SUMMARY:

• 10 years LAN/WAN/Security experience working within an Enterprise environment - primarily Department of Defense (DoD) networks
• Extensive lead-level experience conceptualizing, managing, planning, and designing core infrastructure and security solutions to support mission critical operations
• Experience providing detailed root-cause analysis reports / assessments with the proper technical references
• Experience installing, upgrading, configuring and maintaining: Cisco 3560/3750-X/3850-X/6500 series switches, Cisco 19xx/29xx/43xx series routers, ASR’s and Cisco ASA firewalls
• A diverse knowledge and understanding of information security policies and industry established best practices including but not limited to: FISMA, NIST, ISO/IEC, PCI DSS, and COBIT)
• DoD 8570.1 IAT Level-III compliant (CISSP) and Project Management experience (possess PMP)
• Experience teaching, coaching, mentoring, and leading groups of students in I.T. and business-related curriculum
• One of the best at working well under challenging situations and at establishing good relationships with both internal and external customers
• Experience designing next-generation network & security solutions to enable customers to maintain a competitive advantage
• Implementing and managing 802.1x port authentication standards across the network
• A natural-born leader, with an ability to motivate and inspire others to perform at their best
• Managing HAIPE Encryption Devices (primarily KG-175D & KG-175A/B devices)
• Day-to-day maintenance of both Cisco Unified Call Manager version 11.5 and Call Manager Express
• Excellent interpersonal and customer service skills with a blend of technical knowledge, documentation abilities, oral skills, and an overall ability to capture and articulate customer requirements to parlay them into solutions that can be easily understood by all pertinent parties
• Currently studying for AWS Solutions Associate certification (scheduled for 12 Jan 2019)

PROFESSIONAL EXPERIENCE:

Confidential, Stafford, VA

Network and Security Architect

• Part of a team of three architects responsible for designing and managing solutions for the cybersecurity range to ensure high-availability, fault-tolerance, resiliency, and scalability. Infrastructure consists of approximately 8,750 virtual machines residing on 120 hosts. Hypervisors primarily include VMware ESXi and CypherPath. Physical gear consists of a diverse catalog of vendors (i.e. Cisco, HP, Dell, iXIA, Gigamon, Palo Alto, Imperva, Red Seal, Tipping Point, Arbor, F-5, Juniper, Fortinet and a host of others).
• Manage a hybrid-environment with on-premise equipment connecting to several AWS VPC peers in the cloud. Responsible for managing IAM policies, S3 buckets, and inter-VPC network connectivity
• Provide direct support to DISA and the USMC by managing a persistent environment that provides a realistic network environment that is a simulation of operational networks by virtually replicating the Global Information Grid (GIG). Responsible for implementing new solutions and capabilities that comply with the Comprehensive National Cybersecurity Initiative (CNCI) of 2008 that mandated the creation of a dedicated test bed to increase the security of DoD networks to expand the cyber education of the military and DoD workforce.
• Develop and design next generation architectures for CSR operations by integrating the latest software and virtualized appliances into an agreed upon design solution. Strive towards hardware/software agnostic solutions to provide flexibility and scalability for future requirements.
• Responsible for maintaining current network architectures, configurations, and documentations (artifacts) and performing risk identification to consequently recommend and implement risk mitigation solutions.
• Assist in the staffing of projects and organization of team members to ensure the proper communication and understanding of deadlines, assignments, and objectives.
• Work with the CSR Infrastructure team to implement the following: configuration changes, deployment of new technologies to enhance the capabilities of the architecture.
• Work with the DevOps team to deploy new capabilities and support automation and orchestration (A&O) initiatives and with the A&A team to accredit new capabilities.
• Work with the Events Engineering team to build out specialized networks to support training and exercises as required to support mission needs.
• Manage customer expectations for agreed upon performance requirements by: obtaining and providing metrics, recommending changes / alternate paths, and proposing and executing agreed upon solutions.

Confidential

Senior Network Engineer

• Was responsible for providing daily oversight to the network engineering team that consists of four local nationals. The primary day-to-day functions encompass: resolving trouble tickets, providing support for the VoIP network, configuration management, and providing support to the existing network for the Ministry of Interior (MoI) that is composed of over 120 network links (microwave, fiber, and bridges) and approximately 1,250 network switches and routers.
• Made available high-level architectural drawings, implementation plans, and briefings to higher level authorities within the organization and ensured they were properly stored in SharePoint.
• Responsible for deploying: Juniper SRX, Tenable, Cisco ISE, Cisco ASA and Palo Alto firewalls across the security boundary.
• Upgraded Call Manager to version 11.5 and added redundant nodes that did not exist before (previously, there was one single-server).
• Attended weekly meetings with the Confidential NOC/JOC team and the Director of Engineering to share current project related information to “stay in sync” and to help rectify any potential issues that may have occurred.
• Provided on-going mentoring and training for the team to assist both their personal and professional growth and to encourage them to continually challenge themselves.
• Managed a group of 6 network, security, and voice engineers and conducted training with them on a frequent basis to increase the knowledge and synergy of the team.

Confidential

Security Engineer

• Part of a team of engineers responsible for the successful migration to a new data center for Afghanistan’s Ministry of Interior (MoI).
• Was responsible for ensuring that the proper security controls were developed and effectively implemented to safeguard data and resources on the Enterprise network.
• Continually monitored the network, ran ACAS scans, and performed audits and survey of policies, people, and technologies on the contract.
• Continually refined firewall policies and captured data from audit logs, HBSS, network monitoring tools, configuration management systems, and other tools to document the security posture.
• Responsible for submitting Plan of Action and Milestones (POA&M) and coordinating with various groups to remediate the findings.
• Assisted with the plans for continuity of operations (COOP) in the event of any disruption of the primary Confidential by incorporating a complete comprehensive back-up and data recovery process. The plan provided a secondary off-site facility capable of taking over primary Confidential in the event of catastrophic failure at the primary site.
• Served as the project sponsor for the Security Working Group and communicated the project status to various stakeholders throughout the life of the project.

Confidential

Network Manager III

• As the Network Manager, was responsible for providing: installation, maintenance, troubleshooting, architectural design modifications and implementations for the entire Tier-2 network for the United States Air Force Central Command (USAFCENT) at Bagram Air Base. The primary deployed network inventory consisted of over 1,323 voice-over-IP phones, 475 switches and routers, 73 cryptographic items, and various security system and data center appliances.
• Managed 6 contractors and 4 sub-contractors and ensured that had the tools and resources available to help them successfully accomplish their missions. Provided initial counseling, quarterly and annual assessments, and was available with an open-door policy anytime they needed to discuss anything personal or professional. Assisted them with establishing goals and objectives and defining metrics to ensure they were met.
• Was responsible for providing connectivity for several proprietary applications, some of which require VPN tunneling or firewall exemptions. When such technologies were required, responsible for submitting the proper documentation for approval to open specific ports for these applications.
• Utilized network-monitoring software daily to proactively monitor and sustain network operations - these toolsets included, but were not limited to: Solar Winds, Cisco Works, HP Open View and a GEM-X server.
• Responsible for properly configuring and installing ASA 5505/5510 firewalls for clients that need remote access to our existing infrastructure from remote destinations.
• After assessing the current state and health of the network, created a 23-page network redesign guide with a detailed plan on changes that could optimize the network and make it more efficient and reliable. It was approved by all stakeholders involved and the implementation of the proposed solutions was a huge success.
• Attended required weekly meetings with local leadership to keep them informed of the health of the network as well as the status of on-going and future projects.

Confidential

Senior Network Engineer

• As part of the Network Operations (NET OPS) section for the Special Operations Command (SOCOM), was responsible for configuring, monitoring and troubleshooting a network consisting of approximately 200 networking devices.
• Was responsible for assisting with the creation of vPCs (virtual Port Channels) on the Nexus 7K’s for the System Administrators.
• Network utilized DMVPN to interface with other camps located in the Special Operation Forces (SOF) community. OSPF was utilized as the underlay (for transport through the Army’s BLACKNET) while EIGRP was the protocol used for the overlay.
• Maintained the “day-to-day” operations of the campus network while constantly looking for ways to make the network more efficient.
• Responsible for ensuring that network devices, operating systems and software were hardened in compliance with DISA’s STIGS (Security Technical Implementation Guides), FISMA, ISO / IEC 27001, and PCI DSS by performing random audits and utilizing the ACAS tool (Assured Compliance Assessment Solution).

Confidential

Information Assurance Officer

• As the Information Assurance Officer (IAO), was responsible for providing technical security assistance and guidance to the 727 th EACS in accordance with the applicable DoD and Air Force regulations and doctrine.
• Ensured that the Information System Security Plan, Con Ops (Concept of Operations), and other documents were adhered to, reviewed, and updated as necessary.
• Responsible for ensuring devices adhered to EMSEC (Emission Security) guidance IAW AFPD 33-2 as well as ensured that no portable electronic devices were introduced into secured areas or classified processing equipment.
• Ensured the adherence to and compliance of required controls and other measured variables to maintain both the ATO (Authorization to Operate) and C&A (Certification and Accreditation) packages.
• Prepared my local area of responsibility for the CCRI (Command Cyber Readiness Inspection) by providing: formal and informal training, informative guides, slideshows, and other sources of pertinent information to keep staff vigilant and aware of their responsibilities regarding operational security.
• Responsible for ensuring that network devices, operating systems and software were hardened in compliance with DISA’s STIGS (Security Technical Implementation Guides), NIST, FISMA, ISO / IEC 27001, and PCI DSS by performing random audits and utilizing the ACAS tool (Assured Compliance Assessment Solution).
• When needed, provided support and assistance for the C-2 (Command and Control) platform - BC3-T (Battlespace Command and Control Center-Theater) system.

Confidential

Senior Network Engineer

• As the senior network engineer lead, was responsible for providing: installation, maintenance, troubleshooting, architectural design modifications and implementations for the entire tier-2 network.
• Provided and documented proper risk assessments, site surveys and change request documentation prior to making any network modifications.
• Supervised, mentored, and led two network personnel daily, ensuring that they possessed the proper tools, knowledge, and confidence to complete any mission successfully.
• Part of a team responsible for managing over $47 million of communication equipment for the AFCENT network at Al Dhafra Air Base consisting of approximately: 120 routers, 450 switches, 80 TACLANES, 80 wireless access points, 8 firewalls and other networking devices.
• Responsible for all "moves-add-changes" for over 2,350 VoIP phones across four enclaves (NIPRNET, SIPRNET, BICES and CENTRIX-S) in both Call Manager and Call Manager Express.
• Assisted with the successful base closure of Thumrait, Air Force Base which consisted of ensuring that the network was gracefully de-commissioned, and all equipment accounted for prior to being dispositioned locally or shipped back to the United States.

Confidential

Network Engineer

• Was part of a team of network engineers responsible for supporting the Network Operations and Security Center (NOSC) by maintaining the AFCENT-Kandahar network.
• Our team successfully “migrated” the AFCENT network on Kandahar to the Army Network (for both NIPR and SIPR) which was a huge undertaking. With a small network team, planned, designed, and successfully executed the phased migration of over 2,200 user accounts and 3,700 devices.
• Utilized various network-monitoring software daily to proactively monitor the health and status of network operations. These toolsets included but were not limited to: Solar Winds, Cisco Works, HP Open View and a GEM-X Server
• Responsible for the maintenance of system baselines and configuration management items while also ensuring that network diagrams were maintained utilizing Microsoft Visio and Network Atlas.
• As the COMSEC Responsible Officer (CRO), was responsible for the proper keying /re-keying and management and configuration of 73 TACLANES. Ensured the key material was properly managed and destroyed on the Simple Key Loaders (SKLs). Coordinated with the COMSEC manager to receive additional COMSEC keys for encryption devices. Responsible for ensuring destruction reports were promptly and properly completed on the Standard Form 153.