Cyber Security Engineer

• Feb 2022 - Present

Senior Principal PKI Engineer, Global Product Security

• Jul 2021 - Dec 2021

Assistant Vice President - PKI Engineering, Chief Security Office

• May 2018 - Jul 2021

IT Application Owner for PKI to globally based Bank’s business groups including management of over 1200 external facing certificates using DigiCert, as well as over 150,000 digital email encryption and signing certificates. Provided guidance on certificate usage, revocations, and private key management for Enterprise Developed in-depth knowledge of Bank’s internal PKI solution based on OpenXPKI Assisted with integration of Bank’s cloud-based infrastructure (based on RedHat OpenShift), allowing rapid deployment of Financial Applications using Kubernetes (K8s) with automatic issuance of certificates using bank’s internal PKI. Oversaw mitigation of global issue of a revoked DigiCert Intermediate CA that required replacing over 1200 certificates within the span of two weeks. Helped review external PKI providers for an economical solution for Secure Email across banks 155,000 employees. Worked with Secure Email team to integrate DigiCert, a globally recognized certificate authority (CA), with Microsoft Exchange and switch users from internal PKI certificates to certificates signed by DigiCert. Participate in discussions on how to streamline management and issuance of certificates, including reviews of Certificate Management Systems (CMS) software for purchase by company. Took over role of IT Application Owner for the Enterprise-wide Certificate Management Solution (CMS). Plan and develop integration of Keyfactor CMS to Bank’s internal PKI solution for end-to-end automation of issuance, renewal, and revocation. Show less

Senior Consultant (PKI), Division of Infrastructure Operations

• Oct 2017 - May 2018

Contract position through CenturyLink (prime) and Grant Leading Technology (sub) at the Division of Infrastructure Operations (DIO), for the Office of Information Management and Technology (OIMT) at the U.S Food and Drug Administration. Provide guidance to PKI Team looking to modernize their Infrastructure for internal FDA PKI environment. Assist with planning, documenting, and coordinating the installation of Thales HSM for use with the FDA PKI environment. Coordinate the configuration of a High Availability (HA) Storage solution to accommodate dual site redundancy for FDA PKI Lead effort for modernization of a 2-tier Microsoft CA to include HA for the subordinate CAs as well as the OCSP repeaters and responders. Implement industry best practices in the management of all internal SSL/TLS certificates using the Certificate Management System (CMS) from Certified Security Solutions (CSS). Assist with troubleshooting Advances issues with the FDA PKI environment escalated to Engineering/Level 3 support Show less

IAM Consultant (PKI), Division of Information Assurance

• Jun 2017 - Oct 2017

Contract position through Accenture Federal Services (prime) and iSymmetry (sub) to the Office of Chief Information Office (OCIO), part of the Office of the Assistant Secretary for Administration and Management (OASAM) at U.S. Department of Labor (DOL) One of 2 designated LRA (Local Registration Authorities) for DOL’s Federal Enterprise CA. Provide level 3 management of environment used to support the Personal Identity Verification (PIV) program including management of certificate policies defined for the eight different forests within DOL supporting all the sub-agencies within DOL. Assist Windows AD team with the distribution and maintenance of proper Federal Entrust Root and Issuing Intermediate CA certificates. Maintenance/patching of HID Global ActivID Online Certificate Status Protocol (OCSP) Validation appliance/server responders. Provide guidance on x509v3 standards as it pertains to use of PIV for the Homeland Security Presidential Directive 12 (HSPD-12). Integration of the PIV card logon system with the Identity and Access Management (IAM) system for use with DOL internal applications. Helped setup and implement a monitoring system (written in Windows PowerShell) to check health status of OCSP responders, as well as the 126 Domain Controllers geographically spread across the U.S. Show less

Security Engineer III (PKI Lead), Information Security

• Sep 2016 - Apr 2017

Lead execution of enterprise effort to standup private enterprise Fannie Mae Certificate Authority (CA) to handle over 10k internal use only certificates as well as about 1k public facing certificates.One of 2 designated Security Officers for management of the hosted Enterprise CA solution at Symantec.Coordinated installs of hardware and software needed to support Enterprise CA with vendors, and internal Infrastructure teams for Dev, Test, Acceptance, and Production environment.Assisted Security Architect in troubleshooting issues and finding viable solutions to Infrastructure limitationHands-on approach to install and configure Gemalto (SafeNet) Luna Hardware Security Module (HSM) for use with Enterprise CA.Worked with Professional Services Consultants from Venafi to install the Certificate Management Software (version 16.2.2) for use across all environments.Developed certificate policy tree for use within VenafiImport of all valid enterprise SSL certificates into Venafi and identified all that were non-compliant per Enterprise Certificate Policy.Trained Cyber Security Operations team on use of system for issuing certificates.Assisted application and infrastructure teams in troubleshooting more advanced SSL/TLS issues Show less

Technology Engineer III

• Jan 2011 - Sep 2016

Member of the Web and Application Server/Middleware group.Based on Subject Matter knowledge was asked to take on Technical Lead role for 4 business clusters.Acted as Primary SSL (PKI) Admin POC in answering questions, resolving issues, and issuing new/renewal certificates using OpenSSL generated keys and certificate signing requests (CSRs)Worked with application teams to move their certificates from the deprecated SHA-1 standard to SHA-2 before year-end 2016.Assisted application and infrastructure teams in troubleshooting SSL/TLS issues.Assisted with testing and implementing bi-annual Middleware Maintenance efforts which allowed applications to remain compliant with Fannie Mae Risk Standards.Planned, developed, and executed transition of 1000+ AutoSys Middleware jobs from old version (6.5) to new version (R11)Identified and performed initial research with 2 repeat issues that were causing constant alerts and Incident tickets1) Capital Market – problem with ADMIN instance host being slow to bring up instances which resulted in delayed/failed restart of domains after reboot2) Acquisitions – identified and narrowed issue with a release that was pushed to production with higher level of DEBUG, causing log files to rapidly fill up file system for almost 8 months.Initially asked to help address any operational issues for business cluster/applications that needed assistance and help with Get Ready projects.Provided technical guidance to junior members and contractors assigned for those clusters, and helped on issues requiring root cause analysis and long term fixes for those business clusters.Helped do root cause analysis and fix a recurring issue with Multifamily Applications which caused outages after bi-weekly server reboots for external facing application.Acted as Primary point of contact for Multifamily Project to move a retired platform (Solaris 8) and end-of-life application to a supported platform (Solaris 10) for Out of Region datacenter. Show less

Senior Engineer

• Aug 2008 - Jan 2011

Systems Developer

• Jul 2006 - May 2008

Lead Hosting Systems Administrator

• Jan 2005 - Jun 2006

Professional Services Consultant

• Sep 2003 - Oct 2004

Senior Product Support Specialist

• May 2000 - Sep 2003

Systems Administrator

• Nov 1998 - May 2000