IT - Винница - резюме 6695


Gennadiy Krivdyuk

Дата обновления: 28.03.2019

Город: Винница

Профессия: Инженеры и технологи

Тип занятости: Постоянная

Опыт работы (лет): 38

Образование: Высшее

Текст резюме:

Gennadiy Krivdyuk
Vinnitsa, Ukraine, 21000
gkrivdyuk@gmail.com
Mobil: 03800682776702

SAP Technical Lead

| RDS | Concepts, Strategies and Policies| TOGAF | SAP Authorization Concepts Expert | H Model |

Areas of Expertise
Strategic thinking and attention to details, IT implementations and projects (150+ projects), Project management, Business analysis and process redesign, Performance management and scorecards. IT Architecture, Security Architecture and Business Transformation, SAP Architect, P_ADM_SEC_70 (Author), P_ADM_SEC_70 (Combines all previous security courses)

Selected companies where I worked as Senior Security and Enterprise Architect

SAP America, SAP AG and SAP Mexico:
(ConAgra Foods, Becton and Dickinson and Company (BD), Graphic Packaging, ConocoPhillips, Colgate, Deloitte US, Allegheny Energy, Inc., NASA, Whirlpool, Eastman, Adobe, CMC, BNSF, Chevron-Phillips, Department of Personal State of Washington, FEMSA (Coca Cola Mexico and Latin America's), JoAnne, CMC, SAP America and SAP AG internal projects, modules , SAP America and SAP AG Lead for SAP Resource Management @ Field Services new module)

IBM GBS and IBM ISM
Sask-power, Applied Materials (46 countries), NBC Universal (30+countries), General Motors-3 projects 170 countries), IBM (Blue Harmony Project) Global HR for IBM (174+ countries), Medtronic (36 countries), Bridgeston Tires (48 countries)

Convergys Corp.
(Fifth Third Bank, State of Florida, Fifth Third Bank, AT&T, Whirlpool, DuPont, Johnson & Johnson, Pfizer, Solectron Corporation, Guidant, Lucent)

Canada Corp.
(Tim Horton, Burger King, Uni — Select, Saudi Electricity Company, Tampa Electric Company, Sap-tech, Millennium, IBM, Province of Nova Scotia), Bombardier Aerospace Group, Sunoco, Black and Veatch, Municipality of Anchorage)

WestComputerComplex and Krigen Corporation, Ukraine and Russia, USSR
Vinnitsa State Technical University, Xmelnitsky State Atomic Power Station, Chernivtsi National University, Vinnitsa State Utility Company, Special Project Science Center Projects, Ministry Of Telecommunication, Government Bearing Plant, Electrical Engines Plant, Central Statistic Management
Radio Electrical Plant, Radio Electric Lamps (Musical), Terminal and Electronic Computers Plant, Kristal - Artificial Diamonds Factory, Bryansk Automobile Plant is a Russian manufacturer of military vehicles

Selected Methodologies, Architecture and Design Tools
ASAP, User — Centered Design (UCD), Centralized and De-Centralize Business Model, 3 Tier Approach Model, Position Based Model, Tasks Oriented Model, RBAC Model, Job Related Model, Agile, Waterfall, Drop Down, TOGAF, ECM/BPM, Zachman Framework, SAP Activate methodology, Integration Architecture Framework, Reference Architecture-Reusable Templates, Rapid Deployment Solution, H Model- The two-stage model, ArchiMetric, Visio

Selected Methodologies, Architecture and Design Tools ASAP, User — Centered Design (UCD), Centralized and DE-Centralized Business Model, 3 Tier Approach Model, Position Based Model, Tasks Oriented Model, RBAC Model, Job Related Model, Agile, Waterfall, Drop Down, TOGAF, ECM/BPM, Zachman Framework, SAP Activate methodology, Integration Architecture Framework, Reference Architecture-Reusable Templates, Rapid Deployment Solution, H Model- The two-stage model, ArchiMetric, Visio, Method of Piece-Linear Approximation, ARIS Business Designer, ARIS Business Architect, Rally, Scrumworks, XPlanner, Mingle, VersionOne, TargetProcess, xProcess, Extreme Planner, Project Cards, Cards Meeting, XP Story Studio, PlanningPoker, Acunote, Silver Catalyst, Methodology for Accelerated Transformation to SOA

TECHNICAL SUMMARY
All levels of encryption are created equal and using a data encryption method that is PIPS-certified (Federal Information Processing Standard), which means it has been certified for compliance with federal government security protocols.

Cryptography: Algorithms ranging from symmetric, a-symmetric, hashes, and random number generators. All aspects of the Key life-cycle including storage. Hardware Security Modules or Software based modules, and the FIPS 140-2 certification, including the Certificate life-cycle, Certificate Practice

Statements and Certificate Policies, Pseudo-Random Number Generator,The "next-bit test" in that given the first k bits, there is no polynomial-time algorithm that can predict the (k +1)th bit with probability of success higher than 50%.Symmetric Key Encryption (Private-Key)
Specific stream ciphers include: One-Time Pad, Feedback Shift Register (LFSR), Linear Consequential, and RC4. RC4 is the most widely-used stream cipher and is used in Secure Socket Layer (SSL) and Wired Equivalent Privacy (WEP), Asymmetric Key Encryption, Diffie-Hellman Key Exchange, RSA Encryption, Elliptic Curve Cryptography

Transmission security ( TRANCES ) : The component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than crypt-analysis and cryptography (frequency hopping and spread spectrum).

Network Security-related
Divided on two categories:
1.”Passive" when a network intruder intercepts data traveling through the network

2.”Active" in which an intruder initiates commands to disrupt the network's normal operation or to conduct reconnaissance and lateral movement to find and gain access to assets available via the network Passive: Wiretapping, Port scanner, Idle scan
Active: Denial-of-service attack, DNS spoofing, Man in the middle, ARP poisoning, VLAN hopping, Smurf attack, Buffer overflow, Heap overflow, Format string attack, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber- attack, PKI Database Security-related: Access control, Auditing, Authentication, Encryption, Integrity controls, Backups, Application security, Database Security applying Statistical Methodologies Disaster Recovery, Backup, Business Continuity, Developed a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

Physical security: The component of communications security that results from all physical measures necessary to safeguard classified equipment, material, and documents from access thereto or observation thereof by unauthorized persons

Standards: Familiar with ISO 27002, COBIT, NIST Framework, Guidelines, and the SANS Consensus Audit Guidelines Six Sigma, CMM, ITIL, Application Security Assessment: Penetration Testing and AppSec Prioritization, Application Security Report Cards, Report Card Development Process, Report Card Integration, Prioritizing Systems, Security Assessments and Treatment, Security activities including threat modelling, Static Application Security Testing (SAST), Dynamic Application, Scanning Tools (DAST), Penetration testing, Critical security controls. Operating-system-level virtualization, also known as containerization, refers to an operating system feature in which the kernel allows the existence of multiple isolated user-space instances

Familiar with the next groups tools: bwebapp, fuzzer, scanner, proxy, windows, dos,disassembler,cracker, voip, recon, spoof, forensic, crypto, backdoor, binary, networking, misc, exploitation, defensive, wireless, automation, mobile, blackarch-malwar, reversing, sniffer, code-audit, social, honeypot, hardware, fingerprint, debugger, firmware, bluetooth, database, cryptograph, automobile, de-compiler, nfc, tunnel, drone, radio, defensive, key logger, stego, packer, unpacker, anti-forensic, ids/ips/uds, spof, gpu

Integrated platform for performing testing of web applications: Various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities

Integrated platform for performing testing and audit of web applications as
Burp Suit, Lynis, Beef,Passenger, CobaltStrike, Metasploit, Armitage, Cortana, Msfconsole and others

Malware Analyses Tools: Balbuzard, Bdlogparser, Box-js, Mamscanlogparser, Cuckoo, Zerowine and others
SAP S/4HANA and HANA and HANA 2, SAP Lumira, SAP Afaria and Kapsel -solution implementation-projects based on implementation guide (transaction SPRO)

SAP Afaria - SAP Mobile Application Framework (MAF) component such as the Kapsel \ Logon plugin
Strategies for implementing SAP S/4HANA solutions and provided content per implementation phase
Required Enterprise Business Functions:
Setting up a new best-practice client, carrying out technical setup, carrying out settings for implementation
SAP S/4HANA, HANA and HANA, HANA live- System Configuration, the Simplification List Items as XLS, simplification Items with SAP S/4HANA, Items related to SAP Add-On Portfolio and Project Management (PPM), New “Core” items in SAP S/4HANA (this includes items which changed their simplification category)
Performed advanced analytic (predictive analytic, spatial data processing, text analytic, text search, streaming analytic, graph data processing). Managed services provider-upgrade to SAP HANA 2.0
SAP HANA 2.0 security improvements as adds log volume encryption, easier to manage encryption keys for data, log, and application encryption. SQL statements to upgraded all encryption keys, and back them up on a dedicated, password-protected file and a system privilege called ENCRYPTION ROOT KEY. ADMIN to supervise administration of encryption.

SAP HANA 2.0 handled group authorization and privileges, controls with the SAP HANA cockpit
For example, admins can create users and configure their privileges, right from the cockpit. New database management functionality to help you maintain business continuity, high availability and performance.
Runs on physical or virtual hardware called the primary system, and uses a process called System Replication to create a backup copy on the secondary system, which can either be located in the same data center (high availability) or another data center (disaster recovery).
Participated in All Phases of SAP HANA Application Life-Cycle Management
Model -defined product structure to provide a framework for efficient software development. This includes creating delivery units and assigning packages to delivery units. The delivery units are then bundled in products.
Develop-performed software development in repository packages. SAP HANA application lifecycle management supports with change tracking functions.
Transport-transported and developed content in different ways also exported delivery units, and import them into another system.
Assemble-developed software plus the metadata defined when modeling product structure as well as possible translation delivery units are the basis for assembling add-on product.
Configure -delivered configuration content, used the process engine of SAP HANA application life-cycle management to automate configuration tasks

SAP Hybris Commerce architecture: SAP Hybris Commerce, SAP Hybris Revenue, SAP Hybris Cloud for Customer, YaaS - SAP Hybris as a Service
SAP Hybris Platform as a Java-based web application, Business and Persistence Layer, SAP Hybris Commerce data model. SAP Hybris Commerce integration rapid deployment solution: Software and Delivery Requirements, SAP Hybris Commerce Accelerator, Business Partners Using Odata Service, SAP Hybris Commerce, SAP & Hybris Integration, The front-end (i.e. the customer view or +presentation layer). SAP Best Practices for SAP S/4HANA Enterprise Management integration with SAP Hybris Commerce
The commerce API layer , External single-purpose applications, Asynchronous vs. Synchronous Integration, Hybris Data Hub, SAP IDOC to Hybris Translation, Hybris ImpEx, Product Information Management (PIM), Solution through their Product Cockpit (PCM) or Product Content Management, B2B and B2C commerce, B2C Commerce - Asynchronous Order Management (1MA)
SAP CRM, ECC Integration Scenario: Product Cockpit Module enables cockpit end users to manage and structure product information and catalogs, Customer Experience enables the end users to manage website pages, providing them with intuitive graphical way of data presentation and management, Back office Administration Cockpit is the graphical user interface of SAP Hybris Commerce and offers finer-grained control over the user’s data

Responsiveness− SAP Fiori is combined with the power of SAP HANA and provides an unmatched application response and query executions time
Advanced knowledge of SAP, IBM, MS and AWS Services including:
• Created an intuitive app with maps and plant wait time information that drivers would want to use
• Built in safety measures that limit use while driving and reduce the need to get out of the vehicle
• Accelerated the check-in process by automating trailer identification, empty trailer weighing, and order search

SAP and Mindset:
• SAP Cloud Platform SDK for iOS, which provides mobile access to data from SAP Transportation
• Management and other SAP applications by extending it to SAP Cloud Platform
• Tools within SAP Cloud Platform that provide the foundational components of a successful application
• Powerful mobile capabilities provided by SAP Cloud Platform and SAP Fiori
• Platform as-a-service model, which allows intuitive user friendly apps to be built and launched in a matter of days
Connected on-premise and cloud applications, from SAP S/4HANA and SAP Business Suite software to software-as-a-service applications such as SAP SuccessFactors, SAP Hybris® Cloud for Customer, and SAP Analytic Cloud solutions.

Management - CloudWatch (Events/Logs), IAM, CloudTrail, EC2 Systems Manager
CaaS, PaaS, SaaS, IaaS - EC2, VPC, EBS, ELB, KMS, Config, SNS, SQS, SES, SWF, S3, Glacier
Data Management – MS SQL, DynamoDB, BI, BW, HANA etc.
Other - Server Migration, Storage Migration, SAP Gateway, AWS Gateway, Ariba

Hands-on experiences with CloudFormation
Proficiency and experienced with AWS developer tools and work-flows (AWSCLI, CloudFormation, etc.)
Experienced with other tools like data dog are added advantage
Experienced designing and deploying dynamically scalable, highly available, fault tolerant, and reliable applications on AWS, Experienced selecting appropriate AWS services to design and deploy an application based on given requirements

Experienced operating virtualization in a data center, migrating applications from data centers to cloud, or planning and executing similar scale and technology programs. Working knowledge of networking infrastructures, including LAN, WAN, VPN, Virtual Network, Subnet, etc. Fundamental knowledge understanding of Application Authentication and Security, Communication and Database security, Network and Cyber Security

Experienced with managing applications in Commercial Cloud Providers, including MS Azure or AWS possess and maintain a deep understanding of IaaS and PaaS services offered on cloud platforms and understand how to design and operate networks to support ease of use, self-service, automation, and reliability of services

Methods Integration Platform
Developed integration solution Microsoft SSIS with SAP HANA:
• Tools: MS Visual Studio, Business Intelligence tools for Visual Studio , Hana client, Sample Data Source
• Created Create a .csv file with few records. Visual Studio and created a data source connection to HANA, SAP HANA as the data source .Provided the HANA server details as .NET Data Provider for SAP Hana, HANA schema in Visual Studio.
• Created a destination table in HANA database using HANA studio under the desired schema, created a new SSIS project to load data from a csv file to HANA database. ‘Flat File Source’ to upload the .csv file. Registered the ODBC connection through device manager (Operating System), ‘ODBC Destination’ to ‘Data Flow’. ‘Flat File Source’ to ‘ODBC Destination’
Created SAP NetWeaver - SAP Virus Scan Interface 2.0 (NW-VSI 2.0). The SAP NetWeaver Virus Scan Interface (NW-VSI) allows external anti-virus and content security solutions to integrate with SAP Applications Servers. The Virus Scan Adapter is built by the anti-virus solution provider based on SAP templates in the Software Development Kit (SDK) for Virus Scan Adapters

Developed Security Controls and Processes for PCI DSS Requirements:
Built and Maintain a Secure Network and Systems, Protected Cardholder, Maintained a Vulnerability Management Program, Implemented Strong Access Control Measures, Implemented Strong Access Control Measures, Regularly Monitor and Test Networks, Maintained an Information Security Policy, Compensating Controls for PCI DSS Requirements, Implemented Strong Access Control Measures

SIEM principals and best practice:
1. Requirements, 2.Implementation,3. Compliance, 4. Access Control, 5. Perimeter Defenses, 6. Resource Integrity, 7. Intrusion Detection, 8. Malware Defense, 9. Application Defenses, 10. Acceptable UseThis includes ensuring message confidentiality and authenticity. DES Algorithm, RSA- a public-key system design, HASH a 'hash algorithm' a condensed representation of a fixed length message/file. This is sometimes known as a ‘message digest', or a 'fingerprint'., MD5-a 128 bit message digest function. AES-the advanced Encryption Standard (using the Rijndael block cipher) approved by NIST. HMAC - a hashing method that uses a key in conjunction with an algorithm such as MD5 or SHA-1.
Thus, one can refer to HMAC-MD5 and HMAC-SHA1.SHA-1 a hashing algorithm similar in structure to MD5

Cryptography:
Algorithms ranging from symmetric, a-symmetric, hashes, and random number generators,All aspects of the Key life-cycle including storage. Hardware Security Modules verses Software based modules, and the FIPS 140-2 certification, including the Certificate life-cycle, Certificate Practice Statements and Certificate Policies, Pseudo-Random Number Generator,The "next-bit test" in that given the first k bits, there is no polynomial-time algorithm that can predict the (k +1)th bit with probability of success higher than 50%.Symmetric Key Encryption (Private-Key)Specific stream ciphers include: One-Time Pad, Feedback Shift Register (LFSR), Linear Congruential, and RC4. RC4 is the most widely-used stream cipher and is used in Secure Socket Layer (SSL) and Wired Equivalent Privacy (WEP), Asymmetric Key Encryption, Diff-Hellman Key Exchange, RSA Encryption, Elliptic Curve Cryptography
A public key infrastructure (PKI)
Set of roles, policies, and procedures needed to created, managed, distributed, used, store, and revoke digital certificates and manage public-key encryption. Used the cipher modes: Electronic Code-book (ECB) mode encryption, Cipher Block Chaining (CBC),
Counter Mode Encryption (CTR). Comprehensive crypto libraries: Java JCE, Open SSL Crypto ++, Gnu Crypto Bouncy Castle and Hundreds more

EMPLOYMENT HISTORY
Federal Corporation- 8851484 CANADA CORP., Toronto, ON
July 2014 – Present
Principal Enterprise and Security Architect

PKI environment (CA HSMs)
In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle asymmetric key pairs. In these cases, there are some fundamental features a device must have, namely:
• Logical and physical high-level protection
• Multi-part user authorization schema (Blakley-Shamir secret sharing)
• Full audit and log traces
• Secure key backup

• On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure

Risk Management –deep knowledge of processes, tools and techniques for assessing and controlling an organization's exposure to risks of various kinds; the ability to understand an organization's processes, standards and procedures; organization's risk management framework and associated policies and procedures.

Conflict Management– a strong understanding of how to anticipate, recognize, and deal effectively with existing or potential conflicts at the individual, group, or situation level; ability to apply this understanding appropriately to diverse situations

Thought Leadership - a bold and accountable leader who is passionate about developing and coaching to bring out the best in people. Support and mentor team members through knowledge sharing, collaboration and effective problem solving. Provide thought leadership for multiple projects and initiatives related to enterprise-wide information security risk management and reporting, including use of IT GRC tools to improve quality and efficiency of reporting

Security: Integrated SAP Cloud Platform applications with existing on-premise (Clouds) Identity Management infrastructures, SAP Cloud Platform single sign-on (SSO) and identity federation features.
In SAP Cloud Platform, identity information is provided by identity providers (IdP), and not stored on SAP. Cloud Platform can have a different IdP for each sub-account you own, and this is configurable using the Cockpit. Application authorizations are managed in the platform, and grouped to simplify administration:
• SAP Cloud Platform-two development environments – Cloud Foundry and Neo
• Integrated with SAP and Non-SAP Software, Secure Data, Quality Certificates

Authorization and Trust Management
• Access management in the Cloud Foundry environment of SAP Cloud Platform, including the User Account and Authentication service

Platform Identity Provider
• Created Trust with the Identity Authentication Tenant
• Added Sub-account Members from the Identity Authentication Tenant User Base
• Configured the Identity Authentication Tenant for the Required Scenarios
• Accessing the Cockpit with the Tenant User Base

OAuth 2.0 Service
• OAuth 2.0 Authorization Code Grant
• OAuth 2.0 Client Credentials Grant
• OAuth 2.0 Configuration
• Principal Propagation to Oath-Protected Applications

Key-store Service
• Keystore API
• Keys and Certificates
• Enabled Client Certificate Authentication
• Enabled Strong Encryption in Applications

Protection from Web Attacks
• Protecting from Cross-Site Request Forgery
• Used the Apache Tomcat CSRF Prevention Filter Prerequisites
• Added CSRF Prevention to a Web Application
• Protected from Cross-Site Scripting (XSS)
• Protected Applications Using the XSS Output Encoding Library

Phases of the Hybris Security Strategy
• Requirement phase
• Design phase
• Build phase
• Test phases
• Deployment phase
• Production phase
• Maintenance phase

Familiar with SAP S/4HANA Cloud releases, provides all security related features for HANA such as Authentication, Authorization, Encryption and Auditing, and some add on features, which are not supported in other multitenant databases.
Expert knowledge security related features, provided by SAP HANA
• User and Role Management
• Authentication and SSO
• Authorization
• Encryption of data communication in Network
• Encryption of data in Persistence Layer

Scenario 1 - System Conversion: Existing SAP Business Suite Customer who wants to move to
SAP S/4HANA
Scenario 2 – Landscape Transformation: Existing SAP Business Suite Customer who wants to
optimize their system landscape and move to SAP S/4HANA
Scenario 3 – New Implementation: New SAP customer who wants to move from legacy systems
to SAP
• Experienced with additional Features in multi-tenant HANA database:
• Database Isolation − It involves preventing cross tenant attacks through operating system mechanism
• Configuration Change blacklist − It involves preventing certain system properties from being changed by tenant database administrators
• Restricted Features − It involves disabling certain database features that provides direct access to file system, the network or other resources.

SAP HANA integrated with BI platform tools and acts as reporting database, then the end-user and role are managed in application server
End-user directly connects to the SAP HANA database, then user and role in database layer of HANA system is required for both end users and administrators, SAP HANA- standard users and restricted users, Security administration with SAP HANA Studio, Created design-time HANA roles based on System Privileges, Object Privileges, Schema Privileges, Source Privileges, Analytic Privileges, Package Privileges, Application Privileges Run-time roles granted to an user by using the stored prerecord for
„GRANT_ACTIVATED_ROLE“: SAP S/4HANA Cloud 1503-1708: 2015-2017

SAP S/4HANA (familiar on-premise) releases: SAP S/4HANA Finance 1503-1709: 2015-2017SAP S/4HANA (familiar on-premise) releases: SAP S/4HANA Finance 1503-1709: 2015-2017SAP S/4HANA (familiar on-premise) releases: SAP S/4HANA Finance 1503-1709: 2015-2017PUBLIC road map-real-time processing of inventory postings and visibility of inventory values, simplified Data Model, analytic - analytic performed on primary data, move from batch processing to real-time processing
Defined data-persistence model here by using design-time artifacts to define tables, views, sequences, and schema.
• Debugged perspective
• Provided views and menu options that help you test your applications, for example: to view the source code, monitor or modify variables, and set break points.
• Provided Modeler perspective views and menu options that enable to define analytic model, attribute,
• analytic, and calculation views of SAP HANA data
• Synchronized Team perspectives
• Provided views and menu options that enable to synchronize artifacts between your local file system
• Access to a running SAP HANA development system (with SAP HANA XS classic)
• A valid user account in the SAP HANA database on that system
• Access to development tools, for example, provided in:
• SAP HANA studio, HANA studio XS, Authorization Assistance
• SAP HANA Web-based Development Workbench
• Access to the SAP HANA repository
• Access to selected run-time catalog objects
• Role-Based− decomposed various SAP transactions and changed them into user interactive applications that show only most relevant information to the users
SAP S/4HANA (familiar on-premise) releases: SAP S/4HANA Finance 1503-1709: 2015-2017)

Provided SAP Best Practices available for this scenario are an accelerated project methodology via “step-by-step” guide, project tools and enhancements to use the SUM with DMO to its fullest potential, and a guided process to migrate your database leveraging new project accelerators.

Responsiveness− SAP Fiori combined with the power of SAP HANA and provided an unmatched application response and query executions time
Simple− made SAP Fiori simple to match the user demand, SAP has designed it as a 1-1-3 scenario. This means 1 user, 1 use case and 3 screens
Seamless Experience− the Fiori apps based on the same language and it does not matter on the deployment and platform.
• Delightful− SAP Fiori designed to work with ECC 6.0 to make it easy for the users and to deploy on the existing SAP systems
• Implemented and deployed next applets: Transactional Apps, Fact Sheets, Analytical Apps
• Key capabilities:
• New delightful visual theme: Belize
• SAP Fiori launchpad and extended with Viewport concept
• Notifications - with connection to SAP Business Workflow and My Inbox
• Me Area: direct navigation to recent apps and business objects, to settings, app finder
• Improved navigation via “Me Area” and via navigation to previously opened apps via drop down in new merged header
• Merged header: only one header bar, giving more space for each app
• New SAP Fiori elements: Overview Page, List Report and Object Page
SAP Fiori / SAP Gateway:
• Authentication managed by the SAP Fiori Framework
• Authorization for the user is shipped by Software Component ST-UI for SAP Solution Manager applications.
• In addition, for each individual application back-end authorization and RFC - communication authorization are required
• General security - related topics are mitigated by the front-end security of your Central Hub system, such as URL redirection, administrator access, input validation, and so on
Security tools: Integrated platform for performing security testing and audit of web applications as Burp Suit, Lynis, Beef, Passenger, CobaltStrike, Metasploit, Armitage, Cortana, Msfconsole and others
Malware Analyses Tools: Balbuzard, Bdlogparser, Box-js, Mamscanlogparser, Cuckoo, Zerowine and others

GRC for SAP HANA:
SAP Controls, GRC, PI for HANA, HANA based Application
Web Services - Threats, Vulnerabilities and Risks
• Denial of Service (DoS)/XML Denial of Service (XML-DoS)
• Man-in-the-Middle
• Message Injection and Manipulation
• Session Hijacking and Theft
• Identity Spoofing
• Message Confidentially
• Replay Attacks
• Message Validation Abuses
• XML Schema Tampering
• WSDL and UDDI Attacks

Web Services Security Requirements and Web Services Security Standards
• Authentication
• Authorization and Entitlement
• Audibility and Traceability
• Data Integrity
• Data Confidentiality
• Non-reputation
• Availability and Service Continuity
• Single Sign-On and Delegation
• Identity and Policy Management
• ISO 27001/27002, ITIL and COBIT frameworks
• Perimeter security controls – firewall, IDS/IPS, network access control and network segmentation
• Router, switch and VLAN security; wireless security
• Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
• Practices and methods of IT strategy, enterprise architecture and security architecture
Network security architecture development and definition
Knowledge of third party auditing and cloud risk assessment methodologies
Windows, UNIX and Linux operating systems

Define clear steps required to implement GRC on HANA plug in to integrate GRC 10.x with HANALIVE DB for user provisioning

Completed SAP GRC HANA “plug in” setup, provided connectivity test from GRC to HANALIVE DB Integrated HANA API to the SYSTEM catalog by using HANA Studio
Perform risk analysis for SAP HANA-based authorizations to avoid SoD conflicts

Virtualization Data Using Flowgraphs:
Visualized data by transforming it using a flowgraph editor and various transforming nodes. Use the nodes to design a flowgraph to retrieve data from an external system, transform it, and view it. Flowgraph editors exist in the following tools:
• SAP HANA Web IDE
• SAP HANA Web-based Development Workbench
• SAP HANA studio (including advanced SAP HANA XS)

eCommQuest, Inc., 4151 Ashford Dunwoody Rd., Suite 200 Atlanta, GA, 30319
Client IBM / Sunoco, Philadelphia, PA USA, November 2013 – June 2014
Enterprise Security Architect
Selected projects:CRM, WEBUI, Business Planning and Consolidation, eCommerce, Hybris
SAP Technical Architect
The goals of this project “Storm” is to build:
Develop database artifacts for use by applications running in the SAP HANA XS advanced environment, bear in mind the following prerequisites:
• Lead author technical and functional requirements
• Monitoring and configuration of security-related settings
• Data access and integration with SAP HANA data provisioning tools and technologies
• SAP HANA Architecture
• SAP HANA In-Memory Database
• SAP HANA Database Architecture
• SAP HANA Extended Application Services
• SAP HANA-Based Applications
• Access to a running SAP HANA development system (with SAP HANA XS advanced)
• A valid user account in the SAP HANA database on that system
• Access to development tools, for example, provided in:
• SAP Web IDE for SAP HANA
• SAP HANA Run-time Tools (included in the SAP Web IDE for SAP HANA)
Administration tool like HANA studio for most common activities include:
Created Users
Granted roles to users
Defined and Create Roles
Deleting Users
Resetting user passwords
Reactivating users after too many failed logon attempts
Deactivating users when it is required
Role admin privilege authorizes the creation and deletion of roles using the CREATE ROLE and DROP ROLE commands. It also authorizes the granting and revocation of roles using the GRANT and REVOKE commands.
Activated roles, meaning roles whose creator is the per-defined user _SYS_ROPE, can neither be granted to other roles or users nor dropped directly. Not even users having ROLE ADMIN privilege are able to do so.

IDM Connector for SAP HANA - Provisioning:
Create User with Password, Password notification, Creating User with different authentication methods
Creating User with Session Client, Provisioning of HANA Roles, DE-provisioning, Deleting Users Yes
Deprovisioning of HANA, Modify, Changing of Authentication Method, Changing of parameters of the corresponding Authentication Method, Changing the Session Client, Lock and Unlock of Users
Synchronization with HANA, Loading of HANA Roles, Loading of HANA Privileges, Loading of Users, Mass Maintenance (On Basis of IdM RDS), Reporting (On Basis of IdM RDS), Managing of customer specific HANA Tables (ACL)
Worked with Object/SQL Privileges, Analytic Privileges, Package Privileges, Application Privileges, System Privilege to create new roles. Experienced with HANA procedures and generate SQL roles (Create role, GRANT SELECT, EXECUTE…) in each system if it is required. Familiar to create repository or run time roles and design time. Created user schema and data schema.
Familiar with authentication methods supported by SAP HANA:
• User name/Password
• Kerberos
• SAML 2.0
• SAP Logon tickets
• X.509

The SuccessFactors Employee Central Integration to SAP S/4HANA
Best Practice offers you predefined content for data integration to enable end-to-end business processes across your core cloud HR and SAP S/4HANA on premise system landscape. In this scenario, SuccessFactors Employee Central as your core HR system in the cloud is the system of record for all human resources (HR) data.
Supported data integration:
• Integration of employee data between SAP S/4HANA and SAPSuccessFactors Employee Central where the employee data of SAPSuccessFactors Employee Central enables business processes, such as travel expenses, purchase orders, and so on.
• Integration of organizational data between SAP S/4HANA and SAP SuccessFactors Employee Central to synchronize organizational information such as the enterprise structure data, reporting lines, and so on
• Integration of financial data, such as cost center and cost center assignment integration between SAP S/4HANA FI and SAP SuccessFactors Employee Center
Business Benefits
• Easy Integration of the HANA based S/4HANA
• Fully benefit from innovation delivered via the SAP SuccessFactors cloud solutions
• Setup the integration faster and with less risk due to best practice content
• Ensure the security of an HR data transfer according to security governance protocols
• Realize the data integration using SAP Best Practice to improve the security concept of the on premise system landscape
• Usage of SAP HANA Cloud Platform, Integration Services as midleware
Trust and Key Stores for Securing Communication
Used different trust and key stores exist for internal communication and external communication. Depending on implementation, these will either be in the form of:
• In-database certificate collections (recommended)
• Personal security environments (PSEs) stored in the file system
A certificate collection (or PSE) is a secure location where the public information (public-key certificates) and private information (private keys) of the SAP HANA server are stored. A certificate collection may also contain the public information (public-key certificates) of trusted communication partners or root certificates from trusted Certification Authorities
Used the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol to secure communication between the SAP HANA database and clients that access the SQL interface of the database

Saudi Electricity Company, Dammam, KSA
March 2013 – August 2013
Provider: Al Bilad Arabia
Technical Manager
Sap Solution overview: Conclusion and Recommendations,
Redesigned and rebuilt Solution Policy, Business and Technical roles, Procedures
• Sol-Man, ECC, ERP 6.0, HCM, SRM, CRM, BRM, LSO,MII CLM, SRM, BPC, BI, BOBJ, BO, BPC, GRC 10 (Process and Access Control and Risk Management
• Risk Management and Content Life Cycle Management), TOGAF
• Established an environment for HANA administration, HANA Information Modeling and Data Provisioning in HANA database, Developed Business Cases
Solution Manager Business Cases development and optimization project
• SAP HANA Live, S4/HANA Fiori, Hybris
• Multi-catalog support
• Multi-language and
• Multi-currency support
• CRM, ERP and SAP HANA
• Evaluating SAP HANA Solution
Developed Authentication is the process of verifying the identity of a user who attempts to use Business
Objects Enterprise system (BOE, BI/BW/BOBJ, HANA)
• Developed Security Model concerned with two areas:
• authentication – establishing who the user is, essentially the logon process and
• authorization – controlling user access to different areas of the system
SAP BusinessObjects Enterprise (BOE), BOBJ, BI/BW, HANA
Used the Central management console (CMC) to define our security model and we can grant or deny access to a vast array of options and features throughout the system from controlling which documents can be viewed to what features within an application can be utilized – download to Excel in Web Intelligence, for example:
• Developed authentication type to be Enterprise or Third Party Authentication such as LDAP or Windows AD
• Created authorization process of verifying the user and sufficient rights to perform the requested action upon a given objects
• Action means to view, refresh, edit, schedule, etc. Object means folder, report, instance, universe, etc
• Handled authorization based on how the access level, application security, and content security such as users and groups, universe security, folder access, etc. are defined using CMC
Created of the authorization part is created, administered and maintained in CMC.
This includes:
• Access Levels and Inheritance
• Application Security
• Content Objects Security
• Set access level of rights that users frequently need:
BOBJ per-defined out of the box access levels such as Administrator, Full Access, Schedule, View and View on Demand
Created and customized your own access levels
• Set an object for a user rights are in order to control the access to the specific objects
• Set this individually (when there are hundreds of objects)
• Resolved inheritance this impractical situation by passing on the set of rights from a group to sub-group or from a folder to sub-folder
• Worked with CMC to control the appearance and features of tools such as, InfoView, Desktop Intelligence, Web Intelligence
Universe and Connection Security:
• Managed Universe security is at two levels CMC and Universe Designer:
• Applied CMC restrictions such as access level, users and groups, and usage rights and stored in CMS
• Restricted from Universe Designer Connection, Query Controls, SQL Generation
• Defined Object Access, Row Access, Alternate Table Access
Defined user security at the most granular level for the following content objects:
• Folders and sub-folders
• Reports
• Categories
• Events
• Program Files
• Publications
Configured BOBJ with following out of the box security:
Access Levels
• Full Control
• Schedule
• View
• View on Demand
Application Security
• Content
• Designer
• Web Intelligence, CMC, etc.
Users and Groups
• Administrators
• Everyone
• Universe Designer Users
Applications (Default Settings)
• CMC
• InfoView
• Web Intelligence
• Desktop Intelligence, etc.

Gwinnett County Government, State of Georgia, Lawrenceville, GA
Nov. 2012- March, 2013
SAP Technical Architect
Sub-contractor (Ask Stuffing)
• SAP Solution Specialist - SAP Solution Application Architect
• SAP Solution overview: Conclusion and Recommendations,
• Redesigned and rebuilt all CRM Business and Technical roles,
• ERP, CRM, BI, BOBJ, BO, BPC, ECC, “Cut Over”, “Go Live”
Network Security-related
Separate network zones:
These network zones can be basically described as follows:
• Client zone
The network in this zone is used by SAP application servers, by clients such as the SAP HANA studio or Web applications running against the SAP HANA XS server, and by other data sources such as SAP Business Warehouse
• Internal zone
This zone covers the interhost network between hosts in a distributed system as well as the SAP HANA system replication network.
• Storage zone
This zone refers to the network connections for backup storage and enterprise storage.

Divided on two categories:
1.”Passive" when a network intruder intercepts data traveling through the network, and Critical Security Settings in SAP HANA Cockpit monitoring
2.”Active" in which an intruder initiates commands to disrupt the network's normal operation or to conduct reconnaissance and lateral movement to find and gain access to assets available via the network Passive: Wiretapping, Port scanner, Idle scan.

Active:Denial-of-service attack, DNS spoofing, Man in the middle, ARP poisoning, VLAN hopping, Smurf attack, Buffer overflow, Heap overflow, Format string attack, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, PKI Database Security-related: Access control, Auditing, Authentication, Encryption, Integrity controls, Backups, Application security

Database Security applying Statistical Methodologies Disaster Recovery, Backup, Business Continuity, Developed a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster

Physical security: The component of communications security that results from all physical measures necessary to safeguard classified equipment, material, and documents from access thereto or observation thereof by unauthorized persons

Standards: Familiar with ISO 27002 (1), COBIT, NIST 800-53, ISO 27002 and SANS Critical Controls, Harmonized TRA, PCI compliance , NIST Framework, Guidelines, and the SANS Consensus Audit Guidelines Six Sigma, CMM, ITIL, Application Security Assessment: Penetration Testing and AppSec Prioritization, Application Security Report Cards, Report Card Development Process, Report Card Integration, Prioritizing Systems, Security Assessments and Treatment, Security activities including threat modeling

Static Application Security Testing (SAST), Dynamic Application, Scanning Tools (DAST), Penetration testing, Critical security controls. Operating-system-level virtualization, also known as containerization, refers to an operating system feature in which the kernel allows the existence of multiple isolated user-space instances.

Security tools: Configured SAP HANA to use TLS/SSL for secure communication,
Integrated platform for performing security testing and audit of web applications as Burp Suit, Lynis,
Beef,Passenger, CobaltStrike, Metasploit, Armitage, Cortana, Msfconsole and others
Malware Analyses Tools: Balbuzard, Bdlogparser, Box-js, Mamscanlogparser, Cuckoo, Zerowine and others

Tampa Electrical Company (TECO), Tampa, FL
June 2012 - July 2012
Security Solution Consultant
• Sub-contractor (Deloitte / AJACE)
• HCM, BOBJ, BOE, BPC, BW, BW-BPS, SRM, ECC, PORTAL, ERP 6.0, CRM WEB UI
• “Go Live” and after “Go Live” Support, BOBJ re-design,
• Front End and Back End BOBJ integration with HANA
Concerned the security model of a BI application is with three distinct areas
• User access – which users are allowed access to the application
• Data access – what data is exposed through the BI Application
• Functional access – what the users can do with this data

Black & Veatch, Anchorage, AK USA
February 2012 - April 2012
Principal Consultant – Enterprise Architect
Municipality of Anchorage
HCM PROJECT
Structural Authorization, Indirect Assignment, Strategy, Policy
SRM, PORTAL, BI, ECC, HCM, ESS/MSS. ERP 6.0, CRM2007

IBM Global Business Service - Jacksonville, FL
September 2010 to February 2012
Multiple Projects, USA
Managing Consultant - Application Architect. Security

Specific stream ciphers include: One-Time Pad, Feedback Shift Register (LFSR), Linear Congruential, and RC4
RC4 is the most widely-used stream cipher and is used in Secure Socket Layer (SSL) and Wired Equivalent Privacy (WEP), Asymmetric Key Encryption, Diffie-Hellman Key Exchange, RSA Encryption, Elliptic Curve Cryptography

Transmission security ( TRANCES ): The component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than crypt-analysis and cryptography (frequency hopping and spread spectrum).

Examples of some projects:
NBC Universal - Global HCM Project
Lead of HCM Solution (36 Countries)
ESS/MSS, Portal, Eureka, ECC, HCM, XI/PI, ERP 6.0, BOBJ, BPC, CRM
Global Project for 36 countries

General Motors, Detroit, Michigan
Global Projects
Back Point 1, Back Point 2 (174 Countries)
ECC, ERP 6.0, CRM2007, BI – Cognos, Portal
SAP Solution Strategy and Architecture
• BI Cognos Reconciliation
• GRC reports and BI Cognos reconciliation
• Internet Portal and BI Cognos integration
• LDAP Bi Cognos Groups and Roles
• Integration with ECC6, CRM7

Bombardier Aerospace Group, Montreal, QC
Application Development & Entertainment, IT
May 2010 – September 2010
Sub-Contract with Canada Corp and CSI in SAP Solution Field
SAP Solution Lead
Description/Scope: Extended Warehouse Management (EWM)
Responsibilities/Deliverable/ Achievements:
Solution Manager, CRM Channel Management, WEB UI, EWM
Encryption are created equal and using a data encryption method that is PIPS-certified (Federal Information Processing Standard), which means it has been certified for compliance with federal government security protocols
Cryptography: Algorithms ranging from symmetric, a-symmetric, hashes, and random number generators, all aspects of the Key life-cycle including storage

Sask-power, Regina, SK
October 2009 - April 2010
Lead SAP Solution Consultant
Subcontractor from IBM ISM/MODIS
Projects Description/Scope:
HCM Remediation Project
• ECC 6, BI, CRM 7, Sol Man 6, SRM 6, PORTAL 7, Tivoli IDM 4.1, ERP 6.0
• Roles and Infrastructure re-design
Responsibilities/Deliverable/Achievements
• Integration TIVOLI Identity Manager, UME and corporate LDAP
• RBAC - Role Based Access Control Model development
• Overview and consideration of Role Based Access Control, The Role modeling challenge,
• Role Based Access Models, Overview, Statement of the Problem

Access Control Principles,
• The Implementation and Conversion Program, Migration Plan
• Implementing the Pilot Program, Role Based Access Control Solution AIX management overview
• RBAC in Oracle (RDMS), Role Based Access Model for SAP, Policy-Based Authorization
• Business Processes, Business Policies, The RBAC pattern as an extension of the Authorization pattern
• Role-Based Access Control (RBAC) Pattern, Implementing and Modeling Roles in ITIM
• Separation of Duty in Role Based Access Control System Pattern

SAP America Inc., Jacksonville, FL (permanent) April 2007 - April 2009
SAP Solution Consultant
Industry: Multiple
Technical Specialist
Projects Description/Scope: Multiple Solutions
Competency Areas: SSO-Concepts (Certificates, SAP Logon Tickets)
• Kerberos and Public-Key Cryptography
• Business Continuity Planning
• Solution Management Practice
• Solution Infrastructure Architecture
• CRM Channel Management, E-commerce, WEB UI
• Enterprise SOA Solution in SAP Systems
• Integrating ABAP User-Management with Organizational Management
• Central User Storage Techniques (Multi-tenants)
• Build Framework: Solution Audit tools & Change Documents (SCDO)
• Maxware, IDM and LDAP in a company environment
Convergys Corporation, Jacksonville, FL (permanent)
April 2006 - April 2007
Sr. SAP Solution Consultant
Industry: Software Consulting Co., Government, Banking, Chemical, Retail, Pharmaceutical, Telecommunications, Manufacturing
Project Description/Scope: SAP Global Solution-Shared Services(Clouds) for 14 Global Companies (Multiple projects). Application and Software: ECC, ERP 6.0, SAP R3 4.7, Visio, Microsoft Project, SAP CRM, SRM, BW, BI 7.0, Portal, XI, CRM

Similar IT experience as above from 1981
EDUCATION:
1981- Master of Science Degree in Computer Science and Electronic Engineering,
Vinnitsa State Technical University, Vinnitsa, Ukraine, USSR
Program emphasis: Information System, Embedded Systems, Database, Business Application and Communications, Computer Engineering, Management, Software Architectures
Final Project: “Adaptation for generation of functions on segnetopyezo electrical elements of analog memory by a method of piece-linear approximation”
Central Processor Internal Operations Certificate, Union Computer Complex, Kazan, USSR
Principle of Operations (Processors), Programming in Assembler, Micro Programmed Control Unit,
Operations unit, Local Memory of Processor, Control Unit, Diagnostic Unit, Operational Memory Bank,
Unit of giving command, System of Virtual Machine, Selection Unit, Accelerator
1998-Programmer Analyst Diploma, CDI College, Kingston, ON
SAP- Solution and Authorization Concepts Certificate, SAP, Montreal, QC

REFERENCES AVAILABLE UPON REQUEST

Контактные данные:

Чтобы просмотреть контактные данные соискателя, вам необходимо авторизоваться с помощью вашего логина и пароля.

Форма авторизации находится в шапке справа. Если у вас нет логина и пароля, вам необходимо зарегистрироваться.





Похожие резюме