Security Architect and PSIRT Brand Manger for a variety of products which are in various world wide geographies.As Security Architect my responsibilities are to help the product teams follow IBM security policies and Security Design Lifecycle(SDL) as well as reviewing, commenting and approving product security assessments. These assessments contain evidence that products have followed IBM security procedures and policies such as:- dynamic scans- source scans- threat model- penetration test results- product security compliance- product development compliance.Federal security compliance under Federal Information Security Act(FISMA) has become a priority which I have investigated and presented the findings to our product teams.As the PSIRT Brand Manager, I guide, advise and manage the product teams on compliance with IBM PSIRT process. Responsibility include:- Internal and external security vulnerability tracking via IBM PSIRT policy which is driven by vulnerability severity(CVSS)- Managing product responses and actions to maintain compliance with IBM PSIRT procedures including working with product and legal teams- Reviewing and approving document flashes to Customers describing the security fixes and how to obtain them.- Managing the product team's security analysis, response, and fixes such that security milestones, set by legal and company PSIRT standards, are not exceeded- Created and presented a presentation to our product teams on IBM's PSIRT policy, Security Design Lifecycle(SDL), and how to quickly get started with our PSIRT tooling.Continue to work on the IBM Developer for System z(IDz) product, with multiple responsibilities including, SVT(System Verification Test) and Host System Administrator. These are documented in the January 2017 to March 2022 time frame.

Work on the IBM Developer for System z(IDz) product, which used to be named RDz, with multiple responsibilities:SVT(System Verification Test)- Testing includes Remote System Explorer(RSE) servers, Host Connect 3270 and VT100 emulation, Menu Manager, Remote Connection Emulator(RCE), EWM/RTC Integration for z, SONAR Lint, and Dependency Based Build(DBB)- Performance Test- Test case automation with RFT and RCPTT- All clients are VMWARE images running a variety of Windows, Mac and Intel Linux operating systems. Host System AdministratorI backup our primary z/OS system administrator. Responsibilities includes system IPLs, user ID management, problem determination, as well as starting and stopping system applications.Agile Iteration Manager/Scrum MasterFrom 2017 to 2020, we implemented Agile practices into our SDLC and I was the Iteration Manager/Scrum Master for our squad responsible for the following:- Tracked and managed our squad's tasks and defects- Kept focus on prioritization of tasks and defects- Created status reports for Scrum meetings- Ran Scrum meetings- Maintained queries used to track tasks and defects- Maintained the squad's status dashboard.

Temporarily assigned to the IBM System z Block Chain product where I created the build environment. The build ecosystem was spread across four Linux for z mainframe LPARS in different geographies in the US and Europe. The distributed builds were controlled with a master Jenkins system on Red Hat Linux which controlled the builds sent to the LPARS . Source code is pulled from Git and the actual build was done in a Docker image. The Docker image is the build output and placed into service on Linux for z LPAR running an IBM SSC(Secure Service Container).Besides the build environment, I was also responsible for acquiring, and managing, Linux VM's and LPARS on a variety of mainframes in the US and Europe.

The Security Lead for over twenty Rational products owned by three IBM Directors. As a Security Lead, I guide, advise, and manage the product teams on compliance with IBM security procedures. This includes:- Source and web application security scans. - Threat Models and internal security metrics.- Internal and external security vulnerability tracking.- Managing product responses and actions to maintain compliance with IBM security requirements including working with product and division level legal teams.- Creating and approving document flashes to Customers describing the security fixes and how to obtain them.- Managing the product team's security vulnerability analysis, response, and fixes such that security milestones, set by legal and company standards, are not exceeded.- Approving product Security Plans as part of the Quality Plan and Quality Certification process.- Improve current security procedures, as well as creating, and implementing new security requirements.Continued to work on the Rational Developer for System z(RDz) product, with multiple responsibilities including, SVT(System Verification Test), Performance Test, test automation and VMWARE administrator. These are documented in the Oct 2003 to March 20216 time frame.

Currently working on the Rational Developer for System z(RDz) and Rational Development and Test(RD&T) products with multiple responsibilities:SVT(System Verification Test)- Testing includes Remote System Explorer(RSE) servers, Host Connect 3270 and VT100 emulation, Menu Manager, as well as, C/C++ and COBOL editing, building, debugging and executing on AIX via the Rational Developer for System p(RDp) RSE server.- RSE servers allow Windows Explorer type access to servers. Servers tested and administered include AIX, Solaris, Red Hat Linux and zLinux, and SUSE Linux and zLinux. - Prior to a reorganization, I was the team leader of six people testing an RDz component called System Flow Modeler(SFM).Performance Test- To automate some performance tests, I wrote a test tool that is a Java Eclipse plugin, using internal and external product APIs, to simulate up to 1200 users on four client systems to drive traffic to a System z host. The tool can also perform various workloads using these APIs.- Rational Functional Tester(RFT) was used to create an automated environment to simulate N number of users performing edit, build, and debug operations via the RDz client GUI to drive traffic to RD&T server running emulated System z which was in turn hosting the RDz server and host applications. RFT allows for the simulation of user interaction with a GUI front end, and with the use of Java, code can be written to easily allow substitution of values used by the simulated user. Each RFT instance runs on a VMWARE client that is started and controlled by scripts using Software Testing Automation Framework(STAF). This allows one system to control N number of systems.- Wrote the RDz RSE server documentation and review the documentation for various RDz functional areas. - All clients used for the previously mentioned work items are VMWARE images running a variety of Windows and Intel Linux operating systems. I am one of the VMWARE administrators for our VMWARE servers.

Worked in SVT on the Host Access Services/Host Access Server(HATS), Host Publisher and Communication Server products. Communication Server ran on Windows and Netware servers. Using Window clients, HATS and Host Publisher create web applications that are then run on WebSphere Application Server (WAS). My tests executed server workloads on AIX and Solaris running WAS in stand alone mode, as well as federated with multiple WAS nodes via WAS Network Deployment(ND). HATS and Host Publisher was also tested on iSeries.I was responsible for purchasing, installing, maintaining, and administrating AIX and Solaris servers. There were about a dozen systems for each operating system, as well as more than a dozen Windows boxes used as LoadRunner agents and client testing. Maintaining security compliance was a major part of my duties.Executed stress tests using LoadRunner to create and run scripts on Windows clients to drive traffic to WAS running on the AIX and Solaris servers. A Linux based HTML stress program called JIBE was also used to drive traffic to the AIX and Solaris servers running WAS.A Java client/server program was written to control test systems from a single controlling computer. Another Java program was written to generate a DB2 database with user specified values. This allowed for the creation of a database of a given size with a specified number of records. This was used as part of system test on AIX and Solaris servers.

Worked as a developer and tester for FVT and SVT on the IBM NetSP Single Sign On product. The product was was written in C and ran on Windows 3.1/NT, OS/2, MVS, Solaris, DOS, and AIX. - Designed and wrote an API test tool in C which tested IBM NSM APIs as well as the GSS(Generic Security Services) APIs. The test tool used text files to drive APIs which automated FVT and SVT and greatly increased test coverage as the tooling allowed the easy creation of hundreds of test “programs” as simple text scripts. - The test tool was run as part of Build Verification Test(BVT) by a set of REXX scripts that executed the API test tool. Other REXX scripts analyzed the test results and produced a summary file showing errors found during the test run. The GSS/NSM API test tool was released as a PRPQ.- Other responsibilities included product development, product design, testing, documentation writing, builds, and direct customer support. I wrote the API test tool documentation when it was published as a PRPQ.- All product development was done on AIX and ported to other platforms. Installing operating systems and system administration on AIX, OS/2, DOS, and Windows was part of my development, build and test duties.- Specified requirements for AIX, OS2, Windows NT, and AS/400 hardware and software purchases. - Created, maintained and ran build scripts to build the product. The product build was controlled by REXX scripts on AIX. The scripts first started compiles and links on AIX and then started build scripts on OS/2, Windows, DOS, Solaris and MVS.

- Wrote a test tool in C that allowed the test automation of OS/2 multimedia commands via easily written text scripts.- System Verification Testing of OS/2 multimedia commands and APIs.- Wrote OS/2 Presentation Manager C sample programs that demonstrated OS/2 multimedia API usage. The sample programs was part of the OS/2 documentation.- Worked as Level 3 OS/2 support for hard drives and device drivers.- Wrote a finite state machine(FSM) in C that was the controlling software for a Call Processing Gateway(CPG) telecommunication switch. A subsequent project, used an FSM written in C, to create a Intercept Processing Gateway(IPG) that worked with the CPG.- CMVC(Orbit) installation code with C Shell on a UNIX variant running on the System/88.

Responsibilities were programming and debugged programs written in C on DOS and OS/2. Modification and debugging of assembler code for the 80286/80386 family of chips was also accomplished. Executable files were also debugged with Debug type utilities at the assembler/machine code level.

This position tested the OS/2 Help Manager on a wide range of PS/2 computers. Programs written in C were also done for use with the department's product.

Responsibilities included system analysis, PC repair, hardware/software trouble shooting and installation, training classes, and wide area network coordination. Programming was also done in C and DBase III+. A major project involved the design, development, and implementation of an employee opinion survey system. The system was written in C and required 4000+ lines of code.I also worked with the Criminal Investigation Division(CID) when search warrants were executed. My role was to search computers for evidence, advise the Agent in Charge(AIC) of my findings, and expand the search warrant by swearing to the need to a Federal Magistrate.

This position involved operation of computers to perform student registration as well as maintenance of databases. Databases were kept on class schedules, gradate information, and student grades. Instruction was also given to other employees on how to operate personal computers.

A small company had purchased a personal computer and required assistance in setting up the computer as wall as installation of software. Databases were designed for billing and mail order lists.

The work assignment was during the development of the PS/2 computers. The new computers were tested with test cases and commercial software packages. At least 50 different programs were used ranging from Lotus 123 to C compilers. I wrote C test cases and was also involved in the study of radio interference problems on new monitors.

This was a department where I had worked in the past. It had a sudden increase in its workload so I volunteered to work there during the summer. The position required interaction with employees who wanted to know the type and amount of benefits they would receive if they retired.

This position was in a department that dealt with the Florida State Legislature. They wished to automate their operations by using computers. The department needed to communicate with branch offices throughout the state and exchange data by computers. I was hired to perform a system analysis on the department's requirements, purchase equipment, write programs to solve the departments problems, and educate the members of the department about personal computers. A structured BASIC program of 3000+ lines was developed to track contacts in the legislature.

This position was split into two different responsibilities, computers and retirement calculations. Studies were done on the procedures of the department. Two separate computer systems were then implemented based on the studies. Programming in a structured version of BASIC was also done.The other responsibility was in the area of retirement calculations. These calculations were used by the employees to make decisions regarding potential retirement benefits.