SUMMARY:

• Network Architecture ~ Security Infrastructure ~ Solutions Architecture
• Highly creative and accomplished Information Technology Professional with over 15 years of experience delivering superior solutions for ensuring secure, intrusion - free network systems.
• Demonstrated ability to implement innovative security programs that drive awareness, decrease exposure, and strengthen organizations, and hands-on experience leading all stages of system development, including defining requirements, design, architecture, testing, and support.
• Expert technology and analytical skills complement proven success architecting, implementing, configuring, and supporting all aspects of state-of-the-art information systems for the most critical applications.

EXTENSIVE EXPERIENCE AND EXPERTISE INCLUDES:

• Network Engineering
• Voice over IP
• Data Center Engineering
• Network Architecture
• Network Security
• Virtual Private Networks
• Intrusion Prevention Systems
• Firewalls
• Vulnerability Assessments
• Penetration Testing
• Security Policies/Procedures
• Implementation
• IS/IT Audits
• Roll-Outs
• Problem Resolution
• Support
• Troubleshooting
• Training

COMPUTER SKILLS:

Operating Systems: Microsoft Windows 2012,2008, 2003, 2000, Windows 8, Windows 7,Windows XP, 2000,, IIS Server, DHCP, DNS, LDAP

NAS/SAN: EMC VNX, EMC CX 500, Dell/EMC FC 4700

Network Management: Cisco works, MRTG, Microsoft SUS, Statseeker, Orion

Scanner tools: Nessus, Retina

Intrusion Detection Tools: Cisco IPS appliances

Load Balancers: F5 LTM, Cisco CSS 11x Series

Security/Web monitoring: CS MARS, Websense, Ironport, FireEye

Access Control: Cisco ACS server, TACACS+, RADIUS, LDAP

Firewalls: Cisco ASA, Palo Alto, IOS Firewalls (CBAC, Zone Based )

VPN: SSLVPN, Web VPN, VPN 3000,DMVPN,VTI

VoIP: Cisco IPT, Cisco Unified Presence, Cisco Jabber, Collaboration Edge, QoS

Cisco Hardware: Cisco Routers (7200, 4451, 3900,3800, 2800, 3600, 4000, 2500, 2600)

PROFESSIONAL EXPERIENCE:

Confidential, Reston, VA

Enterprise Architect

Responsibilities:

• Datacenter and Enterprise Network/Infrastructure solutions/implementation for Confidential customers and internal Confidential clients.
• Establish technical standards for infrastructure and overall technical architecture for the enterprise.
• Evaluate and recommend new technologies that will provide a secure, modern collaborative platform for Confidential to conduct business.
• Responsible for developing/implementing defense-in-depth solutions for the enterprise as well as external Confidential clients.
• Work with the Confidential office to develop the appropriate security policies and procedures, assist during external IT audits, SME on internal audits.

Confidential

Manager- Network Operations /Solutions Architect

Responsibilities:

• Consulted on the network/VoIP/security design for the Confidential network (Affordable Care Act). Was closely involved with the design and implementation work. This network supported about 5000 + remote users across multiple sites.
• Primary engineer from the USA for the Confidential Global Architecture team. Was intimately involved in the redesign of the Confidential global WAN. This redesign involved moving away from a decentralized model to a centralized model with geographically diverse POP’s.
• Deployment of Cisco VCS Expressway (Collaboration Edge) for Jabber Anywhere. Successful completion of this project enabled our users to avail of the mobility features of the Cisco Jabber (IM/Presence/Voice/Video) without having to VPN in to the network.
• Deployment of Cisco Unified Presence for the enterprise network
• Migrated UC applications ( Confidential /Unity) from MCS hardware to Confidential . This project was completed while both versions of Confidential were online and live migration of users was performed.
• Lead engineer for the implementation of F5 3600 LTM appliances.F5 were implemented to alleviate SAP performance issues as well as to retire Cisco CSS 11xxx series appliances. Currently the F5's serve as the primary landing point for most web based applications.
• Lead engineer for Confidential implementation. This project involved the setup of three fully populated UCS 5108 blade chassis, 6120XP fabrics.
• SAP myHR application suite roll out. My role in this project was to configure the Confidential 5010 switches for FCoE, configure zoning, san port channels on the MDS 9134 FC switch.
• EMC SAN upgrade. I was involved in the design and implementation of the EMC SAN upgrade from the EMC CX 500 to the EMC VNX NAS/SAN. I was primarily involved with the fiber channel switching (zoning etc.) while also assisting with the configuration of the SAN and EMC RecoverPoint.
• Lead engineer for the deployment of FireEye security appliances across multiple sites. FireEye appliances that have been deployed include the FireEye web MPS (wMPS), FireEye Email Security Appliance (eMPS) and the FireEye Central Management appliance.
• Lead engineer for deployment of open source malware detection software (BotHunter)
• Incident response and mitigation for a nation state based attack on Confidential resources. Primary role was to identify attack vectors, determine a mitigation strategy and develop a long term strategy/controls to safeguard Confidential IT assets from compromise.
• Deployment of SIEM solution to help identify and mitigate attacks as well as provide a single log repository for disparate systems.
• Cisco AnyConnect SSL VPN and Clientless Web VPN rollout. This project was required to retire the VPN 3005 and PIX 525 VPN appliances.
• Evaluated and tested Confidential VPN solution to provide encryption across MPLS links. Project did not move forward due to a lack of funding,
• Manage the day to day IT operations for Confidential (10,000+ employees) including budgeting, forecasting and professional development of technical staff.
• Mentor/Supervise network and server engineers to ensure timely and cost-effective deployment of systems and services that support business objectives.
• Review technology requests and work with direct reports to schedule and complete projects.
• Manage and coordinate third-party vendors.

Confidential

Senior Network Engineer/Solutions Architect

Responsibilities:

• I was the Project Leader for the network infrastructure merger of an acquired company. This consisted of merging 28 remote sites into the Confidential NA MPLS network, consolidating network security, migrate the acquired companies data center to Confidential DC, deploy VoIP to 28 sites, upgrade network infrastructure from HP to Cisco, consolidate wireless services etc.
• Project leader for the migration of Confidential remote office sites into an MPLS environment. My role was to completely redesign the existing hub/spoke fully meshed VPN network into a design that is secure, scalable and VoIP capable.
• Project leader for the implementation of the Cisco WAAS (WAN accelerator) appliance and network modules.
• Project leader for the data center move. I setup a complete lab and was able to completely simulate the move from start to finish and was able to work out any issues that might arise during such a move. This move was a little complicated as it was done in three phases and IP addressing on both sides (DC and existing NOC) had to be kept the same. I was also involved in coordinating with the DC vendors on issues such as circuits, power and cabling. The result was a very successful data center move.
• Design and implementation of a highly available VPN network. This includes IPSec VPN, SSL VPN, and VTI.
• Design and implementation of Cisco NAC
• Implementation of Cisco IPS 4240 sensors. The sensors were implemented as either IPS or IDS devices
• Implementation of Cisco CS MARS as threat mitigation, security monitoring device.
• Implementing DMZ's to separate corporate, client devices.
• Securing perimeter routers as per government regulations.
• Securing remote site networks using Zone Based Firewalls.
• Implemented Ironport Spam Filters.
• Drafted the Confidential NA network security policy
• Lead Engineer for the implementation of an enterprise wireless network for the corporate/remote offices. The hardware used was a Cisco 4402 Wireless LAN Controller and Cisco 1250 Access Points.
• Assisted and provided support for the deployment of the Cisco VoIP IPT. Tasks involved configuring Confidential /Unity, configuring LAN switches and other administrative tasks.

Confidential, Silver Spring, MD

Senior Network Engineer

Responsibilities:

• Manage network security including PIX firewalls, IDS, VPN, and web monitoring.
• Oversee VPN security and ensure that security requirements are met by configuring the Cisco PIX for VPN Remote access and site-to-site VPN tunnels using 3DES and either MD5 or SHA.
• Coordinate with TNOSC (Fort Huachuca - Army Security), RCERT and CID to resolve security-related incidents.
• Ensure that workstations meet Army Security standards and DITSCAP requirements using the Real Secure ISS scanner and Harris Stat Scanner to run scans based on Army requirements.
• Configure Cisco 7206 perimeter router access lists; configure and maintain Cisco 7206, 4000, 3640 and 2500 series routers; perform LAN/WAN troubleshooting; and monitor the network using Cisco Works, Traffic Director, and Network Monitor.
• Implement and administer SMS for the entire WRAIR site, Active Directory administration and troubleshooting, and assist in disaster recovery planning.
• Replacing the 5500 access layer switches with GB/VoIP capable 4506 series switches.
• Planning for the future implementation of Cisco VoIP.
• Implementing OSPF as the routing protocol of choice and
• Implementing VRRP as the standby protocol replacing HSRP.
• Redesigning the VLAN architecture to make better use of the IP address space.
• Configured 2 PIX 525 Firewall devices for stateful failover. Also, configured the PIX to interface with Web Sense for URL Filtering.
• Configured and deployed a Cisco CE 7305 Content Engine for the WRAIR Enterprise. Used WCCP for this purpose.
• Setup Cisco Secure ACS server for user and group authentication.
• Utilized Real Secure IDS to monitor network traffic, track worms and other malicious traffic.
• Assisted help desk engineers in migrating user desktops to a new Active Directory domain using the Fast Lane Migrator tool.
• Coordinated with Confidential and MEDCOM to ensure a successful migration.
• Applied similar tools to migrate user profiles.
• Implemented, configured, and managed an FC4700 Dell/EMC NAS/SAN that involves a 9TB SAN made available to users through a clustered Windows server connected to the LAN using a Brocade fiber optic switch and using Zones to make the SAN accessible to individual servers.
• Configured SMS 2.0 to use Feature Pack Tools to scan and update workstations on the LAN with the most current security updates from Microsoft to help combat the worms attacks by proactively update the workstations.
• Setup a RAID5 Data Storage system for the NOC using a Compaq RA 8000 Fiber Channel Raid system
• Installed and Configured a MS Windows SUS server.
• Provided team training to ensure successful completion of the project.
• Performed basic and advanced troubleshooting and problem resolution.
• Ensured safe and complete transfer of data from the Novell servers to the NT servers.
• Administered NT security for user directories.
• Configured the data storage systems and also managed the data backup systems (ARC Serve for NT).
• Implemented and tested Win-Install to facilitate remote installation of desktop applications.
• Served as Technology Consultant and member of the server/mail migration team for a multi-vendor team that designed and implemented the new NT architecture.
• Performed Novell and NT administration and migration, CC-Mail to MS-Exchange migration, disaster recovery, and implement future architecture changes for both the Novell and Microsoft NT environments.
• Replace Windows 3.x workstations with NT 4.0 workstations, corrected related application issues, and completed “clean-up” work that included migrating users not included during the main project schedule.
• Resolved server-related issues and supported migration teams in the field.
• Delivered user training and performed troubleshooting to resolve user problems.

Confidential

Network Engineer

Responsibilities:

• Implemented a Novell 4.1 network with over 400 nodes that took full advantage of NetWare 4.1’s management capabilities including centralized management of 2 sites, replication, and disaster recovery.
• Maintained a Hughes VSAT system used to connect remote sites nation wide.
• Provided systems administration and hardware and OS upgrades on Compaq and IBM servers and desktops.
• Supported Netware, NT servers, and multiple desktop operating systems and applications and worked as a Field Support LAN Engineer.