Security Architect providing comprehensive (Application, Solution, Infrastructure and Governance) Security Consultancy to a range of programmes operating across the LBG business.
The most important is the Virtualisation Programme, defining and implementing the Azure hosting, tooling, communications and processes for the large-scale deployment of Azure Virtual Desktops to the LBG business worldwide.
Coventry Building Society is the second largest Building Society in the UK.
Security Architect providing comprehensive (Application, Solution, Infrastructure and Governance) Security Consultancy to a range of programmes operating across the CBS business; the following are the foremost of these ?
HR replacement ? Workday system ? Security consultancy function
Infrastructure Replacement Program (ITP) ? including Security and functional design review for the two new data centres? infrastructure and for the migration of systems to those data centres
Infrastructure Replacement Program (ITP) ? including Security and functional design review for third-party cloud-based infrastructure (primarily AWS) and for the migration of systems to those facilities
Mortgage Sales replacement programme - Security consultancy function to validate and create Security requirements for a third-party suite of Mortgage Sales functions
Security Architecture ? a comprehensive review and renovation of all Security Standards and Patterns within the CBS libraries
Security Architecture and Solution Architecture ? create the infrastructure and business process design of the Open Source Software Scanning facility, based on an AWS Docker implementation of Black Duck Hub, communicating via the CBS Secure Zones to the central Black Duck Hub Knowledgebase and enabling Dev/Test/Sec/Ops resources within CBS to scan and remediate all Open Source Tools and code components within the CBS estate.
Governance - formal Risk Analysis of functional proposals and designs, validated against NIST Control Categories and assured in accord with the ISO 27001 risk assessment procedures.
Security Architect providing comprehensive (Application, Solution, Infrastructure and Governance) Security Consultancy to a range of programmes operating across the LBG business; the following are some of the more challenging
Machine Intelligence / Machine Learning ? a wide range of Artificial Intelligence shared component service offerings to the broader business, hosted on dedicated Cloud provision (Sandbox and Liberty) and encompassing a number of third-party Cloud SaaS and IaaS facilities, together with bespoke API enhancements, providing AI functionality in a number of customer-facing areas of the core banking services. Both Security and Functional review of all Solution Designs in scope, including extensive rework of various designs to bring the quality and completeness up to the requisite standards.
Mortgage Transformation ? renewing and modernising many functions and interfaces in the Mortgages arena, including incorporating various third-party and Cloud offerings
Payments and Credit Cards ? Security Architect supporting extensions to Customer offerings, including PCI DSS Assurance, and full design specification of the HashiCorp Vault implementation
Financial Wellbeing ? Security Architect supporting a specialist team tasked with introducing processes and functions to support Customers experiencing financial difficulties
Secure Messaging ? Security, Infrastructure and Solution Architect advising on a range of Infrastructure and Security strategies to enhance capability for the Customers? interaction with Bank staff via Secure Messaging facilities, and co-authoring several of the core Solution Designs
Personal Account Servicing - Security Architect designing the Security components for a range of projects to simplify, streamline and make more functionally responsive the Customers? interaction with the Bank in relation to their Personal Account requirements.
The platforms upon which these programmes operate cover a wide spectrum of contemporary IT infrastructure components within the LBG datacentres and are also deployed upon a range of Cloud platforms
Three forms of in-house Cloud provision ? request, automated by pattern, self-service
Two forms of dedicated IBM-hosted Cloud provision ? Sandbox (typically used for POCs and similar) and Liberty (for pre-Production and Production facilities)
Several forms of COTS Cloud provision ? AWS and Azure are the primary service providers
Several forms of Cloud provision of SaaS and IaaS facilities ? IBM Watson (an Operational AI suite), Oracle IVR (Interactive Voice Response) and a number of other service providers
The processes and patterns for usage of these Cloud platforms correspondingly varies by type
The in-house Cloud provision and also the dedicated IBM-hosted Cloud provision have standardised interfaces and base system software and configuration patterns, but these are continually evolving to facilitate varying demand.
Hence projects typically deploy to a mix of standard patterns for the respective environment and bespoke patterns which the project itself defines and takes through governance to gain approval for deployment.
The COTS Cloud provision ? these follow the strictly enforced patterns for deployment defined by AWS and Azure and variance from those respective patterns is very rare.
The Cloud provision of SaaS and IaaS facilities ? these follow the third-party patterns for system configuration which are agreed within the contractual SLAs then, within those offerings, extensive tailoring of the message templates and the business rules for data processing and transformation is carried out.
Lead Security Architect on a massive divestment programme, the creation of the new Williams and Glyn Bank which comprises a vertical and horizontal slice of the entirety of the RBS retail and corporate businesses, and hence the vast range of systems and infrastructure which supports those businesses.
That range encompasses the full gamut of technologies from archaic Windows platforms running very long-standing legacy systems to state-of-the art Enterprise Information Systems and Artificial Intelligence services, widely distributed across diverse in-house and Cloud platforms.
Provide Security Architecture leadership and technical expertise for the entirety of those systems and business services, giving strategic direction to what is unquestionably the largest IT programme in my long career, and what is believed to be the largest IT programme taking place in Europe during these years.
Set up, manage, chair and technically lead the Security Technical Design Authority function to validate and refine all designs for every functional area of the W&G Programme. Act as the Security Lead for the full Programme Technical Design Authority which follows (within the design governance stream) from my Security Technical Design Authority. As required, act as both Chair and the Security Lead for the full Programme Technical Design Authority when the Lead Enterprise Architect is on leave or otherwise engaged,
Set up, manage and technically lead the Access Request Management Desk (5 staff) to validate all access requests for every functional area of the W&G Programme, and to escalate for Security review all complex / privileged requests; also run that Security escalation facility.
Define, assure and report upon the full range of Security function processes and implementations for a major Technology Service Provider to the Williams and Glyn Programme. The TSP provides extensive Training and Competence (T&C) schemes and processes, based on a solution managed from their York offices, hosted by the Microsoft Azure Dublin datacentre complex and serving the Williams and Glyn offices. Work interactively with the TSP and their W&G customer team to conduct a comprehensive Security design, assurance and remediation exercise which resulted in the TSP being accredited as a W&G TSP.
Define many of the Security standards and processes for the whole of the Williams and Glyn Programme.
Author the Security Non-Functional Requirements for the whole of the Williams and Glyn Programme, and take them successfully through the 12-month review and governance process which includes all of the major parties to the Programme.
PCI DSS standards, ISO 27000 standards, spanning the entirety of RRD?s Service-Orientated Architecture (SOA) and underlying infrastructure.
Provide Security Architecture leadership and technical expertise for the full range of systems and business services which R.R. Donnelley (Global Document Solutions) provides to two of its major corporate clients, Barclays Bank and Barclaycard.
Become the reference point for all Barclays Group interactions with RRD in terms of technical PCI Compliance.
Develop and refine all of the RRD methods and techniques of PCI Compliance in respect of changing business activities and evolving PCI governance requirements.
Design logical and physical PCI remediation solutions in the form of a wide-ranging series of Security designs for the full array of RRD services to Barclays Group, both direct (payments-related) and ancillary (cards, pins and statements management and issuance).
Participate in all aspects of the joint Quality Assurance activities and, where applicable, lead the augmentation of the PCI methods and techniques via which the RRD services to Barclays Group are made compliant by the most readily achievable, and thus cost-effective, means.
Additionally, fulfil the role of Solution Architect for a range of integrated application, infrastructure and security designs for several other RRD clients, including full DR / BCM provision.
Linux, zOS, Oracle Database 10g / 11g, DB2, CICS, WebSphere suite, Rational Software Architect, Troux Navigate, Troux Source, SOA, J2EE (Enterprise Java, including EJB), BizTalk, Informatica Platform tools, SAP, Active Directory, many other system products and utilities.
A very large and diverse range of platforms, operating systems, databases, protocols, utilities, servers, applications, etc.
Business and technical analysis to create infrastructure, data and security designs in respect of the migration and integration of many systems and their associated infrastructure from one set of Data Centres to another set.
Business and technical analysis to create infrastructure, data and security designs in respect of the decommissioning of many other systems and their associated infrastructure, either because the systems are no longer part of the Target Operating Model or because the system migration has left behind superfluous infrastructure.
Full project responsibility, commencing with solely a simple outline of the intended scope of the system integration.
From this starting point, I liaised with all interested parties - higher management, business and system owners, SMEs, end-users, operations staff, architecture governance bodies, etc. - to derive and agree the high- and low-level business requirements.
I then created the high-level design which defined the standards and methods for the detailed project design work to follow.
I then led the team which produced all of those low-level designs, writing many of the designs myself, reviewing all other designs and then taking all designs through the layers of LBG governance to approval.
IBM Rational Software Architect was the architectural environment, methodology and toolset that was being instated at the design and development level of the projects.
Troux Source and the associated Troux navigation and reporting tools were the underlying infrastructural data repository and infrastructural management methodology.
Additional achievements included
Contributing to the Solvency II working group workshops in respect of the risks and impacts to those integrated systems.
Defining new LBG group-wide security standards in respect of DB2 database secure deletion (government-standard data wiping) across all (non-transient) data storage components of the DB2 database in accord with ISO 27000 standards.
The complete range of the Lloyds TSB and HBOS General Insurance installed systems base is in scope.
Creating infrastructure, data and security designs for many of the CFS card payment systems, in accord with PCI-DSS stipulations.
Full range of functions, from primary capture of business requirements through to creation of high- and low-level designs.
Team Leader of the Oracle Design Factory, the Architectural technical resource pool for many ING projects; despite the group?s name, the technical scope included not only Oracle but also SQL Server, Unix and a wide-variety of COTS products.
Working directly with Business Owners, End Users, Project Managers and my Architecture and DBA peer-groups to analyse and create a series of architectural, database and security designs for a diverse range of banking projects.
Managing resource schedules, acting as technical SME, providing full QA of the team?s deliverables, liaising with higher management.
Some of the more notable deliverables include
The functional and security design of the Oracle components of a major DB2 to Oracle database migration.
A Syslogging design (functional and security), capturing application API and system events, using Log4J, syslogd daemons and Tivoli Alerting Solution, to transport securely and performantly the events from source machines to the LogHost and prepare them for analysis and reporting by Tivoli.
Design and implement a reporting database for Basel II operational risk data collation and analysis
Create from scratch the group-wide ING standard requirements and implementation template for all Data Guard designs, the primary basis for the DR / BCM provision across many ING projects
Augment ING?s Operational Security Guidelines for Oracle 10gR2 (partial), and for other infrastructural components (entire), with particular reference to all ISO27000 stipulations.
Carrying out the full range of Security Design, Assurance and Accreditation functions as the STDA for all of the development phases of the DWP?s Central Payment System, including leading the liaison and formal review processes with the DWP?s own Security Architecture Team.
Writing and presenting to the client a series of security designs and also working as the in-house team leader for many remote resources from the Siemens Insight Consulting (SIC) pool, reviewing their designs and coordinating the designs with the broader parameters of the project - in both cases, working across widely diverse areas of expertise ? Audit (active and passive), IAM, formal Risk Analysis, all ISO 27000 standards, DPA, Oracle database security, Business Continuity (BCM), etc.
Providing QA and management functions to those remote resources; liaising with the management hierarchy of the prime contractor, Siemens (SIS), and of the client, the DWP, for a range of reporting and problem resolution functions.
CPS is a core project for the DWP which, when fully implemented over a 5-year project lifecycle, will carry out a large percentage of the DWP?s client payment services, replacing a wide range of heritage systems.
Liaise between a wide range of architecture, systems and applications groups, within the tripartite corporate structure (DVLA, Fujitsu, IBM), to ensure joined-up development, testing and implementation, and also environmental completeness and readiness, in respect of the DVLA systems re-engineering.
Full range of hands-on AIX Oracle DBA duties across many environments, from Development through to Production.
Close liaison with, and execution of projects for, the zOS Adabas DBA team.
Data Warehouse implementation - complete responsibility for design and implementation of the Production Stage Reporting Facility, a facility enabling extraction of data from Production Oracle databases into a Reporting data warehouse.
Carry out the Business and Systems analysis for the proposal, in direct consultation with the user group, carry the proposal through the review and approval process, then design and implement the Oracle data warehouse, carry out the installation and configuration of the associated reporting tool, Oracle Discoverer, via which the Reporting Facility is enabled, and participate in post- implementation user training and support.
The Data Warehouse was developed in accord with IBM?s Worldwide Solution Design and Delivery Method (WSDDM), i.e. designed around the five information engineering tiers:
ISP - Information System Planning
BAA - Business Area Analysis
BSD - Business System Design
BSI - Business System Implementation
BSM - Business System Maintenance
and designed in accord with the top-down principles of the methodology
Infrastructure Analysis - specification of a wide range of hardware configuration and purchase options.
Security Analysis - specification of the security design for Partial Protective Monitoring (i.e. auditing), in accord with CESG InfoSec stipulations.
Data and Image Transformation (OS390 / zOS Adabas EBCDIC data, transformed and re-modelled to AIX Oracle ASCII) -
Manage, co-design and execute the transformation of image data - zOS Adabas JPEG / GIF representations to Oracle BLOBs.
Design and code / tailor a set of IBM zOS mainframe Assembler (HLASM) data transformation utilities, to facilitate the migration of historical textual data and the propagation of current textual data from the DVLA?s Adabas database to the new Oracle data warehouse, databases and data model.
Analyse and resolve an extensive set of data transformation issues between the EBCDIC and ASCII collating sequences and codesets.
An open brief, to analyse a large subset of Prudential America?s Insurance systems, utilities, jobs, databases and datasets, within their systems division, Pramerica Systems Ireland, to produce a set of recommendations for resource savings and performance enhancements, including management overview, fully detailed technical justification, cost-benefit analysis and outline project planning.
The work was finished to schedule; data and processing resource savings exceeding $100,000 per annum were identified, and the remediation plan defined.
A gigantic project to redevelop entirely a series of DWP and IR Governmental financial, taxation and benefit systems
Child Support (reform)
CSr Bulk Migration
Customer Management System
CMS Operational Management Information
Management Information Systems (MIS)
Including ETL to Business Data Warehouse and Data Marts
New Tax Credit
Notifications Online
Disability Living Allowance
Pension Forecasting System
eCMS Child Benefit
eCMS Invalidity Carers Allowance
Modernising Appeals Programme
Work Management System
Customer Information System
Resource Management Programme
HRTS
Debt Centre E-Enablement
etc.
on a highly complex, nationally distributed, multi-tier, multi-technology architecture, which also interfaces extensively with many governmental Legacy systems (IS, JSA, PSCS/Incap, LMS, ATAS, PDCS, DCI etc. etc.)
I am a consultant within the key Performance Assurance Team, whose brief is to develop Strategies, Criteria, Models, Volumetrics, Test Plans, Test Scripts, OCM plans, Statistical Analyses, Performance Tuning briefs etc. etc. to assure the performance of every sub-system, component and interrelationship in the end-to-end system, and to assess the applicability and impact of new system software releases and new system tools.
My particular specialisation is that I am responsible, within the EDS company-wide Technical Leadership team, for leading the Assurance of Coexistence in Production of many, very large and widely disparate, projects, across many code releases, across the whole of that complex, multi-layered technical architecture.
The core approach to Testing and QA is based upon the IBM Rational Performance Tester methodology, toolsets and reporting.
A consultancy role, involving analysis of their Database / Data Communications / Applications performance problems.
Carry out a complete audit of all components of the systems, and develop and present a detailed review paper, with recommended enhancements for each component.
Carry out in-depth analysis of the applications systems, and identify the most resource intensive (CPU and Database) candidates for tuning. Develop and present recommended tuning enhancements for candidate programs and database tables. Define the metrical standards and techniques for performance analysis and validation.
A consultancy role, involving taking over the full technical management of all aspects of two of PMI?s core mainframe projects ? one DB2-based, one IMS-based.
User liaison and requirements co-definition; Business and systems analysis; Database functions, including logical design and performance tuning; Application systems design, coding, testing and implementation.
This is a role as a Consultant working for IBM Germany, and placed with Vodafone Telecommerce to carry out a full range of DB2 and IDMS DBA duties.
As IBM's onsite consultant, I am required to report within my IBM management line's project management methodology (WWPMM), especially within the Risk Management, Track and Control and Work Plan Management processes.
Perhaps the most challenging task is the implementation and use (first in VTC, first successful in the world) of a new release of Cogito?s DB reorganisation tools; these are a superset of the standard reorganisation tools, and they allow full reorganisation of a Production database while that database is still available for update.
As a consequence of this leading-edge implementation, writing the manual for the optimised implementation procedures, which has become Cogito?s de facto standard, distributed to their customers world-wide.
In parallel with such system software implementation and database reorganisation work, there is participation in all of the normal physical and logical DBA work and performance tuning on their mainframe database systems, via use of the full range of DBA utilities, and the design and creation of various bespoke data manipulation programs (PL/1, COBOL. Assembler).
Another interesting task is to prepare high-level and detailed comparison documents, describing the relative capabilities and shortcomings of the Oracle and Sybase DBMS, with regard to the decision process for choice of platform on which to base a forthcoming new project.
A subsequent role, for the D2 division of Vodafone, is to analyse, specify, program and co-implement a set of data reconciliation procedures and programs. Vodafone Germany is moving its primary systems base from OS/390, IDMS and DB2 to a Unix and Oracle platform. Perhaps the most critical facet of this move is the very large-scale database migration. My task is to achieve the reconciliation of the data, and particularly the key Customer Accounts and Services, and Migration Control, data between the two systems bases. The data is additionally loaded, via a regularly scheduled suite of batch procedures to the Data Warehouse Oracle database, and I am required to ensure the integrity of this process. The data reconciliation suite, harmonising the 3 database platforms, was implemented successfully and on time.
further projects on request
Degrees
Educational Qualifications:
O-level:
Chemistry
Engineering Drawing
English Language
English Literature
French
Geography
Mathematics
Physics
A-level:
English Literature
General Studies
Pure and Applied Mathematics
Oracle Certified Professional:
Database Administration
Database Backup and Recovery
Database 10g: New Features for Administrators
Sicherheitsarchitekt - Infrastruktur, Systeme, Software
CAREER SUMMARY
I have worked extensively in a variety of System and Security Architect roles, Technical Consultancy roles and as a pure Business and Systems analyst.
I have profound experience of defining, designing and assuring (via formal Risk Analysis matrix) full compliance with a wide range of legislative, commercial and technical standards - ISO 27000 suite, PCI-DSS, BASEL II, Solvency II, CESG InfoSec, NIST and others.
I have fulfilled key Performance Consultancy roles in major projects with responsibility for the assurance of performance and coexistence across highly complex, multi-layered technical architectures.
I have significant experience as a Database Designer and Administrator, for a variety of DBMS, and of the installation, configuration, performance tuning and use of system software packages, in a variety of technical environments.
I have fulfilled, for both Applications Development teams and DBA teams, the roles of Project Manager, Team Leader and Senior Analyst, in the fullest sense of taking projects from inception to completion.
I have also done migration and conversion (hardware, systems and data), and development / maintenance / enhancement work, in both Technical Leader roles and as an Analyst / Programmer, including large-scale performance tuning and re-engineering of systems.
I have carried out these roles for organisations working in a wide variety of commercial and administrative endeavours, particularly in the fields of Finance, Telecommunications and Government.
SPECIAL EXPERTISE
I am fully-qualified as both an IBM mainframe DBA (multiple DBMSs) and a Unix Oracle DBA
(but please note that I now use this experience solely to inform my Architect roles and I no longer work as a DBA).
My special area of expertise is with large, complex, Service Orientated Architectures, incorporating multiple, heterogeneous system and database platforms, hosted on physical, virtual and cloud solutions, and with the communications, data flows and data transformations between those platforms.
In recent years, this has included acting as primary Security and Technical Architect for a wide range of major UK Government systems, and UK and European Banking systems, as detailed within my career history following.
REFERENCES on request
Security Architect providing comprehensive (Application, Solution, Infrastructure and Governance) Security Consultancy to a range of programmes operating across the LBG business.
The most important is the Virtualisation Programme, defining and implementing the Azure hosting, tooling, communications and processes for the large-scale deployment of Azure Virtual Desktops to the LBG business worldwide.
Coventry Building Society is the second largest Building Society in the UK.
Security Architect providing comprehensive (Application, Solution, Infrastructure and Governance) Security Consultancy to a range of programmes operating across the CBS business; the following are the foremost of these ?
HR replacement ? Workday system ? Security consultancy function
Infrastructure Replacement Program (ITP) ? including Security and functional design review for the two new data centres? infrastructure and for the migration of systems to those data centres
Infrastructure Replacement Program (ITP) ? including Security and functional design review for third-party cloud-based infrastructure (primarily AWS) and for the migration of systems to those facilities
Mortgage Sales replacement programme - Security consultancy function to validate and create Security requirements for a third-party suite of Mortgage Sales functions
Security Architecture ? a comprehensive review and renovation of all Security Standards and Patterns within the CBS libraries
Security Architecture and Solution Architecture ? create the infrastructure and business process design of the Open Source Software Scanning facility, based on an AWS Docker implementation of Black Duck Hub, communicating via the CBS Secure Zones to the central Black Duck Hub Knowledgebase and enabling Dev/Test/Sec/Ops resources within CBS to scan and remediate all Open Source Tools and code components within the CBS estate.
Governance - formal Risk Analysis of functional proposals and designs, validated against NIST Control Categories and assured in accord with the ISO 27001 risk assessment procedures.
Security Architect providing comprehensive (Application, Solution, Infrastructure and Governance) Security Consultancy to a range of programmes operating across the LBG business; the following are some of the more challenging
Machine Intelligence / Machine Learning ? a wide range of Artificial Intelligence shared component service offerings to the broader business, hosted on dedicated Cloud provision (Sandbox and Liberty) and encompassing a number of third-party Cloud SaaS and IaaS facilities, together with bespoke API enhancements, providing AI functionality in a number of customer-facing areas of the core banking services. Both Security and Functional review of all Solution Designs in scope, including extensive rework of various designs to bring the quality and completeness up to the requisite standards.
Mortgage Transformation ? renewing and modernising many functions and interfaces in the Mortgages arena, including incorporating various third-party and Cloud offerings
Payments and Credit Cards ? Security Architect supporting extensions to Customer offerings, including PCI DSS Assurance, and full design specification of the HashiCorp Vault implementation
Financial Wellbeing ? Security Architect supporting a specialist team tasked with introducing processes and functions to support Customers experiencing financial difficulties
Secure Messaging ? Security, Infrastructure and Solution Architect advising on a range of Infrastructure and Security strategies to enhance capability for the Customers? interaction with Bank staff via Secure Messaging facilities, and co-authoring several of the core Solution Designs
Personal Account Servicing - Security Architect designing the Security components for a range of projects to simplify, streamline and make more functionally responsive the Customers? interaction with the Bank in relation to their Personal Account requirements.
The platforms upon which these programmes operate cover a wide spectrum of contemporary IT infrastructure components within the LBG datacentres and are also deployed upon a range of Cloud platforms
Three forms of in-house Cloud provision ? request, automated by pattern, self-service
Two forms of dedicated IBM-hosted Cloud provision ? Sandbox (typically used for POCs and similar) and Liberty (for pre-Production and Production facilities)
Several forms of COTS Cloud provision ? AWS and Azure are the primary service providers
Several forms of Cloud provision of SaaS and IaaS facilities ? IBM Watson (an Operational AI suite), Oracle IVR (Interactive Voice Response) and a number of other service providers
The processes and patterns for usage of these Cloud platforms correspondingly varies by type
The in-house Cloud provision and also the dedicated IBM-hosted Cloud provision have standardised interfaces and base system software and configuration patterns, but these are continually evolving to facilitate varying demand.
Hence projects typically deploy to a mix of standard patterns for the respective environment and bespoke patterns which the project itself defines and takes through governance to gain approval for deployment.
The COTS Cloud provision ? these follow the strictly enforced patterns for deployment defined by AWS and Azure and variance from those respective patterns is very rare.
The Cloud provision of SaaS and IaaS facilities ? these follow the third-party patterns for system configuration which are agreed within the contractual SLAs then, within those offerings, extensive tailoring of the message templates and the business rules for data processing and transformation is carried out.
Lead Security Architect on a massive divestment programme, the creation of the new Williams and Glyn Bank which comprises a vertical and horizontal slice of the entirety of the RBS retail and corporate businesses, and hence the vast range of systems and infrastructure which supports those businesses.
That range encompasses the full gamut of technologies from archaic Windows platforms running very long-standing legacy systems to state-of-the art Enterprise Information Systems and Artificial Intelligence services, widely distributed across diverse in-house and Cloud platforms.
Provide Security Architecture leadership and technical expertise for the entirety of those systems and business services, giving strategic direction to what is unquestionably the largest IT programme in my long career, and what is believed to be the largest IT programme taking place in Europe during these years.
Set up, manage, chair and technically lead the Security Technical Design Authority function to validate and refine all designs for every functional area of the W&G Programme. Act as the Security Lead for the full Programme Technical Design Authority which follows (within the design governance stream) from my Security Technical Design Authority. As required, act as both Chair and the Security Lead for the full Programme Technical Design Authority when the Lead Enterprise Architect is on leave or otherwise engaged,
Set up, manage and technically lead the Access Request Management Desk (5 staff) to validate all access requests for every functional area of the W&G Programme, and to escalate for Security review all complex / privileged requests; also run that Security escalation facility.
Define, assure and report upon the full range of Security function processes and implementations for a major Technology Service Provider to the Williams and Glyn Programme. The TSP provides extensive Training and Competence (T&C) schemes and processes, based on a solution managed from their York offices, hosted by the Microsoft Azure Dublin datacentre complex and serving the Williams and Glyn offices. Work interactively with the TSP and their W&G customer team to conduct a comprehensive Security design, assurance and remediation exercise which resulted in the TSP being accredited as a W&G TSP.
Define many of the Security standards and processes for the whole of the Williams and Glyn Programme.
Author the Security Non-Functional Requirements for the whole of the Williams and Glyn Programme, and take them successfully through the 12-month review and governance process which includes all of the major parties to the Programme.
PCI DSS standards, ISO 27000 standards, spanning the entirety of RRD?s Service-Orientated Architecture (SOA) and underlying infrastructure.
Provide Security Architecture leadership and technical expertise for the full range of systems and business services which R.R. Donnelley (Global Document Solutions) provides to two of its major corporate clients, Barclays Bank and Barclaycard.
Become the reference point for all Barclays Group interactions with RRD in terms of technical PCI Compliance.
Develop and refine all of the RRD methods and techniques of PCI Compliance in respect of changing business activities and evolving PCI governance requirements.
Design logical and physical PCI remediation solutions in the form of a wide-ranging series of Security designs for the full array of RRD services to Barclays Group, both direct (payments-related) and ancillary (cards, pins and statements management and issuance).
Participate in all aspects of the joint Quality Assurance activities and, where applicable, lead the augmentation of the PCI methods and techniques via which the RRD services to Barclays Group are made compliant by the most readily achievable, and thus cost-effective, means.
Additionally, fulfil the role of Solution Architect for a range of integrated application, infrastructure and security designs for several other RRD clients, including full DR / BCM provision.
Linux, zOS, Oracle Database 10g / 11g, DB2, CICS, WebSphere suite, Rational Software Architect, Troux Navigate, Troux Source, SOA, J2EE (Enterprise Java, including EJB), BizTalk, Informatica Platform tools, SAP, Active Directory, many other system products and utilities.
A very large and diverse range of platforms, operating systems, databases, protocols, utilities, servers, applications, etc.
Business and technical analysis to create infrastructure, data and security designs in respect of the migration and integration of many systems and their associated infrastructure from one set of Data Centres to another set.
Business and technical analysis to create infrastructure, data and security designs in respect of the decommissioning of many other systems and their associated infrastructure, either because the systems are no longer part of the Target Operating Model or because the system migration has left behind superfluous infrastructure.
Full project responsibility, commencing with solely a simple outline of the intended scope of the system integration.
From this starting point, I liaised with all interested parties - higher management, business and system owners, SMEs, end-users, operations staff, architecture governance bodies, etc. - to derive and agree the high- and low-level business requirements.
I then created the high-level design which defined the standards and methods for the detailed project design work to follow.
I then led the team which produced all of those low-level designs, writing many of the designs myself, reviewing all other designs and then taking all designs through the layers of LBG governance to approval.
IBM Rational Software Architect was the architectural environment, methodology and toolset that was being instated at the design and development level of the projects.
Troux Source and the associated Troux navigation and reporting tools were the underlying infrastructural data repository and infrastructural management methodology.
Additional achievements included
Contributing to the Solvency II working group workshops in respect of the risks and impacts to those integrated systems.
Defining new LBG group-wide security standards in respect of DB2 database secure deletion (government-standard data wiping) across all (non-transient) data storage components of the DB2 database in accord with ISO 27000 standards.
The complete range of the Lloyds TSB and HBOS General Insurance installed systems base is in scope.
Creating infrastructure, data and security designs for many of the CFS card payment systems, in accord with PCI-DSS stipulations.
Full range of functions, from primary capture of business requirements through to creation of high- and low-level designs.
Team Leader of the Oracle Design Factory, the Architectural technical resource pool for many ING projects; despite the group?s name, the technical scope included not only Oracle but also SQL Server, Unix and a wide-variety of COTS products.
Working directly with Business Owners, End Users, Project Managers and my Architecture and DBA peer-groups to analyse and create a series of architectural, database and security designs for a diverse range of banking projects.
Managing resource schedules, acting as technical SME, providing full QA of the team?s deliverables, liaising with higher management.
Some of the more notable deliverables include
The functional and security design of the Oracle components of a major DB2 to Oracle database migration.
A Syslogging design (functional and security), capturing application API and system events, using Log4J, syslogd daemons and Tivoli Alerting Solution, to transport securely and performantly the events from source machines to the LogHost and prepare them for analysis and reporting by Tivoli.
Design and implement a reporting database for Basel II operational risk data collation and analysis
Create from scratch the group-wide ING standard requirements and implementation template for all Data Guard designs, the primary basis for the DR / BCM provision across many ING projects
Augment ING?s Operational Security Guidelines for Oracle 10gR2 (partial), and for other infrastructural components (entire), with particular reference to all ISO27000 stipulations.
Carrying out the full range of Security Design, Assurance and Accreditation functions as the STDA for all of the development phases of the DWP?s Central Payment System, including leading the liaison and formal review processes with the DWP?s own Security Architecture Team.
Writing and presenting to the client a series of security designs and also working as the in-house team leader for many remote resources from the Siemens Insight Consulting (SIC) pool, reviewing their designs and coordinating the designs with the broader parameters of the project - in both cases, working across widely diverse areas of expertise ? Audit (active and passive), IAM, formal Risk Analysis, all ISO 27000 standards, DPA, Oracle database security, Business Continuity (BCM), etc.
Providing QA and management functions to those remote resources; liaising with the management hierarchy of the prime contractor, Siemens (SIS), and of the client, the DWP, for a range of reporting and problem resolution functions.
CPS is a core project for the DWP which, when fully implemented over a 5-year project lifecycle, will carry out a large percentage of the DWP?s client payment services, replacing a wide range of heritage systems.
Liaise between a wide range of architecture, systems and applications groups, within the tripartite corporate structure (DVLA, Fujitsu, IBM), to ensure joined-up development, testing and implementation, and also environmental completeness and readiness, in respect of the DVLA systems re-engineering.
Full range of hands-on AIX Oracle DBA duties across many environments, from Development through to Production.
Close liaison with, and execution of projects for, the zOS Adabas DBA team.
Data Warehouse implementation - complete responsibility for design and implementation of the Production Stage Reporting Facility, a facility enabling extraction of data from Production Oracle databases into a Reporting data warehouse.
Carry out the Business and Systems analysis for the proposal, in direct consultation with the user group, carry the proposal through the review and approval process, then design and implement the Oracle data warehouse, carry out the installation and configuration of the associated reporting tool, Oracle Discoverer, via which the Reporting Facility is enabled, and participate in post- implementation user training and support.
The Data Warehouse was developed in accord with IBM?s Worldwide Solution Design and Delivery Method (WSDDM), i.e. designed around the five information engineering tiers:
ISP - Information System Planning
BAA - Business Area Analysis
BSD - Business System Design
BSI - Business System Implementation
BSM - Business System Maintenance
and designed in accord with the top-down principles of the methodology
Infrastructure Analysis - specification of a wide range of hardware configuration and purchase options.
Security Analysis - specification of the security design for Partial Protective Monitoring (i.e. auditing), in accord with CESG InfoSec stipulations.
Data and Image Transformation (OS390 / zOS Adabas EBCDIC data, transformed and re-modelled to AIX Oracle ASCII) -
Manage, co-design and execute the transformation of image data - zOS Adabas JPEG / GIF representations to Oracle BLOBs.
Design and code / tailor a set of IBM zOS mainframe Assembler (HLASM) data transformation utilities, to facilitate the migration of historical textual data and the propagation of current textual data from the DVLA?s Adabas database to the new Oracle data warehouse, databases and data model.
Analyse and resolve an extensive set of data transformation issues between the EBCDIC and ASCII collating sequences and codesets.
An open brief, to analyse a large subset of Prudential America?s Insurance systems, utilities, jobs, databases and datasets, within their systems division, Pramerica Systems Ireland, to produce a set of recommendations for resource savings and performance enhancements, including management overview, fully detailed technical justification, cost-benefit analysis and outline project planning.
The work was finished to schedule; data and processing resource savings exceeding $100,000 per annum were identified, and the remediation plan defined.
A gigantic project to redevelop entirely a series of DWP and IR Governmental financial, taxation and benefit systems
Child Support (reform)
CSr Bulk Migration
Customer Management System
CMS Operational Management Information
Management Information Systems (MIS)
Including ETL to Business Data Warehouse and Data Marts
New Tax Credit
Notifications Online
Disability Living Allowance
Pension Forecasting System
eCMS Child Benefit
eCMS Invalidity Carers Allowance
Modernising Appeals Programme
Work Management System
Customer Information System
Resource Management Programme
HRTS
Debt Centre E-Enablement
etc.
on a highly complex, nationally distributed, multi-tier, multi-technology architecture, which also interfaces extensively with many governmental Legacy systems (IS, JSA, PSCS/Incap, LMS, ATAS, PDCS, DCI etc. etc.)
I am a consultant within the key Performance Assurance Team, whose brief is to develop Strategies, Criteria, Models, Volumetrics, Test Plans, Test Scripts, OCM plans, Statistical Analyses, Performance Tuning briefs etc. etc. to assure the performance of every sub-system, component and interrelationship in the end-to-end system, and to assess the applicability and impact of new system software releases and new system tools.
My particular specialisation is that I am responsible, within the EDS company-wide Technical Leadership team, for leading the Assurance of Coexistence in Production of many, very large and widely disparate, projects, across many code releases, across the whole of that complex, multi-layered technical architecture.
The core approach to Testing and QA is based upon the IBM Rational Performance Tester methodology, toolsets and reporting.
A consultancy role, involving analysis of their Database / Data Communications / Applications performance problems.
Carry out a complete audit of all components of the systems, and develop and present a detailed review paper, with recommended enhancements for each component.
Carry out in-depth analysis of the applications systems, and identify the most resource intensive (CPU and Database) candidates for tuning. Develop and present recommended tuning enhancements for candidate programs and database tables. Define the metrical standards and techniques for performance analysis and validation.
A consultancy role, involving taking over the full technical management of all aspects of two of PMI?s core mainframe projects ? one DB2-based, one IMS-based.
User liaison and requirements co-definition; Business and systems analysis; Database functions, including logical design and performance tuning; Application systems design, coding, testing and implementation.
This is a role as a Consultant working for IBM Germany, and placed with Vodafone Telecommerce to carry out a full range of DB2 and IDMS DBA duties.
As IBM's onsite consultant, I am required to report within my IBM management line's project management methodology (WWPMM), especially within the Risk Management, Track and Control and Work Plan Management processes.
Perhaps the most challenging task is the implementation and use (first in VTC, first successful in the world) of a new release of Cogito?s DB reorganisation tools; these are a superset of the standard reorganisation tools, and they allow full reorganisation of a Production database while that database is still available for update.
As a consequence of this leading-edge implementation, writing the manual for the optimised implementation procedures, which has become Cogito?s de facto standard, distributed to their customers world-wide.
In parallel with such system software implementation and database reorganisation work, there is participation in all of the normal physical and logical DBA work and performance tuning on their mainframe database systems, via use of the full range of DBA utilities, and the design and creation of various bespoke data manipulation programs (PL/1, COBOL. Assembler).
Another interesting task is to prepare high-level and detailed comparison documents, describing the relative capabilities and shortcomings of the Oracle and Sybase DBMS, with regard to the decision process for choice of platform on which to base a forthcoming new project.
A subsequent role, for the D2 division of Vodafone, is to analyse, specify, program and co-implement a set of data reconciliation procedures and programs. Vodafone Germany is moving its primary systems base from OS/390, IDMS and DB2 to a Unix and Oracle platform. Perhaps the most critical facet of this move is the very large-scale database migration. My task is to achieve the reconciliation of the data, and particularly the key Customer Accounts and Services, and Migration Control, data between the two systems bases. The data is additionally loaded, via a regularly scheduled suite of batch procedures to the Data Warehouse Oracle database, and I am required to ensure the integrity of this process. The data reconciliation suite, harmonising the 3 database platforms, was implemented successfully and on time.
further projects on request
Degrees
Educational Qualifications:
O-level:
Chemistry
Engineering Drawing
English Language
English Literature
French
Geography
Mathematics
Physics
A-level:
English Literature
General Studies
Pure and Applied Mathematics
Oracle Certified Professional:
Database Administration
Database Backup and Recovery
Database 10g: New Features for Administrators
Sicherheitsarchitekt - Infrastruktur, Systeme, Software
CAREER SUMMARY
I have worked extensively in a variety of System and Security Architect roles, Technical Consultancy roles and as a pure Business and Systems analyst.
I have profound experience of defining, designing and assuring (via formal Risk Analysis matrix) full compliance with a wide range of legislative, commercial and technical standards - ISO 27000 suite, PCI-DSS, BASEL II, Solvency II, CESG InfoSec, NIST and others.
I have fulfilled key Performance Consultancy roles in major projects with responsibility for the assurance of performance and coexistence across highly complex, multi-layered technical architectures.
I have significant experience as a Database Designer and Administrator, for a variety of DBMS, and of the installation, configuration, performance tuning and use of system software packages, in a variety of technical environments.
I have fulfilled, for both Applications Development teams and DBA teams, the roles of Project Manager, Team Leader and Senior Analyst, in the fullest sense of taking projects from inception to completion.
I have also done migration and conversion (hardware, systems and data), and development / maintenance / enhancement work, in both Technical Leader roles and as an Analyst / Programmer, including large-scale performance tuning and re-engineering of systems.
I have carried out these roles for organisations working in a wide variety of commercial and administrative endeavours, particularly in the fields of Finance, Telecommunications and Government.
SPECIAL EXPERTISE
I am fully-qualified as both an IBM mainframe DBA (multiple DBMSs) and a Unix Oracle DBA
(but please note that I now use this experience solely to inform my Architect roles and I no longer work as a DBA).
My special area of expertise is with large, complex, Service Orientated Architectures, incorporating multiple, heterogeneous system and database platforms, hosted on physical, virtual and cloud solutions, and with the communications, data flows and data transformations between those platforms.
In recent years, this has included acting as primary Security and Technical Architect for a wide range of major UK Government systems, and UK and European Banking systems, as detailed within my career history following.
REFERENCES on request