Brad Tumy | Identity Management Architect

A highly-accomplished, deeply-driven, Information Security Architect with a successful 2 decade track record in Information Security and Application Development. Proven ability to tackle and succeed in all endeavors from business development to customized software development and implementation. Has repeatedly lead teams in successfully deploying complex technical solutions.  Possess strong architecture and implementation experience in Identity and Access Management. Exceeds in fast-paced environments, handles multiple assignments simultaneously and coordinates deliverables with key stakeholders in cross-functional groups.


ForgeRock Consultant, OpenAM Consultant, OpenDJ Consultant, OpenIDM Consultant, Identity Management Consultant , Identity and Access Management Architecture and Implementation | Directory Services | Systems Administration | Project Management/Leadership | Business Development | OpenAM Consultant | OpenIDM Consultant | OpenDJ Consultant

Technology Snapshot

OpenAM, OpenDJ, OpenIDM, Linux (Redhat, Ubuntu), Windows XP, Windows 7, Solaris (8-10), SAML, Identity & Access Management, Federated Identity Management, Directory Services, Oracle Access Manager, Oracle Internet Directory, Oracle Virtual Directory, Oracle Identity Manager, Oracle Application Server (OAS), J2EE, SQL, Oracle Internet Directory, Oracle Virtual Directory, Sun Java Directory, ADAM, AD, XML, and HTML, Unix/Linux command line scripting, LDAP, Network administration (TCP/IP, DNS, Firewall), PKI, Java, PERL, Wireshark (Ethereal), tcpdump, snoop, NMAP

Professional Experience

Tumy Technology, Inc. – 02/2008 – Present President/Identity Management Senior Architect Tumy Technology is an Information Security consulting firm that provides solution and implementation services.  Brad Tumy has had the role of  lead architect for several projects providing expertise and experience developing highly-available and scalable enterprise identity architectures.  Brad has had the responsiblity of deploying of Oracle Virtual Directory, Oracle Identity Federation, Oracle Access Manager, Oracle Internet Directory as well as various other LDAP platforms. Responsibilities include developing the overall design and strategy; Analysis to identify gaps in product and draft solutions to resolve; and Implementation/Deployment support.

Energy Industry | ForgeRock Technical Architect
Lead Technical Architect responsible for the design and implementation of OpenAM, OpenDJ and OpenIDM in support of client’s role-based access control environment.  Designed new system to replace legacy, home-grown Single-Sign-On (SSO) system.  Implemented provisioning and synchronization using OpenICF connectors.

Insurance Industry | ForgeRock OpenAM/OpenDJ Consultant
Subject Matter Expert for ForgeRock’s OpenAM and OpenDJ products.  Provided architectural assessments, Best Practices and hands-on implementation support.

Federal Agencies | ForgeRock OpenAM/OpenIDM Consultant
Provided design, architecture and implementation support on ForgeRock’s Open Identity Suite (OpenAM, OpenIDM, OpenDJ) for various Federal Agencies

Department of Energy | Senior ICAM Architect
Responsible for the design and implementation of DoE’s ICAM architecture.  Implementation of Identity and Access Management systems, based on Oracle Identity Management suite, to provide improved Single Sign-On, Federation (SAML & Shibboleth), strong authentication, and User Identity Management.

MITRE Corporation (Prime:  Edgerock Technology Partners)

Brad’s role on this project is Technical Lead and Subject Matter Expert for Identity and Access Management.   Brad is architecting and implementing the Identity Management infrastructure to support Common Registration and Common Login for external access by Sponsors and Partners.  This infrastructure will support Single Sign On for MITRE employees and contractors to external applications that are hosted in the MITRE DMZ and is integrated with MITRE’s Sharepoint implementation to provide SSO w/strong authentication (PKI, SecurID).  Additionally, Brad is implementing Oracle Identity Federation 11g, using SAML 2.0 token exchange, to support SSO with MITRE’s partners.

U.S. Department of Defense

DODIIS Identity Authorization Service (DIAS) (Prime:  Chesapeake Technology)

Provided Identity Management Subject Matter Expertise in support of an Identity Authorization Service project. This is a live, production system with regular, schedule release cycles.

  • Implemented strong authentication for sso with agency applications (integrated SSO with DODIIS PKI)
  • Implemented vendor solution for SAML-based Federated Identity Management on SIPRNET
  • Migrated LDAP server from Solaris Platform to a highly-available, and redundant Redhat Enterprise Linux environment.
  • Implemented Backup and Recovery process using RMAN.
  • Implemented data synchronization and provisioning with other data sources (Netscape Directory Server and Oracle DB) using Oracle’s Directory Integration Platform (DIP).
  • Designed and developed Virtual Directory Implementation, including several custom plugins (developed in Java using Oracle’s OVD Plugin API).
  • Responsible for implementing security design to limit access and exposure to LDAP and DB servers (Linux Firewall configuration, TCP/IP).
  • Developed robust BASH scripts to automate the installation and migration processes.
  • Performed network troubleshooting using tcpdump and snoop.

Hilton Hotels (Prime:  Protiviti, Inc)

Performed on-site audit of Identity and Access Management implementation. Prepared and presented analysis and documentation of findings with recommendations and best-practices to customer.

VISA, Inc. (Prime: SENA Systems) Project lead and Technical Architect responsible for deployment of Oracle Virtual Directory in customer’s environment.  Brad lead on team of two senior engineers and was responsible for technical direction and day to day supervision of project deliverables.  Solution consolidated multiple backend directory stores into a single virtualized view.  Backend data stores include Active Directory and Sun Java LDAP.  This solution was designed to be highly available and scalable to 1 million users.  The virtual directory provides authentication and authorization information for customer’s enterprise applications and UNIX PAM.

Cox Communications (Prime: Secure Identity Solutions)

Responsible for implementing Federated Identity architecture using CA SiteMinder Federation at Cox Communications.  This implementation was based on SAML 2.0 protocol.  Provided Recommendations and Best Practices to the customer’s architecture team.  Developed the technical design documentation associated with this implementation. Additionally, Brad developed a prototype environment that integrated  CA Siteminder, Oracle Identity Federation and Ping Identity Server, all 3 systems successfully exchanging SAML 2.0 tokens.

Oracle USA, Reston VA – 07/2005 – 02/2008 Consulting Technical Manager Identity & Access Management Lead Architect, Defense Intelligence Agency (DIA), DoDIIS Identity Authorization Service (DIAS) Program Project Lead and Technical Architect providing engineering direction and technical assessment for the DoDIIS Identity and Authorization Service (DIAS) Program.

U.S. Department of Defense

Project:  Cross-Domain Security Services

Designed and developed architecture for the integration of Identity and Access Management suite into a Cross-Domain Security Solution architecture. Responsible for implementing Directory Services and vendor-based SSO solution.

  • Developed robust BASH scripts to automate the installation and migration of Oracle software.
  • Designed and Implemented IDM architecture to support PL4 cross-domain access management.  This architecture was designed to improve the operational capabilities of today’s war-fighter and to reduce the burden of accessing mission-critical data across networks.  Solution implemented Oracle Access Manager to provide Identity provisioning, and Oracle’s Directory Services to provide a centralized User repository.

Project: DODIIS Identity Authorization Service (DIAS)

Responsible for the implementation of LDAP, SSO Access Management services and Federation services on an Authorization Services Project. The Identity architecture was designed to consolidate several Identity data sources and provide a user’s Identity attributes, via a web service call back to several of the agency’s applications. This is a live production system that has regular, scheduled release updates. This architecture leveraged a Virtual Directory product to centralize several LDAP directories into a single instance, minimizing administration requirements and increasing the capability to provide more information in a single transaction.  This program reduced the overhead of maintaining code that polled several directories.

Federal Bureau of Investigation (FBI) Brad provided recommendations for an Oracle Identity and Directory Services architecture. This effort included vetting the customer requirements, and installing and configuring COREid Access & Identity in their lab for the purposes of evaluating the Oracle product stack.

Supported additional customer initiative as technical lead for the Oracle Identity Manager product Provided technical leadership, architectural and implementation support as well.

Provided support to this customer on their Virtual Directory implementation. Developed custom plugins, using Java and Oracle’s API.

U.S. Office of Management and Budget (OMB) Project: eAuthorization Integration

Provided architecture recommendations and implementation support to this customer to integrate existing applications into the GSA E-Authentication program. While working with this customer I installed and configured Identity Federation and SSO. Oracle Access Manager was used to provide a rule-based authentication and authorization framework around their existing application. Oracle Identity Federation provide the SAML interface and exchange with the GSA SAML Provider. To support the integration with their existing application I was required to develop several extensions to the OIF servlet using Java.

GMAC Provided expertise in COREid SHAREid (Federation) and the Apache Web Server. Customer was having performance issues that were resulting in dropped traffic. Provided guidance on tuning the product to a level that improved performance by over 50%.  Network performance troubleshooting using Ethereal.

Bureau of Alcohol, Tobacco, Firearms & Explosives (BATFE) Project: eAuthentication Integration Project Lead and Technical Architect providing direction to team of 4 engineers.  Provided planning and installation recommendations and guidance for an Oracle COREid Federation i implantation. As a Federal agency ATF is required to comply with the E-Authentication initiative. This effort involved the analysis of Federal compliance requirements as well as agency enterprise architecture requirements. Prepared custom install and configuration documentation to assist customer as well as performed as technical lead for the installation in their test and production environments.

AuthSec, Inc., Columbia MD – 01/2004 – 07/2005 Senior Software Engineer

Project: eAuthentication Integration Brad developed recommendations for the Federated Identity Management System architecture for the Department of Veterans Affairs. This effort included:

  • Development and analysis of requirements;
  • Comparison of vendor products
    • Installed and configured:
      • IBM Tivoli Identity Manager, Tivoli Access Manager and Tivoli Federated Identity Manager
      • CA Siteminder
      • Sun Identity and Access Manager
      • Installation and configuration of a test lab used to performance test the various configurations.
      • Installation and configuration of Datapower XS 40 (XML Gateway)

The result of this effort was the recommendation of a scalable architecture that the customer used to build their Federated Identity Management implementation.  Other duties included installation, configuration and troubleshooting of Web servers (Apache), Application Servers (Tomcat, Oracle Application Server), network connectivity (tcpdump, Ethereal).

Pragmatics, Inc., McLean VA – 09/2001 – 01/2004 Senior Software Engineer

Brad was the Technical Lead on several projects for DISA and NOAA. Typically lead teams of 2-4 engineers.  For NOAA developed a web-based identity management system in C++. This system was the front-end GUI for a SunOne directory server containing user identity data. This application also interfaced with the RSA Keon PKI certificate management system and provided UI for users requesting and managing Smart card based digital certificates.

Technical Lead – Lead team of 4 software developers responsible for the Joint Operation Planning and Execution System (JOPES) – Developed 2 and 3-tier web-based database applications for the JOPES project to integrate into the DII COE framework, used the following technologies: Cold Fusion, Java, JavaScript, Korn Shell, SQL*Plus, Oracle DBMS.

Cyber Forensics Investigator I training class (w/ Bruce Middleton).  Brad was 1 of 5 employees selected for this training class.  In this class Brad gained experience with Cyber Forensics Investigative techniques and best practices as well as hands-on experience with EnCase and other open source forensics tools.

Abbtech Staffing, Sterling VA – 01/2001 – 09/2001 Programmer

Lead Programmer responsible for developing a web based application for the U.S. Navy’s SPAWAR program. Lead team of 2 software developers.  Developed a Cold Fusion based application that interfaced with an Oracle 8i database. Designed and built custom modules that improved re-usability and reduced implementation time.

Mission 3, LLC., McLean VA – 10/2000 – 01/2001 Technical Lead

Lead Developer on several web application projects. Lead team of 3 software/web developers. Brad developed custom E-commerce applications using JavaScript, Cold Fusion, and CSS.  Major Contributions: Lead developer on custom web-based Content Management System. This product was rolled into a commercial package that was sold to several of Mission 3’s customers.

US Interactive, Inc., Reston VA – 03/2000 – 10/2000 Programmer

Brad Tumy designed and developed e-commerce web-based applications using Cold Fusion, JavaScript, JDBC and Oracle DB.

Regulatory Affairs Professionals Society (RAPS) – 03/1998 – 03/2000 Director of Information and Technology

Responsible for managing all aspects of IT, including network administration, desktop support, management of membership database and web development.  Oversaw IT budget and managed the acquisition of new hardware and software.  Major Contributions: During this period managed the migration from Novell based network to Windows NT, upgraded users from Windows 95 to Windows 98, reduced the costs of managing the corporate website by over $30K/year, and implemented several web-based initiatives that either increased revenue or reduced costs (member job board, online member self-management, employee online technical support website)

HBP, Inc., Hagerstown MD – 05/1996 – 03/1998 Systems Analyst

Designed and developed several e-commerce web applications, network administration and support.  Responsible for the overall technical function of the Web operations.  Duties included system installation and configuration (Windows NT, Linux), Web Application Server installation and configuration (IIS, Apache, Cold Fusion Application Server), Web Application Development (HTML, Javascript, Cold Fusion) and Backup and Recovery procedures. Major Contributions: Network Forensic activity to track down vulnerable systems and processes within the Web-hosting environment.

PRC, Inc., Washington DC – Summer 2005 Systems Analyst, Executive Office of the United States of America

While serving at the Executive Office Brad was responsible for Systems and Network support for the entire Executive Office, including New Executive Office, Old Executive Office and the White House. Duties included troubleshooting PC and network related issues, managing the trouble-ticket support system and performing inventory activities enterprise-wide.  Major Contributions: Implemented new FoxPro report-generation processes that reduced the report-generating effort by 8 hours per day.

Education and Training

  • Computer Science/Information Science, Frostburg State University, 1993 – 1997
  • Oracle Applications Server 10g (iAS, OID, OSSO)
  • Oracle Access and Identity (Oblix Identity and Access Manager)
  • Oracle Identity Federation (Oblix SHAREID)
  • Oracle Identity Manager (Thor Xellerate)
  • Oracle Virtual Directory
  • IBM Tivoli Identity and Access Manager; Tivoli Federated Identity Manager
  • Cyber Forensics Investigator I – Pragmatics, Inc (Bruce Middleton)

Security Clearances

  • TS/SCI