SUMMARY:

• Worked with senior leadership across the business to develop roadmaps and the delivery of the solutions.
• Spearheaded all aspects of project management from scoping, requirements gathering to design, planning, delivery, support and resource consumption.
• Provided weekly status updates to executive committee on project progress, milestone s, burn rate, timeline, risks and remediation plans.
• Worked with Ms Project to develop project plans against milestones and critical success factors and transitioned to Jira.
• Developed necessary Sow’s to engage with vendors such as Gartner, Quest and Microsoft for advisory and implementation services.
• Worked across works streams from networking, storage, compute to desktop.
• Spearheaded Cloud and Pam related initiatives with focus on Azure Active Directory, Confidential Trust and Cyberark.

PROFESSIONAL EXPERIENCE

Confidential

IAAS, PAAS, SAAS Product Owner - Solutions Architect

Responsibilities:

• Responsible for the security architecture of Dells IAAS, PAAS and SAAS products offerings.
• Worked with external and internal customers to align Azure B2B and B2C. Specifically aligning federation across business partners and enabling SSO against Azure AD as IDP. Worked on enabling collaboration with external partners via Guest access, creating necessary office 365 groups for resource management and applied MFA CA policy to enforce security controls.
• Reviewed requirements including new versus existing workflow and SSO configurations. Developed necessary plans to test and implement SSO configurations. For existing sso configurations, captured current state including claims passed and created parallel configurations matching in Azure. For new sso configurations, worked on aligning required parameters including Entity ID, Reply URL and so forth. Aligned Scim provisioning where required and appropriate.
• Specifically worked on enabling sso based on Saml or OIDC for products such as Alertmedia, LastPass, ICIMS, Bonusly, Concur, Templafy, Zoom, among others. Aligned migration plans and cutover from PingFederate for products such as Concur, Zoom, Templafy and others. Coordinated with necessary vendors, external technical teams and internal resources to facilitate testing, change control and implementation.
• Example 1: Configured Zscaler Three to work with Azure IDP and migrated from Ping. Aligned claims to pass samaccountname and assigned groups to align with Zscaler role creation. Configured Scim provisioning across Zscaler by aligning necessary urls and bearer token.
• Example 2: Configured custom application to federate with customer Azure AD as IDP into Citrix gateway via federation. Worked closely with application teams to align application layer saml authentication where needed.
• Evaluated and deployed Azure Active Directory Domain Services to facilitate the migration of applications using legacy protocols (Ntlm, Kerberos, ldap) from on premise to cloud while allowing application teams to work on modernizing application to work with modern protocols including Oauth and SAML.
• Worked on mini-projects including aligning CIS assessor and dashboard tool, LLMNR cleanup, AD Sites and Subnets cleanup, azure management groups, Lastpass, Microsoft Dynamics testing, among other areas.
• Evaluated and provided recommendations on Cyberark and Laps across legacy domains. Provided guidance on securing assets using a unified Pam solution based on Confidential Trust. Specifically, aligned the Confidential Trust gallery application for saml authentication with Azure AD as the IDP provider.
• Reviewed and recommended AD site alignment to improve user authentication.

Confidential

MS Active Directory and Azure Architect

Responsibilities:

• Spearheaded the integration of client on premise active directory with Azure AD and Office 365. Provided guidance on project and technical strategy, enabling the organization to focus on a Cloud First Strategy. Areas of focus included Azure Ecosystem integration, security alignment, real time auditing, privileged account, governance and controls, application workload migrations and business continuity RTO.
• Designed and engineered AD connect including deploying staging mode servers. Aligned synchronization rules to filter admin, test and service accounts from on premise to Azure Active Directory. Enabled SSO with O365 via ADFS. Aligned ADFS claim rules to segregate users and service accounts and specifically allow external users access to Office 365 based on group .
• Aligned Conditional Access policies to meet security controls targeting Exchange Online, SharePoint Online and OneDrive. Specifically, targeted policies to enforce MFA requirements across criteria’s including domain joined and or DUO enabled, Global Azure Administrators, Service Administrators, etc.
• Aligned external and internal user modeling in AD tenant to enable effective collaboration with external business partners. Specifically provided guidance on ensuring b2b security is aligned while maintaining security cadence. For example, developed policy and technical controls to prohibit external guest users on SPO tenant to invite other guests.
• Developed and documented necessary processes to manage Global Admins, delegated roles and subscriptions using the appropriate azure portals.
• Developed necessary SOP’s and runbooks to align security, workflows and approvals.
• Aligned Cloud SaaS applications such as Workday, QuickBase, and Cloudera among others within AWS, Azure and on-premise directory services.
• Provided knowledge transfer to operations in the areas of AD connect, Metaverse identity search and synchronization errors to Azure Active Directory.
• Championed the deployment of dev and staging environments prior to production to more effectively manage release, maintain a stronger security posture and traceable configuration management.
• Setup Arm templates for dev and staging environments within Azure. Specifically created templates via Azure Resource Manager and using Visual Studio Manager extension to modify json file appropriately. Leveraged the azure powershell to deploy the template. Used Terraform for AWS dev and staging environment. Specifically configured Terraform with main.tf file with region specific details and followed by basic parameters including instance type.
• Worked closely with Hadoop project team to integrate AWS Unix servers as members into AD via Centrify DirectControl.
• Worked with IAM team to align identity lifecycle management including provisioning and deprovisioning of hybrid identity from on premise to Azure tenant.
• Architected the design of a parallel Recovery Manager for AD Forest Edition (RMADFE) infrastructure to enable forest level recovery.
• Designed appropriate collections and recovery schedule.
• Created runbooks to enable object level and forest level recovery.
• Aligned Azure PaaS services including development resources for RMADFE testing and production deployments.
• Aligned deploying directory services in AWS to reduce latency and increase availability for cloud services.
• Architected the upgrade of ChangeAuditor to version 7. Enabled the azure ad connector to capture critical events, fine tuned events to trigger automatic notifications such as privileged group actions\escalations.
• Aligned appropriate licenses to enable MFA and Intune.
• Setup site to site vpn and vnet peering to enable ace, ss from on premise to azure and within azure across vnets.
• Provided Knowledge Transfer and develop Knowledge Bases articles across Azure Active Directory specifically around Licensing, Health errors, device management, etc. Aligned L2 readiness across technology stacks including AIP, ARMS, OMS and IAM.

Confidential

Responsibilities:

• Pre-requisites: Prior to performing migrations ensured the following pre-requisites were aligned.
• Validated Cluster configuration for EPV, CPM and other components such Privateark Client.
• Validated PVWA ldap integration to directory service using dedicated service account
• Validated Master Policy and Safes
• Validated Backup configuration
• Validated DR
• Safe Migration: Engineered the process to migrate using CyberArk PowerShell cmdlets including get-pasaccount. Migrated safes from legacy environment to test environment confirming the accounts, passwords and aligning platforms prior to migration. Upon successful migration, coordinated with business stakeholders to validate migrated accounts. Provided upper management weekly dashboard reports on safe migration status including percentage completed, pending and in progress.

Confidential

Responsibilities:

• Auto-Detection: Developed the runbook to enable auto-detection and automatic vaulting of newly joined servers in Active Directory. Specifically aligned the following.
• Auto-Detection Template including safes to leverage for placing the onboarded accounts, ldap bind account, notifications among other areas.
• Setup Email Notifications when specific Safes were accessed
• Adding additional File Categories to Platforms. Categories included primary owner, project name and secondary contact.
• Aim Module and Account Management: Ran DNA scans to identify service accounts in use and consolidated reports into Access Database for pattern recognition. Using this insight was able to manage the risk of having CyberArk change passwords and lay the foundation for the adoption of the AIM module.
• Quota Ownership and Moving Expired Accounts: Documented the process to take quota ownership when removing quota owner from safes. Documented the process of identifying expired accounts using CyberArk Reporting and PowerShell.
• Perform Proof of concept on Conjur, Ansible and AAM. Specifically develop lab to showcase Ansible integration with Cyberark via Conjur and AAM.
• Reviewed existing implementation of CyberArk 10.5. Provided guidance on improving availability by recommending the deployment of additional CPM and PSMs across geographical datacenters. Recommended placing PVWA’s behind F5 load balancer and aligned licensing to scale the barebone infrastructure to meet Enterprise SLA’s.
• Provided guidance on aligning Safes including taking ownership of orphaned safes using Master. Provided safe and platform naming standards.
• Developed and documented the necessary framework to onboard accounts into CyberArk. Provided specific insight on native CyberArk onboarding features versus AIM.
• Showed how to leverage CyberArk Discovery and Splunk research to perform due diligence on usage of accounts.
• Spearheaded meeting with Exchange team to review research findings and discuss dependencies prior to onboarding of accounts. Created appropriate Safe with permissions to model support and aligned Platform to meet password standards.
• Documented infrastructure and recovery process. Identified issues with PAReplicate and provided guidance to reinstall and properly setup the backups..

Confidential

Responsibilities:

• Spearheaded Privilege management initiative for on premise and across the cloud. Specifically, drove Discovery, Planning, Testing, Implementation and Handover. Lead technical discussions and developed solution blueprints and engineering runbooks. Work closely with internal stakeholders (Directory Services, Security, Servers, Database and other groups) and vendors to validate design and implementation. Upgraded CyberArk on premise from 9.1 to 9.6. Implemented a new 9.6 landscape for cloud governance across AWS and Azure.
• Discovery includes understanding existing privileged landscape. Used DNA tool to discover environment.
• Gathered new architecture requirements versus existing architecture upgrade requirements, business process, documentation requirements and governance alignment across on premise and cloud. Output specifically encompass Requirements document with must have’s and nice to have’s along with change control and quality requirements.
• Planning included designing the CyberArk component’s: Designed for On-premise and Cloud:
• The solution consisted of the Primary site and disaster recovery site. The Primary site consists of Enterprise Password Vault (EPV), Central Password Manager (CPM), Password Vault Web Access (PVWA) and Privileged Session Manager (PSM). The DR site consists of a standalone Vault, CPM, PVWA and PSM.
• Designed Vault Layout in considerations of HA and DR requirements.
• Aligned server, clustering, port and event notification.
• On premise architecture encompasses Clustering while cloud architecture encompassed standalone with replication across AWS Vpc and Azure Vnet. Both cloud providers have direct connected (via DirectConnect and ExpressRoutes to on premise).
• Testing: Working closely with engineering and operations developed runbook highlight phased approach including detailed steps to implement the solution. Documented remediation errors.
• Implementation: Worked closely with operations to deploy CyberArk.

Confidential

Responsibilities:

• Validated security groups in AD for CyberArk
• Validated Cluster configuration for EPV, CPM and other components such Ark Client.
• Within PVWA setup ldap integration to directory service using dedicated service account
• Aligned SMTP and SIEM integration
• Aligned Master Policy and Safes
• Aligned Oracle and SSH key
• Aligned PSM, Secure Connect and Auditing PSM
• Vault Backup
• Aligned DR
• Support: Provided knowledge transfer and third level support to operations in execution of plan. Worked closely with CyberArk support to remediate issues. Worked closely with Microsoft and AWS to enable cloud deployment successfully. Areas that required alignment included vpc, vnet and portal views. KT topics included vault administration, PVWA common tasks among other areas.
• Documentation: Document appropriate blueprints and runbooks including Installation Qualification.

Confidential

Responsibilities:

• Reviewed directory service placement across the network including the shared joint network.
• Reviewed the scope configuration across geographies to ensure user capacity after merger is aligned.
• Reviewed and provided guidance on real estate consolidations across the globe.
• Leveraged Power BI desktop to develop visual reports for management.
• Leveraged Power BI service to drive analytics creating reports and dashboard providing insight on consolidation, expansion and or closure of sites based on data parameters.

Confidential

Responsibilities:

• Worked directly with CIO\CTO’s across Fiat. Worked with Confidential vendor management and towers from service desk to networking. Oversaw a matrixed team of 40 resources and developed the necessary rescue plan, aligning resources and contracts. Directly managed 4 regional project managers across the globe and provided guidance on necessary action plans.
• Held Daily global cadence calls internally and with the client.
• Specific steps taken to rescue the project included.
• Level setting expectations around timelines
• Identified and removed personalities on the vendor side that did not promote or foster success.
• Enabled transparency by having open dialogue with the customer on the weakness identified. Gained trust by closing those gaps where possible and kept an open channel with all key stakeholders.
• Balanced the competing needs of the client and Confidential as it pertained to revenue creation\billing
• Enabled meaningful technical discussions by having the right subject matter experts provide guidance
• Provided very specific action plans in 30-day increments
• Skillfully navigated the political channels and within 1 year enabled the rescue of the project. Saved Confidential 6 million dollars.
• Tracked and reported resource charge backs and gaps in contract.
• Provided Active Directory guidance as it pertains Exchange DC authentication and architecture supporting 10 Dag’s encompassing 40 servers split across two datacenters.
• Aligned with network and firewall teams to ensure necessary ports across datacenters are opened

Confidential

Responsibilities:

• Architecture (Layout, redundancy, sizing), Alert management, OU protection
• Developing test scenarios and documenting test results along with IQOQ to Quality
• Proactively review ChangeAuditor for configuration refinements, database growth and event storms
• Leveraged Power BI desktop, Power Query, Power Pivot on Excel to gain insight on events including who did what when and where.

Confidential

Responsibilities:

• Review OIM managed Active Directory attributes across separate domains and forests to ensure correct synchronization of attributes within the Identity and Management Lifecycle is achieved.
• Participated in the IVR initiative to enable users to manage and change password use Voice, Two factor authentication and OTP (One-time Password). Worked with InfoSec to define pin and password strengths and constraints within the IVR solution.
• Review Windows Local Connector from OIM to member servers for account reconciliation and User Access Revalidation.
• Worked with corresponding CMDB Sme to align the synchronization of the admindisplayname attribute and admindescription data to task instructions fields in CMDB to enable cross referencing of privilege accounts and corresponding group owners.
• Aligned Roles to ARS and analyzed patterns across user population and business teams to help define technology role templates. Created Access database and corresponding Sql queries to map users to existing roles and enable reporting of roles to business units.
• Consolidate multiple excel feeds into Sql Server and exposed database to Power BI service. Leveraged Power BI desktop to enable end users the ability to consume the raw data and develop custom analytics and reports.

Confidential

Responsibilities:

• Work with operations and Scom team to align Scom 2008 r2 overrides, monitors and rules.
• Reviewed out of box monitors and rules against 2003 management pack.
• Configured corresponding overrides to match 2003 management pack.
• Reviewed monitors and rules with operations that were new to 2008r2, aligned thresholds values.
• Reviewed monitors and rules to enable the tracking of USN rollback in the environment.
• Developed custom rule parameters to alert based on four specific event ids within an hour to trigger USN rollback detection.
• Working with Microsoft, reviewed monitors, rules and scripts to identify failure in detecting Active Directory replication.
• Identified Active Directory Object Helper misconfiguration and developed plan to remediate.
• Worked with operations to implement plan in production.

Confidential

Responsibilities:

• The synchronization of on premise active to azure active directory was tested, including write back.
• The migration of exchange test mailboxes from on prem to O365 using a staged approach was evaluated.
• Applications such as Box and Hadoop were tested for SSO.

Confidential

Responsibilities:

• Specifically evaluated Specops, iGoodworks and Dells Quick Connect.
• Piloted Dells Quick Connected and rolled out the solution in production enabling users to synchronize passwords based on the employee attribute across directories.

Confidential

Responsibilities:

• Project Management: Worked with Directory Services team to develop the project plan. Focused on areas including procurement, planning and implementation.
• Ensured necessary IQ\OQ processes were aligned by working with subject matter experts to align documentation.
• RMAD Console Layout and Sizing
• Dit sizing analysis, retention period and disk size requirements
• Sql database requirements including service account rights alignment to least privilege
• Align Agent design in consideration of best practice for console and local storage
• Collection creation and configuration including
• Email notification for failures and agent versus agentless backups
• Documenting test results
• Develop and submit IQOQ to Quality
• Knowledge transfer to operations
• Work with supporting groups such as operations and database to align RMAD database.
• Support operations in rolling out RMAD
• Proactively review RMAD for failed backups
• Align RMAD for ADLDS backup of Quest Migration Manager for Active Directory
• Align restore process by leveraging ldp to delete Adlds instance attributes and restoring those attributes using RMAD
• Develop knowledge base for backup and restore operations including:
• User, Group, OU object and attribute level recovery

Confidential

Responsibilities:

• Aligned application impact
• Directory Services Upgrade Plan introducing 2008R2 and moving fsmo roles
• Testing including capturing baseline pre-versus post upgrade and introduction of 2008R2 schema changes
• Aligned forest and domain functional levels in consideration of domain controllers distributed globally.
• Aligned the 280 domain controllers globally including decommissioning processes to validate dependencies tied to applications.

Confidential

Responsibilities:

• Designed backend environment encompassing SQL, SSRS, SSAS and IIS.
• Configured necessary Rules and Collections
• Rules included publisher and path related
• Whitelist and blacklist creations
• Staggered deployment of agent’s enterprise wide
• Aligned operations and helpdesk to support the product
• Created corresponding Confidential Trust Admin consoles with the GPO extensions to manage Powerbroker for Windows.

Confidential

Responsibilities:

• Assessed gaps in the business and technology process as it pertains to the Active Directory Infrastructure Post Disaster Recovery Confidential SunGuard facility.
• Gathered data from technology stakeholders across different platforms including networking, open-systems, end user computing, etc…
• Gathered data from change management, patch management, facilities, etc.
• Develop Key recommendations including:
• Metadata cleanup, removal of stale Dns records, reconfiguration of subnets with AD and manual connection partners to fix replication errors.
• Align Sites and Subnets to reflect current wan topology as Ad replication is not working optimally as stale subnets are defined, inbound replication connections without corresponding partner replications are missing.
• Documented the current state including single points of failure with FSMO role holder and provide best practices using Quest Forest\Domain Recovery Manager for real time recovery.
• Created powershell script to monitor state of DC’s.

Confidential

Responsibilities:

• Designed solutions to leverage Microsoft UAG and TMG for reverse proxy and secure authentication via the web.
• Designed AD in the DMZ for secure authentication.
• Designed secure VMs and network routing to integrate with customer Salesforce and corresponding web service calls to submissions applications.
• Spearheaded the Cloud strategy including leveraging Microsoft Azure and Vmware 5.
• Assessed the Confidential datacenter infrastructure and provided key recommendations in capacity planning, storage alignment (San versus direct attached), iops measurements, etc…
• Designed multi-tenant directory services around business application offerings.
• Consolidated and migrated Active Directory Domains and Domain Controllers
• Directory Services and Desktop Transformation leveraging Quest Migration Toolsets
• Reviewed the Windows 2008 R2 Active Directory Design encompassing a single forest, multi domain environment. Analyzed the design including branch based RODC’s placement, aligned necessary Dns\Wins, Domain and Ou based group policies.
• Reviewed the necessary implementation\migration runbook and recommended optimizing the FSMO roles, configuring time services, configuring GC’s, setting up Quest Recovery Manager, optimizing event logging, sites and subnets, etc…

Confidential

Responsibilities:

• Evaluated the feasibility of consolidating or decommissioning systems prior to the move. Executed the consolidation and or decommissioning if systems met predefined criteria from technology and business groups. Designed systems to achieve more availability by splitting certain services and introducing more redundant localized as well as remote services.

Confidential

Responsibilities:

• Focused on common scalable platforms and helping the agency move towards operational excellence. Spearheaded the below key initiatives.

Confidential, Jersey City, NJ

Active Directory Architect

Responsibilities:

• As part of the Critical Infrastructure Group, key initiatives included Directory Management, Consolidation & Virtualization and Business Partner Integration and Forest\Domain Consolidation.
• Participated in the firm’s strategic positioning for deploying domain controllers running on Windows 2008 R2 on Blades using Iscsi, FC and Directed Attached Storage with Zoning. Further tested the deployment of domain controllers on Vm’s. Performed preliminary assessment of running Domain Controllers on Blades with Iscsi storage and Vm’s. Evaluated and assessed the overall business and technology impact including areas such as service availability, recoverability, security, support, etc…
• Reviewed the tactical plans to consolidate three forests with multiple domains into a single forest with an empty root and child domain. Strategic and tactical plans included:
• Consolidation Master Plan
• Target Design including DC placement, OU sizing, DIT analysis, GC placement, etc…
• Intra-forest Migration Methodology
• Inter-forest Migration Methodology using Quest Migration Toolsets
• Domain Collapse

Confidential, East Hanover, NJ

Responsibilities:

• Primary responsibilities included spearheading the strategic and tactical separation from the Altria owned shared Directory and messaging environment to a dedicated Kraft environment. Developed the migration methodology based on the quest toolset including Qmm and Reporter.

Confidential, Teaneck, NJ

Responsibilities:

• Active Directory Project: Architectural recommendations included strategic placement of domain controllers based on bandwidth and latency considerations, sites and subnet configuration, configuration of forwarders within the Dns environment for name resolution to partner sites, simplification of OU structure and corresponding delegation to allow for simplified administration and management of actions of the helpdesk and support