SOPHON (PAUL) ORAPIN

Exceptionally qualified, innovative and hands on it professional, with 27+ years of demonstrated experience in planning, developing, creating, managing, supporting, and streamlining robust it architectures and infrastructures for companies. Tactical project manager, with successful record of meeting key deliverables and business objectives. Effectively manage complex and technologically advanced it systems to support internal and external users in the us and now focused on supporting acquisition in Asia, & European. Diverse it management experience encompasses financial services, merchant services and payment card industries.

TECHNICAL

SUMMARY:

Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk

Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program

Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture

Advise senior management (e.g., Chief Information Officer [CIO]) on cost-benefit analysis of information security programs, policies, processes, systems, and elements

Communicate the value of information technology (IT) security throughout all levels of the organization's stakeholders

Collaborate with organizational managers to support organizational objectives

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance

Ensure security improvement actions are evaluated, validated, and implemented as required

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy

Evaluate cost-benefit, economic, and risk analysis in decision-making process

Identify alternative information security strategies to address organizational security objective

Identify information technology (IT) security program implications of new technologies or technology upgrades

Interpret and/or approve security requirements relative to the capabilities of new information technologies

Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s information assurance (IA) program

Lead and align information technology (IT) security priorities with the security strategy

Lead and oversee information security budget, staffing, and contracting

Manage the monitoring of information security data sources to maintain organizational situational awareness

Manage the publishing of computer network defense (CND) guidance (e.g., Time Compliance Network Orders [TCNOs], concept of operations, net analyst reports) for the organization

Manage threat or target analysis of computer network defense (CND) information and production of threat information within the enterprise

Monitor and evaluate the effectiveness of the enterprise's information assurance (IA) security safeguards to ensure they provide the intended level of protection

Provide enterprise information assurance (IA) and supply chain risk guidance for development of the disaster recovery and continuity of operations plans

Provide leadership and direction to information technology (IT) personnel by ensuring that information assurance (IA) security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities

Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters

Recommend policy and coordinate review and approval

Track audit findings and recommendations to ensure appropriate mitigation actions are taken

Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals

Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies

Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements

Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals

Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance

Forecast ongoing service demands and ensure security assumptions are reviewed as necessary

Define and/or implement policies and procedures to ensure protection of critical infrastructure (as appropriate)

TECHNICAL

SKILLS:

Hardware / Operating System Platforms: IBM SYSTEM 370/390/MVS/VMS/CICS/VSAM/VTAM; AIX; IBM/38; AS/400 E&I Series, 8260 Ethernet 40-Port 10Base-T Module, TARGON UNIX C; Sun Ultra SPARC T5240 Servers, Philips PTS 6000, UNIX/Linux/Sun Solaris 10; Novell, Windows 9X/NT/XP/7/OS/370/390/400

Software/ Languages: Unix, C, C/C++, Java/J2EE, JavaScript, JQUERY, WSDL, SOAP, RDF, RSS, REST, MVC, JSP, JSF, ASP/.net, PGP, PHP, VB.NET, DHTML, HTML, XML, EDI, RPG, COBOL/CICS, Borland Delphi 5.0, Crystal Reports, Secure.Net Code, JCL, OCL,CL, DDS, SEU, SDA, CGI/API/GUI. IBM WebSphere; IBM RAD; IBM Tivoli; IBM Appscan; HP ALM; Toad, Version 1.4 of Java 2 platform, J2EE 1.4, WebLogic, Struts Framework 1.2, Spring framework 1.2.5, JMS, XML, SOAP, IBM Rational, Shell scripting, AIX Scripting, LDAP, MS SQL, PL/SQL, IBM/SQL, QUERY/400, Microsoft Project Management, Teammate, Microsoft Office, Expert Choices, Tripwire, RSA, Symantec, CA Etrust, others.

Databases: Oracle, PeopleSoft, SAP, MS/Access, MS/SQL, IBM DB2, DBMS, IDMS, RDBMS, ODBC, JDBC

EXPERIENCE:

1/15 – Present: CISC Inc.

IT Security Consultant and IDM Senior Software Engineer.

Software Engineering Java development, full software development life cycle, and technical documentation.

Protecting information confidentiality is a critical security objective for organizations. Starting with a good understanding of the business, organizations must weave IT security and IT risk management into the executive levels of business planning. IT security objectives must be defined for the organization as a whole and fall within the following categories: integrity, availability, confidentiality, use control and accountability. The objectives provide the criteria used to determine whether the architecture is appropriate for the given task.

Lead the planning and implementation of project.

Facilitate the definition of project scope, goals and deliverables

Define project tasks and resource requirements

Develop project plans

Manage project budget and effort utilization

Manage project resource allocation

Plan and schedule project timelines

Track project deliverables

Provide direction and support to project team

Present reports defining project progress, problems and solutions

Implement and manage project changes

Ensure deliverables quality and meeting QA process

Develop, manage and support for project and customer expectation

Reports working progress and any potential problem to superiors.

Develop activity plan, manage/assign activities to support team

Monitor and track day to day project activities, effort utilization and deliverables schedule and quality

Performs other works assigned by supervisor as necessary

Manage/assign activities to project team

Perform analysis, design, development, unit testing, peer review and documentation of JEE applications developed using JAVA/JEE, JSF, XML, XSLT and the IBM Tivoli; Portal/Websphere Application development software.

Perform a penetration test and report vulnerabilities to senior management. Having a second set of eyes check out a critical computer system is a good security practice. Testing a new system before it goes on-line is also a good idea. Another reason for a penetration test is to give the IT department at the target company a chance to respond to an attack.

2/14 – 12/14 DSFederal Incorporation for Department of Homeland Security (DHS), U.S. Custom and Immigration Services (USCIS), Rockville, MD

ICAM Senior Software Engineer (Contractor and Consultant)

Responsible for Java-based identity and access management suites, including products from IBM Tivoli, Oracle, and Forge Rock. Augment and tailor the identity and access solutions using commercial, open source, and custom-developed software, as required.

7 years combined JavaScript framework experience using BackboneJS and JSF

Conduct services and product design, implementation, and integration.

Applying Restful Services, SOAP, and Message Driven Beans

Engineer components; allocate requirements to product or service components.

Engineer internal and external interfaces.

Develop and/or provide technical input for build directives.

Develop and verify product and services components.

Analyze proposed changes to engineering products and services.

Add appropriate work products to the technical data package.

Support internal testing activities and correct software discrepancies, as identified.

Support external testing activities and correct software discrepancies, as identified.

Solid understanding of Java, JavaScript programming languages.

Solid understanding and practical experience of software development lifecycle/Agile.

Strong analytical, problem solving and debugging skills.

Deploy and maintain all other software, hosting, data, and configuration elements of the ICAM environment.

Early and continual user involvement.

Frequent releases of end-to-end capabilities no less than quarterly.

Multiple, rapidly executed iterations that produce functionality to users for feedback no later than every four weeks.

Early, successive delivery of functional product, or prototyping where functional product cannot be delivered, to support an evolutionary acquisition.

Automated implementation of build, deploy, test and release process (AKA: Deployment Pipeline).

Modular, open systems approach (MOSA).

Organization of requirements into user stories that are Independent, Negotiable, Valuable, Estimable, Small and Testable (INVEST).

Analyzing, designing, developing, integrating, and testing ICAM hardware and software components and configurations to create releases of the ICAM environment.

Assessing the completeness, traceability, and consistency of all interface requirements.

Identifying and defining external operational and technical interface requirements.

Documenting and delivering analyses, designs, integration plans, iteration and release delivery schedules, and test plans.

Developing custom software required by the ICAM environment design

Developing automated testing scripts.

Configuring and integrating GFE commercial, open-source, and contractor-developed custom software and hardware components required to support the ICAM environment.

Configuring and integrating GFE commercial, open-source, and contractor-developed custom software required to populate the ICAM environment with new and migrated identity data.

Conducting operational and performance tests to confirm that the ICAM environment meets functional requirements, user expectations, and performance specifications.

Reporting test results to the contractor’s design engineers and risk managers, and to the government Program Manager.

Identifying potential interface and interoperability issues and risks.

Evaluating and presenting candidate solutions to performance and capability risks and issues to contractor risk managers and to the USCIS Program Manager.

Proposing engineering changes to address new and changed and government requirements and to improve system usability, performance, and reliability.

Assisting with the development and maintenance of Interface Requirements Documents and ensuring interface documentation is comprehensive and accurate.

Participate in customer interactions during the requirements analysis, design, development, testing, training, and support phases of Software Development Life Cycle (SDLC)

Provide technical leadership to Java technology related development activities

Estimates work effort

Participate in software release and deployment activities

Support internal and external testing teams to complete functional testing of the scheduled releases

Mentors other Java developers

6/12 – 1/14 T-Rex Corporation, College Park, MD for

Lockheed Martin Corporation

Senior Software Testing & Validation Engineer

Software Engineer (Contractor); IT Security Administrator.

Project: IRONDATA for Social Security Administration (SSA)

Management of resources that are in maintaining the host IBM Mainframes operating system involved on IBM WebSphere, Windows Servers, and SUN SOLARIS UNIX Servers as well as software subsystems such as databases, web server software, LDAP, and security subsystems.

Operating system configuration, shell programming, file system modification, performance analysis, glance, sar.

12 years Java/J2EE experience with knowledge of current web design principles and web application architecture

Maintain secured Network on managed UNIX hosts; provide subject matter expertise for security related threats and vulnerabilities.

Coordinate Network tasks including firewall rule changes and Network troubleshooting with Network and Telecommunication Department.

Must be proactive in maintaining the UNIX Servers.

Provides high level expertise in developing complex software applications involving new and established technologies, methods, concepts, or approaches.

Based on functional and conceptual design specifications, develops diagrammatic plans and design logic required to implement computer programs, IT systems and procedures.

Applying OpenIDM project, is an identity administration and provisioning solution focused on managing relationships across users, devices and things, and is designed in response to the pain organizations suffer deploying legacy enterprise provisioning solutions.

Provide identity administration and provisioning that is customized to fit organization’s needs and requirements including role-based provisioning, high availability “out of the box,” workflow synchronization.

Verifies accuracy and validity of programs by preparing sample test data and test plans; corrects program errors by revising instructions; modifies programs when required by changes in procedures and reports desired.

Demonstrate ability, experience and performance in understanding and creating requirements based on client needs.

Facilitate and manage schedules through product delivery by using Thunderhead NOW/HP ALM/IBM RAD/Others.

Environment: IBM Mainframes/IBM AS400/Thunderhead NOW/MS SharePoint/MS Office 2010 & Communication/IBM RAD/HP ALM/TOAD/CISCO/IBM Ethernet/Routers/Switches/Others

5/09 – 6/12 Nitirathaphum Law& IT Consulting Office, Samsaengnok, Howengkwang, Bangkok, THAILAND

IT Security Consultant

Demonstrate lead experience in providing guidance and advice to various groups on Java/J2EE architecture and experience on ensuring project on target.

Understanding the technical business requirements and defining architecture-based solutions that align to the organization’s overarching architectural strategy and the business unit’s needs.

Planning, designing, and leading enterprise security applications with the J2EE Platform, Java servlets, Java Server Pages, and Enterprise JavaBeans component models, as well as the JDBC API, Java Message Service API, and J2EE Connector Architecture.

Responsible for security, deployment, transaction management, internationalization, and other important issues for today's applications and IBM Tivoli; IBM DB2/CICS Transaction Server for z/OS Version 3 provides an efficient and effective environment for applications that are written in COBOL, C/ C++, and Java.

Proactively protect the integrity, confidentiality and availability of information by ensuring appropriate security controls are in existence and enforced.

Assist in formalizing security policies and resource classification schemes; maintain and publish all information security standards, procedures, and guidelines, including monitoring and reviewing compliance procedures.

Coordinates with IT team members, vendors, contractors and consultants to build and sustain a coordinated, meaningful security program in compliance to industries security standards.

Conduct investigations and remediation of suspected information security incidents.

Promote information security awareness programs, and recommending tools and improvement essential to IT security.

Ensuring that the business unit’s technology-driven needs are met.

Evaluate and propose architecture, design and technology alternatives.

Propose recommendations to infuse new technology and serve as a resource for the Strategic Technology team in evaluating and proposing technical alternatives for resolving project issues.

Work within the team to research, analyze, and perform writing a customized script to automate the tasks, configure the job manager, verify the results on WebSphere Application Server, and document recommended solutions.

Produce and obtain agreement on design specifications; clearly articulate to the client the pros/cons of evaluated solutions and be able to support recommendations.

Architect and design new solutions in conjunction with the EA team & process, as well as the development team.

Engineer new code, work with and enhance existing code base.

Ensure architected solution is tightly integrated (technology stack, workflow, and data) with the existing solutions.

Design technology enhancements & improvements.

Collaborate with the IT Architecture and Integration team to review recommended solutions to ensure compatibility with IT’s architecture strategy.

Responsible helping create and document a Discovery proposal for the development of an enterprise integration platform for the processing of credit card, debit card and ACH payments.

Environment: IBM z/OS V1R9.0 UNIX/MVS/AS400/CICS; SDK for z/OS, Java 2

1/09 – 5/09 Social Security Administrator (SSA), Open Technology Group, Inc., Silver Spring, MD

Senior Security Administrator Contractor

Primary responsible for implementing the security architecture for the Document Management Architecture (DMA) UNIX environment.

Advising on security related issues.

Responding within established timeliness to all Division of Telecommunication and Security Standards (DTSS) inquiries and reports.

Maintaining all security related applications (i.e. eTrust, ePC, tripwire, etc.).

Create, administer, and maintain all DMA user accounts in accordance with DMA and DTSS guidelines.

Ensure that the DMA servers are in compliance with all DTSS regulations when feasible.

Ensure frequent and open communication with the DMA system administrators so that both parties are up to date on the security of the DMA servers.

Attend regularly scheduled DTSS and Solaris group meetings as well as audits and reviews.

Prepare any necessary documents required/requested by DTSS.

DMA Environment: Sun Fire 880; Sun Ultra Sparc T5240; Sun Ray; IBM AIX, AS/400,Websphere; Windows XP Professional; UNIX C; 27 servers; CA eTrust Access Control; ePC; Tripwire; Unix and Windows Image Servers; Kodak, Fujitsu or equivalent USB2 Scanners; Windows Fax Servers; Backup Server /Robotic Tape Backup Units; Cache-DASD Arrays with SAN and/or SCSI interfaces to multiple servers; Patch Panels and cables; Switches; Routers; Ethernet backbones; Accelerated Video Cards; ERP, SCM, BPM, CRM, and COTS; Workstations; Content Manager Workflow Management and Imaging Software; Argent monitoring software; Customer standard suites of software development, testing and production operations tools; Veritas Netbackup; Veritas Volume Manager; Control-M Job Scheduling; EMC & Hitachi Mainframe Disk Subsystems; EMC Timefinder; Hitachi Shadow image; SQL for Sequel Server; VBScript and Windows Management Instrumentation (WMI)

8/06 – 12/08 CISC for Thailand Department of Justice, Bangkok, THAILAND

Senior IT Enterprise Architect/Consultant

Extensive project experience in Government, Financial Institutions, Retail, Manufacturing, Insurance, Commodity Trading and Consumer finance.

Provided solution with J2EE using advanced features of Java including EJB, Java Beans, Java Server Pages (JSP), Servlets, Struts, JSP Tag Library (JSTL), JSF, and JDBC. Work within the team to research, analyze, and perform writing a customized script to automate the tasks, configure the job manager, verify the results on WebSphere Application Server, and document recommended solutions.

Oversee a network of security directors and vendors who safeguard the organization's assets, intellectual property and computer systems, as well as the physical safety of the organization.

Install, implement, configure, and monitor all servers with daily activity report and computer incident report.

Identify protection goals, objectives and metrics consistent with organization strategic plan.

Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, workplace violence prevention, access control systems, video surveillance, and more. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness.

Maintain relationships with local, state and federal law enforcement and other related government agencies.

Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.

Work with outside consultants as appropriate for independent security audits.

Design, install, maintain and upgrade the enterprise’s production databases.

Provide technical expertise in the use of database technology. Accountable for the overall performance of the enterprise’s database environment: Microsoft Access, Oracle Database, and IBM DB2.

Work closely with clients, business analysts, systems programmers, and application developers to define and resolve information flow and content issues---helping to transform business requirements into environment specific databases.

Monitor and analyze performance metrics and allocate database resources to achieve optimum database performance.

Solid knowledge of database administration, database monitoring and tuning, logical data modeling, and physical database development.

Understand the principles, theories, practices and techniques of project management. Basic understanding of how the technology influences business strategic direction, enabling definition and integration of technical plans supporting the enterprise business functions and processes.

Work on one or more projects as a project team member. Support one or more databases of low to medium complexity (complexity defined by database size, technology used, and system feeds and interfaces) with multiple concurrent users, ensuring control, integrity and accessibility of the data.

Plan and design for the Disaster Recovery Planning (DRP).

Ensuring alignment with the organization’s overarching IT architecture and integration strategy, the Senior Technical Architect will work closely with that team but will report into the Chief IT Enterprise Architect and Vendor team responsible for the service and support of a specific business unit - (Technical Support and Customer Services Departments).

Environment: IBM OS/390; Windows XP Professional; C++; EJB, J2EE; Oracle, JDBC with IBM Ethernet, 510 servers: IBM Client, Windows, Unix, Linux, and Solaris servers; Citrix Meta Frame Presentation Server, eTrust; ERP, SCM, BPM, CRM, and COTS

2/05 – 6/06 Federal Housing Finance Board (FHFB), Brown & Company CPAs PLLC, Largo, MD

Senior IT Auditor Contractor

Perform information systems audit work throughout the organization including security audits of complex computer applications, network, and the Federal Housing Finance Board.

Possess a working knowledge of the Organization: its business processes; policies and procedures; governance practices; and regulatory obligations as it relates to information systems.

Demonstrate proficiency in applying information systems audit principles, skills and techniques in reviewing, penetration testing, and testing computer applications and information systems technology of varying complexity utilized by the independent IT auditor team from Brown & Company CPAs PLLC.

Digitally identified these individuals, assigns privileges, monitors access and data usage, maintains separation of duties, and provides end-to-end audit-ability of this infrastructure is what Identity and Access Management (IAM) is all about.

Information protection is critical to the organization, and consulting has the expertise, tools and knowledge of best practices to help them improve their overall IT security posture.

Assess internal & external controls, and execute the audit process on a wide variety of computing environments and computer applications and accurately interpret results against defined criteria and do so such that the work is competently and efficiently performed in accordance with Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), Office of Management and Budget (OMB), Government Accountability Office (GAO), and Federal Identity Credentialing Committee (FICC) and the National Institute of Standard and Technology (NIST) professional and departmental standards at the Federal Housing Finance Board (FHFB) for Fiscal Year 2005 and 2006.

Apply internal control concepts in a wide variety of information technology processes and appropriately assess the exposures resulting from ineffective or missing control practices.

Performed daily administration of the Tripwire consoles, moving agents to staging groups, conducting baseline scans, and linking nodes to business units. Produced Tripwire reports to notify sites of changed elements. Communicated overall project progress to management.

Understand the financial, operational, and compliance risks which affect information systems design, modification and processing activities, demonstrate the ability to identify and appropriately dimension those risks, and formulate recommendations which are appropriate, practical and cost-effective.

Prioritize work so resources are devoted to areas of highest risk. Consistently document relevant facts and information which support the work performed and conclusions drawn so other reviewers can follow the auditor's logic and methodology.

Effectively evaluate audit results, weighing the relevancy, accuracy, and perspective of conclusions against the accumulated audit evidence.

Be effective in communicating audit results, both verbally and in writing, so they are persuasive, placed in the appropriate context, and understood by the recipient.

Be able to complete work with limited instructions, yet know when to seek guidance from supervising staff when circumstances warrant.

Design, install, maintain and upgrade the enterprise’s production databases.

Provide technical expertise in the use of database technology. Accountable for the overall performance of the enterprise’s database environment.

Work closely with clients, business analysts, systems programmers, and application developers to define and resolve information flow and content issues---helping to transform business requirements into environment specific databases.

Monitor and analyze performance metrics and allocate database resources to achieve optimum database performance.

Solid knowledge of database administration, database monitoring and tuning, logical data modeling, and physical database development.

Understand the principles, theories, practices and techniques of project management. Basic understanding of how the technology influences business strategic direction, enabling definition and integration of technical plans supporting the enterprise business functions and processes.

Work on one or more projects as a project team member. Support one or more databases of low to medium complexity (complexity defined by database size, technology used, and system feeds and interfaces) with multiple concurrent users, ensuring control, integrity and accessibility of the data.

Environment: Sun Solaris; Microsoft XP Professional; Microsoft IIS; Active X; Citrix Meta Frame Presentation Server; eTrust; Digital Defense; ERP, SCM, BPM, CRM, and COTS

5/03 – 2/05 SEG, Inc., Bangkok, THAILAND

Director of Information Technology

Environment: IBM AS/400; RPG/400; Java, J2EE, Java API, JSP, EJB, EIS, JDBC; Visual Basic.NET; SQL Server; Oracle; Microsoft IIS, Active X, Windows Server 2003; eTrust, IBM Content Management; AdPro, Axis Video; ERP, SCM, BPM, CRM, and COTS

3/00 – 5/03 Home Sale Inc., Hunt Valley, MD

Senior Programmer Analyst/Software Developer

Environment: IBM AS/400; RPGIII, RPGILE, RPG/400; IBM Content Management; Crystal Reports; Borland Delphi 5.0; IBM DB2, J2EE, JavaScript; Microsoft Access; Visual Basic/RPG; IBM Java/RPG400; ERP, SCM, BPM, CRM, POS, EDI and COTS

7/97 – 3/00 Spectera, Inc., Baltimore, MD

Financial Systems Analyst/Programmer Analyst

Environment; IBM AS/400; RPGIII, RPGILE, IBM DB2, Microsoft Access; GUI; EJB, JDBC, Java; XML; ERP, SCM, BPM, CRM, POS, EDI and COTS

Web Site Design & Hosting Static and dynamic web page design, integration with third-party services, dedicated hosting on virtual servers, domain management.

Created a specific optical

Contact this candidate