Deutschland: weltweit
Provided consulting, architecture and support services for IBM Security Access Manager (ISAM) and IBM Security Verify Access (ISVA) infrastructures. ISAM/ISVA cloud migrations (design, concept, maintenance and operations) from existing on-premises implementation to cloud-based infrastructures (hosted in Amazon AWS) and hybrid ISAM/ISVA implementations. Configuration and performance optimization for ISAM/ISVA WebSeal instances. Configuration and maintenance of internal and externally facing WebSeal servers.
Maintenance of multi-factor authentication (MFA) with ISAM for Advanced Access Control (AAC) and Federations with ISAM federation module (Identity Provider and Service Provider - SAML, OAuth, OpenID, Google reCAPTCHA, IDaaS). Knowledge transfer, mentoring sessions, system documentation and training of permanent staff mainly for ISAM/ISVA.
Designed and implemented global IBM Security Access Manager (ISAM) cloud infrastructures. LDAP and ISAM data migration (design, concept and implementation) from existing on-premises implementation to new ISAM 9 cloud-based infrastructures (Microsoft Azure and Amazon AWS).
Implementation of multi-factor authentication (MFA) with ISAM for Advanced Access Control (AAC) and Federations with ISAM federation module (Identity Provider and Service Provider - SAML, OAuth, OpenID). Biometric user authentication (fingerprint reading, face and voice recognition) in conjunction with smartphone app ?IBM Verify?. Privileged account management (PAM) for on-prem middleware systems/operating systems and cloud-based middleware systems through CyberArk Vault MFA setup (RSA Token).
Designed, implemented and documented different disaster recovery (DR) scenarios (LDAP Master, WebSeal session and Policy Server failover) for high availability between two physically segregated global data centers. Knowledge transfer and training of permanent staff.
Migration of the German federal ?ITZBund?s? IBM Security Access Manager (ISAM) infrastructure from TAM 6 release to the latest appliance based ISAM 9 release. ?ITZ Bund? maintains one of the largest public sector data centers in Germany (Federal Ministry of Finance).
Application and data migration to the new ISAM platform. Design, implementation and documentation of various Single Sign-on (SSO) solutions for various backend applications (i.e., WebSphere Servers, JBoss, Sharepoint) based on EAI, Kerberos and SAML.
Presentations, knowledge transfer and training of permanent staff, weekly status meetings.
Senior IBM Identity and Access Management Consultant/Architect for KPMG US, Montvale/New Jersey and Miami/Florida, U.S.A.
Duration: since 2/2015 - 1/2016
Designed, implemented and validated an IBM Security Access Manager (ISAM) infrastructure. LDAP data migration from existing TAM6 implementation (standard data model) based on a multi-node Tivoli Directory Server implementation to the new ISAM 8 solution based on IBM Security Directory Server (with minimal data model). Appr. 300000 TAM user accounts migrated and converted to the new LDAP minimal data model. Interims provisioning solution (TIM/TDI) to serve ISAM8 and TAM6 in parallel.
Implementation of the External Authentication Interface (EAI) for various different authentication mechanisms (userid/password, RSA Token, Kerberos/SPNEGO and certificate authentication). Implementation of virtual host and standard junctions for various backend applications. Designed, implemented and documented different fail over scenarios (LDAP Master fail over, WebSeal Session fail over and Policy Server fail over) for high availability. Integration of one-time password (OTP) functionality through ISAM for Mobile for step-up authentication.
Knowledge transfer and training of permanent staff.
Related Software: IBM Security Access Manager for Web and Mobile 8.0.x, IBM Security Directory Server 6.3.1.x, Tivoli Directory Server 6.2, Tivoli Directory Integrator 6, Tivoli Identity Manager 6, IBM DB/2, TFIM, IBM Data Power, Windows Server 2012
Senior Business Analyst Identity and Access Management for Deutsche Bank, New York City, U.S.A. and Frankfurt/Germany
Duration: 7/2013 - 12/2014, 3 contracts
Global Access Management Audit (GAMA) Business Task Force
As a senior analyst of the global Task Force with team members in four major Deutsche Bank locations (Frankfurt, London, New York and Singapore) I developed strategies and guidelines to meet regulatory compliance and security requirements around Access Management for business critical bank applications. I dealt with various aspects of Access Management; such as User Account Provisioning, Entitlement Approval Process, Role and Entitlement Model, Segregation of Duties (SoD), Recertification of User Access rights and identification of toxic user access combinations to prevent financial, reputational or regulatory damage to the bank.
Related Software: RSA Aveksa Compliance Manager, HP Application Lifecycle Management, various Deutsche Bank internal tools
Senior IBM Security Consultant/Architect for Finanz Informatik Technologie Services ? Munich, Germany
Duration: 11/2012 - 1/2013, 1 contract
Strategy workshops and Proof of Concept (PoC) implementations for planned Access and Identity infrastructure based on IBM/Tivoli security software. Documentations, evaluations and presentations to the future end customer from the financial industry. Evaluation of different frontend authentication mechanisms and the integration options of various backend systems (WebSphere, TomCat). Evaluation of specific password encryption modes for business-critical banking applications and handling of confidential PIN letters and the corresponding replication into the directory topology. Provisioning of accounts via Security Identity Manager and synchronization of accounts via Tivoli Directory Integrator.
Related Software: IBM Access Manager 7.0, Tivoli Directory Server 6.3, Tivoli Identity Manager 6.0, Tivoli Directory Integrator, Tivoli Federated Identity Mgr, RH Linux, AIX
Senior Tivoli Security Consultant/Architect for T-Systems (Deutsche Telekom) ? Munich, Germany
Duration: 06/2010 - 05/2012, 5 contracts
Designed and implemented Tivoli Security Software (TAM, TDS, TDI) in conjunction with WebSphere systems in high available multi-clustered Cloud-like environment. Maintenance Intranet Single Sign-On (SSO) with TAM WebSeal for SAP Portal, WebSphere, Microsoft Sharepoint and Windows (Kerberos). Design and implementation of TAM Session Management Server. Implementation and evaluation of 2nd-factor authentication via WebSeal. Knowledge transfer and training of permanent staff.
Related Software: Tivoli Access Manager 6.1.1 and 6.1, Tivoli Directory Server 6.1.x, WebSphere Deployment Manager and App. Server 7.0/6.1/5.1, IBM HTTP Server, Tivoli Directory Integrator, SuSE Linux, VMware
Deutschland: weltweit
Provided consulting, architecture and support services for IBM Security Access Manager (ISAM) and IBM Security Verify Access (ISVA) infrastructures. ISAM/ISVA cloud migrations (design, concept, maintenance and operations) from existing on-premises implementation to cloud-based infrastructures (hosted in Amazon AWS) and hybrid ISAM/ISVA implementations. Configuration and performance optimization for ISAM/ISVA WebSeal instances. Configuration and maintenance of internal and externally facing WebSeal servers.
Maintenance of multi-factor authentication (MFA) with ISAM for Advanced Access Control (AAC) and Federations with ISAM federation module (Identity Provider and Service Provider - SAML, OAuth, OpenID, Google reCAPTCHA, IDaaS). Knowledge transfer, mentoring sessions, system documentation and training of permanent staff mainly for ISAM/ISVA.
Designed and implemented global IBM Security Access Manager (ISAM) cloud infrastructures. LDAP and ISAM data migration (design, concept and implementation) from existing on-premises implementation to new ISAM 9 cloud-based infrastructures (Microsoft Azure and Amazon AWS).
Implementation of multi-factor authentication (MFA) with ISAM for Advanced Access Control (AAC) and Federations with ISAM federation module (Identity Provider and Service Provider - SAML, OAuth, OpenID). Biometric user authentication (fingerprint reading, face and voice recognition) in conjunction with smartphone app ?IBM Verify?. Privileged account management (PAM) for on-prem middleware systems/operating systems and cloud-based middleware systems through CyberArk Vault MFA setup (RSA Token).
Designed, implemented and documented different disaster recovery (DR) scenarios (LDAP Master, WebSeal session and Policy Server failover) for high availability between two physically segregated global data centers. Knowledge transfer and training of permanent staff.
Migration of the German federal ?ITZBund?s? IBM Security Access Manager (ISAM) infrastructure from TAM 6 release to the latest appliance based ISAM 9 release. ?ITZ Bund? maintains one of the largest public sector data centers in Germany (Federal Ministry of Finance).
Application and data migration to the new ISAM platform. Design, implementation and documentation of various Single Sign-on (SSO) solutions for various backend applications (i.e., WebSphere Servers, JBoss, Sharepoint) based on EAI, Kerberos and SAML.
Presentations, knowledge transfer and training of permanent staff, weekly status meetings.
Senior IBM Identity and Access Management Consultant/Architect for KPMG US, Montvale/New Jersey and Miami/Florida, U.S.A.
Duration: since 2/2015 - 1/2016
Designed, implemented and validated an IBM Security Access Manager (ISAM) infrastructure. LDAP data migration from existing TAM6 implementation (standard data model) based on a multi-node Tivoli Directory Server implementation to the new ISAM 8 solution based on IBM Security Directory Server (with minimal data model). Appr. 300000 TAM user accounts migrated and converted to the new LDAP minimal data model. Interims provisioning solution (TIM/TDI) to serve ISAM8 and TAM6 in parallel.
Implementation of the External Authentication Interface (EAI) for various different authentication mechanisms (userid/password, RSA Token, Kerberos/SPNEGO and certificate authentication). Implementation of virtual host and standard junctions for various backend applications. Designed, implemented and documented different fail over scenarios (LDAP Master fail over, WebSeal Session fail over and Policy Server fail over) for high availability. Integration of one-time password (OTP) functionality through ISAM for Mobile for step-up authentication.
Knowledge transfer and training of permanent staff.
Related Software: IBM Security Access Manager for Web and Mobile 8.0.x, IBM Security Directory Server 6.3.1.x, Tivoli Directory Server 6.2, Tivoli Directory Integrator 6, Tivoli Identity Manager 6, IBM DB/2, TFIM, IBM Data Power, Windows Server 2012
Senior Business Analyst Identity and Access Management for Deutsche Bank, New York City, U.S.A. and Frankfurt/Germany
Duration: 7/2013 - 12/2014, 3 contracts
Global Access Management Audit (GAMA) Business Task Force
As a senior analyst of the global Task Force with team members in four major Deutsche Bank locations (Frankfurt, London, New York and Singapore) I developed strategies and guidelines to meet regulatory compliance and security requirements around Access Management for business critical bank applications. I dealt with various aspects of Access Management; such as User Account Provisioning, Entitlement Approval Process, Role and Entitlement Model, Segregation of Duties (SoD), Recertification of User Access rights and identification of toxic user access combinations to prevent financial, reputational or regulatory damage to the bank.
Related Software: RSA Aveksa Compliance Manager, HP Application Lifecycle Management, various Deutsche Bank internal tools
Senior IBM Security Consultant/Architect for Finanz Informatik Technologie Services ? Munich, Germany
Duration: 11/2012 - 1/2013, 1 contract
Strategy workshops and Proof of Concept (PoC) implementations for planned Access and Identity infrastructure based on IBM/Tivoli security software. Documentations, evaluations and presentations to the future end customer from the financial industry. Evaluation of different frontend authentication mechanisms and the integration options of various backend systems (WebSphere, TomCat). Evaluation of specific password encryption modes for business-critical banking applications and handling of confidential PIN letters and the corresponding replication into the directory topology. Provisioning of accounts via Security Identity Manager and synchronization of accounts via Tivoli Directory Integrator.
Related Software: IBM Access Manager 7.0, Tivoli Directory Server 6.3, Tivoli Identity Manager 6.0, Tivoli Directory Integrator, Tivoli Federated Identity Mgr, RH Linux, AIX
Senior Tivoli Security Consultant/Architect for T-Systems (Deutsche Telekom) ? Munich, Germany
Duration: 06/2010 - 05/2012, 5 contracts
Designed and implemented Tivoli Security Software (TAM, TDS, TDI) in conjunction with WebSphere systems in high available multi-clustered Cloud-like environment. Maintenance Intranet Single Sign-On (SSO) with TAM WebSeal for SAP Portal, WebSphere, Microsoft Sharepoint and Windows (Kerberos). Design and implementation of TAM Session Management Server. Implementation and evaluation of 2nd-factor authentication via WebSeal. Knowledge transfer and training of permanent staff.
Related Software: Tivoli Access Manager 6.1.1 and 6.1, Tivoli Directory Server 6.1.x, WebSphere Deployment Manager and App. Server 7.0/6.1/5.1, IBM HTTP Server, Tivoli Directory Integrator, SuSE Linux, VMware