Peningo Systems, Inc.
Resume of Candidate: PEN74
Rate: email us at firstname.lastname@example.org for rate information
Tivoli Identity Manager Consultant
CISSP – ISSAP, ISSMP
12+ years Information Technology, Team Management and Consulting.
11+ years Enterprise Security and Project Management.
8+ years Information Security Policies, Procedures, Compliance and Monitoring.
6+ years Access Management and Identity Management.
A proven verifiable track record and a strong sense of dedication driven towards accomplishing challenging goals with "persistent commitment”
Dependable team player with excellent work ethic, creativity, organization, time management, written and oral communication and presentation
Able to effectively adapt to changing technologies and apply it to business needs.
Strong problem solving, interpersonal and leadership skills.
Identity Management and Provisioning: IBM Tivoli Identity Manager 4.4, 4.5, 4.5.1, 4.6, IBM Tivoli Federated Identity Manager 6.0, 6.1.1, Oracle
Identity Manager, Oracle COREid Access and Identity, Netegrity Siteminder (Computer Associates), Bridgestream SmartRoles, Eurekify Enterprise Role
Access Management: IBM Tivoli Access Manager for e-business 4.1, 5.1, 6.0 TAM for Operating Systems 3.8, 4.1, 5.1, 6.0 - IBM
Enterprise Frameworks: VigilEnt Security Manager, PSAudit, PSDetect and PSSecure for Windows NT, Windows 2000, UNIX, AS400, IIS, SQL and FW-1;
VPC (VigilEnt Policy Center) - Pentasafe (NetiQ)
Network Scanners: Internet Security Systems – Internet Scanner, Network Associates - CyberCop Scanner, Symantec (Axent) NetRecon and
Host Assessment tools: NetIQ (Pentasafe) PSAudit, PSSecure, Symantec (Axent) Enterprise Security Manager for Windows NT, UNIX, Netware.
Intrusion Detection tools: Cisco IDS Sensors 4230FE and 4335, CSPM, Symantec (Axent) Intruder Alert, Bindview bv-Web and bv-Event, IBM Tivoli
Risk Manager 4.2
Meta-Directory: IBM Tivoli Directory Server 4.1, 5.1, 6.0 and Tivoli Directory Integrator 5.2, 6.1, Maxware, Siemens, iPlanet, Microsoft Active
Directory, Microsoft Identity Integration Server
Information Security Policies and Procedures: Policies, Standards, Guidelines, Technical controls, workflows and procedures.
Secure communications: SecureID, IPSec, Encryption, SSH, SSL, Secure FTP, PKI, Digital certificates and signatures.
Authentication, Authorization and Access Control: End-End Application Security, Enterprise Authentication and Authorization Web Services, Secure
administration, RADIUS, SecureID, Single Sign-on (SSO)
Compliance and Auditing: Sarbanes-Oxley, Control Objectives for Information and Related Technology (COBIT), ISO7799, Safe Harbor, Graham-Leach-
Firewalls and DMZ configurations: Raptor firewall 6.5, Firewall1, Load Balancers.
Virtual Private Networks and Remote Access: Cisco VPN, Raptor-Mobile, Nortel Contivity, SSL VPN.
Anti-Virus: Total Virus Defense, Enterprise Virus Protection Management Edition – Network Associates, Advanced Virus Defense and Enterprise
Policy Orchestrator – McAfee, Norton (Symantec), Trend Micro.
Monitoring, Filtering and Reporting: Websense, SurfControl, ISA, WebTrends, Silent Watch, Mimesweeper.
Operating Systems: Windows 2003, Windows 2000, Windows XP, Windows NT, AS400, UNIX.
Wireless Technologies: Cisco’s LEAP, IEEE 802.11b standard, WAP protocol.
MAJOR PROJECTS AND ACCOMPLISHMENTS SUMMARY:
Designed and implemented Enterprise Security Architecture for Fortune 500 companies.
Designed and implemented Access Management and Identity Management solutions for up to 180,000 users and multitude of applications for
clients in various industries.
Developed Corporate Information Security Policies, standards, guidelines and technical controls for many Fortune 500 clients in Financial,
Insurance, Manufacturing and Technology industry.
Performed Information Security Risk Assessments and Risk Classifications at the Enterprise level.
Deployed Security Management framework and lead SOX, GLB, COBIT, HIPAA Compliance Efforts.
Executed Corporate Security Awareness programs and developed Computer Security Incident Response plans.
Information Security Manager
Information Security Officer (Dec’05 – Current)
Responsible for Enterprise Information Security Architecture, Risk Management and Compliance by performing gap analysis, understanding
business issues and concerns, determining business and security requirements, designing architecture and applying Information Security Technologies
to mitigate risk and ensure compliance.
Provide Information Security Expertise and Risk Assessment and Consulting for internal projects.
Periodically review Information Security Metrics and ensure compliance as well as assist with related Risk Mitigation efforts.
Work closely with internal and external audit towards regulatory requirements and compliance objectives.
Play a key role in end-user awareness, education and communications.
Led Enterprise Identity and Access Management, workflow and provisioning efforts.
Implemented Role Based Access Control Model for Enterprise Asset Management system.
Integrated security lifecycle with RUP project management methodology.
Evaluated Enterprise Security Products for encryption, theft prevention, secure messaging, privacy data monitoring, intrusion detection and led
Senior Information Security Consultant – (Nov‘04 – Dec’05)
Consulted for a Enterprise Identity and Access Management Strategy, Discovery, Business Analysis and IAM Reference Architecture development.
Assisted Data Security Services with key security projects and compliance initiatives.
Consulted and led an Access and Identity Management implementation. Responsibilities included business requirements’ analysis and
documentation of enterprise IAM strategy, development of a technical architecture and solution design using IBM Tivoli Access Manager and IBM Tivoli
Identity Manager products, web security infrastructure management and integrated security support for application development, enterprise directory
design, authoritative data source mapping, definition of provisioning policies, configuration of access control information, RBAC (role-based access
control) approval workflow and lifecycle management. Designed data Integration and synchronization using IBM Tivoli Directory Integrator. Developed
secure web accessible self-registration interface including account self-service and password management functions.
Successfully completed a project at Shaw Industries, developing their enterprise IAM strategy and providing an implementation roadmap using IBM
TAMe, ITIM, IDI and LDAP. Assisted a major financial bank in NY with the integration of 240 plus web and swing J2EE applications on an enterprise web
portal secured with TAMe extended using SAML with Netegrity Siteminder for Federated Identity Management. Worked on enterprise security
architecture, security management framework deployment, SOX compliance, auditing and monitoring project for an insurance company based in CT.
Senior Application Security Manager – (Oct ’03 – Nov ’04)
Web Security Management – Responsible for web security infrastructure consisting of Tivoli Access Manager for e-business, IBM Directory Server,
Weblogic and AIX. Managed several security projects and a staff. Provided technical direction, set standards for application security architecture and
deployed SSO in a multi-faceted application environment. Provided security expertise to application development and respective business areas to help
design and develop secure applications with standard authentication and authorization mechanisms.
Information Security Operations - Maintained 30 high-capacity servers across dev, test and QA environments that serviced 30000 plus users and
secured approx. 20 major business web applications for dealers, employees, and business partner access. Supported day-to-day operations, technical
configuration changes and maintenance of this security infrastructure i.e. synchronization of disparate directories with real-time messaging/LDAP feeds,
review of major architectural changes, LDAP security, ACLs, WebSEALs, junctions, APIs, etc.
Security Standards and compliance - Created and documented policies, processes, procedures and security controls.
Senior Security Consultant (Aug ’03 – Oct ’03)
Tivoli Security Consulting - Provided complete lifecycle consulting for Tivoli Access Manager for e-business and Tivoli Identity Manager, including
business requirements analysis, risk assessment, security architecture development, infrastructure design, product implementation, knowledge transfer
Senior Information Security Engineer – (Sept ’02 – July ‘03)
Information Security Engineering – Managed a security team and provided technical expertise for business requirements analysis and risk
mitigation techniques. Designed and implemented security solutions.
Security Assessments - Risk Assessment and Business Impact Analysis for new initiatives. Recommended secure implementation standards.
Worked with Technical Services to evaluate, install and configure hardware and software systems that provide appropriate security in alignment with
corporate information security policy.
Provisioning - Lead implementation of IBM Tivoli Access Manager and Identity manager implementation to enable secure access to internal
applications from the Internet. Developed and configured automated processes, workflows, secure self-service and delegation functions to facilitate
secure role-based access control to back-end resources and applications.
Security Architecture - Researched, evaluated, recommended and designed implementation of new or improved information security software or
devices in compliance with industry best practices. Advised Security Operations on normal and exception processing of security authorization requests.
Security Consulting - Worked with management, technical experts, programmers, auditors, facilities, security operations and other personnel to
identify exposures and implement security controls for data, applications, hardware, telecommunications and computer installations. Performed
Application and OS Security - Designed and recommended security controls for OneWorld Xe (ERP 8.0), CRM, Collaborative Portal, Ariba, Augeo,
Windows XP, Office XP, Windows 2003, Single View of the Customer, Mobile Applications, Wireless strategy, Network re-architecture, Worldwide
demonstration system, Centralized training environment, Neoteris SSL VPN, etc.
Sarbanes Oxley Compliance - Documented InfoSec processes. Identified and defined control objectives as per COBIT guidelines.
Information Security Officer – (May ’01 – Sept ‘02)
Enterprise Information Security Architecture - Led Corporate Information Security department. Created an Information Security Roadmap in
alignment with corporate goals and responsibilities, obtained approval and support from management for major enterprise security projects. Managed
these projects including but not limited to budget, product evaluation, software procurement, resource acquisition, and task management. Developed
and documented Corporate Information Security policies, standards and guidelines taking into consideration any and all security ramifications, risk
assessment and compliance issues as well as legal liabilities. Designed and implemented assess, detect and secure functions for host, network and
perimeter security to ensure a robust Enterprise Security Architecture.
Access Management, Identity Management and Provisioning – Implemented role-based access control and automated provisioning of user
accounts across Windows, UNIX, and AS400 platforms with a self-service password synchronization function. Developed and implemented process
workflow for key IT processes.
Risk Classification - Interviewed all IT departments and key business units to identify and categorize all technical resources i.e. systems,
applications and data to help determine appropriate access levels. Designed and deployed a Corporate Information Security Risk Management program.
Secure Remote Access - Reviewed all existing external communications to form a strategy for secure global communications between Business
partners, vendors, branch offices and field employees.
Security Consulting - Conducted Information Security Risk Assessments, Footprint Analysis and Vulnerability tests. Recommended security
standards for all major Information Technology projects such as VPN, Windows 2000, .NET deployment, PeopleSoft implementation, Knapp automated
robotic solutions, Wireless technologies for the Warehouse, Customer Fulfillment Center and Virtual Store, eCommerce Initiatives.
Sr. Information Security Consultant – (Mar’01 – May ’01)
Enterprise Security Consulting - Managed and performed enterprise wide Host, Network, Internet and Wireless Security Assessments and
implemented Information Security Lifecycle Solutions for Fortune 1000 clients.
Corporate LAN/WAN Security Administrator - (June’99 – Feb ‘01)
Corporate Information Security Architecture – Global security policies, procedures, standards and technical Controls. Established and documented
a security compliance lifecycle with platform-specific technical controls and security checklists. Evaluated, implemented and customized information
security software for host-based and network-based assessment, intrusion detection, monitoring and reporting. Managed Remote Access; Enterprise
Virus protection, access control and authentication mechanisms.
Systems Analyst - (Dec’96 - Apr’99)
Information Technology design, implementation, and secure solutions deployment at Fortune 500 clients.
(ISC)2 – ISSAP (Information Systems Security Architecture Professional) and ISSMP (Information Systems Security Management Professional), Feb
IBM –Tivoli Access Manager for e-Business 5.1, Sept 2004
UNIX/LINUX – Hands-on, MS Access – Advanced, June 2004
Microsoft – Securing Enterprise Platforms and Windows Server 2003, April 2003
IBM – Tivoli Identity Manager 4.4 and Tivoli Access Manager 4.1, March 2003
J.D. Edwards and Company – Common Foundation and CNC Foundation, March 2003
GIAC – SANS Security Conference, June 2002
CISSP (Certified Information Systems Security Professional): CBK Seminar, Dec 2001
AXENT (Symantec) – Enterprise Security Manager and Intruder Alert, May 2000
NAI – CyberCop Scanner, March 2000
Global Knowledge – Network Security Administration, Jan 2000
Microsoft Certified Systems Engineer (MCSE), Jul 1998