Security Architecture Cloud
Resume:
John J. Masiliunas – Managing Consultant – Security and Privacy
CISSP, CISA, Certified Internal Auditor, Certified Public Accountant, Certified Bank Auditor, Tivoli Certified Solutions Specialist, Certified Financial Services Auditor, IBM Project Management Certified, Department of Treasury Secret Clearance, Department of Homeland Security and FBI Secret Clearance. CEH, Certified in Agile and DevOps, Studying for CCSP and CCSK
Contact Information: 7138 Eagle Trace Way, Indianapolis, Indiana 317-***-****
Or 317-***-****. email **************@*******.***
Summary of Skills
John has over 15 years of leadership in the sales, design, execution, project management and hands-on implementation experience with leading-edge application security technologies at the most technically complex global organizations in the world. I have worked with technology risk management and security functions. I live in the real world of design and build for cloud, agile and dev ops. This includes experience with all the major product vendors. Key attributes related to the specific opportunity include:
I have Directed teams to build and design the following:
oAll products were built and designed using SAFe Agile
oDesigned and built systems to NIST and CSA Cloud Standards
oPassed CCSP
oPrepared visio diagrams
oPassed CCSK
oStudying for AWS, Azure and GCP security exams
oI am a Certified Ethical Hacker and Certified in Qualys
oUsed tools such as Nessus, Fortify and all AWS and Azure tools. Also, CASB tools
oDeveloped standards for NIST
oContributed to CMS and NH-ISAC Cloud security standards
oBuilt to FedRamp Standards
oExperience with CLI’s
oSignificant Pharma and Health Care and state Cloud Experience
oWorked with CASB such as NetSkope and Skyhigh
oWorked with Dome9 and Evident.io
oIAM in cloud with tools such as Ping, Okta and Lighthouse
oExperience with Azure and AWS and SkyHigh
oImplemented SOC, SEIM, IPS/IDS
oImplemented Trend Micro in AWS
oImplemented Qualys WAF and VM using cloud agent
oLead Board and Executive input
oQualys certified for Application and OS
oLead incident response
oDeveloped ISO and NIST and Cloud Compliance Frameworks
oManaged team of up to 15 people on a geographically dispersed basis
oQualys and Splunk certified for vulnerability management and remediation
oIntegrated security architecture for several large companies during acquisition
oDeveloping 1,3,5 year cloud security architecture and IAM plans for large, complex organizations. Including Okta and key management
oSignificant experience with AWS, GCP and Azure Security
oDeveloped security architecture for enterprise web-based product solutions and cloud
oDesigning and implementing SAAS and cloud security architectures for large cloud providers and other service organizations
oIntroduced new technology and solutions to organizations on a regular basis
oConducting assessments of SAAS/cloud security architectures
oIntroducing new technologies and concepts into organizations and managing POC
oExperience with mobile and BYOD security solutions
oAssociations with various information security leaders world-wide in industry and academia
oWorked remotely with development teams all over the globe
Passed exams - CISSP, CISA, CISM, Certified Financial Services Auditor, Certified Bank Auditor
IBM Certified Project Manager
Certified in Cloud Security
Certified Ethical Hacker – IBM
Qualys and Foundstone Certified
Consulting experience with Big 4, Andersen and Large System Integrators such as IBM and CSC
Experience with all security architecture methodologies including ISO, COBIT, FFIERC, NIST, PCI, Healthcare, CAP, FISMA, FRB and SABSA
Built all systems to European and US privacy standards
Lead Information Security positions. In this role:
oReduced Costs
oDeveloped Solutions
oBuilt security delivery teams
oBrought global security architectures to best practice standards
oIntroduced more sophisticated and comprehensive risk management practices that included the use of risk registers, data classification and metrics
oUpgraded staff
oProjected improved image of information security
oIntegrated and embedded with teams
oBecame authority on all areas of security and business risk
oChaired key committees on security and improved relations with audit and compliance
Finally, I have lead numerous teams of resources of up to 30 persons in geographically disperse locations, managed teams and security budgets of over $20 million dollars, revitalized information security teams through proactive resource management and development of personnel. I specialize in taking information security teams to proactive leadership via metrics, compliance programs and careful hiring and mentoring of personnel. I can also work with management to obtain the appropriate levels of funding for security operations.
Employer History and Experience
March 2017 – Present – Principal Security Architect– Large Healthcare Payer/Provider Organization. Fortune 50 Organization
Directed and lead teams to build and maintain Cloud and on-Prem Security Architecture. Managed a budget of over $5 million in a build-out based on HIPAA, NIST 800-53 and HITRUST after conducting a gap assessment. Tasks included:
oPart of new technology team that identified gaps in the existing security process and technology. This team identified gaps, obtained approval for POCs, conducted POCs and brought solution approvals for purchase and deployment. Solutions introduced include Cloud Security Posture Management, SCA scanning, Meta Cloud Tools
oLead selection, design and implementation of on prem and Azure cloud Zero Trust solutions using products such as Illumio and Cloud based products. Additionally, utilized HIPS tools such as Phantom and Cloud Native tools
oImplemented enterprise scaled dev sec ops application security program using tools such as Prisma, WAF, CHeckmarx, Snyk, Blackduck and other tools for over 300 applications. Solutions also included Thread Fix, Tableau and SD Elements across many applications. Also built the solution on n-1, scanning, gating and training
oConducted numerous security assessments over medical devices and IoT devices. This includes the development of security frameworks and MDS2 documents
oImplemented enterprise IoT solution such as axway, medigate, forescout to protect the environment
oPrepared threat models using STRIDE
oImplemented and conducted review using PRISMA
oConducted reviews of SalesForce
oConducted reviews of API and used NoName API tool
oDesigned and lead deployment of Medigate with Tanium to identify vulnerabilities in medical devices. Worked with operationalized system
oDesigned and tested security over medical devices including secure firmware
oConducted manual code security reviews
oDesigned and lead deployment of Forescout for soft segmentation of medical devices
oDesigning and Building Security Architecture and conducting assessments using application security tools such as AppScan, BlackDuck, Qualys, THreadfix, Checkmarx, Veracode and Fortify. Also, building AWS/Azure security architecture for FSI systems in public and private clouds. Finally, designed cloud security for Azure. Working with Evident, NetSkope CASB, Bitglass CASB and Dome 9. Built large application platform for over 15000 application
oCreated dashboards
oImplemented development and remediation standards and timelines
oDesigned cloud security for AWS, Azure and GCP
oDeveloped application security architecture for dozens of applications including healthcare applications.
oRemediation work for vulnerabilities including PCI compliance
oImplemented all components of AWS, Azure and GCP security standards
oDesigned PKI and Encryption systems
oImplemented Linux, Windows, Kubernetes and Container security systems involving thousands of servers using twistlock and aqua
oDeveloped DevOps application security program using Fortify and Veracode for complete security program for all applications. Program went from training to remediation using tools such as Greenlight, Threat Models, Tracking, Software Composition Analysis using Black Duck for all development languages. This was for a large bank
oExecuted Nessus, Metasploit scans against Linux and Windows OS’s, DB’s, and lead remediation efforts
oConducted pen tests against applications and using tools
oApplication Security Champion leading efforts to remediate code. Worked side by side with developers to remediate
oIntroduced new solutions for DLP, File Share, Removal of PHI data and De-Identification
oEnabled a HITRUST based security architecture using database encryption solutions
oIncreased scope of all IAM solutions including Privileged IAM and SSO along with provisioning
oImplemented security architecture for medical devices, and HER systems
oDeveloped threat models
oConducted dozens of vulnerability assessmentsl
Feb. 2015 – March 2017 - TechMahindra – Principal
Lead efforts to develop security for cloud solutions.
Worked with numerous pharmacy companies to perform security assessments
Embedded resource for dozens of pharmaceutical and provider applications to perform code scans, threat models, SCA scans and remediation using Bug Bars and design elements. Worked with Checkmarx, Fortify, Blackk Duck and App Scan and MS Threat Model. Also, designed enterprise cloud security architecture for applications
Provided input to CMS and NH-ISAC Cloud standards. Assisted in development of standards
Conducted application assessments using Fortify and checkmarx
Implemented security architecture solutions for a hospital and medical device manufacturer over the medical device systems
Implemented Forescout for Medical Device security
Provided input to Govt-ISAC Cloud Standards
Designed, architected and implemented an AWS Security solution for a large state health care payer
Deployed private cloud for large data processor
For a healthinsurer. Conducted security assessments using Fortify
For a medical device and for a pharma manufacturer, functioned as a Cloud Security SME. In this role, I designed, architected and implemented AWS and Azure security and device security. These met NIST and FDA standards and developing and implementing mobile security
For several large government, HC and FSI organizations, designed, architected and implemented AWS and cloud security security architecture using tools from Qualys, Trend-Micro and Splunk
For a large manufacturer, functioned as a Cloud Security SME and lead the implementation of a solution from Okta for IAM
Implemented CASB solutions for DLP, IAM and VA for an agency
Implemented Digicert for cloud
Lead efforts to design, architect and implement IAM solutions for a Cloud ISAAS Solution for retail and several FSI and Service organizations. In these roles, I worked as CISO to lead initiatives with leaders and execs.This included implemented Okta and Vormetic.
Designed, architected and implemented Azure security including Azure AD and IAM
Designed, architected and implemented medical device security architectures
For a government cloud HC solution served as a sales security architect to advise on solution
Rearchitected and re-implemented a cloud IAM solution from IBM. Got project back on track
July 2014 - Feb. 2015 – Accenture – Security Architect
Designed, architected and lead implementation of .Sailpoint and Goverance
Designed, architected and implemented security over a Accenture VPC based on AWS for a pharma and a state agency
Designed an application security solution for AWS security at a FSI and payer
Designed security architecture for hotel and reservation application systems
April 2008– July 2014 – Independent Consultant
In this role, I functioned as a Security Architect with the responsibility for introducing new solutions, managing POCs, developing business cases and then architecting and delivering solutions.This included functioning as a CISO. All work included Qualys and Splunk integration and configuration. Also implemented DB security solutions from McAfee and Guardium and worked in AWS and Azure systems
For a large cloud security ISAAS provider, developed a secure application and secure coding solution and an AWS security
Cloud Provider - Implemented Okta IAM solution at several clients in the Azure Cloud
For several large companies, implemented and executed large vulnerability reduction programs across all platforms including MS
For a large Azure deal, implemented Azure security at a government client
For several organizations, implemented Cisco security solutions from ASA, Firepower, OpenDNS, Lancope and Meraki and
For several large manufacturers implented FireMon, Checkpoint and Palo Alto solutions
For a large global company designed a security architecture to integrate organizations from acquisitions and stand-alone entities to one global cloud security architecture on Azure
GE Oil and Gas - For a large manufacturer functioned as a cloud security architect for the movement of confidential and high risk application from on-prem to AWS
For a large telecom provider SAAS based systems functioned as a security architect on Azure
GE - For a large global manufacturer, functioned as a security architect for a cloud based migration to AWS
Bank - For a large FSI, functioned as a security architect for an AWS migration
Designed, architected and implemented a SSO option for a web-based logistics system for a SAAS logistics company in AWS
For several large organizations, redesigned and re-implemented a Tivoli IAM solution that had gone off track
Functioned as a security architect for a cloud based solution in AWS
Functioned as a security architect for a cloud based telecom and expense billing solution that was integrating several companies into one security architecture. This was AWS based security
Designed, architected and implemented 3 McAfee, Symantec and NAC endpoint systems including mobile security. The focus was on enterprise protection along with a strong improvement in phishing prevention techniques.
Executed goodness of fit for IAM product selections for 4 large companies application systems
Designed, architected and implemented an internal database system that tracked all activity by user ids within the internal system. This discovered unusual access patterns within the organizations that were indicative of hack activity.
For several large banks conducted security architecture gap assessments and architecture design for mobile. Deployed solutions for companies
For large FSI, functioned as a cloud security architect for a migration of on-prem applications to AWS cloud
For 2 FSI organizations, designed, architected and implemented SailPoint IAM solutions and Enterprise IAM and Security Solutions
National Life - For a large insurer, conducted security architecture assessments and developed enterprise security architecture strategies and plans
For a large insurer, designed an CA Identity, Role, Control and Governance Minder architecture
For a large software vendor, developed an application security and secure SDLC strategy
For a large consulting firm, developed a threat management and intelligence solution
For numerous FSI firms including banks, developed a 1,3,5 year cloud application security architecture strategy based on an integration of several companies with a focus on AWS
For 2 large SAAS providers developed web application SDLC security solutions to ensure cloud security
Conducted security assessments over VM/cloud based environments
Designed security architecture for a VM environment consisting of over 9000 virtual servers
For several large cloud site/providers, implemented a federated identity management solution
For a large bank, developed an IAM strategy for mobile security and advanced IAM such as OAUTH
For 2 large SAAS/cloud providers to the banking and healthcare industries, developed an enterprise security architecture
For a large FSI, developed a secure application development methodology
For a large bank developed a mobile security solution for web based transactions along with a mobile IAM strategy
Autotrader - For a large retail cloud provider, designed, architected and implemented an enterprise security solution
For a large healthcare cloud provider on AWS, designed, architected and implemented an enterprise security architecture and supporting solution
For a large retailer and a large manufacturer, developed a BYOD and NAC security solution for their cloud solution
For a large government agency, architected and implemented an Oracle IDM/IAM solution over a cloud solution
For a large government agency conducted a PCI, NIST and FISMA based security assessment. This included developing an application security framework and a GRC framework
Implemented DLP solutions for WebSense, Symantec and RSA over cloud environments
Developed a DLP strategy for a large manufacturer
For a large insurer, developed a vulnerability reduction strategy
For a large distributor, architected a IBM Guardium DB Security solution
Developed an enterprise security architecture for a software developer including the secure development of applications sold to customers via cloud
For a large manufacturer/distributor, implemented a ITIM/SAP GRC solution
Current training in latest version of Oracle OIM, OAM and Oracle Role Manager
Attended IBM TFIM training for current version.
Attended Q-Radar Training for Q-Radar version 1.1 MR4. This was hands-on training
For a large government agency, architected and implemented PCI solutions for P2P encryption, tokenization and Network Enclaving/Zoning
For a large retail pharmacy working in cloud, designed and architected an enterprise security architecture for SOA/Web Services and in-store encryption this was using the TFIM and Datapower solution. Also introduced a mobile security solution for web users and employee.
For a large pharmacy, designed, architected and implemented a Q-Radar solution for SEIM for a cloud solution
For a large financial services company, architected, designed and implemented a role consolidation solution from Oracle. Also, executed a role consolidation project
For a large retailer, designed, architected and implemented a high-availability solution for CA Identity Manager r12 SP11.
For a large bank, designed, architected and implemented an enterprise security architecture lockdown and security improvement plan across the entire stack including application and GRC security
For a large bank, re-designed, re-architected, re-deployed and re-energized a large cloud IAM/IDM solution that had languished for 2 years and spent $8 million with no delivery. This included ITIM, TDI, TFIM and TAM ESSO
As a contract architect and security director lead an enterprise buildout of security architecture for a large health insurer offering a cloud-based solution. Included in this efforts was the purchase of numerous security tools, the addition of staff, implementation of enterprise IAM/IDM, 2 factor authentication and SOA/Web Services security and the use of a variety of enterprise security tools including web application security. This was based on TAM, ITIM, TFIM and Datapower
As a contract architect director, designed, architected, sold, road-mapped and lead the implementation of an enterprise WS/SOA, DB, VM and IDM/IAM/Federation security architecture for a large SAAS/cloud online education institution. This solution would lead the organization to adopt the latest in authentication, authorization centralization and other advanced security solutions. Post go-live, lead various problem resolution sessions. Lead Security Architectural Review Board meetings focused on security roadmapping. Additionally, designed a password self service solution that lowered help desk costs by over $1 million dollars.
As a contract architect and security director for a large insurer
oIntroduced client to an advanced Enterprise Network forensics product that significantly improved forensics, DLP and management of network security.
oDesigned and architected an enterprise wide IAM/IDM/Federation/SOA/WS and RSA 2 factor authentication security architecture
oDesigned enterprise AS400, Unix and DB security lockdowns to include configuration, encryption and VM ware security.
oImproved staffing levels. Trained teams on cloud and SAAS security
Functioning as a contract architect and director for a large civilian/military healthcare payer undergoing a consolidation
oDesigned, architected and managed an enterprise SSO, SOA/WS, IDM/IAM, web application/secure coding. Designed real-time code review systems that scanned source-code as part of the build. Met military grades of encryption and controls
oLead reviews of mainframe and DB security systems and managed the implementation of improved security controls.
oConducted gap-analysis of enterprise SOA/WS security architecture for a large bank. Prepared build-out plans, roadmaps and architectures
For a large online cloud-based auto retailer that had been subjected to online fraud, designed, architected and managed the implementation of IDS/IPS, IAM/IDM/SSO/Federation, DLP, network, SOA/WS and DB security solutions.
Developed a web application security strategy for SDLC
Functioning as a security architect and director for a systems integrator to the FBI, CJIS and DOJ conducted gap-analysis of application security for various classified and unclassified law enforcement systems and then designed, architected and lead implementation efforts of the IAM/IDM/SSO/Federation, SOA/WS, Developed Application Coding, Database, Network, Advanced Authentication including 2 factor, DLP and VMWare server security components. Introduced this highly security centric organization to advanced concepts in VMware, network forensics/monitoring solutions such as NetWitness and advanced adaptive authorization and authentication security. This included RSA AA, TIM, TAM, TFIM and Datapower
For the Department of Homeland Security Customs and Immigration Division designed, architected and lead pilot implementation of a mainframe and client server SOA/WS, IAM/IDM solution, DB and client server security solution. This was a TIM, TAM and TFIM solution
For the US Department of Transportation, designed a mainframe and client server security architecture that focused on improvements in the areas of DLP, Network Forensics, SEIM, IAM/IDM/SSO and SOA/WS security. Managed the day to day implementation of the IAM/IDM/SSO solution.
For a large multi-national pharma manufacturer conducted an enterprise global security architecture assessment. Out of this project came:
oA revised enterprise security architecture roadmap
oImproved data classification and risk management/inventory practices using Archer
oOverhaul of entire enterprise security technology suite and addition of numerous tools
oElevation of information security function to director status
Education
B.S. in Accounting and Computer Science. Loyola University of Chicago
MBA in Finance and Information Systems. Roosevelt University of Chicago.
Contact this candidate