Seasoned web application security and Identity Access Management (IAM) specialist with major focus on Enterprise Single Sign On for applications deployed on-premise and on Cloud platforms. Okta Certified Professional and Okta enthusiast. Extensive experience with security vulnerability scanning and penetration testing for web applications.
Overview
44
44
years of professional experience
Work History
Senior Security Specialist - IAM
MetLife
CARY, NC
11.2021 - Current
Work as a team member and other MetLife teams to identify functional requirements and subsequently working with or in some instances leading others in the identification, justification and design of the IAM solution.
Architecting and reviewing Federated Single Sign-On using various open standards, particularly Security Assertion Markup Language (SAML) and OpenIDConnect/OAuth protocol.
Act as a trusted advisor and shift smoothly between roles as advisory team member, team technical lead, and project lead as required.
Security Specialist (Distinguished Test Engineer)
SAS Institute
Cary, NC
03.2001 - 10.2021
Conducted Single Sign-On integration testing between Identity and Access Manager (IAM) and SAS Viya deployed on-premise and in Kubernetes cluster on Cloud Platforms (Azure, AWS and GCP)
Expertise in Okta, IBM Security Access Manager (ISAM/TAM) and IBM Security Verify.
Okta Certified Professional - SSO, MFA, API Access, Provisioning and User Life Cycle Management
Deep knowledge of SAML, OAuth and OpenIDConnect
Configured SSO using SAML, OpenIDConnect and SCIM between Okta and SAS Viya web application.
Extensive troubleshooting experience on communication protocols
Experience with Active Directory, LDAP and SQL Server
Configured SSO between ISAM/WebSEAL and SAS 9.4 web application deployed on Linux.
Created and chaired cross division Virtual Security Team meeting at SAS (2006-2017). Presented more than 100 times on various security topics including Public Key Cryptography (X.509 Certificates), Web authentication, SSO, IWA, TAM/WebSEAL, SiteMinder, WebSphere Application Server, SAML and OpenIDConnect
Set up and administered DAST scanning tools, AppScan Enterprise and AppSpider Enterprise for SAS wide use (2014-2021). Trained more then 90 DAST testers on how to use the tool and how to handle security vulnerabilities found with the tool.
Published a dozen papers including 8 SAS Global Forum papers on web application security and SSO.
Developed web application penetration test cases with HTML and JavaScript for XSS, CSRF, XXE and SSRF vulnerabilities and exercised on SAS web applications.
QA Client/Server Group Manager
SAS Institute
Cary, NC
01.2000 - 03.2001
Managed and directed 12 testers for testing SAS products deployed on web application server such as IBM WebSphere.
Developed test cases with JavaScript and JSP/Servlet
Sr Systems Developer
SAS Institute
Cary, NC
07.1985 - 12.1999
Designed and developed communication subsystem in C for SAS client/server based products such SAS/Share and SAS/Connect.
Designed and developed communication module using VTAM LU0 protocol with IBM Assembler language on MVS/TSO for SAS/Share product.
Network Application Specialist
NAI
Austin, TX
05.1983 - 06.1985
Developed communication module between MVS/TSO and PC for document exchange system with IBM Assembler language and PASCAL.
Systems Engineer
IBM Korea
Seoul , Korea
01.1980 - 12.1980
Trained as systems engineer for IBM S370 based DOS/VSE and MVS system.
Education
Ph.D. - Computer Engineering
North Carolina State University
Raleigh, NC
Master of Science - Computer Engineering
Boston University
Boston, MA
Bachelor of Science - Mechanical Engineering
Seoul National University
Seoul
Skills
Identity and Access Management / Okta
Single Sign On
Web Application Security
Cloud Platform / Kubernetes
Active Directory, LDAP, SQL Server
JavaScript, Python
Additional Information
Transport Layer Security (TLS) Configuration for SAS® 9.4 and SAS® Viya™ Components Made Easy (2017)
How to Make Your SAS® Web Applications More Secure: Top Ten Tips (2016)
SSL Configuration Best Practices for SAS® Visual Analytics 7.1 Web Applications and SAS® LASR™ AuthorizationService (2015)
Advanced Security Configuration Options for SAS® 9.4 Web Applications and Mobile Devices (2014)
Security Hardening for SAS® 9.3 Enterprise BI Web Applications (2012)
Single Sign-On Configuration and Troubleshooting for SAS® 9.2 Enterprise BI Web Applications (2011)
Integrated Windows Authentication Support for SAS® 9.2 Enterprise BI Web Applications (2010)
SAS® Business Intelligence Web Application Security Configuration Primer (2009)
Certificate and IP Address based Multi-Factor Authentication (2007 - CASCON)