TIAGO ALCOBIA
10 YEARS OF EXPERIENCE
BACKGROUND
Mr. Alcobia has over 10 years in the telecommunications (fixed and mobile)
information technology industry and has wide experience covering the entire
software development life cycle: business analysis, requirements definition, solution
design, development/coding, testing (including performance tuning) and
delivery/documentation for major telecommunication operators in Europe.
Mr. Alcobia has extensive experience on developing for the Arbor/BP / Kenan/FX
platform and its integration with other platforms/systems. Mr. Alcobia also has over
2 years’ experience with using webMethods as an EAI (Enterprise application
integration) platform and also experience with Oracle SOA/AIA platform.
AUDITOR/ANALYST, PT-SI/TIMOR TELECOM (PORTUGAL & EAST TIMOR)
CURRENT
ASSIGNMENT
Executed and documented an IT security audit on a customer self-care web portal
(iCare Light) which was custom designed by PT-SI (Portugal Telecom – Sistemas de
Informação) for its client: Timor Telecom (TT), the main telecommunications
provider in Timor Lorosae/East Timor.
This audit involved three major dimensions (technology, the organization/people and
its processes) to guarantee, before Production go-live, the quality assurance and
compliance of the implementation towards the client and industry standards/best
practices
in
the
domain
of
IT
security
(i.e.
information/data
confidentiality/classification, system/application/network security, IT governance.).
Technologically the load-balanced, secured (HTTPS/SSL) clustered architecture is
composed of a Back Office web portal (for intranet portal administration) and a
Front Office web portal (for extranet/internet self-care from TT authenticated prepaid and post-paid mobile customers).
It was designed to run on IIS (Microsoft Internet Information Services) web server
(running on Microsoft Windows Server) and was written using ASP.NET/C# (C
Sharp) together with JavaScript and Ajax. It uses MSE/WCF (Windows
Communication
Foundation)
for
integration/middleware/SOA/web-services
connectivity with the backend (Oracle BRM and Siebel through AIA).
Additionally, the solution has its own RAC/clustered Oracle database (running on
Red Hat Linux Server) to manage locally stored data.
The implementation was evaluated in terms of the parameterization of the IIS web
Server, Windows Server OS, Red Hat Linux Server and Oracle Database.
A threat and risk analysis was executed that consisted of black box and white box
penetration tests (ethical hacking) executed on the Front Office and Back Office
portal to validate the existence of the most common vulnerabilities/exploits (i.e.
authentication brute-force, Denial of Service (D.O.S)/stress testing, input/output
sanity checking/SQL injection, Cross Site Scripting (XSS), session hijacking/spoofing,
information disclosure, URL traversing, code vulnerabilities, elevation of privilege,
tampering, etc.) and any violations to security principles such as data confidentiality,
integrity, accessibility, authenticity and non-repudiation.
Other related threats were also analyzed and discussed with the project members
(i.e. disaster recovery plan, physical security, internal security, social engineering
defense, network security, etc.)
This assignment involved straight collaboration with the PT-SI development team
and interviews to some elements from TT to capture the project, architecture design
and IT governance documentation. This was necessary to address any nonconformity detected not only on the technological implementation but also at the
level of the organization and its business processes/procedures/policies (security
governance).
The initial phase of the audit was started off-shore (from Portugal) during the QA
testing and then on-shore (East Timor) for the final Production audit.
(Technical Environment: iCare Light written in ASP.NET 4.0/C#/WCF, JavaScript and
Ajax running on a load-balanced IIS (Internet Information Services) 7.5 web server
on Microsoft Windows 2008 Server R2 x64bit STD and supported by a RAC/Clustered
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 (64bit) running on Linux
Red Hat Enterprise Linux Server release 5.6 (64bit). Several support tools where
used during the auditing, namely ZenMap/NMAP, Apache Jmeter, Microsoft Security
Compliance Manager + LocalGPO, Microsoft Attack Surface Analyzer, Firebug Firefox
extension, W3AF, BadBoy, Fiddler, Lens, Microsoft Visual Studio 2012, Oracle SQL
Developer, VirtualBox, WireShark, etc.)
Crossjoin Solutions
Avenida António Serpa, Nº36, 4ºAndar, 1150-027 Lisboa - Portugal
Email: info@cross-join.com | Tel/Fax: (+351) 210 818 530 | Web: www.crossjoin.pt
Página 2 de 4
EXPERIENCE
08/2010 - 05/2012
BELgacom (BELGIUM)
ORACLE SOA/AIA CONSULTANT
Assigned to the SOA/AIA team responsible for support of all project environments. This support
included:
Release management and deployment to both Clustered and non-clustered supported
environments (Oracle SOA Suite 10.1.3.4.5 with AIA 2.4 FP (Order to Bill / Customer MDM PIP)
PIP, Oracle Database 10g, Red Hat Enterprise Linux Server release 5.2).
Trouble Ticket resolution to the SOA/AIA environments and their integration with other systems
(Siebel and legacy platforms) by interfacing with tester and development teams.
Support to the Stress Test team in the scope of performance tests by executing changes
required to the environment (i.e. JVM parameters/garbage collection parameters/strategy,
heap memory parameters, connection pool settings, ESB properties (i.e. threading,
retryIntervals), BPEL code optimization, etc.).
Additional tasks required where log analysis, execution of threaded tests to BPEL processes via
SoapUI and JMS queues via HermesJMS, monitoring of the SOA/AIA platform (JVM, Linux
machine memory resources, SOA database and connection pools, DMS tool metric/statistics,
etc.), resolution of environmental issues and deployment of hotfixes for performance
evaluations.
Additional duties in this assignment included the production support to the in-house platform
responsible for synchronization of customers between Siebel and legacy applications. This was
a J2EE application deployed on an IBM WebSphere Application Server (WAS) running on a
Solaris 10/SunOS 5.10 UNIX machine on a Oracle 10g Database.
(Technical Environment: Oracle Application Integration Architecture (AIA) Foundation Pack 2.4
(Order to Bill and Customer MDM PIP for integration between Siebel 8.1.x CRM and legacy
applications) on Oracle Fusion Middleware/SOA Suite 10g, on Oracle Database 11g and Red
Hat Enterprise Linux Server release 5.2, JDeveloper, SQL Developer, BPEL process manager,
Enterprise Service Bus, SoapUI, HermesJMS, WireShark, Quality Center)
06/2010 - 08/2010
BanifServ (PORTUGAL)
Programmer/Analyst
As programmer/analyst for a major bank in Portugal, Mr. Alcobia elaborated a proposal for the
replacement of the existing Version Control Software/System (Aldon LifeCycle manager) with a
Subversion platform.
The requirements where that it needed to interface with the existing AS/400-OS/400
mainframe platform. The proposal included a proof-of-concept a Windows Java Eclipse custom
developed application with Subversion as a plugin interfacing with OS/400. Another proof-ofconcept OS/400 application was also developed with the screen design aid (SDA) to
demonstrate an alternative solution with Subversion.
Crossjoin Solutions
Avenida António Serpa, Nº36, 4ºAndar, 1150-027 Lisboa - Portugal
Email: info@cross-join.com | Tel/Fax: (+351) 210 818 530 | Web: www.crossjoin.pt
Página 3 de 4
This proposal involved interviews with all involved stakeholders and gathering of requirements
of the existing platform and definition of an alternative architecture aligned with the existing
organization and procedures. The definition of the new system involved a market study of
alternative solutions for Aldon.
Mr. Alcobia also participated in the proposal for the definition of corporate IT best practices
through several interviews with impacted stakeholders in the organization. The proposal
included a proof-of-concept portal for the organization for a document repository.
At another assignment at this client, Mr. Alcobia was responsible for elaborating a testing
strategy for testing the new web application used by each bank branch for customer account
management. The strategy was based on the use of OpenSTA for the HTTP/SOAP calls to the
application for load and automated functional testing.
(Technical Environment: IBM System i-OS/400-AS/400, IBM DB2, Subversion, Eclipse IDE/Java,
OpenSTA, Microsoft SQL Server Database, Microsoft Visual Studio 2005 Reports).
1996-2001 Undergraduate B.Sc Degree
EDUCATION
TRAININGS
LANGUAGES
Licenciatura em Gestão de Sistemas e Tecnologias de Informação (Business
Computer Science) – Universidade Atlântica, Lisbon, Portugal
02/2012 Oracle University Training - Service Oriented Architecture: Concepts
02/2012 Oracle University Training - Service Oriented Architecture: Governance and
Security
02/2012 Oracle University Training - Service Oriented Architecture: Service
Engineering and Modeling
01/2010 PADI Certified Open Water Scuba Diver
02/2009 webMethods 7.1 Advanced Enterprise Integration Workshop (Software AG
course)
07/2007 Oracle SOA Boot Camp
07/2006 Team Management MRC Training
06/2003 Oracle 9i Administration: Optimization
04/2002 C++ (Object Oriented Programming)
01/2002 CCNA (Cisco Certified Network Associate) Certification
Portuguese
English
Spanish
French
Deutch
Muito Bom
X
X
Bom
Regular
X
X
Crossjoin Solutions
Avenida António Serpa, Nº36, 4ºAndar, 1150-027 Lisboa - Portugal
Email: info@cross-join.com | Tel/Fax: (+351) 210 818 530 | Web: www.crossjoin.pt
Página 4 de 4