|
|
|
|
RACF Security Analyst/Architect Resume
|
| Desired Industry: Banking/Mortgage |
SpiderID: 14121 |
| Desired Job Location: Fort Wayne, Indiana |
Date Posted: 7/22/2007 |
| Type of Position: Full-Time Permanent |
Availability Date: |
| Desired Wage: |
|
|
U.S. Work Authorization: |
| Job Level: Management (Manager, Director) |
Willing to Travel: Yes, 50-75% |
| Highest Degree Attained: |
Willing to Relocate: Yes |
Objective:
Accomplished Information Security/Business Continuity Manager and Information Systems Auditor. Over 30 years in Information Technology, with 26 of those years in the Security/Auditing environment. Main experience in IBM large-scale mainframes, as well as AS/400 systems, RS/6000 systems, DEC/VAX systems, Tandem and Stratus fault-tolerant systems, Novell networks and Windows NT networks. Strong background in technical systems, audits and security protocols including operating systems (OS/390). Strong background in a variety of security systems, including RACF, ACF2 and Top Secret. Well versed in a number of fourth generation mainframe languages. Strong background in project planning and execution, particularly relating to controls, security, planning, testing and execution. Background in SDLC protocols. Background in Sarbanes-Oxley requirements, FDIC regulations, Comptroller regulations, UK Information Security Act, UK Privacy Act and ISO17799.
Strong verbal and written communication skills, having successfully conducted Security and Disaster Recovery seminars. Published author and speaker on the topics of Information Security, Physical Security IT Audit, Disaster Recovery and Year 2000 issues. Also strong background in technical writing on RACF issues.
Management background with experience in staff relations, budgeting and delegation/ scheduling of duties in priority order.
Named as Time Magazine's "Person of the Year" for 2006 - along with about a billion other Internet users, of course...
LinkedIn.com Profile - http://www.linkedin.com/in/docfarmer
Experience:
Dates: February 2007 to Present
Position Held: RACF Security Analyst
Employer: Intellect Corporation
Lakeland, Florida, USA
Duties: Short-term assignment (three month, with extensions) with large Fortune-150 Grocery Chain (Fortune-25 Food and Drug Stores), focusing on mainframe security issues regarding RACF assessment and remediation.
Converted to longer term project to develop a new security infrastructure to comply with regulatory requirements (SOX, HIPAA, PCI) and best business practice.
Technical project design and direction including development of security task lists, work lists and assignment, security implementation and remediation.
Accomplishments: Performed detailed analysis of mainframe security settings.
Developed detailed audit process for z/OS security
Developed detailed remediation process for multiple mainframe system.
Dates: February 2006 to July 2006
Position Held: Security Consultant Mainframe (RACF)
Employer: Blackstone Technology Group
Tokyo, Japan
Duties: Short-term assignment (three to twelve months, depending on workload) with large Japanese Banking/Financial company, focusing on security issues regarding RACF assessment and remediation.
Technical project management, design and direction including development of security task lists, work schedules and assignment, staffing, and execution.
Work on major RACF database clean up and restructuring assignments, the remediation of z/OS security issues outside of RACF, development of operating system-level change control processes, Kerberos implementation and policy development, integration of secured mainframe communications into a Macintosh network.
Investigation, installation, and assessment of add-on security auditing products to assist in RACF maintenance and clean-up.
Accomplishments: Performed detailed analysis of mainframe security settings.
Developed detailed audit process for z/OS security
Developed detailed remediation process for dual mainframe system.
Assisted staff in security policy development.
Dates: October 2004 to December 2005
Position Held: Security Consultant Mainframe (RACF)
Employer: GlobalSource IT
Bloomington, Illinois, USA
Duties: Twelve-month assignment (extended) with large Fortune-50 insurance company, focusing on mainframe security issues including RACF, Vanguard, DB2, IMS, CICS/TS, on 60+ mainframes and 100+ Logical Partitions (LPARs) including both regular and high-availability Sysplex structures.
Project management and direction on specific technical projects and assignments including security migration from native CICS/TS to RACF, native DB2 to RACF, native IMS to RACF, etc.
Work on major RACF database clean up and restructuring assignments, the creation of a shared mainframe knowledge library, z/OS security audits, creation of a segregated mainframe LPAR for security testing, and other technical assignments as requested by management.
Investigation of add-on security reporting products to assist in RACF maintenance and clean-up.
Accomplishments: Development of a standardized RACF region creation structure and procedure for new CICS regions, ensuring adequate transaction segregation and security monitoring.
Development of an on-line mainframe security library for the department.
Analysis and recommendation of a segregated security LPAR for RACF testing purposes.
Assistance in medium and long-range security project planning for the corporation.
Developed comprehensive audit program for z/OS systems.
Dates: June 2004 to September 2004
Position Held: Project Manager Sarbanes-Oxley Assessment
Employer: TEKsystems
Southfield, Michigan, USA
Duties: Four month assignment with large financial adjunct to Fortune 100 automotive manufacturer. Development of specific Sarbanes-Oxley audit tests to provide control assurance of seven large-scale application systems.
Consultative discussions with employers as to control provisions based on best business practice and applicable regulatory requirements.
Accomplishments: Developed highly detailed project plan for application testing.
Created and led the execution of 427 discrete application tests, covering 548 control requirements.
Consulted with management on application control issues.
Assisted with SAS70 assessments for related service supplier.
Dates: October 2003 to November 2003
Position Held: Project Manager Senior Security Consultant
Employer: Computer Horizons Corporation
Westfield Centre, Ohio, USA
Duties: One-month assignment with large insurance company to develop a ground floor security project (none existed before). Development of Project Plans (including detailed task lists), high-level policies and detailed job specifications for security project staff.
Consultative discussions with employers as to security requirements based on best business practice and applicable regulatory requirements.
Accomplishments: Developed highly detailed project plan for security implementation based on Sarbanes-Oxley, FDIC/Comptroller, ISO17799 and other guidelines. Task list contained over 2100 specific line items.
Developed high-level Information Security and Physical Security policy documents for review and adoption by the Board.
Assisted in the development of selection processes and requirements for internal/eternal network penetration/vulnerability testing
Dates: July 2002 to August 2003
Position Held: Senior Manager Security and Business Continuity Department
Employer: Qatar National Bank
Doha, Qatar
Duties: Created the Security and Business Continuity Department, hiring a staff of 3 during my tenure.
Development of core policies for information security, physical security, business continuity and the Banks new Internet infrastructure.
Development of draft business recovery plans for over 30 departments and divisions within the Bank (never done before).
Began a security centralization process across more than 30 separate computer systems and applications.
Began development/design of a business recovery site.
Accomplishments: Prepared emergency contingency/recovery plans prior to the Iraq war.
Assisted in the design of the Internet security infrastructure.
Formalized and added controls to the access request process, while streamlining efficiency.
Created design for a new computer center to replace the current (unsecured) location.
Developed strong working relationships across all divisions and departments
Education:
Formal Education: Received passing grades from Northern Virginia Community College in Principles of Accounting (Winter 1987) and Assembler Programming (Summer 1986).
Received passing grades in Introduction to COBOL and Problem Solving Techniques from Indiana Vocational Technical College, Fort Wayne, Indiana, USA (Summer 1981).
Received training in Advanced Learning Techniques from Pioneer Centre, Fort Wayne, Indiana, USA, in July 1977. Achieved reading speed of over 25,000 words per minute.
Was Graduated from Bishop Luers High School, Fort Wayne, Indiana, USA, on 29 May 1977. Majored in Business, English and History.
Affiliations:
Dates: January 1998 to July 2002
Position Held: Manager - Senior Information Systems Security Analyst
Employer: Riyad Bank
Riyadh, Kingdom of Saudi Arabia
Duties: Co-ordinate activities of Security Analysts and Security Administrators in a team-oriented work environment.
Perform analysis and some administration of OS/390 v2.6 security with RACF v2.6.
Perform analysis and some administration of upgrade of OS/390 and RACF to v2.8.
Develop policies, procedures and standards for Information Security for the Bank, where none had existed before.
Manage a comprehensive Data Security Project, for overall implementation of security protocols throughout the Bank.
Communicate with all levels of Management to incorporate Security Awareness into all Bank operations and functions.
Accomplishments: Completed a 22-month assignment on implementation of security for a major change to banking software platforms and networks.
Completed a 10-month assignment on implementation of Year 2000 protective policies, procedures, standards and testing.
Completed a 30-month assignment as Sub-Project Manager of a comprehensive Data Security Project for the Bank. Coordinated and completed 267 separate tasks on schedule, ahead of all other Sub-Projects.
Developed a wide variety of Information Security Policies, Procedures, Standards and forms on a wide range of subjects, including an Corporate Information Security Policy, Internet, Networks, Data Classification and Ownership, LAN and PC Security, Anti-Virus, Encryption, etc.
Assisted in the expansion of the IS Security function within the Bank from a skeleton crew to a staff of 16. Analysts reported directly to me.
Trained several Saudi IS Security Administrators on the use of RACF, as well as training them on networks, Internet security and other technical subjects.
Gained a greater understanding, appreciation and respect for Middle East culture, beliefs and people.
Dates: July 1994 to November 1997
Position Held: Senior Computer Auditor
Employer: SBC Warburg (formerly S.G. Warburg, now UBS Warburg)
London, United Kingdom
Duties: Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environments, including mainframe, LAN/WAN and communications systems.
Performed audits on CREST and SWIFT systems.
Performed in-depth technical reviews of MVS/ESA.
Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environments, including mainframe, LAN/WAN and communications systems.
Performed technical audits of SBC Warburg satellite IT operations in Frankfurt, Germany and Geneva, Switzerland.
Liaised with the Computer Security department on various issues of control concerns, including a sophisticated new security system involving the use of Global Positioning Satellite (GPS) technology.
Accomplishments: Developed a sophisticated audit workpaper automation system, which used hypertext to allow for efficient cross-referencing of documents. Allowed for a paper-less audit to be performed.
Gathered and collated Year 2000 information for the corporate Y2K integration team. Liaised with the Y2K team on issues of planning, certification, testing and implementation.
Article in February 1997 issue of Computing Magazine included interview with me on Year 2000 and Economic and Monetary Union (EMU) planning.
Spoke at Compsec '94, '95 and '96, as well as other smaller conferences, on IT Audit Security and Control issues.
Dates: April 1991 to April 1994
Position Held: Senior Internal Auditor (DP)
Employer: ITT London & Edinburgh Insurance
Worthing, West Sussex, United Kingdom
Duties: Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environment, both mainframe and PC/LAN.
Performed audits on new financial application systems under development.
Performed in-depth technical reviews of MVS/ESA.
Performed an operational audit of the Quoteline department, including its PC/LAN based telephone quotation system.
Liaised with the Computer Security department, providing information on systems and personal computer security from previous experiences.
Accomplishments: Developed sophisticated audit workpaper automation for the department, which allowed other Internal Auditors (both Financial and IT) to record their control reviews and analysis, audit findings, audit programs and other important steps directly into a PC. The system then printed the output, generating a sophisticated form layout around the data for ease of use, and to conform to corporate standards.
Assisted the department in receiving BS750/ISO9001 certification, the first Internal Audit department in the UK to do so.
Advised the IT department on the coming Year 2000 issues.
Spoke at Compsec '92 and '93 on IT Audit Security and Control issues.
Skills:
Dates: August 1989 to April 1991
Position Held: Data/Physical Security Administrator
Employer: U.S. Central Credit Union
Overland Park, Kansas, USA
Duties: Responsible for the security of both information and property at a US$30 billion financial institution, serving 42 Corporate Credit Unions and over 14,000 state and local Credit Unions.
Created a number of security policies, and the mechanics to enforce them, to protect the assets of U.S. Central and the trust of the Credit Union network.
Accomplishments: Installed a computerized access control system at the main office, helping to reduce unauthorized entry into sensitive areas of the organization. Was awarded for this work by Management.
Developed a Disaster Recovery Manual into a comprehensive 200+ page document, covering the protection of lives, property and information in a number of different business interruption scenarios.
Conducted two seminars through the Training Department, one on Physical and Data Security, the other on Disaster Recovery.
Gained extensive knowledge of PC systems, including the protection of information from computer viruses.
Dates: January 1988 to August 1989
Position Held: Senior EDP Auditor
Employer: United Services Life Insurance Company
Arlington, Virginia, USA
Duties: Designed and implemented audit programs for examination of technical systems.
Designed and implemented audit programs for examination of technical systems.
Audits included in-depth examinations of CA-Top Secret and OS/MVS, as well as Disaster Recovery Planning and Testing.
Supervised two staff EDP Auditors.
Operated in an IBM 3081/4381 environment under OS/MVS.
Accomplishments: Aided in the development of the EDP Audit function for the company, a multi-billion dollar life insurance firm for U.S. military service personnel.
Worked in advisory role with the Data Security Administrator.
Dates: March 1987 to January 1988
Position Held: Data Security Administrator / EDP Auditor
Employer: Financial Technologies
Chantilly, Virginia, USA
Duties: Established the Data Security and EDP Audit functions.
Drafted policies and procedures for physical and information security.
Monitored security access and violation reports.
Accomplishments: Developed a physical interface between the cardkey access control system and the IBM mainframe, saving over 250 hours per year from manual report reviews.
Developed the preliminary structure for a Disaster Recovery Plan.
Dates: December 1985 to March 1987
Position Held: Senior EDP Auditor
Employer: Perpetual Savings Bank FSB
Alexandria, Virginia, USA
Duties: Designed and implemented audit programs for new and existing software applications, communications networks, automated tellers, data security and disaster recovery.
Consulted with the Security/Recovery department.
Supervised two staff EDP Auditors.
Accomplishments: Selected and installed IBM PC hardware and software to help automated the audit function, saving hundreds of hours of work per year and increasing auditor productivity.
Assisted in designing and testing the Disaster Recovery plan.
Dates: September 1979 to December 1985
Position Held: EDP Auditor
Employer: Summit Bank (Formerly Peoples Trust Bank)
Fort Wayne, Indiana, USA
Duties: Created the EDP Audit and Computer Security functions for the Bank.
Designed and implemented audit programs for new and existing applications, automated tellers, data security and disaster recovery.
Accomplishments: Developed over 500 computer audit software programs for use in EDP and financial audits.
Automated some accounting reporting functions, saving over 1000 hours per year from manual reporting and increasing the accuracy and security of the Bank's finances.
Dates: September 1976 to September 1979
Position Held: Computer Operator
Employer: Lincoln National Life Insurance Company
Fort Wayne, Indiana, USA
Duties: Operations and maintenance of IBM computer equipment, console operations, tape library management and physical security of the computer room.
Additional Information:
Speaking Engagements: Speaker at Compsec 2000. Topic - "Security in the Third Millennium - A Roundtable Discussion".
Speaker at Year 2000 conference sponsored by Y2Ki, Ltd. Topic - "Blind Date - Problems with the Year 2000".
Speaker at Compsec '96. Topics - "Blind Date - Problems with the Year 2000" and "Internal Audit Automation".
Speaker at Compsec '95. Topic - "Internal versus External Audit".
Speaker at Compsec '94. Topic - "Computer Viruses".
Speaker at Compsec '93. Topics - "Audit and Security - Complementary Functions" and "A Guerrilla's Guide to Auditing RACF".
Speaker at Compsec '92. Topic - "Surviving an Audit of MVS".
Conferences and
Professional Training: Attended Compsec '92 through '96 and Compsec 2000 as a delegate and speaker.
Attended Corporate Forum sponsored by Credit Union National Association (CUNA) and Affiliates - September 1989.
Attended Advanced EDP Auditor training conference sponsored by MAPS, Boston Massachusetts, USA - July 1989.
Attended ACF2 User Conference - May 1987.
Attended ACF2 Advanced Training Seminar - March 1987.
Attended Auditing OS/MVS and SMF seminars offered by MIS Training Institute in Washington, DC, USA - June 1986.
Attended EDP Audit Association conference in Miami, Florida - November 1986.
Attended Advanced EDP Auditing and Intermediate EDP Auditing seminars offered by the Bank Administration Institute, USA - 1986.
Attended Advanced Easytrieve Plus course offered by Pansophic Systems in Atlanta, Georgia, USA - June 1985.
Published Articles: PENTLAND UTILITIES V2.0 - AN UPDATE - RACF Update, May-August 2007.
THE DEATH OF RACFS OPERATIONS ATTRIBUTE (or, how Im trying to kill it
) - RACF Update, Xephon Publications, November 2006.
THE SIMPLE SOLUTION TO ELECTRONIC VOTING - Computerworld, 7 December 2005.
CICS TRANSACTION SEGREGATION AND REGION CREATION - CICS Update, Xephon, 3-part series, March/April/May 2005 (also reprinted in RACF Update, May / August / December 2005).
BUSINESS CONTINUITY AND RACF - RACF Update, Xephon, November 2003.
PENTLAND UTILITIES REVIEW - RACF Update, Xephon, 2-part series, February / May 2003.
BUILDING A SECURE DATA CENTRE - Insight IS, Xephon, October 2002.
RACF RESTRUCTURING - RACF Update, Xephon, 4-part series, February / May / August / November 2002.
SOFTWARE PIRACY - PROTECT YOURSELF! - Credit Union Executive, Winter 1990.
COMPUTER FLU! - Credit Union Executive, Winter 1989.
FINANCE TRENDS SPARK MIS JOBS - Computerworld, 5 October 1987.
PLANNING YOUR WAY TO THE TOP - Computerworld, 28 September 1987.
INSURERS STAKE CLAIM ON MIS - Computerworld, 3 August 1987.
DON'T BLAME COMPUTER FOR IMMORAL ACTS OF INSIDE TRADERS - InformationWeek 3 August 1987.
GOOD MANAGERS ARE HARD TO FIND - Computerworld, 6 July 1987.
CONFESSIONS OF AN EDP AUDITOR - Datamation, July 1983.
HIGH TECH IN THE MIDWEST - Computerworld, 13 July 1983.
IBM COMPATIBLE GIANTS - Datamation, December 1981.
COMPARISON OF THE IBM 4341 AND MAGNUSON M80/42 - Computerworld, 9 February 1981.
Reference:
Recommendations:
(from LinkedIn.com) Freelance Author / Technical Writer
Xephon Publications
Doc Farmer has an in-depth knowledge of RACF and mainframe security. He is also quite an expert on CICS. He has written articles for Xephon's CICS Update and RACF Update journals over a number of years. The articles are always well-written, detailed, and fun to read. February 3, 2007
Top qualities: Great Results, Expert, High Integrity
Trevor Eddolls
hired Doc as a Writer/Editor in 2000, and hired Doc more than once
Sr. Security Consultant - RACF
Blackstone Technology Group / Aozora Bank
I worked with Doc on a contract in Tokyo. I know some security and RACF from a Systems Programming perspective, but was more than impressed by Doc's understanding of security issues in general and RACF in particular. His report on the client's security environment was both insightful and scary. Through my company's continued association with the client I know they have been implementing many of Doc's recommendations. It would be nice for our paths to cross again. February 3, 2007
Peter Quinby, Director and Consultant, Kiron Pty Ltd
worked directly with Doc at Blackstone Technology Group
Doc worked on my team as a lead security analyst for a banking client based in Tokyo, Japan. Doc was exceptionally detail oriented and has a tremendous depth of knowledge surrounding mainframe security systems and best-practice security protocols. Doc is very personable and has an upbeat personality, even in stressful times. In short, Doc was a pleasure to work with and I would readily hire him on again. February 1, 2007
Kenneth Hans, Director, Blackstone
was with another company when working with Doc at Blackstone Technology Group
Sr. Security Consultant - RACF
GlobalSource IT / State Farm Insurance
We are 3rd Level Mainframe Security and are assigned to many projects and Service Requests. We have many tasks to complete and time lines meet. Doc did not miss any time lines and completed all tasks assigned. Doc was tasked to rewrite a procedure manual for our Access Administration area and respond to Audit findings. Again, his writing skills and knowledge are excellent. We have a "work list" that we also work from. Doc completed more tasks from the "work list" then anyone on the team. He completed a CICS Standards document for us and it too was excellent! As a contract employee you're expected to hit the ground running, that's Doc in a nut shell. He got a lot of things accomplished for us. His knowledge, personality, and attitude is missed. I enjoyed working and learning from Doc. He was a great source for information. February 7, 2007
Dan Whitaker, Security Analyst, State Farm Insurance
managed Doc indirectly at GlobalSource IT
Project Manager Sarbanes-Oxley Assessment
TEKsystems / General Motors Acceptance Corporation (GMAC)
Doc worked for my company on a key account to conduct preparations for early Sarbanes-Oxley compliance. The engagement Doc worked on had high visibility up to the CIO and he was an impact player to both my company and our client. Doc is a true professional with the versatility sought after in todays marketplace. I would recommend Doc to any team that has high performance expectations and tight timelines. February 12, 2007
Jim Beiermeister, Account Executive, TEKsystems
managed Doc at TEKsystems
Doc and I worked together on the Sarbanes Oxley audit for a major automotive company. His expertise on developing the detailed criteria for controls validation and SAS70 knowledge propelled the audit team into fast forward mode! Doc was instrumental in developing the criteria as well as evaluating the evidence collected for SOX compliance. His extensive experience in the field was a critical success factor in our project being completed on time, on budget. His corrective action recommendations were implemented across multiple applications and continue to afford the client the ability to monitor and remain in compliance. I would be pleased to collaborate with Doc again on another successful project. February 1, 2007
Tina Miller, Global QMS Manager, Capgemini
worked directly with Doc at TEKsystems
Manager - Senior Information Systems Security Analyst
Riyad Bank - Riyadh, Saudi Arabia
I have known Doc via membership of special interest mailing lists for mainframe security professionals for many years now. He has always demonstrated considerable skills and experience in these forums. He regularly assists less experienced members of these groups by answering questions and providing advice. His recommendations and advice have always been of the highest caliber. Doc is a very committed IT Security Professional and a man of high integrity and culture. February 4, 2007
Mike Cairns, Director Technical Services, Arial Group
worked with Doc at Riyad Bank - Riyadh, Saudi Arabia
Doc was instrumental in my settling in to the middle east and also guiding me as to what was required during my stay at the bank. He also has a brilliant and dedicated work ethic. January 31, 2007
Keith Milne, Information Systems - Security Analyst (Contract), Riyad Bank
reported to Doc at Riyad Bank - Riyadh, Saudi Arabia
References: Dan Whitaker
Dan.Whitaker@insightbb.com
+1 (309) 735-3795
Gerhard Rickert
Gary.Rickert@gmail.com
+81 (0)42-319-4260
Michael Cairns
Mike@MikeCairns.com
+61 412 488 484
Candidate Contact Information:
|
|
|
|
|