Summary: I am talented Security consultant with 13 years in the IT Industry and 9 years of SAP

Security implementation, conversion/upgrade, and security audit expertise. I specialize in the

implementation and conversion/upgrade of existing SAP installations to SAP Netweaver 7.0
Scenarios. I have designed and managed SAP security, using client resources from definition of
job roles through to development, testing and migration. I am an experienced consultant who has
been involved with numerous Global SAP Security implementations and upgrades where I
designed and implemented a security development strategy. I have successfully managed
multiple projects simultaneously while delivering excellence. I have performed risk analyses of
manufacturing, Health Care and Consumer Goods industries. I have concentrated most recently
in BI 7.0 and Portal Broadcast functionality with SSO capability.

Technology Summary:

Proficient in: SAP R/3 3.1i, 4.0B, 4.6c. 4.7 ECC5.0, 6.0 , BW 3.0b BI 3.5, BI 7.0, GRC 5.2 ,
EP 6.0, EP 7.0, eCATT, LSMW, SAPScript, Virsa/GRC Compliance Calibrator 4.0, 5.2,
Netweaver 2004s , Portal Administration CUA,WAS, SSO, UME Have configured Security
for SAP modules: FI, MM, PP, CO, AM, PS, Solution Manager 3.2, HR , CRM 4.0, XI,
MDM, SCM/APO 4.1, EBP/SRM 3.0,4.0, BW 3.0b BI 3.5, BI 7.0 Have performed Upgrades
- R/3 4.0b-4.6c ECC 5.0-ECC 6.0 BW 3.5-BI 7.0

Experience Summary:

SAP Security Consultant Confidential 4/2009 to present

 Remote Support for initial Go-live for A&D Customer with ECC, SNC, BI and EP 7.0
 Performed Role/Defect Updates in development during Realization phase
 Validated ECC/BI critical Objects and transaction pre Go-Live
 Assisted developing GRC 5.3 ruleset for above modules with Functional and Controls
teams
 GRC 5.3 AE, CC configuration setup and validation
 Configured new GRC 5.3 client installations
 Perform SOD checks for all PRD users with Compliance Calibrator 4.0/5.3 toolset
 Created roles for GRC Firefighter users in Compliance Calibrator for process teams
 Setup Users, Controllers and Owners of GRC Firefighter ID's and provisioned accounts,
setup logging and ruleset
 Created Training system users and roles, assisted in data loads and client copies
following training refreshes
 Created eCATT scripts for Go-Live user load and role assignment and maintenance.
 Responsible for War Room support, issue remediation post Go-live with critical
resolution times
 Documentation of lessons learned and coaching opportunities for successive delivery
launches
 Designed retrofit of BI 7.0 roles using Analysis authorizations
 Configured UME access with Delegated Security administration by company

SAP Security Lead Consultant Confidential 3/2009 to 4/2009

  Created BI 7.0, EP 7.0 Security Model post installation for new BI reporting requirement
for Public Sector CM/SLCM customer
 Created System Administrator, Security , and developer roles in BI 7.0 and EP 7.0
 Troubleshot EP 7.0 and BI reporting issues including setup and landscape connectivity ,
BI integration with EP7.0
 Knowledge transfer to existing staff for BI and EP Security methodology
 Developed testing and case scenarios for future development and future portal integration
 Documented Role design and reporting strategy across Infoproviders and business users
with BI 7.0 Analysis Authorizations using RSECADMIN security tool
 Provide production support and development to BI 7.0 module of SAP for the Campus
Management/SLCM (CM/SLCM) implementation
 Maintain high level of support by meeting with clients to discuss and determine system
issues or areas for improvement
 Develop and implement custom security and enhancements to SAP reporting with no
interruption to the business Present recommendations to client management concerning
systems upgrades and development opportunities.
 Train users on new systems, upgrades, and enhancements to existing systems
 Research problems, determination of problem origins and corrective actions needed;
implementation and testing of solutions; development and testing of new programs;
training customers technical team

SAP Security Lead Consultant Confidential Louisville, KY 3/2008 to 02/2009

 Independent consultant to Fortune 500 Healthcare Company's SAP security team

 BI Security Lead present from initial planning and design phase through go-live for BI
3.5 to 7.0 Upgrade
 BI 7.0 Upgrade for custom objects securing 1300 profit center nodes restricted via
hierarchy
 Migrated 1200 SU02 profiles to BI 7.0 RSECADMIN authorizations with SAP
RSEC_MIGRATION tool
 Automated creation and population of new security Roles with BI7.0 RSECADMIN
authorizations, assign users by Creating eCATT scripts
 Troubleshooting Authorization issues with RSUDO trace logging functionality
 Designed and created broadcast folders and links in Netweaver 7.0 Portal for reports to
5400 users
 Secured BI Broadcasts by Role assignment, limited by authorizations rollup for 1200
nodes in the profit center hierarchy
 Created XML document and uploaded to 2004s Portal to update Broadcast link
permissions for the above
 Co-presenter , developed and delivered the security portion of the above Broadcasting
functionality at ASUG 2009 conference, in session titled "Using Netweaver Knowledge
Management for efficient and secure information distribution"
 Developed and maintained crosswalk mapping of ABAP authorizations to BI Web
templates to rollout new iView structure , utilizing merged worksets under Business
navigational tabs
  Created XML Documents that automated Portal role assignment by setting up portal role
- ABAP group assignment. This satisfied end user's portal BI Web template presentation
needs.
 Researched and Setup Kerberos Authentication upgrade from NTLM to Netweaver 7.0
Portal to accommodate new BI 7.0 SSO functionality
 Maintained NW 2004s Portal Security Zone assignments and PCD authorization settings
 Setup and maintenance of users and personnel records on HR Structural authorizations
on ECC 6.0
 Restricted access to data working with infotpes and Authorization objects P_ORGIN,
P_PERNR, P_APPL in HR
 Created info type 105 and subtypes 0001, 9010 for the new hires and adding the PD
profiles using PO13
 Modified personnel records/structural authorizations , PA20
 Structural Auth assignment maintenance , RHPROFL0
 Lead work group to define security production processes and provided support post go-
live
 Assisted with documentation and knowledge transfer to existing staff in above areas

SAP Security Lead Consultant Confidential Louisville, KY 10/2008 to 1/2009

 Security Lead for BI 7.0 Implementation to secure queries in Integrated Planning,

CO/PA, Sales Forecasting
 Create Functional and , Basis, Security Developer, Technical Team roles in BI system
 Create Analysis Authorizations to restrict queries on characteristics and navigational
attributes with RSECADMIN
 Testing and resolution of query functionality in 7.0 BEx Analyzer
 Troubleshooting Authorization issues with RSUDO trace logging
 Provide staff training and documentation to the customer's internal security and
development teams.
 Serve as customers' quality advocate with the external SAP integration partner's final
product
 Provide best practice advice in BI 7.0 Security and BI Query design using 7.0 Query
Designer

SAP GRC Lead Consultant Confidential Louisville, KY 11/2007 to 03/2008

 Performed GRC compliance Calibrator 5.2 Installation and configuration, proof of

concept for Existing Virsa 4.0 Customer
 Loaded Global rule set and configured reporting and alerts
 Audited and documented existing SOD conflicts within roles and assigned to users.
 Created and ran eCATT scripts to update security roles with re mediated access.
 Assisted with documentation and knowledge transfer to existing staff in above areas.
 Performed BI 7.0 and ECC 6.0 Authorization updates for profit center Hierarchy
consolidation project.

SAP Security Consultant Confidential Bardstown, KY 10/2007-11/2007

  Independent SAP Security consultant in SAP R/3 4.7, BW 3.5 Global Implementation
 Assisted customers' transition of Security management from project team to support team
 Validated and granted new user access requests, maintained SOD matrix with Business
process Owner's approval
 Created and tracked requests and approvals for access deltas in customers' internal
repository
 Prepared team for ECC 6.0 Upgrade, Documented roles and Access Matrix using Excel
 Assisted with knowledge transfer to existing staff

Confidential Sap Security Design Lead to PepsiCo International Brands 02/2007 to 10/2007

 Design Lead in a Global implementation from project preparation phase through 2 go-
lives in China, Egypt, The Netherlands, and Mexico
 Delivered Blueprint Security Design from PepsiCo domestic implementation and adapted
to international project for FI, MM, PP, CO, AM, PS
 Represented SAP America Presence for Security team in establishing PepsiCo Center of
Excellence (COE) with PepsiCo Team lead and integration partner
 Promoted best practice, leveraging domestic implementation documentation and
procedures.
 Developed strategy and supported multiple cycle Integration and User Acceptance testing
 Staffed post go-live support with customer's personnel

Confidential Newtown Square, PA Senior Consultant to PepsiCo INC 12/2004 to 02/2007

 Independent SAP Security Consultant to SAP America on new Global implementation

project at a
 Fortune 500 Food and Beverage company, 3,000 initial and 65,000 named users.
 SAP Security SME staffed from Project preparation through 7 phased go-lives.
 One of 2 SAP consultants who designed and created Security in BW 3.5, BI 7.0 ECC 5.0,
Solution Manager 3.2, CRM 4.0, XI, MDM, SCM/APO 4.1,SRM 4.0, Netweaver 2004s
and Supplier Self Service Portals
 Performed Security Upgrade of roles and authorizations ECC 5.0 to ECC 6.0 and , BW
3.5 to BI Netweaver 2004s
 Created Security roles using Profile Generator (PFCG) in an SAP NW 2004s
environment
 Designed and Tested and role assignments in NW2004s Portal for WebGUI/ WinGUI
comparison
 Automated CUA Security Tasks by creating SAP eCATT scripts and LSMW batch input
sessions including: user mass creation, role assignment, Organizational Hierarchy
assignment
 Created users and assigned roles manually and in mass through upload in NW2004s
Portal
 Setup and Maintained users in CUA with connection to customer's Sun IDM LDAP
through SAP function module RS_LDAPSYNC
 Developed Job role matrix for access request/provisioning through IDM
 Ran Custom batch script regularly to replicate new CUA/IDM users to NW2004s Portal
  Scheduled common Security jobs in SM37 with SCOT email output reporting to PepsiCo
SAP Security Team
 Initially created Developer, Configurator, Tools, Basis, Security and functional roles
from IMG menu
 Maintained SRM Org Hierarchy through PPOMA_BBP
 Adjusted SU24 Table updates found in unit and system testing and transported
throughout the landscape
 Worked with Basis team to develop Solution manager roles for Administrators,
Configurators, Change Managers, and Support Desk roles
 Performed initial system security inspection and setup of newly created CUA clients
 Maintained dual development landscape security supporting client's multiple release
strategy
 Created and maintained OSS user accounts to enter the customer system for analysis and
correction
 Setup CUA distribution landscape and attached newly built clients to CUA system,
assigned Parameters
 Created and Applied security for interfacing applications Tibco, Control-M
 Performed ST01\RSECADMIN Trace for Authorization error analysis
 Created and maintained RFC user accounts to PepsiCo standards
 Created and assigned tables to Custom table authorization groups
 Created Documentation of all procedures for PepsiCo security Team members

Confidential Newtown Square, PA Consultant to Avaya INC 10/2004 to 12/2004

 Independent SAP Security Consultant at a Fortune 500 communications vendor SAP

redesign project to bring SAP Security authorizations within Sarbanes-Oxley compliance.
 Team member in a group of 4 consultants that designed , implemented, and tested
solution to internal audit finding of 66,000 SOD conflicts identified by Internal Audit
partners
 Performed 3.1h profile and 4.6c role cleanup to mitigate Segregation of Duties conflicts
in preparation for external audit and Sarbanes-Oxley for Q4 2004 compliance and SEC
reporting requirements
 Created SAP Test User Accounts and modified roles using SAP CATT, performed unit
testing and validation
 Staffed post Go-live support with existing SAP Security team

Confidential Freemont, CA Consultant to Brown-Forman INC 08/2004 to 10/2004

 Independent SAP Security Consultant on SAP Sarbanes-Oxley redesign project for a

major US based distiller and consumer goods manufacturing firm.
 Utilize Virsa Systems' VRAT and VRMT tools (Currently GRC Compliance
Calibrator Suite) to identify, track and eliminate Segregation of Duties (SOD) conflicts
within FI, PP, MM, SD, WM, and QM modules.
 Built and maintained user history Microsoft Access database from SAP RBE tool,
imported user execution history, proposed role mappings, Virsa VRAT SOD rule set, and
SOD Deltas throughout the testing phases.
  Mapped 650 production users' Tcode execution history, SOD Execution History, and
Proposed role assignments, identified SOD's through Access queries
 Created Microsoft Access Report signoff documents for user SOD mitigation
 Assisted Internal Audit with Key and Compensating Control development
 Created 300 new roles using Virsa Systems' VRMT tool, analyzed SOD's and
documented secured objects
 Setup and mapping of 650 users in Test bed environment using SAP CATT scripts

Confidential Tampa, Florida Consultant to PricewaterhouseCoopers LLP 02/2004 to

08/2004

 Independent SAP Security Consultant at a global consulting firm's new SAP 4.7e internal
implementation
 New/Refresh Client setup and Security Administration and Authorization assignment in
CUA system
 Creation and assignment of Configurator, Developer, end user and security roles
 Created roles for ALE, Background Job, and custom Tcode access.
 SAP Security role and authorization changes in DEV and QA instances using the Profile
Generator.
 Transport of roles throughout four SAP instances using SE09, STMS, SCC1.
 Created SAP Roles, and users in standalone training environment for 19,000 named user
base covering R/3, BW, CFM, and EBP
 Monitoring CUA logs daily using SCUL, monitoring and reprocessing failed IDOCs.
 Performed routine maintenance and mass creation following system refresh using CATT
scripts
 Defect resolution from testing team using Mercury Interactive Test director 8.0

Confidential Portland, Oregon Consultant to Nike, INC Nike World Headquarters 11/2003
to 02/2004

 Independent consultant performing SAP upgrade security in the Supply Chain group for a
global 1000 sports fitness company in a global, multi instance environment.
 Create and test 4.7 derived roles for business liaisons in the USA, Canada, Europe,
Middle East, Africa and Asia Pacific regions
 Initiate response to development and production support issues generated through
Kintana Workbench and Mercury Interactive Test Director requests
 Perform SU24 updates to maintain Tcode associations to Authorization Objects
 Perform Role updates and generation using PFCG
 Mass Transport and deletes of roles and SU24 updates
 Maintain user mappings and virtual Composite Job Role Mappings using PWC Security
Administrator For ERP (S.A.F.E.) tool
 Implementing mass changes through CATT and Winrunner scripts
 Daily Transport administration of customization requests through DEV and QA instances
using SCC1, SE10, and STMS
 Provide 24x7 support for Unit, Integration, and Regression testers.
Confidential Nashville, Tennessee Consultant to Deloitte & Touche 04/2003-09/2003

 Independent consultant on an SAP led enterprise upgrade From 3.1I to 4.7e with 3,000
named users.
 Led requirements gathering sessions with 6 groups of FI business owners.
 Created association of Tcodes to Authorization Objects using SU24.
 Performed role upgrade and authorization cleanup using the Profile Generator, PFCG.
 Assigned/maintained authorization objects in roles in FI, CO, HR, PS, and MM.
 Maintain Access Database records listing Job level Role assignment, history, and
updates.
 Worked with Internal Audit Services Group to refine access requirements throughout the
upgrade.
 Create 51 Composite Roles and Test ID's from Realization Phase BPML for Job based
testing by QA team.
 Consolidate roles and remove obsolete activities to eliminate Segregation of Duties
conflicts.
 Create CATT scripts for automating simple tasks i.e. role assignments, user creates &
deletes.
 Researched authorization error issues using SU53/ST01.
 Setup CUA clients in the security sandbox environment.
 Created Excel matrix of Tcodes to Composite (Job) assignments for business owner
groups.
 Resolved testing issues with QA Team using Mercury Interactive Test Director 7.6.
 Create, populate and submit transports for roles across the SAP system landscape.
 Create documentation for ongoing procedures for department employees.
 Work with FI functional team to create a new node level security strategy with 4.7
naming convention.

SAP Security Analyst, IS Security Promoted 2000-4/2003 Confidential Louisville, Kentucky

 Designed and implemented security mechanisms and procedures for user administration,
profile creation, profile maintenance, and management for SAP BW 3.0 environment at a
Fortune 500 Healthcare Company.
 Lead for all BW security work from project start on BW 3.0b implementation
 Liaison between Human Resources, Data Warehouse, Information Technology, SAP
project teams, Basis administration and auditors
 Work with functional teams to resolve problems during pre-production security testing.
 Upgrade and redesign roles using the Profile Generator, PFCG
 Attended SAP training, including SAP BW365 (SAP 4.6 BW Authorizations), SAP
CA940 (SAP 4.6 Authorizations Security Curriculum)
 Create Custom Authorization Objects and assigned to Info cubes using RSSM
 Create reporting roles for Business Warehouse users using PFCG
 Create custom authorization objects to limit data views by profit center, facility, etc.
 Limit access to query data employing User Exits, custom Security Tables, and Structured
Authorization Data from SAP HR.
 Assigned authorization objects to profiles in FI, CO, HR, PS, and MM.
  Performed analysis of SU53 as well as setting up and analyzing user traces
(RSSM/ST01) to troubleshoot user access problems.
 Defined and implemented security authorizations and roles for end users after working
with functional consultants to create the security matrix
 Performed user administration (creating, changing and deleting accounts, assigning roles
to users) to create usermaster data.
 Processed transports for roles across the SAP Dev and QA system landscape.
 Worked with functional business contacts to develop SAP activity groups, profiles and
authorizations matrix
 Utilize this matrix and a custom CATT script to create 4.6 user master records and role
assignments from existing 4.0 users and profiles.
 Developed USR40 table (invalid passwords) for 4.6c system with security team.
 Supported the implementation of SAP R/3 4.6c running Windows 2000 and SQL Server
2000.
 Tested application security rights assigned through profiles and internal directory
database on SQL Server 7.0.
 Tested Job role defined user profiles and application access with the Enterprise-wide
Windows2000 Migration.
 Supported SAP BW 3.0b environment on an ongoing basis

2002 -HR Structural Authorization Implementation

 Identified Organization Unit relationship requirements and user account assignments

 Documented maintenance, audit and user administration process and procedures

2001 - R/3 4.0 to 4.6 Upgrade

 Worked with development and business users to identify authorization requirements.

Designed and created authorization roles and created custom authorization objects/groups
 Mapped existing 4.0 profiles and user assignments to the new corresponding 4.6C role(s)
 Created user account templates and setup the required System/Service/Communication
user accounts for Tidal, ALE, Workflow and background processing.
 Scheduled nightly background job for PFUD

Systems Programmer, Database Administration and Capacity Planning 1999-2000

Confidential Louisville Kentucky

 Capacity planning, service level agreements definition and server performance tuning of
an environment consisting of 25 SAP R/3 4.0 Windows NT Servers.
 Monitored 50 SAP FI/CO and HR transactions and reported SAP response time to 2
second goal for SLA.
 Implemented the rollout of BMC Best/1 for Distributed Systems V 6.1 - 6.3, and BMC
Patrol 6.5 to SAP servers to report performance metrics.
 Implemented Candle eBA software response time monitoring for top 100 SAP
transactions in use
Network Administrator II, Information Systems 1998-1999 Confidential Louisville,
Kentucky

 Relocated Indianapolis facility computer network operations to Louisville, integrating

major application components into the Louisville infrastructure.

Network Administrator 1997-1998 Confidential Woodland, California

 Assisted in planning, implementing, and supporting a 125 user Novell Ethernet LAN with
ATM WAN connectivity to midrange and client server resources for startup of a 24/7-
distribution environment. Configured groups and user account objects and profiles.

Email Administrator, System Support Representative 1996 - 1997 Confidential, Louisville,

Kentucky

 Maintained 1600+ user base for CA E-mail version 4.0, account creation, forms creation
and maintenance. Password security through ca-Roscoe and TopSecret.

I have achieved the following Professional Certifications:

 SAP Certified Netweaver Security Consultant 2007

 CISA Certified Information Systems Auditor 2001
 CISSP Certified Information Systems Security Professional 2001
 BMC Certified Professional - BMC Software Patrol Perform/Predict Rating 2000
 MCSE Microsoft Certified Systems Engineer 2000