Database Administrator Systems
Resume:
Certifications:
Microsoft MCP# - ******
Microsoft Certified Professional
Microsoft Certified Solutions Developer
Microsoft Certified Applications Developer
Microsoft Certified Systems Engineer
Microsoft Certified Database Administrator
Microsoft Certified Systems Administrator
Microsoft Certified Trainer
Actively working on CISSP, CIAM and CEH
Prosoft
Master Certified Internet Webmaster Site Designer
Certified Internet Webmaster Application Developer
Certified Internet Webmaster Server Administrator
Certified Internet Webmaster Certified Instructor
Skills:
Industries
HealthCare, Entertainment, Digital Media, Distribution, Supply and Transportation, Education, Financial
Programming Languages
TSQL, SQL, MS VBScript, VBA, DAO, ADO, Visual Basic, ASP 3.0, DHTML, HTML, JavaScript, Java, MS SQL Server 6.5-2008, C/C++, C#, Windows Scripting Host, ASP.Net, ADO.NET, VB.NET, XML, XSL, Web Services, WMI, WSH, Perl, PowerShell
Technologies
Sun IDM, Avatier Identity Mgmt, SailPoint IdentityIQ, Active Directory, Microsoft Exchange, Sun Directory Server, SecureAuth, OpenSSO, RSA, SAML, Oracle, Microsoft SQL Server, Internet Information Server, TomCat, Microsoft Component Services, Microsoft ISA Server, Commerce Server, Microsoft Identity Integration Server, Biztalk Server, HP ALM, ServiceNow, Microsoft Office, Microsoft Project, Toad, SOAPUI, Visual Studio .Net, SharePoint, Sailpoint IdentityNow, PingFederate, Saviynt, RSA Aveksa, Azure AD, Azure AD B2C, ForgeRock, Okta, PlainID, OneIdentity, SSO, MFA, PBAC, RBAC, ABAC, BioMetrics, Avaya DEM, YubiKey
Operating Systems
Microsoft Windows, Windows Server, UNIX/LINUX
Education:
Certified Careers Institute – Certified Computer Programmer – 1 Year Technical School
Advanced Technical Education Center(ATEC)- MCSD Certification Track
2 (CTEC)- MCSE Certification Track, MCDBA Certification Track
Self-Paced Saviynt Training
Okta Administration
Okta Advanced Security
SailPoint IdentityNow Administration
Military:
United States Air Force
Jun 92 - Jul 95: KI Sawyer AFB, MI 410th Transportation Logistics Squadron, Shipping/Receiving Specialist;
Jul 95 - Nov 97: Hill AFB, UT 649th Combat Logistics Support Squadron, Rapid Deployment Team, Database Administrator, Client/Server Developer
Tours: Amman, Jordan, Baghdad, Iraq, Thumrait, Oman
Honorable Discharge, 28 Nov 97, as an E-3 (Senior Airman)
Work Experience
NC State Employees Credit Union – Montello, WI – March 2022 – November 2023
Sr Security Engineer - IAM – Okta/OneIdentity/SailPoint IdentityNow
Responsible in migrating OneIdentity to Okta and SailPoint IdentityNow. Built out the Okta environments for SSO and MFA, integrating Applications that utilize SAML, OIDC, RADIUS and Kerberos. Built out the SailPoint IdentityNow environments for IGA, LCM, RBAC and ABAC. Also responsible for gathering requirements for Access Requests, Access Reviews and supported OneIdentity, IdentityNow and Okta. For PAM we utilized CyberArk for storing Privileged accounts, security tokens, service accounts along with backdoor accounts. Worked in an Agile environment.
Integrated Workday into Okta for SSO and MFA. Integrated Workday into SailPoint IdentityNow for LifeCycle Management (Joiners, Movers, Leavers), along with Access requests, reviews and re-certifications and SOD.
Wells Fargo – Montello, WI – Dec 2021 – March 2022
Sr Information Security Engineer – IAM – PlainID
Responsible for Day-to-Day operations within the IAM space. PBAC creation, deployment and support for PlainID. PlainID is utilized for SOD and DSOD. Worked in an Agile environment to keep traction on progress.
Credit Acceptance – Montello, WI – Aug 2021 – Nov 2021
IAM Admin – Azure B2C / ForgeRock
Responsible for Day-to-Day operations within the IAM space. Actively working on cleanup effort of 149K users within ForgeRock DS LDAP. Ensuring RBAC and ABAC was a part of the cleanup effort in regards to consistency and accuracy. Actively integrating and supporting Applications in Azure AD/B2C for SSO and MFA along with supporting the launch of a Mobile application that will use Azure B2C for SSO and MFA for consumers and dealers. Worked in an Agile environment to keep traction on progress.
IDMWorks – Montello, WI – Oct 2020 – Jul 2021
IAM – PingIdentity Engineer
Worked with multiple clients Installing, Implementing and configuring PingIdentity products on Windows and Linux Platforms to support SSO and MFA Authentication. Worked in an Agile environment to keep traction on progress.
Cigna – Montello, WI – Aug 2020 – Oct 2020
IAM – Access Mgmt and Governance
Supported the RSA Aveksa environment and at the time working towards Okta and Saviynt. Focused on Roles, Entitlements and Access request Workflows within Saviynt to fine tune the process for approvals when the required approvers are not available.
HP Enterprise – Montello, WI – Sep 2019 – Nov 2019
IAM Architect/Engineer/PingFederate/ PingOne PingID Engineer
Short term contract in which I was responsible for configuring PingFederate for PingOne and PingID integration for MFA and SSO for O365. Integrated O365 to the user Dashboard in PingOne using SAML. Configured MFA using PingID for applications that required the use of MFA.
State Of Georgia – Montello, WI – Feb 2019 – July 2019
IAM and Active Directory Specialist
Was responsible for the Active Directory cleanup via PowerShell ensuring that attributes were consistent for ABAC and RBAC. Was responsible for the migration via Quest Migration Manager of OnPrem Active directory Users, Groups and Contacts in preparation for Decommissioning the State of Georgia’s Azure Active Directory Domain for Office 365. OnPrem Active Directory integration in to OKTA for Application Integration, Federation, and LCM. Agile process followed to work as a team in performing the migrations and updating information as well as other teams involved.
ChurchMutual Insurance – Merrill, WI – Aug 2018 – Jan 2019
Team Lead - IAM Architect/Engineer/PingFederate/PingOne/PingID/YubiKey
Responsible for working with Optiv to install and configure PingFederate 9.1.4 in the clients Test and Production environment, PingOne and PingID Tenants for both Test and Production environments. Responsible for ensuring that the client met DFS compliance requirements for the State of New York by end of 2018. Project Manager followed Agile methodologies in order to ensure project status and execution was on track in order to meet Governance compliance. Integrated YubiKey via PingID, PingOne.
Tasks executed:
Installed/configured PingFederate 9.1.4 on 8 Engine Servers and 2 Admin Servers (Test and Prod)
Configured/Integrated PingFederate in to Active Directory
Configured/Integrated PingOne in to PingFederate
Configured PingID Registration in to PingFederate
Configured PingFederate as a RADIUS Server
Configured Password Credential Validator for Active Directory
Configured Password Credential Validator for RADIUS Client for Cisco AnyConnect
Configured Password Credential Validator for RADIUS Client for Citrix StoreFront
Configured OAuth/OpenID for Benefits application – US Health Center
Configured PingOne DashBoard for Application integration
Configured PingID Policies for Multi Factor Authentication
Supported the distribution and registration efforts for YubiKey and PingID app for approx.1500 end users
Fishtech – Montello, WI – March 2018 – June 2018
Senior Identity and Access Management Engineer/Architect
Sr IAM Consultant responsible for advisory and delivery services of various IAM technologies:
Internally/Externally used OKTA for MFA and SSO. Exposure to setup/configuration and application integration.
Advisory Services provided to JB Hunt for complete replacement of current in house solutions that had grown over the past 10-15 years and had presented multiple challenges:
Problems presented:
Fragmented security model for applications (Identity, Access Control, Sessions, Authorization, Workflow and Management)
Disparate systems across legacy and modern applications as well as internal (employee) vs external (carriers/customers)
Inconsistent use of Process ID (PIDS)
Sprawling roles (and definition of roles)
Lack ability to properly scale and manage new and existing applications
Advisory Services provided for desired future state:
One security system for internal and external users (where reasonable for legacy)
Ability to scale to support 10,000s of employees and potentially millions of end-users (carriers, customers, vendors and other stakeholders)
Support SSO (single sign-on) with hooks for social login (Facebook, Google, LinkedIn, etc.)
Provide self-service registrations, role association, attribute association, profile updates and password reset
Allow for multi-factor authentication (MFA) for employee applications, customer applications, partner application, and VPN connections
Utilize cloud infrastructure for scale and continuous improvements; while enhancing access controls to prevent data breaches
Enable OAuth for secure delegated access for Web and APIs
Advisory Services:
Identity LifeCycle Management
Entitlements Management
Access Requests
Workflow Orchestration
Policy and Role Management
Access Certification
Password Management
Governance
Reporting and Analysis
Privilege Management
Multi-Factor Authentication
Delivery Services:
Savyint
SailPoint
PingFederate
SecureAuth
Okta
Active Directory
LDAP
SQL Server, Oracle
Microsoft Azure AD
UnitedHealthCare (Optum) – Milwaukee, WI – June 2015 – July 2017
Identity and Access Management Specialist
Worked Full time remote for Optum which is the IT division of UnitedHealthCare as an Identity and Access Management Administrator.
My responsibilities included the following:
PingFederate Administration
Venafi Administration
Team Chef DevOps lead
SiteMinder Support
Built over 100 Inbound/Outbound Partnerships using OpenToken Adapters and SAML IDP/SP Connections within the Dev, Test, Stage and Production for Internal and External Partners.
Gathered and documented requirements from Internal/External Partners.
Managed Certificates on over 800 Inbound/Outbound Partnerships between Dev, Test, Stage and Production for Internal/External Partners. Was responsible for coordinating the replacement of new Certificates with Clients.
Venafi Certificate Manager – Was the team Certificate admin. I renewed, created and managed Certificates for PingFederate, SiteMinder and various other Certificate related requests
Some hands-on experience with SiteMinder configurations. Built custom/automated scripts for Siteminder Installs
Built Cookbooks and Recipes in Chef to Automate updates to config files for all Siteminder Servers in all environments
NorthEastern University – Boston, MA – May 2015 – June 2015
Identity Management Consultant
Short term contract position with the Identity and Access Management team where I was responsible for writing various SQL scripts in Oracle for NorthEastern’s ERP/IAM environment.
MillerCoors – Milwaukee, WI – September 2014 – April 2015
Security Specialist – IAM – SailPoint BA
Brought on to MillerCoors as a Security Specialist/Business Analyst in the IAM space to facilitate and lead the replacement of Avatier Identity Management System with SailPoint IdentityIQ. I have been involved since day 1 with the following responsibilities:
Reverse engineered the MillerCoors Avatier Identity Management System environment to document Active Directory User LCM (Life Cycle Managment) workflows, RBAC, ABAC, Provisioning/De-Provisioning workflows, Access Request workflows, Auditing and reporting and various other elements of the MillerCoors IAM environment.
Facilitated and lead all discovery sessions by identifying Business Leaders, key Stakeholders, Technical and Functional leads within MillerCoors that related to various areas of IAM including SAP ABAP systems, SAP Non-ABAP systems, Non-SAP applications, Distributorship, Governance, Auditing and Controls, LDAP, HR, Infrastructure and Enterprise Security.
Worked side by side with FishNet Security (Vendor responsible for the SailPoint implementation) on functional requirements documentation, Life Cycle Management documentation and review sessions to finalize MillerCoors requirements.
Worked side by side with FishNet Security and MillerCoors on deliverables, milestones, risks, scope and act as the liaison for any FishNet or MillerCoors needs pertaining to the IAM project.
Tracking Risks, Meetings, Scope Change, Change Impact, Quality Reviews, Requirements, Deliverables, Actions and Meetings in HCL AXON (APSE)
Responsible for Project Documentation and posting to internal IAM SharePoint site
Responsible for writing Test Cases/Scripts using HP Application LifeCycle Management
Assisted with the design and architecture of SailPoint IdentityNow for Single SignOn
Assisted the Governance team with SailPoint IIQ IGA options and settings
Eastman Kodak – Rochester, NY - August 2013 – September 2014
Lead Architect/Engineer, IAM
Managed and Administered all IAM LCM, RBAC, ABAC, LDAP, SAML, oAuth, OIDC and SSO technologies. Projects and responsibilities included:
Sun Identity Manager 6.0 – Managed day-to-day operations with client requests, admin requests, troubleshooting and maintenance.
OpenSSO – Managed day-to-day operations with all integrated applications utilizing SSO
SecureAuth 7.2 – Administered and integrated external/Internal facing applications utilizing 2 factor authentication and fingerprinting for PCs and mobile devices
Sun Directory Server – Was responsible for day-to-day operations in support of user accounts and groups
ADHOC reporting – Developed custom MS Access databases using VBA to pull data from various LDAPs and databases for adhoc reporting, cost analysis of WebEx usage, cost analysis of space usage and various other reports
SAML – Managed/Administered SAML sites, upgraded remaining SAML 1.1 sites to SAML 2.0
WebEx administration – account creation, troubleshooting, documentation
SSL Certificates – Was responsible for managing and maintaining SSL Certificates for internal and external Servers and Applications that were applicable to my areas of responsibility
NBCUniversal – Over the course of the 8 years that I worked for NBCUniversal I had taken on 3 separate roles listed below:
1.Lead Architect/Engineer IAM March 2011 – Nov 2012 – Universal City, CA
Lead Architect within the IAM Department. My roles and responsibilities were to lead the onshore and offshore development teams with existing and new projects related to the separation of the GE Infrastructure and the integration of CEG (Comcast Entertainment Group) Infrastructure.
Project Management – Was responsible for leading and tracking the following initiatives:
IDM upgrade from 7.1 to 8.1.1.1
SSO Integration to NBCU IDM – IAM took over SSO generation for contingent workers from GE, SAP took over SSO ID generation for Employees
Bi-Directional Password Synchronization between SSO and Active Directory via IDM
Lead the efforts involved in transitioning off of GE IDM dependencies
Lead the Comcast integration of CEG Active Directory and Exchange 2007 in to the NBCU IAM space
Active Directory 2008, 2003 integration from multiple forests and Domains in to the IAM Provisioning & Deprovisioning processes
Exchange 2010 & 2007 Integration from multiple forests and Domains in to the IAM Provisioning & Deprovisioning processes
RSA 7.0 integration (Self Service & Administrative Forms)
BES 5.0 integration (Self Service & Administrative Forms)
EAS Implementation - (Self Service & Administrative Forms)
Designed onboarding & offboarding processes for Employees, Contingent Workers and Service accounts for CEG
Designed Employee Reconciliation process – process of converting a Contractor to an Employee and Employee to Contractor
Non-SAP application integration – continued efforts of integrating SOX applications
Worked on migration strategies of MIIS to FIM
Worked on migration strategies of MIIS to Critical Path
2.Manager, Enterprise Services June 2008 – March 2011 - Universal City, CA
As the Manager of Enterprise Services I managed 3 Departments that included Directory Services (IAM), Domain Services and Global Messaging where I managed 5 Employees and 24 onshore and offshore contractors located in India, Mexico, NY, NJ and LA. I was responsible for Managing the teams projects, Day-to-Day Operations, working with vendors, cost reduction, software and vendor contracts and renewals, reporting weekly status reports to Senior Management and 24 x 7 support for the technologies I managed. Below are highlights of some accomplishments:
Directory Services – I built this Department from the ground up in which there were at the time 4 onshore resources and 8 offshore resources. I was responsible for managing Sun IDM and all efforts related to Identity Management including collaborating with app owners and tech leads, new integrations, process design, outages and project mgt. Directory Services was also responsible for maintaining Active Directory accounts, MIIS, Automation and RAIS(Rapid Administration Integration Server).
Highlights of Directory Services -
-Managed 60k Identities in the IAM space
-Over 50 Non-SAP/SAP apps integrated – Peoplesoft, SAP, Oracle, SQL, Mainframe, AS400, Timekeeper…….
-MSNBC GAL Synchronization – MIIS was used to create Custom Recipients in the MSNBC forest
-Managed/Designed/Controlled Contingent Worker Identities and LCM events within IDM
-Built custom IAM solutions for each Olympics events to support temporary infrastructure and quick onboarding while the events occurred
Many more accomplishments within this Dept
Global Messaging – I managed an offshore team of 13 Contingent Workers within NBCUniversal Messaging environment. I was responsible for license renewals, support contracts and collaborating weekly with all GE Collaboration Leaders. Reported weekly status reports to Senior Management the support activities, outages and active issues/concerns, SLA misses, problem resolutions, project statuses, ticket volumes and milestones. Due to the NBCUniversal Mail environment being hosted in the GE Infrastructure; NBCU Global Messaging was responsible for Day to Day Operations in supporting clients, collaborating with the GE Exchange Infrastructure support teams for maintenance and troubleshooting.
Highlights of Global Messaging – Exchange 2003 hosted within the GE Infrastructure
-Managed over 27k Mailboxes, 40k Custom Recipients, 12k DLs/DDLs
-Managed approx. 8k Blackberries on BES 5.0 migrated from 4.1, 3k EAS devices
-Provided 24x7 Support worldwide
-Processed on average 250-300 requests per week
-Worked with GE on tapeless backups via data domain
-Managed Sonicwall internally for White/Black listing, worked with GE on Postini and migrations from Sonicwall
Domain Services – I managed a team of 3 onshore Active Directory Engineers and 1 offshore RTS Contingent Worker. Domain Services was responsible for Active Directory, DNS, 3DNS, DHCP, Domain Controllers, DFS, East and West Coast DMZ’s, Sites and Services, Patching via WSUS and Automation.
Highlights of Domain Services -
-Managed over 40k AD accounts in a single forest globally
-Maintained and Managed 42 Domain Controllers globally
-Processed on average 40 requests per week
-Responsible for Architecture and Design of DMZ Domains
-Responsible for collapsing legacy domains and integration in to the NBCUNI Domain
-Designed, developed and deployed self-service Intranet portals for the following to reduce administrative overhead:
-Adding/Removing Workstations and Servers
-Home Folder provisioning with the ability to display free space on each server
-Resetting passwords
-Group Management/Provisioning
-Service Account creation
-Creation of DNS entries
3.Manager, Directory Services September 2004 – June 2008 Englewood Cliffs, NJ
Directory Services was a newly created department in which NBCUniversal hired me on as the Manager to design, build and drive IAM Technologies and the IAM team. I was also a full time IAM developer in Microsoft Technologies. I was responsible for working with vendors on SOWs, contract renewals, interviewing, submitting POs, Licensing, Support and cost reduction. I collaborated with various business leaders throughout NBCU and GE to successfully build NBCUs IAM environment. I managed a team of 8 contingent workers globally. The following technologies were used in Directory Services and my role within each one:
Single Sign-On – Directory Services designed and built all automated and self-service processes around SSO that allowed NBCUniversal to have controllership and accountability for SSOs within the environment.
Sun Identity Manager - I led all IDM initiatives, collaboration and project mgmt. In the course of less than 4 years my team upgraded IDM from 4.0 to 7.1 successfully, integrated over 40 SAP & Non-SAP SOX L1 and L2 applications for manual and automated provisioning, deprovisioning and role/job changes.
SQL Server – I administered 3 SQL Server 2000 Database Servers. I setup and configured the security, backup implementation, performance and replication. I monitored and maintained the Servers while optimizing performance and writing DTS Packages for running scripts and communicating with Oracle 9. I wrote Stored Procedures, Triggers, Views and User-Defined functions for supplying data feeds to other systems and front end applications.
Rapid Administration Integration Server – A custom Microsoft Consulting Services application never released to the public used for implementing an easy to use interface for end users in Managing User accounts globally. RAIS used SQL Server as its backend database system. Uses XML, XSL, ASP, COM, VBScript, Biztalk XLANG Schedules.
Biztalk Server 2002 – Biztalk 2002 Server was used for XLANG Schedules in the RAIS Implementation. I wrote VBScripts for communicating with SQL Server and Active Directory and created XLANG Schedules in Biztalk to run the scripts and manage transactions.
Avaya Directory Enabled Management – I worked with Avaya Consultants on designing/implementing a fully automated phone and voice mail provisioning/deprovisioning system that allows for the most accurate source of dialcomm information throughout NBC Universal as well as maintaining consistency and accuracy of available Phone Extensions in the NBCU PBX Systems. The Avaya Avaya DEM (Directory enabled Mgmt) Software utilized IPlanet LDAP Directory as its repository.
Microsoft Identity Integration Server 2003 Admin – I had 3 environments containing MIIS,I developed MIIS extensions using VB.Net which are used to Provision and Deprovision Active Directory User accounts in the NBC Universal AD environment. I administered and maintained approx. 40,000 user accounts globally. I used MIIS to maintain and update NBC Universal’s Global Operator’s database based on connecting to an LDAP directory that pulls Dialcomm information from all major Avaya PBX systems within NBC Universal, MIIS will also be responsible for Provisioning and Deprovisioning into the NBC Universal PBX Systems.
Active Directory – I wrote scripts to clean, maintain and automate batch updates to Active Directory. I administered Active Directory containing over 40,000 User accounts. Designed the Employee Automation, Server and Workstation Mgmt, Contractor and Home Folder Processes against Active Directory
GE Healthcare Brookfield, WI – IAM Developer
Nov 2003 – September 2004
SQL Server – I administered 6 SQL Server 2000 Database Systems that I setup and configured. The SQL Servers ran on Windows 2000 server and Windows 2003 servers. I setup and configured the security, backup implementation, performance and replication. I monitored and maintained the Servers while optimizing performance and writing DTS Packages for running scripts and communicating with Oracle 9. I wrote Stored Procedures, Triggers, Views and User-Defined functions for supplying data feeds to other systems and back end applications. I was the main contact for any SQL Server implementations, questions or support within GE Medical IT. GE Medical locally had over 30 SQL Servers. I assisted NBCU in their SQL Implementation to support IAM processes.
Rapid Administration Integration Server – A Microsoft Consulting Services application never released to the public used for implementing an easy to use self-service interface to Manage Active Directory Users and Groups globally. RAIS used SQL Server as its backend database system. Used XML, XSL, ASP, COM, VBScript, Biztalk XLANG Schedules.
Biztalk Server 2002 – Biztalk 2002 Server is used for XLANG Schedules in the RAIS Implementation. I wrote the VBScripts for communicating with SQL Server and Active Directory and created XLANG Schedules in Biztalk to run the scripts and manage transactions.
Microsoft Identity Integration Server 2003 Admin – I managed 3 environments containing MIIS, Dev, QA and Production in which I developed all MIIS extensions using VB.Net which are used to Provision and Deprovision Active Directory User accounts in 3 Domains globally that included America, Asia and Europe. I administered and managed approx 60,000 user accounts globally. I currently have 9 MA’s, 4 Active Directory Domains, 3 Exchange 5.5 Servers, 2 SQL Servers and 1 Oracle Management Agent. I am implemented an Active Directory MA to connect to and synchronize GALs between GE Healthcare and their acquisitions; I also implemented a Management Agent to an Oracle database system that increased the lag time of information being updated on our Global WebShop Database which is used to order Assets for employees/contractors. I have assisted NBC in implementing MIIS and configuring/optimizing SQL Server for MIIS. I guided/assisted a Network Administrator in GE Commercial Finance in implementing 2 Active Directory MA’s in MIIS.
Windows 2000/2003 Server – I wrote vbscripts to clean, maintain and automate batch updates to Active Directory in America, Europe and Asia. I administered Active Directory containing over 60k user accounts. Wrote LDAP Queries against Active Directory for statistical reporting on contingent workers and employees.
Developer – ASP.NET, VB.NET, WSH, Javascript, ASP, ADO, SQL
- I used all of the mentioned technologies for implementing utilities that the Global Infrastructure team could use to automate processes, reporting, maintaining database systems and generating statistics..
Contact this candidate