SUMMARY:

• Dynamic Network Security Professional with progressive career experience in protecting, defending, operating, and managing enterprise networks. Specialties include hands - on network migrations, security/network assessments, and implementing perimeter security. Experienced with implementing micro-segmentation and encryption. Experienced with scalable networking design integrating high availability, redundancy, and failover. Knowledgeable with regulatory compliance such as FIPS 140-2, NIST, NIST, & PCI DSS.
• 18 years’ hands-on experience with enterprise network infrastructure
• 5 years’ experience deploying and managing next-generation firewall platforms
• 2 years’ experience conducting firewall gap analysis and security controls assessments
• Experienced with next generation firewall sand-boxing solutions to combat zero-day malware
• Demonstrated ability to produce proficient written documentation, including correspondences, presentations, and illustrations.

PROFESSIONAL EXPERIENCE:

Confidential

Senior Network Security Engineer

• Enhance the cyber security posture of seven civilian government agencies through improved implementation and enhancement of network monitoring and control tools and processes in support of support for the DHS CDM contract.

Confidential

Senior Security Consultant

• Contracted to deploy Palo Alto firewalls for Office of Naval Research core firewall refresh - Licensed and configured PA-7080 firewalls, Palo Alto WF-500 appliance, and Panorama M500 appliance.
• Attend scope calls to gather mid-cycle requirements address technical gaps.
• Ensured DoD IA compliance by securing firewall configurations in accordance with DISA STIG’s.

Confidential

Senior Consultant - Cyber Engineering

• Participated in partnership development with next-generation / UTM firewall vendors.
• Conducted architecture and network reviews and verified clients firewalls were compliant with NIST security controls during the process of FedRAMP accreditation.
• Provided ad hoc support for client firewalls within IaaS providers public cloud - configured Fortinet FortiToken mobile with two-factor authentication, Cisco ASA w/FirePOWER, and Palo Alto GlobalProtect for VPN users.
• Authored opinion paper assessing client’s product suitability to comply with PCI-DSS security controls
• Audited configuration of client firewalls using tools such as Nipper Studio & FireMon.
• Contributed blog articles on behalf of Cyber Engineering practice

Confidential

Systems Security Engineer

• Conducted PPS reviews for new DHA (Defense Health Agency) systems to ensure compliance with DISA PPSM registry.
• Documented firewall port /protocol system usage for DoD military hospitals worldwide as part of RMF process.

Confidential

Network Architect

• Solely responsible for the overall health, design, and security posture of the 600 + user corporate network .
• Redesigned network to optimize IP scalability and standardization.
• Reduced company costs by over $3,000 by limiting VoIP managed service to WAN edge voice routers.
• Optimized perimeter security through an enterprise migration to Palo Alto firewalls; configured and deployed PA-200, PA-500 & PA-3020 firewalls for perimeter protection at 12 branch offices and data center.
• Centralized post-deployment firewall configuration, policy, and device management utilizing Panorama.
• Migrated corporate users to GlobalProtect VPN remote access.
• Designed high availability at branch offices utilizing policy-based forwarding (PBF) with ISP multihoming.
• Provided 24/7 management over all Palo Alto firewalls, Cisco ISR 2900 routers, and Cisco switches.
• Maintained 24/7/365 network operations uptime.
• Created as-built, audit grade Visio topology diagram of corporate network.

Confidential

Sr. Network Engineer, Lead

• Supported the planning & integration of the DISA OSS global, out-of-band Data Communications Network (DCN) providing network management access, alarms, and performance metrics.
• Designed T1 circuit connectivity, prepared bill of materials, submitted monthly status reports, and composed project support plans for implementation branch.

Confidential

Network Engineer, Tier 3

• Provided Tier 3 network engineering support for the $500M U.S. Courts Networx migration to AT&T MPLS backbone providing circuit connectivity for over 600 U.S. courts on behalf of AT&T Government Solutions.
• Developed customer premise configuration templates for over 750 Cisco routers & 400 Cisco switches prior to staging and deployment.
• Supervised 300 + AT&T router migrations, ensured connectivity transitioned successfully, and turned over network management to AT&T Enterprise Management Center.
• Chaired bi-weekly meetings to provide ongoing changes in customer requirements to CDE team

Confidential

Network Engineer 4

• Provided network engineering support for the Confidential (NGIS) corporate network.
• Conducted site surveys, captured requirements, developed bill of materials, created network design documents, performed change control activities, and supported migrations from legacy PBX to internally managed Cisco VoIP.
• Configured & managed Cisco PIX and Cisco ASA firewalls for enabling site-to-site VPN contractor access.
• Configured, installed, upgraded, and maintained Cisco 7200/3800/3700/2800 series routers, 6500/4500/3800/3500/2900 XL series switches, VG224 / ATA voice gateways, and UPS appliances.
• Managed the quarterly remediation of Cisco software vulnerabilities for entire NGIS business sector.