Peningo Systems, Inc.

Resume of Candidate: PEN008

Rate: email us at for rate information

Location: Nationwide

Contact info:  For information on this candidate please email us at

Technical Areas:

Over twenty years experience Senior System Engineer / DCE Architect with a strong background in
Tivoli Identity Manager 4.5, Tivoli Access Manager v4.1, Tivoli Privacy Manager 1.1, IBM Directory
Server, IBM Directory Integrator, Tivoli Risk Manager, Tivoli Policy Director, Netegrity
TransactionMinder, Netegrity IdentityMinder, Netegrity SiteMinder v6.0,Active Directory, AIX, DCE,  
Encina, CICS/6000, IBM/DEC DCE, MQ-Series, Novell eDirectory 8.6 and DB2 / UDB.  



WORKSTATIONS:                  Sun (Sparc 10000/Solaris 9), IBM (RS/6000 J40/AIX 5.1),                                         
STRATUS (FTX and VOS) DEC 2100 (DEC UNIX 4.0), HP                                                  9000 T-1000 (RISC-
PA/HP-UX 11i), NEXT (MACH 4.0)

SMPs:                                     SEQUOIA 7000(12 proc), ENCORE Multimax (8 proc.)

Software:                              X-Windows (Motif), TCP/IP, SNMP (v5), OSI, X.25, X.400,                                         
CMIP (X.700), LDAP (v3)   SYBASE (System 11), ORACLE                                         (9i), INGRES, INFORMIX
(8.0), UNISQL, DB2 UDB (v8.2)

DCE 1.2.2(internals), AFS 4.0, ENCINA 2.5.1(internals),                                         CICS/6000, TUXEDO (v6.5),

MQ-Series (v5.0), MQSI, Visigenic, IONA/Orbix2000 (v3),                                         Component Broker (v3.6)

OpenView (v5), NetView/6000 (4.0), BMC Patrol, Tivoli (TME                                         10), CA-Unicenter,  
Entrust 5.0, Baltimore UniCert and                                                 SelectAccess, Netegrity
TransactionMinder, IdentityMinder &                                         SiteMinder v6.0, RSA ClearTrust, Oblix
Tivoli Access Manager v4.1, Tivoli Privacy Manager 1.1, Tivoli                                 Identity Manager 4.5,
Tivoli Risk Manager
Novell eDirectory 8.6, Sun ONE Directory (iPlanet) and                                                 Certificate Server,
IBM Directory Server, IBM Directory                                         Integrator, Trusted Solaris 8.0, HP Virtual
Vault 4.5, SET,                                         TIBCO, VITRIA WebLogic EE/Server v8.1, WebSphere EE
&                                 AE/AS v5.0

Languages:                            Java 2.0, EJB 2.1, C, C++, Smalltalk, and Assembler,
IBM                                         z990, 309x, 3xx, 370 MVS/ESA 5.2  TSO/SPF,
OS/JCL,                                                 UTILITIES, REXX;

z/OS v1.5  NCP/VTAM 3.6, APPN, RACF, ACF2, DCE                                         Toolkit (2.0); CICS/ESA
(command and macro level 4.0),                                         MRO/ISC/LU 6.2; IMS DB/DC 3.0(internals),
DB2                                                 3.5(internals), DCE-MVS; VM/ESA (SP 3), VM/XA (SP 3)
z/VM, CP, CMS and GCS internals, EXEC2, REXX
Linux SuSE 8        VTAM 3.6, DCE-VM Toolkit (1.1), SQL/DS,                                 FOCUS 7.0, NOMAD 2;
AIX/ESA 2.0 X-Windows, TCP/IP, NFS, DCE Toolkit (1.1)

IBM PC (INTEL); PS/2(Model 160) and compatibles, P II/333
MS-DOS/Windows 3.1, Windows 98, Windows (NT 4.0,                                                       Win2K, Windows
XP), OS/2 Warp:
MS-SQL Server 7.0, Delphi, IBM/DEC DCE (3.0), Gradient                                         DCE Toolkit (3.0),
NetCrusader, LOTUS Notes 4.6,                                                 COM/DCOM, MSMQ, MTS, Tivoli Access
Manager / Policy                                         Director v3.9

MT-XINU MACH (3.0), NOVELL-UnixWare (V.4.2 MP),

AIX/PS/2: X-Windows, TCP/IP, External Pager, INGRES,                                           Sybase, Oracle

ASSEMBLER, C, C++(Borland 5.0, MS-VC 6.0 with MFC),                                           VB 6.0, UML, HTML 4.2,
XML 2.0, Java 1.2, J++ 6.0, EJB 1.2,                                          Smalltalk  DG ECLIPSE 130/140       AOS/VS,


(Name of Client withheld) (East Moline, IL)

Provided security services all around the country for Identity and Access Management
Software based on all CA Security Suite components, especially SiteMinder 6.x and Identity
Manager 8.x.It involved architecture/design, installation/updates and development. Worked (and
Implemented extensively) with all SAML based Federation products on the market.

2/2005 - Present
(Name of Client withheld)
Industry: Government- National
Sr Security Architect

For USPS (Arlington, VA) architected, designed and implemented an SSO and authorization system
designed specifically for WebSphere and SAP Portals and based on Oblix v7.1, ADAM directory and a
meta-directory synchronization tool.

9/2004 - 2/2005
(Name of Client withheld)
Industry: Banking/Finance
Sr Security Architect

For TFS (Toyota Financial Services, Torrance, CA), in addition to a company-wide security audit,
designed and implemented a system doing I&AM based on RSA ClearTrust v5.6 and Thor Xellerate v8.0.

12/2003 - 9/2004
(Name of Client withheld)  San Jose, CA Industry:
IT- Software Systems & Design Sr Security Architect

For Cisco, designed and implemented a central provisioning system based on Netegrity’s
IdentityMinder eProvision product. A separate feed has been developed for Peoplesoft and special
(customized) agent was developed for Siebel. An Enterprise RBAC (Role Based Access Control) system
was implemented based on the IM Web edition version. The Enterprise RBAC communicated via web-
services with SiteMinder 6.0 roles, but was used as a source for all authorization systems (including
non-web) used in CISCO.

3/03-10/03       For IBM, part of IGS/ITS, provided services all over the country as a Senior Security
Architect especially in security audits and implementation of IBM and Tivoli Security Suites, especially
Tivoli Identity Manager, Tivoli Access Manager and Tivoli Risk Manager.

9/02-2/03             For (Name of Client withheld) as a Security Architect provided a comprehensive
security audit for the entire agency the result of it being a report of suggestions and proposals and
Policies and Procedures. This further implied an implementation of biometrics (retina scan), Single Sign-
On and Authorization Framework based on Novell iChain, Tivoli Access Manager 4.1and Tivoli Identity
Manager 4.4. It also involved an implementation of secure FTP (FTPS) agency-wide and database
security based on AES encryption in DB2.

10/00-8/02           For First Genetic Trust (Lyndhurst, NJ) as a Director of Security, I designed and
implemented a state-of-art, HIPAA and ISO/IEC 17799:2000 compliant,  security architecture system
based on Virtual Vault 4.5 and Trusted Solaris 8, Baltimore Technologies’ UniCert, Netegrity’s
SiteMinder (v5.0) and Tivoli Policy Director (v3.8) for authentication and authorization. The system was
built in J2EE (WebLogic 6.0 Enterprise) and XML. The architecture implemented contained also network
security (FW-1, PIX and SideWinder as well as IDS-1 and CISCO VPN), physical security based on
biometrics as well as a special patent for database security based on Oracle 9i.

1/00-9/00           For (Name of Client withheld) (2 Metro Tech Center, Brooklyn NY) rearchitected the
Entitlements System based on DCE ERAs and through a Tivoli Policy Director V3.7 implementation

1/98-12/99           For (Name of Client withheld)  worked as Security and Infrastructure Architect in 3

(9/99-12/99)        For (Name of Client withheld) () architected the migration of the Fixed Income System
based on EJB using WebSphere Enterprise Edition with a special implementation of Java servlets.
Previously I performed an extensive benchmark between 6 EJB vendors, including WebLogic and

(1/99-8/99)          For (Name of Client withheld) architected the migration from DCE/Encina to
ORBIX/Encina for the main application, CitiDirect, using DASCOM for CORBA level 2 security. Front-end
security was using Entrust 4.0 PKI with X.500 as repository, integrated with DCE and later Orbix.

(1/98-12/98)        For (Name of Client withheld) architected and maintained their global DCE cell. Four
production applications coexisted in the main production cell (150,000 users) based in New York,
London and Singapore. Integrated DCE with HP Open View by writing a MIB for it with the front end in
Java and XML.

3/96-12/97           For (Name of Client withheld) deployed DCE and ENCINA in a global production
heterogeneous (from PCs, AIX, Sun, to OS/390) environment.

(1/97-12/97)        For (Name of Client withheld)) developed and deployed the system management
support for the DCE infrastructure, via an intranet built fully in Java and added DASCOM and
TIVOLI/Santix support. The rest of the CHASE intranet was developed with Gradient Web Crusader and

1/96-3/96             For (Name of Client withheld)  (Birmingham, AL), architected and developed an
application supporting the PCS cellular system involving cross multi-firewall DCE communication. It was
developed on HP-UX 10.2, in C++ and involving a backend of CICS/6000 with DB2/6000.

9/95-12/95           For (Name of Client withheld) (Liberty Plaza), deployed DCE Company wide, taught DCE
and ENCINA for FX and Money Transfer and designed and developed two pilots using Encina.

2/95-9/95             For (Name of Client withheld) (Liberty Corner, NJ), worked as a Security Architect for
the whole ASOS project (clients were Pacific Bell and SNET). Build GSS-API based interfaces for Tivoli
(TME 10.0) and CMIP/SNMP Session Manager. Also build an ORB-MQ-Series interface.

4/93-1/95             For LEHMAN BROS, NYC, I managed a 4 people research project group on DCE based
on an American Express grant. Its goals were to teach, develop and port applications (from ONC+ to
DCE), and finally to administer and DCE and ENCINA company-wide.

(6/94-1/95)          For LEHMAN BROS, NYC, developed a remote installation tool based on TIVOLI v2 and a
generalized ACL Manager, both for wide DCE deployment.

(4/93-5/94)          For LEHMAN BROS, NYC developed a Systems Management tool based on DCE
technology in C++ and using an Object Request Broker. It used the Encina Monitor to assure the
transactional data interchange between the server and a Sybase Open Client (early version XA
compliant). The application was distributed through inter-cell communication and widely used in
LEHMAN BROTHERS. Scalability was tested up to 5000 nodes per cell.

6/92-4/93             For IBM Corp., Kingston Labs, prepared and taught a 4 weeks class containing DCE

(12/92-4/93)        programming, administration and internals. Finally I installed and administer two DCE 50
nodes cells environment used for development of the Toolkit.

(10/92-4/93)        For IBM Corp., Kingston Labs, made an analysis from the AIX/ESA security perspective
of the DCE 1.0.2 code and implemented the necessary modifications on the ported code for the DCE
Toolkit (1.0) and final DCE product.

(6/92-10/92)      For IBM Corp., Kingston Labs (NY) was responsible for the submittal of AIX/ESA 2.0
(ESA/390) for the B1 certification.

9/89-6/92             For MEAD DATA CENTRAL (Dayton, OH), evaluated and build a prototype based on

(9/91-5/92)          OSF DCE technology. It used extensively the Naming Service (based on X.500), and the
RPC. It also involved an evaluation of the Encina Monitor vs. Tuxedo. The work was done on UNIX
platforms (RS/6000, DEC 3100 and HP 9000) in C++.

(7/90-8/91)        For MEAD DATA CENTRAL (Dayton, OH), architected and build a prototype for the Security
System of NGS (Mead new product) based on Kerberos (MIT-Project Athena) technology. The work was
done on Sun workstations in UNIX and C++.

(9/89-6/90)         For MEAD DATA CENTRAL (Dayton, OH), designed and build a software layer above the
operating system insulating the applications from the NGS system calls. The work was done in UNIX and
C++, containing device drivers for interoperability with CICS/LU 6.2.

1/88-8/89             For IBM Corp., Glendale Labs (Endicott, NY), as member of a highly successful project
team, architected and developed GCS/ESA, a key component of VM/ESA. The work was done in PLS III,
BAL and REXX. Responsibilities included design, development, testing and coordination with other IBM
labs (Raleigh, NC and Zurich, Switzerland).

8/87-12/87           For IBM Corp., RECD Division (Stamford, CT), developed an interface between an
internal equipment database (written in IMS/DB/DC) and a panel oriented front-end in VM/CMS. The
work was done in PL/1, BAL, REXX, and ISPF. At the same location, converted the PC side of a
warehouse management system (written in REXX at the VM/CMS side and DBASE III at the PC side), in
PARADOX database. The work involved extensive PARADOX programming under Windows.

1/87-8/87             For NYNEX MOBILE COMMUNICATIONS designed and implemented a database
selection process. My responsibility was to build prototype databases under the various DBMSs and
benchmark them within a high volume, high contention environment. Initially the four candidates were
For the same company, designed and built a relational database using NOMAD and REXX in a VM
environment with data extracted from a very large IMS database.

8/86-12/86           For AT&T as a Sr Systems Programmer, developed drivers and interfaces for the
Alpharel Optical Disk systems (ODS) with IBM 308x computers running CICS 1.7 in an MVS/XA
environment. The system was general enough to permit any other ODSs to be installed. It was build for
multiple regions connected via MRO and ISC and it included: channel programs to move data in bulk
between the ODS and the mainframe; an enqueue/dequeue mechanism to allow concurrent access to
the ODS files; higher level interface to allow applications programmers easy access and error recovery
of the ODS data.

8/85-7/86             For INFORMATION BUILDERS Inc. managed the conversion of FOCUS from one
operating system to another. Was involved in all aspects of FOCUS from report writing to “modify” files,
etc. Specific responsibilities included the conversion of the generic FORTRAN programs, rewriting the
system dependent ones in BAL, testing and debugging. The work was done on an IBM4341 under

7/83-7/85             For APPLIED DATA RESEARCH participated in the development of LIBRARIAN.

(7/84-7/85)          I redeveloped from scratch the group access option (GPO) function of the Batch
LIBRARIAN. The functionality was heavily based on Boolean logic.

(7/83-7/84)          Rearchitected the batch and on-line LIBRARIAN, changing it into a future easy to handle
product, independent of the operating system platform and able to be called from any on-line
environment. Al the work was done in BAL on an IBM 3081 under MVS/XA and IBM 4341 under DOS/VSE


Languages:                             French, German, Italian and Spanish