Cyber Security Enterprise Architect
Resume:
James McKernan - CISSP
971-***-**** ***********@*****.*** https://linkedin.com/in/james-mckernan-3478211b
Profile of Cyber Security and Infrastructure Leadership
·Security and Infrastructure technical leader of many successful revenue generating efforts including migration and redesign of on-prem and cloud network, infrastructure, storage, compute, CI/CD, and SIEM (HP, CISCO, NIKE, Premera, Equinix)
·Multi-patent holder in cloud storage Security Architecture and Content Networking
·Successfully lead complete redesign and successful delivery of Cisco eCommerce and Support functions, www.cisco.com
·Containerization and Orchestration Security Advisor (Terraform, Docker, K8s, Ansible) including key management and secrets management for end-to-end TLS transmission for internal components (etcd). Securing pods, implementing monitoring and reporting
·Years of experience in AppSec and Infrastructure vulnerability discovery, lifecycle management and remediation (CISCO, NIKE, Department of Homeland Security (DHS)).
·Delivery of many cyber security designs using industry frameworks including CIS Benchmark, MITRE ATT&CK, OWASP, NIST 800-53, A-123, FedRAMP, HIPAA, HITRUST, PCI-DSS, ISO-2700*, etc.
·Dual citizen (USA, Canada)
·Active Top-Secret Clearance (DHS/ICE through 12/31/2025
·CISSP #83674 March 2005 to present
·Mentor and people manager in team lead roles over majority of career
Experience
ENTERPRISE ARCHITECT - SECURITY MCKERNAN CYBER SECURITY CONSULTING LLC. DEC 2023 – PRESENT
·Consultant for cloud architecture to mostly health and financial industries covering Azure and AWS digital transformation, secure coding, cloud security architecture best practices, etc.
·Consultant for vulnerability lifecycle management, threat modeling, executive influencing
PRINCIPLE CLOUD SECURITY ADVISOR STEAMPUNK – HOMELAND SECURITY & ICE MAY 2024 – DECEMBER 2024
·Global AWS Systems Administrator for ICE Cloud/Homeland Security. Focus on EC2 Linux Systems Admin automation, Security Hub, Policy Manager, vulnerability management, and technical consulting.
·Greatly reduced false positives through Python/Shell script creation and implementation (12K instances).
·Terraform and Ansible infrastructure as code template design, creation and deployment supporting AppSec teams.
ENTERPRISE ARCHITECT - SECURITY EQUINIX (PEOPLE 2.0) MARCH 2023– DECEMBER 2023
·Successfully managed all Oracle ERP and EPM cloud migrations from on-prem to Oracle Cloud Infrastructure (OCI) and Fusion apps including over 200 unique integrations. Used design patterns simplify workload without compromising security.
ENTERPRISE ARCHITECT – SECURITY PREMERA (PEOPLE 2.0) MARCH 2022– DECEMBER 2022
·Design and Advised in many areas of cybersecurity including governance, threat modeling, design consultation, technology evaluation, reusable frameworks, etc. Focused on low code platform (MS Power Platform), 365 Dynamics, MS Center of Excellence and migration from on-prem AD to Entra ID, and Federal VIP data security. I am currently studying for AZ-500 exam.
·Proposed new control framework to better align to Industry standards including NIST 800-53.
·Designed data protection (crown jewel) architecture for federal VIP medical records.
·Worked on SIEM effort (Splunk) with business intelligence team.
·Develop formalized security architecture reviews covering all areas of information security including CASB, data-at-rest and inflight, SIEM, networking, app security, vulnerability management, incident response, Red Team, database, cloud security (AWS, Azure, OCI), and complex integration patterns.
INFORMATION SECURITY ARCHITECT STATE OF TEXAS (DYNAMIC CONSULTING) SEPTEMBER 2021 – MARCH 2022
·Provided analysis and evaluation of state of Texas computing systems and applications including on-prem, cloud, and hybrid solutions.
·Applied formal controls to the security and privacy of systems using NIST and FISMA frameworks.
·Improved/tweaked SharePoint, Power Bi workflows.
EXPERT SECURITY ARCHITECT CONSULTANT NIKE INC. FEBRUARY 2017 – AUGUST 2020
·Trusted advisor for digital transformation to AWS (Azure for identity).
·Contributing member of Zero Trust, IOT, and NextGen Firewall architecture (Zscaler, Pato Alto)
·Technical liaison and consultant for Corporate Information Security (CIS) and Nike’s top-secret Innovation Centers (R&D), Go to Market, TechOps, and General Services.
·Reduced critical risks in TechOps from 22 to 2 in one year by prioritization, influencing, and program management skills. Worked hand in hand with penetration testing teams, vulnerability management, and DevOps/DevSecOps. Comfortable with many vulnerability management tools including Nessus, Nexpose, Qualys, AppScan, Tenable, Metasploit, MS Defender, MS Sentinel.
·Security Lead for GDPR compliance working with leading vendor BigID.
·Network engineering stretch assignment (50%) – ExtraHop, Palo Alto SASE, CASB, etc..
·Experience with CASB including Zero Trust, Endpoint protection, firewalls, DLP, SDWAN.
SENIOR SECURITY ENGINEER AND TEAM LEAD CISCO JULY 2005 – FEBRUARY 2017
·Chief Security Architect for Cisco Services. “Design with Security in Mind” by contributing to architecture from program inception, rather than reactive analysis.
·Successes included Collaboration as a Service (Telephony/Telepresence), Cisco Storage Connect, and Connectivity CSO (secure messaging from customer sites to Cisco via IP/Sec over UDP).
·Lead Security Architect for Cisco Storage Connect, a means of encrypting and protecting file uploads in the public cloud via on-the-fly symmetrical key encryption web services. US Patents #8,799,322 and #9,633,024.
·Helped pioneer self-service developer driven security scanning and remediation. Collaborative Ideas led to paradigm shift in industry and the development of IBM AppScan Enterprise solution, as well as IBM RAD LDE integration of run-time scanning integration with static code analysis.
·Primary Security Authority on several Cloud offerings representing Cisco to prospective and existing multinational financial customers, governments, and agencies including ISO 27*, SSAE, FISSMA, CSA STAR, PCI-DSS, FedRAMP, NIST 800-53, PII law, etc.
SENIOR ENGINEER/ARCHITECT AND TEAM LEAD CISCO AUGUST 1999 – JULY 2005
· Architecture/Engineering lead for next generation www.cisco.com infrastructure which included the introduction of many Cisco cutting edge products in the areas of load balancing, content caching, SAN/NAS storage, etc. Created horizontally distributed content farms based in Linux and mostly open-source infrastructure software.
·Engineering lead for next generation intranet infrastructure. This one-of-a-kind enterprise effort involved the migration of web content, 17,000 applications, and migration of 5,500 developers to a new distributed architecture. The effort included the first introduction of Content Service Switches and intelligent load balancing within world-wide Cisco IT.
·Designed an automated framework for phased/autonomous migrations of content and applications based on layer 7 intelligent load balancing. The automation allowed for the independent migrations of hundreds of business groups to a new 3 tier architecture, distributed design with 100% business continuity and service availability during overall project. This invention holds two US patents: #7,765,272, and #7,765,272.
·Architect and project manager of NetAid. www.netaid.com
SENIOR WEBMASTER AND ARCHITECT HP MARCH 1997 – AUGUST 1999
·Built UNIX and Windows web server farms for HP Corporate IT. Fault-tolerant design exceeded 5 nines uptime through first 18 months of operation.
·Provided leadership in web consulting activities, applications development, software lifecycle, reporting, document management, deployment, and distributed design for Windows and UNIX content and application developers. Team Lead.
·Windows NT, HP-UX, Linux systems administration
SOFTWARE DESIGN ENGINEER HP MARCH 1995 – MARCH 1997
·Designed and managed heterogeneous environment of NT, Apple, and UNIX workstations and servers for Handheld R&D design team.
·Designed remote access framework for world-wide design team and business partners. Webmaster.
·C++, Smalltalk software engineering.
·Contributed to the world’s first wireless handheld web browser research and development as well as managing all software design tools, virtual machines, hardware prototypes, design cycle, and revision control.
COMPUTER INTEGRATED MANUFACTURING ENGINEER HP FEB 1994 – MARCH 1995
·One of eight engineers who built the semiconductor industry's first automated wafer fab, FASTFAB
TECHNICAL BUSINESS ANALYST HP NOVEMBER 1993 – FEBRUARY 1994
·Designed and implemented decision support tools for HP top executives. Helped financial budgeting and reporting efforts for world-wide field operations.
PRODUCT EDUCATION ENGINEER HP AUGUST 1990 – NOVEMBER 1993
·Developed and delivered technical training courses to direct marketing staff on HP products including printers, PCs, and T&M products.
DIRECT SALES CONSULTANT HP AUGUST 1988 – AUGUST 1990
·Sold HP products, provided technical pre-sales support.
Education
MS COMPUTER ENGINEERING 1994 – 1996 DEGREE INCOMPLETE DUE TO PRIORITIES AT HP. OREGON STATE UNIVERSITY
BA HISTORY AND ENGLISH (PRE-LAW) JUNE 1987 HONORS COLLEGE - UNIVERSITY OF OREGON
Sampling of Skills & Abilities
·Networking (2 patents)
·IAM
·Crypto
· Vulnerability Management
·Data Security (2 patents)
·SecDevOps
·DevSecOps
·Threat Modeling
·Architectural frameworks TOGAF, SWIFT, etc.
·Governance
·Excellent interpersonal and communication skills
·Network Security
·CASB and SASE
·Poised under pressure
·Compliance
·AWS Security
·NIST 800-53, Cyber Security Framework
· NIST Cyber Security Framework
·Linux
·Fun and energetic
·CI/CD (Docker, OpenShift, GitHub, Terraform, Ansible, AWS policy manager, etc.)
·Privacy Law
·GDPR
·Audit
·Python, Shell, Perl, C, C++, Java
Activities and Interests
Trained chef, artist, hiking, skiing, camping, travel, being a good dad to my 5 children
Contact this candidate