| Candidate Information | | Title | Windows Servers, SQL,AD, Hosted Apps, PAM, IAM Senior Technician | | Target Location | US-Chicago | | Email | Available with paid plan |
| | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCover Letter::I am looking for the company wholl allow me to demonstrate my skills have not atrophied after being OOO. Besides always adding to my talents with a home devops environment, I bring the experience of 30 years in the field to bear in fulfilling the demands of any given position. The below is offered to allay any doubts as to my competency. I can also take any relevant exam any time.In my last position I took responsibility for the Quest Password Management and Active Directory Change Auditor products after being hired as a Provisioner. I took the lead and with one other tech we spent 4 years developing and implementing the products.Duties included discovery and access to directory and local accounts, LDAP integration, dynamic server adds and group member changes along with testing and rotation of passwords. Methods for organizing information, naming conventions, and IAM processes for user and group access and their documentation was BAU.The updates, maintenance, hardware migration and disaster recovery for the PAM solution was accomplished using a triple redundancy of hardened Windows servers for which I configured failover and failback scenarios to ensure uninterrupted access for end users.Acceptance was accomplished by providing a reliable product that was never offline in the 8 years I owned it, always providing passwords for any system or user with connectivity and proper authentication. I also practiced a me first approach, with my shop and those we worked closely with, taking on for example using dedicated accounts for elevated rights usage or sign on verification using Entrust.The Domain Monitor provided years of service protecting groups and accounts from unauthorized access and tracing the use of rights such as deleting files, user and group adds, moves and changes and so on. It also acted as a real time authority on the composition of Active Directory.Thats where I made my enterprise level bones, finding answers to syntax, access and status errors, reacting to unannounced network changes, modifying logon APIs and much else using every method imaginable in discovering and bringing servers and accounts under management. KVM, iLO, Data Center virtual access, network subnet mapping, jump servers, firewall locating, port opening and verification, Citrix desktops, any and all ways of locating and accessing.I made friends across the enterprise as I eliminated or minimized the burden of management with reliable, accurate and verifiable oversight. I think thats the key as InfoSec is often seen as imposing additional burdens. The ability to reach and manage accounts and then produce accurate information in real time using a combination of dynamic and static sources as a cross reference is the foundation of all PAM/IAM success.Below youll find the following documents:ResumeAdditional Network and Enterprise Level Skills2021 drafts left in their original state:o1-Outline of Account Management duties from a shop floor perspectiveo2-Outline of PAM duties for the provider and end usero3-The analysis of a CyberArk issue with a spreadsheet embedded for referenceThe fundamentals are to start from the beginning, add no overhead and stage bringing accounts under management as makes sense.Sophie says Hire my Dad, hes the Greatest!I attest the above to be an un-coerced statement, and no promises of playing fetch, getting treats or other inducements were made to elicit an endorsementJames SlavicekText or Voice: PHONE NUMBER AVAILABLEEMAIL AVAILABLEhttps://LINKEDIN LINK AVAILABLEOOO 2021-23Returning & Offering Enterprise Level Skills In:Windows Server Hosted PAM, IAM & Domain MonitoringWindows Logical Servers & Server Hosted ApplicationsSQL Databases & SQL Reporting Services AdministrationActive Directory Configuration & SecurityAuthentication, Authorization, ReconciliationDisaster RecoveryArchitect Support for Roadmaps, In-Place UpgradesNIST, SOX, etc. ComplianceServiceNow, JIRA, Archer & Oracle RBAC AdministrationFirewall Discovery & Port Access, Network MappingProprietary Hardware & Appliances-OwnershipDisability requires 100% remote positionHome office maintained since 2015Local meetings, conferences, etc. dependent on circumstancesEmployment HistoryJuly 2021-PresentOOO Personal & Medical Leave, Part-Time Retiree, UnemployedSelf-Directed R & D Technician & Optimistic StoicWest Saint Paul MN2021-2023:Respite, Reaction, Recovery & RepairDown Time spent building a Hyper-V Dev infrastructure with Cert Authority, IIS, SQL2023-Present:Quixotic tilts at AI WindmillsWitnessing well-crafted yet unread resumes become kindling for my dreamsBranding myself as an alternative to practicing Einsteins Theory of InsanityOctober 2012 July 2021USBankSenior Information Security SpecialistSt Paul MNPrivileged Access Management (PAM) Ownership- Quest (One Identity) ApplianceoElevated accounts Admin for all of Technical Operating Services (TOS)oUser & Group Provisioning & PoliciesoUser & Group Authentication & AuthorizationoManaged all non-human passwords & 5000 human access accountsoManaged 35000 Local Server AdminsoSQL, Oracle, other Databases; Linux, Solaris, HP Non-Stop & IBM Mainframe supportedoSQL Reporting Services used for Compliance & AnalysisoMaintained 3 Proprietary Windows Servers Mirrored for Redundant Failback & FailoveroRemediation of unused, abandoned and unmanaged accountsIdentity Access Management (IAM) Duties:oOwnership Quest (One Identity) Change Auditor Domain MonitoroReal Time Display of NTFS, AD & NAS EventsoAdmin Proxy software configured and deployed to Windows 10 workstationsoOracle RBAC provisioning used to onboard and modify usersoMaintained Agents on 500 Domain Controllers in 5 DomainsoProvisioned Active Directory Users & Groups, also Linux, NDS, Solaris, Oracle & etc.oIAM Standards of procedure, nomenclature, etc. created & documentedoAuthorization & Access Documentation, Validation & VerificationTechnical Owner Duties:oSubject Matter Expert on PAM, IAM & Vendor point of contact for day to day operationsoScripting, Querying, Editing, Provisioning using Perl, PowerShell, Python, Java & SQLoApplication Roadmaps, Risk Assessments & ExceptionsoBusiness Continuity, Disaster Recovery, Vulnerability Assessment, Policy ComplianceoServiceNow: Group Admin, CMDB Owner, Tech Writer, Maintenance & On-Call ScheduleroQueue Organization & Management, Collaborative Troubleshooting & Root Cause AnalysisJune 2007 June 2012St Catherine UniversityWindows Infrastructure Developer, Builder & AdministratorSt Paul MNInitiated & prioritized the creation, development, deployment & support of physical & virtual Windows productsoActive DirectoryoGroup Policy ManagementoCertificate ServicesoDNSoRemote Access/Terminal ServicesoRemote Desktop ServicesoServer 2003/2008 R2/2012 R2oSQL 2008/2012oSystems Center Configuration ManageroSharePointoPrint ManagementoSoftware Update Server (WSUS)oInternet Acceleration ServeroHyper-V/Thin Client ServeroIIS 7.5oSystems Center Operations ManageroOperating System Deployment ServeroWindows 7 ImagingVMWareJanuary 2004 June 2007Contract Positions with Cargill, Aspen Medical, otherSystems AdministratorSt Paul MNSeptember 2000 December 2003Minnesota School of Business\Globe CollegeInstructor, Curriculum DevelopmentSt Paul MNInstruction in the Building & Configuring of Servers. Domains, Workstations & LANsoActive Directoryo2000 ServeroSQL 2000oExchange 2000oIIS 6.0o2000/XP Pro WorkstationoNetwork AdministrationoTCP/IPoComp/TIA A+ Hardware/SoftwareoIntro to WindowsEducationoUp to date on AD, Server 2022, Windows 11, SQL 2019, Hyper-V 2024oQuest PAM & IAM SME, Developer & Technical Owner 2013-2021oBuilt & Deployed in Prod Quest & CyberArk 2013-2021oBuilt & Deployed in Dev Hashicorp, Thycotic & BeyondTrust 2017-2021oMCSE NT4, MCSE 2000, MCSA 2000 & 2008 MCP 1999-2008oTaught CompTIA A+ Hardware, CompTIA A+ Software 2000-2003oTaught Active Directory. Server, SQL, Exchange, IIS 2000-2003oDevOps environment maintained for training & testing purposes 1998-2024o91% ranking against all U.S. graduate school applicants 1995oU MN, U WI: 120 credits towards Bachelors, short 12 lang credits 1989-1995oU MN, U WI: 16 credits towards Masters, American History Major 1992-1995oUndergraduate STEM sequence in Calculus, Physics & Chemistry 1989-1992oDoD Certification & Calibration School, focus on Microwave & Radiation 1982oUS Navy A School in Avionics: Radar, VHF, Glideslopes. Electronics 1978oAptitude for Organization revealed in pre-enlistment exam 1977Level 3-4 Microsoft OS, AD, Server, SQL, Workstations,Logical Server & Hosted Applications TechnicianPlatform Type & Date Last Supported Professionally or Most Recent TrainingoWindows Server NT4/2000/2003/2008/2012/2016/2019/ 2022 2024oWindows Workstation NT3.5/NT4/2000/XP/7/10/11 2024oActive Directory NT 4-11 2023oAD Certificate Services Server 2023oAD DNS Server 2023oAD Group Policy 2023oIIS 2023oNetwork Policy Server 2023oSQL 2000/2005/2008/2012/2019 2022oQuest Change Auditor 2018 2021oQuest Password Vault 2018- 2021oSQL Reporting Services 2021oSharePoint 2016oInternet Acceleration Server 2012oOS Deployment Server 2012oPrint Management Server 2012oRemote Access 2012oRemote Desktop Services 2012oSoftware Update Server (WSUS) 2012oSystems Center Configuration Manager SCCM 2012oSystems Center Operations Manager SCOM 2012oTerminal Services 2012oWindows Imaging 2012This is written to offer knowledge of immediate value either in job enhancement or in practical application. In return I of course wish to earn advocacy for employment in times now resembling the Great Depression.Recently I ran across my summary for the CyberArk issue I resolved prior to leaving US Bank (attached). I believe a quick walkthrough will add usable insight in problem resolution and in analyzing a given softwares ability to deliver reliable service by showing how CyberArk introduces multiple points of failure into the management process (not to mention an unnecessarily complex, prone to error network configuration).The core issue was an inability to consistently bring accounts under management. On Sheet 1 following the bold headers accounts, action and results leads to no predictable outcome at G32. It was a first approximation that showed consistent inconsistency across all configurations.D1, Sheet 2, identifying syntax-effects on account management seemed the only path to consistent returns. At M42 a list of questions produced a list of factors affecting the chances of successful connection, authentication authorization, validation and rotation of a password. Each could affect outcomes in random ways unless the proper naming was used in a given field. Not being a Programmer or Developer I still wouldnt hesitate to call this unacceptable, a first draft at best version of software not viable for a production environment. There are many good reliable, simpler products to be had, Thycotic, BeyondTrust and Quest being the best Ive seen.Finally, on Sheet 3 under error, definition and cause/issue is a breakdown of specific errors and the issues involved with each. Headings such as Takeaway, Action Taken, Result and Next Steps at M30 begin the process of bringing errors under control. The goal of establishing a minimum stable configuration is at A55 as is in scope criteria towards that end.Consistent naming producing a known good configuration, audited and a shared responsibility are critical as Identity/Password Management principles become integrated as SOP, something I advocated for for some years as I faced an asymptomatic curve of effort the closer I approached full coverage across the enterprise. Its an issue with all management systems, Intune, Spunk, whatever, with the better ones not being as prone to failure and offering discoverable paths to resolution.My Pitch:This is work not duplicated anywhere that I've been able to find and should demonstrate capabilities across many platforms. Ive also written IAM and PAM guidelines from a shop level perspective, again not duplicated anywhere to my knowledge,When you combine this with comprehensive work in creating disaster recovery scenarios, network discovery, admin level skills in ServiceNow, Archer and Jira etc., dedication to learning (recently I used appx commands in PowerShell to resolve a MS Store failure) and enough etiquette to be allowed in the house with my shoes off theres no reason I shouldnt be working.If its fraught with peril, a place where Angels fear to tread, thats where I belong, making friends and allies as we make little ones out of big ones, overcoming any obstacle to create a shop that stands as an example of what proper maintenance looks like.Thanks for your time.Enterprise Infrastructure Knowledge and Skill that may be of interestTransformed a logical network map into a physical, oriented towards IAM/PAM needsAccess to hardware through a software interface of illustrations mirroring data centersAccess to multi-site located hardware through the iLO infrastructureJump Server Access and Citrix Desktop configurationHow to verify Port Access and request correctionsHow to create a certificate authority and certificates using IIS and OpenSSLExcel, Access and SQL importing, exporting and Reporting Services?Security creation (local, AD and SQL) and documentation using Least Privileged AccessNAS and DFS clustering, replication and securityIn place upgrades 2008 to 2019DNS registration, Certificate renewal, IP Address assignment Firewall Rule requestAD testing of user, group security, OU and Domain policy application and inheritanceOracle Role Based Access Control account creationIdentifying and establishing relations with all Departments in ITAccount Data Minimum Required in Real TimeCreationOwnershipAuthenticating MethodLocationSecure SubnetIn ServiceRetiredBuildingPassword Management StatusLast TestResultsLast UseReferentAccount Access and Control Information and Use ConsiderationsLocal AccountDirectory Service AccountDedicated Elevated AccountNightly Testing30 Day RotationRotation after Checkout ExpiresAccess by Group Application AccountAccess by Subgroup Elevated AccountLocal Access to Server or DatabaseLocal Elevated Access to Server or DatabasePAM Database Groups and User Naming StandardsOriginal Name plus Code Identifying it as a PAM Account or GroupUniform Syntax EnforcementFeedback Loops to Fix Errors at Point of OriginAccount Oversight Considerations & Desired FunctionalityAccount has independent verification through DiscoveryOracle Identity Manager to AD ETC mapping using Universal ReferentAllow no additional administrative burdenNo creation of non-referenceable accountsLeverage existing standards: Example of Application IDGroup level responsibility for auditoverification, validation of password managementoassigned non-human objects local and directory basedoassigned local and directory based accountsosecurity assignments to accountsoassigned servers, other platformsReal time information provided by SQL Reporting Services website using multiple sources of dataPassword complexity, rotation and other standards set by application owner of recordChanges in complexity and exemptions by approved request owner of recordIntegrate account management into Disaster Recovery or other routines as applicablePassword rules applied uniformly across servers within same logical grouping such as hosting or supporting an applicationUniform onboarding of groups and associated hardware and accountsUniform testing, reconciliation, remediation and retirement proceduresAccount Oversight Considerations & Desired Functionality (contd)Identification, repurposing or retiring inactive accountsCreate new correlations to locate, identify and bring objects under managementoAutomatic reconciliation/remediation/alert process for errors in:oUser or group syntaxogroup membershiposerver communicationopassword managementCooperation of teams in establishing connectivityNotification by teams of changes impacting managementExamples include AD blocking SMB v2 and Network blocking TLS 1.1Services Provided to Customer:Maintain 24x7x365 PAM availabilityReporting on check out/inReporting on where usedProvide session logging or recording data as requestedProvide near or real time status 24x7x365Make process transparent and discoverableProvide tailoring of services as necessaryProvide connectivity supportProvide support for network traversal issuesProvide support by maintaining access to iLo, firewall, secure subnetsProvide AD Groups and DFS/NAS monitoring and alert servicesProvide support for lifecycle, audits, roadmaps, DR Etc.Desired ResultsEnterprise wide coverage of local and directory based accountsSimple, cost free and zero additional overhead solutionsFast identification and response to failures of connectivity and managementIdentify and document issues of lack of coverage, missing and inaccurate informationProvide highest levels of reliability, efficiencyEnd to end lifecycle managementProvide critical information for inventory control, data governance, password management and other usesStatus of accounts, servers, and groups all became verifiable in real timeRedundancies arranged around providing 24x7x365 password availability and management as first priorityMinimize hardware requirementsDesired Results (contd)Coverage of entire enterprise including server local, database, firewall, appliance, operating system etc.Use of non-traditional data correlations to identify missing servers and accountsUse of non-traditional data correlations to assist in identifying gaps, redundancies, conflictsReporting Services and IIS website accessible by AD groups for audit, quality assurance and operations useIncrease accuracy over time through feedback and canvassing to create automatic remediation via APIImplement syntax restrictions per data fieldEstablish and refine Identity Management, Password Management and Data Governance methods through continuous informal and formal collaborationRegarding Identity and Password Management:Perspectives and methods developed in the creation, locating, determining ownership, status and bringing under management server administrator and other local and directory based non-human user and group objectsDesired Attributes of Processes:No additional administrative overheadLeverage existing standardsReference to a universal attributeGroup level responsibility for: audit tasks such as:overification, validation of password managementoassigned non-human objectsoassigned servers, other platformsPassword complexity, rotation and other standards set by application owner of recordChanges in complexity and exemptions by request of owner of recordVerification, validation and testing become periodic and uniformly appliedIntegrate account management into Disaster Recovery or other routines as applicablePassword rules applied uniformly across servers within same logical grouping such as hosting or supporting an applicationUniform onboarding of groups and associated hardware and accountsUniform testing, reconciliation, remediation and retirement proceduresIdentification, repurposing or retiring inactive accountsEach object to have one dynamic and one archival sourceAll processes should maximize ability to identify and manageDesired Attributes of Processes (contd)Use data from unrelated sources using common attribute for verificationCreate new correlations to locate, identify and bring objects under managementReal time or near real time status of all objects available through web portal restricted by responsible groupAutomatic reconciliation/remediation process for errors in:oUser or group syntaxogroup membershiposerver communicationopassword managementCooperation in establishing connectivityNotification of changes impacting managementAdministrative and technical support in creating processes and standardsMinimize cost through best admin practicesMinimize spending on custom hardware or softwareDesired Services Provided to Customer:Maintain 24x7x365 PAM availabilityReporting status against testing tailored to responsible partiesReporting on check out/in and monitoring account usageProvide near or real time status 24x7x365Provide documentation on all aspects of construction and functionsProvide tailoring of services as necessaryTake on all issues of connectivity and server\account management such as isolating routing, response and configuration errorsActive Directory groups and DFS/NAS file shares have access to monitoring and alert servicesAdd additional value and depth of information to end userProvide on the fly customizable reporting to end usersProvide support for lifecycle, audits, roadmaps, DR etc.Desired ResultsEnterprise wide coverage of local and directory based accountsSimple, cost free and zero additional overhead solutionsFast identification and response to failures of connectivity and managementIdentify and document issues of lack of coverage, missing and inaccurate informationProvide high levels of reliability, efficiencyEnd to end lifecycle managementProvide critical information for inventory control, data governance, password management and other usesStatus of accounts, servers, and groups all became verifiable in real timeRedundancies arranged around providing 24x7x365 password management as first priorityMinimize hardware requirementsCoverage of entire enterprise including server local, database, firewall, appliance, operating system, directories etc.Use of non-traditional data types to identify missing servers and accounts, and to assist in identifying gaps, redundancies, conflictsReporting Services and IIS website accessible by existing Active Directory groups for audit, quality assurance and operations useIncrease accuracy over time through feedback and canvassing to create automatic remediationImplement syntax restrictions per data fieldEstablish and refine Identity Management, Password Management and Data Governance methods through continuous informal and formal collaborationIntegration of IAM and PAM into normal routines |
