Zhacary Smith, Developer in Henderson, NV, United States
Zhacary is available for hire
Hire Zhacary

Zhacary Smith

Verified Expert  in Engineering

IT Security Expert and Developer

Henderson, NV, United States

Toptal member since April 10, 2025

Expertise
System SecurityTech FreelancingLDAPMicrosoft DevelopmentWindows DevelopmentSQLAutomation
Bio

Zhacary started his IT journey in 1991 as a full-time systems engineer at Microsoft, providing support for Windows 3.0 and MS-DOS. He evolved into more intricate roles and managed Active Directory (AD) systems, spanning Windows 3.0 to Win2022. From 2010 onwards, he honed his expertise in IT security, focusing on IPS, web application scanning, vulnerability assessments, pen testing, and various security tools. Zhacary flourished as a lead PKI and CLM engineer across multiple organizations.

Portfolio

Grant Leading Technology
Keyfactor, PKI, Active Directory (AD), Automation, SSL Certificates
CyberWall Technologies
PKI, Active Directory (AD), Hardware Security Modules (HSMs)...
Delta Air Lines
Active Directory (AD), Hardware Security Modules (HSMs), Venafi TPP, Keyfactor...

Experience

  • Active Directory (AD) - 15 years
  • PKI - 12 years
  • X.509 Certificates - 11 years
  • SSL Certificates - 11 years
  • Keyfactor - 11 years
  • Venafi Trust Protection Platform (TPP) - 11 years
  • Network Engineering - 11 years
  • Certificate Services - 11 years

Availability

Full-time

Preferred Environment

Windows

The most amazing...

...thing I am proud of is the application I've developed that allows users, i.e., beta testers, to upload to Microsoft Support and capture environments, logs, etc.

Work Experience

Senior Security and Identity Access Manager | PKI Engineer

2023 - 2025
Grant Leading Technology
  • Managed Keyfactor administration. Designed and supported systems, oversaw certificate lifecycle management (CLM), and handled certificate signing request (CSR) and personal exchange format (PFX) enrollment.
  • Managed certificate installations and automation, executed revocations, and generated reports.
  • Administered Active Directory Certificate Services (AD CS). Oversaw certificate authorities, certificate revocation list (CRL), CRL distribution points, OCSP, personal identity verification (PIV), high-intensity discharge (HID), and more.
  • Managed nCipher hardware security modules (HSMs), configured security worlds/domains, implemented AD Group Policy, published root and intermediate CAs, and facilitated single sign-on (SSO).
  • Developed certificate practice statements (CPS), defined certificate policies (CP), and managed the Policy Management Authority (PMA).
Technologies: Keyfactor, PKI, Active Directory (AD), Automation, SSL Certificates

Senior PKI Engineer

2015 - 2025
CyberWall Technologies
  • Architected, designed, and supported PKI solutions using Venafi and Keyfactor for clients such as Discount Tire, PKI Solutions, US Post Office, San Diego Gas & Electric, Citizens Bank, Optiv Security, and Options Clearing Corporation.
  • Consulted as a senior PKI architect, specializing in Venafi and Keyfactor certificate management solutions.
  • Managed AD CS, CDP, certificate policies, CRLs, CDPs, and revocations.
  • Handled cryptography, certificate automation and management, renewals, and CSRs.
Technologies: PKI, Active Directory (AD), Hardware Security Modules (HSMs), Venafi Trust Protection Platform (TPP), Keyfactor, X.509

Senior Security and PKI Engineer

2016 - 2017
Delta Air Lines
  • Served as a lead Venafi Trust Protection engineer and worked on TPP certificate management, design, administration, training, and integration.
  • Designed and managed our PKI environment, including X.509 certificate management, enterprise PKI design, and administration.
  • Administered SafeNet, Gemalto, and LunaSA HSMs and managed PED, iKeys, remote, and HA configurations.
Technologies: Active Directory (AD), Hardware Security Modules (HSMs), Venafi TPP, Keyfactor, Vulnerability Management, Cyber Threat Hunting

Senior Security and Identity Access Management/PKI Engineer | Venafi TPP Lead

2014 - 2016
Kaiser Permanente
  • Managed our PKI environment, including X.509 certificate management, enterprise PKI tools, etc.
  • Handled Venafi Trust Protection Platform, including revocations, renewals, retirements, notifications, policy groups, and overall administrative tasks.
  • Implemented privileged access management (PAM) systems utilizing CyberArk.
Technologies: Active Directory (AD), Venafi TPP

Senior Intrusion Prevention Systems Engineer

2013 - 2014
Sempra
  • Installed and configured various TippingPoint Intrusion Prevention Systems (IPS) appliances throughout the United States.
  • Oversaw TippingPoint IPS and SMS Enterprise, including SMS, HA, ZPHA, TOS, TMC, digital vaccines, quarantine procedures, custom filters, L2FB, segment creation, enterprise design, deployment, and incident management.
  • Assisted the MS AD, networking, and firewall teams with secure design and implementation.
Technologies: Intrusion Prevention Systems (IPS)

Senior Security Analyst

2013 - 2013
SONY
  • Worked on enterprise vulnerability management using Qualys.
  • Handled PCI and SOX compliance, reporting, and threat management.
  • Collaborated with the system engineers and device owners to help resolve confirmed or potential vulnerabilities.
  • Served as a project manager and worked on case reviews, ticket creation, macro development, LDAP configuration, AD integration with SSO, and Secure Sockets Layer (SSL) standards.
Technologies: QualysGuard, Vulnerability Management, Vulnerability Assessment

Enterprise PKI Engineer

2011 - 2013
Bank of America
  • Acted as Venafi encryption director. Supported internal customers as they installed and deployed certificates, automating the processes of procurement, enrollment, monitoring, and renewal of certificates.
  • Supported internally and externally hosted CAs, SSL, and code signing.
  • Installed and configured HSMs for the highest level of private key protection and security.
  • Provided consulting to all lines of business within the bank on security-related topics, including certificates, multi-factor authentication, etc.
  • Participated in defining and developing the strategic plans, certificate renewal, CRL/AIA, encryption type/strength, etc.
Technologies: Active Directory (AD), Certificate Services, Venafi TPP

Information Security Specialist

2008 - 2009
SDDC
  • Oversaw TippingPoint IPS and SMS enterprise management, including SMS, HA, ZPHA, TOS, TMC, digital vaccines, quarantine, custom filters, L2FB, segment creation, enterprise design and deployment, and incident management.
  • Conducted QualysGuard internal and external vulnerability scanning and worked on mapping, asset groups, PCI and compliance, reporting, and remediation. Utilized Nexpose Rapid7.
  • Scanned web applications using HP WebInspect, IBM Watchfire AppScan, Qualys WAS, and Accunetix. Collaborated with developers to fix code and explain exploits. Worked with software development lifecycle (SDLC).
  • Reviewed and oversaw firewall rules using Apache, Microsoft ISA, Cisco FWSM, and Router ACLs.
Technologies: Active Directory (AD), TippingPoint IPS, QualysGuard, HP WebInspect, Web Security, RSA Envision

System Administrator

2005 - 2008
T-Mobile
  • Managed the health and expansion of AD, handling DNS administration, GPOs, policies, directory replication, site-to-site configurations/replication, security operations, and domain controller buildouts and maintenance.
  • Created and managed Dynamic Host Configuration Protocol (DHCP), oversaw user and group management, supported ILO/KVM, and provided LDAP expertise, packet analysis for network troubleshooting, IIS support, and training of team members.
  • Designed enterprise PKI for the T-Mobile network, including building a model that supported multi-level CAs.
  • Configured intermediate CAs and issued CAs. Created offline IPSec VPN certificates and various other certificate types and policies. Enabled auto-enrollment for domain clients through AD and provided web enrollment for non-domain users.
  • Managed HSMs for the highest level of private key protection and security.
  • Enabled Kerberos authentication for non-domain clients. Deployed key tab files paired with their service principal name (SPN) to facilitate UNIX hosts' authentication with AD.
  • Set up and configured WebLogic, managed Jakarta EE, Java Runtime Environment (JRE), and Java Virtual Machine (JVM) environments, and monitored tasks.
Technologies: Active Directory (AD), Certificate Services, LDAP

Senior Network Engineer | Infrastructure Engineer

2004 - 2005
Microsoft
  • Built and deployed Windows 2003 Server in an enterprise environment. Configured a group policy object (GPO), organizational unit (OU), domain name system (DNS), IP sites, Microsoft Operations Manager (MOM), SMS, NetQoS, SharePoint, and MS SQL.
  • Provided technical support and designed SharePoint Portal Services (SPS) on production portal sites. Included SSL, certificates, security, network design, DMZ, firewall, exchange OWA/OMA, load balancing, and SAN/clustering.
  • Utilized MOM and systems management server (SMS) to manage enterprise servers, enabling centralized administration and troubleshooting for the entire enterprise.
  • Administered SMS portal, provided OWA, mobility, and smartphone support, and configured servers. Managed terminal services, DNS, and WINS, facilitated patch management and service packs, and handled AD administration.
  • Configured RAID arrays and managed domain and SSL certificate registrations.
  • Configured BigIP F5 and VPN settings and deployed Blade servers. Managed Cisco routers and switches, designed ISA server infrastructure, and provided support for PBX phone systems such as TeleVantage.
Technologies: Active Directory (AD), TippingPoint IPS

Experience

Certificate Automation | Automated Installation of SSL Certificates

Created an automated installation process using Keyfactor to install SSL and TLS certificates onto end hosts for a large US corporation. This process included scoping out Orchestrator servers to strategically place across their complex infrastructure to "deliver" SSL/TLS certificates to over 1,000 hosts.

HSM Installation and Maintenance

A large aerospace company tasked me with installing and managing more than 20 HSMs and managing their certificate infrastructure. I administered AD CS, AD Group Policy, CDP, CLM, SQL databases, and multiple environments across a worldwide environment. This included managing and securing all private keys on the HSMs while setting up redundancy, domains, etc.

Education

2001 - 2025

Progress Toward Master's Degree in Information Security

American Intercontinental University - Online

1989 - 1991

Coursework Toward Juris Doctorate in Law and Justice Administration

Seattle Law School - Tacoma, WA, USA

1989 - 1991

Coursework Toward Juris Doctorate in Law School

Seattle Law School - Tacoma, WA, USA

1984 - 1988

Bachelor's Degree in Criminal Justice

Grambling State University - Grambling, LA, USA

Certifications

JANUARY 2023 - PRESENT

Keyfactor Certified Professional (KCP)

Keyfactor

FEBRUARY 2005 - PRESENT

MCITP Enterprise Administrator Certification

Microsoft

MAY 2003 - PRESENT

Certified Information Systems Security Professional (CISSP)

ISC2

JANUARY 1995 - DECEMBER 2030

Microsoft Certified Systems Engineer (MCSE)

Microsoft

Skills

Tools

HP WebInspect

Languages

SQL

Paradigms

Automation

Platforms

Microsoft, Windows, QualysGuard

Other

PKI, Venafi Trust Protection Platform (TPP), Keyfactor, Active Directory (AD), Law, Criminal Justice, Information Security, Information Technology, Certificate Services, X.509 Certificates, Microsoft (AD), Encryption, Hardware Security Modules (HSMs), SSL Certificates, Legal Research, Network Engineering, Venafi TPP, Intrusion Prevention Systems (IPS), Vulnerability Management, Vulnerability Assessment, Web Applications, TippingPoint IPS, Web Security, RSA Envision, LDAP, X.509, Cyber Threat Hunting

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring