Lead Technical Architect / Manager
Resume:
Michael T. Kibbe, TOGAF *
e-mail: *******.*****@*******.***
Phoenix, AZ 85086
Skype:*******.*****@*******.***
Cell: 602-***-****
GitHub: https://github.com/Nondisclosure/
LinkedIn:www.linkedin.com/in/MichaelKibbe1
Twenty plus years’ experience in architecting governance processes, designing secure information systems, reference architectures, information security.
Professional Experience
American Express Technologies
1996-2016
Manager IRP (Incident Response Team)
oConstructed and implemented the first Incident Response Strategy.
oLead the team responsible for responding to security incidents.
Coordinated the appropriate groups, when appropriate, to identify and remediate a threat.
oLiaison with senior management when verified incident occurred.
oAssisted with IDS team on fine tuning of IDS systems when an incident arose but turned out to be “false positive”.
oWe used Splunk for data collection on servers.
oWe used Snort on smaller more “out of the standard” installations that wouldn’t fit into our enterprise strategy.
oUtilized burp as a proxy to troubleshoot communications.
Manager ECRB (E-Commerce Review Board).
oTechnology risk consultations.
oConstructed and implemented the first Governance Strategy.
oBuilt process based business and technology needs to adhere to company and all applicable Federal and State laws.
oReviewed and lead the team that reviewed the Security of any e-commerce application before launch into production. Ensured application was secure and in compliance to standards.
oWas par to the “C” (CIO, CTO) level review of applications before launch.
oWorked with various architecture and security teams throughout the enterprise to gain alignment on SLA’s when their group was engaged.
oBuilt the first tool to further streamline the ECRB process.
oLead Architect on one of the first web based online stock trading platforms.
Built first dual authentication system. 2nd verification needed when submitting trades
Manager PGB team.
oTechnology risk consultations.
oRefined and implemented the Governance Strategy.
oBuilt the PGB (Project Governance Board) process.
oExpanded ECRB to include more than e-commerce projects. Process was re-built and re-architected to include all distributed applications.
oIncluded the PCI and PCI DSS standards for compliance.
oIncluded relevant technology parts of Sarbanes-Oxley (SOX) compliance.
oAlso added other groups around AET that had standards to be enforced.
This required alignment with those groups on when they would be included in a review, what they needed asked in our up front forms, and where else they would come into the PGB process; including but not limited to RMP (Risk Management Plans), signatories on various project artifacts (i.e., RMP, Executive review deck preparation and review, etc.).
oExpanded 3rd party reviews.
Included into these reviews were ISO 2700x compliance.
oIncluded HIPAA standards for when AEFA was still a part of American Express.
Released requirement to HIPAA when healthcare policy workings were “spun off” with AEFA (now Ameriprise). I don’t know if Ameriprise has kept their healthcare policy business since the spin off.
oRe-branded the tool to support the PGB process (Lotus Notes application).
oBuilt and maintained both architecture and security standards.
oPerformed quarterly scans of applications using Nessus products.
oIntegrated relevant NIST standards.
oCreated FIPS compliant vault for x.509 keys used in a PKI instance.
Manager SAR team.
oTechnology risk consultations.
oFocused IT Security Governance and Architecture.
oRefined and implemented the Governance Strategy.
oBuilt and launched SAR (Solution Architecture Review)
oComplete rewrite of the governance process. Became Architecture and Security focused.
oSAR processes now included business owners to agree and accept risk for their application.
oAdded support to review mainframe applications into the SAR process.
oBuilt GEM (Governance Engagement Manager). .Net solution that replaced the Lotus Notes governance application.
oGoverned over various project management and development methodologies including:
SDLC
Method/1
Agile
Kanban
SAS/70
ITIL
oCreated the AOC (Architecture Oversight Council).
Chairman of the AOC board.
AOC takes input from reviewers (those who conduct the reviews in the governance process) and projects. Takes the inputs, prioritizes them for improvements to either process or tools. Also looks at requests for groups that wish to be added as a reviewer group (someone who owns a standard and wants to utilize the SAR process for reviewing).
oLead the JADR (Joint Architecture Design Review, one of the review process in PGB and SAR).
JADR consisted of looking at the security and architecture of an application.
Integration into current hosting options available.
Security:
oCIA (Confidentiality / Integrity / Availability)
oData security:
At rest
In transit
oAuthentication / Authorization
oUser management
oSeparation of duties
oData stewardship
oCheck for standards compliance among other possible issues an application would/could have.
Federal Standards (to name a few):
PCI-DSS
FFIEC
Sarbanes-Oxley (SOX)
International standards on data stewardship
Hong Kong Monetary Authority (HKMA)
Data security standards for (to name a few):
oEurope
oGermany (more stringent and separate from EU)
oSingapore
oThailand
oI covered only Java and .Net.
oConducted and reviewed applications for both enterprise security and architecture compliance, regulatory compliance, industry standards, principles and guidelines.
oImplemented Code scanning in SVN and Team Foundation repositories.
Scanned code every night for security gaps.
oIntegrated applications into standard infrastructure and utilities:
SSO. Siteminder (https://www.coreblox.com/partners/technology/ca-single-sign-on/?gclid=CNfd_7_xw9ICFUuTfgodwJ8EIg).
SSO. Active Directory.
OpenShift Cloud. On-Premises
Azure Integration.
System integration into different on premises hosting environments (specific details cannot be given due to confidentiality agreements).
Hobbies
Started my journey in Xamarin. Currently working on a Password Vault application (cross platform).
MQL4 and MQL5 coding.
oMQLx is a proprietary language used in the Metatrader (https://www.metaquotes.net/) online trading platform for trading Forex (spot/retail) and futures (some brokers, not all).
oDevelopment of complicated trading algorithms and various libraries in support of those algorithms.
Libraries done in both MQLx and C#.
Active Directory Services (ADS) for Windows Server 2012 (R2) and Windows Server 2016.
oExtensive use of group policy.
Home network for “home production use”
Virtual networks on both Hyper-V 2016 and VMware Workstation 12.0 for testing.
oHave setup and used the following on both Windows Server 2012 (R2) and Windows Server 2016:
LDAP (ADS)
DNS
DHCP
WINS (moved away from on Windows Server 2016)
WDS
WSUS
Libraries coded in C#
oNote, trying to get C# to work with Metatrader is pain. I’ve finally mastered it.
oSockets in C#. Used for data transfer between Metatrader and .Net.
Custom build all my own servers (Hardware). Harden my own servers in Windows.
Custom laid out home network.
Skills
Expertise in the transition of business needs to technical solution.
oExpertise in the translation of technical aspects to business functions.
Implemented the McAfee enterprise AV suite.
Built the first security standard, the MSB (Minimum Security Baseline).
Launched the Application Development Security program.
oAssisted developers in writing secure code by:
Education
Component development
Implemented the wireless LAN project.
oGave employees access to the local LAN.
oGave guests ability access the internet without getting access to resources on the LAN.
Participated the design team (security and architecture) for the implementation of Open Shift.
oOpen source cloud platform.
Lead the design team (security and architecture) for the integration of Microsoft Azure cloud services with internal and Azure hosted applications.
Lead the design team (security and architecture) for the implementation of VSphere.
oVMWare cloud offering.
Kept (still keeping) up to date on industry trends and changes.
Solid background in heterogeneous network and systems administration issues.
Languages:
oC#
oJava
oJSON
oXML
oMQL4
oMQL5
oHTML
Security Frameworks
oPCI-DSS
oSAS 70
oPKI/X.509
OS (Installation / Maintenance / Support):
oWindows (3.11 – 10 and Server 2003 – 2016)
oFedora / Red Hat
Development Technologies:
oWeb Services
oAPI
Networking skills:
oTCP/IP
oHTTP(s)
oFTP(s)
Networking tools
oBurp
oEthereal
oNmap
Scripting Languages:
oPERL
oPowershell
oVScript
Contact this candidate