SUMMARY:

• Senior IT Professional with over eighteen years of progressive experience in information technology, information management, and information security providing technical support, leadership, project and personnel management in multi - disciplined enterprise environments. Specialties include network/security design and implementation, enterprise architecture solutions, Cloud security, cloud architecture, relationship management, and operations with extensive experience in retail, financial, DOD, restaurant, and federal IT spaces
• I am interested in a Security Solutions Architect role with significant emphasis in cloud architecture offerings.
• Solid background in network architectures/engineering, network Security/architectures, cloud landscapes and architectural principles focusing on network/security techniques and security design with implementation guidance
• Significant background to apply cloud technologies, industry security standards, regulatory mandates, audit policies, and compliance requirements
• Excellent knowledge of cloud design patterns and best practices including current security standards, protocols, and best practices
• Solid knowledge of Cloud Security architecture, focused design approaches to designing secure cloud services and applied technologies. As part of my Cloud Security Architecture class, I designed a migration strategy for a private cloud; a cloud security isolation strategy to protect a private cloud from data breach; and a data protection strategy to thwart ransomware attacks
• Evolved an end to end Identity Management, Logging, Auditing Strategy for a cloud security solution architecture addressing known vulnerabilities in a Samsung internet of thing (IOT) environment, and a feature-proof security solution to identify security breaches for Samsung IOT SmartThings subscribers.

TECHNICAL SKILLS:

Network and Security Vendors: Cisco, ForeScout, McAfee, BeyondTrust, Splunk, JuniperNetScout, F5, IBM BIG FixRiverbed SteelCentral, Infoblox

Network Security Services: RADIUS, SSH, Digital Certificates, VPN TACACS

Network Admission Control: Cisco ISE 2.3 ForeScout CounterACT

Cloud Deployment Models: IAAS, PAAS, and SAAS

Network and Security Monitoring Tools: Nessus, Wireshark, splunk, McAfee ePO Policy Auditor, and Application Control, RSA Envision, CA Spectrum, EHealth, OpswareCitrix Server, Cisco Works Compliance Manager, Remedy, BeyondTrust Retina, BeyondTrust Network Security Scanner, Netscout. SNMPv3

Identity and Assessment Management: 802.1x, AAA, SSL/TLS, EAP-TLS, EAPOL, RADIUSKerberos, LDAP

Operating System: Microsoft WindowsLinux, and VMware

Network and Security Technologies: Routers, switches, Severs, endpoints, and Firewalls Cisco ASA, CSR 1000v

Network Protocols and Services: OSPF, BGP, EIGRP, VPN, VLAN, Load Balancing, DHCP, SNMP, spanning-tree MPLS, DMVPN

Incident Response: IBM BIG FIX, IBM SUA, QRadar, Einstein, virustotal McAfee ePO Orchestrator

IT Controls /Frameworks: PCI-DSS, EU Data Protection, HIPAA, FISMA, NIST 800-xx, Sarbanes-Oxley Act, GLBA. FIPS 200/140ITIL, TOGAF, SABSA, Jericho Security and Risk Management.

Forensic Data Collection/Extraction: Sysinternal Forensic Suite

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Network and Security Solutions Architect

• Lead the architecture, design, and deployment of Cisco Identity Services Engine (ISE) 2.3 in a 24/7/365 datacenter supporting 120,000 devices worldwide.
• Establish baseline ISE security rules/policies working with various stakeholders
• Create Customer Requirement Documents, System Design Documents, Test plans, Data Flow Diagrams, Test Assessment Reports, and Detailed Design documents
• Implement and test Cisco ISE 2.3 for wired, wireless, and MAB in a vmware esxi lab environment
• Deploy physical ISE servers in the datacenter, and migrate virtual ISE servers to physical appliances
• Deploy Radius authentication and authorization methods
• Integrate Cisco ISE solution with enterprise PKI architecture
• Implement redundant/HA Cisco ISE solution with over sixteen ISE appliances
• Implement ISE solution for campus LAN, wireless, and MDM environments
• Integrate ISE with enterprise patching and anti-virus solutions
• Deploying and monitoring ISE in production for various sites
• Write and implement change requests for each ISE production pilot site.
• Review and assist customer with various cloud offerings and deployment.
• Leading effort to modernize and standardize the entire enterprise network infrastructure devices and code.
• Manage and coordinate the deployment of Continuous Diagnostics Monitoring Program (CDM) products and services including McAfee ePolicy Orchestrator, ForeScout CounterACT, Splunk Enterprise, BeyondTrust Retina, and RSA Archer for enterprise risk and compliance management in support of DHS’s CDM program.
• Create and/or review documentation such as Test Plans, Network Diagrams, Standard Operating Procedures, System Design documents, Data Flow Diagrams, Test Assessment Reports, and Project Authorization Documents in support of various security devices to be deployed within the agency.
• Review and redesign various existing network solutions site design and coordinate new design implementation.
• Assists with the redesign and modernization of core/dmz portion of the datacenter

Confidential, Washington DC

Senior Security Engineer

• Provide strategic and tactical support for the design and implementation of DHS’s hybrid infrastructure as a service (IAAS) Continuous Diagnostic Mitigation (CDM) program.
• Review CDM architecture to ensure that it aligns with the customer’s strategic goals/objectives to monitor, manage, scan, and track vulnerabilities within 72 hours, and report findings.
• Analyze various architectural designs to make sure that they fit and support the customer’s mission.
• Assists with the design of new Security Center for vulnerability scanning, IBM AppScan for web application scanning, and Venafi (for cryptographic key management) architectures, testing designs in lab environments to ensure that their integration fits into the existing environment, while still maintaining the integrity and security of the customer’s enterprise network/security environment
• Co-architect the redesign and deployment of information systems vulnerability management security tools such as Tenable Security Center to improve scanning performance, and metrics reports.
• Evaluate the impact of CDM deployment in response to customer’s reporting needs, while at the same time maintaining confidentiality, integrity, and availability.
• Review CDM architecture within DHS IAAS cloud environment for our agency, identified gaps, and risks within the environment; and collaborated with DHS, Confidential, and external vendors to mitigate all the risks
• Analyze the entire CDM architecture end-to-end between agency and DHS datacenter IAAS to identify risks, compliance issues, and gaps in the program, and work with Stakeholders to mitigate risks and compliance issues prior to the deployment of CDM security appliances within the agency.
• Research BeyondTrust, McAfee, and Splunk capabilities as well as compatibility with current agency environment as part of CDM deployment. Work with vendors to address concerns, or seek workarounds where necessary.
• Create and/or review documentation such as Test Plans, Network Diagrams, Standard Operating Procedures, System Design documents, Data Flow Diagrams, Test Assessment Reports, and Project Authorization Documents in support of various security devices to be deployed within the agency.
• Coordinate the deployment of continuous monitoring products and services such as McAfee ePolicy Orchestrator, ForeScout CounterACT, Splunk Enterprise, BeyondTrust Retina, and RSA Archer for enterprise risk and compliance management in support of DHS’s CDM program.

Confidential, Washington, DC

Sr Security Engineer

• Led and manage DOL enterprise security architecture implementation ranging from initial analysis, vendor relationship management, architectural design, implementation, to integration of security solutions for products such as Fore Scout CounterACT, routers, firewalls, switches and services/applications securely into the Enterprise architecture in collaboration with department ISOs.
• Managed Incident Response program including identifying cybercrime, evidence collection, analyzing evidence, chain of custody, forensic data extraction from compromised systems using sysinternals, and working with Verizon forensics team to analyze collected data, US-CERT, DHS, Verizon Managed Security team (MTIPS), agency information security officers, and CSIRC to complete investigations
• Performed vulnerability management with Nessus and AppScan; scanning software, applications, and hardware for vulnerabilities; work with stakeholders to either eliminate or mitigate any identified risks before integrating any devices or software in the enterprise environment.
• Ran software certification to identify any vulnerability to new software in development environment, and work with various teams to identify and resolve any risks prior to introducing software or application into production environment.
• Led agency security data call for various security tools including firewalls, VPN concentrators, routers, and switches in collaboration with US-CERT, and various agencies. Data calls includes identifying vulnerable devices per advisory, device name, version, operating system, owning department, and location within the infrastructure, working with stake holders to resolve or mitigate vulnerabilities and reporting back to various stakeholders.

Confidential

Sr Principal Network Engineer

• Designed and architect a ForeScout, Nessus, IBM Big Fix, and HBSS EPO infrastructure during a pilot project to ensure the protection of integrity, availability, authenticity, non-repudiation and confidentiality of enterprise assets and data to accomplish these tasks.
• Led and managed the enterprise security architecture implementation consisting of firewalls and load balancers from McAfee, F5, ForeScout, Imperva, and Bluecoat.
• Scanned enterprise network for vulnerabilities with Nessus, and certified software prior to deployment.
• Planned and managed large-scale systems projects through vendor product comparison, consultation, planning, feature-set analysis, implementation, testing, and validation.
• Provided assistance and oversight for all information systems operations activities, including computer and telecommunications/communications operations, data control, LAN/MAN/WAN administration and operations support, and security policy
• Managed incident response including investigations, chain of custody, evidence collection and collaboration with forensic team, remediation activities, and proper documentation.
• Designed, configured, managed, and installed enterprise LAN/WAN routers, switches, and firewalls from vendors such as Cisco, Dell, and Fortinet, and ensure end-to-end enterprise infrastructure connectivity.
• Supervised complex operations that involved network operations, systems security, and production support activities with third party vendors

Confidential

Sr Network Engineer

• Managed and maintained Enterprise network architecture including firewalls, routers, switches, circuits, and encryption devices.
• Troubleshoot routers, firewalls, switches, crypto devices, and audit server configurations in response to trouble calls.
• Performed routine maintenance of enterprise network equipment in response to emerging security vulnerabilities.
• Monitored enterprise network performance, take appropriate actions to prevent loss or degradation of service, and restore full service in the event of an outage.
• Responded to network infrastructure incidents affecting LAN/WAN infrastructure escalated from domestic and global sites.
• Responsible for all government notifications for emergency and non-emergency incidents.

Confidential

Sr Network Engineer

• Planned, surveyed, designed, and implemented LAN/ WAN enterprise solutions including install, upgrades, routers, and switches.
• Conduct risk assessments and collaborate with clients to provide recommendations regarding critical infrastructure and network security operations enhancements
• Implemented network solutions including site and circuit activation, deactivation, technology turn on/off, device recovery, and related technology implementations
• Managed circuits including commissioning, ordering circuits, managing installation, testing, and monitoring.
• Developed and implemented network solutions using standard network engineering methods, techniques, and tools.

Confidential

Network Analyst

• Identified serious vulnerabilities with corporate enterprise DMVPN and IPSec VPN implementation; consulted with internal engineering team and Cisco on how to correct problem; collaborated with Cisco and internal management team, and device methods to either eliminate or reduce the impact of this risk.
• Monitored all enterprise infrastructure asset, compiled, generated, and analyzed activity logs using various tools including Wireshark, syslog server reports, splunk, ehealth, Netscout, RSA Envision, Opsware, and Checkpoint Provider 1 to identify, isolate, recommended solutions or resolved persistent difficult to track network/security, applications, hosts, and server related breaches, and submitted documented reports to management, and various teams.
• Provided support for First Data's Firewall team to identify and resolve Cisco ASA, Blue coat, and Nokia firewall problems, including troubleshooting, file collection, and packet analysis globally
• Use splunk and wireshark to collect, aggregate, analyze collected data/packets in order to research and resolve difficult and persistent network/security infrastructure issues.
• Identified, isolated, and resolved BGP, OSPF, EIGRP, and LAN/WAN problems globally, and internally, in collaboration with vendors, and various internal engineering departments.
• Configured, monitored, troubleshoot, and managed 15000 + network devices including routers, switches, firewalls, wireless devices, VOIP, servers, VPN technologies, MPLS, and ISDN circuits, and network load-balancers worldwide.

Confidential, Houston TX

Technical Support Engineer

• Ran network vulnerability and penetration scans, and remediate flaws based on PCI-DSS guidelines.
• Assigned, maintained, controlled, and audited management and employee access security permissions, user accounts, and access levels.
• Troubleshoot and resolved network connectivity issues between servers, routers, switches, printers, and Firewalls.
• Configured and troubleshoot website interface connectivity issues such as port configuration, DNS, IP addressing, firewall access permissions, and web updates between web and client store.
• Identified and resolved client/server network connectivity problems on systems running Windows XP, Windows 7, Windows Embedded, and Windows Server 2003/2008 for over 4000 clients in North America.
• Researched SQL Server tables, Credit Card Server, and POS price inconsistencies, resolved and reconciled payment differences; configured and added network PCs and printers into SQL Server database.

Confidential - Boston MA

Technical Consultant

• Configured, managed, troubleshoot, and secured Layer 2 and 3 switches including vlans, route redundancy, and general layer 2 security issues.
• Implemented, troubleshoot, and resolved IPSEC VPN problems for various business clients
• Diagnosed, and resolved hardware and software problems, including desktop, laptop, and LAN issues for SOHO businesses
• Analyzed, and resolved Wireless network connectivity issues impacting DSL and cable networks at client sites

Confidential - Boston, Massachusetts

Technical Support Supervisor

• Responsible for support of existing security policies and procedures, as well as creation and implementation of new security procedures.
• Trained and mentored employees regarding security, and system basics best practices.
• Setup client VLAN, wireless LAN, and secured wireless network to prevent unauthorized access from intruders.
• Diagnosed, troubleshoot, and resolved desktop configuration, printer connectivity, account setup and activation, and network access issues.
• Analyzed customer’s current network posture; recommended appropriate upgrade for approval; designed and implemented approved network technologies and verified functionality after installation.

Confidential - Cambridge, Massachusetts

Lead IT Support Associate

• Administered all Desktop related functions daily including installations of operating systems and applications, tune-up, security, software, warranty repairs, trouble tickets, and configuration daily
• Conducted site surveys at customer’s site to ascertain client’s video, voice, and data needs; recommended appropriate technologies to fulfill client’s needs; implemented unified technologies that enabled seamless communication, and easy management of various technologies