1. V. THOMAS LAWSON, CISSP
13826 Saddleview Drive North Potomac, MD 20878 (703) 851-5232 Tom_Lawson@msn.com
SUMMARY:
• 30+ years of IT industry experience – 11 years in Enterprise Security focused on Identity & Access
Management (requirements and use case analysis, solution design, product selection and implementation) and
security compliance assessments plus 18 years in product management including pre-sale and post-sale
support of PC, LAN, Workflow and Imaging products.
• Excellent client relationship management skills and relations with key industry vendors.
• A creative and analytical self-starter with very effective communication and interpersonal skills, strong
customer service orientation, excellent problem solving skills and a proven record of performance.
• DOD Top Secret Security and CBP Public Trust Security clearances. CISSP, MCSE and MCSA certifications.
IT PROFESSIONAL EXPERIENCE:
IBM Global Business Services, Cybersecurity & Privacy, US Federal Team – Managing Consultant
Perform client organization identity and access management requirements analysis, vendor/product evaluation,
solution design and implementation. (12/09 – present):
• A major contributor to the design of solutions to implement an enterprise Identity, Credential & Access
Management (ICAM) Services infrastructure to optimize life cycle management of user identity and
entitlements for a prominent Department of Homeland Security component Agency with 65,000 employees
and contractors globally. Identified requirements, architected the design, led the evaluation and selection of
products, and developed the prototype implementation of an LDAP based enterprise white pages solution.
Currently leading the implementation of the enterprise ICAM directory services infrastructure leveraging
Active Directory, Oracle Internet Directory and Oracle virtual Directory; and assisting integration of Oracle
Identity Manager and Oracle Access Manager with the directory services to meet client requirements.
American Systems – Senior Consultant
Performed client organization identity and access management requirements analysis, vendor/product evaluation,
solution design and implementation. (6/07 – 12/09):
• As project team lead, guided the Corporate Information Security Office of a Fortune 200 global manufacturer
in the acquisition and initial implementation of an enterprise role management solution to define role-based
access entitlements, manage user access recertification and support role-based automated provisioning
through IBM Tivoli Identity Manager. Delivered services included current state analysis; future state design
with a phased implementation roadmap; identification of requirements and candidate products; development
of a RFP and product scoring model; and management of the RFP response evaluation/vendor selection
process. Oversaw initial implementation. Also helped organize a Swat Team to address Active Directory
compliance and global consolidation issues, and participated as the CISO representative. “..outstanding
performance…delighted everyone with your deep subject matter knowledge in the overall IT
Security space, your work ethic and responsiveness as well as your exceptional attention to
details…”
• Conducted a requirements analysis for integrating logical access and physical access security with a
FIPS-201 PIV-I compliant smartcard based on the FiXs implementation. Evaluated different implementation
options for presentation to the CIO of American Systems.
• Conducted an identity and access management requirements analysis, developed a future state design and
performed a Proof of Concept for a Federal Integrator. The POC evaluated two candidate products (Quest
Active Roles Server and Microsoft Forefront Identity Manager 2010) against identified requirements.
• Conducted a requirements analysis for re-architecting an ASP hosted vendor risk management solution to
facilitate the ability of financial institutions to exercise and document the level of due diligence FFIEC
auditors expect to find regarding evaluation of outsourced services. Identified requirements included new
customer functionality, and a new architecture leveraging Microsoft .Net with enhanced security components
to support customizable role-based access control, delegated administration, user self-service, as well as
SAML 2.0-based federated identity to enable external customer single sign-on (SSO).
• Conducted an identity and access management requirements analysis for a Puerto Rico based
Telecommunications Company and a mid-Atlantic based financial services company. Developed a high-level
strategy/design to address their identified needs, and a phased implementation roadmap.
V. THOMAS LAWSON, CISSP – Page 2
2. 13826 Saddleview Drive North Potomac, MD 20878 (703) 851-5232 Tom_Lawson@msn.com
Unisys - Solution Architect in Unisys Enterprise Security practice since acquisition of ePresence (6/04).
Performed client organization identity and access management requirements analysis, vendor/product evaluation,
solution design and implementation. (6/04 – 6/07):
• Conducted security surveys of a prominent international financial and travel services company’s proposed
service partnerships to assess compliance with the company’s security standards for protection of sensitive
data. Reported findings to include identified areas of risk and recommendations.
• Analyzed identity management processes for a prominent mid_Atlantic based financial services company and
developed recommendations to reduce onboarding time for presentation to management. Also led the
scoping, design and implementation of a very successful pilot carry-in laptop service center reducing average
problem resolution time by 65% and dramatically increasing customer satisfaction. “…a stellar job that
makes us look great to the client”.
• Conducted an Extranet identity management requirements analysis for a large international re-insurance
company to include self-registration, self-service and delegated administration. Selected and managed the
evaluation of products supporting the requirements. Developed the Design Document and Implementation
Guide for implementation of the selected Oracle COREid Identity System combined with Oracle Virtual
Directory.
• Conducted security site surveys of a large international financial services company’s partner/agent sites to
assess compliance with ISO 17799 requirements. Reported findings to include identified areas of risk and
recommendations.
• Conducted an identity management requirements analysis for a prominent international construction
company. Developed the solution design and the phased implementation roadmap to include AD domain
consolidation, identity synchronization, Web access management/single sign-on, delegated user
administration, password management, automated provisioning, federation and multi-factor authentication.
• Conducted an identity management requirements analysis and developed a phased implementation roadmap
for a prominent West Coast financial services company based on prioritization of pain points and best
practices. Evaluated vendor products and assisted in the selection process. Selected solutions consisted of a
Virtual Directory and Provisioning with Password Management.
• Provided design, documentation and test plan support for a Microsoft Identity Integration Server 2003
solution for a large international re-insurance company to provision and de-provision Active Directory,
Exchange, Lotus Notes and Active Directory Application Mode (ADAM) accounts world-wide.
• Implemented and provided follow-on support for a Microsoft Identity Integration Server 2003 solution for a
key Federal Government executive branch agency to automatically provision and de-provision Active
Directory, Exchange, NT and Lotus Notes accounts.
Banyan Worldwide Services/ePresence – Principal Consultant
Performed client organization identity and access management requirements analysis, vendor/product evaluation,
solution design and implementation. (12/99 – 6/04):
• Conducted identity management requirements analyses for a large county public school system, a prominent
Federal Government agency, a large healthcare company and a well-known management consulting
company. Developed strategy/solution design recommendations and related implementation roadmaps.
• Designed and implemented a Microsoft Identity Integration Server 2003 Proof of Concept for a prominent
healthcare company to provision and de-provision AD accounts based on PeopleSoft HR status.
• Also performed a disaster recovery readiness assessment for a prominent state government agency,
supported Banyan VINES to Windows 2000 migrations; and assisted a large Applications Service Provider in
designing and implementing a hosted Exchange 2000 solution.
Vredenburg – Work Management Consultant
Designed, implemented and supported Microsoft BackOffice based work management solutions. (05/99 – 12/99)
• Organized application to become a Microsoft Certified Solution Provider and managed relations with
Microsoft Washington, DC office.
V. THOMAS LAWSON, CISSP – Page 3
13826 Saddleview Drive North Potomac, MD 20878 (703) 851-5232 Tom_Lawson@msn.com
3. Eastman Software, A Kodak Business - Work Management Consultant
Managed technical marketing of and delivered billable post-sale support of Microsoft BackOffice based work
management solutions - workflow, imaging and document management. (03/97 – 05/99)
• Designed, implemented and supported successful pilot solution at Veterans Benefits Administration to
automate disability claims processing leveraging the Microsoft Exchange infrastructure. This solution
received Vice President Gore’s Hammer Award for improving constituent service.
• Speaker at industry forums and seminars, managed relations with Microsoft Federal and appointed to Federal
Imaging Conference Advisory Board in 9/98.
Wang Laboratories, Inc., Federal Systems Division – Regional Product Marketing Manager
Managed technical marketing of Wang PC systems, PC LAN solutions and, after 1995, work management solutions
– workflow and imaging. (03/86 – 03/97)
• Participated on corporate task forces, delivered customer presentations, consulted with customers on
requirements and solution design, managed partner vendor relationships, organized trade show participation,
designed marketing materials/promotions, and organized product training for Sales and Support staff.
• Instrumental to FSD success in becoming Wang's leading division for the sale of PCs and PC LANs.
• Guided division to dominant Banyan reseller in the Federal Government marketplace, receiving Banyan
Federal Reseller of the Year Award for 1991. Selected to Banyan Business Advisory Council (12/93).
International Systems Marketing – Product Marketing Manager
Managed marketing/sales activities of a microcomputer systems integrator. (11/84 -02/86)
Ganesa Group International - Regional Product Marketing Manager
Managed domestic/international marketing of IBM PC graphics & mapping software. (6/84 - 11/84)
Plantronics PC+ Products – Regional Product Marketing Manager
Managed international and Eastern U.S. marketing of the COLORPLUS graphics board and software for the IBM
PC. Interfaced with software developers for support of enhanced graphics modes. (2/82 – 5/84)
OTHER EXPERIENCE:
Business Plantronics Frederick Electronics - Researched and evaluated new product ideas. Conducted
Planning market research for new product venture, which became PC+ Products. (1981 - 2/82)
Research & Jaycor- Co-authored two top secret contract studies. Commended for being “ thorough…, a self-
Analysis a self-starter and an excellent team worker". (1979 - 1981)
Program & U.S. Railway Association - Monitored Conrail’s equipment maintenance programs for cost,
Cost Analysis productivity and quality. Designed computerized reports. (1975 - 1979)
Collections Army and Air Force Exchange Service, Europe - Managed returned check collection team.
Management Directed implementation of a computerized collection system, saving thousands of dollars. Excellence
Award for "exceptional initiative and competency". (1973 - 1975)
Miscellaneous Intern for 3 summers with ITT's German affiliate Standard Elektrik Lorenz.
CERTIFICATIONS:
Microsoft Microsoft Certified Professional + Internet, Microsoft Certified Systems Engineer (MCSE) NT 4.0 and
Windows 2000, Microsoft Certified Systems Administrator (MCSA)
(ISC)2 Certified Information Systems Security Professional (CISSP)
V. THOMAS LAWSON, CISSP – Page 4
13826 Saddleview Drive North Potomac, MD 20878 (703) 851-5232 Tom_Lawson@msn.com
MEMBERSHIPS:
4. ISSA Information Systems Security Association (Northern Virginia Chapter)
IANS Institute for Applied Network Security
EDUCATION:
• Dale Carnegie Sales Course, June 1983
• MBA studies in Marketing with 3.5 average, Virginia Polytechnic Institute & State University, 1980 – 1982
• M.A. International Relations, American University, 1978
• B.A., cum laude - Government & Politics, University of Maryland, 1974
OTHER FACTS: Fluent German and strong French language skills. More than ten years of study, residence,
employment and travel in Europe. Effective in dealing with many different kinds of people. Enjoy
challenging problems and making decisions.
PERSONAL Married, two sons. Excellent health. Interested in information technology, world affairs, theater,
DATA: and photography. Enjoy reading, travel and outdoor activities, particularly tennis, hiking, skiing, and
golf. Have been a coach and league manager in USTA Junior Tennis Team program. Founding board
member of Montgomery County Tennis Association.
REFERENCES: Available upon request.