| Contact Information | |
| Name: | George Moraetes |
| Email: | job (at) moraetes (dot) com [email concealed] |
| Location: | Oswego, Illinois, United States |
| Resume | |
| Position/Title: | Director, Information Security |
| Resume: |
George Moraetes, CISM Email: job (at) moraetes (dot) com [email concealed] Web: http://www.moraetes.com Summary: Accomplished and certified IT Security Executive and Enterprise Architect with a proven international track record of successfully completing highly complex enterprise-wide technical projects, developing and improving technical and security processes, reducing departmental costs, effectively managing project timelines and resources, managing and mentoring solutions-oriented, multi-disciplined, multinational teams. Professional Experience: Mortech, Inc. - Oswego, IL Enterprise and Information Security Architect (01/1996 – Present) Information Security Architect, Project Manager, Instructor and Engineer for Fortune 100 Corporations and the Federal Government managing, designing and implementing security architectures. Responsibilities include the delivery of security analysis, architectures and recommendations implementing new technologies into existing enterprise environments. In addition, providing project group leadership, budgets, forecasting, headcount, resource allocation, deployment, move planning, logistics, recruiting, team building, process design, methodology, mentoring and development of IT staff. • Developed Identity Management Infrastructure framework to apply policy-based authorization to applications and resources based on a user’s business role or relationship to a given organization. This includes services relating to development, deployment, testing, implementation, support and maintenance of role based access control (RBAC) and federated (SAML) infrastructures. • Developed system hardware, telecommunication and application architectures for UNIX and NT server based Intranet systems. • Conducted various onsite training seminars HTML, CGI programming, security and E-Commerce. • Conducted installations, configurations and technical support for Sun and Microsoft server applications. • Provided programming, architecture, analysis, systems integration, development, deployment, and training of Microsoft and Sun web technologies. • Provided system architectures, web content methodologies acquiring focused content from multiple divisions/departments, deployment applications using Vignette and Interwoven, Human Resources and Finance web integration utilizing SAP and PeopleSoft. • Provided system analysis, installation and configuration of web and database servers, trouble shooting server issues, Windows 2000 implementation and migration from NT 4.0, testing/QA and documentation. • Developed application and security infrastructure processes and policies adopted for E-commerce systems. • Provided Internet/Intranet/E-commerce business contingency, disaster recovery and risk assessment analysis. • Provided security awareness to business users of web systems. Developed web security architecture for B2E, B2B and B2C initiatives. • Provided technical physical infrastructure architecture implementing DMZ, Firewall and back office integration. • Developed logical security application architecture utilizing iPlanet technologies, LDAP, WebLogic, CA Siteminder, Oracle Oblix, Entrust getAccess and RSA ClearTrust. • Designed the architecture and planned the roll out of Windows NT 4.0 migration upgrade to Windows 2000 for various web system environments. • Produced security policies and procedures (both organization-wide and departmental). Updated existing policies and procedures and developed new ones that are needed. • Conducted risk assessments to assess potential risks and vulnerabilities to individually identifiable electronic information. Included in the risk assessment is the possibility of outside attacks if systems have Internet access or dial-up. • Conducted Sarbanes-Oxley and HIPPA compliance assessments. • Evaluated the audit trails on existing information systems to allow the best protection. Project Assignments: DeVry University - Oak Brook Terrace, IL Technical Security Project Manager Served as a technical security project manager for various infrastructure and security projects. Spearheaded the projects from design to production implementation with an emphasis in security and managed teams ranging from 5 to 26 staff members. • Managed the replacement of Checkpoint/Nokia with Juniper firewalls for the corporate data center and twenty six university campus locations. • Initiated the Data Loss Prevention and Network Access Control projects and participated designing the implementation architecture. • Assisted and trained the security architect on various compliance mandates such as PCI, SOX and enterprise security architecture fundamentals. Marriott International - Bethesda, MD Enterprise Technical Security Architect A key senior member of Marriott's Information Security team responsible for providing leadership across the systems development life cycle of Marriott IR systems. Develop architectures and solution blue prints for emerging security technologies and standards. • Developer of security strategies and road maps. • Author security best practices documents, templates and white papers • Provide architectural patterns and technology standards guidance. • Provide guidance for security requirements and security related use/abuse cases. • Provide guidance on security risk assessments. • Facilitate preliminary and final review assessments providing recommendations. • Research and review emerging information security trends in the industry. • Lead security requirements, analysis and design for new technologies to meet Marriott enterprise business needs. • Consult with project teams to create security architectures for major Marriott initiatives. • Evaluate security technologies and provide security architecture direction. • Define IT security policies. • Develop framework for incorporating security processes to Marriott’s SDLC initiatives. Blue Cross Blue Shield of Delaware - Newark, DE Senior Systems Architect Responsible for technical security reviews on their new network and application architecture designs providing recommendations for best practices, SOX and HIPPA compliance. • Conducted firewall policy reviews implementing modifications to ISA server 2004 and Cisco PIX deployments. • Responsible for assessing application security and assisted on deploying the employer portal project to staging and production environments. • Conducted reviews for security, change control, segregation of duties, authorization, and recovery capabilities. • Conducted security reviews and implemented modifications encompassing NT, AD, AZ Man, DNS, IIS, and n-tier technologies. • Conducted security reviews for SQL 2000/2005, T-SQL, DTS and overall database access roles. • Implemented customized security roles with .Net 2.0 framework, ISA Web publishing. ABN AMRO - Chicago, IL Security Architect As Security Architect, was a key member of the Technology Risk Management of North America (TRM) team responsible for implementing, improving and enforcing bank information security policy, infrastructure security architecture and availability programs that secure ABN AMRO information assets. • Responsible for the risk assessment and regulatory analysis of technical security controls across all platforms. • Conducted Risk Assessment Compliance Reviews (Issue avoidance or mitigation), performed combined reviews with other IS areas to ensure appropriate controls and safeguards are in place to comply with corporate policy and regulatory requirements. • Conducted reviews for security, change control, segregation of duties, authorization, and recovery capabilities. • Maintained information on each application's ongoing level of compliance with corporate policies and regulatory requirements. Reported on the level of compliance and trends. • Assisted bank's business units with remediation by developing effective information security controls where total policy compliance is not achievable. Worked with operational support groups to resolve or mitigate control weaknesses. Reduce risk and limit waivers. • Engineered and designed new security solutions to protect the bank from information security threats and vulnerability. Lead project initiatives to identify security solutions and mitigating controls based on regulatory requirements that affect the bank's business units. United States Department of Commerce - Washington, D.C. Security Architect Served as a member of the Certification and Accreditation Security Tiger Team to ensure the Commerce Department Census Bureau's information systems are in compliance with various federally mandated laws such as the Federal Information Security Management Act (FISMA). • Analyzed network and application security architectures, conducting and documenting security testing validations, assessing and managing system performance, intrusion detection management, information systems security requirements development, certification and accreditation (C&A), studies and analysis, product and technology evaluations, log analysis, audit management and investigative support. • Developed technical system documentation, such as technical architecture and operations guides. • Defined, documented and conducted unit integration tests of telecommunication networks. General Electric Healthcare - Waukesha, WI Access and Identity Management Architect Served as a key member of the Single Sign On (SSO) and Identity Management teams. Responsibilities included designing standards and process for access management across multiple operating systems. Project Architect working with the IT Compliance, Provisioning, and Operations teams to implement access processes which meet business requirements. • Defined and maintained Sun One and Active Directory (LDAP) security models. • Defined monitoring, maintenance and capacity planning for Siteminder policy servers. • Designed processes for enterprise Active Directory user, group, printer, file share and password policy. • Design process for enterprise UNIX account management. • Drove corporate initiatives involving account standards in global multinational environment. • Designed consistent single sign-on (standard account name across multiple systems). • SOX Compliance. • Designed account process for domain consolidation and business integrations. Designed solutions for cross platform user administration. • Responsible for 55,000+ accounts across multiple OS platforms. • Develop and enforced SLAs for account management. • Delivered new global enterprise SSO and LDAP architectures for development, staging and production environments. • Provided project leadership for the deployment of new global SSO and LDAP architectures. • Provided technical leadership managing the global, domestic and offshore, SSO administration staff. Publix – Lakeland, FL Security Architect Served as a subject matter expert providing solution upgrade direction and implementation for Computer Associates’ Siteminder. • Provided solution upgrade project plan and direction for Siteminder version 6.0. • Performed the upgrade from Siteminder version 5.x to 6.0 in development, staging and production environments. This included all web server agents, policy servers and Active Directory policy stores. • Documented all design, development and upgrade efforts in testing, staging and production environments. • Assisted in 3rd level support and maintenance of all environments. • Instructed and cross-trained IT department personnel responsible for maintaining and administering the Siteminder infrastructure. Veterans Health Administration – Washington, DC Security Architect Served as a member of the Certification and Accreditation Project to ensure VA hospital information systems are in compliance with various federally mandated laws such as the Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPPA), Government Information Security Reform Act (GiSRA) and executive branch directives. • Duties conducted include analyzing various operating systems, applications, conducting security testing validation, assessing and managing system performance, intrusion detection management, information systems security requirements development, certification and accreditation (C&A), studies and analysis, product and technology evaluations, log analysis, audit management and investigative support. • Developed technical system documentation, such as technical architecture and operations guides. • Defined and conducted unit integration tests. Kraft Foods – Northfield, IL Security Architect Served as a subject matter expert providing solution development, architecture design, implementation and support for Computer Associates eTrust Siteminder, LDAP, Proxy and Reverse Proxy implementations across the global enterprise. • Designed Siteminder, Proxy, Reverse Proxy, LDAP and WebSphere maintenance support framework for all support levels. • Designed and implemented Siteminder knowledge base all support levels. • Provided 24x7 Siteminder support and maintenance. • Managed authorization privileges (user entitlements). • Created rules and policies to implement authorization permissions to web resources. • Support distributed, delegated, and administration for SiteMinder administrative activities. • Documented all design and development efforts in testing, staging and production environments. Internal Revenue Service – Lanham, MD Security Architect Served as a key member of the Infrastructure Engineering Project a major systems modernization initiative of the IRS. Contributed to the design and deployment of the infrastructure, which is a combination of custom software modules and commercial-off-the-shelf (COTS) software, hardware and security solutions, integrated to form the technical foundation for the IRS modernization. • Supported infrastructure Single Sign-On (SSO) architecture in development and test environments. • Served as an eTrust Siteminder subject matter expert supporting development and production environments. • Performed administration, testing and troubleshooting duties for eTrust SiteMinder authentication and authorization software. • Created and managed configuration and policy domain objects. • Implemented and maintained LDAP, groups and policies. • Assisted in architecture design planning and integration support. • Documented all design and development efforts in accordance to CMM and Enterprise Life Cycle standards. State Farm Insurance - Bloomington, IL Security Architect Provided solution development consulting for Computer Associates Siteminder implementations and 3rd level support for State Farm employees, Agents, Claim Representatives, Mortgage Lenders and automotive body shops. • Provided solution development consulting for Netegrity SiteMinder and IdentityMinder implementations for State Farm employees, Agents, Claim Representatives, Mortgage Lenders and automotive body shops. • Siteminder and Identity Minder product Installation, testing and implementation consulting. • Provided Siteminder 3rd level support and maintenance. • Managed authorization privileges (user entitlements). • Create rules and policies to implement authorization permissions to web resources. • Support distributed, delegated, and administration for SiteMinder administrative activities. • Provided support integration with affiliate web sites (portals). • Lead project consultant upgrading SiteMinder version 4.61 to version 5.5 and IndentityMinder implementation. Key Bank NA Corp. - Cleveland, OH Security Architect • Evaluated online Internet banking applications, code reviews and architectures to ensure transactional security. • Conducted ethical hacking to assess potential risks and vulnerabilities to online banking applications. • Researched and evaluated various Web Security Application Assessment Tools for assessment automation. Allegheny Energy, Inc. - Greensburg, PA Network Security Architect • Evaluated and designed enterprise infrastructure architecture delivering the hardware and software perspectives to provide 24 x 7 operations. • Designed a highly available e-infrastructure the will withstand hardware, circuit, network and software outages. • Documented the current environment, including software, hardware, support maintenance processes, ownership, business and technical interdependencies. • Designed a tiered Internet infrastructure with information security as a primary focus. The design included network infrastructure components, protocols, ISP/ASP services, load balancing, failover, disaster recovery, monitoring, firewall topology, configuration and policies. • Designed reverse proxy infrastructure topology and security configurations with eTrust Siteminder. AI Imperial Credit, Inc. (AIG Insurance) - New York, NY Security Architect • Designed network infrastructure and security architecture supporting over 20,000 insurance agency users. • Developed and implemented iPlanet LDAP and Netegrity Siteminder single sign on solution on a NT/Windows 2000 platform. • Evaluated corporate Internet/Intranet security policies and recommended modifications and additions to support the new implementation. Motorola, Inc. - Schaumburg, IL Application Security Architect • Designed and developed divisional Intranet system for the sales, marketing, human resource, information systems, accounting/finance and executive departments. • Administered development and production IIS Web, Site Server, Exchange 5.5 messaging/collaboration servers. • Implemented and administered a secured VPN solution connecting various manufacturing facilities supporting over 6,000 users. Advantis (IBM), Inc. - Schaumburg, IL Application Security Architect / Project Manager • Senior Project Manager and Architect for implementing a B2B custom Intranet system supporting over 25,000 users/300 trading partners using Netscape Enterprise, Messaging, Proxy, Collabra, Compass and Directory servers. • Developed document-handling architectures for Intranet sub-nets with direct DB2 database integration using Netscape based technologies. • Designed and implemented Developed PKI certificate based architecture for client access via Internet. W.W. Grainger, Inc. - Niles, IL Application Security Architect • System transfer planning Sales and Product Management Internet Web environment to internal Extranet. • Installation and configuration of development and production servers using Microsoft IIS. Performed technical system security audits of web infrastructure and provided detailed security recommendations. • Provided web architecture analysis and proposals for Human Resources. • Developed company-wide architectures for legacy integration and ERP with SAP and Tesseract. • Implemented SAP Security across all standard modules. • Configuration and use of Profile Generator, role base security using single and composite roles, user administration, naming convention, testing support, change control management, security design, audit support and documentation. Ben Franklin Retail Stores - Carol Stream, IL Information Systems Security Audit Manager (01/1992-01/1996) Responsible for complete audit engagements evaluating the security controls of corporate computer system environments. Served as a subject matter expert for various e-Commerce implementation projects. • Conducted Systems Development evaluations for purchasing/receiving, A/P, A/R, payroll, general ledger, human resources and various sub-systems integration from mainframe to client/server. • Conducted systems security evaluations, access privileges of all users. • Senior advisor to management on evaluating the implementation of a corporate wide point of sale system and Internet E-Commerce. • Conducted disaster recovery and business recovery readiness analysis. • Provided guidance for the development of corporate-wide IT security policies. • Administered compliance of corporate IT security policies reporting back to the CEO and to the Audit Committee/Board of Directors. • Provided IT audit recommendations and implementation plans to the Board of Directors for security compliance. • Developed and executed multiple concurrent IT audits, including reviews of existing production applications, systems currently being developed and specialized technological components. • Identified and assessed application-related risks (both business and technological) and to provide advice to management regarding these risks. • Lead various engagements and, in doing so, required to manage the budgeted hours, resources and project timelines while assessing the controls over physical and logical security; systems acquisition and development; system and network infrastructure; system architecture; change management; computer operations; and production support. • Conducted risk evaluations and audit prioritization and scheduling processes. • Mentored audit staff in areas of IT audit and technology expertise to develop a broader skill base and level of understanding of IT risks. • Assigned work to staff auditors based on their level of proficiency and personal development plan. • Counseled and educated staff auditors on the most effective ways to perform assigned work. Technical Skills: Security Applications: Sun Identity Management, Federation, Intrusion Detection/Response, Ethical Hacking, Cisco Routers, Cisco PIX, Checkpoint Firewall, SOCKS, RSA ClearTrust, CA Siteminder, CA Identity Manager, Sun Identity Management (Waveset), Oracle Oblix, Proxy, Reverse Proxy, IBM Tivoli, VPN, PKI, Foundstone, Axent, ISS, Forensics, RACF, ACF2 and Top Secret. Business Applications: Sun Messaging, Web and Directory, Injoin Critical Path Directory, CA eTrust Directory, Microsoft Active Directory, Meta/Join Directories, WebSphere, WebLogic, Cold Fusion, J-Run, Tomcat, New Atlanta, CA TransactionMinder, Microsoft Exchange, IIS, SNA, WebTrends, Lotus Domino/Notes, Novell eDirectory, Vignette, Broadvision, Corporate Yahoo Portal (Tibco), Plumbtree and Interwoven. Operating Systems: Windows Vista/XP/NT/2000/2003/2008, MVS/TSO/CICS, AIX, BSD, Linux, Solaris and HP-UX. Hardware Platforms: HP/Compaq Proliant, Dell Power Edge servers and IBM mainframe. Development Technologies: REXX, JCL, FORTRAN, Cobol, Easytrieve, Quiz, SAML, HTML, SGML, DHTML, XML, VRML,TCL, SQL, ASP, JavaScript, Java Servlets, JSP and Java/J2EE. Network Protocols: TCP/IP, SNA and IPX. DBMS: Oracle, DB2, MS Access, and SQL Server. Education: BA - University of Iowa, Iowa City, IA AA - Black Hawk College, Moline, IL Certifications: CISM, Certified Information Security Manager CGEIT, Certified in the Governance of Enterprise IT (completion by 10/2008) Publications: • Member of the Institute of Internal Auditors (IIA) E-Commerce Task Force board for developing auditing security standards. • Information Systems Audit and Control Association (ISACA) volunteer for reviewing framework for Internet/Intranet security controls. Affiliations: Information Systems Audit and Control Association (ISACA) |