Summary
Overview
Work History
Education
Skills
Certification
Professional Associations
Timeline
Generic

Stephen Craig

Bogota,NJ

Summary

Lead multiple teams in various technologies and locations. Regular presentations to C-Level Executives. Senior Architect/SME in authentication services, information security, cloud architecture, and cyber security. Experienced in managing and designing directory services, system governance, email systems, and logon processes. Multiple advanced certifications and extensive experience training system engineers in multiple technologies. Managed, designed, and migrated Active Directory and Exchange systems with 30+ servers in multiple locations to Cloud-Hybrid Azure, M365, and Exchange Online.

Overview

16
16
years of professional experience
1
1
Certification

Work History

Senior Technical Architect Information Technology

New York-Presbyterian Hospital
03.2017 - Current
  • Report to the Chief Information Security Officer (C-Level Executive)/VP of Information Security
  • Designed an AD Audit system that saved the hospital $250,000 the first year
  • Designed the SSO process that natively authenticates multiple partner organizations
  • This system saved the hospital $100,000 on day one of implementation
  • Created multi-tiered authentication for hybrid email system
  • Designed and implemented the Cloud Governance Strategy and Policies
  • Designed a custom synchronization system for Azure AD that joins multiple directories into a single AZ tenant
  • Designed and implemented the health check system that reduced critical events by 97% in the first month
  • Designed passwordless authentication strategy.
  • Redesigned the Public Key Infrastructure (PKI) to implement OCSP and auto-enrolled certificates for passwordless certificate-based authentication (CBA)
  • Designed and implemented a Cloud Entitlement Management system that reduced high priority issues from 85 to zero within 3 months and maintained zero high priority issues.
  • Lead engineer working with Compliance team to validate and secure over 600 applications in use at the hospital, reducing the number of privileged accounts by 92% while increasing accountability and ability to audit users and systems
  • Responsibilities include managing Active Directory as the only central authentication source within the network
  • Published over 50 internal white papers and how-to documentation across the InfoSec spectrum.
  • Consolidated 7 AD forests into a single forest that contains over 80,000 users, 4000 servers, and 40,000 workstations.
  • Responsible for logical and physical designs and migrations
  • Responsible for identifying tools for security, automation, and implementation related to AD
  • Level 4 support for AD
  • Enterprise SME for all things related to authentication
  • Lead for PingFederate as the SSO federation system using SAML and OAuth/OIDC
  • The current catalog contains over 120 applications
  • Lead for Multi-Factor Authentication
  • NYP has three systems for 2FA
  • The primary is Duo
  • There are 25 direct integrations and hundreds of external integrations
  • Our federated solution uses 2FA for all external logins, and the Service Desk uses 2FA to verify identities for all users as they call the SD

Senior AD Architect

Axis Capital, Inc.
01.2016 - 03.2017
  • Lead Architect managing multiple offshore teams supporting AD, email, and mobile devices
  • Reduced the time to close tickets from a high average of 10 days to 3 days
  • Maintained 50 Domain Controllers in 20 locations worldwide
  • Responsible for three production Forests and three Development/Testing Domains
  • We maintained an equal number of DNS Servers, DFS Servers, and 20 DHCP Servers
  • Designed and implemented a new AD Forest for a Joint Venture that secured access to proprietary intellectual property with zero breaches
  • This Forest required a One Way Trust, DHCP, DNS, and Disaster Preparedness
  • Implemented DNS scavenging, stabilizing, and normalizing name resolution and reducing the logon times by 30% organization wide
  • Developed a load balanced Name Space for Authentication
  • This provided a redundant system to limit the dependence on a single Domain Controller
  • This eliminated application downtime when rebooting Domain Controllers
  • Senior Engineer in the AD and Messaging Towers
  • As Tower Lead, I approve all changes and maintained compliance with ITIL framework

Senior Network Architect

Englewood Hospital and Medical Center
01.2010 - 01.2016
  • Lead Architect for Windows Systems
  • Lead Architect for Messaging Systems
  • Managed Exchange 2003/2007 systems
  • Migrated Org to Exchange 2010
  • Collapsed 20 servers into a 10-server farm that contained 50 databases
  • The reduced server count saved the hospital on both licensing, footprint, electrical, and cooling
  • Migrated to virtual systems, saving even more
  • Migrated to Mimecast messaging filter and archiving to accommodate ICD-10 compliance
  • Created filters for HIPAA compliance, privacy, message hygiene, and security
  • Lead Engineer for Lync 2013 Conferencing and Messaging system
  • Over saw the migration from OCS 2007 to Lync including phone selection, dial plan creation and mobile device integration
  • Manage the Federated Trusts with external partners
  • Lead Engineer for Mobile Device Management/ActivSync Devices
  • The hospital had an extensive array of personally owned devices and corporate owned devices
  • Developed and implemented the strategies for device management and application management
  • This includes check-in and remote wipe of data or factory reset
  • Lead Engineer for Active Directory
  • Managed 2003 directory and designed and upgraded to 2008 R2 directory
  • Managed application compatibility with various LDAP compliant applications
  • Managed the DNS and DHCP systems
  • Manage Group Policy and GP Preferences to coordinate with ScriptLogic Login Scripts
  • Implemented Advance Group Policy Management for version control and change management of Policies
  • Designed AD to accommodate 500+ servers and 3000+ workstations
  • Lead Engineer for Citrix Remote Access and Xen Applications
  • Responsible for publishing applications on a variety of platforms and was the main point of responsibility for user issues, documentation, and training
  • Architect and Lead Engineer for Identity Management System
  • Coordinated with PeopleSoft Engineers to reduce the On Boarding process for Credentialed Doctors from three weeks to 2 hours
  • Reduced the number of errors by 80%
  • Developed the Employee Lifecycle Management Protocol
  • This includes new hire account creation, transfers, terminations, and attestation of both roles and employees
  • Provided supporting documentation for auditors
  • Manage Enterprise Certificate Authority (CA)
  • Upgraded the CA from 2003 to 2012 R2
  • Controlled and maintained all certificate requests both internally and externally for the entire organization
  • Developed a Certificate Strategy for organization

Education

Master of Liberal Arts - Information Management Systems

Harvard University- Extension School
Cambridge, MA
02-2025

Graduate Certificate - Organizational Management

Harvard University-Extension School
Cambridge, MA
05-2024

Graduate Certificate - Cybersecurity

Harvard University-Extension School
Cambridge, MA
05-2022

Bachelor of Science - Accounting, Economics

Rutgers University-School of Business
New Brunswick, NJ
01.1992

Skills

  • Certified Information Systems Security Professional (CISSP)
  • CapEx and OpEx Budgeting
  • Managing diverse teams
  • Enterprise architecture design
  • IT risk assessment
  • Cloud computing expertise
  • Cybersecurity best practices
  • Technical leadership
  • Communication and team collaboration
  • Production leadership

Certification

  • ISC2, Certified Information Systems Security Professional (CISSP)
  • GIAC/SANS Certifications, GIAC Certified Windows Security Administrator (GCWIN), GIAC Information Security Professional (GISP), GIAC Security Essentials (GSEC)
  • Microsoft Certifications, Microsoft Certified Trainer (MCT)-Alumni, Microsoft Certified Information Professional (MCITP) for Enterprise, Enterprise Messaging, Enterprise Support, Microsoft Certified System Engineer (MCSE) 2003, 2000, NT 4.0, Microsoft Certified Technology Specialist (MCTS) SharePoint, Exchange, Vista, Active Directory
  • CompTIA, A+, Network +, Security +

Professional Associations

  • Covid-19 CLI League, International Cyber Treat Countermeasure Team, https://www.cti-league.com
  • SANS Advisory Board, https://www.sans.org
  • SANS Instructor Development Program, https://www.sans.org
  • Internet Engineering Task Force, 3 working groups on authentication standards, https://www.ietf.org
  • H-ISAC, 2 workgroups on authentication architecture, https://h-isac.org/

Timeline

Senior Technical Architect Information Technology

New York-Presbyterian Hospital
03.2017 - Current

Senior AD Architect

Axis Capital, Inc.
01.2016 - 03.2017

Senior Network Architect

Englewood Hospital and Medical Center
01.2010 - 01.2016

Master of Liberal Arts - Information Management Systems

Harvard University- Extension School

Graduate Certificate - Organizational Management

Harvard University-Extension School

Graduate Certificate - Cybersecurity

Harvard University-Extension School

Bachelor of Science - Accounting, Economics

Rutgers University-School of Business

Similar Profiles

CREATE PROFILE
Stephen Craig