Manager Management
Resume:
Dmitri Chilovich
Chicago, USA
Home: 847-***-****
E-mail: ******.*********@*****.***
SkyPe: Dmitri.Chilovich
Identity and Access Management ( IAM Domain ) Security Solutions Architect
/ Analyst / Developer / Team Lead
Professional objectives
IAM Solutions Architect, IAM Solutions Software Development Cycle Manager,
IAM Security and Risk Management Practice Lead, IAM IBM Tivoli Solutions
SME
Summary
. 19+ years of IBM consulting for large ( US Fortune 500 ) IBM
customers, 10+ years - in role of IAM Solutions Architect, Analyst,
Developer, Team Lead and Technical Project Manager, in areas of
Identity and Access Security Management, Federated Identity
Management, Access Management, RBAC Security Design, SOA based IAM
Security Solutions Development, Risk Management and Disaster Recovery.
. Enterprise IT solutions - preparation for compliance to security
policies and audit controls like SOX, SAS, HIPAA, CobIT, in role of
Architect and Designer.
. SME for IBM Tivoli Security Suite ( ITIM,TFM,TAM ESSO, TDI), for IAM
Solutions Design, Integration and Implementation, based on IBM
Technologies: IBM SOA/ IAM Suite ( Tivoli, WebSphere, WS-Security ),
Enterprise-scale IAM Transitions from Novell NetIQ, OIM, Sailpoint -
to IBM IAM Security Suite.
. All projects - macro and micro management ( ability to provide
enterprise level design from one side, and detailed unit/code level
solution design from other side).
Specialties
TIM, TFIM, TDI, TDS,TAM, TAM ESSO / ISAM ESSO
Additional: AIX, TSM, DR, SOA, WS-Security, SOX, COBIT, RBAC
Projects - subject matter view
. ( IBM Security ) Tivoli Identity Manager and ITIM Vault ( Shared IDs
Management ) Automation Solutions Design and Implementation
. IBM Tivoli Access Manager ( TAM WebSeal, TAMe ) Solution Designs and
Deployments
. Tivoli Federated Identity Manger ( TFIM ) Solution Design and POC (
integrated with TAMESSO and ITIM )
. Web applications Single Sign-On Design with WS-Trust, WS-Provisioning,
SAML 2.x, SSO Server technology
. Tivoli Directory Integrator (TDI) - Based Solutions, for Directories
migration and integration, ITIM Custom Adapters, HR Feeds, Single Sign-
On and User Registries Synchronization
. SAP IAM Security Solutions under IBM Tivoli IAM technology
. Archer RSA integration with IAM IBM Suite
. Oracle PeopleSoft integration with IBM IAM Suite
. Company Audit (Sarbanes-Oxley, sas70, Security Architecture - IAM
Domain) readiness support projects design and implementation
. Company Role-Based Access Controls end to end implementation: Business
Requirements, Business Process Analytics, IAM Security Drivers
enforcement, Roles optimization, Technology blueprint, Solution
Design, Technical Project plan, Implementation, performance analysis,
post- implementation support.
. Novell Net IQ migration to IBM Tivoli IAM Suite
. Novell Net IQ migration to Oracle Identity Manager Suite
Summary of Qualifications
IAM Security ( Project stages - Business Requirements assembly, technology
strategy, integration and performance roadmap. Role - SDLC management, IAM
Architecture, Design, Implementation, Customization, Integration with
Legacy technologies )
. Tivoli Access Manager ( TAM, TAMe, WebSEAL )
. Tivoli Identity Manger ( ITIM ), Vault ITIM.
. Tivoli Directory Integrator (TDI ) for Single Sign-On and User
Registries Synchronization.
. Tivoli Federated Identity Manager ( TFIM ) so Single and Multi Domain
Service / Identity Providers
. IBM WebSphere based Security Software Solutions: SOA, WS-Trust, WS-
Provisioning, SAML 1.x, SAML 2.x, LTPA, STS Architecture Design
. TFIM and integrated Federated Identity Management and F-SSO Single
Sign On Architecture Design, Development.
. TFIM and WebSphere : SOA, WS-Trust, WS-Provisioning, SAML, LTPA, STS
Architecture Design
. Vulnerability, penetration risks management for middleware layer
applications
. RSA ACE Server Installation/Deployment/Administration ( ver. 5.1).
. Steel-Belted RADIUS installation/Administration/Integration with RSA
ACE Server.
. Integration solutions comparison for Tivoli Identity Management,
Hitachi-Id Management, Oracle Identity Management Suits.
. Architect an enterprise security with IBM's Method for Architecting
Secure Solutions (MASS)
Enterprise Management products: implementation, administration,
deployment:
. Tivoli Access Manager for Operating Systems, Tivoli Access Manager for
e-Business / Webseal / WebSphere / HTTP /LDAP
. Identity Management Solutions and Agents Administration,
Configuration, Development and support for RACF, AIX, Solaris, HPUX,
LINUX, Windows AD, Windows Local, Novell, SAP, PeopleSoft, Oracle
Directory, DB2 store ( any RDBMS Store ), etc.
. Tivoli Federated Identity Manager
. Tivoli Manager for SAP R/3
. Tivoli Workload Scheduler
. Tivoli Data Protection for SAP R/3
. Tivoli Enterprise Console
Data Storage and Availability/Risk Management
. Company Disaster Recovery Design, planning and integration.
. Company wide Monitoring and reporting - design, technology roadmap,
implementation ( IBM Tivoli Enterprise Console, Workload Scheduler -
based ).
Miscellaneous
. AIX and/or HACMP AIX administration, tuning, testing, shell scripting.
. WebSphere Administration and Tuning.
. Certified in Administration of AIX and DEC Unix (former OSF/1).
. Unix Korn Shell, Perl scripting for AIX, for TSM Disaster Recovery
. Java, JavaScript coding
. WS-Security related XML scripting.
. Department Problem Queue Management, L2 on-call support, L3 offshore
tasks management, SLA compliance.
. BPMN - Technical Project Management Analytics and Design
. SVN - Version control management design
Educations, Certifications and Classes
. Certificates and Classes completed.
. Tivoli Directory integrator v 6, v7
. RSA Server Administration
. Tivoli Access Manager v.4, v.5 Administration and System Integration
. Tivoli Identity Manager v4,5.
. DEC UNIX (OSF/1) System Administration (expired)
. DECbank PRO and TFM (banking UNIX/Oracle software of Digital Co.)
(expired)
. Oracle Belarus: RDBMS Oracle7 Administrator.
. ADSM / TSM / SAN Server Development/Troubleshooting ( IBM Germany ).
. CISSP internal IBM classes completed
. ITAR certification completed
Education
1987-1992: Belarus State University, Master's degree in Computer Sciences
(certified for US DOL by BROWN University, Mathematics Dept., RI, USA).
Status in USA
Citizen
Projects - individual accomplishments
IBM Global Services, Identity and Access Management Architect and Developer
Provided full-cycle consulting, project planning and help in deployment
of Tivoli -based SOA WebSecurity Solution for multiple IBM customers.
Solutions include Tivoli Access Manager, Tivoli Federated Identity Manager,
Tivoli Identity Manager, User Registries synchronization.
Zurich Financial - IAM Architect and Analyst
Project 1: Enabled High Availability Solution for security infrastructure
for Zurich Claims e-business applications framework. I did initial
assessment, indicated weak places, gave 3 different solutions (
price/quality/investments return ratio was a criteria), provided the
detailed project plan, wrote documentation, planned steps and outages/
risks, rollback procedures, defended on several meetings and implemented
one of those 3 solutions.
Result: Implemented high availability for Zurich North America eZAccess e-
business portal Security Framework. 100% availability score for IT Security
Applications ( Tivoli Access Manager, RSA, Tivoli Directory Server, LDAP
user registry servers, WebSEAL servers).
Project 2: Enabled Extranet access ( external web-clients ) to Zurich
Claims e-business applications framework. I did initial assessment,
indicated weak places, designed the solution ( DMZ, internal and external
WebSEALs REALMs, did initial price/hardware/work hours planning, provided
detailed project plan, wrote documentation, planned steps and outages/
risks for full plan implementation period, wrote rollback procedures,
worked with Application Security Analysts and Network team, deployed and
customized pilot-project for Development Realm, one of 3 Zurich e-business
frameworks ( Dev, QA and Production ).
Project 3: Single Sign-On solutions for legacy applications of Zurich
partner companies.
I did assessment, designed the solution, project plan and provided pilot-
project installation and testing for IT Security integration for Zurich
Claims e-business applications and UUG ( Lotus Domino based ) applications,
for Risk Intelligence and Risk Management Application, for Zurich HR ID
Management applications, and Mainframe RACF - based application.
Project 4: Zurich ID Management Framework Infrastructure and Sofftware
upgrade. I made HR/ID management assessment, wrote documentation, designed
the solution, proposed pilot-project plan, and implemented it as based on
Tivoli Directory Integrator user registry synchronization, Tivoli Identity
Management and Provisioning.
Project 5: Deeply participated in Zurich Disaster Recovery Drills, was
responsible for e-business Security Framework Recovery . Wrote procedures,
plans, did DR and had e-business security fully restored on IBM DR sites.
IBM Middleware National Global Delivery, Identity and Access Management
Project 1: Provided full-cycle consulting, project planning and help in
deployment of Tivoli -based WebSecurity for Coca-Cola HQ in Atlanta.
Solution included Tivoli Access Manager Realms, Tivoli Identity Manager
Gateway, User Registries synchronization based on Active Directory, Lotus
directory, IBM LDAP Directory.
Project 2. Did full-cycle consulting for IBT ( International Bank and
Trust) e-business security infrastructure implementation. Provided initial
project-plan, did Tivoli Access Manager, RSA Server, Steel-Belted Radius -
based security framework installation and customization, provided
integration with Identity Provisioning System based on TIM and SAP .
IBM HQ, Global Finance Transformation
Global Transformation Project ( migration of all IBM Finance Management,
Assets and Liabilities Management to SAP and Tivoli Framework Management
platform.). I did full-cycle planning and implementation of Security
Framework for 2-5 IBM IGF server / application frames ( including web-
sites, assessment databases, finance-data databases).
Solution was based on Tivoli Framework Enterprise Manager, Tivoli
Enterprise Console, Tivoli Workload Scheduler, Tivoli Risk Management, and
in few stages provided password management, account access management ( for
intranet IBM identities), workflow and financial product cycle management
automation, auditing and reporting setup. It was also implemented by me and
served at around 40% load threshold for approximately 4000 internal users.
Identity and Access Management Application Architect for Humana
Provided full-cycle solution providing in IAM Domain, based on Tivoli
Access Manager, Tivoli Federated Identity Manager, Tivoli Identity Manager.
Lead team of developers on-shore and off-shore, generate Solution Designs,
roadmaps and business requirements, ITIM Code development and custom
version control management, provide SME support for Production Management
Team.
Identity and Access Management Application Architect for US Cellular
Provided full-cycle solution providing in IAM Domain, based on NetIQ
Security Suite. Lead projects for Risk Managements, Enterprise Monitoring,
lead IAM Team.
Projects for IBM GS
My role was mainly in redesigning of existing company security frameworks
and included the project management, team management, organizational
demands gathering, implementation. Technically, projects included change of
data flows, optimization of identity management rules, management for
orphan accounts.
In general, steps are:
1. existing environment description on application, data flows and
account/identity levels
2. environment assessment: risks, orphans, double flows, performance
bottle necks. Etc.
3. grouping for resources - servers, users, applications, extraordinary
units or groups.
4. identity foundation design
5. password management design
6. account access management design
7. workflows and dataflows automation
8. automation and reporting, statistics and forecasting
9. distributed management system
10. role-based access controls design
Work History
now:
Employer: CDI, for IBM
Position: Identity and Access Management Automation Architect and
Designer
Profile: Identity and Access Management Applications Architect
. IAM Solutions Design
. ITIM IAM Solutions Implementation
. RBAC implementation ( roles based access )
. Single Sign-On and Applications Integration Architect.
. Identity and Access Management Solutions design for integration with
Intranet and Outside ( Federated) applications, all stages -design,
development, performance tuning, Security standards compliance
enforcement.
7/2013-3/2014:
Employer: Humana Health
Position: Identity and Access Management Solutions Architect
Profile: Enterprise IAM Solutions Architect
. IAM Solutions Design
. ITIM IAM Solutions Implementation
. RBAC implementation ( roles based access )
. Single Sign-On and Applications Integration Architect.
. Identity and Access Management Solutions design for integration with
Intranet and Outside ( Federated) applications, all stages -design,
development, performance tuning, Security standards compliance
enforcement.
7/2012 - 7/2013:
Employer: US Cellular
Position: Identity and Access Management Automation
Profile: IAM Security Chief Engineer
. IAM Solutions Design
. NetIQ Solutions Implementation
. RBAC implementation ( roles based access )
. Single Sign-On and Applications Integration Architect.
. e-Business Solutions Design (based on HTTP, WebSphere, LDAP,
Directory Integrator, Policy Director/ Access and Identity Manager)
. Identity and Access Management Solutions design for integration with
Intranet and Outside ( Federated) applications, all stages -design,
development, performance tuning, Security standards compliance
enforcement.
03/20/2004 - 10/2005:
Employer: Zurich North America - Infrastructure Security Distributed
Systems
Position: IAM Security Architect.
Profile: Identity and Access Management ApplicationsArchitect
. Tivoli Security ( TAM, LDAP, WAS, ITIM, TFIM, TDI ) Analyst,
Architect and Administrator.
. Single Sign-On and Applications Integration Architect.
. e-Business Solutions Design (based on HTTP, WebSphere, LDAP,
Directory Integrator, Policy Director/ Access and Identity Manager)
. Application and IT infrastructure security risk assessments and audits
( sas70).
. System Security Architecture Evaluations and Enhancements - DMZ
enforcement, High Availability, Business Demands.
. Tivoli Storage Management consulting, Disaster Recovery and Continuity
planning
. Company-wide SSL /PKI, GSK certification Administration. SSL
management for Verisign, Entrust, RSA, Tivoli keys.
. Company-wide IT Security Infrastructure Disaster Recovery Planning,
Design and Integration.
. IT Security Audits
. Public-key Infrastructures (PKI)
. Intrusion Detection Tools Testing, Deployment.
. Enterprise Security Program and/or Security Strategy Development
. Security -level consulting and project management for Zurich e-
Business software development projects.
. Company middleware vulnerability testing, penetration testing, risk
assessment and exposures management.
Recommendation: available
August 2003 - 03/20/2004:
Employer: IBM GS - Middleware Solutions Delivery
Position: IBM Tivoli IAM Security Architect
Profile: IBM Tivoli Security and Storage Management consulting and
solution providing:
. Full-scale IT Security and Storage management infrastructure
implementation and technical project management.
. Tivoli Security ( ITIM, TAM, LDAP, WAS, TFIM, TDI ) Analyst,
Architect and Administrator.
. RSA ACE Server/Agents Solution Provider and RADIUS Administrator.
. Tivoli Storage ( ADSM, TSM, TDP, DR) Analyst and Administrator.
. Tivoli Enterprise (Framework, TWS) Analyst, Architect and
Administrator
Recommendation: available
October 2000 - July 2003:
Employer: IBM Global Finance, NY
Position: Tivoli IAM Transition Architect
Profile: Tivoli IAM Architect and SME for IGF GARS and SAP BW teams
. Tivoli Solutions Architecture, Testing, Pilot-project implementation
for IBM Internet/intranet e0business accounts and some outside IBM
vendors. Includes Tivoli Access Manager, Tivoli Workload Scheduler,
Tivoli Storage Manager, MQ solutions and integration with main IBM IGF
SAP database.
. Tivoli Framework implementation for IBM AIX servers frames in USA and
Canada. Includes TAM for AIX, TWS for AIX.
. AIX 4.3-5.1, SAP R/3, Tivoli Storage Manager, Tivoli Workload Manager,
Tivoli Data Protection, Tivoli Access Manager, Tivoli Framework and
Tivoli Workload Scheduler Integration: Analyst and Administrator.
. FTP Scripts, MQ Series Integration with AIX and SAP scripts, Tivoli
Enterprise Manager (TEM, TMF) Integration Administrator, Shell
scripting, ADSM and TSM Consultant.
. Light Lotus Notes / Domino R5 Database Development for Team needs:
IURs, SAP Batch Job requests and Problem Logs Database design and
development.
. Position also includes the SAP/Tivoli/MQ configuration solution for
some IBM vendors and clients, other IBM accounts.
. Primary Administration of set of AIX servers for UNIX user policies,
complex Shell FTP scripts for integrated applications ( SAP R/3, MVS
clients, RFC Idoc postings into SAP, MQSI clients data exchanges).
. SAP R/3 / ACTA / Tivoli Workload Scheduler configuration tuning for
Business data warehousing.
. SAP 4.6 Jobs Full-Scale administration and testing, integration with
data feeders.
Recommendation: Available.
January 2000 - October 2000:
Employer: IBM for Californian State Employees Retirement System.
Position: TEM, TMF, ADSM and TSM Expert
Profile: ADSM / TSM / SAN/ high availability Expert, Tivoli Data
Protection and Data Exchange Analyst :
. Implementation, Deployment, Solution providing, Testing and
Consulting for CalPERS for all TIVOLI-related issues - Storage
Management, Storage Planning and Enterprise Security Monitoring
mainly.
. AIX migration onto IBM RS/6000 HACMP AIX 4.3 Environment.
. IBM RS/6000 servers migration onto IBM 3595E tape library.
Recommendation: available.
April 1999 - December 1999:
Employer: IBM Global Services, Schaumburg, Chicago, Illinois.
Position: Storage Management and DR Architect
Profile: ADSM/TSM/SAN Architect, Analyst and Administrator
Deployment, Solution providing, testing and service for high mission-
critical Configurations with ADSM and TSM server storage operating >1TB
data/day, with >200 client servers. Serious performance tuning, policies
tuning, forecasting using my scripts and Tivoli Decision Support (*up to
v. 2.1.1. by June'2003 ).
. I perform ADSM Lotus Notes Agents for NT, AIX v21ptf7, ptf9
Implementation, Deployment, Testing, Troubleshooting for ADSM
Configurations with >200 nodes.
. I perform Tivoli Data Protection v1 for Lotus Domino R5 Server and
SAMS testing.
. I perform also AIX v4.2 ADSM Server and BA Clients System
Administration, tuning.
. I code Shell and Perl scripts for ADSM Client/Server Statistics
Gathering, Supervising and Storage Forecasting. I write also same
scripts with a help of ADSM SQL queries to ADSM AIX server Database,
and perl. I use also ODBC ADSM drivers to export some Statistics and
generate ADSM state Reports.
. I supervise and design ADSM tasks like backups and archives.
. I perform also IBM 3494 Tape Library Management with 3590 and 3590E
media, Maintain the IBM H-50 Servers with SSA and SCSI Disk arrays and
Token Ring over TCP/IP backbone.
. I perform ADSM AIX Server v3 and ADSM NT or AIX clients
Implementation,
. I design and troubleshoot ADSM / Tivoli clients on DB/2, Oracle,
People Soft and SQLBackTrack.
Recommendation: available.
October 1996 - March 1999.
Employer: IBM EMEA Germany, IBA
Project: ADSM / TSM (AdStar Storage Management System from IBM)
development.
Position: Teamleader, ADSM / TSM /DR World Problem Level 2 Support.
Profile: ADSM / TSM / TOTAL STORAGE Architecture and Design,
Installation, Support, Development, Releases, PTFs.
. I'm a team leader of the ADSM Level2 support group in Belarus. My
duties are to maintain my private and worldwide ADSM customers'
problem queue, to determine the problems our customers get in face of,
recreate these problems and suggest to them some temporary fix,
investigate ADSM C/C++ code and open a defect for IBM ADSM Level 3
(development team) or fix myself.
. I perform the ADSM / TSM Installation and Deployment for IBM
customers.
. I do ADSM Level 3 support also: code/design defects, fixing, Unix
Shell Scripting for ADSM testing, ADSM C code changing in CMVC (IBM
Versions Control System tool).
. I administrate AIX, HPUX, Solaris, DEC Unix Servers in Lab for ADSM /
Tivoli platform-specific
. troubleshooting.
. I deal with problems on other UNIXes: MVS, HPUX, SunOS, Solaris and
OS/2, WinNT problems in any
. combination of ADSM Client/Server, with several API ADSM agents: BMC's
SQL Backtrack, Oracle EBU (Enterprise Backup Utility), Informix's
ONBAR, Lotus Notes Backup Agent.
. To reproduce the problems I administrate a wide set of RDBMS products
like Oracle RDBMS, Informix,
. DB2, etc.
. I do Visual Age C/C++ code designing and debugging on AIX and NT
platforms.
Recommendation: available.
May 1995 - October 1996:
Employer: Digital Eq. Co. (now COMPAQ) representative in Belarus
Project: Digital Eq. Co. turnkey Software/Hardware Projects in
Belarus.
Position: MIS - Commercial Banking Software Sales Manager.
Profile: Digital Eq. Co. software solution providing for corporate
customers, marketing,
sales, project management, pre- and post sales
support.
Tasks/Tools:
. ORACLE7 RDBMS, Designer 2000/ Developer 2000, Microsoft Project, MS
Office, LinkWorks, SyBase, Informix RDBMS, Powerbuilder, etc. on
Digital Co. Hardware.
. Products (installation and tuning):
. LinkWorks (TM), DEC Unix, WinNT for ALPHA servers, Oracle7 family
products for DEC Unix.
Recommendation: available.
1994-1996:
Employer: Belarus Interbank Settlement Center, Belarus National Bank
Project: DECbank PRO ( Banking and Financial set of SW products )
adopting for Belarus Banking System.
Position: IT Department Head, Banking SW Standardization for
Commercial Banks Department.
Profile: Banking Software Application Development, adopting,
testing, international project management.
. I am a head of BMRC Software Development Group Team and supervise or
run several project for Banking Software development and/or
transition, I control a team of approx. 25 people including subject
matter experts and developers.
. I design and code DB design, stored procedures, OLTP load for banking
software for Oracle 7 RDBMS /Case 4.5 /PL-SQL. Digital Eq. Corporation
(DEC) in Austria/Vienna has developed DECbank PRO for domestic
customers. Database is Oracle7 or Infomix Online RDBMS, back-office
and part of front-office are coded on NT, uses Crystal Reports. I
redesigned and adopted the Banking applications and database structure
to Belarus banking needs and laws.
. I work as Team Leader and PM for group of 12 developers working on
banking software design and implementation ( including Q&A ). I work
with Banking Subject -matter experts and with Settlement center
experts.
. I work with PriceWaterhouse and C&L auditors on investigation of
several ( around 20) banking products like Capiti Equation, Banker,
IBS, Management Data, DECbank PRO, CA Bank.
Recommendation: available.
1992-1994:
Employer: Belarus Interbank Settlement Center
Project: A set of Banking Analysis Systems.
Position: DB design/development/testing chief-engineer.
Profile: Developer and designer, db and business analyst for
Banking Information
Software, Functionality and Database Design for Securities Portfolio
Management, Bank Futures&Options Portfolio Management, Bank Liquidity&Risks
Management.
. Developed Database Structure for ORACLE7 RDBMS, Interface in Oracle7
Forms, Menu (Oracle Case
. 4.5) and later in Oracle 2000 Designer/Developer.
. Designed Stored Procedures for Oracle7 RDBMS design in PL/SQL, GUI and
C/C++ code design.
. Designed banking algorithms, Mathematical/Banking Evaluation methods:
CAMEL, Markovitz, etc.
Recommendation: available.
Contact this candidate