Windows Servers, SQL,AD, Hosted Apps, PAM, IAM Senior Technician
Resume:
Cover Letter:
:
I am looking for the company who’ll allow me to demonstrate my skills have not atrophied after being OOO. Besides always adding to my talents with a home devops environment, I bring the experience of 30 years in the field to bear in fulfilling the demands of any given position. The below is offered to allay any doubts as to my competency. I can also take any relevant exam any time.
In my last position I took responsibility for the Quest Password Management and Active Directory Change Auditor products after being hired as a Provisioner. I took the lead and with one other tech we spent 4 years developing and implementing the products.
Duties included discovery and access to directory and local accounts, LDAP integration, dynamic server adds and group member changes along with testing and rotation of passwords. Methods for organizing information, naming conventions, and IAM processes for user and group access and their documentation was BAU.
The updates, maintenance, hardware migration and disaster recovery for the PAM solution was accomplished using a triple redundancy of hardened Windows servers for which I configured failover and failback scenarios to ensure uninterrupted access for end users.
Acceptance was accomplished by providing a reliable product that was never offline in the 8 years I owned it, always providing passwords for any system or user with connectivity and proper authentication. I also practiced a ‘me first’ approach, with my shop and those we worked closely with, taking on for example using dedicated accounts for elevated rights usage or sign on verification using Entrust.
The Domain Monitor provided years of service protecting groups and accounts from unauthorized access and tracing the use of rights such as deleting files, user and group adds, moves and changes and so on. It also acted as a real time authority on the composition of Active Directory.
That’s where I made my enterprise level bones, finding answers to syntax, access and status errors, reacting to unannounced network changes, modifying logon API’s and much else using every method imaginable in discovering and bringing servers and accounts under management. KVM, iLO, Data Center virtual access, network subnet mapping, jump servers, firewall locating, port opening and verification, Citrix desktops, any and all ways of locating and accessing.
I made friends across the enterprise as I eliminated or minimized the burden of management with reliable, accurate and verifiable oversight. I think that’s the key as InfoSec is often seen as imposing additional burdens. The ability to reach and manage accounts and then produce accurate information in real time using a combination of dynamic and static sources as a cross reference is the foundation of all PAM/IAM success.
Below you’ll find the following documents:
”
Resume
Additional Network and Enterprise Level Skills
2021 drafts left in their original state:
o1-Outline of Account Management duties from a shop floor perspective
o2-Outline of PAM duties for the provider and end user
o3-The analysis of a CyberArk issue with a spreadsheet embedded for reference
The fundamentals are to start from the beginning, add no overhead and stage bringing accounts under management as makes sense.
Sophie says “Hire my Dad, he’s the Greatest!”
I attest the above to be an un-coerced statement, and no promises of playing fetch, getting treats or other inducements were made to elicit an endorsement
James Slavicek
Text or Voice: 651-***-****
********@*****.***
https://www.linkedin.com/in/jslavicek/
OOO 2021-23
Returning & Offering Enterprise Level Skills In:
Windows Server Hosted PAM, IAM & Domain Monitoring
Windows Logical Servers & Server Hosted Applications
SQL Databases & SQL Reporting Services Administration
Active Directory Configuration & Security
Authentication, Authorization, Reconciliation
Disaster Recovery
Architect Support for Roadmaps, In-Place Upgrades
NIST, SOX, etc. Compliance
ServiceNow, JIRA, Archer & Oracle RBAC Administration
Firewall Discovery & Port Access, Network Mapping
Proprietary Hardware & Appliances-Ownership
Disability requires 100% remote position
Home office maintained since 2015
Local meetings, conferences, etc. dependent on circumstances
Employment History
July 2021-Present
OOO Personal & Medical Leave, Part-Time Retiree, Unemployed
Self-Directed R & D Technician & Optimistic Stoic
West Saint Paul MN
2021-2023:
Respite, Reaction, Recovery & Repair
Down Time spent building a Hyper-V Dev infrastructure with Cert Authority, IIS, SQL
2023-Present:
Quixotic tilts at AI Windmills
Witnessing well-crafted yet unread resumes become kindling for my dreams
Branding myself as an alternative to practicing Einstein’s Theory of Insanity
October 2012 July 2021
USBank
Senior Information Security Specialist
St Paul MN
Privileged Access Management (PAM) Ownership- Quest (One Identity) Appliance
oElevated accounts Admin for all of Technical Operating Services (TOS)
oUser & Group Provisioning & Policies
oUser & Group Authentication & Authorization
oManaged all non-human passwords & 5000 human access accounts
oManaged 35000 Local Server Admins
oSQL, Oracle, other Databases; Linux, Solaris, HP Non-Stop & IBM Mainframe supported
oSQL Reporting Services used for Compliance & Analysis
oMaintained 3 Proprietary Windows Servers Mirrored for Redundant Failback & Failover
oRemediation of unused, abandoned and unmanaged accounts
Identity Access Management (IAM) Duties:
oOwnership Quest (One Identity) Change Auditor Domain Monitor
oReal Time Display of NTFS, AD & NAS Events
oAdmin Proxy software configured and deployed to Windows 10 workstations
oOracle RBAC provisioning used to onboard and modify users
oMaintained Agents on 500 Domain Controllers in 5 Domains
oProvisioned Active Directory Users & Groups, also Linux, NDS, Solaris, Oracle & etc.
oIAM Standards of procedure, nomenclature, etc. created & documented
oAuthorization & Access Documentation, Validation & Verification
Technical Owner Duties:
oSubject Matter Expert on PAM, IAM & Vendor point of contact for day to day operations
oScripting, Querying, Editing, Provisioning using Perl, PowerShell, Python, Java & SQL
oApplication Roadmaps, Risk Assessments & Exceptions
oBusiness Continuity, Disaster Recovery, Vulnerability Assessment, Policy Compliance
oServiceNow: Group Admin, CMDB Owner, Tech Writer, Maintenance & On-Call Scheduler
oQueue Organization & Management, Collaborative Troubleshooting & Root Cause Analysis
June 2007 June 2012
St Catherine University
Windows Infrastructure Developer, Builder & Administrator
St Paul MN
Initiated & prioritized the creation, development, deployment & support of physical & virtual Windows products
oActive Directory
oGroup Policy Management
oCertificate Services
oDNS
oRemote Access/Terminal Services
oRemote Desktop Services
oServer 2003/2008 R2/2012 R2
oSQL 2008/2012
oSystems Center Configuration Manager
oSharePoint
oPrint Management
oSoftware Update Server (WSUS)
oInternet Acceleration Server
oHyper-V/Thin Client Server
oIIS 7.5
oSystems Center Operations Manager
oOperating System Deployment Server
oWindows 7 Imaging
VMWare
January 2004 June 2007
Contract Positions with Cargill, Aspen Medical, other
Systems Administrator
St Paul MN
September 2000 December 2003
Minnesota School of Business\Globe College
Instructor, Curriculum Development
St Paul MN
Instruction in the Building & Configuring of Servers. Domains, Workstations & LANs
oActive Directory
o2000 Server
oSQL 2000
oExchange 2000
oIIS 6.0
o2000/XP Pro Workstation
oNetwork Administration
oTCP/IP
oComp/TIA A+ Hardware/Software
oIntro to Windows
Education
oUp to date on AD, Server 2022, Windows 11, SQL 2019, Hyper-V 2024
oQuest PAM & IAM SME, Developer & Technical Owner 2013-2021
oBuilt & Deployed in Prod Quest & CyberArk 2013-2021
oBuilt & Deployed in Dev Hashicorp, Thycotic & BeyondTrust 2017-2021
oMCSE NT4, MCSE 2000, MCSA 2000 & 2008 MCP 1999-2008
oTaught CompTIA A+ Hardware, CompTIA A+ Software 2000-2003
oTaught Active Directory. Server, SQL, Exchange, IIS 2000-2003
oDevOps environment maintained for training & testing purposes 1998-2024
o91% ranking against all U.S. graduate school applicants 1995
oU MN, U WI: 120 credits towards Bachelors, short 12 lang credits 1989-1995
oU MN, U WI: 16 credits towards Masters, American History Major 1992-1995
oUndergraduate STEM sequence in Calculus, Physics & Chemistry 1989-1992
oDoD Certification & Calibration School, focus on Microwave & Radiation 1982
oUS Navy A School in Avionics: Radar, VHF, Glideslopes. Electronics 1978
oAptitude for Organization revealed in pre-enlistment exam 1977
Level 3-4 Microsoft OS, AD, Server, SQL, Workstations,
Logical Server & Hosted Applications Technician
Platform Type & Date Last Supported Professionally or Most Recent Training
oWindows Server NT4/2000/2003/2008/2012/2016/2019/ 2022 2024
oWindows Workstation NT3.5/NT4/2000/XP/7/10/11 2024
oActive Directory NT 4-11 2023
oAD Certificate Services Server 2023
oAD DNS Server 2023
oAD Group Policy 2023
oIIS 2023
oNetwork Policy Server 2023
oSQL 2000/2005/2008/2012/2019 2022
oQuest Change Auditor 2018 2021
oQuest Password Vault 2018- 2021
oSQL Reporting Services 2021
oSharePoint 2016
oInternet Acceleration Server 2012
oOS Deployment Server 2012
oPrint Management Server 2012
oRemote Access 2012
oRemote Desktop Services 2012
oSoftware Update Server (WSUS) 2012
oSystems Center Configuration Manager SCCM 2012
oSystems Center Operations Manager SCOM 2012
oTerminal Services 2012
oWindows Imaging 2012
This is written to offer knowledge of immediate value either in job enhancement or in practical application. In return I of course wish to earn advocacy for employment in times now resembling the Great Depression.
Recently I ran across my summary for the CyberArk issue I resolved prior to leaving US Bank (attached). I believe a quick walkthrough will add usable insight in problem resolution and in analyzing a given software’s ability to deliver reliable service by showing how CyberArk introduces multiple points of failure into the management process (not to mention an unnecessarily complex, prone to error network configuration).
The core issue was an inability to consistently bring accounts under management. On Sheet 1 following the bold headers accounts, action and results leads to no predictable outcome at G32. It was a first approximation that showed consistent inconsistency across all configurations.
D1, Sheet 2, identifying syntax-effects on account management seemed the only path to consistent returns. At M42 a list of questions produced a list of factors affecting the chances of successful connection, authentication authorization, validation and rotation of a password. Each could affect outcomes in random ways unless the proper naming was used in a given field. Not being a Programmer or Developer I still wouldn’t hesitate to call this unacceptable, a ‘first draft’ at best version of software not viable for a production environment. There are many good reliable, simpler products to be had, Thycotic, BeyondTrust and Quest being the best I’ve seen.
Finally, on Sheet 3 under error, definition and cause/issue is a breakdown of specific errors and the issues involved with each. Headings such as Takeaway, Action Taken, Result and Next Steps at M30 begin the process of bringing errors under control. The goal of establishing a minimum stable configuration is at A55 as is in scope criteria towards that end.
Consistent naming producing a known good configuration, audited and a shared responsibility are critical as Identity/Password Management principles become integrated as SOP, something I advocated for for some years as I faced an asymptomatic curve of effort the closer I approached full coverage across the enterprise. It’s an issue with all management systems, Intune, Spunk, whatever, with the better ones not being as prone to failure and offering discoverable paths to resolution.
My Pitch:
This is work not duplicated anywhere that I've been able to find and should demonstrate capabilities across many platforms. I’ve also written IAM and PAM guidelines from a shop level perspective, again not duplicated anywhere to my knowledge,
When you combine this with comprehensive work in creating disaster recovery scenarios, network discovery, admin level skills in ServiceNow, Archer and Jira etc., dedication to learning (recently I used appx commands in PowerShell to resolve a MS Store failure) and enough etiquette to be allowed in the house with my shoes off there’s no reason I shouldn’t be working.
If its fraught with peril, a place where Angels fear to tread, that’s where I belong, making friends and allies as we make little ones out of big ones, overcoming any obstacle to create a shop that stands as an example of what proper maintenance looks like.
Thanks for your time.
Enterprise Infrastructure Knowledge and Skill that may be of interest
Transformed a logical network map into a physical, oriented towards IAM/PAM needs
Access to hardware through a software interface of illustrations mirroring data centers
Access to multi-site located hardware through the iLO infrastructure
Jump Server Access and Citrix Desktop configuration
How to verify Port Access and request corrections
How to create a certificate authority and certificates using IIS and OpenSSL
Excel, Access and SQL importing, exporting and Reporting Services?
Security creation (local, AD and SQL) and documentation using Least Privileged Access
NAS and DFS clustering, replication and security
In place upgrades 2008 to 2019
DNS registration, Certificate renewal, IP Address assignment Firewall Rule request
AD testing of user, group security, OU and Domain policy application and inheritance
Oracle Role Based Access Control account creation
Identifying and establishing relations with all Departments in IT
Account Data Minimum Required in Real Time
Creation
Ownership
Authenticating Method
Location
Secure Subnet
In Service
Retired
Building
Password Management Status
Last Test
Results
Last Use
Referent
Account Access and Control Information and Use Considerations
Local Account
Directory Service Account
Dedicated Elevated Account
Nightly Testing
30 Day Rotation
Rotation after Checkout Expires
Access by Group Application Account
Access by Subgroup Elevated Account
Local Access to Server or Database
Local Elevated Access to Server or Database
PAM Database Groups and User Naming Standards
Original Name plus Code Identifying it as a PAM Account or Group
Uniform Syntax Enforcement
Feedback Loops to Fix Errors at Point of Origin
Account Oversight Considerations & Desired Functionality
Account has independent verification through Discovery
Oracle Identity Manager to AD ETC mapping using Universal Referent
Allow no additional administrative burden
No creation of non-referenceable accounts
Leverage existing standards: Example of Application ID
Group level responsibility for audit
overification, validation of password management
oassigned non-human objects local and directory based
oassigned local and directory based accounts
osecurity assignments to accounts
oassigned servers, other platforms
Real time information provided by SQL Reporting Services website using multiple sources of data
Password complexity, rotation and other standards set by application owner of record
Changes in complexity and exemptions by approved request owner of record
Integrate account management into Disaster Recovery or other routines as applicable
Password rules applied uniformly across servers within same logical grouping such as hosting or supporting an application
Uniform onboarding of groups and associated hardware and accounts
Uniform testing, reconciliation, remediation and retirement procedures
Account Oversight Considerations & Desired Functionality (cont’d)
Identification, repurposing or retiring inactive accounts
Create new correlations to locate, identify and bring objects under management
oAutomatic reconciliation/remediation/alert process for errors in:
oUser or group syntax
ogroup membership
oserver communication
opassword management
Cooperation of teams in establishing connectivity
Notification by teams of changes impacting management
Examples include AD blocking SMB v2 and Network blocking TLS 1.1
Services Provided to Customer:
Maintain 24x7x365 PAM availability
Reporting on check out/in
Reporting on where used
Provide session logging or recording data as requested
Provide near or real time status 24x7x365
Make process transparent and discoverable
Provide tailoring of services as necessary
Provide connectivity support
Provide support for network traversal issues
Provide support by maintaining access to iLo, firewall, secure subnets
Provide AD Groups and DFS/NAS monitoring and alert services
Provide support for lifecycle, audits, roadmaps, DR Etc.
Desired Results
Enterprise wide coverage of local and directory based accounts
Simple, cost free and zero additional overhead solutions
Fast identification and response to failures of connectivity and management
Identify and document issues of lack of coverage, missing and inaccurate information
Provide highest levels of reliability, efficiency
End to end lifecycle management
Provide critical information for inventory control, data governance, password management and other uses
Status of accounts, servers, and groups all became verifiable in real time
Redundancies arranged around providing 24x7x365 password availability and management as first priority
Minimize hardware requirements
Desired Results (cont’d)
Coverage of entire enterprise including server local, database, firewall, appliance, operating system etc.
Use of non-traditional data correlations to identify missing servers and accounts
Use of non-traditional data correlations to assist in identifying gaps, redundancies, conflicts
Reporting Services and IIS website accessible by AD groups for audit, quality assurance and operations use
Increase accuracy over time through feedback and canvassing to create automatic remediation via API
Implement syntax restrictions per data field
Establish and refine Identity Management, Password Management and Data Governance methods through continuous informal and formal collaboration
Regarding Identity and Password Management:
Perspectives and methods developed in the creation, locating, determining ownership, status and bringing under management server administrator and other local and directory based non-human user and group objects
Desired Attributes of Processes:
No additional administrative overhead
Leverage existing standards
Reference to a universal attribute
Group level responsibility for: audit tasks such as:
overification, validation of password management
oassigned non-human objects
oassigned servers, other platforms
Password complexity, rotation and other standards set by application owner of record
Changes in complexity and exemptions by request of owner of record
Verification, validation and testing become periodic and uniformly applied
Integrate account management into Disaster Recovery or other routines as applicable
Password rules applied uniformly across servers within same logical grouping such as hosting or supporting an application
Uniform onboarding of groups and associated hardware and accounts
Uniform testing, reconciliation, remediation and retirement procedures
Identification, repurposing or retiring inactive accounts
Each object to have one dynamic and one archival source
All processes should maximize ability to identify and manage
Desired Attributes of Processes (cont’d)
Use data from unrelated sources using common attribute for verification
Create new correlations to locate, identify and bring objects under management
Real time or near real time status of all objects available through web portal restricted by responsible group
Automatic reconciliation/remediation process for errors in:
oUser or group syntax
ogroup membership
oserver communication
opassword management
Cooperation in establishing connectivity
Notification of changes impacting management
Administrative and technical support in creating processes and standards
Minimize cost through best admin practices
Minimize spending on custom hardware or software
Desired Services Provided to Customer:
Maintain 24x7x365 PAM availability
Reporting status against testing tailored to responsible parties
Reporting on check out/in and monitoring account usage
Provide near or real time status 24x7x365
Provide documentation on all aspects of construction and functions
Provide tailoring of services as necessary
Take on all issues of connectivity and server\account management such as isolating routing, response and configuration errors
Active Directory groups and DFS/NAS file shares have access to monitoring and alert services
Add additional value and depth of information to end user
Provide on the fly customizable reporting to end users
Provide support for lifecycle, audits, roadmaps, DR etc.
Desired Results
Enterprise wide coverage of local and directory based accounts
Simple, cost free and zero additional overhead solutions
Fast identification and response to failures of connectivity and management
Identify and document issues of lack of coverage, missing and inaccurate information
Provide high levels of reliability, efficiency
End to end lifecycle management
Provide critical information for inventory control, data governance, password management and other uses
Status of accounts, servers, and groups all became verifiable in real time
Redundancies arranged around providing 24x7x365 password management as first priority
Minimize hardware requirements
Coverage of entire enterprise including server local, database, firewall, appliance, operating system, directories etc.
Use of non-traditional data types to identify missing servers and accounts, and to assist in identifying gaps, redundancies, conflicts
Reporting Services and IIS website accessible by existing Active Directory groups for audit, quality assurance and operations use
Increase accuracy over time through feedback and canvassing to create automatic remediation
Implement syntax restrictions per data field
Establish and refine Identity Management, Password Management and Data Governance methods through continuous informal and formal collaboration
Integration of IAM and PAM into normal routines
Contact this candidate