Manager Project
Resume:
David C. Esterer, CISSP
e: *.*******@*********.***
m: 614-***-****
SENIOR INFORMATION SECURITY ARCHITECT/DEVELOPER/ENGINEER
Seasoned professional offering 18+ years experience in Information Security
Consulting, Technology Architecture, Identity and Access Management,
Production Infrastructure Support, Application Development, and Software
Engineering with considerable experience in Fortune 500 Financial Services,
Insurance, Retail, Energy, Public Education and State Government sectors.
TECHNICAL SKILLS
Application Development / Languages Infrastructure / Administration / OS
/ WAS Oracle Internet Directory (10.x, 11g):
Java, API, JavaScript, XML, JSP, Directory Integration Platform (DIP),
HTML Replication, Clustering, performance tuning,
Object Pascal, C++, MS Visual Basic, configuration, schema customization
Netbeans 6.x Oracle Virtual Directory
Weblogic, Websphere, Tomcat, IIS, Active Directory 2000, 2003, 2008: LDAP,
Oracle App Server (9.x-10.3.x) Synchronization, Provisioning,
LINUX RHEL 4.x,5.x Configuration, Security, SSL/HTTPS
Oracle BI (OBIEE) PeopleSoft 8.x,9.x, PeopleTools, Novell
Design Patterns eDirectory: DirXML, Configuration
CVS version control, Toad, XMLSpy Vast experience in high-volume transaction
environments on Mainframe (ACF2),
Database Client/Server, and Web
Oracle Database 8i through 11g
Stored Procedures Information Security / IAM
Oracle PL/SQL
Microsoft SQL 2000 through 2003
Lotus Notes/Domino v3.x - v6.5 Oracle Identity Manager (9.1.x, 9.0.3.x):
VSAM/ISAM Trusted/Target Reconciliation, Custom
Borland Delphi v3 through v5 Connectors, Clustering, Approval Workflow,
Auto-Provisioning, SSL, RSA ClearTrust
Other Skills Role-Based Access Management: Oracle,
Team-oriented Novell, and custom-built Enterprise class
End User/Technical Training product solutions (Lotus Notes, Xellerate,
Excellent communicator CA)
Detailed documentation and knowledge Oracle Access Manager 10.x: SSO Integration,
transfer skills Clustering, Custom Attributes, Access
Enterprise-level Production Support Policies
Risk and Compliance focused Security
Assessments, NERC CIP Cyber Assets, FERC,
SAS70, SOX, Email Archival, Data Privacy,
PII
PCI-DSS and Secure Database Design
Secure Application Development and Coding
Reviews, Client-Server architecture reviews
ACCOMPLISMENTS SUMMARY
. Java Developer and Application Interface Designer for successful large
scale (25K+ users) enterprise deployment of Oracle Identity Manager as
a security access control for over 100 NERC CIP regulated Critical
Cyber Assets within Commercial Operations (Comm Ops) and Transmission
Operations (Trans Ops) Compliance Units.
. Lead Engineer/Architect for implementation of Oracle Identity and
Access Management solution for Statewide Ohio K-12 school districts and
technology centers. Performed design, installation, configuration,
coding, and patching of Oracle IAM system running on OAS and LINUX.
Provisioned 10+ SSO (Oracle Access Manager) target applications using
custom Java connectors to Oracle, SQL Server, Active Directory, Novell
eDir
o Deployed secure Web Single Sign-on Authentication, Access Policies,
central LDAP Directory Services w/Active Directory Sync, Trusted and
Target Recon, Request and Approval Workflow, Self-Service User
Console, Delegated Administration, and encrypted data and
communication.
. Designed and deployed a Role-Based Access Management tool for
provisioning and User Access Request Management used by Security
Administrators. Developed Security Standards, Policies and Controls.
o Achieved 100% Satisfactory Rating on 2006 SAS70 Independent Audit
covering all ID Management functions such as User On-Boarding/Off-
Boarding, and Attestation (Account Certifications).
. Project Lead on PCI-DSS Roadmap for Greater Cincinnati Water Works.
Delivered critical task/project prioritization for Achieving Credit
Card Payment Account Data Security compliance by 2010.
. Delivered comprehensive statewide Ohio Technology Security Assessment
and Review for K-12 school districts. Covered areas included
Infrastructure/Network, Application Assessments, Security Policy
Reviews, Employee Security Awareness and Training, and Data Loss
Prevention and Encryption.
. Deployed LDAP Synchronization service connecting Lotus Domino LDAP and
Novell eDir using DirXML for JPMorgan/Bank One Messaging and Groupware.
Consolidated 500+ servers and co-located new infrastructure to
strategic Data Centers in Delaware and Illinois.
o Successful $2MM Bank One project to remediate 23,000 groupware
applications and consolidate infrastructure for 65,000 users and
500 servers.
o Reduced production server disk storage usage by 45% and annual
support and maintenance costs by $1MM, and Unit Costs by 30%.
Resulted in direct annual savings of $3.5M in operational costs.
. Versed in Best Practice frameworks such as RUP, CMM and ITIL
. Developed a Windows client-server based application for retail fast-
food franchise which interfaced to POS cash registers and downloaded
store sales data to central warehouse for sales, performance reporting
and inventory management.
PROFESSIONAL EXPERIENCE
1 AMERICAN ELECTRIC POWER, Columbus, OH Feb
2010 - present
Senior Software Developer
2 Consultant responsible for custom Java Adapter design, coding, and
refactoring on OIM integration with Active Directory, PeopleSoft, KEY
Training DB, including Attestation, Single Entitlement, and Reconciliation
and Provisioning connectors. Maintain and enhance Java reusable base code
framework, develop design patterns, RDBMS back end schema and configuration
files. Perform complete SDLC Release support on all code including Unit
Testing build and execute, code migration, documentation, and connector
design and code reviews.
3
4 THE JAMES GROUP, LLC, Worthington, OH
July 2007 - February 2010
Senior Information Security Architect
Senior technology resource for this Oracle Partner specializing in Identity
and Access Management and Security/Risk Assessment services. Successful
implementations include deployment of a central IAM solution for 1200
school districts and 50K+ users including IAM Technical Support and
Training to 23 Regional Technology Centers. Delivered comprehensive
statewide Technology Security Controls Assessment and Review for K-12
school districts which included Infrastructure, Policy, Employee Awareness,
Application and Network controls. Complete PCI-DSS Compliance Roadmap for
Public Utility in Ohio.
5 JPMORGAN CHASE, Columbus, OH
October 2000 - July, 2007
VP, Information Security Director, Private Bank (November 2005 - July,
2007)
Managed Security Administration team of seven responsible for Access
Request tracking, provisioning, fulfillment and User Access Attestation of
restricted systems. Responsible for security requirements during all
phases of system and application development life-cycle. Prepared and
conducted all internal security briefings. Designed, coded and implemented
Role-based Access Management Workflow system in Lotus Domino. Heavy use of
Windows Active Directory, AIX, Oracle, and Websphere technologies.
Provisioned access to Mainframe (ACF2), Midrange, Active Directory,
Database, custom-built web apps, and Windows file share.
VP, Sr. Infrastructure Manager, Global End-User Technology (February
2002 - November 2005)
Responsible for enterprise Lotus Domino DEV/UAT/PROD environments, overall
Application Development, Testing, Quality Assurance/Change Management and
Data Security of 5 Business Units, 65,000 users, 3,700 applications, and
200 servers. Negotiated license support agreement with IBM.
. Received 3 consecutive "Exceeds Expectations" ratings on Annual
Performance Reviews.
Sr. Technical Project Manager, Nat'l Enterprise Operations (October
2000 - February 2002)
Technical Project Manager (Contractor) for Bank One NEO HR team on
conceptualization, design, and implementation of web-based Employee
Performance Management System (PODS) for 10,000 users. Responsible for
coordination and management of all technical and systems-related resources
and project deliverables
QUICK SOLUTIONS, INC., Columbus, OH June
2000 - February 2002
Senior Technology Consultant
Senior Consultant assigned to Bank One and American Electric Power (AEP)
accounts. Specializing in Client/Server Architecture, Web, and distributed
application development and Infrastructure engineering.
. Received QSI Outstanding Contributor Award in Fall 2000.
. Lead several technical training and education courses for 250
consultants at Quick Solutions, Inc.
BUCKEYE SOFTWARE SYSTEMS, INC., Columbus, OH
April 1998 - June 2000
Owner/Independent Software Consultant
Client Projects:
City of Columbus, Ohio - Custom Windows software development using Object
Pascal and Oracle 8i for Vendor Licensing/Management Department for 25
users.
Bisys Fund Services, Inc - Custom Lotus Notes R4.5/Domino application
development and design for 1500 users. Maintained Lotus Email servers and
infrastructure.
Buckeye Insurance Group - Custom Lotus Notes R5 web portal and application
development for 400 users and field offices including NAB Administration.
HCT and Mercer (HR) - Custom Lotus Notes R5 web portal application
development for Talent Management HR Development system.
Nationwide Insurance - Designed mobile, hand-held PDA application on Palm
Pilot for insurance customer management.
SS&G Financial - Custom Lotus Notes R4.5/Domino application development and
design for 100 users including Mail Server support and NAB Administration.
3 BISYS FUND SERVICES, Columbus, OH
May 1997 - April 1998
1 Manager, Groupware Applications
Managed team responsible for IBM Lotus Notes/Domino infrastructure,
application development, security and customer support for 1500 domestic
and international users.
. Received Bisys Achievement Award in February 1998.
2
3 CHECKFREE CORPORATION, Columbus, OH June 1996
- May 1997
Senior Software Engineer
Oversee and coordinate all regional (Columbus, OH) Groupware (Lotus Notes)
application development, security, testing, and training activities for
this national Electronic Bill Payment and Financial Transaction Management
corporation.
JOHN ALDEN / NORTHSTAR MARKETING, Columbus, OH May
1995 - June 1996
Programmer/Analyst II
Member of development team responsible for building and maintaining a
client-server Insurance Quote system. Heavy use of C++, MS Visual Basic,
and VSAM/ISAM databases.
ESCAPE ENTERPRISES, INC., Columbus, OH
October 1992 - May 1995
MIS Manager/Software Developer
Managed staff responsible for internal network and external IT operations
for Hoggy's and Steak Escape national restaurant franchise. Designed and
deployed Windows application to interface with POS Cash Registers. Heavy
use of MS Visual Basic. Oversee corporate IT budgeting, security
policies and procedures, and network support/maintenance. Negotiated and
managed all vendor network, server, and Point-of-Sale and service
agreements.
RED ROOF INNS, INC., Hilliard, OH August
1988 - October 1992
Database Developer - National Reservation Center
Designed Dbase IV application used for tracking/projecting customer calls
to the National Reservation Center. Utilized for staffing and historical
tracking. Assisted phone switch manager in day to day support.
EDUCATION / TRAINING / CERTIFICATIONS
Master of Business Administration, August 2000 Computer Science
Coursework, 1991-1992
1 Franklin University, Columbus, Ohio Columbus State,
Columbus, Ohio
Bachelor of Science in Communication, June 1987 Lotus Notes Domino
System Admin CLP, 1997, 1999
Ohio University, Athens, Ohio Lotus Notes Application
Development CLP, 1997, 1999, 2001
CISSP - Certified Information Systems Security Central Ohio ISSA
Member
Professional (June 2010)
Contact this candidate