Todd P.
Rossin
(610) 329-3276 Cell
PROFESSIONAL EXPERIENCE
IDMWorks, Inc. - Identity Management (IdM), Access
Management (IAM), RBAC and Password Management consulting
Vangent (on
contract for DoD RITPO Military Health Systems (MHS)).
Implementation of ESSO (Citrix Password
Manager for XenApp SSO) and CareFx context management solutions in a clinical
environment for active military personnel. Employee populations included
clinical employees in a shared workstation environment (Hospitals, etc.).
CareFirst
Blue Cross Blue Shield (BCBS).
Responsible for project planning
and managing a full lifecycle COTS implementation of Identity Matching (Discovery through Production)
using Initiate Master Data Service as subscriber data warehouse and identity
matching engine. Developed Solution
Architecture pertaining to overall
Responsible for planning and
managing a technical team consisting of 8 resources in identification and remediation of incorrect SSN
data for @25K users. Incorrect and orphan Identity data scrubbed
and/or corrected prior to launch of automated provisioning application
implementation.
Responsible for project planning
and managing a 35 team member Discovery phase of multi-project strategy and
definition for work beginning in 2009 and completing by 2013.
Merck,
Architecture, design and technical
management of RSA Federated Identity Manager implementation for federated
application self-service registration, account linking & synchronization
between both customer base and merged company applications (Schering
Plough). Schering Plough applications
required additional (two-factor) authentication utilizing existing Merck RSA
SecurID.
Architecture, and planning of
integrating legacy provisioning application (CA eProvision 3.0) in existing Sun
IdM 8 implementation due to merger of Schering Plough (CA environment) into
Merck (Sun IdM Environment).
Architecture, design and technical
management of replacement of CA SiteMinder with RSA Access Manager (formerly
Cleartrust).
Horizon
Blue Cross Blue Shield (BCBS).
For all projects below, utilized Clarity and MS Project to build
all project management deliverables and to define and managed budget,
SDLC, project plans, schedules, risk and scope.
Responsible for project planning
and managing a development team consisting of 12 resources in deploying a Sun Java System Identity Manager 7.1
full lifecycle implementation. Designed
physical and logical architecture, business and system requirements, password
management use cases, provisioning workflow use cases, test cases, and
training. Resources provisioned to included Active Directory, Sun Role Manager
(Vaau RBACx), QBlue and NASCO.
Responsible for all presentations to Architectural Review Boards, IT
& Security Governance, Human Resources and Business and End User
communities. Trained both technical staff and end users on Sun IdM and RBACx
toolsets.
Responsible for managing a
development team consisting of 15
resources in deploying Sun Java System Access Manager 7.0 (as replacement for
BMC’s UIdP) from Dev to UAT to Production implementation.
Responsible for managing a
development team consisting of 9
resources in deploying SAML 2.0 plug in for Sun Access Manager to allow for
Federated SSO. Managed network,
development and delivery from Horizon side to Federation partners.
Evaluated current role development
and assignment processes, created gap analysis, instituted short term process
improvements for manual role assignment while developing process improvements
through Sun Role Manager 4.0.3 (and Vaau RBACx 3.2.10) application. Baselined enterprise roles and analyze toxic
combinations (separation of duty reports) and restricted roles by analyzing
Human Resource and target platform reports. Worked with Auditor and internal
security and role management personnel to eliminate pain points in manual
process as a gap step to full workflow, tasking and forms based Role request
system provided by Sun Java System Identity Manager implementation. Worked with the business to redefine
the role governance process and business process for modification, approval &
removal of roles.
Road mapped 5 year Identity and Access Management architecture and
work streams for presentation to CTO/CIO.
Planned
Systems International (on contract for DoD RITPO Military Health Systems (MHS)).
Serving
as contractual Master Integrator on
multi-phase, multi-project Service Oriented Architecture (SOA) Identity and
Access Management project (IdM, SSO, PKE, CAC).
Identity Management Architecture, design, analysis and technical
management (of a 17 member team) in support of Homeland Security Presidential
Directive-12 (HSPD-12) Common Access Card (CAC) implementation, Application
Single Sign-On & Self-Service Registration with password management for
a user base of 9 million. Additionally created Identity Management and Single
Sign-on Business & System requirements, Use Cases, Project Plans,
Architectural System Design documentation and deliverables.
Client
1
Federal IdM/Role
Management
§
Evaluate
customer requirements for the implementation of Oracle Identity Manager and
Oracle Role Manager
§
Develop
requirements documents, use cases, testing scripts, design documentation and
system administration guides
§
Integrate
Oracle Identity Manager & Oracle Role Manager with customer managed systems
including (Oracle databases)
Client
2
Architecture, design and technical
management of Sun Java System Identity Manager -Service Provider Edition (SPE)
v.7.1 implementation for federated application self-service registration,
password management, account and linking & synchronization.
Technical management of Common Access
Card integration for authorization to 26 military applications per
HSPD-12. Management of upgrade to Sun
Java Enterprise System (JES) 2005Q4 release and Sun Java System Portal System
design of Entry, Failure and Logon pages.
Technical management of SSO integration
of Sun Java System Access Manager v.7.0 (over JES) for multiple applications.
Capital One.
Identity Management Architecture, design, analysis and management. Provided Identity data for future roadmap in Provisioning, Access Management and Federation as well as multiple project roles.
·
Oracle
IAM/RBAC
- Proof of Concept (POC) – Project
Manager, Technical Delivery Manager, Architect
Implemented Oracle Identity, Access, Identity Federation and Role
Manager (previously Bridgestream) in a Proof of concept environment.
Integrated Oracle software FW products with customers’ target
applications. Demonstrated &
supported product functionality for customer evaluation.
·
Sun JS
Identity Manager v.6.0 SP1 Proof of Concept (POC) – Project Manager, Technical
Delivery Manager, Architect
SIM 6.0 proof of concept leveraging
existing SIM instance as well as legacy provisioning tool utilized to determine
the viability of a Federated provisioning model.
· IdM Distributed (Multiple Instance) Provisioning Project - Identity Management Architect
Provided architecture, design, and
subject matter expertise in analyzing of Sun Java System Identity Manager v.6.0,
SP1 in a Spoke and Hub method in which multiple instances of the provisioning
application were utilized. Analysis
built on existing single SIM implementation covering Identity data creation
with multiple SIM instances covering local application provisioning leading to
creation of factory model.
·
Data Warehouse
for Identity Audit – Identity Management Architect
Arch. for Data Warehouse project for storing historical Identity audit data
(who has access to what, when, who approved, etc.).
·
Provisioning
Data Remediation Initiative – Business Analyst, Technical Editor, Quality
Assurance
Amalgamation, Quality Assurance and
validation of all Identity Management Design, Architectural documentation and
artifacts.
Northrop
Grumman (on contract for the Center for Medicare & Medicaid Services (CMS)),
SME, Management, Design and Architecture on IdM work streams: Provisioning (Sun Identity Manager) and Federation (Sun IdM – SPE).
·
IdM Provisioning
Project - Project Lead, Technical Delivery Manager, System Analyst, Subject
Matter Expert (SME)
Project and Technical design and
planning of multi-phased implementation of Sun Java System Identity Manager 5.5
and 6.0.
Phase I consisted of fixing existing provisioning implementation due to
implementation team replacement.
Temporary fix phase included adding Modify and Deprovisioning tasks and
modifying hard coded roles, rules and processes in dynamic workflow,
dynamically changing roles and adding flexibility to rule policies. Phase II consisted of replacing existing Sun
IdM infrastructure to allow for re-engineered provisioning environment
(addition of Sun One directory with improved DIT, Sun IdM v.6.0 for internal
users, Sun IdM – SPE for External users) with integration of several
multi-platform applications within Sun's Identity Management System (Sun IdM,
SPE, Sun Access Manager).
· IdM Federation Project (Federated Provisioning) – Architect, Systems Analyst, SME
Integration of Sun Java System Identity Manager – Service Provider Edition (SPE) for registration and self-administration of Medicare/Medicaid application for a user base of 65 million people. Delegated administration for medical practice (partner) and customer self-management. Federated provisioning for facilitating business interactions among medical practices. Auditing and reporting of provisioning and federated transactions for privacy and regulatory compliance.
United Health
Group (UHG).
SME, Management, Design and Architecture on IdM work
streams: Provisioning (Sun Identity Manager) and Federation (Ping Federate)
leading a team of 14 people.
·
IdM
Provisioning Project - Project Manager, Technical Lead, SME
Planned and managed
implementation of Sun Java System Identity Manager 5.5 (development) & 6.0
(dev/QA/production) as replacement for home grown provisioning system into
AD, UNIX, RACF, Peoplesoft as well as hundreds of applications and databases. Created high
level and technical project plans. Vetted Architectural diagrams. Wrote
Business Requirements, System Requirements, and supporting IdM
documentation. Ran current state
documentation and future state planning sessions.
·
IdM
Federation Project (Federated Single-Sign On) – Project Manager,
Technical Lead, SME
Implemented Ping Identity’s Ping
Federate v.2.1 using SAML 1.1
protocol to provide authentication, attribute and authorization portability
across autonomous security domains for UHG alliance partners and customers
(i.e. used PingFederate to enable standards based single sign-on and attribute
exchange across domains).
Capital One,
SME, Management, Design and Architecture on multiple IdM
work streams, Access Management (SSO, Application Security and Entitlements via
Entrust’s Get Access and BMC’s Control-SA), Password Management, Provisioning
(Sun/Waveset Identity Manager), Delegated Administration, Third Party Data
Management (Federation) and Directory (LDAP) Management – Novell’s eDirectory,
MS Active Dir and MIIS) with a team
of 16 people.
·
IdM
Provisioning Project – Program Manager, Team Lead, Technical Lead, SME
Wrote Business
Requirements, System Requirements, RFI, RFP and all supporting documents
leading to Vendor selection and management.
Ran Proof of Concept. Planned and ran product implementation of Sun Java
System Identity Manager (previously Waveset Lighthouse) in provisioning project
as replacement (in some instances) and/or addition for BMC Control-SA for
provisioning into Unix, Tandem Base24, RACF, Unisys & Oracle.
·
IdM
Sarbanes Oxley Project (Access Management, Centralized Workflow)- Program Manager, Systems Analyst, SME
Planned and ran parts of Sarbox
technical implementation using Sun Identity Manager as a centralized workflow
in a 90 day implementation model in order to achieve regulatory
compliance. Additionally planned and
implemented Disaster Recovery.
Environment manager for Dev, QA, and production environments.
·
IdM
Workforce Lifecycle Project - Business Systems Analyst
Creation of Identity Management
Roles/Rules processes, Use Cases, Workflow and Data Flow documentation. Documentation of existing (“As-Is”) process
in order to develop process improvements (“
McDonalds
Corp.,
·
Identity
Management Lead, Technical Lead, Business Systems Analyst
Creation of Identity Management process, strategy, best practices and
architecture documentation including Access Management, Password Management,
LDAP Management, Provisioning, Delegated Administration, and Sponsor Lifecycle
Management utilizing the Rational Unified Process (RUP). Creation of Cost/Benefit analysis, Project
Charter and Project Plan. Identity
Management vendor and services selection.
GlaxoSmithKline, Durham, NC. Jul.03-Aug.03
·
Identity and
Access Management Architect
Client implementation planning of Netegrity SiteMinder 5.5 w/ Netegrity
IdentityMinder 5.6 (Web Edition) utilizing iPlanet (LDAP) and Oracle 9i.
Process planning and architecture. Delivery of Statement of Work (SOW) for
Netegrity eProvisioning.
Business Layers Inc. (since acquired by Netegrity Inc. and subsequently Computer Associates) Rochelle Park, NJ Jul.01-Jul.03
·
Identity
Management - Sr. Analyst, Professional Services and Technical Specialist roles
Implementation and support of Identity Management software including Business
Layers eProvisioning, (now known as
Netegrity IdentityMinder w/ Provisioning, also known as BMC
Control-SA/eProvision and SchlumbergerSema Secure Provisioning Director),
Netegrity SiteMinder 5.5, Netegrity IdentityMinder 5.6 w/ Web and Provisioning
modules and associated support software including LDAP directories (Active
Directory, Novell Directory Services, Netscape iPlanet, IBM SecureWay),
multi-NOS platforms, Database (SQL 7, 2000), ILOG J-Rules (Java based) and VB
Script.
·
Identity
Management - Corporate Training (Technical).
Responsible for design, development and delivery of all proprietary Identity
Management curriculum and non-proprietary technical curriculum, courseware,
policies and procedures, created courseware images, and management of corporate
IT training staff. Designed and presented six training programs that
established a standardized, consistent curriculum for worldwide training
services for both technical and non-technical clients and representatives.
IDMWorks, Malvern,
PA Oct. 03 - present.
Resource Project Manager – Through Access Identity, Inc. I have closed the following projects and placed and then internally managed Access Identity resources on the following additional projects:
Short Term Projects through IDMWorks (typically less than 2 month engagements 2003-present):
G2 Inc.
Project
Manager for Access & Identity Management POC. Built a 4 man team consisting
of Access Manager Architect, Sun Access Manager Developer/Implementer and Sun
Identity Manager Implementer. Planned,
architected (IdM) and ran demo build for POC including creating requirements,
use cases and managing team toward goal.
Towers Perrin
(via Sun Microsystems).
Identity
Management Subject Matter Expert (SME). Architectural review of existing
Sun Java System Identity Manager – Service Provider Edition (SIM-SPE) to-be
design. Suggested architectural shift to
utilize SIM-SPE v.7.1 in place of existing SIM v.6.0/SIM-SPE v.6.0 shared
architecture.
Freddie
Mac.
Identity
Management SME to the Freddie Mac team during IdM tool vendor selection
process, leveraging knowledge capital, lessons learned, insights, and best
practices around Identity and Access Management. Reviewed and identified gaps in current state
IAM environment, including IAM business processes/workflows, application
inventory, technical architecture, and functional/technical requirements
document. Created technical content for RFP and vendor scorecard and assisted
in managing of IdM POC.
Rohm &
Haas.
Identity
Management SME.
Hosted and ran Identity and Access
Management workshop to architecturally plan and detail a multi-work stream IdM
effort utilizing BMC Identity Manager for .Net, MIIS, Passlogix V-Go, and
Tivoli Access Manager.
Rockwell
Automation.
Identity
Management SME. Presented best practices to be utilized for an upgrade of Sun
Java JS IdM v.5.0, SP2 to version 5.5, SP6
NON-IDENTITY
MANAGEMENT - PRIOR POSITIONS (1992-2001)
Alcoa,
Inc.
AstraZeneca.
Judge
Group, Inc.
R.H.
Donnelley.
The
MBNA
Corporation -Hallmark Information Systems.
TA
Instruments Inc.
F.Schumacher
& Co.
Tandy
Corporation (
PROJECT MANAGEMENT TRAINING (*training
by actual company or certified training partner)
*Planview – Project Portfolio Management (Planview 9.x),
Planview Process Architecture (9.x, 10.x)
Rational Clearquest 7
- Application Lifecycle Management
CA Clarity 8 – Project Portfolio Management, Clarity
Financials
IDENTITY MANAGEMENT TRAINING (*training
by actual company or certified training partner)
*Sun Java System Identity Manager (previously Waveset Lighthouse)
4.1, 5.0, 5.5, 6.0
*Sun Role Manager – Role Mining (previously Vaau RBACx)
3.2.x, 4.0.x
*Sun Role Manager – System Administration (previously Vaau
RBACx) 3.2.x, 4.0.x
Oracle Role Manager (previously Bridgestream)
Oracle Identity Manager
*CA/Netegrity (previously Business Layers) eProvision
*CA/Netegrity SiteMinder 5.5 & CA/Netegrity
IdentityMinder 5.6
*Ping Identity (Federated SSO) –
*IBM Tivoli Identity Manager (TIM)
Passlogix – v-GO
Single Sign-On
*M-Tech P-Synch - Single Sign-On
*M-Tech ID-Synch - Provisioning toolset
Proginet – Password Management
TECHNICAL CERTIFICATIONS
HP AIS – Identity Management. Accredited Integration Specialist for HP
OpenView Select Identity and Select Access.
Netegrity SiteMinder Administration Specialist. SiteMinder.
Netegrity Identity Management Specialist. IdentityMinder w/ Web and w/ eProvisioning.
MCSE 2000 (Microsoft
Certified Systems Engineer - Windows 2000 track) .
MCSE 4.0 + Internet (Microsoft Certified
Systems Engineer - Windows NT 4.0 track w/ Certified Internet Specialist).
MCDBA 2000 (Microsoft Certified Database Administrator - SQL 2000 track).
MCSA 2000 (Microsoft Certified Systems Administrator - Windows 2000 track)
MCP + Internet (Microsoft Certified Internet Professional).
MCP (Microsoft Certified Professional - Product Specialist). In each of the following technologies:
Win 2000 Security Design, Win 2000 Network Design, Win 2000 Network Management, Win 2000 Network Admin, Win 2000 Directory Services Design, Win 2000 Directory Services Admin, Win 2000 Server, Win 2000 Professional, Win NT4 Server Enterprise, Win NT4 Server, Win NT4 Workstation, TCP/IP, SQL 2000 Design, SQL 2000 Admin, Exchange Server 5.5, Proxy Server 2.0, IIS 4 (Internet Information Server), IEAK 4 (Internet Explorer Administration Kit), FrontPage 98, Win95, Win98.
MCT (Microsoft Certified Trainer) – Retired Cert. Instructor for over 55 MS Courses.
CCA XP (Citrix
Certified MetaFrame XP Administrator).
CCA 1.8 (Citrix Certified MetaFrame 1.8
Administrator).
CompTIA Network+
(Certified Network Technician).
CompTIA I-Net+ (Certified Internet
Technician).
CCNA 1.0 (Cisco
Certified Network Associate) - Retired Cert. ISP Dial, and Routing &
Switching.
NNCDS (Nortel Networks Certified Design
Specialist) - Data. Data Networks Design Specialist.
NNCSS (Nortel Networks Certified Support
Specialist) - Data. Data Networks Support Specialist.
BNCS (BAY Networks Certified
Specialist). Router Specialist.
3Com CSA (3Com Certified Solutions
Associate).
AMP Registered Installer : LAN
cabling systems - Fiber Optics, Coax, Cat 3,4,5 UTP and 150ohm STP-A
AMP Registered Certifier and
Troubleshooter : Fiber Optics, Coax, Cat 3,4,5 UTP and 150ohm STP-A
CompTIA A+ (Certified Computer
Technician).
Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management, Identity Management,Identity Management,Identity Management,Identity Management,Identity Management,Identity Management, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers,Netegrity, Business Layers, Computer Associates, CA, eTrust, Computer Associates, CA, eTrust,Computer Associates, CA, eTrust,Computer Associates, CA, eTrust,Computer Associates, CA, eTrust,Computer Associates, CA, eTrust,Computer Associates, CA, eTrust, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Passlogix, Passlogix, Waveset, Lighthouse, Sun Identity Manager, Sun Access Manager, Sun Access Manager, Sun Access Manager, Sun Access Manager, Sun Access Manager, aveksa, sailpoint, rbac, grc, aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,aveksa, sailpoint, rbac, grc,Sun Access Manager, Sun Access Manager, Sun Access Manager, Sun Access Manager, Sun Access Manager, Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,Resume,MCSE, CCNA, MBA, A+, N+, MCP, Cisco, Microsoft, Novell, Nortel Networks, 3Com, Tech2Net, Access Management, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, MCSE, CCNA, MBA, A+, N+, MCP, Cisco, Microsoft, Novell, Nortel Networks, 3Com, Tech2Net, Access Management,MCSE, CCNA, MBA, A+, N+, MCP, Cisco, Microsoft, Novell, Nortel Networks, Oracle Identity Manager, Sun Access Manager, Oracle Identity Manager, Sun Access Manager, 3Com, Tech2Net, Access Management,MCSE, CCNA, MBA, A+, N+, MCP, Cisco, Microsoft, Novell, Nortel Networks, 3Com, Tech2Net, Access Management,MCSE, CCNA, MBA, A+, N+, MCP, Cisco, Microsoft, Novell, Nortel Networks, 3Com, Tech2Net, Access Management, BMC Control-SA, LDAP, BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP,BMC Control-SA, LDAP, SUMMARY Information Technology and Security professional with over 10 years experience in architecting and deploying Identity Management, LDAP Directories, Single/Reduced Sign-On (SSO), Provisioning and Provisioning/Identity Workflows, Access Management, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Federated Identity/Federation, Enterprise System Architecture, Security Infrastructure Design, Authentication and Authorization technologies, as well as custom-built security and technology frameworks. Proven technical leadership skills include the ability to manage teams, earn the respect of its members, lead by example, and thrive in an entrepreneurial environment. Persuasive verbal and written communication skills compliment a proven ability to multi-task, maintain an organized approach, and ensure success - even when faced with high-pressure or high-risk situations. Engagements within many large-scale environments, both public and private, as a consultant including Barclays Global , DHL Airways, Visa, Chevron-Texaco, Deutche Bahn, Department of Housing and Urban Development, Syracuse University, Widener University, Toyota, Blue Cross Blue Shield, and Bechtel. Experience in the Banking, Energy, Government, Education, Pharmaceutical, Healthcare, Auto and Telecom Industries. User populations have fluctuated from a few dozen to an excess of 180,000 people. IDENTITY MANAGEMENT & SECURITY: IBM Tivoli Suite (ITIM/TIM, TAM), Webseal, RSA SecureID, PKI, Kerberos, CA/Netegrity SiteMinder, CA/Netegrity IdentityMinder, Sun Identity Manager, Sun Access Manager, Oblix/Oracle COREid, Passlogix Single Sign-on, Oracle Identity Manager, SUN/IBM/Oracle Federation Manager, Vaau RBACx and BridgeStream/Oracle SmartRoles. LDAP DIRECTORIES: Microsoft Active Dir., AD/AM, IBM Secureway, Tivoli Directory Server, NDS/Novell eDirectory, and Sun One Directory Server. BACKOFFICE SOFTWARE: Database (SQL/Oracle), Webserver (IIS, Apache, IBM), Reverse Proxy, Citrix, Terminal services, Portal (Plumtree, Websphere Portal) Application Server (BEA Weblogic, IBM Websphere, Sun Java System), Integration (DirXML, Websphere MQ Workflow), RACF. OPERATING SYSTEMS: Microsoft Windows up to Windows 2003 Enterprise Edition, UNIX (SOLARIS 2.x, SOLARIS, AIX, IRIX, HP/UX, LINUX, MS-DOS, and z/OS. NETWORKING: TCP/IP, DNS, WINS, NFS, Samba, NIS, NIS+, and NetBIOS. RBAC and Identity Management Subject Matter Expert * Work with Finance to analyze entitlements for Oracle Applications, Hyperion and Business Objects for 20,000 users to identify gaps in current provisioning processes * Project Manager/Lead the Business and IT teams through a process to evaluate vendors, conduct a product POC, and finally the implementation of the chosen product. * Develop integration strategy between Oracle Identity Manager, Novell Identity Manager, eDirectory, Active Directory, Virtual Directory and RBAC solution. * Develop enterprise roles (RBAC), toxic combinations (separation of duty) and restricted roles by analyzing current entitlements. IDM Consultant * Implement and configure Oracle Identity Manager and AD adapter to perform trusted reconciliation. * Configure delegated administrators for management of Xellerate and AD accounts. * Send daily notifications of disabled accounts to administrators. IDM/RBAC Consultant * Implement SUN / VAAU RBACx in across three environments, Test, QA and Production. * Configure VAAU for role management/governance and certification / user attestation. * Develop enterprise roles (RBAC), toxic combinations (separation of duty reports) and restricted roles by analyzing Human Resource and medical applications for a user population of 25000 (physicians, clinicians, and employees) and 11 core applications. IDM Consultant/Strategist * Interview key subject matter experts to determine current IDM/security hardware and software profile. * Analyze current network layout, services and resources to determine required access. * Determine user roles and responsibilities, classifying like users into groups to ease maintenance and rule implementations controlling access to resources appropriate to user and group classifications * Analyze and document (both existing and potential) solutions for the following: User account provisioning/de-provisioning, Enterprise Directory Services, Single Sign-On (web and desktop), Password Management, Role-Based access control, Strong Authentication * Provide documentation and recommendations detailing best practices for user and access control as determined by independent research and current like institution implementations. Senior Architect * Evaluate RBAC products, (BridgeStream and Vaau), recommend and implement RBAC product at Horizon. * Develop enterprise roles (RBAC), toxic combinations (separation of duty reports) and restricted roles by analyzing Human Resource and target platform reports. Senior Architect * Project Manager and Lead Architect for the implementation of IBM TAM E-SSO (Passlogix v-GO Single Sign-On), AM (Authentication Manager), SM (Session Manager) solution to all store locations and internal company employees. Senior Security Consultant * Developed enterprise roles (RBAC), toxic combinations (separation of duty reports) and restricted roles by analyzing Human Resource and target platform reports. * Worked with the business to define the role governance process and business process for modification, approval and removal of roles. * SOD (Segregation of Duties) reporting requirements analysis and implementation using SUN Identity Auditor v7.0 * SME for the upgrade of SUN Identity Manager v4 to v6.0 SP1 Senior Security Consultant * Project Manager and Lead Architect for the implementation of Passlogix v-GO SSPR (Self-Service Password Reset), SSO (Single Sign-On), AM (Authentication Manager), SM (Session Manager) solution to 8,000 employees. Employee populations included clinical employees in a shared workstation environment (bank branches).SELECT MEDICAL (HARRISburg, pennsilvania) Senior Security Consultant * Project Manager and Lead Architect for the implementation of IBM TAM ESSO (Passlogix v-GO SSO) and TAM ESSO Desktop Password Reset Adapter (Passlogix v-GO Self-Service Password Reset), and TAM ESSO Kiosk Adapter (Passlogix v-GO Session Manager) solution to internal population. Employee populations included clinical employees in a shared workstation environment (medical offices). Senior Security Consultant * Developed enterprise roles (RBAC), toxic combinations (separation of duty reports) and restricted roles by analyzing Human Resource and target platform reports. * Worked with the business to define the role governance process and business process for modification, approval and removal of roles. * Imported roles into Identity Management system (BMC Control-SA), managed implementation of roles and role management in Identity Management system including workflow for managing roles using TCL and PERL scripting. * Installation and basic customization of Sun Identity Manager on Websphere 6.0 platform. Project Manager & Senior Security Consultant * Project Manager for the implementation of Sun Identity Manager using SUN’s AIM Methodology. * Overall responsibility for daily client management, interactions and on-time delivery of applications and services. * Responsible for project deliverables including: functional and technical requirements, architectural specification, design document including workflows, project plans and weekly project status deliverables. * Integration of core applications (Lotus Notes, Active Directory, and PeopleSoft) using standard resource adapters and custom resource adapters. PeopleSoft integration using SPML web services. * Custom integration with Oblix SSO (modification of custom resource adapter and native authentication methods). Senior Security Consultant * Project Manager for the implementation of Passlogix v-GO SSPR (Self-Service Password Reset), SSO (Single Sign-On), AM (Authentication Manager), SM (Session Manager) solution to 100,000+ employees. Employee populations included clinical employees in a shared workstation environment. * Managed and deployed custom development and integration of Xyloc (Proximity Badge solution) with SSO product Identity Management Consultant * Consultant for the Implementation of CA/Netegrity Siteminder, to integrate various enterprise applications, including but not limited to custom web applications and Novell eDirectory. Senior Security Consultant * Project Manager for the implementation of Passlogix v-GO SSPR (Self-Service Password Reset) solution to 13000 employees Senior Security Consultant * Project Manager and Lead Architect at H&R Block for the implementation of CA SiteMinder and CA IdentityMinder implementation for their seasonal hiring process of 120,000 tax professionals. * Managed integration of Identity Management project and custom TIBCO portal. * Developed and Deployed LDAP strategy including Authentication and Authorization stores, and migration and transformation of directory data. * Developed requirements for MIIS data flows Corporate Data Security Consultant * Lead Excellus BCBS through a RFI, RFP, and POC process for an enterprise Identity Management solution. Evaluation of SSO vendors Passlogix, ActivCard and eTrust SSO * Security advisor and architect for Corporate Data Security on the following initiatives: Websphere Portal, Custom & Vendor Health Care applications, Java Development environment including Websphere Application Server, LDAP Directory (on the mainframe), Corporate Desktop and Server security and Identity Management Project. * Managed the communication of business solutions delivery activities with IT leadership, other IT functions, and outside organizations such as vendors, consultants, suppliers, and customers. * Project Manager for the implementation of Passlogix v-GO SSO solution to 5000+ employees. * Evaluation, installation and configuration of Sun Directory, Sun Identity and Access Manager in a POC environment. * Designed and delivered training to end-user, architects and IT executives on various topics including: LDAP, Identity Management, and Sign Sign-on Identity Management Consultant * Completed installation of Netegrity IdentityMinder including task persistence, workflow, auditing and email notification. * Identity Management advisor and architect for User Management/Identity Management project. * Consultant advisor for Waveset Lighthouse (SUN Identity Manager) project. Helped define design document and match business requirements to product capabilities. * Reviewed customization and integration with eDirectory, DirXML and various other systems. Security Services and Identity Management Consultant * Project Manager for an Oblix COREid Project (Active Directory Application Mode user repository) designed to provide strong authentication and authorization for internal and external websites. * Lead and managed efforts to develop processes and tools for access and identity management architecture, and deployment for clients. * Identified and resolved complex issues and developed innovative solutions for the client's business and technology goals. * Provided technical assistance relating to the design and implementation of the security and control of client's networks. * Served as lead author of reports, plans, presentations, and other written products, and developed and implemented project plans. Practice Leader, Identity Management * Overall responsibility for deploying Identity Management solutions including provisioning, web access management, and portals. * Products used and deployed include Netegrity IdentityMinder and SiteMinder, TruLogica Concero, and Plumtree portals. * Lead, architect and implemented multi-vendor integration initiatives for deployment of Identity Management solutions. Hands-on implementation of IdM solutions on both Unix and Windows platforms. * Project Manager, Lead Architect for Netegrity IdentityMinder implementation for GlaxoSmithKline. * Project Manager, Lead Architect for Netegrity IdentityMinder implementation for Coppin State College. * Delivered five day IdentityMinder Corporate training to State of Tennessee. Technical Support Director, North America (Reports to the Chief Operating Officer) * The software suite is developed using java, asp and visual basic, all of which I am aveksa, sailpoint, rbac, grc, proficient in. * In additional to being proficient with the development technologies I have expert knowledge in all of the target systems and their components that the product manages, including LDAP directories, security and databases. * Support and deployment on both UNIX/LINUX and Microsoft based operating systems in conjunction with an LDAP directory including: Active Directory, Secureway, NDS (eDirectory) and iPlanet. * The back office systems for which I am responsible for implementing and supporting include Databases, Exchange Servers, Firewalls, and HR systems (SAP & Peoplesoft), mainframes (RACF, AS/400) and Security infrastructure including RSA SecureID, Schlumberger DeXa Badge, Netegrity SiteMinder, Netegrity IdentityMinder and various Certificate Authorities. * Installation of Netegrity Siteminder, Netegrity IdentityMinder in production and development environments. * Responsible for reviewing and recommending enterprise identity management solutions and deployment alternatives to external customers and internal end-users. IT Manager (Reports to the Chief Information Officer) Applications Development Manager (Reports to the Chief Information Officer) * Responsible for corporate information technology standards which included establishing and communicating corporate standards, implementing solutions and managing the information technology budget. Recruited and trained staff for internal help desk support, LAN/wan support and server support throughout the enterprise. Responsibilities included: * Delivered basic IT services – connectivity, desktop, mobile/remote computing, Information security and IT training and management of the Internal 24/7 Help Desk to support mobile users and setup a call center for internal customers with case tracking system * Installation, configuration and on-going maintenance of UNIX and NT software development environment, including SUN, HP, IBM, Alpha, Linux and NT servers with multiple OS revisions * Development and implementation of enterprise wide desktop and server backup and archiving strategies for all operating systems, aveksa, sailpoint, rbac, grc, * Implemented and Developed corporate standards for technology for email, networks, desktops, laptops and data centers * Evaluation and requirements analysis for HR/IS and Financials ERP system including: PeopleSoft, SAP, Lawson’s, Clarify * Project Management for Pivotal (CRM) nation-wide implementation and deployment (~500 employees). Successfully deployed Pivotal nation-wide, including development staff (consultants and internal resources), deployment and training, aveksa, sailpoint, rbac, grc, System/Network Administrator (Consultant) Senior System Administrator, aveksa, sailpoint, rbac, grc, * Managed a heterogeneous network (Solaris up to 2.6, HPUX, AIX, Windows NT, and Windows 2000) * Installation, upgrade and maintenance of Clariion raid servers in a production environment * Maintained DNS, NIS and NFS databases * Installed and managed NT and Windows 95 workstations and servers * Installation and customization of Hummingbird eXceed Senior System Administrator * Managed 30+ HP development servers * Installation Solaris servers, including Web enterprise server, Volume Manager & Veritas * Provided user support for day to day problems * Setup ntp server and clients * Managed DNS and NIS databases * Installed patches and upgrade OS for HP servers * Maintained lvm and related problems Senior System Administrator * Managed a heterogeneous network (Solaris up to 2.6, HPUX, AIX, Windows up to Windows 2000 Server) * Integrated Network Information Service into current network with minimal downtime * Integrated NFS using AMD and Solaris automounter into current network * Installed and Upgrade operating systems to current versions * Kernel tuning for optimal performance * Designed and Implemented backup solution using DLTs in a heterogeneous environment * Maintained DNS database * Configured and Installed DEC Storage Works RAID 5 array * Configured and Installed RedCreek VPN software and hardware * Managed of gauntlet firewall Contract: Entertainment Online Senior System Administrator * Managed a heterogeneous network (IRIX, Win 95, NT, Novell) * Installation of IRIX 5.3, 6.3 and 6.4 on SGI Challenge L, Indy, O2, Origin 200 * Installation of Netscape Enterprise Server 2.01 and Commerce Server, Oracle 7 * Configuration of Cisco 1600 Router * Installation and periodic maintenance of Windows 95/NT servers * Remote network administration using Remotely Possible and secure shell * IP aliasing and DNS setup for IRIX servers * Network performance testing (between major ISPs) * Implemented backups procedures for all UNIX servers * Exposure to sendmail configuring, HP Openview Computer System Administrator * First line support for developers using UNIX, HP, Macintosh and PC workstations * Managed and re-organized all user home directories on file servers and NIS servers * Created standard user login environments * Analyzed and solved network problems * Maintained NIS databases and NFS mounts on workstations and servers * Setup and installation of NCD X-Terminals * Created WWW page (HTML 3.0 compliant, including JavaScript, CGI's and forms) * Installation of DiskSuite on servers * Designed and implemented scripts in PERL Computer System Administrator * First line support for developers using UNIX, HP, Macintosh and PC workstations * Created WWW page (HTML 3.0 compliant, including JavaScript, CGI's and forms) * Managed University print services and help desk Computer System Administrator * First line support for Windows based workstations * Manage file and print servers * Managed Intranet website and internal departmental web pages PROFESSIONAL CERTIFICATIONS Advanced Tivoli 4.5.1 Customization Workshop Microsoft Certified Systems Engineer Windows 2000 Microsoft Certified Database Administrator Microsoft Certified Systems Administrator Netegrity Identity Management Specialist (IMS) Netegrity SiteMinder Administration Specialist (NSAS) Citrix Certified Administrator Identity Management Practice, Oracle Identity Manager, Oracle Access Manager, Oracle Identity Manager's API as well as the IDXML Web Services and Identity Event Plugin interfaces of Oracle Access Manager. * Operating Systems: Solaris (7, 8, 9, 10), AIX (4.3.3, 5.0, 5.1, 5.2), Linux (all flavors), zOS, Windows 2000/XP/2003, OS X, and OpenBSD * Programming Languages: C, Java, Perl, x86 Assembly, s/390 Assembly, JCL, XHTML/CSS, and REXX * Protocols: DCE-RPC, SOAP, IDXML, 802.11, GSS-RPC, HTTP, NCPASS-TLI, and SASL * Tools: Eclipse, Netbeans, Visual Studio, Nagios, VMWare Server * Security Technologies: SAML, SASL, Kerberos, PKI, XACML, LDAP, DCE, SecurID, Biometrics, general cryptography, and federated identity management * Servers: Sun One Directory Server, Oracle Internet Directory, Microsoft Active Directory, OpenLDAP, Tomcat, JBoss, BEA WebLogic, Oracle Application Server, Oracle Database 10g. * Identity Management Applications: Oracle Identity Manager (9.0.1, 9.0.3), Oracle Access Manager, Internet2 Shibboleth, and UMich CoSign * Mainframe Specific Technologies: FDR, ISPF, TSO, Natural, Adabas, Syncsort, NCPASS, and MXI Identity Management Practice Identity Management consultant focusing on Oracle's Identity Manager product (previously Thor Xellerate) and Oracle Access Manager (previously Oblix CoreID). Oracle Access Manager, Oracle Identity Manager deployments * Full life-cycle Provisioning system utilizing Oracle Identity Manager. * Full life-cycle Web Services infrastructure utilizing Oracle Access Manager. * Identity Event Plugins to extend Oracle Access Manager's workflow functionality. * Implemented password management functionality in OAM for the firm's largest client-facing application suite. * Numerous "custom" connectors to backend systems, directories, and databases. * Experienced in crafting Proof-of-Concept (POCs) builds to ensure the success and practicality of the Oracle Identity Management Suite. * Experienced in the installation and configuration of OIM server. * Experienced with cross-system identity mapping and reconciliation to OIM identity repository database. SENIOR IDENTITY MANAGEMENT ARCHITECT AND ENGINEER, 2005 - 2008 • Architect, install, configure, and maintain identity management infrastructures for companies including worldwide enterprise corporations, higher education, and government agencies. • Manage multiple teams on concurrent projects. • Work with multiple vendors and clients on pre-sales presentations and demonstrations • Currently focus on deployment and integration of the Oracle Fusion Middleware stack: Oracle Access Manager (Oblix COREid / Netpoint), Oracle Identity Manager (Thor Xellerate), Oracle Identity Federation (Oblix Share ID), Oracle Virtual Directory (Octet String), and Oracle Internet Directory. • Deployed CA Identity Manager Suite (SiteMinder, Identity Minder, Admin, eTrust LDAP) • Deployed IBM’s Tivoli IDM Suite: Identity Manager (TIM), Tivoli Access Manager, (TAM) IBM’s Data Integrator (TDI), with a Secureway LDAP backend. • Deployed Sun’s Identity Manager Suite: Identity Manager, Active Sync, and SunONE LDAP • Work with clients on location and remotely through VPN. • Custom plugin and User Interface development for Authentication and Authorization to various IDM Systems • Style sheet customizations (CSS, XSL, XSLT, XML) • Software installs on Windows Server, AIX, HPUX, Linux, Sun (SPARC and x86), and VMWare sessions for demos / sandboxes • Integration of IDM systems with Active Directory, SunOne LDAP, MS ISA Servers, MS Exchange, ADAM, Lotus Notes, PeopleSoft, RACF, RSA Cleartrust, Custom Web Applications, Plumtree Portal and other custom Portal Environments • Seasoned in project planning, requirements gathering, managing client expectations, and full documentation on all details of a project (SOW, Requirements, Design, Run-Books) • Frequently manage multiple projects under tight deadlines. Strong abilities in assurance and assessment with experience in enterprise and higher education compliancy. • Designed and managed development of a multi-deployable Oracle Identity Manager UI Framework that greatly expands the functionality of OIM and is the only one in the market. NETWORK SECURITY SPECIALIST, 2002 - 2005 • Tivoli Access and Identity Manager deployment and administration • IBM Secure-Way LDAP administration and schema management • Computer Associates SEOS and SSO administration and migration into IBM’s LDAP framework • Wrote custom VB and Perl applets for production web-based LDAP management and development while TIM is being integrated. • Evaluation and implementation of cross-platform SSO and user administration tools including IBM’s IDI/TIM and CA’s Admin • User administration and SSO control across seven platforms and over 100,000 users for home office, regional offices, and agencies IDENTITY MANAGEMENT & SECURITY: IBM Tivoli Suite (ITIM/TIM, TAM), Webseal, RSA Cleartrust, PKI, Kerberos, CA/Netegrity SiteMinder, CA/Netegrity IdentityMinder, Sun Identity Manager, Oblix COREid/Oracle, aveksa, sailpoint, rbac, grc, Access Manager (OAM), Passlogix Single Sign-on, Novell Identity Manager, Novell Access Manager, Oracle Identity Manager (OIM / Xellerate), aveksa, sailpoint, rbac, grc, SUN/IBM/Oracle Federation Manager, Orcale Role Manager (ORM), Oracle Business Intelligence Enterprise Edition (OBIEE). LDAP DIRECTORIES: Microsoft Active Directory, ADAM, IBM Secureway, Tivoli Directory Server, NDS/Novell eDirectory, and Sun One Directory Server, Oracle Internet Directory (OID), and Oracle Virtual Directory (OVD). BACKOFFICE SOFTWARE: Database (SQL/Oracle), Webserver (IIS, Apache, IBM), Reverse Proxy, Citrix, Terminal services, Portal (Plumtree, Websphere Portal) Application Server (BEA Weblogic, IBM Websphere, JBoss, Tomcat, Oracle Application Server (OAS / OC4J)), Integration (DirXML, IBM TDI), RACF. OPERATING SYSTEMS: Microsoft Windows up to Windows 2003 Enterprise Edition, UNIX (SOLARIS 2.x, SOLARIS, AIX, IRIX, HP/UX, LINUX, MS-DOS. NETWORKING: TCP/IP, DNS, WINS, NFS, Samba, NIS, NIS+, and NetBIOS. Identity Management Architect and Implementation Engineer Architect for and the implementation of Oracle Identity Manager and Oracle Role Manager. Integrated all systems with multiple back-end database systems. Cut project scope and duration down by over 30% with discovery and project analysis Identity Management Architect and Implementation Engineer Architect for and the implementation of Oracle Identity Manager, Oracle Access Manager, Oracle Role Manager, Novell Identity Manager, and Novell Access manager for proof of concept evaluation. Integrated all systems with Active Directory, SunONE LDAP, IIS and Apache web servers Implementation was done on multiple virtual servers through VMWare running Oracle Enterprise Linux, Windows 2003, and SUSE Linux. Identity Management Architect Architect for the implementation of Oracle Identity Manager, Oracle Access Manager, Oracle Internet Directory, and Oracle Virtual Directory Implemented OIM and OAM through Development, Staging, and Production Developing custom workflows and Generic Technology Connectors (GTC) for manual user dumps. IDM Consultant/Strategist Interview key subject matter experts to determine current IDM/security hardware and software profile. Analyze current network layout, services and resources to determine required access. Determine user roles and responsibilities, classifying like users into groups to ease maintenance and rule implementations controlling access to resources appropriate to user and group classifications. Analyze and document (both existing and potential) solutions for the following: User account provisioning/deprovisioning, Enterprise Directory Services, Single Sign-On (web and desktop), Password Management, Role-Based access control, Strong Authentication Provide documentation and recommendations detailing best practices for user and access control as determined by independent research and current like institution implementations. Senior Oracle IDM Architect and Engineer Worked along side with Oracle on architecting and implementing the Oracle Identity Management Suite into a 22-campus environment with capabilities of managing up to 1.3 million end-users. Design was built around managing Students, Faculty, and Staff with multiple roles. OIM was configured to talk to three separate Authoritative PeopleSoft sources for all identites. Provisioning from OIM was configured for Oracle Internet Directory (OID), Oracle Virtual Direcory (OVD), PeopleSoft using Apache reverse proxies and PeopleSoft’s Pure Internet Architecture, and Active Directory. Managed a small team of 5 IdM engineers and worked Architecture lead on Oracle Identity Manager and Oracle Identity Analytics project Assisted in the design of a custom user interface for end users of both products AWorked with client's architects to design highly available and redundant hardware infrastructure Assisted in deployment of software environments, integration connectors, and customizations Mentored several staff on Oracle Identity Manager and Oracle Identity Analytics software Architecture lead on Oracle Identity Manager and Oracle Identity Analytics project Assisted in the design of a custom user interface for end users of both products Worked with client's architects to design highly available and redundant hardware infrastructure Assisted in deployment of software environments, integration connectors, and customizations Mentored several staff on Oracle Identity Manager and Oracle Identity Analytics software Architecture lead on Oracle Identity Manager and Oracle Identity Analytics project Led evaluation of several RACF provisioning solutions Subject matter expert on several work streams to provide technical perspective to role management and provisioning enhancements plans Mentored several staff on Oracle Identity Manager and Oracle Identity Analytics software Developed and presented a week long in depth training session for the client Focus was on Oracle Identity Manage architecture, configuration, and development Technical lead evaluating requirements and assisting in the development of a multi-year IAM program roadmap Created infrastructure documents with recommended OIM, ORM, and OID system design for development, testing, and production systems Led several developer training sessions as well as requirement/technology fit gap evaluation sessions Developed custom connector and internal OIM process code to meet the company's specific requirements Project and billing manager for several month staff augmentation engagement to assist client in implementation activities Technical lead for the Oracle Identity Manager and Oracle Role Manager components of a week long Oracle Proof of Concept pre-sales demo Installed and configured Oracle Identity Manager and Oracle Role Manager (with integration between the two) in demo environment Developed several custom connectors and interfaces, including a web services based connector for a learning management system and several custom Blackberry compatible web applications for creating users and approving requests in Oracle Identity Manager Evaluated client delivered requirements and built test cases to demonstrate functionality outlined in requirements Led technical presentation and demo to key stakeholders Mentored several staff on Oracle Identity Manager and Oracle Identity Analytics software Led project consisting of Oracle Identity Manager and Oracle Virtual Directory implementations Developed several custom reconciliation connector for Oracle eBusiness HR and deployed customized Generic LDAP connector for Sun One LDAP 6.0 Worked with client to develop a roadmap for future phases of project including additional OIM target systems and Oracle Access Manager deployment to replace SiteMinder Led team upgrading Oracle Identity Manager from 9.0.3.1.6 to 9.1.0 Performed extensive evaluation of existing Oracle Identity Manager implementation and recommended several changes Corrected multiple implementation problems with Active Directory and Exchange connectors Developed custom reconciliation connector for Exchange and OID Evaluated and recommended solution for complex request/approval workflow requirements Led multi-phase Oracle Identity Manager implementation Developed custom connectors for Oracle eBusiness Suite HR, ComApp, RevChain, M6, Kintana, Med2, Network Cost, Kenan Arbor, Oracle eBusiness Suite Applications, Centrify Integrated Generic LDAP connector for Active Directory, Oracle Internet Directory, and Exchange Developed custom Attestation Routing engine Developed custom dynamic approval routing and notification engine Oversaw upgrade from 9.0.3.1.6 to 9.1.0.2 Led multi-phase Oracle Identity Manager implementation Built custom connector for Peoplesoft HR reconciliation Integrated Oracle's Active Directory, Oracle Internet Directory, and Peoplesoft User Management connectors Developed custom web services interface to Oracle Identity Manager's API for password management use Built a demo system and several test cases for the purpose of walking an audience of engineers, architects, and support personal through several OIM use cases Led a day long workshop using Oracle training materials and Entology in house developed materials and use cases Assisted Oracle consultants in setting up and configuring OIM and ORM for a proof of concept demo Built several custom connectors and customizations to OIM's internal processes in order to meet PoC requirements Provided assistance in debugging and configuring OIM/ORM integration Assisted Oracle Sales Engineer in presenting a demo of Oracle Identity 9.1 to Sherwin Williams focusing on the additional features offered in this version from the version they were currently on Built demo environment to use as the basis of the presentation Ran half day workshop on how to implement OIM approval workflows directly with Oracle’s consultants to meet all deadlines. Oracle Identity Manager Design & Implementation Oracle Access Manager Design & Implementation Oracle Role Manager Design & Implementation Oracle Identity Analytics Design & Implementation Security Architecture (Research & Development) Senior Oracle IDM Architect and Engineer Architected and designed a six campus Identity Management solution that encompasses the Oracle Fusion Middleware Stack (Oracle Identity Manager, Oracle Access Manager, Oracle Internet Directory, Oracle Virtual Directory, Oracle Identity Federation, Oracle Access Server, and Oracle Enterprise Linux). Design was built around managing all 150,000+ Students, Faculty, and Staff. Managed a team of integration specialists to implement and promote through three environments and on a separate Disaster Recovery (DR) datacenter. Wrote all documentation to cover the use cases, implementation design, and promotion strategies. Managed a separate project with UMass and an external application service provider to setup federation between the two entities. First successful OIF SAMLv2 to Shibboleth federation to reach production. Was brought in to finish out an Oracle Identity Manager implementation what was falling behind a tight deadline. In additional to being proficient with the development technologies I have expert knowledge in all of the target systems and their components that the product manages, including LDAP directories, security and databases. This helped bring the project to completing within deadline. Modified out of the box Oracle Database Connectors to fit Gartner’s given needs. Responsible for reviewing and recommending enterprise identity management solutions and deployment alternatives to external customers and internal end-users. Independent IDM Solution Architect Reviewed current architecture and business Oracle Identity Manager Design & Implementation Oracle Access Manager Design & Implementation Oracle Role Manager Design & Implementation Oracle Identity Analytics Design & Implementation Security Architecture (Research & Development) requirements for an Identity Management Solution Provided a detailed solution document with multiple vendors listing the benefits and disadvantages between each of the suggested product suites and combinations. Product Suite vendors reviewed: Oracle, IBM, CA, and Curion Mid-level Oracle Access Manager (OAM) - strong skills in OAM and also learn and teach Oracle Identity Manager (OIM), and learn business processes. Expertise/Experience: Information Security Consulting , Identity and Access Management Architecture and Implementation | Directory Services | Systems Administration | Project Management/Leadership | Business Development Technology Snapshot: Linux (Redhat, Ubuntu), Windows XP, Windows 7, Solaris (8-10), SAML, Identity & Access Management, Federated Identity Management, Directory Services, Oracle Access Manager, Oracle Internet Directory, Oracle Virtual Directory, Oracle Identity Manager, Oracle Application Server (OAS), J2EE, SQL, Oracle Internet Directory, Oracle Virtual Directory, Sun Java Directory, ADAM, AD, XML, and HTML, Unix/Linux command line scripting, LDAP, Network administration (TCP/IP, DNS, Firewall), PKI, Java, PERL, Wireshark (Ethereal), tcpdump, snoop, NMAP lead architect for several projects providing expertise and experience developing highly-available and scalable enterprise identity architectures. Brad has had the responsibility of deploying of Oracle Virtual Directory, Oracle Identity Federation, Oracle Access Manager, Oracle Internet Directory as well as various other LDAP platforms. Responsibilities include developing the overall design and strategy; Analysis to identify gaps in product and draft solutions to resolve; and Implementation/Deployment support. role on this project is Technical Lead and Subject Matter Expert for Identity and Access Management. architecting and implementing the Identity Management infrastructure to support Common Registration and Common Login for external access by Sponsors and Partners. This infrastructure will support Single Sign On for employees and contractors to external applications that are hosted in the DMZ and is integrated with to provide SSO w/strong authentication (PKI, SecurID). Additionally, Brad is implementing Oracle Identity Federation 11g, using SAML 2.0 token exchange, to support SSO with MITRE’s partners. Provided Identity Management Subject Matter Expertise in support of an Identity Authorization Service project. This is a live, production system with regular, schedule release cycles. • Implemented strong authentication for sso with agency applications (integrated SSO with DODIIS PKI) • Implemented vendor solution for SAML-based Federated Identity Management on SIPRNET • Migrated LDAP server from Solaris Platform to a highly-available, and redundant Redhat Enterprise Linux environment. • Implemented Backup and Recovery process using RMAN. • Implemented data synchronization and provisioning with other data sources (Netscape Directory Server and Oracle DB) using Oracle’s Directory Integration Platform (DIP). • Designed and developed Virtual Directory Implementation, including several custom plugins (developed in Java using Oracle’s OVD Plugin API). • Responsible for implementing security design to limit access and exposure to LDAP and DB servers (Linux Firewall configuration, TCP/IP). • Developed robust BASH scripts to automate the installation and migration processes. • Performed network troubleshooting using tcpdump and snoop. IDM Architect and Implementation Specialist Performed Requirements Gathering for a Proof of Concept to be implemented into their environment in development. Architected and implemented Oracle Identity Manager into development with basic out of the box functionality in under 2 weeks with a single LDAP as their authoritative source, and provisioning users into Active Directory, Microsoft Exchange, and Oracle Internet Directory. Wrote all documentation and completed entire project in less than three weeks. Access Management Solution Specialist Reviewed current architecture and business requirements for an Access Management Solution Architected and implanted Oracle Access Manager (Oblix COREid) into three environments. Developed a custom new user registration process using ASP and hooking into IDXML through COREid. Performed all project management and provided status reports to managing director on side. July 2006 – July 2006Identity and Access Management Solution Specialist Was brought in to get an existing Tivoli Identity and Access Management (TIM / TAM) project back under deadline. Wrote rules for Tivoli Data Integrator data marshalling Worked as liaison between existing engineers and project directors on the Time Warner side Redesigned project timeline, managed scope of initial deployment, and resolved issues between client and Oracle Identity Manager Design & Implementation Oracle Access Manager Design & Implementation Oracle Role Manager Design & Implementation Oracle Identity Analytics Design & Implementation Security Architecture (Research & Development) Access Management Specialist Provided remote and on-site assistance to the deployment of Oblix COREid (now Oracle Access Manager) Built out, and promoted solution through six environments and two off-site datacenters. Worked with off-shore staff, IBM consultants at their IBM campus in Raleigh NC, and with GMAC staff in Detroit MI. Wrote out and submitted highly detailed, step-by-step, run books for all implementation details for Oblix. Developed custom solutions to GMAC business needs that Oblix was not able to accomplish. Implemented multiple languages (six) to both out of the box Oblix installation and custom Style sheets (XSL, XSLT, CSS, XML) for custom new user registration, login, and forgotten password forms. Identity and Access Management Specialist Initially was brought in to provide a demo aveksa, sailpoint, rbac, grc, and Proof of Concept (POC) on Oracle’s Identity Manager integrated into their environment. Architected and implemented Oracle Identity Manager as a migration from their current cross-custom identity management solution of M-tech IDM and custom Perl scripts to a full production OIM solution. Oracle Identity Manager Design & Implementation Oracle Access Manager Design & Implementation Oracle Role Manager Design & Implementation Oracle Identity Analytics Design & Implementation Security Architecture (Research & Development) Integrated OIM into Active Directory, Multiple aveksa, sailpoint, rbac, grc, Exchange servers, Oracle Internet Directory, and bulk loaded all users from a flat-file aveksa, sailpoint, rbac, grc, dump from their Auth Source. Rewrote a couple of Oracle’s out-of-the-box connectors to better fit their environment and needs. Identity and Access Management Specialist Designed and architected a multi-organization Identity and Access management system using CA’s Identity management suite (Identity Minder, Siteminder, eTrust Directory, and eTrust Admin). Siteminder was setup to protect multiple web and application servers of different flavors Identity Minder was configured to work with multiple authoritative sources and provision users to various endsystems The range of experience includes: Oracle Identity Manager Design & Implementation Oracle Access Manager Design & Implementation Oracle Role Manager Design & Implementation Oracle Identity Analytics Design & Implementation Security Architecture (Research & Development) across six different sub-organizations. This included a multi-domain Active Directory infrastructure. Worked with CA to evaluate and fine-tune their product, as this was their first release of the suite is a package form. Had to constantly rewrite a lot of their code and refine their documentation to successfully implement. Wrote custom BLTH modules for bulk importing and custom application provisioning. Worked with TEWS (CA’s web services core) for implementing a custom web interface for new user registration and self-maintenance packages. Identity and Access Management Specialist Provided technical expertise to EDS in all areas Identity and Access Management. Worked on both US and foreign country deployments with the main focus on deploying an globally highly available Identity Management solution for one of their clients. Products supported were Oblix COREid (Oracle Access Manager), Oblix ShareID (Oracle Identity Federation), Citrix, and other custom / home-grown applications. Identity and Access Management Specialist Designed and implemented an Access control system around Oblix COREid (Oracle Access Manager). Implemented it directly into production (customer demanded it) using ADAM as the user repository containing all 25,000 world-wide employees. Setup multiple reverse proxy Microsoft ISA servers to proxy Internet requests and relay them to the geographic closest Identity and Access servers for authentication and authorization. August 2002 – February 2005 Data Security Specialist Tivoli Access and Identity Manager deployment and administration IBM Secure-Way LDAP administration and schema management Computer Associates SEOS and SSO administration and migration into IBM’s LDAP framework Wrote custom VB and Perl applets for production web-based LDAP management and development while TIM is being integrated. Evaluation and implementation of cross-platform SSO and user administration tools including IBM’s IDI/TIM and CA’s Admin User administration and SSO control across seven platforms and over 100,000 users for home office, regional offices, and agencies