Senior Consultant Quality Assurance

Russell Gregg, CISSP

Senior Consultant GPS Cybersecurity

Deloitte Risk & Financial Advisory

Mobile: +1-864-***-****

Email : ***********@*******.*** Office : Greenville, South Carolina USA

Profile

Russell is a Senior Solutions Consultant in Deloitte Risk & Financial Advisory. He is a specialist in Cybersecurity Identity and Access Management with a focus on automation and governance throughout the identity provisioning lifecycle.

Experience

10/2021 - Present

Deloitte LLC

Consultant – Senior Solution

Provides Identity solutioning for the Identity Team of the InnovateOhio Platform in areas of user provisioning automation across development, quality assurance, staging, and production SDLC stages.

Provides integration and data engineering for the InnovateOhio Platform for fraud detection and reporting systems rendered via machine learning and AI facilities.

Provides automation using Source Code Management, Infrastructure as Code, and CICD pipelines targeting cloud infrastructure and fullstack management.

05/2021 – 10/2021

Brooksource Consulting

IAM Security Engineer III - Consultant

Provided DevOps engineering regarding automated testing for identity management platform leveraging Quest One Identity workflows for Novant Health services. Utilized stack included Cucumber, Gherkin, Python, Jenkins, and PowerShell to support the hybrid cloud environment under Microsoft Azure.

10/2019 – 03/2021

SecurIT USA

Senior Consultant

Provided security development and implementations for SecurIT USA clients to meet complex requirements.

Responsible for the design, development, and implementation of custom RMI adapters for custom application integration for IBM Security Identity Manager (ISIM). This responsibility required a deep knowledge to leverage Java, Javascript, shell scripting, communication protocols and standards: REST, SOAP, SSH, TLS, and platforms such as Active Directory, Azure, Google Cloud, and AWS.

Responsible for test automation and automated testing using high volume test cases. This accomplished increasing test case datasets from less than 100 to over 5000 per test run while decreasing testing time per run from 16 hours down to 45 minutes.

Team member for project for international consolidation of multiple security infrastructure systems into centrally provided service offering to support a 600,000-user base. Russell provided direct design and implementation of the ecosystems with their respective resilience including recover-to-cloud options.

01/2005 - To 10/1/2020

IBM

Senior Consultant

Provided security consultation to various clients.

Assignment History

10/2010 – 10/2019

108 months

IBM Cloud Managed Applications Services

IBM MSD - Legacy eBHS ITIM Stabilization and Upgrade to Support a Multicloud Environment

Project Description: Assessment and stabilization of ITIM/ISIM 4.6 implementation to prepare for upgrade to 7.x version. This project transitioned into a long-term placement for management, integration, and automation.

Russell stabilized the existing system to function for current scope of managed systems/accounts. Removed unused services to allow identification of failing services for correction.

Russell corrected failing services allowing successful completion of user requests for identity management requests. This reduced pending requests from 6.5 million to under 100.

Added enhancements for reporting to allow diagnostic of failing connectivity.

Russell enhanced performance to reduce time for typical activities from 10 minutes to 30 seconds.

Technologies used extensively included LDAP, Active Directory, HTTP, REST, TLS, Java, Javascript, Powershell, shell script, some Python, some Ruby (Chef), Git, Github, SAML, OIDC, SQL (DB2, Oracle), No SQL (CouchDB, MongoDB), IBM Cloud, AWS, Google Cloud, and Oracle Cloud.

Processes required in the maintenance of the ecosystem included vulnerability assessments using host-based tooling, remote assessment scanning with Nessus, and the accompanying remediations through automation with Ansible other, Chef, and some SALT stack. Systems were required to adhere to multiple levels of compliance required for internal and client organizations: HIPPA, FDA, PCI-DSS, GDPR, and Italian Data Privacy. These compliance levels were audited under internal direction, two third parties, and select client teams; resulting in audits for SOC II and SOC III reports every month.

Russell developed and implemented a secure self-service mechanism to provide evidence to audit personnel without disclosure of internal associate private information or client confidential data.

Russell used role mining data to reduce the number of RBAC roles for 60,000+ to 44. This allowed associates to revalidate their access semi-annually with 5 interactive emails across the associate, their respective manager, the system owner, and the application owner.

Procedural excellence was culturally embedded to increase quality, reduce cost, and provide consistency. This was employed via agile DevOps across 130+ cooperative teams around the world. The width and breadth of the DevOps culture ranged from infrastructure as code (IaC) to CI/CD pipelines that included security static code scans, library scans, and automated testing allowing weekly releases and continuous enhancements. All developed code for installation, configuration, monitoring, and remediation of the security ecosystems required hands-off mechanisms.

Russell successfully designed a reusable service offering that integrated IAM security ecosystem services across multiple cloud vendors: AWS, Azure, Google, IBM, and Oracle as a sidecar footprint to provision, manage, and monitor. The design components that Russell provided included security groups, traffic definition, secrets management, network groups, WAF, VPN, privileged access management, multifactor authentication, and security posture reporting: OWASP, best practices, compliance.

11/2009 - 09/2010

11 months

Smart Meter Texas

Smart Meter Texas Portal

Project Description: Design and implementation of integrated IAM solution to provide self-registration, delegation, management, and self-service to Smart Meter consumer, transmission, and generation users in a role-based framework using IBM Security Identity Manager (ISIM), IBM Security Access Manager (ISAM), IBM Security Directory Server, IBM WebSphere Message Broker, and IBM WebSphere Portal Server.

Solution currently supports 5 million electricity consumers. This project was a first of its kind implementation allowing Smart Grid participation by customers. Customers monitor electric utilization retrieved on 15-minute intervals from adhoc mesh topology created by powered meters. Communication design was reworked to leverage a central key management facility for all meters, a savings of $30 million per 3-year period.

Solution supports transmission and generation users to provide billing, meteorological, and outage data gathered in near real time across Arizona, New Mexico, Oklahoma, and Louisiana.

Russell’s responsibility on the project was the integration of self-service development in support of gathered requirements. Russell led a team of 8 for the development, code review, testing, and defect management of Java and SOAP coding. Russell also provided a secondary support of specialized devices and their respective SCADA internetworking including PKI requirements and resilience.

01/2009 - 11/2009

11 months

Oncor

Automated Meter System

Project Description: Implementation of a role-based enterprise solution as an internal management infrastructure and facilitate SAML as an Identity Provider to external Service Providers.

Main goals were to reduce time required to onboard new associates by leveraging Tivoli Access Manager (ISAM), Tivoli Identity Manager (ISIM), Tivoli Directory Integrator, and Tivoli Compliance Insight Manager (TCIM) for the AMS project.

Russell implemented a framework allowing internal associates to be provisioned automatically as the client’s SAP system completed their HR record. This allowed new associates to begin working in minutes rather than days. The framework also provided a facility wherein a business partner was provided a limited interface to the identity governance system. This limited access interface allowed the business partner to manage their own personnel’s access to the client’s environment without utilizing the client’s resources beyond appropriate approvals.

Russell assisted with the TCIM implementation to provide intercommunications from hundreds of sensitive endpoints utilizing automation for deployment, configuration, management, and maintenance.

05/2008 - 11/2008

7 months

Avnet

Project Description: Designed identity management feed system from legacy LDAP.

Developed real time infrastructure to synchronize changes to accounts and roles used across 135 applications. Applications utilized ISAM for directory and authorization services and ISIM for role authorities.

This client was recognized as a top 100 innovator for this project in CIO Magazine.

Russell was the single resource responsible to assess, design, test, and implement a highspeed intelligent synchronization system allowing immediate access control and provisioning capability as the client defined them in any of 4 directory systems. This engine was extremely complex with multiple source technologies requiring publishers and consumers using Java, Visual Basic, Python, and Adobe technologies.

03/2008 - 06/2008

4 months

New York City - Department of Education

Aries Portal Implementation

Project Description: Provided product support and enhancement for an ITIM/ISIM environment feeding Active Directory account information and organizational structure data into ITIM/ISIM and onto endpoints for ITAM-eb/ISAM, IBM Directory Server (ITDS) in support of WebSphere Portal, and Microsoft SQL Server.

Significantly reduced processing times, corrected underlying ITDI adapter issues, and provided daily support of the environment.

Russell was responsible for designing and developing synchronization services to reduce synchronization times from 3 hours to under 2 minutes. The synchronization required Java, JDBC, SQL, VBScript, and Javascript.

11/2007 - 03/2008

5 months

Walgreens Health Services

Federated Identity and Single Sign On Solution Design

Project Description: Performed research for technical details of the client environment as it related to industry standards, best practices, and technology trends.

Topics covered included SAML, WS-Federation, Liberty Alliance, Open ID, SPML, DSML, and various web services footprints.

The overall objective of the project was to provide a high-level solution design which was vendor neutral and architecturally agile.

Russell worked with a lead architect to deliver a high level design that was product agnostic and provided a highly flexible set of features.

04/2007 - 10/2007

7 months

Publix Supermarkerts

Identity and Access Management Implementation

Project Description: Responsible for the design, development, deployment, and documentation of the initial ITIM/ISIM implementation.

This included custom adapter development, user self-service, and portal integration with reverse proxy configuration using ITAM-eb/ISAM

Russell was responsible to implement and document a highly available identity management solution that received near real time notifications from the client’s SAP system. Upon notification an end user would be provided all accesses required for them to perform their job duties.

01/2007 - 04/2007

4 months

Marathon Oil Corporation

MOC - Extranet Identity Management Deployment

Project Description: Deploy customized identity management solution for corporate extranet under Sun Identity Manager.

This solution leveraged self-registration, subscription, and sponsorship models allowing a fully autonomous solution.

Russell designed and supervised two junior resources in the implementation of a comprehensive identity management solution allowing external researchers to apply for sponsorship into the client via invitation. Sponsored applicants automatically received access roles based on the defined sponsorship type.

08/2006 - 12/2006

5 months

Case New Holland

Intranet Portal Migration

Project Description: Deployment of customized Tivoli Identity Manager (ITIM/ISIM) in support of intranet portal migration from Seibel to IBM WebSphere Portal Server.

Implementation leveraged ITAM-eb/ISAM for reverse proxy protection and custom entity types for user populations.

04/2006 - 08/2006

5 months

Lockheed-Martin - Global Combat Support Systems

Federated Identity Management deployment

Project Description: Develop installation support system for the deployment of Tivoli Federated Identity Manager to USAF for portal single sign-on services.

Regarded at the time as the most stable and refined installation performed to date. No external intervention or assistance required for implementation.

10/2005 - 04/2006

7 months

BI-LO LLC

Enterprise Security Consultation

Project Description: Assigned to provide support and deployment assistance during corporate divestiture. Applications supported were encryption services, intranet single sign-on, and identity management under PGP Enterprise Server, Tivoli Access Manager(ISAM), and Tivoli Identity Manager(ISIM), respectively.

05/2005 - 09/2005

5 months

Ahold Information Services

Divestiture of a corporate division

Project Description: Development of parallel system to support new corporate entity to function in same capacity. Design and develop systems for encryption, intranet access, and identity management.

03/2005 - 05/2005

3 months

American Express

Corporate identity reconciliation and revalidation

Project Description: Provided identity process to validate current identities and matching those to existing users/managers for attestation of need.

01/1997 - 01/2005

Ahold Information Services

INFOSEC Assessor and Network Administration

Architect, implement, manage, and assess enterprise environment for mitigations to inherent risks from administrative and technologies deployed. Integrate legacy systems to minimize administrative overhead and improve integrity of system accounts and services in support of business mission.

Russell’s responsibilities were the implementation of security systems in support of RSA multifactor authentication, web proxy content filtering, reverse proxy implementation with centralized policy-based access control to flatten the enterprise URL space and provide a single signon (SSO) experience for users.

04/1996 - 01/1997

Aerotek Recruiting & Talent

Consultant

Deploy systems developed to customer specifications on time constrained engagements. Improve implementation strategies through technology solutions to provide surplus time on projects to allow newer project goals to be developed in support of new and growing customer requirements without incurring additional costs.

Contact this candidate