• Project/Team Leadership, Management.
• Looking to find employment closer to Augusta, ME.
• Business Analyst for data processing analysis, BCP and DRP, IT Security
• Security Architect, Operations analyst, security solutions, Production Support, administration, Security Management.
• Risk Assessment of all IT from mainframe to distributed systems and WEB applications based on ISO 270002, HIPAA, FFIEC and FISMA.
• Mainframe z/OS Security Solutions, RACF, ACF2, Top Secret, zSecure.
• CryptoExpress III mainframe encryption hardware
• CICS Transaction Security
• DB2 Security Solutions.
• Design solutions for PCI, HIPAA, FFIEC and SOX
• Microsoft Office, WORD, EXCEL, Power Point, MS-ACCESS
• Enterprise COBOL, Assembler, PL/1, REXX, TSO/ISPF, CLIST, Visual Basic, MS-Access.
• Production Support for all mainframe languages including CICS, TSO, JCL, Job Schedulers, REXX, batch processing
IBM Corporation – Independent Consultant
Date: 3/31/2010 to 3/11/2011.
• Providing a Gap Analysis of applications against client standards and UCF and ISO27002 along with Graphs of the results.
• Perform Risk Assessment of IBM/BCRS for FFIEC, HIPAA, and PCI.
• Perform Risk Assessment of IBM/IPS for FFIEC.
• Perform Risk Assessment of IBM/SWG for FFIEC, HIPAA, ISO27002
• Provide a gap analysis as compared to the ISO 27002 standards
• Perform Database Risk Assessment of Compliance major insurance company in response to several internal and external audit findings.
• Conducted interviews with scheduled personnel to determine Roles and Responsibilities, compliance issues on the audit findings.
• Prepare a current state finding of their database strategy and compliance with ID management and security.
• Prepare Risk Assessment against ISO 27002, FFIEC, HIPAA, PCI of current findings from interviews of all areas of IBM/BCRS.
IBM Corporation Security & Privacy Services
Date: 10/24/2005 – 11/30/2009
• Develop a solution for Government agency in NYC to convert MetaCOBOL and INSTALL/1 to Enterprise COBOL and CICS v.3.1
• Develop a solution to convert Assembler to Enterprise Cobol.
• Develop a solution to convert VSAM to DB2.
• Provide MS-ACCESS solution for Audit response to external audit requirements for BCBS for zSeries, AIX, UNIX, and LINUX, Active Directory. Solution is driven by Visual Basic V6.
• Business analysis of a medical equipment provider to assist in becoming VA, FISMA, and PCI compliant. Provide a completed checklist and estimate to become compliant.
• Worked with a world bank in Jersey City, NJ to review iSeries and zSeries applications to avoid outside attacks and prevent inside intrusion.
• Major Airline - Develop a PCI Certification Solution
o This included PKI to provide certificates and encryption for the access to the PCI information stored on the DB2 database on the mainframe and the requesting applications on the networks the data was passed.
o This project was 18 months and included all phases of security and privacy for the PCI certification.
• Major Health Care Provider – Provide User ID and Security Support for mainframe as well as Windows Administration, and security support. HIPAA Certified to ensure privacy.
• A Major Retailer – RACF consult for SOX Audit and clean up of RACF database and restriction of Access for DB2, IMS, CICS, Sequential files and HFS in AIX.
• A Major Healthcare Corp. – Staff Augmentation – NT Admin, ACF2 Admin, Provide solutions to clients for security problems. Handle terminations and new requests for access, reset access that had been taken or suspended.
• Remote Production Support. Wellpoint, 2 years.
CenterPoint Energy – CPSG-INC.
Date 6/13/2005 – 9/1/2005
• Re-engineering 4 different RACF Databases to allow for the use of SUN IDM.
• Use my custom software to prepare information from 4 different RACF databases to present to company administrators to make decisions on what to change or delete.
• Use Data to prepare to merge the 4 databases into 2 databases on 2 different pieces of hardware to share 2 LPARs each.
• Use my custom software to use SMF Type 30, 80, 81, 83 records to provide violations reports and logs of administrative changes to RACF and show before and after images of changes.
State Farm Insurance – Global Source IT.
Date 8/30/2004 – 4/29/2005
• Security Consultant for projects within State Farm.
• Wrote REXX code to update code to assist access administration in creating ID’s and provide access.
• Project to change Blockage exclude list from user id to RACF groups. Wrote REXX to read sync member and translate id’s into RACF connect statements to be run in batch.
• Work with Blockade for synchronizing passwords between all the RACF Databases. There are over 85 RACF Databases.
• Assist with RACF and other mainframe security Issues.
• Provided Production Support for mainframe applications
• Assist in making security policy and standards.
• Assisting with multiple mainframe audits.
Sammons Financial Group – NACOLAH Insurance
Date: 6/28/2004 – 8/28/2004
• Working to clean up 3 separate RACF Databases.
• Used reports from TASA to assist in RACF Database consolidation.
• Clean up multiple Id’s to get to one Id per Employee
• Working with HR to get proper information passed to Security to provide information on New Hires and Terminations.
• Providing self written MS-Access Tools to help get control of RACF.
• Helping to develop good security policies
• Research on assisting with the security to be put into place from CSC’s CyberLife project to Authenticate via the mainframe from individual workstations on the Intranet.
• Assisting Security Analysis’s on good RACF Security Practices
• Assisting with CICS Transaction Gateway connection from WebSphere
• Prepare Access Database to provide SQL reporting of SMF records created from RACF Type 30,80,81,83.
o Reports for password type violations
o Denied Access to resources
o Trend Analysis for access and password problems
TEKSystems, IBM, CNA Insurance
Date: 1/19/2004 - 3/12/04
• Joined IBM Partner World, member status for Security Software. 2/04
• Configure Agents, Win2K, ACF2, Active Directory, WebSeal
• Configure Password Catchers
• Configure communication from AIX to z/OS via FTP and install ACF2 Agent on z/OS and prepare configuration file.
• Set up Password Policies, and provisioning for those agents that have been deployed.
• Do reconciliation for all agents and take care of Orphans.
• Provide documentation of any fixes and patches that are applied.
• Report PMR’s for problems found in the ITIM product.
• Create a Run Book for client for re-installation into next environment for testing.
• Make sure proper access was granted in mainframe environment to ACF2 agent to work properly.
Wright Express LLC.
South Portland, ME
Title: Security Analyst II
Date: 10/31/01 - 1/8/04
• Wright Express just installed a zOS IBM system. There was no experience on the current staff with knowledge of RACF or mainframe security.
• ITIM Certification at IBM IRVINE, Tivoli Development Center 2/03
• IBM Directory Server – LDAP , IBM Toronto, CA Certification Directory Server Administrator 3/03
• Use MS-Project, VISIO, WORD, EXCEL, ACCESS, POWER Point and many other Desktop tools.
• Provided Production Support for TSO/ISPF, DB2, applications, JCL, Procs and security issues.
• Working to setting up profiles in Momentum software to utilize PGP Server to encrypt/decrypt files using public key for transmission to and from clients.
• Assisting in install of IBM/TIVOLI (TAM) Access Manager, Access Manager for ebusiness (TAMEB) and (ITIM) Identity Manager.
• Constantly working with z/OS Admin and DB2 Admin to coordinate with RACF all system resource protection and upgrades.
• Managing Disaster Recovery team with bi-annual tests to off site installation. Testing involves SUN, HP, Tandem, WIN2000, and IBM. (Sungard Philadelphia)
• Assisted in design and implementation of Business Continuity Plan.
Anthem Blue Cross Blue Shield
Title: CLAIMS Business Analyst (Independent Consultant)
Date: 10/30/2000 – 4/30/01
• The Analysis of this area was Provider ID and the impact it will have on the following.
o Input from various areas such as CICS screens, NDM from other processing areas, file sizes, field size. Scanning and electronic file transmission.
o Can fields be enlarged or reduced without impact on the file size.
o What programming efforts will be needed to alter field sizes.
o File types such as DB2 tables, VSAM files, sequential files, and scanned files.
o Take into consideration HIPPA regulations and transaction formats.
o Reports: and line widths and field sizes.
o Is there another way to accomplish this task without many changes?
Alternative methods of processing.
o Review all Program Code to determine how much effort this would take to make the changes if that was the route the client chose.
o Final Recommendation was to build a bridge and conversion routine in DB2 so few changes were needed. The client accepted this. Eliminated many thousands of dollars of man-hours and brought the project back on track. This was made because the older CLAIMS systems were due to be eliminated in 12-18 months.
Silver Spring, MD
Title: Independent Consultant
Date: 6/26/00 – 9/6/2000
• Was actually hired to do this project in REXX, but MS-Access was much better, and faster process. So management agreed to go with MS-ACCESS.
• Mainframe Data Manipulation in MS-ACCESS
• This project was a pre-work stoppage process to generate secure ID’s for those employees that would be working during the work stoppage (strike).
• Downloaded Mainframe data via RUMBA macro I wrote to TXT file. Fixed length, space delimited.
• Designed, developed and tested MS-ACCESS Database. Wrote VBA Code to Import Txt file to database and index on key field.
• Designed Access Queries in SQL to break out specific types of records and create new DB Tables.
• On this project, since it was very sensitive. I was the designer, developer, and tester, and executer.
• Produced Reports and Spread Sheets
• Used Excel as the spreadsheet produced from the Access database Export function.
State of North Dakota
Title: Contractor through Cross Consulting Group
Date: 2/14/00 – 4/28/00
• Project Manager for ROSCOE RPF conversion to MVS TSO/ISPF REXX.
o The client was not going to renew the license for ROSCOE and wanted to convert all ROSCOE RPF’s to REXX Execs.
o The project plan had been done by another company and was under estimated. They did not find all the systems that needed to be converted.
o I had to redo the Project Plan to bring it into line with my projections.
• Project Completed 3 weeks ahead of schedule, saving the client an estimated $100,000. Over project estimated cost.
TECHTEAM Professional Services, Inc.
Company I started.
Have also designed a commercial application for sale to Well Drillers in Southern New Jersey. It has many input and display screens as well as reports and print of address labels for Water Softener Maintenance contracts, also will print post cards for the same purpose. Automatically updates service dates when postcard is printed and allows for many informational reports on well depth, aquifer, pipe size and type, comments on location of well, type of system installed.
Have programmed in MS-Access since Version 1.0, and have handled conversions to V2.0 and to Access. Converting the data, data structure and VBA routines for data verification under properties of input fields.
Specialized ACCESS Database application design. Using MS-Access, and Crystal Reports for special reporting requirements.
Design special input forms using MS-Access to accept and validate input data to store in Access Relational Database. Validation is done with VBA routines and functions to allow for error messages and re-entry of data.
Special forms display to allow for record look-up and display of additional data in overlaying screens to assist in record selection and update. All routines written in VBA.
Designed and developed MS-Access system with VBA for workstation analysis of RACF mainframe security. Allows for queries, reports of RACF information and allows for upload of batch RACF jobs for maintenance of RACF. Uses FTP to upload to internal reader and download from sequential file and output queue.
Designed and developed MS-Access system with VBA for workstation analysis of RACF and SMF downloads to determine violations logged on mainframe. Allows for queries and report generation.
Degrees & Certifications:
Tanner Computer School, Haddonfield, NJ. COBOL, RPG Programming.
IBM Systems for VSE/VS. Philadelphia, PA
DATAPOINT Programming and Operations school, Austin, TX.
Burlington County Community College – Basic Assembler Language
IBM RACF, Advanced Security Administrators Certificate.
IBM CICS Internals for CICS 3.3 and conversion techniques Boston, MA.
Various other IBM and vender courses in software, Disaster Recovery, RACF and CICS.
IBM TIVOLI Identity Manager V5.1 Certificate
IBM LDAP System Administrator Certification V4.1
zSecure for IBM and Consul security for RACF
HIPAA Certification – WellPoint & IBM
BS – Ottawa University 1969
NJ MICP, Mobile Intensive Care Paramedic
Experience in all areas of hospital care