SUMMARY:

• A senior leader with expertise in the management and implementation of identity centric computer architectures and solutions running in the public cloud.
• 10 years of experience building, deploying and securing applications running in Amazon Web Services and Microsoft Azure.
• Strong balance between leadership skills, technical hands - on ability and business needs.
• Demonstrated Subject Matter Expertise in securing and managing identities across the Microsoft Windows, Linux, Apple iOS and UNIX platforms.
• I am currently the Chief Security Architect for Confidential, leading teams in the implementation and security management of a new suite of SaaS based solutions running in Amazon Web Services.
• Excellent multilingual written and oral communication skills.
• Developed security strategies for the top financial institutions in the United States.

SKILLS SUMMARY:

Operating Systems: Windows Server 2012 R2, Windows Server 2012, Windows Server 2008, Windows 2003 R2, Windows 2003, Windows XP

Red Hat Enterprise Linux: Oracle Linux, UBUNTO, Debian, SUSE, Fedora, CentOS, Gentoo, Apple Macintosh OSX 10.2, 10.3, 10.4, HP-UX, AIX, Solaris, Android iOS

Directory Technologies: Active Directory Architecture and Design, Microsoft Forest and domain design and implementation, Group Policy Design and Implementation, Kerberos/LDAP Interoperability

PAM/LDAP: PKI, Kerberos Interoperability MIT, Confidential, Vintela, Likewise

Computer Languages: C #, C, C++, Visual Basic, VB Script, Power Shell, Java, JAX-RS, JavaScript

WEB technologies: JavaScript, HTML 5, CSS, various JavaScript frameworks; JQuery, JQueryUI, JQuery Mobile, knockout.js, Bootstrap.js, angular.js, node.js

Identity Access management: ADFS v2, ADFS v3, Device Join, OAuth2, SAML, Forefront Identity Manager 2010 R2, Microsoft Dirsync, Windows Azure Active Directory, Microsoft Multi-Factor Authentication Server, SAML, WS-Federation

Cloud Operating systems: Azure, Open Stack, Amazon Web Services, Blue Mix, Open Shift, Cloud Foundry, Soft Layer

Development Environments: Visual Studio 2012, 2013, Eclipse and IntelliJ IDEA

EXPERIENCE:

Confidential

Product Manager

Responsibilities:

• Responsible for Identity in the HCM line of products that makes up the suite of products in Confidential .
• Number of Identities under management is 17+ million.
• Oversee the implementation of federation using both SAML and OIDC flows of the products.

Cloud Security Architect

Confidential

Responsibilities:

• I am currently leading a team of developers and architects in the design, development, deployment, management and operation of all SAAS applications being deployed in Amazon Web Services for the company.
• SAAS Identity Management, in AWS we treat each AWS account as the boundary of autonomous administration.
• We have deployed multiple roles based on the technical role of the employee.
• The roles include but not limited to admin, dev-ops, Read-only, IAM admin, data scientist and data analyst.
• Authentication is achieved by leveraging Microsoft Active Directory Federation Services (which has been extended with Microsoft Multi-factor Authentication) to our on premise Active Directory Environment.
• Policy Enforcement, currently working with a third party in helping them design a policy enforcement engine that will stop a admin from changing the AWS policies set within a AWS account.
• Logging and Auditing, Logging and auditing is achieved by utilizing cloud watch and cloud trail, those log files are then aggregated via SPLUNK or SUMO-LOGIC once the logs are aggregated we will then use a machine learning based solution for storing the data in a data lake.
• The vendors we are evaluating for the machine learning include but not limited to Caspida, Gurcul and another TBD.
• Web Application Firewall, we are currently evaluating web application firewall vendors in a bake-off scenario vendors under consideration include but not limited to Akamai, Forti-net, Impreva and Palo-Alto networks.
• Cryptography, I am currently in the design and deployment phase of several cryptographic projects including but limited to enhancing our own PKI for supporting SSL s, Amazon KMS for key rollover of API’s and a integration of SSH.COM’s implementation of crypto auditor for SSH key management and rollover.
• SAAS Application Authentication, all SAAS applications will be using Open-ID Connect. There are multiple vendors under consideration as the IDP used for the token issuance. The solution will need to be globally available as our applications will be deployed in 6 AWS regions around the world. Each deployment is built to auto scale horizontally and simultaneously leverage multi-availability zones for fault tolerance.
• Messaging and notification services, currently designing a set of services for electronic communication that utilizes SES and SNS from AWS. The services will be run from within customer owned AWS accounts that will be managed and provisioned from within the PB common services cloud.
• DEVOPS CI/CD process, responsible for the design and hardening of the core AWS infrastructure services used for deploying the SAAS applications built by the company tools and technologies that make up the environment include but not limited to Ansible scripts, cloud formation templates and Jenkins/Maven build environment. Computer languages/runtime environments supported include .net, java, javascript, and node.js
• Secure Coding, establishing the baseline for secure coding which borrows heavily on my earlier.
• The guidelines we are implementing is based on the STRIDE methodology with IBM’s static analyst tool. We are currently evaluating tools for static analysis.
• Security Operations Center, Security Response Center slated for 2016 the company has asked me to design the processes, roles and organizational structure for its own Security Operations Center and Security Response Center that will govern all SAAS applications that the company will be selling.

Architect

Confidential

Responsibilities:

• Confidential is a boutique consulting firm that specializes in solving identity and service automation problems for organizations in a world of fast-changing technology.
• Migrated 25 different universities and colleges from live.edu to Office 365. All engagements included installing and configuring either FIM 2010 R2 or Microsoft Dirsync in conjunction with installing and configuring ADFS v2 or ADFS v3 for authentication. The end result was organizations had 1 password and 1 identity to manage that worked in the on premise environment as well as the cloud.
• Trusted advisor to the Microsoft Azure Active Directory team in helping craft/design the features and functionality that Microsoft is building into the hybrid directory and cloud services that corporations will be deploying over the next 10 years.
• Design, developed and deployed a password change notification service for a large international corporation that enabled users to change their passwords and have the password synchronized in a windows multi-forest environment from anywhere in the world.
• Perform the role of a virtual technical sales professional for Microsoft in support of Microsoft MFA with Confidential 500 companies.
• Design, deployed and configured MFA server to support on premise authentication, integration with ADFS as well as cloud only deployments.
• Customers are typically large Confidential 500 companies and state agencies that are looking for alternatives to using RSA authentication for VPN access.
• Perform the role of a virtual technical sales professional for Microsoft in support of Microsoft Application Access with Confidential 500 companies.
• Configured single sign-on for leading Software as a Service applications such as Box.com, Salesforce.com and Office 365.
• Identity in the hybrid cloud
• How to building a on premise identity cloud
• How to integrate Active Directory with Windows Azure
• ADFS and WS-*
• Managing Application Access using Azure Active Directory and the Azure Access Panel for Software as a Service applications.
• Performed multiple web developer based consulting engagements show casing how to consume assertions from ADFS, OAuth2 that illustrate single sign on from Active Directory to Web properties deployed in a untrusted network.
• All applications written used HTML 5, CSS3, JQUERY, JQUERYUI, Knockout.js and RESTful API’s.

CTO

Confidential

Responsibilities:

• Led the company’s development, Test and Marketing teams relative to all aspects of the Confidential suite of products.
• The Confidential tool set enabled windows administrators to control and configure identity and access management of computers running non Microsoft operating systems from a Windows Desktop, leveraging the SSH protocol and LDAP repositories for authentication and authorization.
• The remote host computer, could reside in the cloud, virtual environment or on premise.

Principal Architect

Confidential

Responsibilities:

• Confidential develops and sells identity and management agent technology allowing users to authenticate to non Microsoft systems using Active Directory credentials.
• The agent technology further extends Active Directory reach in the enterprise in leveraging Microsoft Group Policy to be used for managing the non Microsoft systems in the same way that Microsoft Windows Servers and Desktops are managed in the enterprise.
• Started the field organization for consulting and sales engineering.
• Responsible for providing product design guidance and functionality. Field leader in managing implementations and integration of non Microsoft platforms into Microsoft Active Directory.

Confidential

Security Architect

Responsibilities:

• Responsible for the organization and delivery of meetings relative to security offerings to senior executives representing 12 of the largest financial firms in the United States.
• Managed the review, staffing and engaging with the Microsoft enterprise customer base around Microsoft’s efforts for security mobilization initiative.
• Responsibilities include hiring of consultants from partner companies, tracking of billings, review of engagement deliverables, and management of project life cycle from opportunity through delivery.
• Managed multi-million dollar consulting engagements staffed by customer, partner and Microsoft resources
• Recognized Subject Matter Expert (SME) within Microsoft on securing Server and Client systems, secure coding, PKI, interoperability with UNIX systems, change/patch management, Active Directory, Group Policies for Security, infrastructure security, Network Security (IPSec, VPNs), Security Governance Policies and single sign-on authentication for heterogeneous environments.
• Managed/Architected design through implementation to securely manage computer networks for Confidential 500 companies, based on Microsoft technologies. The typical network environment consisted of 10,000+ desktops and 1,000+ servers.
• Developed strategy and guidance for Microsoft field to interoperate with UNIX systems using Kerberos authentication.
• Responsible for the computer industry accepting dynamic DNS, AES and TCP transports in the MIT Kerberos distribution (version 1.3)
• Partial list of companies that I designed and implemented solution’s for include:

System Developer

Confidential

Responsibilities:

• Responsible for creating the test suites used by the quality assurance department for testing NW II workstations.
• Developer team member for the SDP platform, responsible for messaging interface, of extracting market messages off of the TCP stack. Developed using C++