Gregory Marchese

An accomplished engineer providing secure enterprise SSO solutions.
Over 20 years of IT experience.
greg@gregory-marchese.com

I am information security and technology professional specializing in building and supporting complex SSO environments at enterprise scale. Excel at integrating technology to achieve highly-efficient security and a seamless user friendly experience. I have in-depth understanding of SSO federation protocols, Risk based authentication that will leverage MFA when applicable, security best practices to protect systems and data from both internal and external threats.


Experience

Technology Manager : Engineering

Johnson & Johnson

As part of the J&J information security IAM team I’m responsible for the globally distributed single sign on infrastructure which uses a hybrid cloud / on-premise approach to enable complex SAML and oAuth2 / OIDC use cases as well as streamlined SAML provisioning suitable for operational fulfillment. We use a risk based approach to multi-factor authentication where we can provide strong MFA for thousands of SSO enabled application but keep login friction low for trusted end users. Designing a system that will only prompt a user for MFA when the trust has dropped or a set period of time has passed or outright deny the ability to login if the risk is consider too high. This results in a seamless user login expiernece with increased productivity and cost savings for our operating companies.

March 2013 - Present

Senior Engineer

WHIPTAIL
Innovative start-up building solid state storage appliances for enterprise - acquired by Cisco

As the lead systems engineer I was responsible for system engineering and support for our development teams, scripting for automated system deployments, alerting for auto support features, raid build scripts and managment within the Invicta and Accella storage appliances. Maintain and support our AWS infrastructure which ran the teams internal tools, such at GIT, Bugzilla, and LAMP development environments on both Ubuntu and CentOS. Provided solutions for integration of storage protocols, custom kernel tuning, and open source license management for our appliance builds. Provided training and engineering solutions to assist our support staff in solving unique and complex problems.

January 2012 - March 2013

Analysis & Design : Network Delivery

Johnson & Johnson : Contract

Build and maintain J&J’s Novel access manager gateways running on SUSE Linux. Through the change management process implementation of SAML based single sign on configurations from development to production for all internal and externally facing J&J applications as well as implementing SAML for our SaaS focused initiative for new applications and tools for J&J users. Acting as a liaison to L2 and L1 support I worked directly with L3 engineering to develop new policy and procedures for recently deployed single sign on services. Actively work with Verizon business to ensure all networking and firewall configurations are accurate and in place according to J&J policy. Daily maintenance and enhancements to the single sign on infrastructure. The SSO environment consists of two four-node clusters for identity provider services and reverse proxy service, one two-node cluster serving a web based administration console. All nodes running Novell access manager and Apache tomcat.

February 2011 - January 2012

Sr. Linux Engineer : Web Portal

Burelles Luce
Media analysis and metrics for public relations teams

Hired as part of a team to transform the existing platform to an all new digital experience. Build, deploy, maintain, and scale the full LAMP cluster for the front end customer web portal as well as the backend administrators CMS. All Engineering support for our team of developers. Ensured the integrity and security of all systems.

March 2008 - December 2010

Sr. Unix/Linux Engineer

CIT

I moved into a senior administrator roll after the Newcourt acquisition and took over responsibility for the global backup environment, migrating any remaining local backups to the centralized netbackup service, enhancing the reporting and management of off-site tape inventory. Participated in off-site disaster recovery exercises, maintained HP Ignite images for DR, and maintained ongoing documentation for all of the Unix and Linux DR activities. Wrote and maintained UNIX and Linux Standards and security documentation. Responsible for moving the company from older standards to more secure protocols for all of our services.- https, SSH, SFTP. Helped the company establish the first Linux based infrastructure including ORACLE RAC clusters and Apache web web servers. Extensive kernel tuning for both HP-UX and RedHat Linux to conform to security and performance best practices.

March 2001 - November 2008

Operations : Systems Adminnistrator

Newcourt Financial
Formally ATT capital - Acquired by CIT

My main focus was on system backups, monitoring of all systems using HP Opeview, and initial server builds for HP-UX, Solaris, and Microsoft NT systems. First level contact for customer and application support, user management and set-up for all UNIX systems. For backups we used a combination of TAR, backup exec, and Veritas Netback, I took the initiative to enhance or current process from manual tape tracking system of human input into a shared excel spreadsheet to a perl program with a searchable flat-file database to track tapes that were in offsite storage, scheduled to return, or back onsite. This greatly increased the efficiency for recalling offsite tapes for restore as well as ordering tape backup for off-site disaster recovery exercises.

January 1998 - March 2001

Skills

Tools & Systems
  • PingFederate
  • PingOne
  • PingID
  • PingCentral
  • Ubuntu and RedHat Linux
  • Windows Server
  • AWS
  • Atlassin, bitbucket(GIT), Jira, Confluence
  • Kali Linux
  • Nessus vulneribility scanner
  • VMWare ESX

Highlights
  • Identity & Access Management
  • Access governance
  • Subject matter expert SAML 2.0
  • Subject matter expert oauth2 / OIDC
  • Subject matter expert Multi-Factor Authentication
  • Subject matter expert Risk Based MFA
  • FIDO2 Standards
  • Cyber Incident Response & Remediation
  • Shell scripting
  • Automation
  • Train team members
  • Disaster Recovery/Business Continuity
  • Extensive change management experience
  • Mulit-Cloud experience

Extra Stuff

Interests

Apart from geeking out over identity and information security I'm an avid learner and enjoy sharing knowledge. I enjoy teaching my kids about hacking, computers, and electronics using open source tools, SBC's like Raspberry Pi and Arduino. Leveraging and contributing to the maker community.

When I'm not stuck indoors in front of a screen I truly enjoy hiking, mountain biking, camping, and kayaking. I also enjoy cooking and taking pictures.


Personal Stuff

External links of interest, other sections, and sub domains.