Security Experience
The Phoenix financial management company contracted with me to oversee
and provide technical and business guidance to their multi-million dollar
security program. The program included various projects in areas such as -
Web Access Management using TAM, Roles Management using Aveksa,
RBAC, Employee Laptop Security, and policies and procedure development
with in the EAM domain. With each of these project I have had an integral
hands on role with the technology implementation and the resulting
business processes. System integration was a major factor in each of these
projects.
and provide technical and business guidance to their multi-million dollar
security program. The program included various projects in areas such as -
Web Access Management using TAM, Roles Management using Aveksa,
RBAC, Employee Laptop Security, and policies and procedure development
with in the EAM domain. With each of these project I have had an integral
hands on role with the technology implementation and the resulting
business processes. System integration was a major factor in each of these
projects.
 |  |  |  |  |  |  |  |
Expertise
- CISSP
- CEH
- RBAC
- SOX
- Risk Assessments
- Access Management
- Personal Security
- Roles Management
- Identity Management
- Security Architecture
Over the years security has gained in
importance and my interest in the field has
grown as well. More than half of my consulting
experience is in the security area.
importance and my interest in the field has
grown as well. More than half of my consulting
experience is in the security area.
Program Management
Security is a layered and multifaceted discipline - it's policies and
procedures, technologies, and intelligent business practices that make
customers and partners feel protected without putting undue burdens on
business processes or hampering the flow of commerce.
I have had numerous security projects over the last 10 years that have
provided me with varied technical and business domain knowledge. I have
also enhanced my educational background by successfully completing
study for a CISSP (Certified Information Systems Professional) certification,
OCTAVE certification, and course work for CEH (Certified Ethical Hacker).
procedures, technologies, and intelligent business practices that make
customers and partners feel protected without putting undue burdens on
business processes or hampering the flow of commerce.
I have had numerous security projects over the last 10 years that have
provided me with varied technical and business domain knowledge. I have
also enhanced my educational background by successfully completing
study for a CISSP (Certified Information Systems Professional) certification,
OCTAVE certification, and course work for CEH (Certified Ethical Hacker).
Roles and Identity Management
I have detailed hands on experience with roles and Identity management. I installed,
configured and implemented a detail POC using Sun Identity Manager. My roles
management experience includes a business and technical perspective. Working closely
with the Audit Department I have implemented new business practices for SOX
(Sarbanes-Oxley) compliance with the new roles management tool - Aveksa. I was the lead
technologies on the project that installed, implemented, and rolled out the Aveksa system,
This incorporated system integration, role definition, and all facets of preparing the software
for production. I have experience with other roles management tools -- Vaau (purchased
by Sun) and BridgeStream (purchased by Oracle).
For additional information on this topic see my blog entry on the topic -
http://aegissecurityworks.blogspot.com/2008/11/roles-management-or-identity-management.
html.
configured and implemented a detail POC using Sun Identity Manager. My roles
management experience includes a business and technical perspective. Working closely
with the Audit Department I have implemented new business practices for SOX
(Sarbanes-Oxley) compliance with the new roles management tool - Aveksa. I was the lead
technologies on the project that installed, implemented, and rolled out the Aveksa system,
This incorporated system integration, role definition, and all facets of preparing the software
for production. I have experience with other roles management tools -- Vaau (purchased
by Sun) and BridgeStream (purchased by Oracle).
For additional information on this topic see my blog entry on the topic -
http://aegissecurityworks.blogspot.com/2008/11/roles-management-or-identity-management.
html.
I also security experience in the following areas -- risk assessments, building security into the
Enterprise Architecture framework, security reviews (computer systems and employee procedures),
physical security measures, and home based security systems.
Enterprise Architecture framework, security reviews (computer systems and employee procedures),
physical security measures, and home based security systems.
| | | | | | | |
Nicholas Vennaro MScs, MBA, CISSP, CEH
System Architecture, Design, Development, and Security
System Architecture, Design, Development, and Security
Service ID Remediation
Service Identities are non-human accounts that are used to connect to resources in the
organization - most typically a resource is a database. Service ID's used in organizations
tend to be poorly managed and constitute a significant security hole.
As the technical architect and subject matter expert for a large international financial firm I
created and implemented a fully automated solution to their Service ID issue using industry
standard solutions (OpenSSL, X.509 certificates, PKI).
organization - most typically a resource is a database. Service ID's used in organizations
tend to be poorly managed and constitute a significant security hole.
As the technical architect and subject matter expert for a large international financial firm I
created and implemented a fully automated solution to their Service ID issue using industry
standard solutions (OpenSSL, X.509 certificates, PKI).