Security Manager
Resume:
mbwinfield@platinumprec Phone:
ision.net 646-***-****
Mobile:
Mary B. Winfield
Objective Project Consultant - Security Engineer
Skills Mainframe:
z/Series, MVS, z/VM, VSE, Assembler, JCL, TSO, ISPF,
VSAM, DB2, CA-7, RACF, ACF2, Top Secret, Endevor,
WebSphere, MQ Series, RAID, EMC, DASD, Silo Tape
Systems, Console Automation, Data Center Operations,
CICS, SMP/E, Language Environment COBOL, VTAM,
TCP/IP, Single Sign On, Tivoli Identity Manager,
Tivoli Access Manager, Omegamon, SMF, RMF, SAS V9,
SQL, IMS, CA-IDMS, CA E-Trust, Tivoli Workload
Manager, Tivoli Access Manager, Netview (NLDM, NCCF,
NPDA, Exec control automation), Contro-lM
Desktop and MidRange:
Inte Windows VISTA, Windows XP, Office 2007, Office
2003, Microsoft Project 2007 & 2003, .NET, Active
Directory, CA E-Trust, Spybot, Anti-Spyware
software, Open Source (SOURCEFORGE), VPN, Firewall,
Intrusion Detection, SNORT, DHCP, Ethernet, Red Hat
Linux, SuSE Linux, Sun Solaris v10 Open Source,
Voice over IP, VoIP SIP Server, Group Policy
Management Console, Patch Management, Bios hardware
configuration, Mobile computing, PDA Handheld
computing, Tivoli Identity Manager, Tivoli Access
Manager, HP Protect Tools Security Manager, HP Bios
Configuration, HP Java Card Security, HP Hard Drive
Encryption, Java Applet/Servlet API QA, C Language
API, HP Spare-key Recovery, BlackBerry Mobile OS,
AS400, Windows Mobile Version 6, Windows 7 32 and
64, HP SSM
Sec Security Regulatory Compliance:
Sarbanes Oxley, Graham-Leach-Bliley Act, FISCAM,
FISMA, NIST Computing Guidelines, HIPAA, IRS1075,
ISO17799, COBIT
Experience 2001-Present Platinum Precision Software Inc. New
York, NY
Project Consultant - IT Technical Services &
Security Engineering
Most recent project - AIG Information Security as a
Senior Systems Administrator: Responsible for
administration of a ZSeries mainframe platform
operating systems software including z/OS/MVS, CICS,
VTAM, TSO/ISPF, IBM system utilities, mainframe
logical partitions (LPARs), and software development
libraries (COBOL, JCL, PROC?s, PARM?s, copybooks).
Provided technical support and administration for
ZSeries mainframe using all three external security
managers: RACF, CA-ACF2 and CA-Top Secret.
Perform operating system and third party vendor
software versions current and applies PTF
maintenance using SMP/E. Research hardware
compatibility issues for new technology releases
with supporting vendors to keep software under
existing maintenance agreements. Design data
center system backups and recovery; input backup
methodology with Disaster Recovery planning.
Maintains operating system content and monitors
system configuration to ensure data integrity.
Supports new systems and existing applications
developed in-house or those supplied by 3rd party
vendors. Develops, plans, and implements the overall
strategic goals of an organization's mainframe
software infrastructure. Evaluates and recommends
changes to current and future system software
requirements to meet the organization's needs.
Establishes and meets service level agreements with
clients. Insures system performance, redundancy, and
fault tolerance using IBM Parallel Sysplex
functionality. Maintains current disaster recovery
plan and participates in annual testing. Monitors
and establishes procedures to maximize productivity
and to minimize the occurrence of errors. Works with
other internal departments to understand current and
future projects to insure the systems programming
infrastructure is able to meet the demands of future
growth. In depth knowledge of project planning and
management techniques, plus the ability to
effectively communicate, both verbal and written, to
staff and executive management.
Assist in configuration of z/Series network using
Communication Server VTAM and TCP/IP system
components; advise in implementation of NetView of
Tivoli NetView.
Mainframe Security Assessment Projects
Symantec, IBM and State of Oregon 2004 through 2009
Engagement team member with IBM Global Services and
Symantec Professional Services for completing
enterprise security assessments for commercial and
government sector customer accounts
Evaluate security architecture of RACF, CA-ACF2 and
CA-Top Security with z/Systems UNIX System Services,
WebSphere, CICS Transaction Server, DB2 and Database
subsystems, HTTP Server and HFS File System for
compliance to ISO17799, DoD STIG and IBM best
practices for security data and mainframe computing
platform. Using a technical approach for
comprehensive security compliance, constructed a
project plan consisting of all data center support
groups to assess security control points and
potential weak areas. Examined mainframe host
platform for logical access controls and adherence
to regulatory requirements. Assessment report
summary includes findings and gap analysis with
remediation technical steps
Developed a copyright proprietary security audit
"checklist" based on the regulatory guidelines
outlined by the COBIT standard, ISO1799 and IBM best
practice methodology for Enterprise computing
environments using RACF, ACF2 and CA-Top Secret to
protect data and its management of access controls.
Guide customer organizations in using effective
mainframe technology to protect confidentiality of
data in compliance of regulatory guidelines
including GLBA (Gramm-Leach-Bliley Act), HIPAA,
Sarbanes-Oxley (SOX), FISCAM, and local/ state
legislation.
Evaluate corporate privacy policy statement and
documentation for clients and suggest improvements
if warranted.
Perform host mainframe security assessments for
OS390 and z/OS customer data centers using RACF,
CA-Top Secret and CA-ACF2 using ISO17799 as best
practice metric for protecting.
Government host assessment contribution included:
Support as a Security Engineer who provided
evaluation, research, assessment and recommendations
improving the site's enterprise platform consisting
of mainframe, distributed and desktop computing.
Worked with z/OS, z/VM, z/Linux, Windows, Solaris,
AS/400 and Red Hat Linux in a government computing
center serving multiple state agency organizations.
Examine implementation and security compliance with
the Payment Card Industry (PCI) Data Security
Standard as it applies to merchants and service
providers in all payment channels (EDI, ACH payment
operations, e-commerce, and physical controls for
mail and telephone orders).
Improved client's Information Security Maturity
Model Level rating by gap analysis accompanied by
practical recommendations guiding both senior
management and technology specialists with explicit
step-by-step remediation tasks using ISO17799 and
COBIT as metrics
Researched complex security management and technical
support issues across the enterprise, including
improvement in using more proactive measures by
including security in the site's application and
database design and coding SDLC prior to deployment.
Evaluated the benefit of proactive development tools
improving Unix System Services and TCP/IP network
security for computing platforms using these
features in a production capacity. Suggested Unix
System Services file and directory auditing using
RACF, ACF2 and Top Secret SMF control.
Managed complex security management and technical
support issues across the enterprise, including
proactive development of enterprise security
strategy linking legacy and new technology tools.
Provided Subject Matter Expertise in protecting SNA
VTAM and TCP/IP network topology, databases, cross
platform systems Java web applications and 3270
desktop applications. Advised client in hardening
of operating system, vendor software products,
internal software applications, operational controls
within the client's technology architecture.
Served as Information Security Subject Matter Expert
(SME) on all critical information security
technology utilized by the client including
mainframe and appliance based firewall and
network-based intrusion detection and prevention
systems. Reviewed client's investment in firewalls,
vulnerability scanners, host-based intrusion
detection, forensics tools, antivirus, anti-spyware,
anti-spam and other emerging technologies.
Performed information security reviews and risk
assessments of new applications and systems as part
of regular project and other security design
reviews.
Advised client management and its Information
Security group regarding best practice measures for
mitigation of security risks, threats and
vulnerabilities across its enterprise, paying close
attention to the features available within IBM's
z/OS operating system.
Reviewed existing published security policy
documentation, procedures and operational controls
for effectiveness using the NIST800-53 and
NIST800-123 as guidelines for best practice.
Made recommendations to tighten outbound IP traffic
including FTP, utilization of IPSEC within
application software development and standardization
of data encryption originating from the host
mainframe.
Conduct research on emerging products, services,
protocols, and standards in support of security
enhancement and development efforts.
Support efforts in certifying and accrediting the
company environment under the Federal Information
System Management Act (FISMA).
Assessed effectiveness of current security policy,
control measures and procedures in compliance with
IRS1075, FISCAM, FISMA and NIST-800 guidelines as a
best practice standard.
Assist clients with improving current Information
Security governance, in-house Risk Management
strategies, data leakage, Incident Response
Management and Disaster Recovery planning/testing
Formalized strategic technology partner
relationships with major vendors including IBM, EMC,
Speakeasy, Cognigent, and SBC resulting in increased
professional service sales revenue and client
accounts.
Identify business requirements critical to effective
security management plan for client organizations.
Project Management:
Communicates status updates and security findings
with Engagement's Executive Sponsor and
Stake-holders using published weekly project status
document.
Proactively maintains concise communication by
listening, writing and speaking effectively during
client engagement.
Maintains effective communication at all times with
project Executive Sponsor by using clear and concise
written and verbal communication.
Accounting skills: Cost pricing, budget planning and
financial analysis reviews using Excel advanced
features and providing proactive financial input to
client Executive Sponsor.
Demonstrated ability to avoid unnecessary "billable
change orders" by defining assumptions, required
tools and resources at all project stages along with
ensuring good communication between service provider
and client.
Major contributor in writing RFP Proposals resulting
in major awards for Data center consolidations,
security migrations, IBM MVS upgrade projects,
hardware migrations and network management projects.
Demonstrated knowledge, expertise and hands-on
technology skill
Guide client with a balance of leadership and
listening by constructing the security policies,
standards, and procedures providing an immediate ROI
(Return on investment) beneficial to both business
and technology needs with a solution that meets or
exceeds their specific requirements
Managed projects involving data center
consolidation, server consolidations, hardware
upgrades, resource optimization for internal and
consulting staff, cost accounting for capital
expenditures of new technology, Sarbanes-Oxley
compliance timeline, IT Audits examining application
and system controls, BCP (Business Continuity
Planning) and Disaster Recovery.
Tested Windows Vista BETA and Business versions on
HP Compaq and Toshiba notebook hardware with a focus
on anti-Spyware and Virus prevention software
products. Tested appliance based VPN hardware and
logging facility.
1995-2000 Amdahl Fujitsu Corporation Washington, DC
Project Manager - Consulting Services
Increased professional service sales revenue from
$1.5 million to $5.45 million resulting in a record
win in 1996.
Major contributor in writing RFP Proposals resulting
in major awards for Data center consolidations,
security migrations, IBM MVS upgrade projects,
hardware migrations and network management projects.
Suggested new "ethical" billing methodology
resulting in improved audit tracking, increased
profitability and project earnings with a 26 %
margin for fixed priced consulting engagements.
Scoped out proposed service engagements for
consulting resources, technology deliverables and
hardware purchase/ lease for clients. Configured
Microsoft Excel spreadsheets with billing data for
pricing, skill resource billing models, technology
platform scalability factor and calendar timeline
for manual project plan.
Software Asset Management project support: evaluate
IBM and third party vendor licensing contracts for
pricing improvements and restructuring of legal
documents resulting in reduced software costs for
Amdahl clients.
IBM Mainframe Parallel Sysplex Assessment Support
for pre-implementation of data sharing and recovery,
testing of common system files (including shared
PARMLIB) and operational controls, deployment of
focal point and backup console, implementation of
data sharing and recovery features.
Utilized Microsoft Project and Project Workbench
software products to assign and manage consultant
resources through the engagement.
Introduced using IBM software products including the
Netview at client locations which closed open
problem incidents Suggested new billing methodology
that increased profitability and project earnings
with a 26 % profit margin, and avoided unnecessary
billable change orders with suppliers.
Pre-sales support of enterprise systems projects for
federal and state government locations.
1987-1995 Independent Technology Consultant North
America
Systems Programmer & Security Architect
IBM Senior level MVS Systems Programming supporting
zSeries and OS390 mainframe computer systems using
TSO, ISPF, JCL, Standard Utility software(IEBGENER,
IEBCOPY, IEBR14), VSAM(IDCAMS), JES2, IOF,SDSF,
Assembler, MACRO, ICF Catalogs and SMP/E/. System
Engineer completing projects involving hardware and
software upgrades, technology planning, disaster
recovery, business continuity planning, performance
workload analysis and data center support.
Managed SMP/E GLOBAL zone environments, target and
source files for IBM and OEM Vendor software
products; built IBM CBPDO Driver and Target systems,
prepare for operating system upgrades, apply
toleration PTF as required, work with IBM Customer
Engineer to resolve EC issues for CPU and DASD;
perform diagnostic and problem determination of
system software products using IPCS, GTF, Slip Trace
and System Console message reviews.
Collaborate with CICS and DB2 system programmers for
MVS upgrade planning, testing and deployment.
Manage technical questions and answers from end
users to IBM and OEM vendors regarding usage and
interoperability of licensed software products.
Tivoli NetView Access Manager Installation,
configuration and support for z/.OS and OS390 MVS
Single Sign-on.
Storage management advanced support using FDR/ABR,
DFDSS, DFHSM, DMS/OS, CA-ACF2 and IDCAMS; provided
cross-reference checking of TMC tape catalog content
to RACF database for TAPEVOL and tape DATASET
protection.
Silo upgrade project support activity which
coincided with a data center consolidation effort
requiring the merging of two separate tape library
environments into one combined result; advised users
of GDG Index standards and required use of the GDG
Delete flag option.
Experienced with installation, configuration and
maintenance of CA-1 and TMC Tape Management systems
Experienced with Computer Associates software
product series including CA7 and CA11, CA-ACF2,
ETrust, CA-IDMS
Implemented training courses for experienced and
junior IT Staff in areas of TSO, ISPF, VSAM and
IDCAMS, RACF, Data Management, new hires and end
users bringing productivity and value to the client
organization.
As a Security Architect providing client services
during a consulting engagement, Ms. Winfield's
clients benefit from her additional technical
expertise because of her background working as an
IBM MVS System Engineer and its architecture
skill-set, Ms Winfield assisted clients by providing
help by identifying the best technology solutions
plus build Proof of Concept prototypes that
validated the integration solutions.
Manage SDLC (Requirements definition, design,
coding, testing, User Acceptance Testing and final
Production deployment) with regard to MVS system
internals and design; ensure that executable code
has accurate source code with respect to Library
Management and Patch/ Fix application using IBM and
Vendor change control software.
Assist client with hardware and software
configuration and planning, examine performance
testing data, and validate system integration and
testing activity results both from a technology and
security perspective.
Participate in client "Task Force" teams in IT
support areas of Storage Management, Tape Library
management, Network management, Recovery, Quality
Assurance and Standards, Sarbanes-Oxley compliance,
federal and state regulatory compliance, Y2K (Year
2000) Remediation, corporate mergers and
acquisitions effect on IT and privacy.
CL
1983-1987 Lockheed Martin Data Center Orlando, FL
MVS Systems Programmer - Martin Marietta Data
Systems
Assist and mentor junior staff with complex RACF
security issues. Develop and maintain emerging IBM
security methodologies for auditing security in a
global IT environment including DB2, CICS, IMS,
Adabas, IDMS and OEM vendor software product.
VSAM and ICF Catalog Management converted C-VOL and
User catalog objects to IBM's ICF Integrated Catalog
Facility. Tested ICFRU as part of a corporate wide
disaster recovery project for seven LPARs using
shared 3380-3390 DASD.
Worked with the Martin Marietta Internal Audit Task
Force Team for its bi-annual audits, security
penetration test attacks, disaster recovery,
off-site tape data management, SunGuard recovery
plan and general security assessments within the
corporation for internal and government users.
Assist with Internal Audit initiatives to ensure
compliance with corporate security policies
protecting corporate users and also Facility
Management outsourcing user organizations.
As the company's RACF Administrator, (configured
with the System SPECIAL, OPERATIONS and AUDITOR user
account attributes) provided technical mentoring and
security management to a small subset of RACF Group
Administrators (note: Lockheed Martin used
distributed security administration as compared to
centralized security management)
Provided technical and management planning
assistance to all new outsourcing customers
including government HUD, Bureau of Indian Affairs,
Department of the Interior and USDA.
Increased professional service sales revenue from
$1.5 million to $5.45 million resulting in a record
win in 1996.
Major contributor in writing RFP Proposals resulting
in major awards for Data center consolidations,
security migrations, IBM MVS upgrade projects,
hardware migrations and network management projects.
Suggested new "ethical" billing methodology
resulting in improved audit tracking, increased
profitability and project earnings with a 26 %
margin for fixed priced consulting engagements.
Scoped and planned proposed service engagements
using Excel spreadsheets, skill resource billing
models, technology platform scalability factor and
calendar timeline for manual project plan.
Utilized Microsoft Project and Project Workbench
software products.
Introduced using IBM software products including the
Netview at client locations which closed open
problem incidents
1982-1983 Aetna Life and Casualty Hartford, CT
Software Systems Programmer
Supported 3350 to 3380 DASD Migration for batch,
online and database files
Migrated over 6300 source library members of COBOL
and SAS programs using Panvalet file management
utility programs to convert corporate production
source library from 3350 to 3380 DASD.
Assisted operations center with ICKDSF "Clip" of
volumes and with hardware problem resolution.
Education 1975-1978 University of Hartford West Hartford, CT
Matriculated study Senior level status B.S.,
Elementary Education and Music
2007-Present University of Connecticut Stamford, CT
Matriculated study B.S. in Web Technology Studies
and Pre-Law
Professional ISACA - Information Systems Audit and Control
Memberships Association 2004-Present
ISSA - Information Systems Security Association 2003
- Present
RACF Users Group - NY Region 2002 - Present
Vanguard User Group - National Speaker 1993 and 2006
Interests Spyware Prevention: Published Security Position
paper on Federal Trade Commission website
www.ftc.gov - April 2004
REFERENCES FURNISHED UPON REQUEST
Clients 1988 to 2009:
Frontier Technology Indianapolis Power Avis Rental Cars
and Light
Rochester Telephone J-Crew Ames Department Stores
Aetna US Healthcare Marist College CIGNA Corporation
MCI Telecommunications Symantec Corporation CVS Caremark
Amdahl - Fujitsu Pitney Bowes Business State of North Carolina
Systems
Guardian Life VM Software Rochester Institute of
Insurance Technology
Greenwich Technology General Electric State of Oregon Data Center
Partners Capital
JP Morgan Chase Michelin Citicorp
Corporation-France &
North America
Headquarters
IBM Global Services Otis Elevator NY HIP Insurance
Sikorsky Aircraft Progress Energy PWGSC of Canada
AIG Global Services Corporation
Contact this candidate