SUMMARY:

• Department of Defense Top Secret w/ SCI clearance (Active)
• Highly motivated, self - driven, goal-oriented, cyber enthusiast who is passionate about using technology and innovation to achieve business goals and support business strategies.
• Extensive hands-on experience working in mixed vendor environments and integrating virtual and physical platforms
• Proven consultative, analytic and problem-solving skills with the keen ability to assess needs, define requirements, develop value-added solutions, and execute technical solutions that streamline and improve operating efficiencies

TECHNICAL SKILLS:

Routers: Cisco (ASR, ISR, CSR, and XRv) Juniper (MX and vMX), Brocade, Arista, VyOS and Quagga

Switches: Cisco (Catalyst, Nexus and Meraki), Juniper, Dell, Brocade, Extreme, Open vSwitch andVMware

Security:: Palo Alto, Cisco (Meraki MX, ASA, Firepower, WSA, ESA, ISE and Stealthwatch), ForcepointJuniper (Netscreen SRX, vSRX), Fortinet, Forescout, TippingPoint, Fidelis, Niksun, PfSenseIPFire, Security Onion, Bro, Inquest, Opswat, RockNSM, SiLK, TACLANE, KIV-7Gigamon and vBroker

Cloud: AWS IAM, AMIs, S3, Glacier, EBS, EFS, VPC, EC2, Auto Scaling, RDS, DynamoDB, CloudFrontCloudFormation, CloudWatch, CloudTrail, ELB, Route53, Security Groups, NACLs, WAF, API-

Gateway, Lambda, VPGs, AWSCli, and Google Firebase

Virtualization: VMware ESXi, Microsoft Hyper-V, Cypherpath, GNS3, EVE-NG and Stratoscale

Storage: Tintri, Violin, Tegile and Pure

Misc: SD-WAN, VRF, RIPv2, EIGRP, OSPF, BGP, MPLS, Docker, Riverbed, Ixia, HAProxy and F5 LTM

PROFESSIONAL EXPERIENCE:

Confidential - Stafford, VA

Technical Director 2 | Chief Solutions Architect

• Provide overall direction, guidance and definition of on-prem and cloud-based enterprise solutions to effectively support the business strategy and technology roadmap
• Create AWS custom VPCs with public and private subnets, Security Groups, NACLs, route tables, NAT Gateways and Internet Gateway
• Enable VPC Peering to allow interconnectivity between VPCs
• Host, secure and deliver static websites using AWS S3, Cert Manager, Cloud-formation, API-Gateway, Lambda, Honeypot, WAF and GitHub
• Develop Proof of Concept hybrid and all-in cloud solutions using AWS, Docker, Serverless and Infrastructure as Code (IaC) technologies
• Use bash scripting and Python (Boto3) to automate deploying services within AWS

Technical Director 1 | Solutions Architect

• Engineering Lead for the virtualization of the DISA IAP and JRSS security stacks used to provide realistic virtual training environments so that members of the DoD can train how they fight
• Implemented F5 LTMs in firewall sandwich to provide greater availability, scalability and manageability
• Created DMZ defense in depth security architecture to provide a redundant, highly available security posture
• Responsible for Configuring perimeter (Palo Alto), internal (ASA and SRX) and virtual (PfSense) firewalls clusters, NAT, Geo-blocking, URL Filtering, NAC (ISE), Syslog, and encrypted Remote Access
• Integrated IDS and IPS (Firepower, TippingPoint and Security Onion) to detect and prevent vulnerability exploits and policy violations
• Performed Comply to Connect (C2C) NAC Proof of Concept using Forescout CounterACT, IBM Big Fix, and 802.1X to support the USMC’s End Point Security initiative
• Leveraged Meraki SD-WAN solution to automate the routing of multisite traffic via the most optimum path(s)

Sr. Principal Network Engineer

• Extensive hands on experience with deploying, configuring and troubleshooting Cisco Nexus 9K, 7K, 5K, 2K (FEX), MDS, VDCs, vPCs, Fabricpath and OTV
• Extensive hands on experience with deploying, configuring and troubleshooting Cisco UCS, Storage Arrays (Block and File) and installing various hypervisors
• Extensive hands on experience with deploying, configuring and troubleshooting Juniper Junos, Cisco IOS, IOS XE, NX-OS, STP, IPSec, VRF, Static, RIPv2, EIGRP, OSPF and BGP routing
• Integrated desperate locations via Data Center Interconnect (DCI) solutions using L2TPv3 and OTV
• Performed SDN Proof of Concept using Cisco ACI and VMware NSX to support DISA’s SDN initiative
• Performed UCS Director pilot to provide automated workflows to customers via an on-demand, self -service portal

Confidential

C5-ISR Aerial Layer Senior Network Engineer

• Installed, configured and maintained Cisco MARS, Harris 117G, EPLRS, and HNRe2 MLOS radios on PTDS, PGSS and RAID towers in support of the C5ISR WIN-T INC 1 Aerial Layer IP network extension
• Configured and maintained RIP network to support Harris 117G Mobile Ad-hoc Network (MANET)
• Configured and maintained OPSFv3 network to support Harris HNRe2 Mobile Ad-hoc Network (MANET)
• Installed and troubleshot fiber medium dedicated for Point of Presence (POP) and Aerial Node
• Established and maintained Cisco ASA IPSec LAN to LAN VPNs
• Created Port-groups and managed VMware Standard and Distributed switches

Confidential

TCF Network Engineer

• Performed BGP peering with the Global Information Grid (GIG) Black Core MPLS Mesh to transport data, voice and video
• Responsible for setting up Dual Hub DMVPN to provide services to 25 remote sites
• Supported large enterprise environment running EIGRP consisting of 225 routers
• Installed, configured and integrated VBRICK video appliances and configured Spare-mode Multicast throughout network fabric to stream AFN and GBS IPTV services to the service members located on local and remote FOBs
• In charge of administering FortiGate Firewall security policies to enforce IA controls
• Configured FortiGate firewall in VDOM mode to provide multitenant firewall services
• Configured RSTP and port-channeled inter-switch connections to increase bandwidth between switches, provide faster layer 2 convergence, and fault-tolerance in case of link failures

Confidential

Initial Responsible TAC Engineer

• Responsible for the configuring, integrating and troubleshooting Confidential Wireless Solutions (Enterasys and Motorola Wireless Suites)
• Replicated, debugged and troubleshot product related issues in a physical and virtual lab environment, supplied workarounds and worked with software engineering to correct bugs in the OS
• Provided personalized assistance via web, email, or phone to quickly address customer questions or issues.
• Assisted customers with RMAs

Confidential

INOSC Network Infrastructure Technician

• Maintained the Combat Information Transport System (CITS) network backbone that provided high-capacity transport of data, voice and video for all active duty and Air Force Reserve bases consisting of over 10,000 + network devices
• Responsible for configuring and maintaining Cisco and Aruba WiFi Access Points and network appliances
• Managed Blue Coat ProxySG to enforce DoD security policies across the network based on categories and executed granular control over selected web applications used for operations.
• Performed BGP route aggregation to suppress the advertisement of all prefixes, only allowing default route to decrease size of BGP routing table
• Established Site-to-Site VPNs on Cisco Integrated Service Routers (ISRs) to tunnel encrypted SIPR traffic across the unclassified NIPR network.

Confidential

GPS Network Technician

• Configured OSPF to provide end to end reachability for all devices within network infrastructure
• Provided EEM with IP SLA solution that generated email notifications with link statistics to inform NOC personnel of primary WAN link failures.
• Manipulated STP parameters to enforce Root Bridge placement and used BPDU Guard and Root Guard to enforce STP boundaries
• Implemented HSRP to provide default gateway redundancy and load balancing for client workstation traffic.
• Setup Network Time Protocol (NTP) to synchronize the time on network devices
• Provided Authentication, Authorization and Accounting via Cisco ACS and TACACS+ for network administrators accessing network devices.

Confidential - Eglin AFB, FL

Satellite, Wideband and Telemetry Systems Technician

• Operated, maintained and performed periodic inspection on Satellite and MLOS Terminal equipment such as up / down converters, LNAs/LNBs, modems and tactical UHF-band radios (SINCGARS, EPLRS)
• Responsible for installing, configuring, upgrading and patching network devices to include router, switches and firewalls.
• Configured VLAN Trunking Protocol (VTP) to maintain VLAN configuration consistency
• Setup Router-on-a-Stick implementation to provide inter-VLAN routing for voice and data devices
• Configured Access Control Lists (ACL) on VTY lines to control access to network devices
• Configured static routing throughout network to provide network reachability
• Monitored network performance via Solarwinds NMS