Resume

HIGHLIGHT OF TECHNICAL SKILLS

  • Security Standards PCI-DSS, ISO 27001, GDPR, COBIT, Cyber Essentials
  • Presentation Able to present effectively at the executive, management and technical levels
  • Penetration Testing Tools Tenable.io, Kali Linux, Nessus, Openvas, Metasploit, Aircrack, John, ophcrack, Sparta, Kismet, OWASP ZAProxy
  • Software Sophos Central, Darktrace, Oracle IAM, Websphere, Tomcat, Glassfish, Rational Suite, JBoss, Spring, Spring Security, Struts, Sonatype CLM, Hadoop, Splunk, OpenAM / OpenSSO, Apigee
  • Languages Java, C, C++, Perl, JSP
  • Databases MongoDB, Oracle, MySQL, PostgreSQL, DB2, OpenLDAP
  • Industries Gaming, Healthcare, Telecommunications, Financial Services
  • Operating Systems OSX, UNIX (Solaris, AIX, Tru64), Linux, Windows (NT, XP, Vista, Server), OpenVMS
  • Cloud Platforms AWS EC2, EMR, S3, Route 53, IAM, SNS
  • Methodologies Scrum, Rally, Waterfall, Extreme Programming

Experience

November 2020 – present

Rangeforce OÜ

Director of Information Security

Tallinn, Estonia

Role Highlights

  • As the most senior Security Professional, ran a team responsible for security across a geographically diverse enterprise integrated with multiple cloud platforms
  • Developed security management programme
  • Defined and drafted a full set of security policies, procedures and standards to transition from startup security management to enterprise security management
  • Spearheaded an initiative to obtain SOC-2 certification

May 2020 – November 2020

Rangeforce OÜ

Director of Security Curriculum

Tallinn, Estonia

Role Highlights

  • Grew a team from 8 members to 20 members in the middle of a global pandemic
  • Led a content team to grow information security training content from 140 content modules (developed over the previous 5 years) to 452 content modules as of December, 2020
  • Restructured quality management processes to maintain the high level of quality expected by our users
  • Introduced new CI/CD processes to improve the speed of delivery of new content
  • Spearheaded delivery of rapid-response approach to deliver topical and timely content

May 2018 – November 2020

MYJAR IT OÜ

Information Security Manager

Tallinn, Estonia

Role Highlights

  • As the most senior Security Professional, ran a team responsible for security across 4 physical locations and multiple cloud environments
  • Specified physical security requirements and design for an office move, commissioning of a new office site and decommissioning of an existing office site
  • Conducted Data Protection Impact Assessments on all new initiatives, including migration from existing bespoke CRM solution to third party, cloud-hosted solution
  • Revamped Information Security related policies and procedures
  • Developed and delivered training on security awareness, cryptography and secure development lifecycle within the organization
  • Achieved PCI-DSS compliance
  • Achieved Cyber Essentials certification for the organization

August 2015 – August 2018

SRG

Security Consultant

Edmonton, Alberta     

Project Highlights

  • Consistently delivered projects on-time, on-budget, on-scope
  • Led a team to deliver full set of security policies, procedures and standards for major modernization initiative of a public-sector client
  • Conducted PCI-DSS readiness assessment, gap analysis and strategic roadmap for a publicly owned transportation industry client
  • Delivered on-site wireless and physical security assessment for 4 work sites of a major forestry client
  • Delivered actionable technical roadmap to address vulnerabilities discovered in an internal vulnerability assessment of an educational non-profit client
  • Conducted enterprise security posture evaluation (physical, information, operations), gap analysis and remediation roadmap for utilities industry client
  • Conducted on-site internal controls audit for a major forestry client
  • Carried out major network redesign project for a postsecondary institution client
  • Estimated and wrote winning proposals for competitive bid processes in the public and private sector
  • Conducted external and internal penetration tests for multiple public and private sector clients
  • Participated in sales presentations to prospective clients in Edmonton and Calgary

Technical Environment Palo Alto Firewall, Netscaler VPX, Windows Server 2008, SQL Server, IIS, Web Services, VMWare, Veeam


January 2013 – November 2015

Gamesys Canada

Information Security Officer

Edmonton, Alberta     

Project Highlights

  • Designed, prototyped, implemented and tested Hadoop solutions for collusion detection to support the launch of online Poker product.
  • Conducted manual penetration testing of the impending Poker product.
  • Developed and delivered Secure Development Lifecycle training to a growing group of developers in the Canadian office.
  • Developed and promulgated policies pertaining to secure artifact management, secure development lifecycle and employee play.
  • Developed and promulgated policies pertaining to user provisioning / de-provisioning, BYOD, third party software usage (both in software development and in desktop usage) and external (by both staff and 3rd party partners) access to corporate resources.
  • Development of Splunk dashboards, queries and alerts.
  • Provided technical and policy background supportive of PCI-DSS audit.

Technical Environment J2EE, OSX, Linux, Netscaler, JMS, ActiveMQ, Jboss, Tomcat, cometd, Sonatype Nexus Pro, Sonatype CLM, Hudson, Github, Hadoop, DB2, MySQL, MongoDB

Technical Job Duties

  • Data Modelling
  • Manual and Automated penetration testing
  • Policy development
  • Software Development and Design

February 2012 – January 2013

Alberta Gaming and Liquor Commission (AGLC) [Consulting for Bits in Glass]

Solution Architect (SOA), Security Architect

Edmonton, Alberta     

Project Highlights

  • Bits in Glass has been contracted to provide Architectural Guidance to AGLC in transitioning towards SOA based architectures for gaming applications
  • Provided architectural guidance related to application of Service Oriented Architectural principles to consolidate Enterprise gaming data into an MDM modelled repository.
  • Evaluated and proposed COTS solutions for content management of training content.
  • Designed, planned and tested PKI deployment for provincial VLT system refresh.  This project marks the first use of multi-tiered PKI in a VLT system worldwide.

Technical Environment (Development) J2EE, Windows Server 2008 (under VMWare ESX), Linux, A10 and Coyote Load Balancers, Active Directory Certificate Services, OCSP, SCEP / NDES, G2S, JMS, ActiveMQ, Jboss, Tomcat

Technical Environment (Creation) Windows Server 2008, Linux, OpenSSL, Wireshark, UML

Technical Job Duties

  • Data Modelling
  • Process flow modelling
  • Definition of minimum viable product (MVP) for PKI and cryptographic related requirements
  • Design of testing scenarios to verify correct implementation of enrolment, certificate validation and revocation checking by all components in the VLT system
  • Identification of vulnerabilities exposed by test failures
  • Risk analysis of identified vulnerabilities (identify and communicate probability of loss, impact and potential mitigations)
  • Communication of risk analysis to executive sponsors
  • Coordinated repair and retest activities with third party vendors

August 2010 – February 2012

Alberta Health & Wellness (AHW) [Consulting for CGI]

Solution Architect

MIS Electronic Submission Application (MESA)

Edmonton, Alberta     

Project Highlights

  • The Management Information System (MIS) Electronic Submission Application (MESA) is an initiative to repatriate financial reporting and quality assessment functionality from an existing system housed in British Columbia.  It involves integration both externally (with reporting entities and downstream data consumers) as well as internally (with existing AHW data repositories).

Technical Environment (Development) J2EE, JSF, Spring, AIX, Oracle IAM, Websphere, DB2, JBoss Drools, RESTful, SOAP and RMI based services

Technical Environment (Creation) SoapUI, Selenium, RequisitePro, ClearQuest, Rose, Erwin, UML

Technical Job Duties

  • Requirements analysis
  • Data Modelling
  • Application Architecture and Design
  • Mentoring development team
  • Verifying that development has been implemented according to architectural guidance

February 2010 – July 2010

Alberta Health & Wellness (AHW) [Consulting for CGI]

Senior Software Analyst

Alberta Continuing Care Information System

Edmonton, Alberta     

Project Highlights

  • The Alberta Continuing Care Information System (ACCIS) provides for regional reporting of continuing care information to a centralized repository within Alberta Health and Wellness (AHW), and also allows for reporting of continuing care data to two Canadian Institute for Health Information (CIHI) national databases.

Technical Environment (Development) J2EE, JSF, Spring, AIX, Oracle IAM, Websphere, DB2

Technical Environment (Creation) RequisitePro, ClearQuest, Rose, UML

Technical Job Duties

  • Designed and implemented integration with AHW’s Corporate Code Tables Application
  • Integrated the ACCIS application with Oracle IAM implementation
  • Implemented declarative security (role-based authorization) in the ACCIS application

November 2009 – January 2010

Alberta Health & Wellness (AHW) [Consulting for CGI]

Technical Lead

Rural Remote Northern Program

Edmonton, Alberta     

Project Highlights

  • As part of the Clinical Stabilization Initiative (CSI), the Rural Remote Northern Program (RRNP) addresses the challenges of recruiting physicians to live and practice in rural, remote, and northern areas of the province.

Technical Environment (Development) J2EE, JSF, Spring, AIX, Oracle IAM, Websphere, DB2

Technical Environment (Creation) RequisitePro, ClearQuest, Rose, UML

Technical Job Duties

  • Provided technical leadership to a team of 10 developers in addressing implementation issues and restructuring existing code to meet defined requirements, while actively developing and coding software.
  • Identified and corrected security gaps surrounding session management and integration with Alberta Health and Wellness’ Identity and Access Management solution.
  • Joined the team late in the construction cycle and helped the team deliver a quality solution on time.

October 2006 – November 2009

Alberta Health Services (AHS) [Consulting for CGI]

Development Lead, Solution Architect

Provincial Health Information Exchange

Calgary, Alberta         

Project Highlights

  • The Provincial Health Information Exchange (pHIE) is a key component of the overall Electronic Health Record (EHR) project in the Province of Alberta.  The pHIE application is intended to fill the role of the Health Information Access Layer (HIAL) in the Canada Health Infoway EHR Blueprint.  The pHIE applications routinely handle live health information of Albertans, including clinical and demographic data.

Technical Environment (Development) J2EE, Sun Java CAPS, Struts, Hibernate, Axis2, Solaris, WS-Security, SOAP, JMS, MQSeries, Message Oriented Middleware (MOM), WS-Security, XML Signature

Technical Environment (Creation) SOAPUI, OpenSSL, Windows XP

Technical Job Duties

  • Acted concurrently in the roles of security / integration architect, developer and development lead throughout the project.
  • Defined architectural guidance related to use of Message Oriented Middleware, required reliability characteristics and Web Services interfaces.
  • Led a team of 7 developers, responsible for the development of the Provincial Health Information Exchange.
  • Reviewed and proposed risk mitigation processes related to the handling of personally identifiable information (PII), as required by the Health Information Act (HIA).  These mitigations addressed both data at rest and data in flight.
  • Identified and implemented practices supporting a Secure Software Development Lifecycle (SDLC), which identified and addressed security-related requirements through requirements analysis, design, construction, implementation and maintenance.
  • Designed and implemented application-level mechanisms for strong authentication in Web Services interfaces dealing with personally identifiable information.
  • Designed and implemented required audit controls within pHIE to enforce accountability.
  • Familiarized staff with necessary security concepts (including Public Key Infrastructures (PKI) and certificate management) and their appropriate application.
  • Provided architectural guidance related to physical and logical security, disaster recovery and business continuity, and availability / scalability as they related to planned physical infrastructure expansion.

April 2006 – October 2006

MegaSys Computer Technologies

Senior Software Developer

Calgary, Alberta         

Project Highlights

  • The Telenium system is a Network Management System used by clients such as Sprint, Qwest, and Canadian Pacific Rail.  Built on a custom designed and implemented object-oriented database, Telenium is able to process thousands of alarms per second.

Technical Environment (Development) Solaris, OpenVMS, Windows XP, C, C++

Technical Environment (Creation) CVS, CMS

Technical Job Duties

  • Design, Development, Testing and Troubleshooting

August 2005 – April 2006

Natasha Iyer Professional Corporation

Security Analyst, Business Analyst

Calgary, Alberta         

Project Highlights

  • Natasha Iyer Professional Corporation operates a family medical practice and medical cosmetic practice in Calgary.  Mr. Kobly was responsible for evaluating and selecting an electronic medical records solution.  In addition, Mr. Kobly re-engineered the business processes of the medical clinic, reducing the administrative payroll by a third.  He also implemented appropriate controls to protect and safeguard patient confidentiality as required by the Health Information Act.

June 2002 – January 2005

Advanis Inc.

Software Analyst

Edmonton, Alberta     

Project Highlights

  • Advanis is an Edmonton based market research firm which is committed to bringing best of breed technology and automation to the practice of market research.
  • Engaged in penetration testing / ethical hacking approaches to prove out the security of the web application.  Scope of testing included common vulnerabilities such as cross-site scripting and session fixation attacks.
  • Evaluated existing web applications in the context of common vulnerabilities described by OWASP.  Implemented relevant mitigating controls.
  • Ensured that segmenting and cross-tabulation of data provided by the application cannot be used to breach respondent privacy.

May 2001 – May 2002

University of Alberta – Department of Computing Science – Software Engineering Research Lab

Software Developer

Edmonton, Alberta     

Project Highlights

  • Designed and implemented the HookMaster package in Java using XML for data storage and retrieval purposes.  This package provides tool support for the development of software product-line architectures.

May 1998 – September 2000

MegaSys Computer Technologies

Software Analyst

Calgary, Alberta         

Project Highlights

  • This role started as a paid internship following third year University.  Mr. Kobly was invited to stay on as a software developer for a further year and a half following the completion of the internship.

EDUCATION

University of Alberta                                                                                       2001

  • Bachelor of Science with Specialization in Computing Science

CERTIFICATIONS AND TRAINING

  • CISSP (2008)