United States
Seasoned Cybersecurity leader and architect with over 20 years of experience in the Identity and Access Management (IAM) domain. Expertise in designing and managing comprehensive IAM solutions, specializing in Privileged Access Management programs, Directory Services (LDAP, Active Directory), Cloud Identity, and Single Sign-On (SSO). Proven track record of implementing robust security protocols, optimizing access control mechanisms, and ensuring regulatory compliance. Adept at leading cross-functional teams, driving strategic initiatives, and fostering innovation in cybersecurity practices.
• Formalized a Privileged Access Management program at the bank, driving and centralizing privileged access management improvements across technology platforms • Hired and managed a high-performing team of senior engineers specializing in privileged access management and Directory Services (LDAP, Active Directory) • Improved just-in-time access services and implemented least privileged access model • Lead team to implement CyberArk Privilege Cloud for securing and managing privileged access, session management and isolation, secrets management, and securing non-human identities for applications and services
• Managed and developed a team of engineers focusing on our Cyber Security – Identity and Access Management platforms consisting of Okta, Azure AD, ADFS, MFA, Active Directory/LDAP, and PKI. • Designed and deployed Okta Single Sign-On, Universal Directory, API Access Management, B2B Integration, and Multi-Factory Authentication with a focus on consolidating identity platforms • Architected and managed CIAM platforms, specifically Okta and Azure AD B2C as approved B2C patterns within the organization • Architected and managed Azure AD SSO initiatives, including Conditional Access Policies, Behavioral Analysis, and Multi-Factor Authentication. • Managed and maintained public cloud IAM RBAC controls for AWS, Azure, Google Public Cloud, and Alibaba Cloud leveraging full Single Sign-On to a central identity provider. • CyberArk Vault admin, privileged account password rotation, PIM • SME in SSO protocols including OAuth 2.0, OpenID Connect (OIDC), SAML 2.0 • IAM adviser for Mergers and Acquisitions, including advising on IAM activities/tasks to ensure a smooth transition • Privileged Identity Management, managed just-in-time access controls • Advised application teams on modern authentication protocol grants and flows (Authorization Code Flow with PKCE, Implicit Grant, Client Credential, etc.)
• Public Cloud IAM RBAC Design and Implementation for AWS, Azure, Google Public Cloud, and Alibaba cloud leveraging Terraform for role and identity provider deployment • Designed and implemented Azure AD SSO patterns, supporting SAML 2.0, OAuth 2.0, OIDC, including supporting Authorization Code Flow, Implicit Grant, Client Credential. • Implemented Multi-Factor Authentication including oath token, push-to-accept application, SMS, and hardware token (YubiKey) • Implemented Azure AD Self-Service Password Reset for improved user experience and reduction in Service Desk calls • Azure AD / Microsoft Graph API access control • Office 365 (O365) IAM management leveraging Azure AD Connect for identity synchronization from on-premises Active Directory • Architected ILM best practices for joiners and leavers, automated password rotation of privileged accounts. • Deployed and maintained ADFS farms support SAML 2.0 and OAuth 2.0 extensively, including client federations • Managed large Active Directory forests/domains – 7 Forests, 20+ domains, 100,000+ user objects
• Active Directory Forest/Domain management including upgrading domain controllers and forest/domain functional levels, domain consolidations, and migrations. • Group Policy design and management • Lead PKI engineer; deployed Active Directory Certificate Services / PKI; managed certificate enrollment • Lead SSO engineer; deployed and maintained ADFS advising and supporting SSO initiatives and client federations
• Exchange 5.5 & 2000 - Implemented disaster recovery steps for customers experiencing technical difficulties within Exchange.