Security Experience
The Phoenix financial management company contracted with me to oversee
and provide technical and business guidance to their multi-million dollar
security program. The program included various projects in areas such as -
Web Access Management using TAM, Roles Management using Aveksa,
RBAC, Employee Laptop Security, and policies and procedure development
with in the EAM domain. With each of these project I have had an integral
hands on role with the technology implementation and the resulting
business processes. System integration was a major factor in each of these
projects.
and provide technical and business guidance to their multi-million dollar
security program. The program included various projects in areas such as -
Web Access Management using TAM, Roles Management using Aveksa,
RBAC, Employee Laptop Security, and policies and procedure development
with in the EAM domain. With each of these project I have had an integral
hands on role with the technology implementation and the resulting
business processes. System integration was a major factor in each of these
projects.
 |  |  |  |  |  |  |  |
Expertise
- CISSP
- CEH
- RBAC
- SOX
- Risk Assessments
- Access Management
- Personal Security
- Roles Management
- Identity Management
- Security Architecture
Over the years security has gained in
importance and my interest in the field has
grown as well. More than half of my consulting
experience is in the security area.
importance and my interest in the field has
grown as well. More than half of my consulting
experience is in the security area.
Program Management
Security is a layered and multifaceted discipline - it's policies and
procedures, technologies, and intelligent business practices that make
customers and partners feel protected without putting undue burdens on
business processes or hampering the flow of commerce.
I have had numerous security projects over the last 10 years that have
provided me with varied technical and business domain knowledge. I have
also enhanced my educational background by successfully completing
study for a CISSP (Certified Information Systems Professional) certification,
OCTAVE certification, and course work for CEH (Certified Ethical Hacker).
procedures, technologies, and intelligent business practices that make
customers and partners feel protected without putting undue burdens on
business processes or hampering the flow of commerce.
I have had numerous security projects over the last 10 years that have
provided me with varied technical and business domain knowledge. I have
also enhanced my educational background by successfully completing
study for a CISSP (Certified Information Systems Professional) certification,
OCTAVE certification, and course work for CEH (Certified Ethical Hacker).
Roles and Identity Management
I have detailed hands on experience with roles and Identity management. I
installed, configured and implemented a detail POC using Sun Identity
Manager. My roles management experience includes a business and technical
perspective. Working closely with the Audit Department I have implemented
new business practices for SOX (Sarbanes-Oxley) compliance with the new
roles management tool - Aveksa. I was the lead technologies on the project
that installed, implemented, and rolled out the Aveksa system, This
incorporated system integration, role definition, and all facets of preparing the
software for production. I have experience with other roles management tools
-- Vaau (purchased by Sun) and BridgeStream (purchased by Oracle).
For additional information on this topic see my blog entry on the topic -
http://aegissecurityworks.blogspot.com/2008/11/roles-management-or-identity-
management.html.
installed, configured and implemented a detail POC using Sun Identity
Manager. My roles management experience includes a business and technical
perspective. Working closely with the Audit Department I have implemented
new business practices for SOX (Sarbanes-Oxley) compliance with the new
roles management tool - Aveksa. I was the lead technologies on the project
that installed, implemented, and rolled out the Aveksa system, This
incorporated system integration, role definition, and all facets of preparing the
software for production. I have experience with other roles management tools
-- Vaau (purchased by Sun) and BridgeStream (purchased by Oracle).
For additional information on this topic see my blog entry on the topic -
http://aegissecurityworks.blogspot.com/2008/11/roles-management-or-identity-
management.html.
I also security experience in the following areas -- risk assessments, building
security into the Enterprise Architecture framework, security reviews (computer
systems and employee procedures), physical security measures, and home
based security systems.
security into the Enterprise Architecture framework, security reviews (computer
systems and employee procedures), physical security measures, and home
based security systems.
| | | | | | | |
Nicholas Vennaro MScs, MBA, CISSP, CEH
System Architecture, Design, Development, and Security
System Architecture, Design, Development, and Security
