SUMMARY:

• Senior network security architect experienced in systems integration, planning, project management, architecture, design, development management, and implementation (hands - on).
• This experience includes several years of management, expertise in network security architectures, messaging architecting of multi-level security systems.
• Extensive abilities to coordinate, analyze, and convey technical information to management and customers.
• Global experience with business leaders, military and diplomats.Providing technical support to customers evaluating Tail f software
• Working hands on with customers in their labs on Proof Of Concepts
• Creating data models in YANG, scripting, writing transformation code in Java
• Defining technical requirements, scope and systems integration strategies
• Representing the company as the technical contact person and coordinator
• Establishing Tail f Systems as a thought leader, trusted advisor and long term partner
• Actively involving all parts of the Tail f organization as needed (product managers, specialists, tech support, marketing, management, etc.) to manage the sales process
• Communicating feed back from customers and stakeholders
• Thorough understanding WAN and Data Center networking technology
• Network administration with Cisco, Juniper and similar WAN environments
• Hands on experience with multiple device vendors’ Confidential and web UIs
• Experience in scripting languages and Java programming
• Experience with: TCP/IP, DNS, DHCP, VPNs, VLANs, ACLs, OSPF, EIGRP, QoS, VRRP, HSRP, BGP, and MPLS.
• Knowledge of (OCX, T3, fractional T3, T1, ATM, and Frame Relay, Voice Over-IP). Hardware (Routers, CSU/DSU, bridges, multiplexers, servers and switch configuration
• IP Backbone Architecture, IP routing policies, Network designs, & DNS configuration & documentation.
• Performance monitoring & tuning of IPTV servers, SNMP, QoS encoders, Avaya VoIP Hardware/Software.
• Experience with Market Data (Bloomberg, Reuters, S&P ComStock, Telerate, & Thomson-Reuters)
• Experience with MPLS on an enterprise level with International systems (X.25 and SONET).
• Design large global enterprises with ATM, TCP/IP, and SONET technologies.
• Experience with topologies such as ATM (LANE), ISDN, Frame Relay, SONET, T1, DS3, OC3, and OC12.

TECHNOLOGIES:

Identity and Access Management: SUN IdM v4-v8 & Access Manager v5 w/PolicyAgent and Authentication Modules (CRL, LDAP, SAML, SPML), SUN DS v5.x/v6.1, IBM TAM/TIM v4.1-v6, WebSEAL, CA-IdM v8, CA-eTRUST (eWAC) & CA-SSO v8, CA-20/20, SailPoint, CyberArk, RSA ClearTrust v5, Open IDM, Open LDAP

Windows Technology: Windows 2003, XP, Active Directory (ADAM/ADFS), Exchange, SQL, Sharepoint. Microsoft Identity Management (ILM, FIM 2010), System Center Configuration Manager (SCCM), Management Agent, Windows Workflow Foundation/.NET development, Identity Access & Governance

Security: DSML, SAML, SPML, SSL, SSH, SHA, MD5, TLS, L2TP, JAAS, JCE, WAP, WEP, CAPI.

Scanning Tools: Nessus, Nexpose, Symantec, AppScan, Retina, E-eye. ESM-Symantec, Vontu, Kali, Splunk, Maltego,Hydra, Security Content Automation Protocol (SCAP), Open Vulnerability Assessment Language (OVAL), and Common Vulnerability Enumeration (CVE). Application and Code Reviews/Analysis. Network ACL and Log Analysis.

IDS: BlackIce, Cisco IDS, Security, SecureComm, Intruder Alert, CyberCop, and Centrax.

Protocols: BGP4, CIDR, DHCP, DNS, EIGRP, HSRP, LDAP, MPLS, NCP, OSPF, VRRP, SNA, SNMP, SIP and VoIP.

Networking: ATM, Ethernet, ISDN, SONET, Gigabit, Wireless, Cable, Optical, Satellite, DWDM, Dark Fiber, Cisco Catalyst Switches 6xxx, 5xxx, 4xxx, 3000 (VPN), 29xx, 19xx, Cisco Routers 7500, 7200, 4000, 3600, 2600, 2500, 800; Cisco VPN 3000, Switch Configuration; Subnetting; Switching (Layers 1, 2, 3, 4, 7), VLAN; Sniffers. ARP, VPN, RIPv1/2, IP Multicast/ Broadcast, IGMPv2, UDP broadcast, RMON II, & SMTP. QoS Load-Balancing, WAN optimization

Firewalls: Cisco PIX, Nokia 330/440, Checkpoint, Gauntlet, Raptor, Lucent Brick.

Hardware: SUN 10K/15K, IBM, Cisco, Lucent, Nortel, Avaya, EMC, Hitachi, HP9000, OS/390, Compaq, Dell.

Enterprise Storage: SAN &NAS architecture, configuration, administration, provisioning & troubleshooting with technologies from EMC (Symmetrix, DMX, CLARIION), Brocade, McData, NetApp and F5.

Architecture Frameworks: COBIT, DoDAF, FISMA, TEA, TOGAF, UML, and Zachman.

Healthcare Standards: HIPAA/HL7, CFR Part 11, Confidential Gap Analysis, and FDA reg.

Methodologies: ISO-1779, 9979-Crypto, NIST-800 Series, OWASP, 7816-Smart Cards, CMM, Six-Sigma, RUP/UML.

Financial Standards: BASIL II/III, GLBA and SOX. Trading, Derivatives, Custody, Retail

AREAS OF SPECIALTY:

• Identity and Access Management
• Network and Application Security
• Market Data Feeds and Services
• Data Center Relocation and Consolidation
• Enterprise Security and Business Continuity
• Applications Data, Network and Voice Infrastructure
• Performance Management and Measurement (KPIs, business driver-based metrics)
• Information & Technology Risk Management

PROFESSIONAL EXPERIENCE:

Enterprise Network Architect

Confidential

Responsibilities:

• Architect network management systems, gather, interpret, and report on network information from disparate sources. Includes security management, establishment and update of security policies and procedures, asset classification, event correlation, and the deployment of F5 BIG - IP & Cisco Hardware/Software.
• Coordinate, develop, business/project plan for the relocation of 4 data centers, while supporting the transition network during the relocation to ensure production was not interrupted.
• Implement & manage multiple projects for 4 data centers, which included voice, data, video networks.
• Designed new data center and Wireless Network for 12 business units over 15 floors Confidential new location using Layer 2/3 Switching.
• Knowledge of TCP/IP, Switching (VLANs, STP, RSTP, VTP, 802.1x, VCP), Routing (EIGRP, BGP, redistribution, summarization), IP (subnets, CIDR, NAT, ACLs, DNS, DHCP,WINS), VoIP, multicast protocols (PIM, IGMP, CGMP), QoS Cisco IOS, general knowledge around NTP, SNMP, Netflow, CEF, Security Protocols, network management packages including CiscoWorks, NetQoS, QIP. Technical knowledge of T1, T3, Ethernet, MPLS, CWDM and DWDM
• Architect/design large global enterprises with ATM, TCP/IP, and SONET.
• Design network security services, network architecture, systems engineering, risk management, policies and procedures.
• Test and Certify Cisco IOS 12.2(8) and 12.2(13) for EVPN Network (MPLS).
• Evaluate & Test F5 BIG-IP Network with VIPRION TMOS for Rate Shaping and SSL Acceleration.
• Provided support (troubleshooting/ performance) for Confidential & Confidential customer networks.
• Evaluate and Analyze captured data. Evaluate and Analyze router/ switch configuration.
• Design, development, analysis and testing of identity management solution involving smartcards, hardware security modules, PKI solution, federation, SAML, SPML, and Liberty Alliance.
• Process provisioning using the BPE and workflow design, analysis, review and strategic planning with RBAC, MAC, DAC considerations, which included developing implementations guidelines/management/auditing/integration.
• Enterprise - level provisioning systems (requirements analysis, design, integration, implementation, testing, and production.
• Develop the Identification and Authorization controls for systems using WS-Security standards, including SOAP and SAML to provide a user s security attributes in multi-domain/cross-country environments
• Identity Management experience in Single Sign-On, Enterprise Directory Architecture including directory schema, namespace and replication experience with Resource Provisioning, AAA & RBAC.
• Design architecture for IdM including AD, LDAP, Oracle, RACF account provisioning synchronization.
• Architect the SSO domain, SUN IdM v7, SUN LDAP v5.2 and provided infrastructure and integration support.
• Design the Gateway, Control & Data Layer components for AD/SUN servers in a multi-master environment

Confidential

Responsibilities:

• Design schemas, namespaces and security controls for directory access & replication, synchronization processes
• Import existing data into directories; identify areas of conflict; facilitate communication; & provide alternative solutions.
• Designed policy and attribute based services for ease of management & better replication (cascading mode).
• Supported 3M customers by splitting the DB into multi - master environment to increase performance and HA.
• Design Certificate repository for authentication. Design CoS by groups/roles (managed, filtered, and nested).
• Implement Access Controls on DSML over HTTP, Filtering, Indexing and Searching, Replication, and SAML.
• Created new object classes, authentication and authorization modules, customized API's for applications.
• Setup new indexes Confidential the OU level, indexes, setup change control monitoring, and SSL certs for LDAP.
• Redesign Directory Server with 9 replicas & 3 masters (active active) behind an F5.
• Architect LDAP for a Central Authentication Store for all applications that provided the ability to federate user ID objects across internal and external user ID's used on vendors web sites.

Confidential

Enterprise Network Architect

Responsibilities:

• Works with senior military officers to ensure Confidential and Confidential strategy is reflected in DOD applications and technology infrastructures. Designed security systems to support military applications.
• Interim Technical Director for system architecture branch of the Multilevel Information System Security.
• Develop the Identification and Authorization controls for a system built on a SOA. This work is using WS-Security standards, including SOAP &SAML, to provide security attributes to the data resources.
• Design and implement military grade RBAC/LDAP infrastructure spanning 5 countries with 500K+ users by consolidating civilian, consular, diplomat, and military officers’ credentials with sensitive and classified data with fine grain attributes.
• Knowledge of design principles in DoDAF (C4ISR), Confidential, DII, DMS, IAM, Confidential .
• Design large global enterprises with ATM, TCP/IP, and SONET technologies.
• Develop token-based authentication, PKI A/A, symmetric key systems (Kerberos), and IPSec (IKE/ESP).
• Experience with topologies such as ATM (LANE), ISDN, Frame Relay, SONET, T1, DS3, OC3, and OC12.
• Experience in cryptographic principles, algorithm, RED.BLACK separation principles, TEMPEST design principles, fail-safe design, Confidential, Common Criteria, secure systems design, communications protocol design principles and DoD systems/communications infrastructures in multi-domain/multi-level security.
• Develop, implement, and disseminate US policies, procedures, practices, and standards to ensure that US Embassies are in compliance with the applicable federal and local laws that govern security for military and diplomatic attaches.
• Present written summary reports of all overseas activities/projects to senior military and diplomatic personnel on current state of US Embassies, which also includes threat assessment, vulnerabilities, DRP and zero-day attacks.
• Assist in managing all LAN\WAN and firewall services across 35+ locations including internationally
• Solid knowledge of Cisco switches, routers, ASA\Firesight\DMZ, Wireless, ISE, Collaboration, NX-OS
• Knowledge of Cisco IP Telephony, AnyConnect, Telepresence, Meraki, Prime, Dual-factor authentication.
• Knowledge of Cisco UCS server platform environment and management, IMC central, UCS Manager\Director
• Experience with VPN, iWAN, application and bandwidth optimization, BGP, EIGRP
• WAN connectivity in regards to MPLS Networks, site-to-site VPN, Point-to-point 10GB infrastructure, site-to-site circuit redundancy, active\active data center connectivity
• Knowledge of: methods, sources, and techniques used in US and NATO military capabilities, organization, operations, and doctrine; intelligence systems and acquisition management; intelligence force management; intelligence oversight; foreign military capability, limitations, and employment techniques; fusion, analysis, processing, and proper handling of intelligence information; analytical methods, forecasting, and estimating techniques; intelligence information handling systems; national and DoD regulatory guidance for conducting intelligence activities; and management functions such as intelligence communications and security,.

Penetration Testing Skills:

• Conduct internal/external, wireless & application Pen Testing using exploitation techniques, tools, & procedures.
• Prepare quality penetration test reports that identify vulnerabilities, risks, and recommendations to management.
• Strong skills with: Vega, Sniper, Kali, Knoppix, WireShark, Aircrack, Netcat, Meta-Sploit, Burp Suite, Hydra, Maltego
• Provide post security incidents remediation validation to ensure remediation steps were effective in mitigating the possible exploitation of sensitive data & persevering the integrity and confidentiality of critical data.
• Effectively lead meetings and conference calls involving IT, legal/HR, and/or client contacts and write security reports.

Confidential, NY

Network Infrastructure Manager

Responsibilities:

• Evaluate business and operational requirements to design the high-level functional and technical target architectures.
• Identify directions/standards for projects. Coordinate, develop, business/project plan for the relocation of 4 data centerswhile supporting the transition network during relocation to ensure production was not interrupted.
• Designed new data center infrastructure for 12 business units over 15 floors.
• Develop and implemented data center move plans for business units including; application, systems, & data.
• Managed the development of trading systems in derivatives and fixed income.
• Support trading desk for quantum models, risks, trade captures & market valuations.

Confidential, NY

Senior Technical Manager

Responsibilities:

• Responsible for architecture, design, implementation, testing and deployment of automated systems to engage in risk management and proprietary trading. Demonstrate broad technical knowledge of large volume transaction processing systems. Full life cycle application development (SDLC), middleware and N - tier architecture with High-Availability.
• Design and implement an Integration Broker for UNIX external entities using MQ/MQSI to handle message transformation
• Developed validation/compliance policies, procedures, guidelines and methodology in accordance to 21 CFR Part 11, Confidential
• Experience in regulatory/ compliance concepts in banking, securities, insurance, and investments.
• Establish project plan, deliverables, resources, schedule requirements, effort and WBS.
• Oversee Inception, Elaboration, and Construction and testing; including detailed use cases and sequence diagrams, analysis of logical data architectures for user interface design.
• Defined policy and practice including audit programs and compliance metrics. Develop policies for data availability, reliability and classification. Maintaining DoDAF Standards.
• Analyzes operational procedures, issues, requirements, data scope, usage & formatting.
• Write functional specs for new or modified business systems and business processes.
• Master Schedulers - Create schedules showing expected start/finish times for Production Work-streams across environments. Update schedules, WBS, Resource Allocation and Level of Effort for project duration.