SlideShare ist ein Scribd-Unternehmen logo

general_resume_12 1 linked in

Als DOCX, PDF herunterladen
J
John Masiliunas
1 von 8
John J. Masiliunas – Managing Consultant – Security and Privacy CISSP, CISA, Certified Internal Auditor, Certified Public Accountant, Certified Bank Auditor, Tivoli Certified Solutions Specialist, Certified Financial Services Auditor, IBM Project Management Certified, Department of Treasury Secret Clearance, Department of Homeland Security and FBI Secret Clearance Contact Information: 7138 Eagle Trace Way, Indianapolis, Indiana 317-417-5829 Or 317-881-0883. email johnmasiliunas@hotmail.com Summary of Skills John has over 15 years of leadership in the sales, design, execution, project management and hands-on implementation experience with leading-edge application security technologies at the most technically complex global organizations in the world. This includes experience with all the major product vendors. Key attributes related to the specific opportunity include:  Specifics regarding the opportunity include: o Managing support offshore teams o Developing 1,3,5 year security architecture and IAM plans o Developed security architecture for enterprise web-based product solutions o Designing and implementing SAAS and cloud security architectures for large cloud providers and other service organizations o Conducting assessments of SAAS/cloud security architectures o Introducing new technologies and concepts into organizations and managing POC o Experience with mobile and BYOD security solutions o Associations with various information security leaders world-wide in industry and academia  Passed exams - CISSP, CISA, CISM, Certified Financial Services Auditor, Certified Bank Auditor  Experienced with using the PCI and other FSI frameworks  Certified Ethical Hacker – IBM  Qualys and Foundstone Certified  Consulting experience with Big 4, Andersen and Large System Integrators such as IBM and CSC  Experience with all security architecture methodologies including ISO, COBIT, FFIERC, NIST, CAP, FISMA, FRB and SABSA  Built all systems to European and US privacy standards  Lead Information Security positions. In this role: o Reduced Costs o Developed Solutions o Built security delivery teams o Brought global security architectures to best practice standards o Introduced more sophisticated and comprehensive risk management practices that included the use of risk registers, data classification and metrics o Upgraded staff o Projected improved image of information security o Became authority on all areas of security and business risk o Chaired key committees on security and improved relations with audit and compliance  Lead Security initiatives in all areas of information security. All the projects involved initial conceptual design, cost-benefit analysis, road-mapping, gap analysis, build-out project plans, leading execution initiatives and post go-live gap analysis along with some post-go-live support. I am an expert at identifying solution and gaps and proactively working with clients to design, build and deploy security architectures. I am known as a take-charge resource and leader who through visual and verbal communications can sell the facts to management while saving money on security initiatives. Finally, I am always up to date on newest trends and technologies that add value to organizations. o Architecture Design, Gap-Analysis and Deployment Management experience with some of the most security driven organizations in the world in the Financial Services Industry and major government agencies. Sample clients include the Department of Homeland Security, Citi, Nordstroms, Numerous BCBS organizations, FBI, Department of Justice, US Criminal Justice Information Systems, Wal-Mart, VISA, Kroger, Best Buy, Federal Reserve Board, Department of Defense, Toyota Motor Corporation, American Express, Chase, Nationwide Insurance, Allstate Insurance, State Farm Insurance, Bank of America, Duke Power, Marathon Oil, and numerous other organizations that value information security.  Security Lockdown Experience with the following platforms; IBM Mainframe (MVS/VSAM), Websphere, Oracle Application Server, SAP, WebLogic, Oracle ERP, Java, SOA and Web Services security in client and mainframe
environments, Active Directory, Oracle Internet Directory, DB2, SQL, Custom Java and .NET applications , Windows and UNIX (RedHat and Sun)  Experience with all major enterprise security tools for SOA/WS Security, Identity and Access Management, Encryption in Transit and at Rest, Operating and Network Security Vulnerability Management and Reduction, DLP technologies such as Vontu and Verdasys, RSA 2 factor authentication and integration with IDM/IAM solutions. IDS and IPS including newer solutions from Palo Alto Networks, Secure Code Application Development, Forensics and Advanced Network Monitoring and Threat Analysis  All solutions were integrated with Enterprise High Availability, Help Desk, Failover and Disaster Recovery solutions Finally, I have lead numerous teams of resources of up to 30 persons in geographically disperse locations , managed teams and security budgets of over $20 million dollars, revitalized information security teams through proactive resource management and development of personnel. I specialize in taking information security teams to proactive leadership via metrics, compliance programs and careful hiring and mentoring of personnel. I can also work with management to obtain the appropriate levels of funding for security operations.
Employer History and Experience April 2008– Present – Independent Consultant In this role, I functioned as a Security Architect with the responsibility for introducing new solutions, managing POCs, developing business cases and then architecting and delivering solutions.  For several utilities conducted NERC-CIP security architecture gap assessments and architecture  For 2 organizations, designed, architected and implemented SailPoint IAM solutions  For a large insurer, conducted security architecture assessments  For a large insurer, designed an CA Identity, Role, Control and Governance Minder architecture  For a large software vendor, developed an application security and secure SDLC strategy  For numerous firms, developed a 1,3,5 year cloud security architecture strategy  For 2 large SAAS providers developed web application SDLC security solutions to ensure cloud security  Conducted security assessments over VM/cloud based environments  Designed security architecture for a VM environment consisting of over 9000 virtual servers  For several large cloud providers, implemented a federated identity management solution  For 2 large SAAS/cloud providers, developed an enterprise security architecture  For a large FSI, developed a infrastructure logging and change management solution  For a large bank developed a mobile security solution for web based transactions along with a mobile IAM strategy  For a large retail cloud provider, designed, architected and implemented an enterprise security solution  For a large healthcare cloud provider, designed, architected and implemented an enterprise security solution  For a large retailer and a large manufacturer, developed a BYOD and NAC security solution for their cloud solution  For a large government agency, architected and implemented an Oracle IDM/IAM solution over a cloud solution  For a large government agency conducted a PCI, NIST and FISMA based security assessment. This included developing an application security framework and a GRC framework  Implemented DLP solutions for WebSense, Symantec and RSA over cloud environments  For a large distributor, architected a IBM Guardium DB Security solution  Developed an enterprise security architecture for a software developer including the secure development of applications sold to customers via cloud  For a large manufacturer/distributor, implemented a ITIM/SAP GRC solution  Current training in latest version of Oracle OIM, OAM and Oracle Role Manager  Attended IBM TFIM training for current version.  Attended Q-Radar Training for Q-Radar version 1.1 MR4. This was hands-on training  For a large government agency, architected and implemented PCI solutions for P2P encryption, tokenization and Network Enclaving/Zoning  For a large retail pharmacy working in cloud, designed and architected an enterprise security architecture for SOA/Web Services and in-store encryption this was using the TFIM and Datapower solution. Also introduced a mobile security solution for web users and employee.  For a large pharmacy, designed, architected and implemented a Q-Radar solution for SEIM for a cloud solution  For a large financial services company, architected, designed and implemented a role consolidation solution from Oracle. Also, executed a role consolidation project  For a large retailer, designed, architected and implemented a high-availability solution for CA Identity Manager r12 SP11.  For a large bank, designed, architected and implemented an enterprise security architecture lockdown and security improvement plan across the entire stack including application and GRC security  For a large bank, re-designed, re-architected, re-deployed and re-energized a large cloud IAM/IDM solution that had languished for 2 years and spent $8 million with no delivery. This included ITIM, TDI, TFIM and TAM ESSO  As a contract architect and security director lead an enterprise buildout of security architecture for a large health insurer offering a cloud-based solution. Included in this efforts was the purchase of numerous security tools, the addition of staff, implementation of enterprise IAM/IDM, 2 factor authentication and SOA/Web Services security and the use of a variety of enterprise security tools including web application security. This was based on TAM, ITIM, TFIM and Datapower  As a contract architect director, designed, architected, sold, road-mapped and lead the implementation of an enterprise WS/SOA, DB, VM and IDM/IAM/Federation security architecture for a large SAAS/cloud online education institution. This solution would lead the organization to adopt the latest in authentication, authorization centralization and other advanced security solutions. Post go-live, lead various problem resolution sessions. Lead Security Architectural Review Board meetings focused on security roadmapping. Additionally, designed a password self service solution that lowered help desk costs by over $1 million dollars.  As a contract architect and security director for a large insurer
o Introduced client to an advanced Enterprise Network forensics product that significantly improved forensics, DLP and management of network security. o Designed and architected an enterprise wide IAM/IDM/Federation/SOA/WS and RSA 2 factor authentication security architecture o Designed enterprise AS400, Unix and DB security lockdowns to include configuration, encryption and VM ware security. o Improved staffing levels. Trained teams on cloud and SAAS security  Functioning as a contract architect and director for a large civilian/military healthcare payer o Designed, architected and managed an enterprise SSO, SOA/WS, IDM/IAM, web application/secure coding. Designed real-time code review systems that scanned source-code as part of the build. Met military grades of encryption and controls o Lead reviews of mainframe and DB security systems and managed the implementation of improved security controls. o Conducted gap-analysis of enterprise SOA/WS security architecture for a large bank. Prepared build-out plans, roadmaps and architectures  For a large online cloud-based auto retailer that had been subjected to online fraud, designed, architected and managed the implementation of IDS/IPS, IAM/IDM/SSO/Federation, DLP, network, SOA/WS and DB security solutions.  Developed a web application security strategy for SDLC  Functioning as a security architect and director for a systems integrator to the FBI, CJIS and DOJ conducted gap-analysis of application security for various classified and unclassified law enforcement systems and then designed, architected and lead implementation efforts of the IAM/IDM/SSO/Federation, SOA/WS, Developed Application Coding, Database, Network, Advanced Authentication including 2 factor, DLP and VMWare server security components. Introduced this highly security centric organization to advanced concepts in VMware, network forensics/monitoring solutions such as NetWitness and advanced adaptive authorization and authentication security. This included RSA AA, TIM, TAM, TFIM and Datapower  For the Department of Homeland Security Customs and Immigration Division designed, architected and lead pilot implementation of a mainframe and client server SOA/WS, IAM/IDM solution, DB and client server security solution. This was a TIM, TAM and TFIM solution  For the US Department of Transportation, designed a mainframe and client server security architecture that focused on improvements in the areas of DLP, Network Forensics, SEIM, IAM/IDM/SSO and SOA/WS security. Managed the day to day implementation of the IAM/IDM/SSO solution.  For a large multi-national pharma manufacturer conducted an enterprise global security architecture assessment. Out of this project came: o A revised enterprise security architecture roadmap o Improved data classification and risk management/inventory practices using Archer o Overhaul of entire enterprise security technology suite and addition of numerous tools o Elevation of information security function to director status November-2007 – April 2008 – Office Depot - Third-Largest Business E-commerce Web Vendor and Largest Business Retailer Senior Director of Information Security and Security Architect . All activities were conducted on a global basis  Implemented vulnerability reduction and management programs with a focus on vSphere, Redhat, McAfee and Tripwire  Introduced concept of Federation for SSO to multiple sites from vendors and OD. Lead a pilot  Implemented DLP solutions  Implemented ISS Proventia  Implemented IDS solutions  Implemented SEM solutions  Implemented a WebServices authorization, authentication and encryption solution using DataPower.  Managed team of 10 resources and 5 contractors  Implemented more comprehensive risk registry and data classification program for US and global divisions  Designed SOA security architecture to support Oracle E-Biz and Retek Deployment  Implementing Oracle IAM and IDM for Vendor and Internal systems provisioning and access control to provide for Enterprise SSO for thousands of vendors.  Redesigned Inbox Request process to reduce unworked queue  Implemented Web-Based access control software from Oracle  Specific application security tasks included:  Managed PCI and SOX compliance initiatives
o Conducted ecommerce application security assessments for PCI compliance. Used Rational AppScan, Ounce Labs and other tools. Worked with all impacted compliance and development teams to implement a SDLC application security methodology that is business risk-based. o Implemented secure coding frameworks using tools, code libraries and process of scanning a rework o Worked with developers to resolve and correct vulnerabilities o Implemented ecommerce application security solutions for PCI and SOX compliance. Worked with risk management teams to develop solutions that addressed risks. o Implemented external authentication/authorization and provisioning systems  Implemented Tivoli Compliance Insight and Tivoli Compliance Manager  Conducted security awareness and training for a variety of clients January 2005 – November-2007 – IBM - Largest Consulting Company in World Managing Consultant – Security and Privacy Practice. In this role conducted numerous application security assessments and build-outs related to a secure application security lifecycle development process. I worked with developers, compliance personnel and business unit stakeholders to design a business -risk based solution. Developed solutions and contracts to deliver solutions. Hired resources to meet needs.  Implemented vulnerability reduction and management programs with a focus on vSphere, Redhat, McAfee and Tripwire  Implemented secure web application solutions for large system product providers  Implemented DLP solutions from Reconnex and Verdasys  Implemented ISS PRoventia solutions  Designed and implemented IDS solutions  Designed and implemented SEM solutions  Designed and implemented SOA and Web Services security solutions for encryption, authentication and authorization using DataPower and TFIM  Conducted security awareness and security training for a variety of clients  Conducted numerous application security reviews using Ounce Labs and Rational  Prepared over 40 proposals, SOWs and architecture designs to support pre-sales efforts in the IDM/IAM and application security space  Implemented Archer GRC and Tivoli Compliance Insight Manager and Compliance Manager  Conducted numerous application security assessments using AppScan and Fortify  Conducted WebSphere application security assessments at numerous corporations  Designed a PCI compliant encryption architecture for several retailers including DB and transmission systems  Implemented Oracle Identity and Access Manager at a large retailer  ITIM, ITAM, IDI, IBM LDAP and TPM architecture, implementation and configuration on a Red Hat Linux operating system for a large telecommunications company.  Completed SAP and Oracle application security assessments  Designed Enterprise Security and Identity Management Architecture for a large retail food chain using ITAM, ITIM and RSA. Additionally, assisted in developing ROI justification cases.  Assisted in installation of ITIM and ITAM for a large retailer.  Developed an ITAM v5.1/ITIM 4.6 security architecture for a bank. The system ran on AIX and Windows 2003, WebSphere and HTTP Server and utilized single sign-on using a combination of SPNEGO/Kerberos and Active Directory. In addition to the development of technical design, the work included product selection, requirements definition, use case development and product justification.  Designed security architecture for e-commerce based systems at a large wireless services company and a large utility. Conducted assessments of same.  Conducted numerous iSeries and DB2 security assessments and security architecture designs.  Designed Security Operations Center design for a large wireless company.  Conducted detailed assessments and security architecture re-design for an outsourced web-services system for a state that processed credit-card transactions and handled personal data.  Conducted several HIPAA and PCI assessments and managed security buildouts for those organizations.  Functioned as an application security architect for a custom-built, internet-based Java order management and pricing application for a large electronics distributor/manufacturer. Specific tasks includes: o High level and detailed  Security architecture designs  Design of Role-based Access control including roles, functions, design of portlet policy access, data element access and design of provisioning systems  Token-based system to manage access profiles  SAML and WS Security
 Specific RBAC work includes; identification of roles and functions, consolidation of roles and functions, development of role management policies and procedures  Design of LDAP schema  Design of provisioning system  Configuration of portlet policy-access server  Design of Identity and Access Management solution using TIM/TAM  Developed secure Java coding manuals  Using Fortify and Web-Inspect tools, conducted secure coding assessments over developed Java code and managed remediation efforts  Conducted final go-live application penetration tests of the Java-based ecommerce system  Designed SOA and SOMA security architecture and assisted with implementation of authorization/authentication and encryption solutions  System involved TIM/TAM, ITDS, IDI, Vignette, webMethods, WebSphere, Java, SOA and WebServices  DataPower encryption and firewall implementation and architecture to protect WS calls o Won IBM S&P Bravo Award for sales and delivery work on project  Attended IBM SOA Bootcamp, IBM Ethical Hacking Class, IBM Qualys Training Class  For an extremely large Financial Services, Banking and Insurance Company, performed the following o Designed security architecture for SOA/SOMA, DataPower, ISS, z/Series, p/Series and WAS environments. These environments complied with IBM, industry and regulatory requirements while meeting high-volume processing requirements o Implemented WS security architecture o Conducted SOA security assessments involving banking applications o Conducted a high-level HIPAA security assessment o Served as a liason with IBM product security SME’s to address client problems and questions o Was a part of the client IBM leadership team that defined IBM strategy at client o Conducted code assessments using Fortify tool o Designed improved code assurance process using updated guidelines and integration of Fortify and Rational Tool o Provided client with state of the art security concepts to improve zoning and segmentation, product compliance and overall strategy o Conducted DB2 security assessment o Conducted PCI assessments and development of PCI compliant security architecture o DataPower encryption and firewall implementation  For a large automotive manufacturer o Designed and managed Sun IDM implementation and upgrade and sold a Tivoli TIM.TAM/TDI project. Performed key tasks o Designed and managed e-directory upgrade o Managed a staff of 4 offshore resources responsible for coding and upgrading Dir-XML drivers. Designed the new driver systems o Using ITIL, implemented processes that reduced incidents by over 100% o Designed new provisioning and password processes that reduced costs by over 200%  Designed and implemented SUN IDM v7.0 for a large multi-national manufacturer  Designed revised IDM/IAM architecture for a large financial services and securities processor  Attended SUN IDM design and deployment class  Implemented a WebSphere and DataPower based security architecture for an SOA based system  Implemented ITCAM for SOA and ITCAM for J2EE to monitor database, process and LDAP calls for WebSphere and a Java-Based system  Conducted SOX compliance reviews and designed controls to address SOW  Conducted PCI compliance review and encryption strategy design/implementation for a large retailer  New and add-on consulting sales of over $1.8 million per year. January 2004 to January 2005 – Toyota Motor Mfg. - Largest Japanese Automotive Manufacturer in World Contractor - Security and Identity Management Consultant  Implemented vulnerability reduction programs  Implemented DLP solutions  Implemented IDS and ISS PRoventia solutions  Performed design, requirements definition, use cases, goodness of fit analysis, ROI development along with conducting/managing the implementation of identity/access management and provisioning solutions using CA SiteMinder and IdentityMinder  Implemented Web Services and ecommerce application security architecture and conducted assessments.
 Conducted e-commerce application security assessments on Java and .Net applications using Ounce Labs, App- Scan and SPI WebDynamics.  Designed vulnerability reduction program.  Conducted security awareness and training programs for a variety of clients  Lead management in re-evaluations of existing security strategies to focus on business risk appropriate, world-class security. Projects returned savings of over $1 million and reduced provisioning time to under 1 minute.  Managed Federated Identity Management Proof-of-Concept.  Designed SOA security architecture.  Designed SOC for US.  Worked with Eurekify product to identify existing roles within an organization  Conducted SAP and Peoplesoft security assessments  Conducted SOX compliance reviews and designed SOX controls July 2003 – January 2004 – Federal Reserve Board - US Government Agency Responsible for Regulation of Banking Contractor - Identity Management Consultant  Managed team focused on requirements analysis (use case, goodness of fit, business and technical requirements), technical/functional and logical design and implementation of identity management system for access to numerous web-based treasury applications and internal systems. Key value driver was the formation of a identity enablement factory that brought together ad-hoc teams to design and code the connectors that provision various applications. Used SUN IDM and Netegrity systems  Implemented Web Services security and ecommerce application security solutions including the use of the Reactivity product.  Conducted Web Services security assessment.  Designed and built-out a SOC. January 2003 – June 2003 – Oracle - Worlds’ Second Largest Software Company Contractor - Identity Management Consultant  Identified significant product gap issues in the identity management space. Lead a team of four professionals in redesigning the vendors identity management solutions and strategies to meet market needs.  Conducted security assessment and enterprise security architecture design for several financial services companies.  Designed and implemented identity management solutions at various clients using SiteMinder, Oracle Internet Directory and SSO (OID and SSO) and the Thor provisioning product.  Extended and add-on sales of over $500,000.  Prepared SOWs and proposals to support pre-sales efforts July 2002 – January 2003 – SLM - Quasi-Governmental, Publicly-Traded, Financial Services Company Director of IT Security May 2002 – July 2002 – Hoosier Lottery - State Lottery Organization Contract Security Architect November 2001 – May 2002 – KPMG - Information Security/Risk Management Consulting Company Senior Consultant April 2000 – November 2001 – CSC - Global Consulting Organization Senior Consultant November 1995 – April 2000 – Andersen - Information Security/Risk Management Consulting Company Security Architect April 1994 – November 1995 – NBD - Large US Bank – Credit Card Divisions Security Architect April 1993 – April 1994 – Heller - Large US Finance Company Security Consultant November 1987 – April 1993 – Allstate - Worlds’ Second Largest Insurance Company Security Consultant Education  B.S. in Accounting and Computer Science. Loyola University of Chicago
 MBA in Finance and Information Systems. Roosevelt University of Chicago.

Empfohlen

Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIRO
Priyanka Aash
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
Anil Kr. Dubey ISP ISLA CIISA ACSA CEH CIWSA CCNA MCSA
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 

Empfohlen

Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIRO
Priyanka Aash
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
Anil Kr. Dubey ISP ISLA CIISA ACSA CEH CIWSA CCNA MCSA
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
Omar Khawaja
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
Digital Transformation EXPO Event Series
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
Fahmi Albaheth
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Bill Ross
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
Bob Rhubart
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
NetIQ
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
Vladimir Jirasek
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
Christian F. Nissen
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 
Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...
eSAT Publishing House
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
InfinIT - Innovationsnetværket for it
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
Rea & Associates
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
rhanna11
 
Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_k
Derek Mezack
 
Resume_STrofimov
Resume_STrofimovResume_STrofimov
Resume_STrofimov
Silviu Trofimov
 

Weitere ähnliche Inhalte

Was ist angesagt?

Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
PECB
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...
eSAT Publishing House
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
Rea & Associates
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
rhanna11
 

Was ist angesagt? (20)

Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Security Modelling in ArchiMate
Security Modelling in ArchiMateSecurity Modelling in ArchiMate
Security Modelling in ArchiMate
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 
Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...Cloud based security threats with present challenges and opportunities for ma...
Cloud based security threats with present challenges and opportunities for ma...
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
 

Andere mochten auch

Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_k
Derek Mezack
 
Resume_Q2-2016.2
Resume_Q2-2016.2Resume_Q2-2016.2
Resume_Q2-2016.2
Steve Long
 
April2016 PM GregWithamResume
April2016 PM GregWithamResumeApril2016 PM GregWithamResume
April2016 PM GregWithamResume
Greg Witham
 

Andere mochten auch (14)

Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_k
 
Resume_STrofimov
Resume_STrofimovResume_STrofimov
Resume_STrofimov
 
ODell - Resume
ODell - ResumeODell - Resume
ODell - Resume
 
Pragmatic Identity & Access Management
Pragmatic Identity & Access ManagementPragmatic Identity & Access Management
Pragmatic Identity & Access Management
 
FIM Engineer_Abdulla
FIM Engineer_AbdullaFIM Engineer_Abdulla
FIM Engineer_Abdulla
 
Sachin Kumar Dubey CV
Sachin Kumar Dubey CVSachin Kumar Dubey CV
Sachin Kumar Dubey CV
 
Willem VanEssendelft Profile
Willem VanEssendelft ProfileWillem VanEssendelft Profile
Willem VanEssendelft Profile
 
Resume_Q2-2016.2
Resume_Q2-2016.2Resume_Q2-2016.2
Resume_Q2-2016.2
 
Esmail-Namazi-Resume
Esmail-Namazi-ResumeEsmail-Namazi-Resume
Esmail-Namazi-Resume
 
FIM Analyst
FIM AnalystFIM Analyst
FIM Analyst
 
Mahmut_Ozgoren_CV
Mahmut_Ozgoren_CVMahmut_Ozgoren_CV
Mahmut_Ozgoren_CV
 
April2016 PM GregWithamResume
April2016 PM GregWithamResumeApril2016 PM GregWithamResume
April2016 PM GregWithamResume
 
Vinothkumar
VinothkumarVinothkumar
Vinothkumar
 
diwakar_singh (1)
diwakar_singh (1)diwakar_singh (1)
diwakar_singh (1)
 

Ähnlich wie general_resume_12 1 linked in

Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015
Bill Haase
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
Mohan M
 
Thomas R Graham bio
Thomas R Graham bioThomas R Graham bio
Thomas R Graham bio
Tom Graham
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin Carrow
 
Archer Resource On-Demand - Kelley Boutoille
Archer Resource On-Demand - Kelley BoutoilleArcher Resource On-Demand - Kelley Boutoille
Archer Resource On-Demand - Kelley Boutoille
Kelley Boutoille, ACP
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYCHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
Chuck Davis
 

Ähnlich wie general_resume_12 1 linked in (20)

Project manager MBA cyber security
Project manager MBA cyber securityProject manager MBA cyber security
Project manager MBA cyber security
 
Enterprise Architecture - Information Security
Enterprise Architecture - Information SecurityEnterprise Architecture - Information Security
Enterprise Architecture - Information Security
 
Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015Bill_Haase_Resume Dec 2015
Bill_Haase_Resume Dec 2015
 
Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture
 
Irfan Ur Rehman
Irfan Ur RehmanIrfan Ur Rehman
Irfan Ur Rehman
 
Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends Responding to the Pandemic: Information Security and Technology Trends
Responding to the Pandemic: Information Security and Technology Trends
 
Michael Bowers Resume
Michael Bowers ResumeMichael Bowers Resume
Michael Bowers Resume
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
resume.doc
resume.docresume.doc
resume.doc
 
MullaneyChrisER
MullaneyChrisERMullaneyChrisER
MullaneyChrisER
 
Consulthink Overview
Consulthink OverviewConsulthink Overview
Consulthink Overview
 
Thomas R Graham bio
Thomas R Graham bioThomas R Graham bio
Thomas R Graham bio
 
Dr. Charles Pak
Dr. Charles PakDr. Charles Pak
Dr. Charles Pak
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
Archer Resource On-Demand - Kelley Boutoille
Archer Resource On-Demand - Kelley BoutoilleArcher Resource On-Demand - Kelley Boutoille
Archer Resource On-Demand - Kelley Boutoille
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYCHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
 

general_resume_12 1 linked in

  • 1. John J. Masiliunas – Managing Consultant – Security and Privacy CISSP, CISA, Certified Internal Auditor, Certified Public Accountant, Certified Bank Auditor, Tivoli Certified Solutions Specialist, Certified Financial Services Auditor, IBM Project Management Certified, Department of Treasury Secret Clearance, Department of Homeland Security and FBI Secret Clearance Contact Information: 7138 Eagle Trace Way, Indianapolis, Indiana 317-417-5829 Or 317-881-0883. email johnmasiliunas@hotmail.com Summary of Skills John has over 15 years of leadership in the sales, design, execution, project management and hands-on implementation experience with leading-edge application security technologies at the most technically complex global organizations in the world. This includes experience with all the major product vendors. Key attributes related to the specific opportunity include:  Specifics regarding the opportunity include: o Managing support offshore teams o Developing 1,3,5 year security architecture and IAM plans o Developed security architecture for enterprise web-based product solutions o Designing and implementing SAAS and cloud security architectures for large cloud providers and other service organizations o Conducting assessments of SAAS/cloud security architectures o Introducing new technologies and concepts into organizations and managing POC o Experience with mobile and BYOD security solutions o Associations with various information security leaders world-wide in industry and academia  Passed exams - CISSP, CISA, CISM, Certified Financial Services Auditor, Certified Bank Auditor  Experienced with using the PCI and other FSI frameworks  Certified Ethical Hacker – IBM  Qualys and Foundstone Certified  Consulting experience with Big 4, Andersen and Large System Integrators such as IBM and CSC  Experience with all security architecture methodologies including ISO, COBIT, FFIERC, NIST, CAP, FISMA, FRB and SABSA  Built all systems to European and US privacy standards  Lead Information Security positions. In this role: o Reduced Costs o Developed Solutions o Built security delivery teams o Brought global security architectures to best practice standards o Introduced more sophisticated and comprehensive risk management practices that included the use of risk registers, data classification and metrics o Upgraded staff o Projected improved image of information security o Became authority on all areas of security and business risk o Chaired key committees on security and improved relations with audit and compliance  Lead Security initiatives in all areas of information security. All the projects involved initial conceptual design, cost-benefit analysis, road-mapping, gap analysis, build-out project plans, leading execution initiatives and post go-live gap analysis along with some post-go-live support. I am an expert at identifying solution and gaps and proactively working with clients to design, build and deploy security architectures. I am known as a take-charge resource and leader who through visual and verbal communications can sell the facts to management while saving money on security initiatives. Finally, I am always up to date on newest trends and technologies that add value to organizations. o Architecture Design, Gap-Analysis and Deployment Management experience with some of the most security driven organizations in the world in the Financial Services Industry and major government agencies. Sample clients include the Department of Homeland Security, Citi, Nordstroms, Numerous BCBS organizations, FBI, Department of Justice, US Criminal Justice Information Systems, Wal-Mart, VISA, Kroger, Best Buy, Federal Reserve Board, Department of Defense, Toyota Motor Corporation, American Express, Chase, Nationwide Insurance, Allstate Insurance, State Farm Insurance, Bank of America, Duke Power, Marathon Oil, and numerous other organizations that value information security.  Security Lockdown Experience with the following platforms; IBM Mainframe (MVS/VSAM), Websphere, Oracle Application Server, SAP, WebLogic, Oracle ERP, Java, SOA and Web Services security in client and mainframe
  • 2. environments, Active Directory, Oracle Internet Directory, DB2, SQL, Custom Java and .NET applications , Windows and UNIX (RedHat and Sun)  Experience with all major enterprise security tools for SOA/WS Security, Identity and Access Management, Encryption in Transit and at Rest, Operating and Network Security Vulnerability Management and Reduction, DLP technologies such as Vontu and Verdasys, RSA 2 factor authentication and integration with IDM/IAM solutions. IDS and IPS including newer solutions from Palo Alto Networks, Secure Code Application Development, Forensics and Advanced Network Monitoring and Threat Analysis  All solutions were integrated with Enterprise High Availability, Help Desk, Failover and Disaster Recovery solutions Finally, I have lead numerous teams of resources of up to 30 persons in geographically disperse locations , managed teams and security budgets of over $20 million dollars, revitalized information security teams through proactive resource management and development of personnel. I specialize in taking information security teams to proactive leadership via metrics, compliance programs and careful hiring and mentoring of personnel. I can also work with management to obtain the appropriate levels of funding for security operations.
  • 3. Employer History and Experience April 2008– Present – Independent Consultant In this role, I functioned as a Security Architect with the responsibility for introducing new solutions, managing POCs, developing business cases and then architecting and delivering solutions.  For several utilities conducted NERC-CIP security architecture gap assessments and architecture  For 2 organizations, designed, architected and implemented SailPoint IAM solutions  For a large insurer, conducted security architecture assessments  For a large insurer, designed an CA Identity, Role, Control and Governance Minder architecture  For a large software vendor, developed an application security and secure SDLC strategy  For numerous firms, developed a 1,3,5 year cloud security architecture strategy  For 2 large SAAS providers developed web application SDLC security solutions to ensure cloud security  Conducted security assessments over VM/cloud based environments  Designed security architecture for a VM environment consisting of over 9000 virtual servers  For several large cloud providers, implemented a federated identity management solution  For 2 large SAAS/cloud providers, developed an enterprise security architecture  For a large FSI, developed a infrastructure logging and change management solution  For a large bank developed a mobile security solution for web based transactions along with a mobile IAM strategy  For a large retail cloud provider, designed, architected and implemented an enterprise security solution  For a large healthcare cloud provider, designed, architected and implemented an enterprise security solution  For a large retailer and a large manufacturer, developed a BYOD and NAC security solution for their cloud solution  For a large government agency, architected and implemented an Oracle IDM/IAM solution over a cloud solution  For a large government agency conducted a PCI, NIST and FISMA based security assessment. This included developing an application security framework and a GRC framework  Implemented DLP solutions for WebSense, Symantec and RSA over cloud environments  For a large distributor, architected a IBM Guardium DB Security solution  Developed an enterprise security architecture for a software developer including the secure development of applications sold to customers via cloud  For a large manufacturer/distributor, implemented a ITIM/SAP GRC solution  Current training in latest version of Oracle OIM, OAM and Oracle Role Manager  Attended IBM TFIM training for current version.  Attended Q-Radar Training for Q-Radar version 1.1 MR4. This was hands-on training  For a large government agency, architected and implemented PCI solutions for P2P encryption, tokenization and Network Enclaving/Zoning  For a large retail pharmacy working in cloud, designed and architected an enterprise security architecture for SOA/Web Services and in-store encryption this was using the TFIM and Datapower solution. Also introduced a mobile security solution for web users and employee.  For a large pharmacy, designed, architected and implemented a Q-Radar solution for SEIM for a cloud solution  For a large financial services company, architected, designed and implemented a role consolidation solution from Oracle. Also, executed a role consolidation project  For a large retailer, designed, architected and implemented a high-availability solution for CA Identity Manager r12 SP11.  For a large bank, designed, architected and implemented an enterprise security architecture lockdown and security improvement plan across the entire stack including application and GRC security  For a large bank, re-designed, re-architected, re-deployed and re-energized a large cloud IAM/IDM solution that had languished for 2 years and spent $8 million with no delivery. This included ITIM, TDI, TFIM and TAM ESSO  As a contract architect and security director lead an enterprise buildout of security architecture for a large health insurer offering a cloud-based solution. Included in this efforts was the purchase of numerous security tools, the addition of staff, implementation of enterprise IAM/IDM, 2 factor authentication and SOA/Web Services security and the use of a variety of enterprise security tools including web application security. This was based on TAM, ITIM, TFIM and Datapower  As a contract architect director, designed, architected, sold, road-mapped and lead the implementation of an enterprise WS/SOA, DB, VM and IDM/IAM/Federation security architecture for a large SAAS/cloud online education institution. This solution would lead the organization to adopt the latest in authentication, authorization centralization and other advanced security solutions. Post go-live, lead various problem resolution sessions. Lead Security Architectural Review Board meetings focused on security roadmapping. Additionally, designed a password self service solution that lowered help desk costs by over $1 million dollars.  As a contract architect and security director for a large insurer
  • 4. o Introduced client to an advanced Enterprise Network forensics product that significantly improved forensics, DLP and management of network security. o Designed and architected an enterprise wide IAM/IDM/Federation/SOA/WS and RSA 2 factor authentication security architecture o Designed enterprise AS400, Unix and DB security lockdowns to include configuration, encryption and VM ware security. o Improved staffing levels. Trained teams on cloud and SAAS security  Functioning as a contract architect and director for a large civilian/military healthcare payer o Designed, architected and managed an enterprise SSO, SOA/WS, IDM/IAM, web application/secure coding. Designed real-time code review systems that scanned source-code as part of the build. Met military grades of encryption and controls o Lead reviews of mainframe and DB security systems and managed the implementation of improved security controls. o Conducted gap-analysis of enterprise SOA/WS security architecture for a large bank. Prepared build-out plans, roadmaps and architectures  For a large online cloud-based auto retailer that had been subjected to online fraud, designed, architected and managed the implementation of IDS/IPS, IAM/IDM/SSO/Federation, DLP, network, SOA/WS and DB security solutions.  Developed a web application security strategy for SDLC  Functioning as a security architect and director for a systems integrator to the FBI, CJIS and DOJ conducted gap-analysis of application security for various classified and unclassified law enforcement systems and then designed, architected and lead implementation efforts of the IAM/IDM/SSO/Federation, SOA/WS, Developed Application Coding, Database, Network, Advanced Authentication including 2 factor, DLP and VMWare server security components. Introduced this highly security centric organization to advanced concepts in VMware, network forensics/monitoring solutions such as NetWitness and advanced adaptive authorization and authentication security. This included RSA AA, TIM, TAM, TFIM and Datapower  For the Department of Homeland Security Customs and Immigration Division designed, architected and lead pilot implementation of a mainframe and client server SOA/WS, IAM/IDM solution, DB and client server security solution. This was a TIM, TAM and TFIM solution  For the US Department of Transportation, designed a mainframe and client server security architecture that focused on improvements in the areas of DLP, Network Forensics, SEIM, IAM/IDM/SSO and SOA/WS security. Managed the day to day implementation of the IAM/IDM/SSO solution.  For a large multi-national pharma manufacturer conducted an enterprise global security architecture assessment. Out of this project came: o A revised enterprise security architecture roadmap o Improved data classification and risk management/inventory practices using Archer o Overhaul of entire enterprise security technology suite and addition of numerous tools o Elevation of information security function to director status November-2007 – April 2008 – Office Depot - Third-Largest Business E-commerce Web Vendor and Largest Business Retailer Senior Director of Information Security and Security Architect . All activities were conducted on a global basis  Implemented vulnerability reduction and management programs with a focus on vSphere, Redhat, McAfee and Tripwire  Introduced concept of Federation for SSO to multiple sites from vendors and OD. Lead a pilot  Implemented DLP solutions  Implemented ISS Proventia  Implemented IDS solutions  Implemented SEM solutions  Implemented a WebServices authorization, authentication and encryption solution using DataPower.  Managed team of 10 resources and 5 contractors  Implemented more comprehensive risk registry and data classification program for US and global divisions  Designed SOA security architecture to support Oracle E-Biz and Retek Deployment  Implementing Oracle IAM and IDM for Vendor and Internal systems provisioning and access control to provide for Enterprise SSO for thousands of vendors.  Redesigned Inbox Request process to reduce unworked queue  Implemented Web-Based access control software from Oracle  Specific application security tasks included:  Managed PCI and SOX compliance initiatives
  • 5. o Conducted ecommerce application security assessments for PCI compliance. Used Rational AppScan, Ounce Labs and other tools. Worked with all impacted compliance and development teams to implement a SDLC application security methodology that is business risk-based. o Implemented secure coding frameworks using tools, code libraries and process of scanning a rework o Worked with developers to resolve and correct vulnerabilities o Implemented ecommerce application security solutions for PCI and SOX compliance. Worked with risk management teams to develop solutions that addressed risks. o Implemented external authentication/authorization and provisioning systems  Implemented Tivoli Compliance Insight and Tivoli Compliance Manager  Conducted security awareness and training for a variety of clients January 2005 – November-2007 – IBM - Largest Consulting Company in World Managing Consultant – Security and Privacy Practice. In this role conducted numerous application security assessments and build-outs related to a secure application security lifecycle development process. I worked with developers, compliance personnel and business unit stakeholders to design a business -risk based solution. Developed solutions and contracts to deliver solutions. Hired resources to meet needs.  Implemented vulnerability reduction and management programs with a focus on vSphere, Redhat, McAfee and Tripwire  Implemented secure web application solutions for large system product providers  Implemented DLP solutions from Reconnex and Verdasys  Implemented ISS PRoventia solutions  Designed and implemented IDS solutions  Designed and implemented SEM solutions  Designed and implemented SOA and Web Services security solutions for encryption, authentication and authorization using DataPower and TFIM  Conducted security awareness and security training for a variety of clients  Conducted numerous application security reviews using Ounce Labs and Rational  Prepared over 40 proposals, SOWs and architecture designs to support pre-sales efforts in the IDM/IAM and application security space  Implemented Archer GRC and Tivoli Compliance Insight Manager and Compliance Manager  Conducted numerous application security assessments using AppScan and Fortify  Conducted WebSphere application security assessments at numerous corporations  Designed a PCI compliant encryption architecture for several retailers including DB and transmission systems  Implemented Oracle Identity and Access Manager at a large retailer  ITIM, ITAM, IDI, IBM LDAP and TPM architecture, implementation and configuration on a Red Hat Linux operating system for a large telecommunications company.  Completed SAP and Oracle application security assessments  Designed Enterprise Security and Identity Management Architecture for a large retail food chain using ITAM, ITIM and RSA. Additionally, assisted in developing ROI justification cases.  Assisted in installation of ITIM and ITAM for a large retailer.  Developed an ITAM v5.1/ITIM 4.6 security architecture for a bank. The system ran on AIX and Windows 2003, WebSphere and HTTP Server and utilized single sign-on using a combination of SPNEGO/Kerberos and Active Directory. In addition to the development of technical design, the work included product selection, requirements definition, use case development and product justification.  Designed security architecture for e-commerce based systems at a large wireless services company and a large utility. Conducted assessments of same.  Conducted numerous iSeries and DB2 security assessments and security architecture designs.  Designed Security Operations Center design for a large wireless company.  Conducted detailed assessments and security architecture re-design for an outsourced web-services system for a state that processed credit-card transactions and handled personal data.  Conducted several HIPAA and PCI assessments and managed security buildouts for those organizations.  Functioned as an application security architect for a custom-built, internet-based Java order management and pricing application for a large electronics distributor/manufacturer. Specific tasks includes: o High level and detailed  Security architecture designs  Design of Role-based Access control including roles, functions, design of portlet policy access, data element access and design of provisioning systems  Token-based system to manage access profiles  SAML and WS Security
  • 6.  Specific RBAC work includes; identification of roles and functions, consolidation of roles and functions, development of role management policies and procedures  Design of LDAP schema  Design of provisioning system  Configuration of portlet policy-access server  Design of Identity and Access Management solution using TIM/TAM  Developed secure Java coding manuals  Using Fortify and Web-Inspect tools, conducted secure coding assessments over developed Java code and managed remediation efforts  Conducted final go-live application penetration tests of the Java-based ecommerce system  Designed SOA and SOMA security architecture and assisted with implementation of authorization/authentication and encryption solutions  System involved TIM/TAM, ITDS, IDI, Vignette, webMethods, WebSphere, Java, SOA and WebServices  DataPower encryption and firewall implementation and architecture to protect WS calls o Won IBM S&P Bravo Award for sales and delivery work on project  Attended IBM SOA Bootcamp, IBM Ethical Hacking Class, IBM Qualys Training Class  For an extremely large Financial Services, Banking and Insurance Company, performed the following o Designed security architecture for SOA/SOMA, DataPower, ISS, z/Series, p/Series and WAS environments. These environments complied with IBM, industry and regulatory requirements while meeting high-volume processing requirements o Implemented WS security architecture o Conducted SOA security assessments involving banking applications o Conducted a high-level HIPAA security assessment o Served as a liason with IBM product security SME’s to address client problems and questions o Was a part of the client IBM leadership team that defined IBM strategy at client o Conducted code assessments using Fortify tool o Designed improved code assurance process using updated guidelines and integration of Fortify and Rational Tool o Provided client with state of the art security concepts to improve zoning and segmentation, product compliance and overall strategy o Conducted DB2 security assessment o Conducted PCI assessments and development of PCI compliant security architecture o DataPower encryption and firewall implementation  For a large automotive manufacturer o Designed and managed Sun IDM implementation and upgrade and sold a Tivoli TIM.TAM/TDI project. Performed key tasks o Designed and managed e-directory upgrade o Managed a staff of 4 offshore resources responsible for coding and upgrading Dir-XML drivers. Designed the new driver systems o Using ITIL, implemented processes that reduced incidents by over 100% o Designed new provisioning and password processes that reduced costs by over 200%  Designed and implemented SUN IDM v7.0 for a large multi-national manufacturer  Designed revised IDM/IAM architecture for a large financial services and securities processor  Attended SUN IDM design and deployment class  Implemented a WebSphere and DataPower based security architecture for an SOA based system  Implemented ITCAM for SOA and ITCAM for J2EE to monitor database, process and LDAP calls for WebSphere and a Java-Based system  Conducted SOX compliance reviews and designed controls to address SOW  Conducted PCI compliance review and encryption strategy design/implementation for a large retailer  New and add-on consulting sales of over $1.8 million per year. January 2004 to January 2005 – Toyota Motor Mfg. - Largest Japanese Automotive Manufacturer in World Contractor - Security and Identity Management Consultant  Implemented vulnerability reduction programs  Implemented DLP solutions  Implemented IDS and ISS PRoventia solutions  Performed design, requirements definition, use cases, goodness of fit analysis, ROI development along with conducting/managing the implementation of identity/access management and provisioning solutions using CA SiteMinder and IdentityMinder  Implemented Web Services and ecommerce application security architecture and conducted assessments.
  • 7.  Conducted e-commerce application security assessments on Java and .Net applications using Ounce Labs, App- Scan and SPI WebDynamics.  Designed vulnerability reduction program.  Conducted security awareness and training programs for a variety of clients  Lead management in re-evaluations of existing security strategies to focus on business risk appropriate, world-class security. Projects returned savings of over $1 million and reduced provisioning time to under 1 minute.  Managed Federated Identity Management Proof-of-Concept.  Designed SOA security architecture.  Designed SOC for US.  Worked with Eurekify product to identify existing roles within an organization  Conducted SAP and Peoplesoft security assessments  Conducted SOX compliance reviews and designed SOX controls July 2003 – January 2004 – Federal Reserve Board - US Government Agency Responsible for Regulation of Banking Contractor - Identity Management Consultant  Managed team focused on requirements analysis (use case, goodness of fit, business and technical requirements), technical/functional and logical design and implementation of identity management system for access to numerous web-based treasury applications and internal systems. Key value driver was the formation of a identity enablement factory that brought together ad-hoc teams to design and code the connectors that provision various applications. Used SUN IDM and Netegrity systems  Implemented Web Services security and ecommerce application security solutions including the use of the Reactivity product.  Conducted Web Services security assessment.  Designed and built-out a SOC. January 2003 – June 2003 – Oracle - Worlds’ Second Largest Software Company Contractor - Identity Management Consultant  Identified significant product gap issues in the identity management space. Lead a team of four professionals in redesigning the vendors identity management solutions and strategies to meet market needs.  Conducted security assessment and enterprise security architecture design for several financial services companies.  Designed and implemented identity management solutions at various clients using SiteMinder, Oracle Internet Directory and SSO (OID and SSO) and the Thor provisioning product.  Extended and add-on sales of over $500,000.  Prepared SOWs and proposals to support pre-sales efforts July 2002 – January 2003 – SLM - Quasi-Governmental, Publicly-Traded, Financial Services Company Director of IT Security May 2002 – July 2002 – Hoosier Lottery - State Lottery Organization Contract Security Architect November 2001 – May 2002 – KPMG - Information Security/Risk Management Consulting Company Senior Consultant April 2000 – November 2001 – CSC - Global Consulting Organization Senior Consultant November 1995 – April 2000 – Andersen - Information Security/Risk Management Consulting Company Security Architect April 1994 – November 1995 – NBD - Large US Bank – Credit Card Divisions Security Architect April 1993 – April 1994 – Heller - Large US Finance Company Security Consultant November 1987 – April 1993 – Allstate - Worlds’ Second Largest Insurance Company Security Consultant Education  B.S. in Accounting and Computer Science. Loyola University of Chicago
  • 8.  MBA in Finance and Information Systems. Roosevelt University of Chicago.