Led the Information Security and Compliance program for the District’s DC Access System (DCAS), an integrated eligibility and enrollment platform for all health and human services. DCAS program is a partnership between the Department of Health Care Finance, the Department of Human Services, and the Health Benefit Exchange. Managed 15+ member team focused on Security Operations and Architecture; Application Security and Coding; Identity and Access Management; and Governance, Risk and Compliance.Established program wide compliance with security and privacy frameworks such as NIST SP 800-53, MARS-e 2.0, IRS Publication 1075, FISMA, SSA TSSR, HIPAA.Successfully completed numerous internal and external Federal audits including IRS Audit; SSA security assessment; and independent third party security assessment for CMS Authority to Operate.

DC Access System (DCAS) Security Lead

- Implementing Oracle Identity Management solution for MCPS which is the largest school district in Maryland and 16th largest in U.S.- Automating digital identity lifecycle management by configuring real-time Staff provisioning and de-provisioning to resources and groups (AD, Exchange, OASIS, OID, FMS, etc) across 200 schools, eliminating the errors, time lag and costs involved in manual administration of identities.- Configuring automatic role based access across domains to ensure information is secured against constantly changing and multiple roles.- Configuring password policies specific to roles and resources to ensure MCPS is compliant with The State Information Technology Security Policy.- Customizing the user interface based on users role. - Implemented custom product to allow Users to self reset password from their desktop by directing them to OIM password reset page, reducing Helpdesk overhead

Designing and implementing Oracle Identity Management solution at UofL for over 300K users. This solution is intended to replace the current Novell Identity Management implementation.Installed and configured Oracle Identity Manager on RHEL 5.3, WebLogic Application Server and Oracle RAC Database. Implemented custom connectors for provisioning to PeopleSoft CAMS interface, AD 2003 and 2007, Exchange 2007, Remote Manager, Outlook Live and for Password Synchronization across above mentioned systems.Conducted 4-day hands-on training for the management and the technical staff of UofL utilizing training material such as live recordings and demos tailored specifically to meet UofL'sIdentity management requirements.

Designed and implemented identity management solution at Digital River. The solution integrates Oracle Identity Manager with Active Directory and SAP applications (HCM and CUA) to provide automatic user account provisioning and de-provisioning to Digital River employees. The solution allows self service password changes, password synchronization and report generation for auditable actions.

- Implemented OIM with AD Exchange, RSA.- Designed and implemented Oracle Adaptive Access Manager integration with Citrix.

As a Software Security Consultant at Cigital, I worked on-site at a Fortune 500 financial institution in NY. I provided prescriptive guidance to the software developers and testers assisting them in developing secure software. I performed Dynamic Vulnerability Assessments (DVA) of numerous client-facing web applications using HP's web scanning tools. As part of the DVA team, I interfaced with the application business unit and the internal security/audit group to communicate the business and technical risks from the identified vulnerabilities and provided the mitigation strategies for the same.