
Vishal J Rupani
- CyberArk Architect
- Wayne, NJ
- Member Since Apr 13, 2023
Vishal J Rupani
Areas of Expertise include:
|
✓ CyberArk ✓ Access & Privilege Management
|
✓ Identity & Directory Services ✓ Cybersecurity
|
Powerbroker ✓ Change Auditor
|
CyberArk Architect - Independent Contractor 2010 to Current
Managed Healthcare – (Undisclosed under NDA) CyberArk: Served as Technical Leader leading technical discussions and developed solution blueprints and engineering runbooks for various projects. Work closely with internal stakeholders (Directory Services, Security, Servers, Database and other groups) and vendors to validate design, solution and implementation.
CyberArk Upgrade: Worked very closely with CyberArk PSO, Support and in-house security engineers to upgrade CyberArk on premise from 9.1 to 9.9.
· PCI Compliance: Designed and deployed necessary components including, CPM and PSM accessing Shared Vault.
Implementation: Worked closely with operations to deploy CyberArk.
High Level configuration overview:
§ Validated security groups in AD for CyberArk
§ Aligned placement of PSM into segmented network.
§ Aligned RD Gateway HA design to enable tunneling into the segmented network.
§ Aligned parallel accounts into new safes to support resource access into PCI compliant autonomous Directory.;
Insurance – (Undisclosed under NDA) CyberArk: Migrated safes from legacy CyberArk environment to target environment and enabled Autodetection.
· Pre-requisites: Prior to performing migrations ensured the following pre-requisites were aligned.
§ Validated Cluster configuration for EPV, CPM and other components such Ark Client.
§ Validated PVWA ldap integration to directory service using dedicated service account
§ Validated Master Policy and Safes
§ Validated Backup configuration
§ Validated DR
· Safe Migration: Migrated safes from legacy environment to test environment confirming the accounts, passwords and aligning platforms.
§ Upon successful migration, coordinated with business stakeholders and migrated safes to target.
§ Provided upper management weekly dashboard reports on safe migration status including percentage completed, pending and in progress.
· Auto-Detection: Developed the runbook to enable auto-detection and automatic vaulting of newly joined servers in Active Directory. Specifically aligned the following.
§ Auto-Detection Template including safes to leverage for placing the onboarded accounts, ldap bind account, notifications among other areas.
· Support: Provided knowledge transfer and third level support to operations in execution of plan. Worked closely with CyberArk support to remediate issues. Worked closely with Microsoft and AWS to enable cloud deployment successfully. Areas that required alignment included vpc, vnet and portal views. KT topics included vault administration, PVWA common tasks among other areas.
· Documentation: Document appropriate blueprints and runbooks including Installation Qualification.
Credit Card - Pharma - (Undisclosed under NDA) Risk Assessment and Auditing remediation with CyberArk: Reviewed the ADRAP key findings and aligned necessary recommendations across critical areas.
a. IDM, RBAC Model and Attestation Alignment: Aligned the IDM and PAM framework. Specifically architected the Active Directory RBAC model based on Role Modeling and Role Mining.
b. Leveraged CyberArk and Quest solution stack to achieve objectives.
· Architected the solution to move from CyberArk 9.1 to 9.4.
o Built lab to simulate production.
o Deployed EPV, CPM, PVWA, PSM, AIM
o Aligned Maser Policies
o Defined Vault Owners, Administrators and Users. Task segregation included:
1. Create new Safes
2. Create and manage user groups in PAM system
3. Create roles and assign the roles to user groups
4. Define and apply password policies
5. Manage user provisioning and de-provisioning
6. Perform full backup and restore
7. Define and generate reports.
· Reviewed Windows Local Connector from OIM to member servers for account reconciliation and User Access Revalidation.
o Aligned CyberArk Safe and CPM to facilitate governance of these accounts.
· Worked with corresponding CMDB Sme to align the synchronization of the admindisplayname attribute and admindescription data to task instructions fields in CMDB to enable cross referencing of privilege accounts and corresponding group owners.
· Review OIM managed Active Directory attributes across separate domains and forests to ensure correct synchronization of attributes within the Identity and Management Lifecycle is achieved.
· Aligned Roles to ARS and analyzed patterns across user population and business teams to help define technology role templates. Created Access database and corresponding Sql queries to map users to existing roles and enable reporting of roles to business units.
c. IVR: Participated in the IVR initiative to enable users to manage and change password use Voice, Two factor authentication and OTP (One-time Password). Worked with InfoSec to define pin and password strengths and constraints within the IVR solution.
d. Auditing & Monitoring: Spearheaded design and implemented CyberArk Event Notification and Quest ChangeAuditor for Active Directory, key elements include:
· Architecture (Layout, redundancy, sizing), Alert management
· Developing test scenarios and documenting test results along with IQOQ to Quality
· Proactively reviewed configuration refinements, database growth and event storms
Eisai - Integration & Consolidation: Worked on the integration of non-windows servers into Active Director using Centrify DirectControl. Deployed agents on Linux servers to enable ldap authentication to Active Directory and created zones for administrative control. Whitelisted commands based on admin roles per RBAC model.
PG&E Utility - Privilege Management: Designed and deployed Powerbroker for Windows to server and end user computing environment. Deployed PB to 30000 client machines and enrolled 1200 windows servers, leveraged PB data-warehouse to gather user initiated privileged actions to build corresponding rules.
· Configured necessary Rules and Collections
o Rules included publisher and path related
o Whitelist and blacklist creations
o Staggered deployment of agent’s enterprise wide
o Aligned operations and helpdesk to support the product
o Created corresponding BeyondTrust Admin consoles with the GPO extensions to manage Powerbroker for Windows.
Aetna - Identity Consolidation and Password Synchronization: Researched, evaluated, proposed, architected and implementation the consolidation of identify across different operating companies.
1994-2009: Listed for Work History only: Ernst & Young, Quest Diagnostics, Minolta Corporation, Expanets, Memorial Sloan Kettering Cancer Center among others.
2017 CyberArk Self-Paced and Individual Training
1996 William Paterson Wayne, NJ
· Bachelor of Arts
Certifications
· Pursuing MCSE 2012
· MCP: Passed 70-410 (Current)
· Working on 70-411
· MCSE in Windows 2000 and Windows 2003
· Sniffer Certified Professional (SCP)
· Cisco Certified Network Associate