Michael Bradley

SUMMARY:Information security technologist with a concentration in credential & access management. Technology experience spanning a wide range of disciplines during an 11+ year career including but not limited to: credential management, access modeling, IT risk & compliance, testing, data analysis and user/server administration. Experience managing both centralized and matrixed resources across initiatives. Ability to work with stakeholders and gain trust to accomplish goals. Excellent verbal and written skills. Able to concisely communicate with management in technical or non-technical terms.

PROFESSIONAL EXPERIENCE:Freddie Mac, Virginia March 2009 – Present Role: Info Security, Sr.

Identity and Access Management:o Process Designo Password Management (Xceedium and Cyberark)o Account Activity Monitoring (120-Day Inactivity, 90-Day, Transfer and Termination)o Entitlement Detection and Remediation for Separation of Duties Remediationo Application Entitlement Model Discoveryo Database and Operating System Entitlement Analysiso Audit Engagement (Determine Needs, Provide Requests, Finding Remediation)

Data Analytics:o Tableau (Basic), SQL (Basic), Excel, MS Access

SDLC:o UAT, Smoke Testing, Requirement Gathering, Test Script Creation, Product

Comparison, HP Quality Center Project Management:

o Road Map, LOE, Staffing Calculations Design:

o HTML (Basic), CSS (Basic), Photoshop, PowerPoint

Fannie Mae, Virginia (Contract) Apr 2008 – Mar 2009 Role: Technology Risk Management Contractor

Role Mapping/Mining Analysis of user access/membership and comparison of user access/membership to roles

for multiple platforms (Active Directory, Unix, Oracle, Sybase, IDMS, RAM, Proprietary Internal Application Security, Tandem)

Application access report preparation including multiple different data views that are utilized by application owners during recertification (Active Directory, Unix, Oracle, Sybase, IDMS, RAM, Proprietary Internal Application Security, Tandem)

Facilitation of application access reviews Progress reporting of weekly compliance progress for 5 matrixed application teams

Freddie Mac, Virginia (Contract) Nov 2007 – Apr 2008 Role: Information Security IT Compliance Contractor

Account cleanup team lead - 10 member team - project plan, progress reporting and tracking (Unix, Windows, Mainframe, Oracle, Sybase, SQL, Novell)

Non-human account baseline and gap analysis Weekly status reports for multiple projects Liaising between Deloitte and Touche team Freddie Mac employees to facilitate needs

for both entities

Freddie Mac, Virginia (Contract) Oct 2006 – June 2007 Role: IT Compliance ContractorResponsibilities:

Unix, Novell & NT user entitlement audit. Coordination of Shared database ID access remediation project, documentation,

tracking, reporting and status presentation (password/file separation and security “lockdown” utilizing eTrust)

Documentation of interdepartmental shared/system ID ownership (UNIX, NT, Novell, Sybase, Oracle, DB2, PeopleSoft)

Team Lead / ITGC control based multi-platform application and database change management audit, root cause analysis, project coordination & reporting. This audit included Unix, NT, Novell, Sybase, Oracle, DB2, Mainframe, PeopleSoft technologies and various other business apps.

Documentation of audit process including step by step instructions and diagrams used by a team of 7 auditors to perform an application change management audit

Miller Breweries (Kompania Piwowarska), Poland Aug 2005 – Nov 2007 Role: ITGC/Sarbanes Oxley Coordinator (IT Audit / IT General controls)Description:Operational procedure adoption/modification/creation (Windows, SQL, Solaris, 2K/2K3, systems, Antivirus, Firewall, Third Party Connection, Remote Access, Physical Access, Risk Assessment, Segregation of Duties, Performance and Capacity Monitoring, Job Schedules, Configuration Management, Environmental Control, Incident Management, Problem Management, Backup and Restoration, Software Management, Change Control, SAP Basis, SAP Security, Risk ManagementResponsibilities:

Responsible for execution and coordination of audit processes, including risk assessment, definition of audit scope and objectives, project plan, detailed control evaluation, test activities, issue resolution, and report activities for assigned audits or objectives depending on the specific assignment.

Close work with PWC (Price Waterhouse Cooper) external auditors

Close work with E&Y (Ernst and Young) internal auditors Planning and developing IT audit scope, objectives and audit programs based on control

objectives related to management assertions. ITIL & COBIT IT governance Documentation of business processes listed above through interviews with staff

members and documenting agreed process. Liaising with project management office for approval of new proposed documents.

Work flow Diagrams Gap Analysis of IT Procedures and Controls Utilizing Best Practices and Market Trends Operational procedure staff communication training IT Process audits (Testing, Walkthroughs) Perform Pervasive control/General Computer control test to validate SOX requirements. Developing risk assessments Express Methodology Project Management Experience Test Script Creation and Update/Maintenance, Walkthrough Documentation Creation and

Update/Maintenance RACM (Roles and Accountability) Update/Maintenance, Control Register

Update/Maintenance, Work-flow design

The Warwick Savings Bank, New York/Towne Center Bank, NJ Jul 2003 – Mar 2005 Role: Network AdminResponsibilities:

Snort Build, Administration and Monitoring Nessus Build and Pen Testing Windows 2000 Active Directory Administration (Users Management and Rights,

Organizational Units, Group Polices, Group Creation) Management of IT Department (180 Nodes, 9 Remote Locations, 3 Technicians, 27

Servers, 230 users) Migration of 2 Domains Into 1 (Child Domain Into Parent) Migration of Enterprise From Mixed Mode 9x, 2000, XP to All XP Client Workstations Migration from Novell 5.1 Servers (Forest) to Windows 2000 Servers (Domain) Novell Forest Administration (Printer Management, User Creation and Rights

Management) DHCP Administration (Creating Reservations and Scopes)

Tri-State Business Systems, Walden, NY Aug 2002 – Jul 2003 Role: Network Analyst/Field TechnicianResponsibilities:

Troubleshooting Break/Fix Implemented Acceptable use Policy, Server Security Policy, Antivirus Policy Wired Network Design/Implementation/Cabling/Hardening Wireless Network Design/Implementation/Hardening Server Build (DC, DCHP, DNS, FTP)

Consulting Created AD Integrated Domain Managed Users, Group Creation, OU Creation Symantec Antivirus Enterprise Admin Managed environment Implemented Disaster Recovery Plan Internal Security Audit (Ellenville Town Hall, Tri-State Business Systems)

UNiSYS, Walden, NY Jan 2001 – Jul 2001 Role: Field TechnicianResponsibilities:

Troubleshooting Break/Fix Hardware Installation, Configuration, Update Web based service call management Stock (Ordering, Inventory, Shipment) Network Installation / Troubleshooting

Rosendale Computing, New York Mar 1997 - Dec 2002 Role: IT Consultant / OwnerResponsibilities:

Wired Network Design/Implementation/Cabling Wireless Network Design, Implementation, Cabling Designed & Installed 4 Wireless Home

& Business Networks. High End Home PC Build (High Performance Multiple Monitor, Graphics, Sound) High End Business Server Build (File, Print, Application, Monitoring) Security, Penetration Testing, Network Hardening Troubleshooting Break/Fix Stock (Ordering, Inventory) Help Desk FTP, DNS, DHCP Install Configuration Various Other IT Consulting

LANGUAGES Polish (Functional) English (Native)

CERTIFICATIONS Security +, A+, Network+

REFERENCES Mark Roy

Information Security Manager, Freddie Mac, Virginia Eric Liebowitz

Director, America Online, Virginia Kyle Spohn

Information Security Manager, 3M, Maryland