning and deprovisioning processes; self management process, such as password management, forgotten user ID retrieval and self registration; and role-based provisioning.

Confidential . Denver, Colorado

Responsibilities:

• Developed and implemented new access request functionality for complex provisioning architecture that included 25-step custom workflows utilizing Workpoint 3.4 in a SQL DB, customized select box data, groups, Policy Xpress policies; event listeners, BLTHs, LAHs, delegation workflow, task persistence, and custom email distribution of passwords and new user IDs to end users, and to notify next-level approvers of waiting tasks.
• Architected client-facing IDM r12.5/SM r12.0/federated environment that provided security (including authentication and multi-factor authorization), provisioning, self-service and enrollment, and email notification capabilities (via TEWS and web services) for hundreds of applications and replaced existing out-of-support Tivoli LDAP infrastructure.
• Integrated RSA hard- and soft-token provisioning into the internal IDM auto-provisioning infrastructure, including deployment of custom connectors, development of admin tasks, Policy Xpress policies and access request functionality and workflows.
• Developed and configured CA IDM custom components such as BLTHs, LAHs, screen logical attributes, program exits, Policy Xpress policies, TEWS and web services, and bulk loader and bulk task definitions.
• Designed identity and access management solution for newly redesigned application portal supporting 45 applications. Worked closely with application developers, enterprise architects and business units to define requirements, develop improve architecture that provided more automate onboarding of client users, and added new self-service functionality such as password resets, and automated provisioning.
• Led technical team responsible for IDM r12.5 SP1 to SP6 in-place upgrade through development,
• Conducted product evaluations and proofs of concept for Sailpoint, Forefront Identity Manager (FIM), Okta, CyberArk, Aveska, SecureAuth and other products to determine best potential solution integrations for modernizing authentication and authorization, and for enhancing multifactor authentication and privileged access management capabilities for the organization and its affiliates worldwide.
• Led technical engagement with CA, which includes integration of five new endpoints, automation of user deprovisioning processes via Policy Xpress policies and bulk task definitions; process improvements in data feeds from PeopleSoft and other sources to ensure up-to-date processing and successful downstream feeds of data to endpoints such as Active Directory.
• Designed and migrated functionality from existing Courion system to CA IDM environment, including consolidation of access requests and approval processes.
• Conducted workshops and meetings with business units to develop a security service management strategy.
• Led weekly strategy team meetings and developed enterprise security architecture standards, models, protocols and policies.
• Led weekly bootcamps to facilitate cross-training of teams, enhance knowledge transfer, and resolve real-time issues in a collaborative learning atmosphere.
• Developed long-term roadmaps for IAM security services deployments, upgrades and enhancements. Performed gap analyses of the enterprise architecture domains and IAM integrations with Active Directory, RSA and PeopleSoft endpoints. Delivered transformation roadmaps, optimization and standardization strategies.
• Contributed to closing projects and finalizing all activities.
• Led meetings with on-site project teams, maintained project plans and led execution of various phases of Security and Service Management projects.

Confidential, Denver, Colorado

IAM Security Engineer/Information Security Analyst

Responsibilities:

• Gathered business requirements and developed admin roles, tasks and policies to provide access request functionality to end users, which was integrated with RCM and IDM RBAC capabilities.
• Troubleshot and maintained IDM LDAP directory, authentication/authorization, and connectivity and authentication issues related to proxies, gateways, firewalls or application security.
• Provided support for legacy Courion (SQL-based) systems.
• Developed and implemented IAM change management guidelines for change documentation requirements and procedures, as well as submission of Change Requests and Service Requests using significant expertise with Service Desk and Remedy ITSRC.
• Worked with customer and CA to reduce the various performance issues in Identity Manager, Role and Compliance Manager, Service Desk, eTrust Audit.
• Resolved issues identified by security audits.
• Identified problems with ongoing activities through the business team and facilitated the problem solving process and contingency planning.
• Designed and implemented an extensive proof-of-concept test with Sailpoint and CA IAM technologies.

Confidential

Sr. Server Infrastructure Engineer

Responsibilities:

• As lead security interface with United’s security personnel; developed plans to improve security standards, new procedures to insure that only properly authorized data access requests were granted, greatly improve tracking to facilitate greater success during audits, reduce turnaround time in processing access requests, and increase security within the server environment. As a result, a highly successful on-boarding pilot program was launched at United’s headquarters and significant revisions were made to Novell security policy resulting in a more protected and compliant environment.
• In response to emergency Microsoft critical patch releases, led team responsible for distributing critical patches to over 200 servers and 30,000 desktops worldwide, all of which were not accessible via remote tools. Server and remote desktop patching was 100% completed on time with daily metrics reported to the client.
• Facilitated transition of support of United’s Airline Print Solution to HP team, including documentation creation, knowledge transfer, coordination with Service Desk and Change Management. Managed and directed patching, software upgrades and hardware repairs to insure maximum availability (99.99%) to client. Conducted root cause analyses and led outage bridge calls in order to restore service and remediate non-transition-related issues causing service disruption.
• As a senior member of the Engineering Technical Review team, reviewed and approved technical recommendations for United. Led weekly team status meetings; issued weekly status reports. As team’s single point of contact, resolved client escalations and process gaps, presented solutions to account and client executives, and engaged other appropriate resources to implement projects and resolve issues.
• Directed worldwide project activities and managed priorities and support for United’s Novell server infrastructure support, Windows NT server backups and hardware support, Windows 2003 file and Active Directory server builds, installations and support; UPS installations; power outages; station startups, moves and closures.

Confidential, Denver, Colorado

Responsibilities:

• Lead the policy/process review and gap analysis for United’s worldwide client/server environment, including reviews of standards, policies, procedures and regulatory and security compliance. Created action plans to address issues, set priorities, assembled and directed task forces, and developed and implemented metrics to measure policy and remediation effectiveness. New and revised policy implementation and definition resulted in greatly improved SOXA compliance.
• Developed team project tracking system to enable resource balancing and more efficient scheduling. Also, developed standardized project estimate templates and enhanced estimate process that increased accuracy by over 76%.
• Directed creation of searchable knowledgebase to enable all team members to share solutions and technical information with entire team, and to maximize problem resolution capabilities when new members joined the team.
• Successfully completed over 1,000 transformation projects, 99% of which were under budget and ahead of schedule. Defined and developed field decommissioning process and standards and insured proper, environmentally safe disposal of decommissioned hardware.
• Lead member of team that successfully migrated 2,440+ servers from Windows 2000/2003 and Windows NT domains into a Windows 2003 Active Directory environment to facilitate the separation of Confidential Active Directory environment from Philip Morris and its subsidiaries, including troubleshooting issues with Active Directory computer accounts, DNS, DHCP and WINS, WMI, Backup Exec and Legato backup software.
• Successfully decommissioned and migrated 550 servers nationwide in eight months; and completed a second transformation project under budget and ahead of schedule. Defined and developed field decommissioning process and standards. Successfully decommissioned, moved or consolidated over 750 servers from field sites using these processes and standards, which gave United for the first time an accurate inventory of all servers and insured proper, environmentally-safe disposal of decommissioned hardware.
• As member of the storage team, supported and installed Windows 2003 servers with connectivity to EMC Clarion SAN; installed and configured SAN management software and hardware; provided on-site assistance to EMC technicians; documented storage definition process, defined backup strategies and requirements, and defined and allocated LUNs on EMC SAN.
• As technical lead of server build team, developed and documented solution builds, server and printer data collection and shutdown/wipe criteria and procedures.
• As part of Lifecycle migration team and as Wintel support technical team lead, analyzed server requirements and developed migration plans and timelines to facilitate refreshing older hardware; developed procedures, documented migration strategies and interfaced with other team members to insure all aspects of migration were addressed, including security, shares and permissions, print queues, SAP printing, data migration, login script and home directory modifications, legacy application functionality and user testing; project scope included 300+ servers, including file-and-print, application and Active Directory global catalog servers.
• Developed and maintained vendor relationships, shipping guidelines and data gathering requirements to facilitate shipping and disposals or returns of equipment. Improvements in the systems resulted in a significant decrease in equipment damage during shipping to 0.5%.
• Rebuilt Windows 2000 and Windows 2003 servers for redeployment in production environment; documented installation standards and instructions for Backup Exec and TSM software/client, as well as modified Automated Build instructions based on new additions to process.
• Performed monthly Windows patching and updated firmware on servers in production environment. Troubleshot hardware issues resulting from application of updates and resolved prior to start of next business day.
• Developed, documented and implemented Digital Workflow (DW) process to facilitate Wintel Server decommissions, including creation of logical process, ITIL compliance, and user documentation to standardize process worldwide. Developed user training program and instructions for project managers in NA, LA, AP and EMEA to facilitate expedient use of the DW decommission process.

Confidential, Denver, Colorado

Responsibilities:

• Cultivated and maintained vendor relationships, shipping guidelines and data gathering requirements to facilitate shipping and disposals or returns of equipment. Improvements in these systems resulted in a significant decrease in equipment damage during shipping, down to 0.5%.
• Developed and implemented Digital Workflow (DW) process to facilitate project management and standardize process worldwide. Developed and directed project manager training program in NA, LA, AP and EMEA to facilitate expedient use of the DW decommission process.
• Upgraded and maintained bank's enterprise-wide Windows/Exchange and Lotus Notes HP SAN environment, including upgrading controller firmware, adding controller RAM, and replacing failed drives and backup batteries. Co-planned and co-performed upgrade and migrated email system from an Alpha-based to an Intel- based architecture, doubling the SAN's disk space with no loss of data and no interruptions of service during business hours. Planned and installed the email DR environment.
• Liaised between internal clients, applications developers and software vendors to identify hardware needs for some of the bank's most high-profile projects, including designing and implementing a highly redundant (99.999% available), clustered HP SAN environment.
• Member of team that implemented Microsoft Exchange rollout for users in trusted domains. Acted as key resource for troubleshooting Exchange authentication problems across domains.
• Co-developed Active Directory migration and implementation paths as member of team that designed and implemented an enterprise-wide move; built and installed Active Directory development and production server infrastructure. Co-designed and implemented Active Directory OU structure and GPOs.
• Senior member of team that upgraded bank's entire file and print environment of 200+ servers, including remote sites in other states and Mexico, in just over a year. Designed, purchased, assembled, installed and supported hundreds of Novell, NT and Windows 2000 Intel-based systems.
• Developed specifications for data center rack assemblies compatible with current hardware and obtained from local vendors at a 57% cost savings over name-brand racks. Worked with electricians and corporate real estate offices to define requirements and design data center to support future growth estimates.
• Worked closely with networking personnel to establish infrastructure requirements necessary to support the increasing demands of bank-wide client/server technology rollouts. In conjunction with client/server hardware and software upgrades, the resulting network infrastructure upgrades improved reliability and user response time. This enabled software centralization and networking of many major applications, enhanced centralized systems management capabilities and provided much needed redundancy and disaster recovery functionality.
• Planned and implemented a bank-wide rollout of client/server hardware and O/S. Maximized the use of existing resources by completely restructuring, upgrading and reallocating servers which, combined with strategic purchases of new hardware, enabled successful project implementation despite a 60+% budget reduction. This increased the stability and reduced the downtime of mission-critical financial systems, and introduced for the first time a standardized environment.
• Managed, planned and implemented the conversion, upgrade and physical relocation of thousands of users and their client/server systems. Coordinated systems migration and upgrades with corporate real estate, construction and user communities during all phases of the project, resulting in a highly successful, comprehensive conversion with no unscheduled downtime. The implementation team earned the parent company’s “Project of the Year” award for the company’s IT projects worldwide.
• Designed, planned and implemented, in less than three weeks and with no funding, an automated, company­wide client/server antivirus solution that reduced the incidence of virus attacks to less than 1%. Because of this, no infection or data loss has occurred as a result of increasingly frequent breakouts of highly destructive worm or DoS viruses. Authored written Congressional testimony that the bank was asked to provide as a result of our successful efforts.
• Developed and implemented hardware and O/S installation standards, reducing the need to maintain numerous stock parts for repairs, and allowing capital to be redirected into infrastructure upgrades.