Technical Operations Executive with diverse and strategic InfoSec and IT experiences.

Eric Wang

Email: account@ericwang.com

Linkedin: https://www.linkedin.com/in/ewang/


Objective:

Technical Operations Executive with diverse and strategic Operations and Engineering experience.  Skill set includes IS/IT, InfoSec, release management, data center architecture design and implementation, cloud and hosted SaaS application management, application release and deployment planning, and budgets and vendors management.  Results-oriented, creative, and able to apply my business and technical acumen to benefit the customers, shareholders, management, and staff


Accomplishments and Skills:

·         20+ years of leading and managing all facets of SaaS hosted and cloud (public and private) application/infrastructure solutions (release management (Agile (Scrum vs. Kanban), Waterfall, ITIL, Gazelles), InfoSec, IT, Engineering, Quality Assurance, Deployment (CI and CD), Virtual and Physical systems, Database, Network, Monitoring, Load Balancing, Application/Web Servers, Backups, DR/BCP, and etc.)

·         Designed and directed internal business processes for SOC 1 and SOC 2 compliance framework

·         Led and completed ISO 27001 certification (stage 1 and stage 2)

·         Led and completed HIPAA HITRUST certification  

·         Led and completed PCI assessment

·         Managed SaaS applications and achieved 99.999% availability over multiple years

·         In charge of multiple teams to manage VMs, containers, microservices,  security and network zones, network physical and virtual appliances, CDN, internal and external monitoring, and etc. within multiple production environments in either public cloud solutions or physical data centers for multiple SaaS organizations

·         Responsible for all InfoSec/DevOps/TechOps/SiteOPs/IT/BackOffice operations including pricing negotiation and vendor relationship management

·         Drive and support all aspects of Information Technology operations to provide services for the entire company

·         Drive and manage all aspects of Information Security to continue improving security posture of the company

·         Defined processes and procedures for incidents and change management for the entire company within multiple SaaS organizations

 

Software/Domain Expertise:

Certified Scrum Master, Agile Development Process, ITIL, Gazelles (Rockefeller Habits), ISO 27001, HIPAA/HITECH/HITRUST, SOC 1 (SSAE 16), SOC 2, PCI, GDPR, Atlassian Suite (Jira, Confluence, etc.), Continuous Integration and Deployment (CI&CD) methodology, Palo Alto firewall, Cisco ASA, F5, Data Warehouse, Tableau, Target Process, Pure Storage (flash array), Public and Private Cloud management, Amazon Web Services (AWS) management and deployment (VPC, EC2, S3, EBS, ASG, virtual appliances, and etc.), WatchGuard, KEMP, iMail, Avaya, Windows Cluster environment, SQL Server Cluster environment, VMWare, Office 365, Parature, Microservices, Service Oriented Architecture, Google Suite, Virtualization, Tomcat , Apache, MySQL, Microsoft SQL Server, Microsoft Office, Windows OS,  Salesforce.com,  Microsoft CRM, CFMX,  Apache, Microsoft Exchange Server, Web Services, Akamai, Internet Information Server, Microsoft Visual Studio, Perforce, CVS, Linux, Resin, DB Artisan, AIX, Oracle, DB2

Work Experience

 

2015 June – Present                     AllClear ID               Austin, TX

Vice President of Information Security and Technology Services


·         Departments include InfoSec, IT, TechOps and DevOps, BackOffice, Help Desk, and Facilities. Team is responsible for all facets of company operations, data center, automation, continuous integration and deployment, public cloud, and all corporate and production infrastructure, facilities, and environments.

·         Responsible for the overall InfoSec, IT, BackOffice, TechOps and DevOps, and Facilities budgets (Capex and Opex).

·         Led and completed ISO 27001 certification within a year.  Project includes establishing process and procedure for all aspects of the company (HR, Legal, Customer Services, Due Diligence Process, etc.), defining security zones for multiple facilities, implementing company-wide appropriate security controls and policies, as well as introduced Security Awareness and HIPAA awareness training programs.  

·         Responsible for managing the team for completing HIPAA HITRUST certification within a year.  Project includes self-assessment and certification completion of the following categories based on the HITRUST framework:  Incident Management, Business Continuity & Disaster Recovery, Data Protection & Privacy, Network Protection, Transmission Protection, Password Management, Audit Logging & Monitoring, Access Control, Configuration Management, Vulnerability Management, Wireless Security, Mobile Device Security, Endpoint Protection, and Portable Media Security.

·         Responsible for managing the team for all infrastructure and operational management of the production SaaS environment, as well all internal environments (Dev, QA, UAT).

·         Led the effort to migrate a hosted phone system into a cloud solution for the Call Center Operations.  This includes requirement gathering, vendor selection, workflow evaluation/documentation/implementation, and cut over of the phone system.

·         Led the effort of developing the overall Business Continuity Program.  The program resilience strategies focus on customer facing operations and access to client facing infrastructure and support services.  The approach follows the Business Continuity Institute best practice guidelines and aligns to ISO22301 guidance including the Plan-Do-Check-Adjust approach.  The program also includes Business Continuity Plan for each of the department, Business Impact Analysis, time to restoration, as well as alternate services to minimize impact.

·         In charge of large construction for facilities and call centers expansion. Project includes design (security and capacity), budgeting, cost analysis, buildout, and completing the move of multiple departments within multiple buildings in downtown Austin.   

·         Led the effort of migrating the entire Customer Services department to Virtual Desktop Infrastructure (VDI) with Proxy to improve security posture of the company.

·         In charge of BackOffice team.  Responsibilities include collaborating with Marketing, Sales, Operations, and Customer Services for all Salesforce projects including opportunity and lead management and automation, Salesforce security design and implementation (Salesforce Shield, encryption at rest), mass email notification (Pardot and Exact Target), and Salesforce support ticketing management module.

·         Leading the effort to PCI certification.  Project includes building risk management model as well as completing PCI self-assessment.

·         In charge of vendor management, as well as negotiating high dollar contracts to ensure efficient use of financial resources.

·         Heavily involved in the acquisition process and responsible for managing the due diligence process, gap/risk/cost analysis, and merging technology into existing process/operations/infrastructure.

·         Led the effort to overhaul the entire corporate network within the company.  This includes security and zone design and definition, defensive in depth design, vendor selection, cost analysis, documentation/implementation, testing, and currently in the process of completing the corporate network cutover.

·         Managing teams via ITIL, Kanban, and Gazelles (Rockefeller Habits) process to improve efficiency of the team.

·         Collaborating with Product and Engineering to manage production releases to completion.

·         Introduced and led the effort of penetration testing for application, internal/external networks, and public cloud, as well as completing remediation plans.

·         On call 24x7.


2013 March – 2015 June                Kinnser                    Austin, TX

Sr. Director of Development Operations


·         Introduced the notion of cloud technology into the company, and built proof of concept disaster recovery environment by utilizing Amazon EC2 (VMs, LB, EBS, VPC, ASG, etc.).

·         Introduced SSAE 16 (SOC 1) to the company and completed the SSAE 16 type 1 process to meet information security and HIPAA and HITECH requirements.  Project includes the creation of all process and security documents, control objectives, assertions, and supporting artifacts by working with Product, Development, QA, DevOps/IT/Security, Support, HR, Legal, and other departments.

·         Develop new cloud backup strategy for different environments (Amazon Storage Gateway and Barracuda appliance/cloud).

·         Led the effort to overhaul the phone system for the entire company. This includes requirement gathering, vendor selection, workflow evaluation/documentation/implementation, testing, and complete replacement of the phone system (Mitel à Cisco).

·         Heavily involved in the release cycle and responsible for deploying and managing releases of the Kinnser SaaS application.

·         Heavily involved in the acquisition process and responsible for managing the due diligence process, gap/risk/cost analysis, data center migration, and merging technology into existing process/operations/infrastructure.

·         Led the effort to overhaul all firewalls within the company.  This includes requirement gathering, vendor selection, rules evaluation/documentation/implementation, testing, and complete replacement of firewall appliances for the HQ office, as well as the production environment.

·         Managing teams via Agile/scrum process, and eventually switch to Kanban/ScrumBan to improve efficiency of the team.

·         Improved application uptime from 99% to 99.95%.  Highest uptime for the application is 100%. 

·         Working with Product and Engineering to manage releases to completion.

·         Introduced multiple application monitoring practices to enhance monitoring capabilities. 

·         Introduced high availability architecture for multiple modules of the Kinnser SaaS application.

·         Responsible for managing the DevOPs and internal IT group.  Teams are responsible for all facets of security and production operations (VMWare Cluster, SQL Server Cluster with multiple terabyte of data and hundreds of thousands of transactions per second, CFMX, and etc), internal systems (staging/develop/release candidate environments, phone system, AD, etc.), and help desk.

·         Led the effort of setting up a sandbox environment for penetration testing.  As well as managing penetration testing project to completion and completing remediation plans.

·         Led the effort of building a database replication strategy for the OLTP database.

·         Leading the effort of building OLAP and staging databases for production infrastructure.  Project includes data transformation from OLTP to staging (ETL), staging to cube/OLAP (more ETL packages), and BI tools to retrieve information/reports from the OLAP database.

·         Responsible for managing the production SaaS applications, as well all internal environments (develop, staging, release candidate, etc.).

·         Responsible for setting processes and procedures for release management of different internal environments, as well as setting internal SLAs for each of the environments with various departments within the company.

·         Responsible for migrating Kinnser’s corporate site back into the data center infrastructure.

·         Responsible for managing vendors including pricing negotiation and vendor relationship management. 

·         Responsible for the overall Information Technology, Information Security, and Development Operations’ budget. 

·         On call 24x7.

 

2011 – 2013                      Affiniscape (now YourMembership.com)           Austin, TX

Vice President of Site Operations


·         Responsible for managing the Production Operations group and Internal Operations group.  Team is responsible for all facets of production operations (.Net application servers, CFMX, Dell servers and network hardware, and Microsoft SQL server database servers) and all internal systems (Exchange server, domain controller, Avaya phone system, etc.).

·         Responsible for managing multiple data centers (Data Foundry and Outernet).

·         Responsible for managing the production SaaS applications within multiple data centers, as well as the build server, internal IT, and QA environment. Managing the system administrators, helpdesk specialists, and release engineer within the production team.

·         Led the effort for converting release process from Waterfall to Agile (scrum, sprint planning, daily standup, story sizing, retrospective meeting, etc.) for product, development, QA, and production groups.

·         Led the effort for operationalize deployment process.

·         Led the effort for Microsoft Partner certification process.

·         Responsible for migrating physical hardware into VMWare (VSphere 5 with ESXi).

·         Managing upgrades from Windows 2003 to Windows 2008 (IIS 6 à IIS 7) for web/application servers utilizing VMWare to minimize scheduled downtime.

·         Oversees the F5 3600 load balancer redesign/upgrade project.

·         Managing the upgrades from SQL server 2005 to SQL server 2008 for one of the Affiniscape SaaS application.

·         Working with PM to manage releases to completion.

·         Responsible for managing all IT operations including pricing negotiation and vendor relationship management. 

·         Responsible for managing internal IT to provide services for the entire company.

·         Overhaul the phone system within the company.

·         Develop new backup strategy for production and internal operations.

·         Led the effort for designing new virtual call center solution and phone reporting solution.

·         Led the effort for ongoing email migration from hosted solution to the cloud.

·         Responsible for the overall IT budget.  This includes budget for all upgrades (SW and HW) in production environment, upgrade/redesign of the HQ internal IT environment and etc. 

·         Heavily involved in the release cycle for all sprints and responsible for pushing and managing the architecture release of the Affiniscape SaaS application web sites.

·         Helped design and centralize data from various applications (SFDC, Zoho, ForceFinder, Affiniscape, etc.) into a single CRM solution (Microsoft CRM).

·         Designed and implemented the hand off and escalation processes between Professional Services, Technical Support, and Account Management teams.

·         Responsible for managing the Technical Support group (level 1, level 2, and level 3).  Team is responsible for providing all support (application workflow, accounting, design, membership, reports, etc.) for all association employees/volunteers/executive directors/etc.

·         On call 24x7.

2009 – 2011                      Conformity               Austin, TX

Sr. Director of Production Operations


·         Responsible for creating, configuring, maintaining, and supporting the production environment within the Amazon Web Services (EC2, EBS, VPC, S3, etc.) environment.

·         Responsible for the configuration and management of the Tomcat and MySQL within the application and database instances within the Amazon Elastic Compute Cloud (Amazon EC2)/ Amazon Elastic Block storage (Amazon EBS) environment.

·         Responsible for design/implementation of the MySQL replication environment.

·         Utilizing the Amazon Simple Storage Service (Amazon S3) for staging and backup of the application code.

·         Formalizing production deployment procedures.

·         Responsible for managing all user accounts within the Google app (start page, email, Google doc and spreadsheet, etc.).

·         Responsible for the deployment and integration of Google app, internal AD, and Outlook.

·         Responsible for leading and completing the exercise of Salesforce AppExchange certification.

·         Responsible for introducing the SAS 70 audit process.

·         Working with PM and leading the effort of requirement design for the support feature of the Conformity Application utilizing Salesforce case management APIs.

·         Working with PM and leading the effort of requirement design (installation, configuration, attribute mappings, etc.) for Microsoft AD Connector for the Conformity Application.

·         Working with PM to manage releases to completion.

·         Design the Support escalation process (tier 1, 2, and etc) for existing staff and future planning.

·         Responsible for the introduction and implementation of the new hire/termination process.

·         Responsible for the introduction and implementation of password/anti-virus policy management within the company.

·         Responsible for the installation and configuration of the Microsoft domain for the company.

·         Responsible for the introduction and implementation of the Information Security policy and procedure within the company.


2008 - 2009                         QuickArrow (now NetSuite)               Austin, TX

Sr. Director of Site Operations and Technical Support

·         Responsible for leading the security team to get SAS 70 type 2 certification in 2005, 2006, 2007, and 2008 with no exceptions.

·         Responsible for achieving uptime 99.9% for the last 5 years.

·         Responsible for managing the Site Operations and Internal Operations group. Site Operations job description/responsibility remains the same as previously stated. 

·         Responsible for managing the Technical Support group.  Team is responsible for support all internal/external questions which are technical in nature (plugin installation, web services troubleshooting, performance problem, javascript issues, definition of fields within reports, etc.).

·         Maintain the escalation process between Support, Technical Support, and other groups within the organization.


2004 - 2008                         QuickArrow (now NetSuite)               Austin, TX

Director of Site Operations

·         Responsible for managing the Site Operations and Internal Operations group. Team is responsible for all facets of customer facing site operations (software, hardware, network, and DB), all internal DB design/maintaining, and all internal systems (domain controller, email system, etc.).

·         Oversees the network redesign/upgrade project (firewall (CISCO PIX), GB switches, and network topology).

·         Introduced the ISS/IPS notion to the company.  Oversees the budget, design, and installation/implementation of the IPS/IDS (NFR – now CheckPoint) devices.

·         Responsible for leading the security team to get SAS 70 type 2 certification in 2005, 2006, and 2007 with 0 high/medium severity issues and minimum recommendations for the year of 2005, 2006, and 2007 from the auditors (E&Y).

·         Responsible for maintenance of the production web site. Managing the system administrators and DBAs within the production team.

·         Introduced the concept of Business Continuity Plan and develop the Disaster Recovery plan for HQ and the data center.

·         Responsible for the overall budget of all IT/production.  This includes budget for all upgrades (SW and HW) in production environment, upgrade/redesign of the Quality Assurance environment, upgrades for the internal operation team, etc.  Working with the CFO on all aspects of the budget.

·         Responsible for systems auditing including patch regression testing, configuration and change management, systems security auditing and testing.

·         Tactical and strategic management of web site software and hardware administration, maintenance, content, and architecture changes.

·         Worked directly with development, QA, PM, and sales on change management processes to mitigate risk mitigate risks to web site uptime and revenue.

·         Heavily involved in the release cycle for all major, minor, and slipstream releases (product management, development, QA, production) and responsible for pushing and managing the architecture release of the QuickArrow web site.

·         Responsible for managing all business operations including accounting and vendor relationship management.  Responsible for all pricing negotiation between QuickArrow and 3rd party vendors.

·         Received Employee of the Quarter Award.

·         On call 24x7.


2003 - 2004                         QuickArrow (now NetSuite)                Austin, TX

Customer Support Manager/Site Operations Manager


·         Responsible for managing the customer support group. Team is responsible for troubleshooting all customer problems and answering all incoming calls.

·         Developed the escalation procedure between the Site Operations team and the Customer Support team.

·         Defined/structured level 1, level 2, and level 3 within the Support organization.

·         Responsible for managing all web servers and database machines within the production and QA environment.  Responsible for managing all other machines within the production environment.

·         Responsible for managing all machines within the HQ.  This includes domain controller (Microsoft Windows 2003 AD), mail server (exchange 5.5à exchange 2000 à exchange 2003), file system, etc.

·         Developed/automated the deployment process for the QuickArrow web site for production and QA environment.

·         Responsible for leading the security team to get SAS 70 type 1 certification in 2004 from the auditors (E&Y).

·         Oversees the architectural design of the web site infrastructure, including multi-tier design of the web site (Microsoft IIS 5.0, CFMX + Jrun (business logic), Java components, DB design layer, and load-balancing design (sticky round robin, Virtual IP address, DNS))

·         Developed the definition for different release vehicles (major, minor, and maintenance) and developed the process for each type of release.  Designed the check and balance system within the release management team and integrated the “sign-off” process into the standard release process.

·         Introduced the concept of OLTP, OLAP, and data migration to the company.  Heavily involved in the design/implementation of the next generation QuickArrow application.

·         Responsible of all upgrades for all QuickArrow licensed customers.

·         Responsible of all deployments for all releases to production environment from QA to staging to production.

·         On call 24x7.


2001- 2003                    Works (now Bank of America)                 Austin, TX

Web Operations Manager


·         Responsible for managing the Production Operations group. Team is responsible for all facets of customer facing web site operations (software, hardware, network, and DB), all internal DB design/maintaining, and internal accounting systems.

·         Responsible for maintenance of the production web site. Uptime statistics: 99.9998%.

·         Responsible for leading the security team to get SAS 70 type 1 certification in 2002 with 0 high severity issues and minimum recommendations for the year 2001 from the auditors (E&Y).

·         Responsible for leading the security team to get SAS 70 type 2 certification in 2002 with 0 high/medium severity issues and no recommendations for the year of 2002 from the auditors (E&Y).

·         Responsible for managing the security audit projects from E&Y and ISS (internal scan, release process, penetration test, etc.).

·         Oversees the architectural design of the web site infrastructure, including multi-tier design of the web site (Linux Apache render layer, Resin servlet engine (business logic), Java components, DB design layer, load-balancing design (sticky round robin, Virtual IP address, DNS), and database cluster technology (log shipping, EMC SAN device with SQL 2000 cluster).

·         Responsible for the designing and implementing the BCP/DR procedures and environment and making sure the failover process takes less than 24 hours from 1 data center to the next.

·         Responsible for managing the projects and the design of the connections to multiple credit card processors (TSYS and FDR) and managed relationship between credit card processors, banks, and Works.  Responsible for talking to customers/partners to negotiate allowable unscheduled down time and all other operation requirements.

·         Heavily involved in the release cycle for all major, minor, and slipstream releases (product management, development, QA, production) and responsible for pushing and managing the architecture release of the Works web site.

·         Led the effort of capacity analysis.  Working with Quality Assurance and Web Operation team and designed capacity test plan. 

·         Oversee the design for the Quality Assurance environment to ensure it matched the production environment.

·         Worked with QA staff to develop and implemented test plans for pre-release and production ready code.

·         Oversee the change management process, administration, and maintenance of two QA prototypes of the entire website including web rendering, EDI, and database systems.

·         Responsible for all Operation budgets.  Works with Controller on all details of the budget.

·         On call 24x7.


1999- 2001            Works (now Bank of America)           Austin, TX

Production Manager/Data Warehouse Manager


·         Responsible for managing the Production Operations group, Back Office development team, and the Data Warehouse team. Team is responsible for all facets of customer facing web site operations (software, hardware, and network) and designing and maintaining of the SalesLogix, Brio, Great Plains, and the Data Warehouse projects/architecture/environments.

·         Responsible for leading the design the data-warehouse architecture (data transformation from OLTP database to OLAP database) and managing projects of converting XML documents into relational schemas.

·         Responsible for managing the deployment process of all Works' internal/external web sites (corporate site, application site, partner relation site, back office site, and internal sales logix web site), and designed operational procedures for web site catalog update.

·         Oversee the architectural design of the web site infrastructure, including multi-tier design of the web site (business layer versus/data layer versus render layer), load-balancing design (sticky round robin, Virtual IP address, DNS), and AIX DB2 and SQL server fail-over strategy.

·         Worked with PM and internal customers (customer support, accounting, etc.) to analyze operational impact of business requirements, implement site feature requirements, and responsible for the generation of the operational requirements for different groups.

·         Heavily involved in the release cycle for all major, minor, and slipstream releases (product management, development, QA, production) and responsible for pushing and managing the architecture release of the Works web site.

·         Responsible for managing the technical aspect of the relationship between Works customers/partners (Granger, Dell, etc.).

·         Received the Works Annual Founder’s Award.

·         On call 24x7.


1998 - 1999                     Works (now Bank of America)                Austin, TX


·         Designed and developed automatically production deployment programs to deploy VB/Java MTS COM Components and ASP pages to production environments.

·         Designed and developed a C++ program to maintain SMTP traffic.

·         Designed and developed management software solution to administrate and maintain the production web servers.

·         Responsible for generating and maintaining builds to QA and production environment. Responsible for automating build procedures.

·         Responsible for configuration and installation of production and QA web environments with Microsoft technology (IIS, COM/DCOM, MTS, LDAP server, message queue, etc.).

·         Troubleshot NT 4.0 and Y2K issues.

·         Troubleshot network problems (DHCP Server, Remote Access Server -dialup and PPTP, local/domain administrator, trust relationship between two domains).

·         Responsible for designing and developing all client side scripting objects for web pages.

·         Responsible for leading the effort of documenting and automating test framework/test cases for the Works web site.

·         On call 24x7. 

1996 - 1998                    Smart Technology (now I2 Technology)              Austin, TX

Senior Quality Assurance engineer/ Developer

·         Designed and created test environments included hardware, software, and network configurations.

·         Responsible for diagnosing problems/issues reported by Technical Support team.

·         Responsible for generating test framework, capacity (stress/volume) test plan, regression test plan, and functional test plan against the functional specification for specific projects.

·         Responsible for implementing capacity/regression/functional testing scripts via SILK.  Coordinate the testing effort with all QA engineers to ensure the entire test plan is executed correctly.

·         Implemented dynamic HTML pages using SmartDNA engine, Java COM components, and Powerbuilder.

·         Responsible for implementing stored procedures and queries for updating and retrieving values from Oracle database.

·         Responsible for implementing business Java component for specific projects.

·         Troubleshot Microsoft OS configuration problems (NT 4.0, Win95, and Win 98).

Education

University of Texas at Austin, Austin, Texas – 1994-1998

Degree: Bachelor of Science – Computer Science