KEVIN LAROCHE

Summary

With over ** years of experience in IT security, technical architecture, and database optimization, I am a seasoned IT Security Engineer. I have a strong track record of reviewing designs for multi-million-dollar priority projects, utilizing a wide array of security technologies and platforms. My role involves preparing technical reports and regularly briefing project progress and outcomes to managers.

My core competencies include:

●Security design review and audit

●Technical architecture and database optimization

●Project delivery and tier 3 support

I have a proven track record of executing and facilitating the deployment, configuration, migration, and security of core infrastructure services in multi-site global enterprise environments. I am proficient with technologies such as Oracle, SQL Server, Linux, and Windows operating systems. Additionally, I excel at troubleshooting and isolating issues and failures in a hybrid virtual/physical server environment. My communication skills have been instrumental in effectively engaging with program leadership, external business partners, and customers to facilitate communications and project decisions acceptance.

Throughout my career, I have consistently delivered results and contributed to the success of multi-million-dollar projects. I look forward to applying my expertise to drive success in my next role.

Experience

Shared Services Canada - IT Security Engineer and Assessor

December 2021 – March 2024

My primary focus was on assessing High-Level and Detailed designs, a role that required an acute understanding of security controls and a meticulous approach to risk management. I assessed designs for Virtualization, Software Defined Networking, Linux and Windows operating systems, Security Information and Event Management (SIEM), Active Directory, Cross Domain Solutions and Backup and Recovery.

A key aspect of my work involved the creation of Risk Registers and Security Assessment Reports, which served as essential documents in the decision-making process for data centers and Cloud deployments. The significance of this role was underscored by the complexities of handling initiatives with multiple government departments, each bringing its own unique requirements and security considerations.

I reviewed and assessed the design of multiple multi-million-dollar projects including SaaS, PaaS, cross domain solution and on demand virtualization. I assessed gaps in vendor evidence based on SOC 2 Type 2 controls and ISO certifications.

To ensure the highest standards of security, I closely adhered to established guidelines, including ITSG-33 and CCNSS. These industry standards provided a structured framework for my assessments and ensured that security measures were consistent with the most rigorous requirements.

By assessing High-Level and Detailed designs, creating Risk Registers, and compiling Security Assessment Reports, I played a vital role in shaping the security posture of critical government initiatives. My work contributed to the identification and mitigation of potential security risks, safeguarding sensitive data and systems. In this role, I demonstrated an acute understanding of security controls, a deep commitment to risk management, and a dedication to adhering to industry standards to ensure the highest levels of data protection and system security.

Employment and Social Development Canada - IT Security Engineer

April 2021 - November 2021 (8 months)

This was a multifaceted role that revolved around conducting a thorough security audit of the organization's data security concerning sensitive information. The scope of this audit was all-encompassing, covering the planning, execution, and reporting phases.

To commence the audit process, I reviewed infrastructure plans, action plans, and roadmaps, ensuring that they aligned with established security objectives and best practices. This included a meticulous analysis of current and proposed risk assessment practices within the organization.

To ensure the audit was conducted with precision and rigor, I prepared various essential components, including the terms of reference, audit program, and scope. These documents defined the parameters and objectives of the audit, guiding the entire process. Additionally, I developed testing plans, rules of engagement, and questionnaires, which played a crucial role in evaluating the effectiveness of security measures.

The audit was conducted in strict adherence to internationally recognized standards and government directives. In particular, I employed the rigorous NIST framework, along with guidelines established by the Treasury Board Secretariat and ITSG-33 controls. These industry standards served as the foundation for the assessment, ensuring that the organization's security measures met the most stringent requirements.

Employment and Social Development Canada - IT Security Engineer

July 2020 - March 2021 (9 months)

Comprehensive security review focused on Identity and Access Management, overseeing the entire process from meticulous planning through execution to delivering a comprehensive report. This assessment spanned infrastructure plans, action plans, and roadmaps, covering both cloud platforms like AWS and Azure, as well as legacy data centers.

To evaluate the effectiveness of Identity and Access Management, I engaged with administrators, meticulously assessing the organization's risk assessment practices in the context of Business Needs of Security, System Security Plans, and Security Assurance Levels. As part of this endeavor, I carefully prepared essential documents, including terms of reference, audit programs, scopes, testing plans, rules of engagement, and questionnaires, providing a structured foundation for the audit process.

Upon the completion of the audit the comprehensive Audit Report was presented to the Director General and senior staff. This audit was conducted in strict adherence to a range of rigorous standards, including those established by the Treasury Board, NIST SP800 Digital Identity Guidelines, ITSG-33 guidelines, and CIS technical controls. This experience underscores my proficiency in conducting complex security assessments, meticulous planning, and adherence to stringent standards, all while effectively communicating findings to senior leadership.

Employment and Social Development Canada - Technology Architect

July 2020 - December 2020 (6 months)

During a part-time contract, I was entrusted with the development and implementation of a technical architecture and strategy for the SQL Server Team, specifically for the implementation of Transparent Data Encryption in SQL Server 2016. This task encompassed performing rigorous impact analysis, offering vital support to technical teams, and ensuring the seamless integration of this security feature within the existing High Availability Cluster environment. My role extended to evaluating the implications of Transparent Data Encryption on backup and recovery processes, emphasizing data integrity and security.

In addition to these responsibilities, I performed a thorough analysis of alternative solutions for key management. This analysis was conducted while adhering to the security standards established after the 2019 audit. Through this contract, I demonstrated my capacity to devise and execute strategic technical solutions in alignment with security protocols, ensuring the organization's data remained well-protected and compliant with industry standards.

Employment and Social Development Canada - IT Security Engineer

January 2020 - June 2020 (6 months)

Leading a comprehensive security audit, overseeing all aspects from meticulous planning to the execution and delivery of a detailed report, with a primary focus on SharePoint Content and Collaboration Services. This entailed a thorough review of infrastructure plans, action plans, and roadmaps, particularly concerning cloud migration to Azure. My role included engaging with SharePoint administrators to assess the organization's risk assessment practices.

To ensure the audit's precision and effectiveness, I prepared essential documents, such as terms of reference, audit programs, and scopes, while also developing comprehensive testing plans, rules of engagement, and questionnaires. My responsibilities extended to either preparing or reviewing critical documents like the Statement of Sensitivity, RACI, and System Security Plans. The audit was conducted in strict adherence to stringent standards, including those set forth by the Treasury Board, ITSG-33 guidelines, STIG Implementation Guide, and CIS technical controls.

Department of National Defense - Senior Data Conversion Specialist

July 2019 - December 2019 (6 months)

This Agile project involved migrating and converting data from SQL Server and SharePoint for import into a MongoDB database using a REST API. In this process, I not only ensured data integrity but also reviewed and adjusted database settings, conducting a comprehensive security review. This assessment was performed in alignment with industry-leading ITSG-33 and CIS standards, reaffirming the organization's commitment to robust data security practices.

Created a custom PowerShell module complete with a user-friendly GUI, unit tests, and comprehensive help files. This module streamlined and automated the complex data conversion process, significantly enhancing efficiency and accuracy. My commitment to delivering exceptional results led me to expand my scope of responsibility by taking on additional clients and successfully migrating their SQL Server data, further establishing my reputation as a dependable and skilled professional in the field.

Employment and Social Development Canada - IT Security Engineer

March 2019 - June 2019 (4 months)

Conducted a security audit to assess potential vulnerabilities of MS SQL server database security control profiles and asset categorization relative to data protection and monitoring against known types of threats. Present the Audit Report to the Director General and other senior staff. The audit was done according to CIS and ITSG-33 standards and includes document reviews, interviews, and scripts to query technical controls.

Brookfield Renewable Energy - Platform Analyst and Technical Lead

November 2014 to February 2019 (4 yrs., 4mths)

Provided Tier 3 Support for mission-critical databases, optimizing their performance, and facilitating smooth data flow. My expertise extended to debugging and tracing ETL processes and web services, and I mentored Tier 2 support, sharing my knowledge. I utilized OEM Grid to fine-tune terabyte-sized databases and ensure optimal performance.

While handling SOX requests, I actively contributed to migrating the IFS Financial Application to Azure, ensuring a seamless transition. I also played a key role in monitoring and supporting Data Guard for disaster recovery.

Additionally, I spearheaded the development of best practices for Active Directory and database access, enhancing security. Then I initiated and implemented SQL Server database patching to extend support and improve security. My dedication to maintaining up-to-date and secure systems was unwavering, particularly within the Azure environment. ServiceNow was used to manage all the changes.

During the series of projects below I managed the development and implementation of new databases, prioritized application upgrades, and provided presentations to stakeholders. Additionally, I played a key role in data backup and recovery, system tuning, and security improvements based on NIST, CIS, and STIG standards.

Cyber Security Project - Sept 2016 - Sept 2018 (24 months)

A third-party Nessus scan which was based on CIS and NIST 800-53 standards revealed numerous vulnerabilities in the Oracle and SQL Server databases. The project involved collaborating with cross-functional teams to meet or surpass the security controls in the areas of access control including Active Directory, roles and privileges, configuration settings. I made presentations to managers on the scope of changes and how they would be implemented and then created, tested and implemented the scripts. Documentation of the best practices for twenty production applications/databases comprising COTS and custom solutions was included.

IFS upgrade project and child projects - Nov 2016 - Mar 2018 (15 months)

Migrate Cognos to Azure - April 2018 - Feb 2019 (11 months)

Aboriginal Affairs – Oracle Database Analyst

February 2014- November 2014 (10 months)

Maintained consistent deployment practices across development, system test, QAT, and UAT while engaging with developers to promote best practices and authored comprehensive documentation covering project initiation, functional specifications, and business requirements.

I was responsible for analyzing and updating models using Oracle Designer in accordance with client requests and established standards. Utilizing Windows scripting tools, I managed log and trace file archiving. Additionally, using the power of OEM Grid to create and schedule jobs, optimizing, refreshing, and synchronizing database information, handling backup and restore processes, managing tablespaces and users, and diagnosing suboptimal queries.

Coding, testing, and deployment to production while also developing technical specifications for data manipulation. My responsibilities included merging multiple authoritative sources into a central repository, which served as a valuable data source for various applications. I documented processes and made metadata accessible to clients seeking insights into available resources.

Human Rights Commission - Database Administrator and Security Analyst

March 2002 – February 2014 (11 years 11 months)

Case Management System Mar 2002 – Jan 2009 (6 years, 11 months)

The Case Management System required that I oversaw the comprehensive management, development, and expansion of custom case management databases, skillfully leveraging C# .NET and Oracle 9i/11g. This involved a complex data migration project, transferring over 100 tables from the legacy Oracle 8i system to a new 9i database, followed by a seamless upgrade and migration to Oracle 11g, which included the reconstruction of production, test, and development environments.

My responsibilities extended beyond database administration to include performance optimization through analysis, parameter adjustments, and index additions, enhancing data integrity. Developed, tested, and deployed robust backup and recovery procedures, along with implementing Subversion source control for packages and scripts. My role also involved collaborating with Litigation clients to analyze functional specifications, design, document, and develop technical specifications for a module using ASP.NET, MVC, and Entity Framework.

Led the creation, migration, and conversion of multiple databases, ensuring a seamless transition. Developed and coded procedures to guarantee data accuracy and completeness, thus facilitating data integrity. Security remained a top priority so I implemented best practices for databases and web applications, safeguarding sensitive information and ensuring compliance. My role further involved developing and coordinating backup and disaster recovery strategies to maintain data availability and continuity, particularly in the face of unforeseen events

I contributed to security by analyzing functional specifications, designing business logic, and implementing custom code. Generated technical reports offering insights into security and data integrity enhancements. Created tables and reports documenting role-based access control, while maintaining and extending security practices through user grants, roles, and an interface to Active Directory for group membership updates.

One notable achievement was the creation of a document wiki covering change management, security standards and implementation, troubleshooting, and application architecture, which remains a valuable resource for the Commission's application lifecycle management. Additionally, I contributed to application and host hardening using Active Directory for access control and configuration.

Education & Certifications

●Algonquin College - Technology Developer Program, Honours Feb 2001 – Jan 2002

●Amazon Web Services Cloud Practitioner

●Amazon Web Services Control Tower

●Microsoft Azure Fundamentals

●Linux Foundation: Secure Software Development Fundamentals

●Canadian Centre for Cyber Security: Course #126 Cloud Service Provider IT Security Assessment

●ISC2 Candidate

Languages

English (Fluent/Native - Written, Spoken, Comprehension)

French (Beginner - Written, Comprehension)

Contact this candidate