• Set up the enterprise authentication capability, defining the team structure and delivery methodology with a focus on agile (sprint and Kanban).• Managed the architecture and defined the Key Deliverables for the team.• Designed & delivered the UBS and CS authentication integration patterns, thus enabling CS & UBS employees to access each other's applications.• Expanded the IDP onboarding self-services portal offering, leading to a 20% increase in IDP adoption away from direct authentication for applications year over year.• Defined the exit strategy for CS legacy services and how UBS services could be cross-leveraged to reduce the total footprint, leading to licensing and runtime savings.• Engaged with development, engineering, consultancy and operation teams, providing guidance, reviewing deliverables, auditing environments, and ensuring compliance with policies and best practices.

• Defined the strategy & multi-year roadmap for Enterprise & Client authentication • Lead architect on RFP for Enterprise & Client AuthN use case• Ran weekly capability-level design authority with all architects within the capability • Outlined a Zero Trust strategy and how identity first approach would enable a layered approach to security.• Define a BYOD authentication strategy. This allowed the bank employees to utilise SaaS services on their personal devices using unified credentials and IDP services.• Primary lead from the Security Team on an RFP for an Enterprise Mobile Authentication (MFA) solution run by the End User division. I defined the requirements and UX and reviewed the RFP response and selection criteria.

This role encompassed designing and implementing a modern DevOps centric Identity and Access Management (IAM) solution. It required presenting complex integration patterns to the C level within the client management and to deep dive into low level technical details with the developers. The client changed the required hosting environment twice during the project, this went from standalone virtual machines to being docker hosted to eventually, kubernetes hosted containers. This required me to create several designs to reflect the changes in the external hosting requirements. The end solution was a Forgerock (OpenAM & OpenDJ) system running within docker containers on managed kubernetes clusters hosted on Amazon Web Service (AWS). This was then integrated with the main application using open standards namely OAuth2.0 and Open ID Connect (OIDC). Additional highlights of the solution I designed, was a mutual authentication and authorisation pattern that allowed micro services to securely communicate between each other, whilst running in a fully automated DevOps containerised environment.Key technologies utilised: Forgerock (OpenAM & OpenDJ), JWT (Java Web Tokens), OpenID Connect, Kubernetes, Docker, PKI, OpenLDAP, Camel, Vault, Gitlab, Jenkins, Maven, ANT.

I provided an industrial client working on (IoT) connectivity, a strategy, roadmap and architectural review. After understanding their current solution and also the desired requirements within their technology roadmap, I demonstrated how best practices could be used to provide a secure communications infrastructure. This required C level management engagement workshops with additional deep dives into the technical solution with the project team. The outcomes of the workshops lead to the client adopting best practices for their chosen technology and cloud hosting environment (AWS).

I provided a critical review of the client current IAM architecture and presented the findings. I demonstrated the power of a unified IAM solution. It was shown how the integrated IAM would improve security, help to meet compliance requirements, simplify auditing and enhance the user experience for their employees. This client had a major business driver to move to the cloud and to meet regulatory requirements. The key message was how a single sign on (SSO) and identity provisioning management system though an IDaaS solution can bridge onsite services and newly procured cloud services together. Additional work for this client included a review of identity access across several key systems. This showed that urgent action was required and reinforced the initial action plans for transition to the IDaaS solution. Within the final part of the project I created a POC to showcase an IDaaS solution being integrated with the client key technologies (SAP, Sharepoint, AD).

Lead Architect advising and setting technical direction on the development of the identity as a service (IDaaS) platform. This included working with the technical delivery team, setting the high level technical goals, reviewing the delivery outcomes at the end of the agile sprints. This IDaaS solution was based on Forgerock and RSA Via products, and when combined with DevOps it enabled an automated and managed deployment into the Cloud environments. Notably this included developing a proof of concepts (POC) to showcase how the solution could meet the customer use cases.

Responsible for designing integrating between multiple systems (Salesforce and Oracle based systems). This also expanded to cover end to end design of solution and functional designs, in addition to logical data mapping.

Designing technical solution for contractual change requests. This was mainly focused on migration of legacy systems to be transition onto a modernised platform. It involved managing multiple stake holders, interaction with multiple internal teams (Support Team of the legacy systems, WinTel, Storage, Networking, Security & CTO), external suppliers of hardware and software, a service company providing secure disposable of equipment, and support.

Solely responsible for the Authentication and Authorisation (A&A) development stream. This role was critical in maintaining the overall application accreditation, at Impact Level 4. During this assignment the key achievements were:• Owning the requirements, design, development, deployment and support of the A&A deliverables• Directly engaging with and advising the project CLAS consultant on on-going development and future changes• Reporting directly to the Development, Security and Application Platform Managers• Packaging and deployment of several COTS products including: OpenSSO / OpenAM - Apache HTTPD - LDAP• Integration of A&A interfaces with 3rd party Identity and Authentication Provider, using: SPML - SAML - CRL - PKI• Mitigation of reported security vulnerabilities within COTs products.

• Managed PKI solution development and integration, including creating Issuing Certificate Authority and integrating with Hardware Security Modules (HSMs).• Delivered a secure file transfer (FTPS/HTTPS) solution, including its deployment & packaging of vendor products on a secure air-gapped network.• Prototyped a facial recognition offering to key stakeholders to demonstrate how it could be used within the service as an additional value add.• Engineered the package of the IAM tools SUN OpenSSO (now ForgeRock OpenAM) and LDAP for automated deployments.• Managed open source products including compilation and deployment of Apache HTTPD, Squid, Map Server, Tomcat onto Solaris hosts using SPRAC processors,