CORE COMPETENCIES:

• Datacenter/Architecture
• TCP/IP Routing
• SAN (NetApp - EMC)
• IT Architectures
• Datacenter/Infrastructure
• IT Security
• Unix/Linux/Windows
• VMware Virtualization
• Cloud Computing
• Database/Backup/Retention
• Vendor Relations
• Team Building/Leadership

PROFESSIONAL EXPERIENCE:

Confidential

IT Infrastructure and Security Architect

Responsibilities:

• Drawing from my solid 10 years hands-on experience from my previous company in Security, Infrastructure and Systems, I led a multidisciplinary team of technology and business stakeholders to understand their business needs so proper IT Strategies can be conceived to align to those needs for the Confidential .
• What was at stake was the relocation of their primary data center from Tunisia to the Ivory Coast and prep the former site to act as a DR site.
• The scope of this project was to provide and end-to-end secure environment.
• After going through the various stage of assessment/requirements, analysis, planning and design; the following undertakings were accomplished in the areas of Security, Network (routing and Switching), Systems (Unix, Linux, Windows) and Clouds (VMware, AWS)
• With the lack of a sound correlation tool as a one-stop-shop, used a combination of reports from Splunk, Bluecoat packet shaper, NetFlow traffic data collection from edge routers and switches, as well as Span Traffic to Gigamon from the core and aggregation switches destined to Fluke, to get a correlation analysis of current traffic patterns and load, and anticipated 3-5 years growth for proper sizing and recommendations for future growth. Initial discussions with the stakeholders to understand future trends and what was on the horizon for the next 3-5 years was considered to provide a proper design and implementation.
• The implementation phase based on the design, introduced high-end devices; Cisco ASA to provide firewall protection, IPS/IDS against Intrusion, AMP from Cisco newly acquired Sourcefire Products for advance malware protection in combination with IronPort as WAF (content filtering and malware protection). IronPort appliance for mail encryption and protection was also deployed. BlueCoat WAF proxy services was redeployed to provide WAF on the guests and contractors network.
• F-5 provided LTM as a load balancer, ASM as a WAF, and AFM as an application centric proxy-firewall, as well as APM for IPsec VPN and its I-Rules features for an extra layer of protection. Both AFM and ASM provided low- to mid-level DDoS attacks because of a "DDoS chipset" meant to absorb the traffic. (This only applies to higher-end models like 5000 series and above) For volumetric DDoS protection, recommended providers like Silverline, OpenDNS, Neustar, etc… to choose from.
• SAML through Ping Federate integrated with AD provided SSO to external vendors and some internal apps. SAML became useful to remote offices on Cisco ISR g2 for AD authentication through Cisco CWS for content filtering and malware protection to access the Internet. Also, Centrify an integration tool with AD to use AD credentials for authentication and access to Unix/Linux environment, with the audit/record/replay feature enable.
• MobileIron was deployed to manage corporate issued cell phone with digital certificates authentication.
• Deployed ISE, Cisco identity service engine, to replace Cisco ACS, NAC server and NAC guest server for authentication/authorization through IEEE 802.1X with PEAP and MAB based on predefined identity and identity stores, conditions, rules and policies enforced at the edge of the wire and wireless network before granting access. Upgraded remote switches to support dot1x with ISE.
• For PKI, I recommended using a third-party CA (Entrust) since the internal CA implementation was still in a POC phase. Based on a CSR a certificate will be issued. Certificates were issue to MobileIron to manage corporated mobile devices, to ISE to manage authentication and authorization at the edge of the network before granting access. Certificate were issued to Proxy devices, IronPort WSA, BlueCoat to manage Outbound HTTPS connections and F-5 for inbound HTTPS connections.
• The private cloud security was enhanced with cisco VSG (virtual secure gateway) and VSM for a more granular control of the various vlans.
• Conducted a Business impact assessment (BIA) by interviewing various department to establish RPOs and RTOs for a new DR deployment
• Provided a sound design to upgrade the subsystems and introduced new COTS technology for both the Primary and DR site.
• Provided guidance on new hardware acquisition after evaluating various vendors offerings.
• Deployed Cisco VSM and VSG into VMware Vsphere as a security enhancement to provide granular management of interfaces and firewall services to the VMs.
• Deployed and Manager High-end Cisco routers and swithes (Nexus) with the WAN running BGP and OSPF on the Internal network. Edge routers were configured with zone-firewall enabled, QOS for voice and teleconferencing on Polycom were configured. Configure Jumbo Frame, LACP, etc… end-to-end to optimize data flow between SAN, NAS, Database, backup processes. Also configured, Cisco PfR to optimize data flow on the multiple BGP routes on the MPLS/WAN
• WWAN with access-points and controllers were deployed and managed by ISE with anchor controllers configured in DMZ for devices other than the company owned.
• Deployed Ncircle as a vulnerability scanner, assessment and management.
• Lead the vendor relation to discuss, and evaluate various products and solutions, anything infrastructure, ranging from network, Security, SAN/NAS, etc…
• Conducted a Business impact assessment (BIA) by interviewing various department in order to establish RPOs and RTOs for a new Disaster Recovery DR deployment
• Provided a sound design to upgrade the subsystems and introduced new COTS technology for both the Primary and DR site. DR has to essentially be a mirror of the primary which lead to introduce VMware features such as site recovery manager (SRM)
• Configure Unix/Linux servers to support Oracle RAC Cluster as well as Netbackup agents. Shell scripting

Confidential, Herndon, VA

Manager IT Infrastructure and Sec/Enterprise IT Architect

Responsibilities:

• Fully designed, built and managed The enterprise IT infrastructure and security which includes 107 sites on a MPLS cloud to support 55,000 users - 1 Primary datacenter in Ashburn, Virginia and a secondary data center as DR in Salt Lake City, Utah - Hosting a private “Cloud” on the following platforms - Cisco UCS - HP Blades Servers - Dell - Cisco Nexus - Cisco Cat6509 - Cisco routers and Nexus switches - Cisco firewall ASA and FWSM - Cisco ACS and ISE - IronPort 360 (Mail Gateway and encryption, CSA/WSA) - BlueCoat (Packet Shaper and Content filtering) - nCircle (vulnerability scan) - MobileIron - F5 - Avaya CM - NetApp SAN 4x3270 – EMC VNX – DataDomain – as well as Systems/applications – PeopleSoft – Oracle RAC – VMware – MS Exchange – Linux – Solaris – Windows – Splunk – F5 – MS SQL – Symantec Netbackup, etc…
• Managed a team of Data Center Engineers, Infrastructure Engineers, a Solution Architect, an Infrastructure Architect, Network and Telecomm Engineers, NetApp/EMC SAN/NAS Engineers, Oracle DBAs, PeopleSoft Administrators and Windows/Exchange Administrators.
• Managed Vendor relations and an annual budget of ~3 million dollars to cover both CAPEX and OPEX.
• Redesigned the primary datacenter to support 10G at the core, reduce the real estate footprint, virtualized core applications and services on VMware Vsphere, Cisco UCS/Fabric Interconnects, HP blade servers, NetApp/EMC/Data Domain SAN/NAS with Cisco Nexus switches as the aggregation layer and built a private cloud, with full redundancy which led to a lower Total Cost of Ownership (TCO) and a greater Return on Investment (ROI.)
• Designed and deployed a new disaster recovery (DR) datacenter in Salt Lake City from ground up as a mirror of the primary Datacenter, with a prior Business Impact Assessment that defined RPO/RTO for all enterprise core applications and services.
• Led the design of the core security architecture, to include zone firewall at remote sites, and deployed at the HUB, FWSM (Firewall Service Module) on cat6509 to protect internal apps, ASA Firewall at the perimeter, and a suite of subsystems such as IronPort as a mail gateway/Spams filtering/Virus protection, IronPort Mail Encryption, IronPort content filtering for the Staff, Bluecoat content filtering for Students, F-5 as the load-balancer, Cisco IPS and VPN on ASA.
• As the Enterprise Architect, redesigned the WAN and migrated over 100 sites from a Frame-Relay Network to a MPLS network over BGP providing multiple paths for failover with minimum downtime to business operations and enhanced VoIP QOS for the Avaya environment and Video Conferencing. Introduced PfR (Cisco Performance routing) for optimized load-balance on the Metro-Ethernet over OSPF.
• Other enhancements including 3G/4G LTE Wireless on Cisco HWIC as backup link for remote sites.
• Led the core build of the PeopleSoft application stack with an Oracle RAC backend to replace the Student Information Systems on Universe Database, the CRM on Talisma as well as the implementation of a new data warehouse on Oracle EPM and Cognos in a Linux/Windows environment to replace Sun Solaris on Sparc.
• Led the team in a new implementation of classroom video conferencing over 100 campuses on Polycomm infrastructure
• Led the implementation of VoIP and SIP Trunking to two call centers.
• Oversaw the deployment of Cisco ISE and Prime in replacement of ACS/NAC Guest and wireless controllers management.
• Introduced SAML through Pingfederate to provide SSO access to both internal and external applications

Confidential, Silver Spring, Maryland

Infrastructure Architect

Responsibilities:

• Design and implemented a NOC (Network Operation Center) that did the Monitoring and Management of all of the Confidential sites
• Trained, manage and coach a team of Network and Systems Engineers
• Supported HP Openview NNM (Network Node Manager) on Solaris, BMC Patrol monitoring Software. Troubleshooting on Cisco routers, Switches, CSU/DSU, Nortel Contivity, and Compaq Tru64 Unix as well Sun Solaris. Administration of Sun Solaris and HP/Compaq Tru64 Unix.
• Administration of Legato backups
• Use of Remedy to create and managed trouble tickets.

Confidential, Reston, Virginia

Senior Engineer

Responsibilities:

• Responsible for the design, implementation and maintenance of the VPN services which included configuring and maintaining IPSec on Nortel Contivity, CheckPoint and Cisco Pix firewall
• Set up and maintained customers profiles on Cisco Radius ACS and PKI servers (Entrust-based) that provided strong authentication through Digital Certification.
• Configured and Managed Check Point, Cisco Pix and Raptor firewalls
• Troubleshooting of BGP on the MPLS network as well as OSPF and GRE Tunneling of IPSec. Provided configuration and support on X25 Networks.
• Other Tasks included advanced Unix system Administration of the Radius server, the IPSec client download website, DNS and MRTG.
• Designed and Implemented SNMP based router-backup and MRTG on Sun Solaris servers using Perl and Shell scripts.
• Provided support to the implementation of a VoIP project with Gatekeeper.
• Designed and Managed the CCIE LAB.

Confidential, Columbia, Maryland

Systems Engineer

Responsibilities:

• Managed, configured and troubleshooting a TCP/IP network over FRAME RELAY of more than 1000 node-connections to a variety of high-end Unix Servers. This network provided services to the claims department, doctor offices, the headquarters and other service providers.
• TCP/IP Network security management with access control lists on Cisco routers and Gauntley FIREWALLS.
• Provided performance tuning and capacity planning based on trend analysis on collected historical data on all systems with BMC Patrol management suites.
• Unix System administration to provide support to the Oracle Databases. Managed Disk Storage on Hitachi SAN.
• Shell/Perl Scripting

Confidential, Columbia, Maryland

Unix Sr. Systems Administrator

Responsibilities:

• Managed a Unix-based TCP/IP network with gateways in twenty remote locations, supporting X25, FRAME RELAY, PPP and HDLC encapsulation.
• Also managed the front-end interface of a network segment to a SNA network.
• Internet security management through Cisco routers, and Gauntlet (TIS) proxy FIREWALL. Provided DNS, SNMP, SMTP, and RIP management.
• Configured and managed GATED on Unix hosts.
• Integrated third party software, HP Openview and BMC Patrol management suites to provide systems management and monitoring of all SNMP-based end nodes.
• Wrote API-based recovery actions (PSL, Shell, Perl and C)
• Performed system and database (Progress) administration on all Unix platforms.
• Involved in the life-cycle development, including project management, of a proprietary software to provide connectivity among heterogeneous networks
• Developed socket level, C programs for Tunnel Gateways to provide transparency, over TCP/IP, to database applications crossing various protocols and Interfaces including SNA and Mqseries.
• Performed Unix systems administration.