IT Integrator

Security Architect

Consultant

I am a senior IT Security Specialist, with extensive experience gained working for several big organizations. Having worked many years in IT operations, I have a very good overview of complex infrastructures and security practices. I am keen to learn new scopes quickly and effectively while approaching and resolving problems methodically. I am a native Italian, speak fluent English and conversational Russian, can speak and understand at basic level Spanish and French. I am looking for IT Security / Engineering, Service Management roles and I am immediately available to discuss any opportunities.

Latest Experience

Current Position
Security Architect - Integrator
Enterprise, confidential

Identity Management projects development and assurance.
IDM Systems: Open AM, CA Siteminder, Oracle XML GW Design and implementation of secure access middle-wares management of access policies and rules, implementation, management and troubleshooting of Unix Apache web servers, reverse proxies, secure access modules, application containers (Tomcat - Jboss - Jetty). Security and compliance assessments for application development.

2014
Security Integrator
CyberArk LTD

As CyberArk LTD representative / consultant, I have been responsible for the daily operations of Rabobank Int. Cyber-Ark application and infrastructure. I have been dealing with implementation, maintenance and integration of the bank core identity management architecture that spans on 5 continental regions, studying and delivering solutions aimed to streamline and improve the whole identity and access management process. I acted as CyberArk LTD onsite solution and support specialist, ensuring daily operational excellence and that solution met the organization business requirements with the onboarding of new applications and managing change of the existing ones. I have followed the compliance status of the CyberArk implementation interacting constantly with security officers and auditors, its integration with the security intelligence infrastructure (HP Arcsight) and its alignment to the organization logical access control framework, supporting all the technical implications for the users recertification processes, providing while assuring completeness and usability of all reports, supporting IAM officers for all of the application core functionalities. I have been responding to incidents and troubleshooting requests, kept the operational diary up to date documenting all relevant technical aspects of my activity, logging details of actions taken, all incidents, business cases, troubleshooting and keeping operational manuals up to date.

CyberArk LTD Professional Certified Partner


2012 -- 2014
Security Operations Specialist
Selex Elsag (Finmeccanica)

Application delivery and support, auditing, compliance analysis, security best practices and controls. As a member of a security operations center team, I deal with development, support and applications maintenance. Responsible for assurance of critical security services, I have been managing a plethora of systems and technologies: for instance, the main internal security infrastructure based on VmWare and Microsoft directory services providing authentication and roles to operators in the security organization, integrated with many specific systems and services. I have been re-deploying a whole lot of user management application, distributing them through an application server running Microsoft virtual apps services, operating patch management and taking care of a MS SCCM infrastructure for the local AD management. I have been maintaining a VmWare based mediated access system that enables company personnel to work on sensitive data and critical systems while having their activities logged analytically but never disclosed if not otherwise disposed for forensic analysis, assuring the integrity, confidentiality and non-repudiation of the data. I have been responsible for managing a CyberArk infrastructure providing access control to most of the security operation center operators and services / systems. From deployment to RBAC schema I have followed the CyberArk platform business lifecycle and improvement throughout the organization. I am entitled for personal reliability and security clearance to look for evidence in the event of investigations. On the security governance side, I follow and assure compliance matters, audit checks, risk analysis, policies enforcement, incident handling.

2006 -- 2011
IT Security Operations Specialist / Analyst
Telecom Italia

Project management, systems administration (security infrastructure systems design, integration, monitoring, and troubleshooting) incident handling, compliance, vulnerability assessment and reporting, logs analysis, auditing. The main company antivirus infrastructure (Symantec and Mcafee) and its reporting IDS infrastructure and monitoring, reporting (IBM ISS - Sourcefire) Several authentication systems and services CA Siteminder Secure SSO & Application Management, RSA Security SecurID Password and credentials management system (Cyberark EPV) Internal (departmental) CMS (Sharepoint) Internal security infrastructure (Microsoft directory services), monitoring (Nagios), patching (wsus/sms) Asset tools (OCS and custom asset solutions) Siem (Novell E Sentinel and Net-Forensics) I have been maintaining and troubleshooting applications, deploying post-incidents mitigation plans, following incidents handling and audits reports, performing vulnerabilities assessments and penetration tests, retrieving evidences by conducting logs analysis and events screening, taking part in forensic analysis. I have been participating in the project start-up and implementation of RSA-EMC2 GRC Archer solution aimed to the streamlining of company risk management processes.

2002 -- 2006
Systems Integrator and Presale Engineer
Getronics

Comune di Roma Dip. II, Sistemi informativi ed informatici dipartimentali, Via della Greca 5, City of Rome, Lottomatica (gaming and payment services to P.A.) Responsibilities: I have been taking part of a complex re-engineering of the network and services at City of Rome IT department control room. The main point was the actualization of the many interconnected networks and the change management of the infrastructure from the existing Microsoft NT star model to the upcoming active directory technology. I have been managing a team of 7, collecting pre-requisites, writing the technical documentation, discussing the deployment phases with the senior engineering, deploying the new high availability infrastructure, putting in place patches distribution, antivirus, back-up processes and leveraging the transition moving many critical services and applications. In the team: 2 dba, 1 networking specialist, 4 systems engineer. I have been ensuring that all the projects phases tasks were accomplished in a timely fashion, reporting about advancements to stakeholders and supported personnel after delivering the new assets and applications, worked side by side with auditors, checking policies and systems hardening, writing guidelines, technical documents and manuals for operations. I have been handling the deployment of an asset inventory database based on Shavlik network discovery tools. I participated in a project for the interconnection of the POS terminals to the Lottomatica banking and billing services.

Technologies (Specialties and familiarities)
Virtualization technologies: Vmware, Hiper-V -- Storage / San / Nas: Storage systems, fiber switches -- Systems Management / Deployment: MS SCCM - MDT, Chef, Puppet, Zenwork -- Data Management: Storage technologies (EMC2 - HP - Hitachi), Veritas, Legato Networker, Bacula -- Web Servers /Containers: Apache, IIS, Tomcat, Jboss Websphere, Jetty -- Scripting: JavaScript, C#, Php, C/C++ shell -- Database: MySql, Ms Sql server, Oracle (Basic Administration)-- Infrastructure monitoring and asset: Nagios, OCS, OPSView, Solarwinds -- Siem/Correlators: Net Forensics, Mcafee ESM, HP Arcsight -- IDS / IPS, Antivirus, Endpoint Protection / DLP: Iss Site protector, Sourcefire, Macafee EPO - NSM - Virus Scan -- Identity / Access Management: CA Siteminder - RSA SecurID - CyberArk EPV-PIM-PSM-AIM, Lieberman ERPM, OpenSSO - OpenAm, Oracle XML Gateway -- OS Server / Workstation: Windows Unix / Linux *nix flavors, VmW ESX MAC Os -- Microsoft technologies SCCM, Active Directory Microsoft Proxy Server, ISA Server, Sharepoint -- Administered and maintained LANs in Fast Ethernet, Token Ring, Apple Talk technologies, knowledge of layer 2 and 3 switching -- Understanding of routing - firewalling technologies, basic IOS administration Endpoint Protection Technologies: Symantec DLP, Tripwire, n-Circle -- Threats / Malware Protection: FireEye, BitDefender

Skills
IT Security
IT Architecture
Support
Development
Sys Engineering

Languages
Italian
English
Russian
Spanish
French
Contact info
  • carlo@netamaze.eu