I was hired as a Delivery Manager and Enterprise Architect for the global rollout of Discovery and CMDB for an international Managment Consulting company. This was a 2 year programme directed at North America and European regions worth €2m.

In the first year I identified and implemented €90k worth of cost savings to the programme by automating level 1 support so that the resources were no longer required. I led a team of 8 offshore engineers in India and Poland and was responsible for their training and managing their progress on the the deployment to individual accounts.

I reported to the Programme Manager and was responsible for not only the software architecture but the security design needed to obtain global CISO sign off and allow the programme to proceed when it hit a major hurdle and was blocked by security compliance. One of the many hurdles was implementing RBAC into the solution which had not been designed for full RBAC control.

I worked with one of my lead engineers to find and document all the group permissions available in the tool, then employed a hack to prevent certain pages from loading without the right permissions. This satisfied the requirements of Global CISO. During the process we even discovered a vulnerability that allowed access without permissions, which was reported back to the vendor. The vendor was so impressed that they asked if they could see our documentation.

The post Management Consulting – Global Programme Software Rollout appeared first on fitzmoskal.

I was assigned to advise an Investment Bank in Milan in how to deploy an agent for discovery of their Mainframe systems for dependency mapping.

The solution was straightforward which involved downloading and installing an additional agent for the BMC Discovery tool. During the brief consultancy visit I also identified and advised on their general issues with credential discovery. They had had a cyber-attack the previous year and as a precaution had altered all Linux servers to have individual named service accounts – over an estate of (IIRC) 500 Linux servers.

It was pointed out that whilst this would certainly slow down a hacker and limit the the damage, it would also be more difficult to trace and manage in the event of an attack. A much better solution was suggested of proactive management and linking service accounts to an AD service with monitoring and least privilege.

The post Italian Investment Bank – Mainframe Discovery appeared first on fitzmoskal.