Mark Allen Earnest

mark@mystikos.org

I began my career as a Systems Programmer with The Pennsylvania State University's Administrative Information Services department. During my tenure there I was tasked with the installation, configuration, and maintenance of various zOS utilities and software packages. Over time, my role grew to include security architecture and development duties, where I designed and programmed several authentication/authorization related programs. My primary project was serving as the technical and development lead for Hydra, which is the University's secure DCERPC client/server framework for web based access to mainframe data and business logic.

In 2003 I was selected along with 9 other colleagues to form a new department called Emerging Technologies. We were tasked with investigating, prototyping, and aiding in the implementation of new technologies within the university. My role in this group has centered around security architectures involving SAML, PKI, Kerberos, XACML, and other related technologies. I served as the technical lead on projects such as the implementation of a university-wide web single signon system and inter-institutional federated identity management system. Most recently I co-designed and developed a SAML/PKI based identity management and access control architecture for Lionshare, a multi-million dollar peer to peer academic file-sharing application funded by the Mellon Foundation. I also provided security architecture consultation to various groups around the University and gave security related presentations nationally.

In September of 2006 I accepted a job as a consultant in the Identity Management Practice of Entology Inc. My role there has been to provide consulting support for Oracle Identity Manager, Oracle Access Manager, and various other security and provisioning related software tool to our clients. I have served as the technical lead on several large scale deployments. I have also done significant development against Oracle Identity Manager's API as well as the IDXML Web Services and Identity Event Plugin interfaces of Oracle Access Manager.

• Operating Systems: Solaris (7, 8, 9, 10), AIX (4.3.3, 5.0, 5.1, 5.2), Linux (all flavors), zOS, Windows 2000/XP/2003, OS X, and OpenBSD
• Programming Languages: C, Java, Perl, x86 Assembly, s/390 Assembly, JCL, XHTML/CSS, and REXX
• Protocols: DCE-RPC, SOAP, IDXML, 802.11, GSS-RPC, HTTP, NCPASS-TLI, and SASL
• Tools: Eclipse, Netbeans, Visual Studio, Nagios, VMWare Server
• Security Technologies: SAML, SASL, Kerberos, PKI, XACML, LDAP, DCE, SecurID, Biometrics, general cryptography, and federated identity management
• Servers: Sun One Directory Server, Oracle Internet Directory, Microsoft Active Directory, OpenLDAP, Tomcat, JBoss, BEA WebLogic, Oracle Application Server, Oracle Database 10g.
• Identity Management Applications: Oracle Identity Manager (9.0.1, 9.0.3), Oracle Access Manager, Internet2 Shibboleth, and UMich CoSign
• Mainframe Specific Technologies: FDR, ISPF, TSO, Natural, Adabas, Syncsort, NCPASS, and MXI

My role at Entology is to serve as an Identity Management consultant focusing on Oracle's Identity Manager product (previously Thor Xellerate) and Oracle Access Manager (previously Oblix CoreID). During this time I have served as a Java developer and Oracle Access Manager consultant for a leading Pharmaceutical firm, as well as technical lead and developer on two large scale Oracle Identity Manager deployments

• Implemented a full life-cycle Provisioning system for Paetec Communications, utilizing Oracle Identity Manager. Directly responsible for the architecture and design process, as well as the overall implementation. Led a team of two developers on this engagement and served as the day-to-day lead and project manager for the engagement.
• Implemented a full life-cycle Web Services infrastructure for a leading Pharmaceutical firm, utilizing Oracle Access Manager.
• Developed several Identity Event Plugins to extend Oracle Access Manager's workflow functionality.
• Implemented password management functionality in OAM for the firm's largest client-facing application suite.
• Developed numerous "custom" connectors to backend systems, directories, and databases.
• Experienced in crafting Proof-of-Concept (POCs) builds to ensure the success and practicality of the Oracle Identity Management Suite.
• Experienced in the installation and configuration of OIM server.
• Experienced with cross-system identity mapping and reconciliation to OIM identity repository database.

My role in Emerging Technologies has been primarily security architecture research and development. I worked with many departments within Penn State both part of central IT and academic to develop and implement security architectures. I served as the technical lead on both the University wide single sign on implementation and our inter-institutional federated identity management project.

• Investigated and prototyped Penn State's unified web single sign on system
• Both aided in the development of, and led Penn State's implementation of Shibboleth: a SAML based federated identity management system created by Internet2
• Designed and built a SAML/PKI based identity management and access control architecture for Lionshare, a Mellon Foundation funded, peer 2 peer filesharing application
• Prototyped and developed several PKI infrastructure projects, as well as multiple factor authentication projects
• Active developer on several open source applications and libraries, including my own web log application focused on role based authorization and support for enterprise authentication systems
• Aided in the creation of a Shibboleth based, privacy-centric authentication/authorization infrastructure for the Penn State / Napster partnership. This architecture became the standard with which Napster interacts with Universities
• Responsible for equipment purchases totaling roughly $50,000 (servers, software, bladecenter)
• Responsible for administration of testing and production servers (IBM, Dell, & Sun) running Linux, AIX, Solaris, and Windows 2000/2003
• Responsible for administration of departmental IBM Bladecenter consisting of JS-20 and HS-20 blades
• Provided consulting on security related topics (SAML, authentication, authorization, PKI, secure RPC, Kerberos, etc) to various departments within Penn State, as well as presented on these topics locally and nationally
• Active presenter at Internet2 Member's Meetings and Campus Architecture & Middleware Planning workshops
• Participated in annual NIST/Internet2 PKI Research & Development Workshop

I was originally hired as a systems programmer tasked with maintaining Penn State's administrative and student information mainframe system. Over time my role grew to include software development and architecture development. In addition to both developing and porting security related libraries and applications to the IBM zOS operating system, I was responsible for the development and porting of the DCERPC based client/server architecture used for web based access to the University's mainframe housed administrative data and business logic.

• Lead development and porting of DCERPC based client/server framework for web based access to mainframe data, integrating Natural, Smalltalk, & DCE
• Developed libraries for Unix, Windows, and Java to allow two factor authentication from web applications using RSA SecurID tokens against PassGO's NCPASS product
• Aided in Disaster Recovery planning
• Ported several utilities to zOS and zOS Unix including PGP
• Responsible for installation, configuration, and maintenance of several zOS utilities including CA FDR, SyncSort, and MXI
• Acted as primary Unix/Linux support and consulting contact within the department as well as primary C developer

As a student at Penn State University I held several part time and wage payroll jobs with the University. At Penn State New Kensington I worked as a helpdesk consultant, assisted in computer lab setup and wiring, and redesigned the campus website. At University Park, I worked as a Mainframe Operator where I was responsible for processing output, running batch jobs, and loading magnetic media.

Outside of my career, I spent several years volunteering as a certified Field Team Leader and one year as the team commander for the Centre County Sheriff's Office Search and Rescue Team. Today I remain active as the webmaster and IT consultant handling all of the team's electronic communications needs (mailing lists, SMS callout, etc.)

Finally, I was one of the original members of the Penn State Linux User's Group and gave many presentations at meetings while I was at Penn State.

I graduated High School in 1996 and enrolled at the Pennsylvania State University later that year. After attending classes full time for three years I was hired by the University and have been sporadically taking classes part time since then. At my current rate of 3 credits a semester I will have my Bachelors Degree in 2008.

• Deer Lakes Jr/Sr High School: Graduated 1996
• The Pennsylvania State University: Bachelor of Science - Organizational Leadership: Anticipated Graduation 2008