Tony L. Keith

Recent Photo
Locations:
Cincinnati, OH Area (home base)
Tel: +1 (310) 753-9957
Email:Tony.Keith@yahoo.com

Professional / Executive Summary

  • CISSP and SME with expert working knowledge of PCI DSS and PA-DSS, V2.0/3.0-3.2, as evidenced by successfully leading eighteen (18), compliance certifications (RoCs - level 1) on six (6) different processing platforms / systems. Also experienced as an independent PCI consultant, assessing and evaluating in-scope Cardholder Data (CHD) Environments (CDE) and providing gap assessments with analysis, infrastructure, technology recommendations and roadmap with corrective actions and remediation on physical, virtual and cloud based (IaaS/PaaS) systems (merchants / service providers / shared hosting providers) and payment applications.

  • Highly technical, skilled and dedicated CTO / Technology Director offering an impressive 20+ year background in business development, product management and development, personnel management, professional consulting, payment processing, online payment solutions and system/application security.

  • Experienced, organized, motivated and hands on technical project/personnel manager with the ability to deliver large projects or multiple smaller projects on-time and on-budget. Ability to manage multiple locations and personnel in multiple time zones remotely but also available to travel on-site as needed domestically and/or internationally.

  • Extensive knowledge of open source technologies such as Linux, Apache, Node, Tomcat, MySql, MongoDB, JAVA, PHP for online, high volume, high availability, highly scalable, production based systems. This includes all aspects of online systems from routers, firewalls, load balancing, webservers, application servers, distributed databases, encryption, replication, LTSP, backup management to reporting.

  • Proficient understanding of credit/debit/prepaid card processing and online payment solutions including acquiring, issuing, settlement, retrievals, disputes, chargebacks, affiliate / reseller / sponsor programs, E-commerce, ACH processing and real-time/post authorization fraud filtering techniques.

  • Experienced and knowledgeable QA Test Engineer providing functional end to end testing solution using the latest technologies: Selenium, Mocha, Should and WebDriverIO on local/grid/cloud based testing platforms. Published a blog and open source tutorial project using these tools.

Areas of Expertise

  • PCI DSS/PA-DSS Gap Assessment / Roadmap / Compliance / Remediation
  • System / Network Security and Technologies
  • Security Policy & Procedure Development
  • Web Application Vulnerability Scanning & Remediation
  • Penetration Testing & Remediation
  • Agile / Scrum Development Methodologies
  • Staff Leadership & Team Development
  • Executive Management & Leadership Skills
  • Issuing / Acquiring / Settlement Processing
  • Retrieval / Dispute / Chargeback Processing
  • Cloud Based Architecture & Design
  • High Availability System Architecture & Design
  • Technical / Functional Documentation Writing
  • Automated Q/A Testing - Selenium (local/grid/cloud)

Skills / Technologies

Skill / Technology Proficency Experience
Years
{{skill.name}} {{skill.level}} {{skill.years}}

Career Background

PCI Security Specialist / PCI SME (Tony Keith Consulting)
Global Cloud, makers of DonorDrive® - Cincinnati, OH
December 2016 - June 2017
(Independent contract consulting position providing PCI DSS consulting.)

  • Provided PCI DSS expertise, organization, remediation advice, policy development and project management to Global Cloud for 1st time, PCI DSS, V3.2, level 1, certification as a service provider and sharing hosting provider.
  • First produced PCI gap assessment report with analysis, infrastructure recommendations and roadmap with corrective actions and remediation.
  • Second provided project management which included weekly status meetings, JIRA ticket creation and tracking for all remediation tasks. Also provided recommendations on technology and configuration for jump host, multi-factor authentication, password policy (users and client) and web vulnerability scanning.
  • Next developed complete set of information security policies, risk assessment (threat model analysis), Third Party Service Provider (TPSP) management program, secure Software Development Life Cycle (SDLC) and data flow diagrams using Confluence.
  • Finally scheduled and coordinated all PCI audit related tasks such as team meetings, evidence / artifact collection, internal/external penetration testing, network and application vulnerability scans and on-site audit. Company representative for on-site audit, penetration testing and auditor (QSA) interface.
PCI Security Specialist / PCI SME (Vivitech Business Solutions)
Pomeroy - Hebron, KY
December 2016 - April 2017
(Sub-contract consulting position providing PCI gap assessment for Pomeroy.)

  • Performed on-site and remote interviews with client’s personnel to gather information about their systems/networks/processes.
  • Reviewed client’s documentation, system technologies configurations and PCI related artifacts.
  • Assessed and evaluated the client’s in scope Cardholder Data Environment (CDE) for PCI V3.2 compliance and created in-scope memorandum as part of the project deliverables.
  • Reviewed compliance gaps with business owners to determine remediation timeframe.
  • Produced PCI gap assessment report (+50 pages) with analysis, infrastructure recommendations and roadmap with corrective actions and remediation.
  • Presented executive level presentation for Pomeroy management team outlining project summary and recommendations.
Security Analyst / PA-DSS SME (Tony Keith Consulting)
Data Management Associates, Inc. (DMA), MACH Software - Cincinnati, OH
May 2016 - June 2017
(Independent contract consulting position providing PA-DSS consulting on ERP software product.)

  • Assisted client in bringing ERP software product (MACH Software) into PA-DSS, V3.2 compliance. This included performing a gap assessment on software controls and documentation.
  • Provided recommendations for additional testing such as web vulnerability scanning, network traffic analysis and file system scanning for sensitive data (CC Data). Also wrote and performed risk assessment using threat modeling with analysis on Mach Software.
  • Rewrote MACH Software implementation guide and DMA SDLC documentation per PA-DSS requirements. Created network and data flow diagrams with textual description.
  • Provided scheduling and coordinated all PCI related tasks such as team meetings, evidence collection and meetings with QSA.
PCI Security Consultant / PCI SME (Tony Keith Consulting)
Corporate Travel Management (CTM) - Seattle, WA
March 2016 - May 2016
(Independent contract consulting position providing PCI gap assessment for a corporate travel management company in 19 locations within N. America.)

  • Performed on-site and remote interviews with client’s personnel to gather information about client’s systems/networks/processes.
  • Reviewed client’s documentation and system technologies configurations inlcuding a new office 365 implementation with custom DLP policies.
  • Assessed and evaluated the client’s in scope Cardholder Data Environment (CDE) for PCI V3.1 compliance.
  • Reviewed compliance gaps with business owners to determine remediation timeframe.
  • Produced PCI gap assessment report with analysis, infrastructure recommendations and roadmap with corrective actions and remediation.
PCI Security Consultant / PCI SME (Tony Keith Consulting)
UC Health - Hospital and Health Care Provider Network - Cincinnati, OH
December 2015 - March 2016
(Independent contract consulting position providing PCI gap assessment for a large hospital and health care provider network.)

  • Performed on-site and remote interviews with client’s technical personnel to gather information about PCI environment.
  • Reviewed client’s documentation and environment technologies configurations.
  • Assessed and evaluated the client’s in-scope Cardholder Data (CHD) environment for PCI V3.1 compliance and created in-scope memorandum.
  • Performed PCI gap assessment working against the PCI Security Standards Council’s Prioritized Approach Tool v3.1.
  • Reviewed compliance gaps with business owners to determine remediation timeframe.
  • Finalized and submitted appropriate SAQ.
  • Produced a formal PCI DSS gap assessment report with analysis, infrastructure recommendations and roadmap with corrective actions and remediation.
PCI Security Consultant / PCI SME (ClearBridge Technology Group)
Forsythe - Skokie, IL
December 2015 - February 2016
(Sub-contract consulting position providing PCI gap assessment for nationally known heating and air conditioning company (Rheem), based in Atlanta, GA.)

  • Performed on-site and remote interviews with client’s personnel to gather information about client’s systems/networks/processes.
  • Reviewed client’s documentation and system technologies configurations.
  • Assessed and evaluated the client’s in scope Cardholder Data (CHD) environment for PCI V3.1 compliance.
  • Reviewed compliance gaps with business owners to determine remediation timeframe.
  • Produced a formal PCI DSS gap assessment report with analysis, infrastructure recommendations and roadmap with corrective actions and remediation.
Security Specialist / Technical Advisor (Tony Keith Consulting)
Montrose Travel - Montrose, CA
Physical and online based travel agency and loyalty program solution provider - $300M revenue, +220 employees.
March 2014 - Present (ongoing)
(On-going independent consulting contract position, on-site and remote. I was directly recommended by Trustwave to Montrose Travel for this position.)

  • Security Specialist - Related Responsibilities (on-going - 3 years):
    • Responsible for providing leadership, organization, coordination, scheduling and assessing systems/networks for PCI DSS compliance. Providing recommendations for security related technologies and system/network design changes.
    • Working with several departments to manage PCI related projects including a secure FAX system, updating password policy, data retention policy/scripts, new db encryption technologies and a complete data center migration. Managed all projects and evidence collecting for on-site audit using JIRA ticketing system.
    • Scheduling and coordinating all PCI audit related tasks such as team meetings, evidence collection, security policy writing, internal/external penetration testing, network and application vulnerability scans and on-site audit. Company representative for on-site audit, penetration testing and auditor (QSA) interface.
    • Currently leading a six (6) month development effort of a new Disaster Recovery / Business Continuity Plan (DR/BCP) including Business Impact Analysis (BIA) and recovery strategies gap assessment.
    • Successfully lead three (3) PCI DSS, level 1 certifications. Montrose Travel was certified as a PCI DSS, level 1 compliant merchant and service provider by Trustwave (QSA) in December 2014 (V2), October, 2015 (V3.1) and January, 2017 (V3.2).
  • Technical Advisor - Related Responsibilities (4 months):
    • Provided complete E2E functional automated Q/A solution using Selenium, Mocha, Should and Web Driver IO including implementation, documentation and training of Q/A personnel.
    • Designed and developed an online weather component "widget" including writing the technical documentation for both internal developers and external vendors.
    • Interim project manager until a new project manager was hired. I was part of the team that reviewed resumes and interviewed candidates for the project management position.
Chief Technical Officer (CTO) / Security Officer
Commercegate - Barcelona, Spain (Commerecegate)
Online payment processing platform in EU.
DHD Media - Santa Monica, CA (Emanon)
Online payment processing platform in USA.
Segpay (Toccata) - Coral Springs, FL (Emanon)
Online payment processing platform in USA.
Sept 2013 - Feb, 2015 (Commercegate)
July 2008 - Sept 2013 (Emanon)
(I worked for the technology group consisting of Emanon Management (US Entity) and Commercegate (EU Entity) from July 2008 to February 2015. DHD Media and Segpay were managed by Emanon. Emanon managed Segpay until August, 2011 when the management agreement ended. Emanon continued to manage DHD Media until September 2013 when ownership changed. Commercegate changed ownership also in September 2013, at which point my employment was reduced to 32hrs/week during this management transition period, which ended on February 15th, 2015.)

  • Responsible for all technology infrastructure, security, technical development and technical support across multiple organizations. Also shaped the technology vision by formulating, evaluating, and implementing IT solutions, policies, and initiatives that improved the quality and effectiveness of the strategic goals and the efficiency of the firm's business operations.
  • Instrumental in the design, implementation, documentation and roadmap of a new processing platform using latest technologies including rules based fraud filtering, template based payment forms and configurable recurring (rebill) system. The system was implemented using the following technologies: Apache / Tomcat / Java / Oracle / Spring / Hibernate / GWT / Sencha.
  • Responsible for managing development teams in five (5) locations, four (4) different time zones for three (3) different processing platforms requiring extensive travel, domestically and internationally.
  • Successfully completed eleven (11) annual, level 1, PCI DSS 2.0 compliance audits with outside assessment firms as Chief Security Officer (CSO).
  • Responsible for writing, developing and maintaining most of the company's technical documentation (PCI DSS policies/procedures, technical/functional requirements and public facing APIs, including JSON, XML and REST).
Chief Technical Officer (CTO)
Epassporte (24/7 Commercial Marketing) - Santa Monica, CA
The first online pre-paid re-loadable VISA debit payment system.
Jan 2006 - Feb 2007 (Epassporte)
Feb 2002 - Jan 2006 (Paycom)
(Epassporte was created while working at Paycom.net (see below), which later was sold and managed by 24/7 Commercial Marketing. I was an equity partner in both Paycom.net and Epassporte until Jan, 2006.)

  • Instrumental in complete life cycle development of Epassporte from conception to actually releasing one of the first and most successful online pre-paid re-loadable products.
  • Developed a SOAP/HTTPS based communication framework that provided the basis for all interaction between the website and cardholder's prepaid VISA account located at our backend processor's hosting site. This framework later became a standard feature in our processor's (TSYS) prepaid product.
  • Directed and managed all programmers, developers and administrators in a complete open source environment using Linux, Apache, Tomcat, MySql, JAVA and PHP technologies.
  • Conceptualized and managed the development of many new ideas and features for this product using Agile system development methodologies.
  • Wrote, developed and maintained all technical documentation and technical diagrams for this product.
Technology Director / Chief Security Officer (CSO) / Equity Partner
Paycom.net / Paycom LLC / Epoch Systems - Marina Del Rey, CA
An industry leader in online payment processing.
July 2000 - Jan 2006

  • Preformed daily management tasks as an integral part of a small and progressive executive team which included business development, strategic planning and staffing requirements.
  • Conceptualized and lead development of many new products and features in the payment processing area including fraud filtering techniques, new payment models, cross-sales, affiliate / reseller / sponsor tools and marketing ideas.
  • Directed and managed 22 personnel in the Technical and Technical Support departments. The Technical department of 11, mainly JAVA programmers, PHP developers and System Administrators were responsible for all production based systems and new development. The Technical Support department of 11, were very specialized, well trained technicians to help assist clients with setup, configuration and data/reporting issues.
  • Maintained all procedures, policies and documentation for the Payment Card Industry Data Security Standard (PCI DSS, formally known as CISP, Cardholder Information Security Program).
  • Successfully completed four (4) annual, level1, CISP / PCI DSS audits with outside audit firms as CSO.
  • Performed the technical lead position on an idea for an online prepaid debit payment system which became known as Epassporte.
Turn-Key Software Solution Provider (Owner)
Middletown Steel - Middletown, OH
Nov 2000 - July 2001
(Owner and primary consultant of Keith Consulting Services, Inc. for more than 6 1/2 years providing turn-key solutions and consulting services.)

  • Completed a large system port of an inventory control and accounting system for a large steel cutting company (Middletown, OH).
  • This system port was from SCO Unix to QNX and included recreating over 100 libraries functions written in 'C' that no source code existed for. This included all user interface functions, printing functions, calculation functions and database functions.
Independent Consultant (Keith Consulting Services, Inc.)
H.K. Systems - Hebron, KY
Feb 1999 - July 1999

  • Successfully completed a large system port (QNX Version 2 to QNX Version 4) and upgrade of a high speed, high volume (SBIR) merchandise sorter for a national women's clothing distributor (Greencastle, IN).
  • This system port also included redesigning every process to support an SQL database (Sybase) instead of the existing ISAM database.
Turn-Key Software Solution Provider (Keith Consulting Services, Inc.)
Crane Naval Support Center - Crane, IN
July 1999 - Jan 2000

  • Successfully completed a large system port (QNX Version 2 to QNX Version 4) and upgrade of a three aisle AS/RS (automatic storage / retrieval system) inventory control system for a government project in electronic parts warehouse and distribution facility (Crane, IN).
  • This system port also included converting a large ISAM tables to a fully SQL supported database (Sybase) and also entailed a complete redesign of all database structures and SQL queries.
Independent Consultant (Keith Consulting Services, Inc.)
CASI (Computer Aided Systems, Inc.) - Hayward, CA
Oct 1997 - July 1998

  • Lead system software consultant for an international shoe company (Nike) on a complete warehouse management control system (Memphis, TN).
  • Participated in system analysis and design, software development, testing, writing documentation, installation, training and technical support on a QNX based system. The system integrated components and sub-systems into a complete warehouse management system. This included a host computer (HP9000), many PLCs and a PLC gateway computer, tilt-tray sorter, pick-to-light paperless picking system and miles of powered conveyor.
Independent Consultant (Keith Consulting Services, Inc.)
F & A Data Systems - East Brunswick, NJ
Oct 1996 - March 1997
Feb 1995 - Dec 1995

  • Completed a warehouse management system on RF data collection terminals.
  • Designed and documented a standard communication and messaging protocol for host systems.
  • Implemented and tested a six communication client / server processes using TCP/IP sockets on three different systems.
  • Developed a library of support functions for RF terminal screens using Curses. This library was used to implement three complete RF based warehouse management systems.
Turn-Key Software Solution Provider (Keith Consulting Services, Inc.)
Forte Industries - Mason, OH
Dec 1996 - Sept 1997

  • Independently designed, developed, implemented and installed four real-time, PC based, software systems for Forte Industries (a Buschman conveyor distributor - Mason, OH):
    1. A merchandise tracking and 7 lane shipping sortation system for a baby product warehouse.
    2. A merchandise tracking and 16 lane shipping sortation system for a book distribution warehouse.
    3. A print/apply labeling, merchandise tracking & 21 lane shipping sortation system for a candle manufacturing distribution warehouse.
    4. A complete host label printing system for printing pallet contents on multiple labels.
  • All systems were developed in ANSI 'C', QNX Windows, Sybase SQL using QNX (UNIX like) a real-time, multi-tasking, networked, multi-user, operating system.
Senior Software Design Engineer (Full-Time & Consultant) Western Atlas (Litton Automation->H.K. Systems) - Hebron, KY
Oct 1993 - Dec 1995 Sept 1991 - April 1993

  • Designed, developed, implemented and installed four real-time, PC based, software systems:
    1. A five aisle fully automated storage and retrieval system (AS/RS) with conveyor feed input and output for an international truck tire manufacturer (McMinnville, TN).
    2. A three aisle fully automated storage and retrieval system (AR/RS) with full inventory control for a government electronics parts warehouse installation (Crane, IN).
    3. A high speed, high volume (15K units / hour) merchandise sorter (SBIR) for a national clothing distributor.
    4. A three aisle AS/RS software project for scheduling and delivering cotton and polyester bales to thread processing machines (Rabon Gap, GA).
Senior Software Engineer
The Buschman Company->FKI Logistex - Cincinnati, OH
April 1993 - Sept 1993

  • Performed technical lead position on a new $750K carousel picking and storage management software product to be written in 'C' and FoxPro under DOS, using Novell network/filesystem and Codebase 5.0 database engine.
  • Project was canceled due to the purchase of a competitor company which already had developed a similar software package and had an existing staff of 25 software engineers.
Software Engineer, Systems Analyst III
Practical Control Systems (PCS) - Cincinnati, OH
March 1990 - July 1991

  • Designed, developed and implemented many aspects of real-time, PC based, inventory control and merchandise picking systems. Coded in 'C' using C-Tree ISAM database engine under QNX real-time operating system.
  • Interfaced various types of hardware to PCs including mainframe equipment, embedded controllers, and PLCs via RS-232/422/485 serial communication links.
  • Responsible for completion and installation of an inventory control / paper-less picking project based in Cape Town, South Africa for Foschini Group (06/91 - 07/91).

Professional Development

Professional Certification
CISSP (Certified Information Systems Security Professional) - #540621
May 11, 2016
Guest Speaker
Node.js Cincy Meetup - Cincinnati, OH
August 12, 2015

  • Invited speaker to Node.js Cincy Meetup.
    • Gave a 1 hour main topic talk with slideshow presentation and full demostration of my online tutorial: "Introduction to E2E Testing using Web Driver IO, Mocha, Should and Selenium". The presentation is available online here.
Guest Speaker
TSYS Card Tech, User Group - Amsterdam, NL
April 10, 2008

  • Invited speaker at TSYS Card Tech User Group with conference theme as "Growth Through Flexibility".
    • Gave a 45 minute talk with slideshow presentation: "Growing Your Online Business - How to Reduce Costs with Open Source Software"
Author
Technical Blog / Articles
April 2014 - Present

  • "Web Driver IO Tutorial" on personal blog and as open source project on Github.
    Extensive tutorial article including many working examples and a working web site. This project is maintained and updated on a regular basis.
  • "DMX Tester - Inexpensive Tester for sending DMX-512" on personal blog
    DMX-512 is a communication protocol used in the lighting industry. This article is based on a hardware/software project I built.
  • "State Machine Programming and Input Validation" on personal blog
    State machine programming is ideal for keyboard input validation. This article is a complete working example.

Education

University of Cincinnati - Cincinnati, OH
Sept 1983 - Dec 1989

  • Graduated in 1989 with a Baccalaureate of Science in Electrical Engineering Technology (BSEET).
  • Maintained part-time jobs through out college to help cover tuition and expenses.
  • Designed and built a PC based 24 analog channel stage lighting controller with complete software user and hardware interfaces as a senior design project. This project was used to control an outdoor lighting show for 3 weeks at the grand opening of the Cincinnati Museum Center at Union Station.
Last Update: 06/16/17

Tony Keith - tlkeith.com © 2015-2017 - All rights reserved.
Built with Bootstrap and Angular JS