Doc Farmer

Current

• Security/Audit Advisory Group - Member at NewEra Software
• Senior Security Specialist at InfoSec, Inc.
• Member, 2007 Board of Governors at American Biofuels Council

• Forum Moderator at ChronWatch Discussion Forum
• Columnist at ChronWatch
• Freelance Author / Technical Writer at Xephon Publications

see less...

3 more...

Past

• Contributor - IBM Redbook - z/OS Mainframe Security and Audit Management using IBM Tivoli zSecure at IBM
• Sr. Security Consultant - RACF at Publix
• Sr. Security Consultant - RACF at Aozora Bank

• Sr. Security Consultant - RACF at State Farm Insurance
• Project Manager – Sarbanes-Oxley Assessment at GMAC
• Project Manager – Senior Security Consultant at Computer Horizons
• Senior Manager – Security and Business Continuity Department at Qatar National Bank
• Manager - Senior Information Systems Security Analyst at Riyad Bank
• Senior Computer Auditor at SBC Warburg
• Senior Internal Auditor (DP) at ITT London & Edinburgh Insurance - Worthing, West Sussex, UK
• Data/Physical Security Administrator at U.S. Central
• Senior EDP Auditor at United Services Life Insurance Co (USLICO) - Arlington, VA
• Data Security Administrator / EDP Auditor at Financial Technologies - Chantilly, VA
• Senior EDP Auditor at Perpetual Savings Bank FSB - Alexandria
• EDP Auditor at Summit Bank
• Computer Operator at Lincoln Financial Group

see less...

13 more...

Recommended

13 people have recommended Doc

Connections

500+ connections

Industry

Computer & Network Security

Websites

• InfoSec, Inc.
• Click Here To Connect!
• TopLinked.com

Doc Farmer’s Summary

Accomplished Information Security/Business Continuity Manager and Information Systems Auditor. Over 32 years in Information Technology, with 28 of those years in the Security/Auditing environment. Main experience in IBM large-scale mainframes, as well as AS/400 systems, RS/6000 systems, DEC/VAX systems, Tandem and Stratus fault-tolerant systems, Novell networks and Windows NT networks. Strong background in technical systems, audits and security protocols including operating systems (z/OS, OS/390). Strong background in a variety of security systems, including RACF, ACF2 and Top Secret. Well versed in a number of fourth generation mainframe languages. Strong background in project planning and execution, particularly relating to controls, security, planning, testing and execution. Background in SDLC protocols. Background in Sarbanes-Oxley requirements, FDIC regulations, Comptroller regulations, UK Information Security Act, UK Privacy Act and ISO17799.

Strong verbal and written communication skills, having successfully conducted Security and Disaster Recovery seminars. Published author and speaker on the topics of Information Security, Physical Security IT Audit, Disaster Recovery and Year 2000 issues. Also strong background in technical writing on RACF issues.

Management background with experience in staff relations, budgeting and delegation/ scheduling of duties in priority order.

Honors:
• Awarded Time Magazine's "Person of the Year - 2006" (along with about a billion other Internet users...
• Achieved Nerd Test Score Ranking of 96th Percentile Nerd (Supreme Nerd God) as verified by http://www.nerdtests.com/ft_nq.php
• UPDATE: As of October 2008, a retest now puts me at 99th Percentile

Mottos:
• Veni, Vidi, Velcro - I Came, I Saw, I Stuck Around A While...
• Veni, Vidi, Spurius Brutus Deitrum Cowi - I Came, I Saw, I Tore The Thick Bastards Limb From Limb.

Doc Farmer’s Specialties:

RACF, z/OS, TSO, ISPF, CICS, MVS, OS/390, IBM, Mainframe, Security, Policy, Procedure, Standards Development, Project Management, IT Security Consultant, IT Consultant, Contingency Planning, Disaster Recovery, Writer, Author, Public Speaker, TopLinked.com, SOX, GLBA, PCI, HIPAA, LION, Greater IBM Innovation Community, American Biofuels Council, DallasBlue, ExecuNet, LinkedInnovators, MyLinkedinPowerForum, MLPF, Relevante

Doc Farmer’s Experience

• Security/Audit Advisory Group - Member

  NewEra Software

  (Privately Held; Computer Software industry)

  February 2009 — Present (6 months)

  Provide input and advice on software development for security and audit products.

• Senior Security Specialist

  InfoSec, Inc.

  (Privately Held; 11-50 employees; Computer & Network Security industry)

  October 2007 — Present (1 year 10 months)

  • Perform Security Examinations and Remediation for clients.
  
  • Perform In-Depth security analysis and cleanup of RACF shops, both as a standalone process or for conversion from RACF to CA-ACF2 or CA-Top Secret.
  
  • Provide clients with Service Retainer Program (SRP) assistance, which offers on-demand mainframe expertise, giving customers the flexibility to have expert staff available when needed without having to incur the expense of a full time employee.
  
  • Provide audit compliance services for SOX, PCI, GLBA and HIPAA.
  
  InfoSec, Inc. provides specialized products and services for large-scale information systems and security. InfoSec is an IBM and CA business partner, focusing on sales and service of CA’s eTrust security, but able to provide all manner of mainframe related services from OS upgrades to 3rd party software support. InfoSec services include security upgrades/assessments, audit compliance, and security system interoperability, conversion or consolidation.

• Member, 2007 Board of Governors

  American Biofuels Council

  (Non-Profit; 11-50 employees; Non-Profit Organization Management industry)

  June 2007 — Present (2 years 2 months)

  The American Biofuels Council is a national association founded to coordinate communications and provide education for the advancement of the uses of alternative fuels and other products derived from biomass.
  
  The Council advocates that biofuels, as a group, are an integral part of an overall energy policy for government, enterprise, and consumers, and that the biofuels community has a critical role to play in the national energy leadership.
  
  Individual Members and Governors include academics, public policy makers, legislators, private enterprise leadership, and biofuel activists, who agree to come together to speak with one voice as the Council helps to shape the national energy debate.
  
  The Board of Governors is responsible for ratifying Committee work on policy, governance, finance, communications and membership, approving the Council charter, and setting dates for future meetings, elections etc.

• Forum Moderator

  ChronWatch Discussion Forum

  (Privately Held; 11-50 employees; Internet industry)

  July 2004 — Present (5 years 1 month)

  As moderator, I oversee the smooth functioning of a large discussion forum with nearly 10,000 registered users. While the forum is generally conservative in nature, all points of view are welcome (provided the posters are polite and follow the rules). I helped to develop the board rules, and perform general maintenance on the forum database to ensure continued operations. I also work with the ISP and service technicians to debug any potential problems in a timely manner.

• Columnist

  ChronWatch

  (Privately Held; 11-50 employees; Writing and Editing industry)

  April 2003 — Present (6 years 4 months)

  ChronWatch.com is a counter force to the liberal advocacy so dominant in today's media. ChronWatch provides articles from a group of in-house writers, in addition to carefully selected material from the Internet. As a result, ChronWatch is your one-stop site for the conservative point of view.
  
  I've written for ChronWatch as a regular columnist on political matters of the day as well as just fun stuff. Up until a major hack of the website in early 2007, I had over 180 articles in the archive (we're still trying to recover them). However, the number is creeping back up again, slowly but surely.
  
  To quote my online bio, "Doc Farmer is a columnist, security consultant, humorist, and part-time curmudgeon living in America's heartland."

• Freelance Author / Technical Writer

  Xephon Publications

  (Privately Held; 51-200 employees; Computer & Network Security industry)

  February 2002 — Present (7 years 6 months)

  Published Works
  
  • PENTLAND UTILITIES V2.0 - AN UPDATE - RACF Update, May-August 2007.
  • THE DEATH OF RACF’S OPERATIONS ATTRIBUTE (or, how I’m trying to kill it…) - RACF Update, November 2006.
  • CICS TRANSACTION SEGREGATION AND REGION CREATION - CICS Update, 3-part series, March/April/May 2005 (also reprinted in RACF Update, May / August / December 2005).
  • RACF - YOUR QUESTIONS ANSWERED - RACF Update, August / November 2002, February 2003.
  • BUSINESS CONTINUITY AND RACF - RACF Update, November 2003.
  • PENTLAND UTILITIES REVIEW - RACF Update, 2-part series, February / May 2003.
  • BUILDING A SECURE DATA CENTRE - Insight IS, October 2002.
  • RACF RESTRUCTURING - RACF Update, 4-part series, February / May / August / November 2002.

• Contributor - IBM Redbook - z/OS Mainframe Security and Audit Management using IBM Tivoli zSecure

  IBM

  (Public Company; 10,001 or more employees; IBM; Information Technology and Services industry)

  June 2008 — June 2008 (1 month)

  Provided input on RACF OPERATIONS attribute issues to one of the authors of the draft Redbook (Michael Cairns), who was kind enough to mention me and my company in the preface. The book's code is SG24-7633, and you can review and comment on the draft at http://www.redbooks.ibm.com/redpieces/abstracts/sg247633.html?Open (cut 'n' paste the address)

• Sr. Security Consultant - RACF

  Publix

  (Privately Held; 10,001 or more employees; Retail industry)

  February 2007 — October 2007 (9 months)

  • Short-term assignment (three month, with extensions) with Publix, a large Fortune-150 Grocery Chain (Fortune-25 Food and Drug Stores), focusing on mainframe security issues regarding RACF assessment and remediation.
  • Converted to longer term project to develop a new security infrastructure to comply with regulatory requirements (SOX, HIPAA, PCI) and best business practice.
  • Provided technical project design and direction including development of security task lists, work lists and assignment, security implementation and remediation.
  • Performed detailed analysis of mainframe security settings.
  • Developed detailed audit process for z/OS security
  • Developed detailed remediation process for multiple mainframe system.

• Sr. Security Consultant - RACF

  Aozora Bank

  (Public Company; 1001-5000 employees; Banking industry)

  February 2006 — August 2006 (7 months)

  • Short-term assignment with large Japanese Banking/Financial company, focusing on mainframe security issues regarding RACF assessment and remediation.
  • Technical project management, design and direction including development of security task lists, work schedules and assignment, staffing,
  • Work on major RACF database clean up and restructuring assignments, the remediation of z/OS security issues outside of RACF, development of operating system-level change control processes, Kerberos implementation and policy development, integration of secured mainframe communications into a Macintosh network.
  • Investigation, installation and assessment of add-on security auditing products to assist in RACF maintenance and clean-up.
  • Performed detailed analysis of mainframe security settings.
  • Developed detailed audit process for z/OS security
  • Developed detailed remediation process for dual mainframe system.
  • Assisted staff in security policy development.

• Sr. Security Consultant - RACF

  State Farm Insurance

  (Privately Held; 10,001 or more employees; Insurance industry)

  October 2004 — December 2005 (1 year 3 months)

  • Twelve-month assignment (extended) with large Fortune-50 insurance company, focusing on mainframe security issues including RACF, Vanguard, DB2, IMS, CICS/TS, on 60+ mainframes and 100+ Logical Partitions (LPARs) including both regular and high-availability Sysplex structures.
  • Project management and direction on specific technical projects and assignments including security migration from native CICS/TS to RACF, native DB2 to RACF, native IMS to RACF, etc.
  • Work on major RACF database clean up and restructuring assignments, the creation of a shared mainframe knowledge library, z/OS security audits, creation of a segregated mainframe LPAR for security testing, and other technical assignments as requested by management.
  • Development of a standardized RACF region creation structure and procedure for new CICS regions, ensuring adequate transaction segregation and security monitoring.
  • Developed comprehensive audit program for z/OS systems.

• Project Manager – Sarbanes-Oxley Assessment

  GMAC

  (Public Company; 10,001 or more employees; GM; Financial Services industry)

  June 2004 — September 2004 (4 months)

  • Four month assignment with large financial adjunct to Fortune 100 automotive manufacturer. Development of specific Sarbanes-Oxley audit tests to provide control assurance of seven large-scale application systems.
  • Consultative discussions with employers as to control provisions based on best business practice and applicable regulatory requirements.
  • Developed highly detailed project plan for application testing.
  • Created and led the execution of 427 discrete application tests, covering 548 control requirements.
  • Consulted with management on application control issues.
  • Assisted with SAS70 assessments for related service supplier.

• Project Manager – Senior Security Consultant

  Computer Horizons

  (Public Company; 1001-5000 employees; CHRZ; Information Technology and Services industry)

  October 2003 — October 2003 (1 month)

  • One-month assignment with large insurance company to develop a ground floor security project (none existed before). Development of Project Plans (including detailed task lists), high-level policies and detailed job specifications for security project staff.
  • Consultative discussions with employers as to security requirements based on best business practice and applicable regulatory requirements.
  • Developed highly detailed project plan for security implementation based on Sarbanes-Oxley, FDIC/Comptroller, ISO17799 and other guidelines. Task list contained over 2100 specific line items.
  • Developed high-level Information Security and Physical Security policy documents for review and adoption by the Board.
  • Assisted in the development of selection processes and requirements for internal/eternal network penetration/vulnerability testing

• Senior Manager – Security and Business Continuity Department

  Qatar National Bank

  (Public Company; 501-1000 employees; Banking industry)

  June 2002 — August 2003 (1 year 3 months)

  • Created the Security and Business Continuity Department, hiring a staff of 3 during my tenure.
  • Development of core policies for information security, physical security, business continuity and the Bank’s new Internet infrastructure.
  • Development of draft business recovery plans for over 30 departments and divisions within the Bank (never done before).
  • Began a security centralization process across more than 30 separate computer systems and applications.
  • Began development/design of a business recovery site.
  • Prepared emergency contingency/recovery plans prior to the Iraq war.
  • Assisted in the design of the Internet security infrastructure.
  • Formalized and added controls to the access request process, while streamlining efficiency.
  • Created design for a new computer center to replace the current (unsecured) location.
  • Developed strong working relationships across all divisions and departments

• Manager - Senior Information Systems Security Analyst

  Riyad Bank

  (Public Company; 1001-5000 employees; Banking industry)

  January 1998 — June 2002 (4 years 6 months)

  • Co-ordinate activities of Security Analysts and Security Administrators in a team-oriented work environment.
  • Perform analysis and some administration of OS/390 v2.6 security with RACF v2.6., and upgrade of OS/390 and RACF to v2.8.
  • Managed a Data Security Project for implementation of security protocols throughout the Bank.
  • Completed a 22-month implementation of security for a major change to banking software platforms and networks.
  • Completed a 30-month assignment as Sub-Project Manager of a comprehensive Data Security Project for the Bank. Coordinated and completed 267 separate tasks on schedule, ahead of all other Sub-Projects.
  • Developed Information Security Policies, Procedures, Standards and forms on a wide range of subjects, including an Corporate Information Security Policy, Data Classification and Ownership, Encryption, etc.
  • Assisted in expansion of the IS Security function within the Bank from a skeleton crew to a staff of 22.

• Senior Computer Auditor

  SBC Warburg

  (Public Company; 10,001 or more employees; Investment Banking industry)

  July 1994 — November 1997 (3 years 5 months)

  • Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environments, including mainframe, LAN/WAN and communications systems.
  • Performed audits on CREST and SWIFT systems.
  • Performed in-depth technical reviews of MVS/ESA and RACF.
  • Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environments, including mainframe, LAN/WAN and communications systems.
  • Performed technical audits of SBC Warburg satellite IT operations in Frankfurt, Germany and Geneva, Switzerland.
  • Liaised with the Computer Security department on various issues of control concerns, including a sophisticated new security system involving the use of Global Positioning Satellite (GPS) technology.

• Senior Internal Auditor (DP)

  ITT London & Edinburgh Insurance - Worthing, West Sussex, UK

  (Public Company; 5001-10,000 employees; Insurance industry)

  April 1991 — April 1994 (3 years 1 month)

  • Performed audits, control reviews and security/efficiency standards tests on all aspects of the computer environment, both mainframe and PC/LAN.
  • Performed audits on new financial application systems under development.
  • Performed in-depth technical reviews of MVS/ESA and RACF.
  • Liaised with the Computer Security department, providing information on systems and personal computer security from previous experiences.
  • Developed sophisticated audit workpaper automation for the department, which allowed other Internal Auditors (both Financial and IT) to record their control reviews and analysis, audit findings, audit programs and other important steps directly into a PC. The system then printed the output, generating a sophisticated form layout around the data for ease of use, and to conform to corporate standards.
  • Assisted the department in receiving BS750/ISO9001 certification, the first Internal Audit department in the UK to do so.

• Data/Physical Security Administrator

  U.S. Central

  (Non-Profit; 201-500 employees; Financial Services industry)

  August 1989 — April 1991 (1 year 9 months)

  • Responsible for the security of both information and property at a US$30 billion financial institution, serving 42 Corporate Credit Unions and over 14,000 state and local Credit Unions.
  • Created a number of security policies, and the mechanics to enforce them, to protect the assets of U.S. Central and the trust of the Credit Union network.
  • Installed a computerized access control system at the main office, helping to reduce unauthorized entry into sensitive areas of the organization. Was awarded for this work by Management.
  • Developed a Disaster Recovery Manual into a comprehensive 200+ page document, covering the protection of lives, property and information in a number of different business interruption scenarios.
  • Conducted two seminars through the Training Department, one on Physical and Data Security, the other on Disaster Recovery.
  • Gained extensive knowledge of PC systems, including the protection of information from computer viruses.

• Senior EDP Auditor

  United Services Life Insurance Co (USLICO) - Arlington, VA

  (Public Company; 501-1000 employees; Insurance industry)

  January 1988 — August 1989 (1 year 8 months)

  • Designed and implemented audit programs for examination of technical systems.
  • Designed and implemented audit programs for examination of technical systems.
  • Audits included in-depth examinations of CA-Top Secret and OS/MVS, as well as Disaster Recovery Planning and Testing.
  • Supervised two staff EDP Auditors.
  • Operated in an IBM 3081/4381 environment under OS/MVS.
  • Aided in the development of the EDP Audit function for the company, a multi-billion dollar life insurance firm for U.S. military service personnel.
  • Worked in advisory role with the Data Security Administrator.

• Data Security Administrator / EDP Auditor

  Financial Technologies - Chantilly, VA

  (Public Company; 51-200 employees; Banking industry)

  March 1987 — January 1988 (11 months)

  • Established the Data Security and EDP Audit functions.
  • Drafted policies and procedures for physical and information security.
  • Monitored security access and violation reports.
  • Developed a physical interface between the cardkey access control system and the IBM mainframe, saving over 250 hours per year from manual report reviews.
  • Developed the preliminary structure for a Disaster Recovery Plan.

• Senior EDP Auditor

  Perpetual Savings Bank FSB - Alexandria

  (Public Company; 1001-5000 employees; Banking industry)

  December 1985 — March 1987 (1 year 4 months)

  • Designed and implemented audit programs for new and existing software applications, communications networks, automated tellers, data security and disaster recovery.
  • Consulted with the Security/Recovery department.
  • Supervised two staff EDP Auditors.
  • Selected and installed IBM PC hardware and software to help automated the audit function, saving hundreds of hours of work per year and increasing auditor productivity.
  • Assisted in designing and testing the Disaster Recovery plan.

• EDP Auditor

  Summit Bank

  (Public Company; 10,001 or more employees; Banking industry)

  September 1979 — December 1985 (6 years 4 months)

  • Created the EDP Audit and Computer Security functions for the Bank.
  • Designed and implemented audit programs for new and existing applications, automated tellers, data security and disaster recovery.
  • Developed over 500 computer audit software programs for use in EDP and financial audits.
  • Automated some accounting reporting functions, saving over 1000 hours per year from manual reporting and increasing the accuracy and security of the Bank's finances.

• Computer Operator

  Lincoln Financial Group

  (Public Company; 5001-10,000 employees; LNC; Financial Services industry)

  September 1976 — September 1979 (3 years 1 month)

  • Operations and maintenance of IBM computer equipment, console operations, tape library management and physical security of the computer room.

Additional Information

Doc Farmer’s Websites:

• InfoSec, Inc.
• Click Here To Connect!
• TopLinked.com

Doc Farmer’s Interests:

RACF, z/OS, TSO, ISPF, CICS, MVS, OS/390, IBM, Mainframe, Security, Policy, Procedure, Standards Development, Project Management, IT Security Consultant, IT Consultant, Contingency Planning, Disaster Recovery, Writer, Author, Public Speaker

Doc Farmer’s Honors:

Honors:
• Awarded Time Magazine's "Person of the Year - 2006" (along with about a billion other Internet users...

Published Works (beyond freelancing for Xephon Publications):
• THE SIMPLE SOLUTION TO ELECTRONIC VOTING - Computerworld, 7 December 2005.
• SOFTWARE PIRACY - PROTECT YOURSELF! - Credit Union Executive, Winter 1990.
• COMPUTER FLU! - Credit Union Executive, Winter 1989.
• FINANCE TRENDS SPARK MIS JOBS - Computerworld, 5 October 1987.
• PLANNING YOUR WAY TO THE TOP - Computerworld, 28 September 1987.
• INSURERS STAKE CLAIM ON MIS - Computerworld, 3 August 1987.
• DON'T BLAME COMPUTER FOR IMMORAL ACTS OF INSIDE TRADERS - InformationWeek 3 August 1987.
• GOOD MANAGERS ARE HARD TO FIND - Computerworld, 6 July 1987.
• CONFESSIONS OF AN EDP AUDITOR - Datamation, July 1983.
• HIGH TECH IN THE MIDWEST - Computerworld, 13 July 1983.
• IBM COMPATIBLE GIANTS - Datamation, December 1981.
• COMPARISON OF THE IBM 4341 AND MAGNUSON M80/42 - Computerworld, 9 February 1981.

Doc Farmer’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• reference requests
• getting back in touch