AREAS OF EXPERTISE INCLUDE:
Azure Active Directory
Identity and Access Management
Migration & Consolidation
Windows 2003, 2008, 2012
Active Directory & Security Architect\Lead Project Manager
- Worked with senior leadership across the business to develop roadmaps and the delivery of the solutions.
- Spearheaded all aspects of project management from scoping, requirements gathering to design, planning, delivery, support and resource consumptions.
- Provided weekly status updates to executive committee on project progress, milestone achievements, burn rate, timeline, risks and remediation plans.
- Worked with Ms Project to develop project plans against milestones and critical success factors and transitioned to Jira.
- Developed necessary Sow’s to engage with vendors such as Quest and Microsoft for advisory and implementation services.
- Architected Active Passive Ad connect design across Us and Europe.
- Aligned necessary upgrade to current version and configuration across Azure AD to include group attribute write backup.
- Aligned synchronization rules to filter admin, test and service accounts from on premise to Azure Active Directory.
- Enabled SSO with O365 via ADFS. Aligned claim rules to specifically allow external users based on group membership access to O365. Deployed Certificate based authentication to facilitate MFA requirements and aligned CRL list with WAP workflow.
- Designed 2016 Greenfield Active Directory based on a Single Forest Administrative Baston Landscape. Designed PKI infrastructure encompassing three Tier hierarchy. Deployed Root CA, Intermediate and Issuing CA.
- Aligned external and internal user modeling in AD tenant to enable effective collaboration with external business partners.
- Aligned Cloud SaaS applications such as Workday, QuickBase, and Cloudera among others within AWS, Azure and on - premise directory services.
- Provided knowledge transfer to operations in the areas of AD connect, Metaverse identity search and synchronization errors to Azure Active Directory.
- Aligned authentication across vpc via AWS 10 g direct connect.
- Deployed dev, staging and production domain controllers in separate subnets. Aligned DCHP servers for pxe boot related testing.
- Worked closely with Hadoop project team to integrate AWS Unix servers as members into AD via Centrify DirectControl
- Architected the design of a parallel Recovery Manager for AD Forest Edition (RMADFE) infrastructure to enable forest level recovery.
- Designed appropriate collections and recovery schedule.
- Created runbooks to enable object level and forest level recovery.
- Aligned Azure PaaS services including development resources for RMADFE testing and production deployments.
- Aligned deploying directory services in AWS to reduce latency and increase availability for cloud services.
- Aligned Conditional Access policies targeting Exchange Online, SharePoint Online and OneDrive. Targeted policies to meet MFA requirements specifically domain joined and or DUO enabled.
- Aligned appropriate licenses to enable MFA and Intune.
- Setup site to site vpn and vnet peering to enable access from on premise to azure and within azure across vnets.
- Developed necessary processes to manage Global Admins, delegated roles and subscriptions using the appropriate azure portals.
- Upgraded ChangeAuditor and Recovery Manager to current version.
- Setup alerting and reporting within ChangeAuditor
- Developed Forest Recovery framework including project files and necessary pre-requisites.
- Reviewed directory service placement across the network including the shared joint network.
- Reviewed the scope configuration across geographies to ensure user capacity after merger is aligned.
- Reviewed and provided guidance on real estate consolidations across the globe.
- Leveraged Power BI desktop to develop visual reports for management.
- Leveraged Power BI service to drive analytics creating reports and dashboard providing insight on consolidation, expansion and or closure of sites based on data parameters.
- Used DNA tool to discover environment.
- Gathered new architecture requirements versus existing architecture upgrade requirements, business process, documentation requirements and governance alignment across on premise and cloud.
- Output specifically encompass Requirements document with must have’s and nice to have’s along with change control and quality requirements.
- Planning included designing the CyberArk component’s: Designed for On-premise and Cloud:
- The solution consisted of the Primary site and disaster recovery site. The Primary site consists of Enterprise Password Vault (EPV), Central Password Manager (CPM), Password Vault Web Access (PVWA) and Privileged Session Manager (PSM). The DR site consists of a standalone Vault, CPM, PVWA and PSM.
- Designed Vault Layout in considerations of HA and DR requirements.
- Aligned server, clustering, port and event notification.
- On premise architecture encompasses Clustering while cloud architecture encompassed standalone with replication across AWS Vpc and Azure Vnet. Both cloud providers have direct connect (via DirectConnect and ExpressRoutes to on premise).
- Working closely with engineering and operations developed runbook highlight phased approach including detailed steps to implement the solution. Documented remediation errors.Worked closely with operations to deploy CyberArk.
- Document appropriate blueprints and runbooks including Installation Qualification.
- Architected the solution to move from CyberArk 9.1 to 9.4.
- Built lab to simulate production.
- Deployed EPV, CPM, PVWA, PSM, AIM
- Aligned Maser Policies
- Defined Vault Owners, Administrators and Users.
- Create new Safes
- Create and manage user groups in PAM system
- Create roles and assign the roles to user groups
- Define and apply password policies
- Manage user provisioning and de-provisioning
- Perform full backup and restore
- Define and generate reports.
- Aligned CyberArk Safe and CPM to facilitate governance of these accounts.
- Worked with IBM vendor management and towers from service desk to networking.
- Oversaw a matrixed team of 40 resources and developed the necessary rescue plan, aligning resources and contracts.
- Directly managed 4 regional project managers across the globe and provided guidance on necessary action plans.
- Held Daily global cadence calls internally and with the client.
- Specific steps taken to rescue the project included.
- Level setting expectations around timelines
- Identified and removed personalities on the vendor side that did not promote or foster success.
- Enabled transparency by having open dialogue with the customer on the weakness identified. Gained trust by closing those gaps where possible and kept an open channel with all key stakeholders.
- Balanced the competing needs of the client and IBM as it pertained to revenue creation\billing
- Enabled meaningful technical discussions by having the right subject matter experts provide guidance
- Provided very specific action plans in 30-day increments
- Skillfully navigated the political channels and within 1 year enabled the rescue of the project. Saved IBM 6 million dollars.
- Tracked and reported resource charge backs and gaps in contract.
- Provided Active Directory guidance as it pertains Exchange DC authentication and architecture supporting 10 Dag’s encompassing 40 servers split across two datacenters.
- Aligned with network and firewall teams to ensure necessary ports across datacenters are opened
- Event log management and privilege access spearheaded design and implemented Quest ChangeAuditor for Active Directory, key elements include:
- Architecture (Layout, redundancy, sizing), Alert management, OU protection
- Developing test scenarios and documenting test results along with IQOQ to Quality
- Proactively review ChangeAuditor for configuration refinements, database growth and event storms
- Leveraged Power BI desktop, Power Query, Power Pivot on Excel to gain insight on events including who did what when and where.
- Review OIM managed Active Directory attributes across separate domains and forests to ensure correct synchronization of attributes within the Identity and Management Lifecycle is achieved.
- Participated in the IVR initiative to enable users to manage and change password use Voice, Two factor authentication and OTP (One-time Password). Worked with InfoSec to define pin and password strengths and constraints within the IVR solution.
- Review Windows Local Connector from OIM to member servers for account reconciliation and User Access Revalidation.
- Worked with corresponding CMDB Sme to align the synchronization of the admindisplayname attribute and admindescription data to task instructions fields in CMDB to enable cross referencing of privilege accounts and corresponding group owners.
- Aligned Roles to ARS and analyzed patterns across user population and business teams to help define technology role templates. Created Access database and corresponding Sql queries to map users to existing roles and enable reporting of roles to business units.
- Consolidate multiple excel feeds into Sql Server and exposed database to Power BI service. Leveraged Power BI desktop to enable end users the ability to consume the raw data and develop custom analytics and reports.
- Work with operations and Scom team to align Scom 2008 r2 overrides, monitors and rules.
- Reviewed out of box monitors and rules against 2003 management pack.
- Configured corresponding overrides to match 2003 management pack.
- Reviewed monitors and rules with operations that were new to 2008r2, aligned thresholds values.
- Reviewed monitors and rules to enable the tracking of USN rollback in the environment.
- Developed custom rule parameters to alert based on four specific event ids within an hour to trigger USN rollback detection.
- Working with Microsoft, reviewed monitors, rules and scripts to identify failure in detecting Active Directory replication.
- Identified Active Directory Object Helper misconfiguration and developed plan to remediate.
- Worked with operations to implement plan in production.
- The synchronization of on premise active to azure active directory was tested, including write back.
- The migration of exchange test mailboxes from on prem to O365 using a staged approach was evaluated.
- Applications such as Box and Hadoop were tested for SSO.
- Researched, evaluated, proposed, architected and implementation the consolidation of identify across different operating companies.
- Specifically evaluated Specops, iGoodworks and Dells Quick Connect.
- Piloted Dells Quick Connected and rolled out the solution in production enabling users to synchronize passwords based on the employee attribute across directories.
- Project Management: Worked with Directory Services team to develop the project plan. Focused on areas including procurement, planning and implementation.
- Ensured necessary IQ\OQ processes were aligned by working with subject matter experts to align documentation.
- RMAD Console Layout and Sizing
- Dit sizing analysis, retention period and disk size requirements
- Sql database requirements including service account rights alignment to least privilege
- Align Agent design in consideration of best practice for console and local storage
- Collection creation and configuration including
- Email notification for failures and agent versus agentless backups
- Documenting test results
- Develop and submit IQOQ to Quality
- Knowledge transfer to operations
- Work with supporting groups such as operations and database to align RMAD database.
- Support operations in rolling out RMAD
- Proactively review RMAD for failed backups
- Align RMAD for ADLDS backup of Quest Migration Manager for Active Directory
- Align restore process by leveraging ldp to delete Adlds instance attributes and restoring those attributes using RMAD
- Develop knowledge base for backup and restore operations including:
- User, Group, OU object and attribute level recovery
- Aligned application impact
- Directory Services Upgrade Plan introducing 2008R2 and moving fsmo roles
- Testing including capturing baseline pre-versus post upgrade and introduction of 2008R2 schema changes
- Aligned forest and domain functional levels in consideration of domain controllers distributed globally.
- Aligned the 280 domain controllers globally including decommissioning processes to validate dependencies tied to applications.
- Designed backend environment encompassing SQL, SSRS, SSAS and IIS.
- Configured necessary Rules and Collections
- Rules included publisher and path related
- Whitelist and blacklist creations
- Staggered deployment of agent’s enterprise wide
- Aligned operations and helpdesk to support the product
- Created corresponding BeyondTrust Admin consoles with the GPO extensions to manage Powerbroker for Windows.
- Assessed gaps in the business and technology process as it pertains to the Active Directory Infrastructure Post Disaster Recovery Confidential SunGuard facility.
- Gathered data from technology stakeholders across different platforms including networking, open-systems, end user computing, etc…
- Gathered data from change management, patch management, facilities, etc.
- Develop Key recommendations including:
- Metadata cleanup, removal of stale Dns records, reconfiguration of subnets with AD and manual connection partners to fix replication errors.
- Align Sites and Subnets to reflect current wan topology as Ad replication is not working optimally as stale subnets are defined, inbound replication connections without corresponding partner replications are missing.
- Documented the current state including single points of failure with FSMO role holder and provide best practices using Quest Forest\Domain Recovery Manager for real time recovery.
- Created powershell script to monitor state of DC’s.
- Designed solutions to leverage Microsoft UAG and TMG for reverse proxy and secure authentication via the web.
- Designed AD in the DMZ for secure authentication.
- Designed secure VMs and network routing to integrate with customer Salesforce and corresponding web service calls to submissions applications.
- Spearheaded the Cloud strategy including leveraging Microsoft Azure and Vmware 5.
- Assessed the Confidential datacenter infrastructure and provided key recommendations in capacity planning, storage alignment (San versus direct attached), iops measurements, etc…
- Designed multi-tenant directory services around business application offerings.
- Consolidated and m igrated Active Directory Domains and Domain Controllers
- Directory Services and Desktop Transformation leveraging Quest Migration Toolsets
- Novell NDS to Active Directory
- GroupWise to Exchange
- Windows 2003 to Windows 2008
- XP to Windows 7
- Exchange 2003 to Exchange 2007 and 2010
- Notes to Exchange
- Application Alignment including Fim, ERP, etc…