From: route@monster.com
Sent: Saturday, May 07, 2016 5:09 AM
To: hg@apeironinc.com
Subject: Please review this candidate for: Cloud
This resume has been forwarded to
you at the request of Monster User xapeix03
|
|||||||
|
|||||||
|
|
|
||||||
|
||||||
|
Kevin O’Neil, CISSP 3525 Del Mar Heights Road, #327 San Diego, CA 92130 Phone: 858-793-8100 Email: koneil@cyva.com Citizenship: United States Security Clearance: Yes PROFILE: Highly organized, resourceful and
driven enterprise architect, systems engineer, manager and innovator with 20+
years of practical experience; security architect/consultant, advisor and
leader in building and managing diverse technical, legal, regulatory and
marketing teams in the delivery of enterprise-class business solutions.
Proven entrepreneur in marshaling limited start-up resources to create and
deliver disruptive innovation. Technical leader and manager of mobile/cloud
products and services that integrate proprietary, standards-based and
emerging privacy an security capabilities: trusted user-controlled identity
and information asset management services, trusted agent-based mobile
advertising, self-protecting, self-governing identity management solutions,
secure smartphone/cloud-based, patient-controlled, emergency medical identity
and location services, and trusted social networking solutions. Demonstrated
achievements span the defense, aerospace, financial services, consumer
software, telecomm, beverage and information security industries. Additional
experience includes: enterprise architect, security architect, risk
management, database administration, security and privacy assessment,
security solution evaluator, mobile/cloud applications/services design and
development, software engineering, service level agreements, project
management, help desk, corporate trainer, privacy and security course
development and training, IT operations, governance, risk management, and
compliance (GRC). CORE
COMPETENCIES
EDUCATION,
CERTIFICATIONS AND PATENTS B.S., Systems
Science, U.C. San Diego - Revelle College B.A.,
Management Science, U.C. San Diego - Revelle College Patent
Principal: "Personal Information Security & Exchange Tool"
5,987,440 7,289,971 USA. Related patents issued in: N. America, Asia, Middle
East, Europe. Security
Clearance: Yes TOGAF 9
Certification INCOSE
Certificate: System of Systems Engineering CISSP
Certification: 342671 CompTIA
Security+ Certification ParcPlace
Object-Oriented Methodology Certificate System and
Database Administration (Oracle & Sybase) Service
Oriented Architecture (SOA) and e-Business Solutions Certificate Cisco CCNA
Exploration: Network Fundamentals, Routing Protocols and Concepts, LAN
Switching and Wireless, Accessing the WAN Course Certificates Cisco CCNA
Security Course Certificate Unified
Profile for DoDAF/MODAF (UPDM)/MagicDraw Training TECHNICAL
SUMMARY · Software: MS Office
Professional 2010, Word, Excel, Visio, PowerPoint, Outlook, Publisher, MS
Project, IBM Rational DOORS, Eclipse, Sparx Enterprise Architect, MagicDraw,
Agiliance, NetBeans, Android Studio, Android SDK, Adobe Illustrator,
Photoshop, Premier Pro, Acrobat, Fireworks, VMware vFabric, Dreamweaver,
Sybase, Oracle, SQL Server, MySQL, Crystal Reports, RabbitMQ, Cisco Security
Device Manager, Windows Server 2003 Public Key Infrastructure, RSA
Authentication Manager, Nmap, Wireshark, Norton 360, McAfee, and Peachtree
Accounting 2011, Quickbooks 2013 · Operating Systems/Hypervisors:
MS Windows, Windows Server 2003, CISCO IOS, Android, BSD Unix, Linux,
OpenSolaris, VMware vSphere · Legacy Systems: DEC/VMS, IBM
Mainframe (MVS, CICS) · Languages: C, PASCAL,
FORTRAN, SQL, Oracle PL/SQL, Enfin, SmallTalk, Java, HTML, XML · Architecture Frameworks: TOGAF 9.0,
DoDAF 2.0, Privacy Assurance Framework Initiative (PAFI) PROFESSIONAL
EXPERIENCE CYVA
Research Corporation, San Diego, CA
Oct. 1999 to Present 3525 Del Mar
Heights Road, Ste. #327 San Diego, CA 92130 OWNER,
ARCHITECT, SECURITY CONSULTANT, PRODUCT MANAGER, BUSINESS DEVELOPMENT
EXECUTIVE · Currently advancing a suite of secure smartphone/cloud-based,
patient-controlled, emergency medical identity and location services
(HIPAA/HITECH compliant); and consumer-controlled, mobile advertising
services based on owner’s patented cyber security innovations. In parallel
owner is forwarding a cooperative alliance of vendors seeking to build a
disruptive user-controlled identity ecosystem. Owner is the inventor,
architect, software engineer, and business analyst for a self-determining
digital persona-based architecture. This is a self-protecting, self-governing
mobile software agent that provides individuals (owner-operators) and their
trusted custodians the ability to control sensitive information assets
wherever they exist across cloud and legacy infrastructure. This capability
is a SaaS offering that utilizes trusted execution environment (TEE) capable
devices (ARM TrustZone), HROT (FIPS compliant secure element), Intel’s
Software Guard Extensions (SGX) under evaluation. · There are several technologies being used to address functional and
non-functional requirements, user-control, security, trust and privacy being
dominant aspects. Owner is developing the enterprise architecture using Sparx
Systems Enterprise Architect 9.3, with both TOGAF 9.0 and DODAF 2.02
frameworks, Service-Oriented Modeling Framework (SOMF), BPMN 2.0, UML 2.3 for
capturing architecture views, stakeholder concerns and requirements. Java is
the primary software language being used with the Eclipse IDE/Android SDK.
Android, VMware, Linux, Mobicore are being utilized with AMQP/RabbitMQ for
messaging and ARM Ltd.’s TrustZone: trusted execution environment (TEE). · Examining Big Data products, tools, hybrid cloud services for
processing large event-driven data sets across clusters/virtual machines that
scale (elastic) cost effectively as needed. For mobile device, cloud,
application and distributed computing security aspects engaging consultants
and firms such as HP Fortify, Veracode, Arxan Technologies, ARM, Gemalto,
Giesecke & Devrient (G&D), SafeNet. Currently under NDA with
Qualcomm, NVIDIA, ARM, SafeNet, Trustonic, Boeing, others in exploring CYVA’s
trusted user-controlled identity and information asset management solutions
for health care, mobile advertising, social networking and military/IC applications. · Develop and manage international intellectual property portfolio. $MM
estimated value based upon independent expert legal and economic evaluations
of U.S. patent no.: 5,987,440. · Develop $7M business venture plan for secure, smartphone-based,
patient-controlled emergency medical identity and location service. Projected
5-year revenue: $124M. Develop Android smartphone prototypes. Develop and
execute business development plan. Present venture plans to strategic
investors and angel community. Raised $400,000 to date in angel/bootstrap
funding. · Create IP licensing model and a novel trust model for differentiating
service offering to the public. · Direct and manage relationships with IP law firms and governmental patent
and trademark offices in Europe, Middle East, Asia and N. America. · Research and develop strategic infrastructure partner plan: security
product vendors, mobile network operators, smartphone OEMs, processor ‘chip’
technology, and financial service firms. · Conducted security assessments. Prepare findings for executives and
present to project sponsors, review and assess enterprise network security
architecture. Develop and assist in prioritizing security recommendations and
overseeing remediation efforts. Advise on wireless/mobile device policy and
public key infrastructure. Conduct product/application security assessments. · Recruit and contract specialized security practitioners and vendors
for varied client engagements. · Researched, engaged, and managed multiple software engineering,
systems integration, e-commerce, SEO, new media advertising, cloud-based
hosting, legal and PCI compliance assessment firms. Established work plans,
milestones, and tracked progress and managed project resources in U.S.,
Europe and India. Developed business technology architecture, operations,
customer support and service plans. Conduct software reviews, QA testing and
manage remediation work. Engage and manage IP lawyers in international trademark
matters. Develop service pricing models, competitive strategy and smartphone
application prototypes. Research payment gateways, credit card processors and
manage PCI compliance and regulatory matters. · Research Google Android and Apple smartphone platforms, development
tools, security testing and application deployment. · Research cloud computing vendor offerings, and deploy hybrid
cloud-based service infrastructure. · Engineer Android smartphone presentation prototypes. Write product
requirements documents (PRDs). Track work plan and milestones. Advise project
sponsors and stakeholders regarding ongoing project risks. Coordinate with
vendors, consultants and stakeholders through effective communications and
facilitation techniques. Write privacy and acceptable use terms and
conditions for international clients. · Research Data Loss Prevention (DLP) and GRC products. Conduct
interviews with vendors, customers and industry analyst. Reviewed wireless
network security vendor products. CYVA Research Consultant to Accuvant-Qualcomm Corporation, San Diego,
CA
July 2011 to October 2011 SR. SECURITY PROJECT
MANAGER/ARCHITECT
10945 Vista
Sorrento Pkwy, San Diego, CA 92130 · Utilized TOGAF 9.0 Architecture Development Method and DoDAF 2.0 in
guiding the development of a Service Account Lifecycle Segment Architecture
and candidate solutions. Assessed current service account administration
business processes and security policy. Selected reference models, viewpoints
and tools in consultation with client’s Enterprise Architecture group.
Created architecture vision, highlighted core issues and crafted actionable
recommendations. Captured initial ‘as-is’ and ‘to-be’ business processes
using BPMN 2.0. Created capability vision, taxonomy, and phased capability
plan using DoDAF 2.0. Sparx Systems Enterprise Architect 9.1 was utilized to
create and manage architecture artifacts. · Interviewed stakeholders and documented concerns, roles and
requirements in advancing the segment architecture and candidate solutions.
Interviewed and worked with various IT groups: Security Operations, Identity
Solution team, Enterprise Architecture group, Software Engineering, CMDB
group, Accounts Administration and the Information Security and Risk
Management department. · Reviewed existing security policy, advised and wrote new security
policies. · Researched candidate solution products: Cyber-Arc, Quest Total
Privilege Access Management, Oracle Platform Security Services, Centrify, and
integration with Agiliance, Service Now and CA Technology CMDB capabilities.
Examined Agiliance for policy management, tracking remediation efforts and
connectors for interfacing with other systems for ticking, security control
monitoring and CMDB interoperability. Advised and consulted with security
engineers, vendors and management on pursuing Proof of Concept trials. · Worked with stakeholders to build an online Business Criticality
Survey to better document impact to business and manage risk associated with
service account compromise and/or disruption. Examined capability gaps
and documented systemic business issues, providing actionable solutions.
Devised triage process to aid security team, application engineering and
management in better capturing risk metrics, prioritizing and allocating
resources for remediation efforts. Computer
Sciences Corporation, San Diego,
CA
Mar. 2008 to May 2008 APPLICATION
ARCHITECT PRINCIPAL
LEADER
4045 Hancock
Street, San Diego, CA 92110 · Produce initial Enterprise Knowledge Governance (EKG) Framework
document to act as a thought-leadership catalyst and structured guide to
properly construct and devise EKG mission, objectives, principles,
organizational structure, roles, duties, policies, processes and
collaboration workspace for managing EKG documents, operation and
collaboration. · Engage related Navy efforts (NSERC, EDGS, DON KM) and contractor
co-workers in identifying and providing pro-active guidance in addressing
issues and obstacles e.g., lack of enterprise-class identity and access
management capability, IT operational standards and audits. · Document and produce a set of actionable guidance to better position
the organization for alignment with Navy/DoD current and near-term data, IT
infrastructure and enterprise KM, and Service Oriented Architecture (SOA)
governance efforts. · Study and evaluation of Total Records Information Management (TRIM)
system: consulted with SPAWAR/DON ERM/EDM expert user, administrator and TRIM
vendor consultants regarding TRIM current and anticipated capabilities, given
HP acquisition. Reviewed meta tagging and automated classification and
taxonomy products. · Review pre-existing TRIM Business Rules and Best Practice Guide, DON
KM Metrics and MITRE KM Capability Maturity Model -Integrated, ITMC EDGE
documents, and SPAWAR KM survey results and upper management presentation. · Engage the Naval System Engineering Resource Center (NSERC) leadership
discussing their systems engineering best practices/KM vision. · Review synergies and organizational realities in forwarding systems
engineering best practices and use of professional systems and software
engineering tools and the need for more consistency and expertise in
requirements engineering. Document client failures to follow and enforce ITIL
standards. · Began initial advisory effort to position SPAWAR/PEOs to better manage
and utilize Subject Matter Experts (SME) through better identity and knowledge/information
management approaches and technologies. Burton
Group (now Gartner), San Diego, CA
Sep. 2004 to Mar. 2005 SENIOR
ANALYST
7090 Union
Park Center, Suite 200, Midvale, UT 84047 · Mr. O’Neil was a senior analyst for the Burton Group’s Identity and
Privacy Strategies service group and also contributed to Security and Risk
Management Strategies coverage. · Researched and evaluated vendor products covering identity management,
security and privacy. · Performed research and authored the “Privacy Architecture and
Engineering Essentials: Understanding and Addressing Forces Affecting
Privacy”. · Investigated and wrote “Sarbanes-Oxley Compliance: Assessing the
Impact to IT Infrastructure”. · Developed and won the firms first privacy consulting engagement with
the International Monetary Fund, recruited additional expertise, and provided
consulting services as contributing expert to the project. · Developed presentations for international forum, giving presentations
and participating in expert panels at Digital ID World, CA World and other
security and IT industry conferences. · Organized and conducted interviews with international data protection
and regulatory agencies. · Developed a series of planned papers and articles providing clients a
Privacy Assurance Thought Leadership Roadmap and Framework to understand and
address privacy. · Burton Group (now Gartner) is an enterprise IT research and advisory
services firm focused on infrastructure technologies. Burton Group provides
unbiased, practical research and advice that helps IT technologists and
architects make smart enterprise architecture decisions in increasingly
complex environments. Burton Group covers directories, security, identity
management, application platforms, architecture, and network and telecom
infrastructure topics. International
Security, Trust & Privacy Alliance, Herndon, VA
Sep. 2000 to Aug. 2004 EXECUTIVE
DIRECTOR
13873 Park
Center Road, Suite 200, Herndon, VA 20171 (ISTPA was dissolved by the board
in 2011) · Provided executive leadership in guiding the collective contributions
of corporate members dedicated to advancing the development of privacy
management systems and advancing international privacy and security standard
work. · Administrated working groups, Privacy Tools & Technology, Privacy
Framework, Legal & Regulatory Requirements. · Designed and developed advertising and marketing materials. · Managed the accounting, annual reports and board meetings. · Designed and developed ISTPA Privacy Framework courses and seminars. · Developed and managed the ISTPA’s website and administrated
membership. · Co-edited and contributed to the ISTPA Privacy Framework and the ISO
PAS Submission. The ISTPA Privacy Framework is an open, policy-configurable
model consisting of 10 integrated privacy services, which can be used as a
template for designing solutions, infrastructure and supporting audit
assessments covering security, trust, and privacy requirements. · Organized and served as the liaison with security and privacy associations,
industry alliances, government agencies and standards bodies, including the
Liberty Alliance, FTC, GSA (E-Authentication Gateway project), Dept of
Homeland Security, DoD, Presidents Critical Infrastructure Protection Board
and ISO, OASIS, W3C and Data Protection Commissioners. INFORMATION
RISK MANAGEMENT, KPMG, LLP, Los Angeles,
CA
Dec. 1997 to Sep. 1999 MANAGER
355 S. Grand
Avenue, KPMG Tower Suite 2000, Los Angeles, CA 90071 · Principal architect and author of KPMG’s Global Privacy Services
Methodology and Privacy Assurance Framework. Created 1st privacy assurance audit program guide. · Lead the entrepreneurial effort in creating KPMG’s Global Privacy
Services that was a forerunner for the privacy assurance services industry. · Organized two international video conferences on the topic of the EU
Data Protection Directive, engaging the Federal Trade Commission US
Department of Commerce, Dutch Data Protection Authority, and European Union
Delegation to the US based in Washington DC. · Co-managed information security and risk management projects for a
variety of client industries including financial services, software
manufactures and high technology firms. Provided attestation support for
information technology related engagements. Co-lead and/or was a contributor
to security assessments, penetration testing, Public Key Infrastructure (PKI)
projects, PKI provider evaluation and consultant to a provider, certificate
authority practice statement review, RSA Authentication Manager training,
evaluated trust seal programs and participated in professional security and
audit associations, employee performance reviews. · Co-authored several marketing pieces and designed KPMG’s Global
Privacy Assurance Services web site. Provided testimony to FTC hearings on
COPPA and has advised state and federal (domestic and foreign) authorities
regarding privacy enforcement technologies. ADDITIONAL
EXPERIENCE Database
Systems Manager II, GTE Federal Systems (Prime)/USAF, Montgomery, AL Data
Administrator, Coca-Cola Enterprises-West, Los Angeles, CA Development
Center Specialist, AVCO Financial Services, Irvine, CA Information
Center Specialist, Ford Aerospace & Communications Corp., Newport Beach,
CA Account
Executive, Execucom Systems Corporation, Long Beach, CA Software
Engineer, System Development Corporation, Santa Monica, CA PERSONAL O’Neil has
keen ongoing interest in cryptography, cyber security, cyber warfare, Android
development, Java, Eclipse, C4ISR systems, identity and information asset
management, architecture frameworks (TOGAF, DoDAF, MODAF), enterprise
architecture, systems engineering, business analysis, requirements
management, NetBeans, emergency medical identity and location services,
security assessment tools, penetration tools and methodology, smart cards,
attack tools and methods, hardware root of trust (HROT), security and privacy
standards, audit and control frameworks, cloud computing, virtualization,
eGovernment, identity services and business models, trusted digital identity,
social networks, reputation management systems and business models, secure
software development methodologies, trusted execution environment (TEE),
software guard extensions (SGX), object-oriented analysis and design, privacy
and security policy languages, rule engines, expert systems, service-oriented
architecture, governance, risk and compliance (GRC), trusted network
communities, trusted information utilities, trusted computing platforms,
trusted execution environments, telecommunications, intellectual property
rights, disruptive innovation, emerging markets, agent-based advertising,
innovation management, mobile infrastructure, mobile commerce applications,
social forecasting, world history, cultural and religious studies (Middle
East), change agentry, government, law, dispute resolution and enforcement
systems, global economics, technological, societal and political issues
influencing the debate regarding citizen information privacy and
informational self-determination rights and responsibilities. 2 |
|
|
||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|