5
Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited Alan Ray Young, CISSP, CISA Deloitte Advisory Specialist Master | Cyber Risk Services Deloitte & Touche LLP Tel : +1 714 913 1195 Mobile: +1 562 280 4350 Fax : +1 855 482 5151 Email : [email protected] Office : Deloitte & Touche LLP, Suite 1200, 695 Town Center Drive, Costa Mesa, CA 92626-7188 USA Profile Alan Young is a Deloitte Advisory Specialist Master in Deloitte & Touche LLP Cyber Risk Services. Alan has over 31 years in the computer industry providing IT consulting services, security audits and software development for Fortune 100 and 500 companies including NASA, Boeing, Mitsubishi Nuclear Energy Systems, The Disney Company, Chevron, First American Title, Yamaha, Nissan, Bank of America, Washington Mutual, Wells Fargo, Veros Software, SCS Engineers, CDT Solutions, Indianapolis Motor Speedway and others. In 1998 Alan was awarded NASA’s Instant Compensation award for technical excellence in support of the Unite States Space Shuttle Program. Alan’s current area of focus within Deloitte is Privileged Access Management (PAM) and Identity Access Management (IAM). Alan holds CISSP and CISA Certifications. Experience Large Medical Insurance and Health Care Provider Subject Matter Expert for Multi-Factor Authentication Enterprise Assessment. Develop a matrix for current use cases, processes and technologies used and map them to NIST 800-63-2 guidelines and assurance level, Identify gaps as compared to NIST 800-63-2 guidelines. Developed a strategic roadmap based on risks, opportunities identified and provided recommendations.

AlanYoungAdvisoryNov2016-DeloitteResume

Embed Size (px)

Citation preview

Page 1: AlanYoungAdvisoryNov2016-DeloitteResume

Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Alan Ray Young, CISSP, CISA Deloitte Advisory Specialist Master | Cyber Risk Services Deloitte & Touche LLP Tel : +1 714 913 1195 Mobile: +1 562 280 4350 Fax : +1 855 482 5151 Email : [email protected] Office : Deloitte & Touche LLP, Suite 1200, 695 Town Center Drive, Costa Mesa, CA 92626-7188 USA

Profile

Alan Young is a Deloitte Advisory Specialist Master in Deloitte & Touche LLP Cyber Risk Services. Alan has over 31 years in the computer industry providing IT consulting services, security audits and software development for Fortune 100 and 500 companies including NASA, Boeing, Mitsubishi Nuclear Energy Systems, The Disney Company, Chevron, First American Title, Yamaha, Nissan, Bank of America, Washington Mutual, Wells Fargo, Veros Software, SCS Engineers, CDT Solutions, Indianapolis Motor Speedway and others. In 1998 Alan was awarded NASA’s Instant Compensation award for technical excellence in support of the Unite States Space Shuttle Program. Alan’s current area of focus within Deloitte is Privileged Access Management (PAM) and Identity Access Management (IAM). Alan holds CISSP and CISA Certifications.

Experience

Large Medical Insurance and Health Care Provider • Subject Matter Expert for Multi-Factor Authentication Enterprise Assessment. Develop a matrix for current use cases,

processes and technologies used and map them to NIST 800-63-2 guidelines and assurance level, Identify gaps as compared to NIST 800-63-2 guidelines. Developed a strategic roadmap based on risks, opportunities identified and provided recommendations.

Page 2: AlanYoungAdvisoryNov2016-DeloitteResume

Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Large National Credit Card Lending Bank • Subject Matter Expert for Privileged Account Management (PAM) implementation using CyberArk. Developed PAM

best practices guidelines. Provided strategy, guidance and counsel for CyberArk upgrade from Ver. 7.2 to Ver. 9.6 as well as remediation of legacy firewall, network appliances, and authentication deficiencies. Provided counsel and guidance for implementation of Radius Authentication for EPV. Installed and configured AIM and Rest Web Services with PACLI scripting, provided coding expertise for scripted creation of safes and assigning users to specific safes. Created documentation for user MFA authentication process for EPV using PingID. Provided expertise regarding contingency plans/break glass when MFA/Radius not available.

Big 4 Accounting Firm • Provided strategy, guidance and counsel, trained and managed team of five staff for PAM rollout of Thycotic Secret

Server including development of corporate PAM standards, PAM Standard Operating Procedures, Key Risk Indicators, SIEM integration, RDP and SSH isolating proxy servers, automated password reset, password check-in and check-out, break-glass and failover using load balancer.

Large Consumer Electronics Conglomerate • Subject Matter Expert for global Information Security Enhancement initiative spanning multiple corporations of this

consumer electronics and entertainment conglomerate in 14 countries internationally. • Provided strategy, guidance and counsel for international enterprise-wide system rebuild & reset of thousands of

compromised systems, Active Directory forest hardening, DNS hardening, Privileged Access Management strategy for CyberArk and Lieberman, endpoint anti-malware, turnkey endpoint OS upgrades, endpoint host monitoring/SIEM integration, SIEM/firewall integration, network forensics monitoring, DNS-based dynamic blacklist agent.

Large Entertainment Company • Information Security Team - Identity Access Management (IAM) and Privileged Account Management (PAM)

implementations. Information security architecture subject matter resource. Developed a PAM security architecture and implementation roadmap based on the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF).

National Retail Department Store Chain • Subject Matter Expert for Privileged Account Management (PAM) implementation. Provided oversight, guidance and

counsel for PAM tool selection & planning. Developed PAM best practices guidelines. Led discussions about architecture, security, and operational considerations when implementing CyberArk enterprise-wide of CyberArk EPV, PSM, AIM and CPM in a high availability load balanced platform with fail-over. Provided counsel and expertise for CyberArk DNA host discovery scanning.

Large Medical Insurance and Health Care Provider • Subject Matter Expert for Identity Access Management (IAM) implementation. Provided Identity Access

Management (IAM) strategic planning, consulting to design High Level technical roadmap for revamp of Enterprise Identity Access Management system encompassing 30 million subscriber accounts.

Medical Device Manufacturer • Subject Matter Expert for Privileged Account Management (PAM) implementation. Developed innovative Privilege

Escalation Risk measurement framework. Provided oversight, guidance and counsel for PAM tool selection, planning, through production implementation. Developed PAM best practices guidelines.

• In addition to the architecture and design, provided implementation of a PAM solution (Lieberman) and developed a strategy for on-boarding and off-boarding privileged accounts.

• Provided end-to-end technical integration and training for Network Operations Center staff in planning, hardware provisioning, creation of dev, staging and production of load balanced environments, including software and hardware installation and deployment in a Hyper-V virtual platform.

Page 3: AlanYoungAdvisoryNov2016-DeloitteResume

Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Nuclear Power Plant Manufacturer (Japan, North Carolina) • System Risk Analyst, Software Architect and Developer. Interacted with client (domestic and offshore) to develop

system risk management framework, providing needs analysis and requirements engineering for a nuclear power plant in Virginia. Subsequently designed, programmed and implemented a bespoke VMware virtual appliance (Enterprise Risk Analysis and Mitigation Tool) using VMWare, C#, .NET 4.0, SQL Server 2012.

Sports Drug Testing Agency

• IT Security Consultant - Performed comprehensive IT security audit for a drug testing firm which supports the US Olympics, Major League Baseball, National Hockey League and other major sports leagues in the USA and worldwide.

Financial (Mortgage Lending) Industry • Participated in the launch, team building, training, and architecture for the Freddie Mac and Fannie Mae national

Mortgage Loan Quality Initiative. Was national lead technical support, liaison and training engineer for this project, directly involved with and supporting the GSEs and the top 28 lending institutions in USA, including Bank of America, Chase, Wells Fargo, and others. In this role I was the solution provider for the most advanced technical issues involved in the rollout of the national electronic appraisal quality assurance system, processing over 20 million appraisals annually. Led the national engineering support team in the use and technical integration of the UCDP XML based PIM/PAM authentication system, a bespoke IAM system which used IBM Tivoli IAM on the back end. Led the deployment team in high availability traffic stress testing in dev, staging, acceptance, and production using Amazon AWS cloud platform

• Designed, conceived and supervised the high availability PHP with Oracle OCI backend –n-tier software architecture and hardware infrastructure for a nationally prominent UNIX-based software tool for Real Estate vertical market, VeroValue. Installed SUN Ultra 2 and Ultra 10 Solaris 8 servers. Installed full suite of Oracle 7 products on Solaris 8 platform including Oracle 8i server, Web Applications Server, Oracle Reports and Oracle Designer. Installed Oracle 9i on Windows 2000 platform. Supervised migration to Oracle on Windows. Upgraded to Oracle 11g.

• Supervised team of 8 software developers over the history of the VeroValue project including active participation in development projects in PL/SQL, C#, Java, Visual Basic, Visual C++, PHP, ASP, Oracle Pro-C, .Net and other Oracle environments. Responsible for software requirements specifications and qualified deployment testing. The system is considered to be one of the elite products in its field serving all of the top 150 mortgage lenders in the USA and has generated many millions of dollars of revenue over 10 years (see http://www.verovalue.com).

Medical Device Manufacturer

• Designed an embedded medical device (hardware board and firmware) based on the ATMEL AVR Atmega 328 microcontroller. Device has passed calibration inspection with national certification authority.

• Developed firmware and RTOS real-time control system in C, interfacing through USB with Visual C++ serial port control system. Designed hardware board integrating an Atmega microcontroller, a Dallas DS1802 temperature probe (OneWire interface) and a Honeywell digital pressure transducer (I2C interface).

Aerospace Manufacturer

• GPS Satellite Engineer for Relational Signal Information Modeling System. Designed and coded system for Team lead for a very large data base project encompassing the comprehensive modeling of command, measurement and telemetry avionics for GPS IIF satellite series (24 satellites).

• Developed firmware and RTOS real-time control system in C, interfacing through USB with Visual C++ serial port control system. Designed hardware board integrating an Atmega microcontroller, a Dallas DS1802 temperature probe (OneWire interface) and a Honeywell digital pressure transducer (I2C interface).

Page 4: AlanYoungAdvisoryNov2016-DeloitteResume

Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Professional Affiliations • ISC2 (International Information System Security Certification Consortium, Inc., (ISC)²®) • ISACA (Information Systems Audit and Control Association)

Certifications

• Certified Internet Information Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Certified - Unix Network and System Administration (Cal State University, Long Beach, CA) • Certified ERPM Professional, Lieberman Software

Training

• CyberArk Privileged Account Security Fundamentals

Education

• University of California, Irvine, B.S., Biological Sciences • University of California, Irvine, B.S., Single Subject Credential (Physics, Biological Science, Computer

Applications) • California State University, Fullerton - Completed Courses in Computer Science: Assembly Language,

RTOS Operating Systems, Systems Programming, Data Structures, Language Processing, Compiler Assembler Design,

Professional Awards

• NASA Instant Compensation Award for excellence in the coding and design of a space shuttle engineering web site.

Languages

• English, native speaker

• Spanish, business level fluency in reading and writing As used in this document, “Deloitte Advisory” means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

http://www.deloitte.com/us/about
Page 5: AlanYoungAdvisoryNov2016-DeloitteResume

Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited


Chapter-01

Chapter-01

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
Plato - Symposium

Plato - Symposium

Documents
Algorithms

Algorithms

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Cakes Recipes

Cakes Recipes

Documents
Star Wars Original Trilogy Trivia (Episodes IV-VI)

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Documents
Barclays1

Barclays1

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Documents
Rubik's cube solution

Rubik's cube solution

Documents
Effective Parenting: Establishing Boundaries

Effective Parenting: Establishing Boundaries

Documents
Compressing And Decompressing Folders

Compressing And Decompressing Folders

Documents
Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
The Best American Humorous Short Stories

The Best American Humorous Short Stories

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
Bhagavad Gita

Bhagavad Gita

Documents
One Flew Over the Cuckoo's Nest

One Flew Over the Cuckoo's Nest

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
European Colinization of Latin America

European Colinization of Latin America

Documents
Iron Mills Essay

Iron Mills Essay

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Fortran

Fortran

Documents
Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Documents