Operating Systems: 
Windows 2003 Enterprise, Windows 2000, Sun One, Linux(Red Hat), Unix, Solaris, Cisco IOS, Novell

Hardware: Cisco Routers, Switches, Cisco PIX/ASA Firewalls, Cisco VPN, Netscreen VPN, ISS Proventia A Appliance, ISS Proventia G Intrusion Prevention Appliances, ISS Proventia M Security Appliances, Nokia, Crossbeam Solutions, TippingPoint IPS, F5 Networks, VMware

Software: Nmap, ISS RealSecure Internet Scanner, ISS Site Protector, ISS RealSecure Network Sensor, ISS RealSecure Server Sensors, ISS Proventia Management Java, Checkpoint Firewall NG, NGX, Nokia IPSO, Nokia Voyager GUI, WebInspect, Nagios, Remedy, Websense, Trend Micro Virus Wall, CA entrust

Confidential, Omaha, NE 
09/2008 - Present
Security Analyst

• Member of the Network Engineering Planning and Provisioning team at First Data Corp
• Primary responsibility consists of implementation, administration, troubleshooting , and debug 300 Nokia IPSO 4.2 devices, running Checkpoint NGX R65/R70 instances, in a VRRP configuration, in a multi- site, multi VPN deployment in a Provider-1/ environment
• Administration of global policy management to include creating and assigning global policies,
• CMA provisionment, SmartDefense configuration, modification and assignment of profiles
• Comprehensive experience with Site-to-Site, SecuRemote/Client VPN encompassing IPSEC, IKE, SSL protocols, communities, tunnel management, multiple entry point VPN and configuring VTI
• Additional support of Juniper SG firewalls, Juniper SSL VPN and Cisco PIX/ASA
• Knowledge of Checkpoint VSX, including virtual systems, routers and switches
• Maintenance of the LAN/WAN environments and related equipment such as Cisco 7200 series router, Cisco Catalyst 6500 switch, and Cisco VPN concentrators
• Thorough knowledge of routing principles, and dynamic routing protocols BGP, OSPF
• Hands-on administration and support of Juniper IDP, Cisco IPS, and ISS Proventia 2.0 IPS
• Perform network protocol analysis and raw packet captures using tcpdump and fw monitor
• Provide Subject Matter Expertise on the areas of Network Security, Security Methodology and Compliance (PCI) and maintained PCI DSS compliance in a Tier-1 environment
• Write and revise security policies, procedures and document PCI infrastructure with layer 3, layer2, and dataflow diagrams for corporate network to current levels
• Review and process of Remedy firewall tickets to ensure adherence to enterprise guidelines, security standards, , and procedures to minimize risks
• Implementing, communicating security policies and/or plans for data, software applications, for Governmental Agencies, as well as interaction with different areas during project requirements gathering, design, implementation and documentation
• Use of ArcSight Enterprise Security to provide monitoring, analysis and incident response
• In-depth defense strategies and how security devices are deployed
• Built and implemented Crossbeam X-80, two in-line application VAP-Groups including Checkpoint Firewall-1 NGX R65 in serialized configuration
• Security Event Management health monitoring using EnVision,, Nagios and Spectrum
• Core Windows and UNIX/Linux system knowledge including network connectivity, and security
• Work with Project Managers to ensure that proper security controls are identified, implemented and tested during normal weekly maintenance windows
• Participate in an Incident Response calls as necessary

Confidential, Atlanta, GA 
06/2008 - 09/2008
Sr. Network Engineer

• Provide highly reliable and efficient network support within Data Center
• Monitors the reliability , performance of network, and implements preventive and corrective actions
• Configure Cisco ASA 5540 security appliance for boundary, access lists, contexts, corporate nat and site to site VPN
• Responsible for the implementation and administration of Checkpoint NGX/Nokia firewall solutions to provide perimeter network protection in a Provider-1environment
• Managing global policies, global VPN, monitor status of gateways into the MDS, down into the CMA
• Deployment of Nokia running instances of Checkpoint in HA using VRRP in Voyager
• Provided site to site VPN accessibility and remote access using SecureRemote/SecureClient
• Implementation and administration of Checkpoint IPS-1 intrusion detection
• Updated signatures and advisors thru Smartdefense services
• Experienced in Cisco IPS, signature tuning, updating and monitoring
• Peformed packet analysis using tcpdump and fw monitor
• Create and modified rulebase including network, hosts and nodes
• Cisco 2950/2960 and 6500 switch configuration and maintenance, VMware virtual switches
• Implemented replacement of Cisco 2950 with Cisco 2960 switches
• F5 Networks load balancers, CiscoWorks, Cisco ACS and Solarwinds
• Research, debug and troubleshoot to determine root cause

Confidential, Portland, ME 
03/2008 – 6/2008
Network Security Engineer

• Member of Incident Security Response Team providing containment, inoculation, quarantine and treatment of breached POS network to full PCI-DSS validation compliance
• Performed PCI-DSS security audit of business facilities and system components, protected stored cardholder data, and encrypted transmission of cardholder data across open public networks
• Analyzed and monitored syslogs via RSA enVision for event tracking and coorelation
• Use of ArcSight Enterprise Security to provide monitoring, analysis and incident response
• Managed Cisco IDS/IPS devices for signature tuning and updates, monitoring and IP logging
• Implemented replacement of Cisco PIX firewall with six pairs of Cisco ASA 5540 appliances

Confidential– WebMD, Nashville, TN 
03/2007 - 03/2008
Information Security Engineer

• Lead engineer on a migration project, moving 300 VPN tunnels to a new data center
• Based on project management and requirement development, established operational concepts and scenarios, accessing the adequacy of requirements, and accessing component, cost, and risk
• Upgrading CheckPoint FW-1 management servers, 16 Nokia firewalls from NG AI R55 to NGX
• Manage Cisco Concentrators, Cisco ASA and SonicWall VPN’s in a site to site configuration
• Ensured firewall rules, in a accordance with corporate and industry security standards
• Deployed, configured and installed all Perimeter connectivity devices
• Access to Cisco routers and switches (6509) on the core and 4009\'s at the access layer, and assisted in maintaining, monitoring and troubleshooting this infrastructure as a secondary role

Confidential, Atlanta, GA 
08/2004 - 03/2007 
Information Security Engineer

• Member of Security Operations providing security assessment, vulnerability and intrusion detection
• Monitored security intrusions using ISS Realsecure server and Cisco NIDS devices.
• Analyzing malicious code, vulnerable software, security tools, and patches on a various platforms.
• Working with other third party vendors, provided service planning, provisioning, activation, invoicing, billing and mediation under the IP OSS Alliance program to lower total cost of network service deployment, operation and ownership to operate at peak efficiency
• Threat mitigation including detection, containment, eradication, recovery, and response
• Perform penetration testing and auditing, packet analysis utilizing dsniff, passive sniffing, active sniffing, windump, tcpdump, Snort, SSH, Ethereal, Ettercap, HTTPS sniffing and WebInspect
• Tune Intrusion Detection Systems and syslog servers to maximize customers\' use of managed security services. Develop general security principles including access controls, network security, packet-centric, application fingerprinting, subverted networks and anatomy of an attack.
• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
• Responsible for the engineering, implementation, administration of Checkpoint NG AI, NGX, Smartdashboard, Nokia/Crossbeam Firewall solutions provide perimeter network protection
• Use of Checkpoint Provider-1 to manage global policies, global VPN, and monitor status
• Supported Nokia Clustering Checkpoint Load balancing high-availability solutions
• Deploy firewall support solutions on production Linux systems on customer networks.
• Maintained security and policies on ISS Proventia Security Appliances (A, G, and M’s)
• Experience in Cisco PIX firewall implementation, configuration and policy modifications.
• Pix Active/Standby failover and Active/Active (version 7.x).
• Network segmentation, dynamic routing, integration and deployment of Juniper Networks/ Netscreen firewall and VPN high availability solutions including Unified Threat Management
• Site to Site VPN, SecureRemote/SecureClient, VPN, IPSec/IKE, and TLS/SSL
• Content filtering solutions and virus management integrating Trend Micro and Cisco Security Agents to allow eliminating threats, improving security and network admission policy enforcement
• Using dynamic routing protocols, EIGRP, BGP, OSPF, RIP, DS3, frame-relay, T-1
• Layer 3 Switch VLAN, QOS, Access Lists, Spanning tree, remote management and monitoring.
• Experience with other manufacturer’s firewalls, including Dragon and SonicWall
• Installation, configuration and maintenance of network monitoring and Intrusion Detection systems
• Real-time traffic analysis, network IDS and packet dissection using Snort
• Use of ArcSight Security Manager to provide monitoring and incident response
• Remote management of devices via SSH, Telnet, HTTP remote upgrades and changes.
• Working knowledge of regulatory compliance, including ISO 17799, PCI requirements
• Certificates (X.509 standard) and EnTrust, SSO practices, Pretty Good Privacy, OpenPGP
• Use of Remedy trouble ticketing application and Site Protector for management of IDS devices.

Confidential
02/2003 - 07/2004
Network Administrator (Security Clearance –Secret)

• Acted as consultant to headquarters network and security operations team in the development and optimization of management systems architectures and operations strategies.
• Developed implementations for a multi-service IP network design to support voice, video and integrated data throughout the enterprise.
• Managed successful integration of rapid network development from 100 WAN routers to over 350 WAN routers in less than 3 months in support of over 5000 backbone devices and 500,000 users during Operation Enduring Freedom and Operation Iraqi Freedom.
• Cisco Router WAN Frame Relay, Point-to-Point and ATM connections using T-1, DSL broadband, and 56K WICs including Bonded T-1 links (Cisco 1600, 2600, 1700, 2700, 3650 series of routers).
• Layer 3 switch VLAN, QoS, Spanning Tree, multi-link trunks, remote management and monitoring
• Analyze and report outages and corrective actions to Theater Network Operations Center.
• Performed Cisco PIX firewall modifications, security assessments, vulnerability detection
• Cisco IDS including signature tuning, sensor deployment and signature upgrades
• Configuration of site to site VPN, remote user VPN tunnel, on secure segmented trusted networks.
• Windows NT, 2000, and 2003 server implementations, support and administration
• Directed configuration, and implementation of Joint Network Management System including HP Openview, CiscoWorks 2000, Cisco PDM, Site Protector, and Remedy trouble ticketing application.
• Respond to customer interface/user issues.

Professional Certifications and Organizations:
CCNA, CCSP, CCSA, CCSE, CISSP, FBI-InfraGard

Education: Computer Science and Information Systems