James Potter Email & Phone Number

Seattle, Washington, US

DSE was founded with one simple guiding principle. Do better. Do better by our clients, do better by ourselves and do better than our competitors in every way possible.

GB

• Red Forest (ESAE) architecture project with lab and production implementations.
• HGS (Host Guardian Service) deployment in a dedicated forest to secure Hyper-V cluster VM’s in both production environments and the Red Forest.
• Dynamic local group membership management implemented through a combination of built-in group policy preferences and PowerShell automation which allows for granular temporal server access utilizing shadow principals.

• High security ESAE/Red Forest architecture projects for government clients and other high-profile customers.
• Local admin permission creep was becoming an issue and needed to be addressed. Through wildcard group policy preferences and PowerShell temporal admin membership, management of local admins through domain security.
• Long term health and performance trending was needed for domain controllers in multiple domains. Using a backend of SQL with PowerShell doing the heavy lifting we were able to identify trending patterns on a web front.

London, GB

• PowerShell automation project for Active Directory object provisioning in a large healthcare environment. The automation was the first stage in a high security migration project involving an acquisition that was AWS.

GB

• Red Forest analysis and design project. Investigated current state then implemented design and deployment documentation detailing the requirements for the install process.
• As a prerequisite for the Red Forest implementation a full role-based access control model was implemented for multiple security tiers. IAM controls were hooked in to prevent access loopholes and elevation through.
• AD security risk analysis with a focus around solutions using current application space in order to reduce app sprawl. With many SAAS and partial IAAS implementations needing to be roped in during the process.

London, GB

• Domain Admin reduction security initiative for human and non-human accounts, architecting role based solutions to remove the need for these domain admins.
• Analysis and design recommendation for a Red Forest implementation to help mitigate pass the hash vulnerabilities.

Tukwila, WA, US

• Brought in to establish a working IDM system where only a piecemeal solution existed.
• Working closely with HR and data source owners to setup workflows in the RSA IAM suite to automate user/service account/group provisioning and de-provisoining.
• Active Directory security audit revealed an active need for privileged account isolation, Red Forest was proposed and a pilot implemented for stakeholder review.
• Security delegation to remove the need for wide spread domain admin usage in active directory. Role based model implemented for different usage tiers allowing the removal of the domain admins.
• OU and GPO consolidation project to ease maintenance and troubleshooting.

Toronto, ON, CA

• Project goal was to identify all non-human accounts in the AD structure and correlate them with owners with as little staff interaction as possible. Remaining time was spent performing a security audit with an emphasis.
• This was accomplished by gathering data using PowerShell and storing it in SQL then performing table references to determine owner(s) and details.
• Data was gathered from audit logs to show login source/destination, DNS for short name of server, inventory for server owners, a ticketing system for account owners and active directory. When parsed and arranged in a.

Redmond, Washington, US

• Brought in to develop an independent secure forest for the Windows phone project.
• All aspects of data gathering design and implementation in addition to deployment for a new forest for the Windows phone development group that enables all the functionality that currently exists in the present.
• Dynamically updated geographical site map with logical site link data implemented to display replication routes.
• PowerShell updated pivot table with detailed site/subnet information for IP planning and networking monitoring in relation to geographical location.
• Created a project plan for the new forest infrastructure with supporting features and performed a quantitative cost analysis of the migration vs. current cost.

Richfield, Ohio, US

• At the client I work closely with the AD engineering team to help improve their operational efficiency and security through Group Policy Preferences
• Specifically we are implementing a deeper OU hierarchy to replace the relatively flat structure that currently exists. This will allow a tiered out RBAC setup utilizing a least privileged model.
• In addition I analyzed current startup/logon VB scripts with the goal of improving login time and presenting a more standardized model. The end results are improved startup time and logins for desktops as well as being.
• Some of my other work at SunTrust included advanced PowerShell scripting to enable single/bulk AD item restores through the use of the AD Recycle Bin. These scripts enable the client to quickly and recursively restore.

Yes, Network Engineering

Education record

Education record

Education record

Education record

Education record

Education record

Education record