RACF
Resume:
Dear Hiring Manager,
I believe that I have the skills necessary for this position. However, I am unable to relocate due to caring for an elderly relative. Does this position have an option of 100% remote? I have a fully functional home office with multiply-redundant internet and phone connections as well as a whole-house backup generator. In my previous job, I worked from home for over five years with no loss of time, data or function.
I look forward to hearing from you soon. Many thanks.
Doc Farmer
MAINFRAME INFORMATION SECURITY (RACF) – ANALYSIS AND ENGINEERING
Profile Accomplished professional with experience in Information Technology, with 38 of those years in the Security/Auditing environment. Main experience in IBM large-scale mainframes, as well as past experience in AS/400 systems, RS/6000 systems, Novell networks and Windows NT networks. Strong background in technical systems, audits and security protocols including operating systems (z/OS). Strong background in a variety of security systems, primarily RACF, with past experience in ACF2 and CA-Top Secret. Strong background in project planning and execution, particularly relating to controls, security, planning, testing and execution. Background in SDLC protocols, Sarbanes-Oxley requirements, FDIC/FFIEC/Comptroller regulations, UK Information Security Act, UK Privacy Act and ISO17799, GSD331, Role-Based Access Controls (RBAC), and DIACAP/NIACAP analysis and remediation.
Strong verbal and written communication skills, having successfully conducted Security and Disaster Recovery seminars. Published author and speaker on the topics of Information Security, Physical Security IT Audit, Disaster Recovery and Year 2000 issues. Also, strong background in technical writing on RACF issues.
EMPLOYER HISTORY
Key Bank, Cleveland, Ohio 2011-2019
RACF Engineer IV
Designed and created RACF resource profiles to manage access permissions.
Assisted Identity Management group constructing authorization controls, methods and procedures.
Investigated and provided answers to questions regarding RACF violations, changes, and insufficient authorizations.
Performed requested/scheduled RACF maintenance tasks
Assisted with Digital Certificate management to install, renew and replace digital certificates.
Provided 24-hour support for production RACF problems.
Planned coordinated and implemented security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure.
Conferred with computer user departments and programmers/developers to plan data security for new or modified software, discussing issues, e.g., employee data access needs, risk of data loss or disclosure.
Reviewed plans to ensure compatibility of planned security measures with establishment security software.
Discussed/requested needed system programming changes with systems programmers (including RACF database resize/restructure).
IBM, Dubuque, Iowa 2010-2011
Information Security Technical Support (Jazz) z/OS Logical Security
Provided high-end security technical support for multiple customers/accounts (25) running on z/OS operating system.
Managed z/OS security system settings and assist technical support teams with system and subsystem security for mainframe computing environment.
Developed new procedures or processes independently or through the team to complex problems, analyzed situations, implemented solutions as needed to remediate issues.
Developed new procedures and standardized tools to resolve problems and provided input into the implementation of enhancements to prevent problems from recurring.
Evaluated, assisted and provided direction to configure software product interfaces.
Provided 24/7 on-call support for customer requests, emergencies, etc.
Supported upgrades of IBM-supported products.
Tested new release and maintenance upgrades for the mainframe security system and make implementation recommendations.
Developed new procedures or processes independently or through the team to resolve problems, analyze situations, and implement solutions as needed to remediate issues.
Ensured account audit readiness as required by IBM Corporate and commercial accounts standards.
Effectively negotiated with technical peers, and occasionally with customers, to implement technical solutions.
Mentored less experienced personnel on security requirements.
New Era Software, Fort Wayne, Indiana 2009-2010
Security/Audit Advisory Group - Member
Provided input and advice on software development for security and audit products and publications. Did this work in conjunction with my employment at InfoSec, Inc. Assisted in development of an IBM Redbook.
InfoSec, Inc., Fort Wayne, Indiana 2007-2010
Senior Security Specialist (RACF)
Permanent position as a consultant to client companies.
Developed security infrastructures to comply with regulatory requirements (SOX, HIPAA, PCI, GLBA, and Banking regulations) and best business practices.
Technical project design and direction including development of security task lists, work lists, schedules and assignment, staffing, and execution, security implementation and remediation.
Performed an in-depth DIACAP analysis and remediation project for a large insurance concern, completing and clearing 157 issues on the mainframe system ahead of schedule and under budget.
Directed the work of three colleagues, generated the DoD-required documentation and evidentiary materials, kept schedules and updates, and communicated with the client and the assessment firm.
Development of RBAC Documentation and Implementation for a large insurance concern.
Performed detailed analysis of mainframe security settings.
Developed/performed detailed audit process for z/OS security
Developed/performed detailed remediation process for multiple mainframe system.
ADDITIONAL RELEVANT EXPERIENCE
Publix (via Intellect Corporation), Lakeland, Florida 2007
RACF Security Analyst (Consultant)
Aozora Bank (via Blackstone Technology Group), Tokyo, Japan 2006
Security Consultant - Mainframe (RACF)
State Farm (via GlobalSource IT), Bloomington, Illinois 2004-2005
Security Consultant - Mainframe (RACF)
GMAC (via TEKsystems), Southfield, Michigan 2004
Project Manager - Sarbanes-Oxley Assessment
Westfield Insurance Group, Westfield Centre, Ohio 2003
Project Manager - Senior Security Consultant
Qatar National Bank, Doha, Qatar 2002-2003
Senior Manager - Security and Business Continuity
Riyad Bank, Riyadh, Saudi Arabia 1998-2002
Manager, Senior Information Systems Security Analyst
SBC Warburg (formerly S.G. Warburg, now UBS Warburg), London, UK 1994-1997
Senior Computer Auditor
London & Edinburgh Insurance company, Worthing, West Sussex, UK 1991-1994
Senior Internal Auditor (DP)
U.S. Central Credit Union, Overland Park, Kansas 1989-1991
Data/Physical Security Administrator
EDUCATION
College Course in Principles of Accounting
Northern Virginia Community College
College Course in Assembler Programming
Northern Virginia Community College
College Course in Introduction to COBOL
Indiana Vocational Technical College
College Course in Problem Solving Techniques
Indiana Vocational Technical College
PUBLISHED WORKS
Pentland Utilities v2.0 - An Update, in: RACF Update, Xephon Publications, 2007
The Death Of RACF's OPERATIONS Attribute (or, how I'm trying to kill it...), in: RACF Update, Xephon Publications, 2006
The Simple Solution to Electronic Voting, in: Computerworld, IDG, 2005
CICS Transaction Segregation and Region Creation (3-part series), in: CICS Update and RACF Update, Xephon Publications, 2005
Business Continuity and RACF, in: RACF Update, Xephon Publications, 2003
Pentland Utilities Review, in: RACF Update, Xephon Publications, 2003
Building A Secure Data Centre, in: Insight IS, Xephon Publications, 2002
RACF Restructuring (4-part series), in: RACF Update, Xephon Publications, 2002
Software Piracy - Protect Yourself!, in: Credit Union Executive, NCUA, 1990
Computer Flu!, in: Credit Union Executive, NCUA, 1989
Finance Trends Spark MIS Jobs, in: Computerworld, IDG, 1987
Planning Your Way To The Top, in: Computerworld, IDG, 1987
Insurers Stake Claim on MIS, in: Computerworld, IDG, 1987
Don't Blame Computer For Immoral Acts Of Inside Traders, InformationWeek, 1987
Good Managers Are Hard To Find, in: Computerworld, IDG, 1987
Confessions Of An EDP Auditor, in: Datamation, 1983
High Tech In The Midwest, in: Computerworld, IDG, 1983
IBM Compatible Giants, in: Datamation, 1981
Comparison Of The IBM 4341 And Magnuson M80/42, in: Computerworld, IDG, 1981
Keywords: RACF, z/OS, MVS, OS/390, CA-Top Secret, z9, JCL, TSO, ISPF, AS400, RS/6000, Novell Networks, Windows NT Networks, Project Management, Project Planning, Security Consulting, Sarbanes-Oxley, SarbOx, SOX, GSD331, ISeC, FDIC, FFIEC, RBAC, DIACAP, DISA, NIACAP, Audit, Easytrieve, PanAudit, Security Analysis, Security Remediation, Mainframe Analysis, Mainframe Remediation, Risk Assessment, z/OS Assessment, z/OS Healthcheck, RACF Healthcheck
REFERENCES AND RECOMMENDATIONS
Joel Tilton, CISSP -- The Depository Trust & Clearing Corporation (DTCC) Associate Director - Infrastructure Services Architect
“Working with Doc was a true pleasure. I don't think he ever stops thinking about the mainframe; which is a good thing. Doc's knowledge of RACF is excellent and he even knows how to properly audit a mainframe as well; a real find these days. He somehow managed to support our large diverse customer base and cover on-call for them all weekend; which I appreciated as it kept my pager from going off. A true professional in every sense of the word and a pleasure fellow RACF nerd. Any company would be fortunate to have someone has hardworking and diligent as Doc as an employee.” (written 1/22/12)
Paul Robichaux, NewEra Software, Inc, CEO
“Doc is a great guy. Knowledgeable in all aspects of large system computing. Great presenter, good style, excellent content." (written 11/24/09)
Chuck Conner, CPC, Pinnacle Accounting and Finance, LLC, Director of Client Services
“Doc is extremely knowledgeable and thorough. He is very responsive and able to quickly get you the answer/information you need. I am proud to be a part of Doc's trusted network!" (written 11/13/08)
R.A. Sprinkle, “ONE, the Book” Writer
“Not only is Doc a professional and knowledgeable writer with plenty of wit, he has also proved his ability over the years as a moderator managing forums and dealing with technical and other problems. He is passionate about what he does and dose it with excellence. One word that comes to mind about Doc is reliability and dedication, (I know that's two words, but I couldn't help it.) - R.A.S." (written 9/22/09)
Nigel Pentland @ home Retired
“Never having met Doc, we have worked together around developing ideas and inspiration for the RACF PC reporting utilities I've developed. Doc offered both practical help with the documentation side of things, and general mentoring and encouragement during some of the development and testing. Not to mention o course his own ideas and suggestions for customised reports. Thanks Doc." (written 9/22/09)
Paul Stavrakis, Schroders, Release Train Engineer
“I can vouch for Doc Farmer as an extremely experienced, diligent and capable computer auditor." (written 9/22/09)
Jim Beiermeister, Recruitment Management Consultants (RMC) Managing Partner - Information Technology Staffing Specialist
“Doc worked for my company on a key account to conduct preparations for early Sarbanes-Oxley compliance. The engagement Doc worked on had high visibility up to the CIO and he was an impact player to both my company and our client. Doc is a true professional with the versatility sought after in today’s marketplace. I would recommend Doc to any team that has high performance expectations and tight timelines.” (written 2/12/07)
Dan Whitaker, State Farm Insurance, Security Analyst
“We are 3rd Level Mainframe Security and are assigned to many projects and Service Requests. We have many tasks to complete and time lines meet. Doc did not miss any time lines and completed all tasks assigned. Doc was tasked to rewrite a procedure manual for our Access Administration area and respond to Audit findings. Again, his writing skills and knowledge are excellent. We have a "work list" that we also work from. Doc completed more tasks from the "work list" then anyone on the team. He completed a CICS Standards document for us and it too was excellent! As a contract employee you're expected to hit the ground running, that's Doc in a nut shell. He got a lot of things accomplished for us. His knowledge, personality, and attitude is missed. I enjoyed working and learning from Doc. He was a great source for information." (written 2/7/07)
Gerhard Rickert CISSP/CCISO, Deloitte, Cyber Security / Risk Advisory
“Wow what a wonderful experience that was. Doc exceeded every demand made of him. I was thoroughly impressed by the professionalism and value Doc.” (written 2/09/07)
Contact this candidate