Michael P. O'Hara

With finalizing of the Incident Response doc I took the 30K-foot view workflow and did drill-down into the "sub-levels":
- 2nd-level view was to summarize what each workflow item consisted of & to assign RACI resources.
- 3rd-level view as "swimlane" to do same, but at the specific major incident type (i.e. DDoS, Malware).

Result will ensure the right resources are clearly assigned to tasks via RACI - this will speed response times & eliminate "who/what/when/where" questions.

1. Replaced preceding antivirus protection on all servers with ESET 6.x.
2. Integrated with Active Directory & built profiles for file/directory exceptions to optimize peformance.
3. Set up groups for monitoring/alerting.

Results were startling - the new solution picked up bugs that were not detected by the previous AV program and reporting/alerting was improved significantly.

Implemented a suite of products to replace existing solutions for server/network/site monitoring & help desk. Annual savings are $25K and an introduction of a far superior suite of software:

1. SAM to monitor servers, services, event logs & applications across the organization via WMI.
2. NPM to keep tabs on all SNMP-enabled devices (bandwidth use, connectivity, utilization).
3. WHD to improve upon the help desk process; also incorporated Change Mgmt process.
4. DPA for deep… Show more

Implemented a suite of products to replace existing solutions for server/network/site monitoring & help desk. Annual savings are $25K and an introduction of a far superior suite of software:

1. SAM to monitor servers, services, event logs & applications across the organization via WMI.
2. NPM to keep tabs on all SNMP-enabled devices (bandwidth use, connectivity, utilization).
3. WHD to improve upon the help desk process; also incorporated Change Mgmt process.
4. DPA for deep analysis of SQL Server (most expensive queries, CPU/RAM/IOPS, etc).

This improved visibility into the environment and accomplished it without the "cost" of using agent-based monitors. Also created dashboards for views at the 30,000-foot level and had drill-down to levels below. Show less

Replaced the interconnects & Internet access for three location/275-person company. Reduced annual expenditures on 'net services by $7000 and increased access speeds by an order of 50x. Also introduced Postini to combat the "spam problem" that plagued the users.

1. Moved to Cogent for Internet services at main datacenter @ 100Mbps.
2. Eliminated "mom & pop" ISP from all three offices.
3. Introduced a Verizon Metro Ethernet between all 3 offices @ 100Mbps.
4. Made the change… Show more

Replaced the interconnects & Internet access for three location/275-person company. Reduced annual expenditures on 'net services by $7000 and increased access speeds by an order of 50x. Also introduced Postini to combat the "spam problem" that plagued the users.

1. Moved to Cogent for Internet services at main datacenter @ 100Mbps.
2. Eliminated "mom & pop" ISP from all three offices.
3. Introduced a Verizon Metro Ethernet between all 3 offices @ 100Mbps.
4. Made the change from old network to new setup in 3 seconds.
5. Moved to Postini and reduced spams in first nine months by 1.9M.

The change was obvious to all users and received special mention by CEO at Annual Meeting. Show less

Existing infrastructure consisted of standalone servers using local storage - no HA ability and limited storage. Project upgraded servers to MSFT Virtual Server 2.0 (running on 3 hosts - 2 active & 1 standby) and an EMC Clariion SAN was installed. Result was greater availability and no limits placed on server storage.

Company opened a new office, conveniently located at 32 Avenue of the Americas (one of NYC's telco hotels) and decision was made to relocate IT services to it.

- Was given an empty space to drop services in.
- Selected Cogent for 100Mb ISP & Verizon MetroEthernet to connect offices.
- Spec'd out raised floors, HVAC, power/UPS for colo-quality room.
- Had APC closets installed and professional cabling job done on them.
- Set up servers, SAN, all networking (Router, FW… Show more

Company opened a new office, conveniently located at 32 Avenue of the Americas (one of NYC's telco hotels) and decision was made to relocate IT services to it.

- Was given an empty space to drop services in.
- Selected Cogent for 100Mb ISP & Verizon MetroEthernet to connect offices.
- Spec'd out raised floors, HVAC, power/UPS for colo-quality room.
- Had APC closets installed and professional cabling job done on them.
- Set up servers, SAN, all networking (Router, FW, switching) & connected to old location.
- Configured virtualization, OS/applications.

Result was an infrastructure that could scale & had access speeds 50x greater than previously. Show less

1. Ran scan of all servers & computers on network to find all SQL Server instances.
2. Identified those in production vs. test/dev.
3. Built new SQL Server & migrated all DB's and granted access based on requirements.

Result was confirmation all SQL data was being monitored and backed up; also reduced overlap of administration & duplicate data.

1. Was put in charge of Y2K initiative to upgrade all computers at division of The Limited (Lerner NY).
2. Had dotted line management of 9 staff for 20 hrs/week, who submitted weekly status rollout reports.
3. Used a "cookie cutter" process and imaged 350 PC's (base PC, power PC & notebook).
4. Delegated assignments to test 3rd-party & homegrown apps.

The project lasted 4 months and we successfully rolled out all PC's on-time and within budget. Result was upgrades to Windows95… Show more

1. Was put in charge of Y2K initiative to upgrade all computers at division of The Limited (Lerner NY).
2. Had dotted line management of 9 staff for 20 hrs/week, who submitted weekly status rollout reports.
3. Used a "cookie cutter" process and imaged 350 PC's (base PC, power PC & notebook).
4. Delegated assignments to test 3rd-party & homegrown apps.

The project lasted 4 months and we successfully rolled out all PC's on-time and within budget. Result was upgrades to Windows95 & NT, introduced e-mail to remaining staff & reduced Help Desk tickets by 60% (mostly due to HW issues; we standardized on Dell). Show less

TNS had no management of their GRC obligations & no automated analysis of their cloud tenants.
Having used GRC mgmt tools previously I suggested we implement one...

- Went through an RFP with AuditBoard, Drata & Vanta (feature comparison, cost, etc).
- Opted for Vanta (which will automatically dip into dozens of platforms/services & pull info).
1. Put hooks into AWS, GitHub, GCP & a few others services.
2. Started reporting almost immediately on status of service… Show more

TNS had no management of their GRC obligations & no automated analysis of their cloud tenants.
Having used GRC mgmt tools previously I suggested we implement one...

- Went through an RFP with AuditBoard, Drata & Vanta (feature comparison, cost, etc).
- Opted for Vanta (which will automatically dip into dozens of platforms/services & pull info).
1. Put hooks into AWS, GitHub, GCP & a few others services.
2. Started reporting almost immediately on status of service configs (security & GRC).
3. Came with baked-in policy docs (no need to reinvent the wheel).
4. Would auto-populate any attestation/certification docs.

I estimated it saved around 900 man-hours/yr that folks could spend doing other work.
Generously stated - this had a plus-ROI by month 9.

And you get visibility into security configs - and it even has proposed SOLUTIONS for configs. Show less

With transition as a new company establishing a cyber training program was critical to keep the staff aware and informed:
- Conducted vendor assessments and opted for MediaPro.
- Customized training collateral to focus on company-specific coursework.
- Ran a beta program with stakeholders and collected feedback on ease of use, etc.
- Set up scheduled reporting to keep tabs on user experience/progress to report back to leadership.

The first course will launch in November 2018;… Show more

With transition as a new company establishing a cyber training program was critical to keep the staff aware and informed:
- Conducted vendor assessments and opted for MediaPro.
- Customized training collateral to focus on company-specific coursework.
- Ran a beta program with stakeholders and collected feedback on ease of use, etc.
- Set up scheduled reporting to keep tabs on user experience/progress to report back to leadership.

The first course will launch in November 2018; the four standard courses for general staff & two other courses for PCI compliance, secure coding, etc will recur annually. Show less

This was a huge project spanning a few years (with some gaps between the concept-to-delivery).
The highlights are below:

- I asked could we consider getting certified? CTO said yes, investigate.
- I ran through an SAQ-D. End-result was several gaps requiring major network overhauls.
- Cost would be ~ $1.5M. Project got mothballed.
- Fast-forward AUG 2019. Avon bought by LG. CEO says "get PCI"
- I provided the audit & estimated costs. Three decisions are then… Show more

This was a huge project spanning a few years (with some gaps between the concept-to-delivery).
The highlights are below:

- I asked could we consider getting certified? CTO said yes, investigate.
- I ran through an SAQ-D. End-result was several gaps requiring major network overhauls.
- Cost would be ~ $1.5M. Project got mothballed.
- Fast-forward AUG 2019. Avon bought by LG. CEO says "get PCI"
- I provided the audit & estimated costs. Three decisions are then made:
1. Change to an iFrame
2. Move out of on-prem into AWS.
3. Engage with a QSA to formalize the SAQ.
- We do all three.
- Change of payment process (new provider using iFrame) reduces from SAQ-D to A
- Savings on QSA process (MUCH SHORTER) is ~ $120K/yr.
- Certification is achieved in 2 weeks vs. the 10 weeks previously (thank you iFrame)
- Move to AWS drastically reduces the CAPEX. Show less

Was selected as point person to drive company towards PCI Certification - accomplishments included:
- Research into consultancy to help execute due diligence.
- Generated dashboards & project plans.
- Managed consultants and worked with staff to provide information.
- Gave bi-weekly updates to CFO/COO, Legal on overall progress.
- Results help drive us to transform our digital platform from on-prem to AWS.
- Estimated savings on infrastructure rebuild ~ $1.5M.

Early on in my time at TAC I asked why don't we get PCI compliant? My CTO said run your due-dilly - which I did by plowing through a SAQ-D. The initial results showed gaps that would prevent TAC from getting a cert... in addition to serious $$$$ to revamp the hosted infrastructure (estimated ~ $1.5M).

At this point it was tabled. Fast-forward to being acquired by LGHNH in AUG 2019... upon completion of the purchase the group CEO said to get PCI... we had the head-start &… Show more

Early on in my time at TAC I asked why don't we get PCI compliant? My CTO said run your due-dilly - which I did by plowing through a SAQ-D. The initial results showed gaps that would prevent TAC from getting a cert... in addition to serious $$$$ to revamp the hosted infrastructure (estimated ~ $1.5M).

At this point it was tabled. Fast-forward to being acquired by LGHNH in AUG 2019... upon completion of the purchase the group CEO said to get PCI... we had the head-start & provided the docs. Three major decisions came from these:
1. Get PCI-DSS compliant
2. Move your e-comm platform out of on-prem into AWS
3. Changed your payment process

We ran through a formal QSA process that largely jibed with my findings - but with artifacts & a signoff from our QSA. In parallel Avon worked with LG CNS (computing/network services) to build ecomm up on AWS, while also moving to CyberSource & instituting payment via an iFrame.

Once the build was completed & flipped on the QSA process was MUCH shorter due to the move to an iFrame - reducing our obligation from D --> A. About $122K in annual savings on QSA & 2 weeks vs. almost 10 weeks previously.

Avon became PCI-DSS compliant & we retained the artifacts/documents to deliver the SAQ-A even faster in subsequent years. Show less

Initiative to assess and select a Pen-Test/ASV vendor to meet PCI Certification requirements and as a general sanity check on existing security processes:
1. Research conducted on vendors & demo/discussion held with each.
2. A scorecard (weighted comparison of feature sets) was used to "grade out" each.
3. Assessment of the CAPEX/OPEX was a small slice of the scorecard - did not want to bias inputs.
4. Vendor selection --> SOW --> Approval

The vendor will commence… Show more

Initiative to assess and select a Pen-Test/ASV vendor to meet PCI Certification requirements and as a general sanity check on existing security processes:
1. Research conducted on vendors & demo/discussion held with each.
2. A scorecard (weighted comparison of feature sets) was used to "grade out" each.
3. Assessment of the CAPEX/OPEX was a small slice of the scorecard - did not want to bias inputs.
4. Vendor selection --> SOW --> Approval

The vendor will commence pen-testing DEC/JAN and ASV's Q1 2019. This will serve general security requirements in addition to satisfying PCI DSS 3.2.... also using Metasploit internally to conduct our own pen/vuln testing. Show less

Introduced the concept of static/dynamic code analysis for our mission-critical e-commerce sites:
- Conducted research on Gartner Magic Quadrant leaders.
- Engaged with DEV team to participate in assessment.
- Listed requirements (i.e. had to play nice with JIRA, BitBucket & Jenkins, static/dynamic scrubbing).
- Had all vendors run demos & provide features.
- Use a scorecard to "grade" them on feature sets. Useful to reduce bias in decision-making.

Vendor was chosen and… Show more

Introduced the concept of static/dynamic code analysis for our mission-critical e-commerce sites:
- Conducted research on Gartner Magic Quadrant leaders.
- Engaged with DEV team to participate in assessment.
- Listed requirements (i.e. had to play nice with JIRA, BitBucket & Jenkins, static/dynamic scrubbing).
- Had all vendors run demos & provide features.
- Use a scorecard to "grade" them on feature sets. Useful to reduce bias in decision-making.

Vendor was chosen and will be onboarded in Q1 2019. Show less

Anti-Phishing was an early requirement defined to augment protection against email-based attacks:
- A vendor was recommended by consulting group.
- Assessment of feature set & demos were held.
- Integration effort assessment was transparent (a major selling point of the vendor's cloud solution).
- SOW was signed and vendor was rapidly onboarded.
- Rules were established based on AI analyzed by platform, some specifically for C-Level protection.

Assigned to PM lead for the transition of JDE/E2Open, the core non-revenue generating platform at New Avon. Generated a daily dashboard on progress (off MSFT Project) and ensured collaboration between IBM, New Avon and Infosys. The end-result: migration was a complete success and project was only 1 of 2 out of 30 migrations that stayed "green" throughout cut-over.

A complete overhaul at the request of the Group CEO as the company rebranded... consolidation of two disparate AD 2008/VMWARE networks to a single AD 2012/Hyper-V environment. The infrastructure in UK was upgraded to match what existed in US to simplify/standardize the network/servers/SAN. New single domain was run in parallel for two months with preceding production networks, during which time all applications and 85% of data was ported over. Also vetted out all 3rd-party/external… Show more

A complete overhaul at the request of the Group CEO as the company rebranded... consolidation of two disparate AD 2008/VMWARE networks to a single AD 2012/Hyper-V environment. The infrastructure in UK was upgraded to match what existed in US to simplify/standardize the network/servers/SAN. New single domain was run in parallel for two months with preceding production networks, during which time all applications and 85% of data was ported over. Also vetted out all 3rd-party/external applications.

The cutover to production took all of 2 1/2 days. The staff left Friday afternoon to two networks and came in Monday morning to a single network. What may be most impressive - all the work was done by TWO admins with 15 hours of a consultant tossed in.

Accomplishments included:
1. Introduction of DR/BCP via Veeam replication.
2. Seamless integration between locations (Lync/Skype, SPoint, Exchange, Files) that did not exist.
3. DirectAccess for VPN provided access to all networks via single login.
4. A significant reduction in complexity and introduction of redundancies in data center (HA, SAN).
5. Saved more than $100K a year by using London & New York as each other's DR sites.

End result was a tremendous improvement in performance, collaboration & redundancies across the infrastructure. The DR element was put to the test twice and performed brilliantly - in both cases the replicated servers in US were spun up and in production within 30 minutes... and failback was seamless. Show less

Goal was to migrate/consolidate SharePoint 2007/2010 instances from two different domains to a new forest.
1. Built SP2010 instance (front-end, app & DB server) on MSFT Hyper-V to facilitate easy expansion.
2. Used ShareGate to move sites/content to new farm in two different phases:
A. Moved 95% of all data to confirm migration completely cleanly.
B. Ran the delta for remaining 5% during the "cutover weekend."

Result was less servers and a united look-and-feel &… Show more

Goal was to migrate/consolidate SharePoint 2007/2010 instances from two different domains to a new forest.
1. Built SP2010 instance (front-end, app & DB server) on MSFT Hyper-V to facilitate easy expansion.
2. Used ShareGate to move sites/content to new farm in two different phases:
A. Moved 95% of all data to confirm migration completely cleanly.
B. Ran the delta for remaining 5% during the "cutover weekend."

Result was less servers and a united look-and-feel & common security hierarchy so different groups had required access... Show less

To eliminate single points-of-failure and replace preceding infrastructure, which was standalone servers without centralized storage.

1. Provisioned new servers (HP DL380 series) & introduced EMC VNXe SAN.
2. Had consultant put in fully meshed switching for server/SAN connectivity.
3. Built VMware HA cluster (2 live servers & 1 hot standby).

Result tremendously upgraded server performance, storage & availability and was the template used for the Cordium consolidation project… Show more

To eliminate single points-of-failure and replace preceding infrastructure, which was standalone servers without centralized storage.

1. Provisioned new servers (HP DL380 series) & introduced EMC VNXe SAN.
2. Had consultant put in fully meshed switching for server/SAN connectivity.
3. Built VMware HA cluster (2 live servers & 1 hot standby).

Result tremendously upgraded server performance, storage & availability and was the template used for the Cordium consolidation project at UK data center. And maintenance of both the cluster & individual VM's was improved via "rolling updates" & having ability to snapshot servers for near-immediate restore. Show less