Don is available for hire

Don Kuecker

Verified Expert in Engineering

Risk Management Developer

Windermere, FL, United States

Toptal member since September 17, 2021

Expertise

Enterprise Architecture System Security SSO Engineering Cloud Engineering OKTA Database Security Engineering AWS OAuth SAML COBOL

Bio

Don identifies company security risks and creates mitigation strategies using the tools and applications most appropriate for their environment. He implements technologies to address security requirements for existing legacy technologies, merging business concerns and migrations to new strategies such as cloud offerings and their subsequent iterations. Don establishes consensus between departments and business entities based upon solid communication skills and current security risk knowledge.

Portfolio

Wells Fargo

Web Security, Database Security, Identity & Access Management (IAM)...

Wyndham Worldwide (now Travel + Leisure Co.)

Application Security, Network Architecture, ISA, Information Security, Security...

The Walt Disney Company

Application Security, Network Security, Communication, Database Security...

Experience

Policies & Procedures Compliance - 10 years
Security Assessment - 10 years
Risk Management - 10 years
Security Management - 10 years
Identity & Access Management (IAM) - 7 years
Single Sign-on (SSO) - 7 years
Security Engineering - 7 years

Availability

Part-time

Preferred Environment

Distributed Systems, Compliance, Networks, PCI, Application Security, Security, Strategy, Confidentiality, Network Architecture

The most amazing...

...project I've helped develop is the Walt Disney Magic Band and its supportive technologies, leading numerous security-related solutions and assessments.

Work Experience

Information Security Architect

2019 - 2021

Wells Fargo

Provided security assessment functions while identifying new and emerging security risks for high dollar payment applications (any transaction over $10 million per day and per user).
Defined and assisted with security risk mitigation solutions for discovered security risks.
Assisted with various security-related initiatives such as single sign-on (SSO), privileged access management (PAM), virtual desktop infrastructure (VDI), and multifactor authentication (MFA).

Technologies: Web Security, Database Security, Identity & Access Management (IAM), Security Assessment, Policies & Procedures Compliance, Application Security, File Integrity, Confidentiality, Single Sign-on (SSO)

Application Security Architect

2014 - 2019

Wyndham Worldwide (now Travel + Leisure Co.)

Built security development guidelines, including security-related checklists. Provided guidance regarding implementation and usage of static code analysis (SCA) tools.
Provided security consulting input and interpretations of the PCI DSS requirements related to compliance and verification of processes.
Assisted with various security initiatives that include RESTful API services, SOA, single sign-on (SSO) using Oracle SSO and Okta SSO solutions, and RFP for API security gateway selection.
Provided leadership with identity management (IdM) requirements for access recertification solutions across multiple technologies to ensure regulatory compliance requirements were addressed adequately.
Led efforts to define API security requirements that include federated authentication solutions (SAML assertions) and OAuth 2.0 authorization processes.
Participated in vendor selection for privileged access management (PAM) solution CyberArk, the initial integration into our single sign-on (SSO) solution.
Assisted with the selection of a cloud access security broker (CASB) product and implementation.

Technologies: Application Security, Network Architecture, ISA, Information Security, Security, Cloud Security, Security Architecture, Web Security, Database Security, API Gateways, Assets, IT Security, Encryption, Session Handling, REST, PCI DSS, APIs, JSON, Architecture, Identity & Access Management (IAM), Virtual Desktop Infrastructure (VDI), Security Assessment, Session Management, Cloud Access Security Broker (CASB), Single Sign-on (SSO), Account Management, JSON Web Tokens (JWT)

Senior Security and Compliance Specialist

2011 - 2014

The Walt Disney Company

Provided senior-level security services and guidance to the numerous business units, technology support groups, and leadership committees within the Walt Disney companies globally.
Consulted regarding compliance issues and security needs, including PCI DSS, HIPAA, SOX, GLBA, ISO 17799, Safe Harbor, and other regulatory requirements.
Provided senior security support and guidance for industry-setting technology (MagicBand) deployment of wireless RFID solutions and other wireless (ZigBee) and mobile device (iOS and Android) solutions.
Defined and developed security processes and guidelines for mobile devices and mobile applications for internal and internet-facing scenarios.
Provided expertise of PCI DSS to various Disney business units as they built relationships with external vendors that process credit card transactions as part of the delivery solution.

Technologies: Application Security, Network Security, Communication, Database Security, Data Encryption, Assets, IT Security, PCI DSS, RFID, WiFi Integration, Service-oriented Architecture (SOA), Certified Information Systems Security Professional, Security Assessment

Senior Security Consultant (QSA)

2007 - 2011

Trustwave

Conducted Security assessment for PCI DSS, including clients like issuers, acquirers, payment gateways, service providers, merchants.
Obtained and retained a Qualified Security Assessor (QSA) certification during the entire tenure with Trustwave.
Provided ad-hoc consulting services for the various clients in assisting them with compliance issues and security needs, including HIPAA, SOX, GLBA, ISO 17799, FISMA, NIST, HITRUST, and other regulatory requirements.
Developed and advised on new security measures or findings that contribute to the overall security requirements of the financial industry and other industries as a whole.
Provided assistance to non-level one merchants in regards to self-assessment questionnaire (SAQ) interpretations, PCI DSS assessment requirements, compliance gap reporting, security controls, and various other security-related activities.

Technologies: PCI DSS, Compliance, Information Security, Database Security, Security, Mainframe, Distributed Systems, Credit Cards, Security Assessment

Experience

Walt Disney MagicBand

https://disneyworld.disney.go.com/faq/my-disney-experience/frequency-technology/

Assisted with the design, development, and security testing of the Walt Disney MagicBand to replace numerous paper-based theme park entitlements. This consisted of utilizing RFID technology for both theme park entitlements as well as Walt Disney-based on-premise lodging utilizing Zigbee technologies and associated encrypted storage for both application requirements.

Privileged Account Management

I assisted with the initial security risk finding regarding the possible misuse of privileged accounts such as system administrators. Assisted with the initial deployment of CyberArk to store and manage all privileged account passwords. Additionally assisted with the deployment of a jump server within a high-security segment to add additional security controls for admin-type access to servers and similar appliance-type devices.

Security Risk Management

Led and assisted with numerous initiatives to define security risks in the form of risk management. Performed numerous security risk assessments on internal applications, third party applications, proposed applications, technology upgrades to determine any possible security risks. Assisted with building mitigation projects for security risk findings that include and are not limited to single sign-on, multi-factor authentication, and virtual desktop infrastructure.

Certifications

JULY 2002 - JULY 2023

Certified Information Systems Security Professional (CISSP)

ISC2

Skills

Libraries/APIs

Apigee

Tools

Amazon Elastic Container Service (ECS)

Languages

SAML, CICS, COBOL

Frameworks

OAuth 2, JSON Web Tokens (JWT)

Paradigms

Security Software Development, Service-oriented Architecture (SOA), REST

Platforms

Amazon Web Services (AWS), Kubernetes, Docker

Storage

Database Security, JSON

Other

Identity & Access Management (IAM), Security Assessment, Policies & Procedures Compliance, ISA, WiFi Integration, Certified Information Systems Security Professional, PCI DSS, Compliance, Networks, PCI, Security Architecture, Enterprise Architecture, Encryption, Multi-factor Authentication (MFA), NIST, Security, Network Architecture, Distributed Systems, Application Security, File Integrity, Confidentiality, Single Sign-on (SSO), Security Management, Security Engineering, RFID, Strategy, Architecture, API Gateways, Session Handling, Session Management, Account Management, CyberArk, Proxies, Zigbee, RACF, ISO 27001, Security Technical Implementation Guides (STIGs), IoT Security, PCI Compliance, Security Audits, Cloud Security, Cloud, Okta, Risk Management, Network Security, Communication, Operations, Mainframe, Web Security, IT Security, Data Encryption, Web & Mobile Applications, Security Testing, Information Security, Credit Cards, APIs, Virtual Desktop Infrastructure (VDI), Cloud Access Security Broker (CASB), SOX Compliance, Networking, Threat Modeling, OWASP, Risk Models, PCI SSF, Assets

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring