Privileged Access Management Architecture, design, delivery, assurance, auditing.
Worked at designing and delivering the integration and implementation of PAM control systems.
Responsible for following up on incidents response conducting logs analysis and addressing compliance audits.
Have followed a defense in depth approach for datasets protection based on the classification of data, preventive auditing, adoption of a data-centric security layering and a detailed incident response plan.
Have ensured that all PAM and IAM control applications enforcing the adopted policies (Cyberark, Power Broker, Sailpoint) had their activity logs collected and parsed by behavioral analysis and patterns matching tools (Arcsight – CyberArk PTA) and the alert information derived were submitted in real time to intelligence screening.

Privileged Access Management processes design and implementation.
I have been responsible for re-shaping the company PAM control processes throughout the NMBS (Belgian railways company) organization.
I have worked together with company CISO and the program management in charge of company digital transformation at implementing a robust model for the IAM – PAM domain.
Have designed the new process and control systems.

Application security and access control processes development, assurance.
Main technologies:
Forge-Rock Open AM /Open IDM, CA Siteminder, Oracle XML GW, Beyond Trust Power Broker

Design and implementation of solutions aimed to provide access security: Management of privileged access policies, study and development for enterprise LDAP schemas, implementation and management of Unix Apache web servers, reverse proxies, secure access modules and their interaction with applications containers (Tomcat- Websphere-Jboss-Jetty).
Focused on security and compliance for web/cloud based applications.

Main protocols: REST, SOAP, SAML, XACML, 0Auth

Infrastructure security project management: Solutions design and implementation of security controls, responsible for the proper enforcement of procedures and processes, study of solutions aimed to automate the deployment of secure applications and enforcement of operational processes and practices.
In charge for solutions aimed to the management of global access control processes.
Have managed and delivered a project for a secure access solution to the main TME application servers pool.
Member of Enterprise Architecture team working at the choice of a new enterprise IDM solution and oversee of cross functional projects for the IT services continuous change management and innovation, member of change management committee and reviewer for the access control domain.
Monitoring solutions (SolarWinds--Nagios).

As CyberArk LTD representative / consultant, I have been responsible for supporting the implementation and daily operation of the Cyber-Ark Privileged Identity Management application suite and infrastructure for international clients.

I have dealt with implementation, maintenance and integration of core identity management architectures on a worldwide scale, studying and delivering solutions aimed to perfect the identity and access management processes.
I have been hired as a consultant working on definite projects, focused on compliance and assurance.

Cyber-Ark LTD Certified Professional Partner

As a member of company SOC, i have been dealing with development, support and maintenance of applications. Responsible for assurance of critical security services, i have been managing a plethora of systems and technologies:

The main internal security infrastructure based on VmWare and Microsoft solutions providing authentication and roles based authorization to operators in the security organization, integrated with many specific systems and services.

I have been consolidating several applications into a single management scope, distributing them through Microsoft virtual apps services. Deployed and managed the EPO E-Policy Orchestrator suite from MCAFEE.

Deployed and maintained the CyberArk password management infrastructure.

I have been developing and managing a VmWare based mediated access system that enables company personnel to work on sensitive data and critical systems while having their activities logged analytically but never disclosed if not otherwise disposed for forensic analysis, assuring the integrity, confidentiality and non repudiability of the data.

Entitled for personal reliability and security clearance to look for evidences in the event of investigations.
Followed and assured compliance assesments, audit checks, risk analysis and mitigation, policies enforcement, incident handling.

Arcitectures management, systems administration (security infrastructure systems design, integration, monitoring, and troubleshooting) incident handling, compliance, vulnerability assessment and reporting, logs analysis, auditing.

In this position, as a consultant systems engineer and security specialist at company security operation center, i have been responsible for working on:
The main company antivirus infrastructure (Symantec) and its reports.
IDS infrastructure and monitoring/reporting (IBM ISS - Sourcefire).
Authentication systems and Identity management services, (CA Siteminder SSO, Alladin PKI, RSA-Secure-ID).
Privileged identity systems - passwords management (Cyberark EPV, Lieberman ERPM.
GRC solutions (RSA Archer, SAS).
Internal (departmental) CMS (MS sharepoint).
Internal security infrastructures (Vmware V-Sphere and Microsoft directory services).
Asset and monitoring tools (OCS - Solar Winds, Nagios, Ops-View).
Siem (Novell E-Sentinel - Net-Forensics).

As security specialist, have been maintaining and troubleshooting applications, deploying risk mitigation plans, following incidents handling and audits reports, performing vulnerabilities assessments and penetration tests, retrieving evidences by conducting logs analysis and events screening, taking part in forensic analysis.

Products specialties:

Ids/ips: ISS Site protector, Sourcefire/snort,
Correlation - forensics: E-sentinel, Net-Forensics, RSA Envision,
Access control: Ovpn, Check Point,
Infrastructure and virtualization: Vmware - Hyperview,
Monitoring: Nagios,
Access control: Cyber-Ark EPV, Lieberman ERPM, RSA-PKI

I have been implementing, maintaining and troubleshooting security applications, documenting and following their change management, deploying post-incidents mitigation plans, following incidents handling and audits reports, performing standard vulnerabilities assessments and penetration tests on all systems I have been managing, retrieving evidences by conducting logs analysis and events screenings, took part in major forensic analysis and investigations.

I have been reviewing technical documentation and response to security controls for all the solutions i have been delivering and managing.

Comune di Roma Dip. II, Sistemi informativi ed informatici dipartimentali.
City of Rome -- Lottomatica (gaming and payment services to public administration)

• I have been taking part of a complex re-engineering of the network and services at City of Rome IT department control room. The main point was the actualization of the many interconnected networks and the change management for the migration of the infrastructure from the existing Microsoft NT star model to the upcoming active directory technology.

• I have been managing a team of 7 engineers, collecting pre-requisites, writing the technical documentation, discussing the deployment phases with the senior engineering, deploying the new high availability infrastructure, putting in place patches distribution, antivirus, back-up processes and leveraging the transition moving many critical services and applications. In the team: 2 dba, 1 networking specialist, 4 systems engineer.
• I have been ensuring that all of the project sprints were accomplished in a timely fashion, reporting about advancements to stakeholders and supporting personnel after delivering the new assets and applications, worked side by side with security auditors, checking policies and systems hardening, writing guidelines, technical documents and manuals for operations. I have been handling the deployment of an asset inventory database.

As IT consultant I also participated in a project for the interconnection of the payment terminals distributed nationwide to the Lottomatica* banking and billing services, delivering the main infrastructural servers and supporting the development of payment system model and connection, authentication and proper functioning of client terminals.
I have been deploying client systems images and putting in place a security patches distribution plan, creating and implementing digital certificates for proper encrypted communication and creating vpn tunnels for securing endpoints communication channels.

*Lottomatica is one of the biggest italian companies in the gaming and lottery industry, providing also payment services to the public administration.