SUMMARY:

Over 20 years of diversified computer and network integration experience. Extensive background in Cisco Switches and Routers, Cisco VPN Concentrators, Cisco Firepower Threat Defense Firewalls, Cisco Firepower Management Center, Cisco Firepower Stealthwatch, Cisco ASA Firewalls, Cisco ISE, Checkpoint Firewalls, Multiple firewall load balancing devices and software, IPS (Intrusion Protection Systems), ATM switches, MPLS, VOIP, Microsoft Windows, Linux, Unix and Python .

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Design and implementation of security infrastructure for clients focusing on Cisco Firepower and ASA suite of products
• Design and implement complex routing and switch environment
• Redesign ASA environment using Route Based VPN solution (VTI) replacing Policy Based VPN solution
• Redesign DMVPN network across multiple Metro - Confidential connected locations
• Write Python programs for Cisco Firewall Management Console (FMC) to utilize the API in the FMC to migrate ASA rules and objects and Checkpoint rules and objects to a FMC.
• Write Python programs to collect, parse and analyze data, show runs and show techs from Cisco devices and Brocade devices.
• Configure and Install Cisco NGFW FMC and FTD firewalls at multiple customers
• Provide support and oversight for large base of customers

Confidential

Responsibilities:

• Consultant providing onsite customer network and security analysis followed up through new network/security design, remediation and implementation
• Design and implementation of Asbury Datacenter network devices and security devices
• Mentoring of junior level engineers
• Review Ehahau wireless survey reports

Confidential

Responsibilities:

• Datacenter migration and implementation,
• Multiple wireless deployments of Cisco 5508, 7500 and 8540 wireless network controllers deployment 3000 stores and 10 different corporate campuses supporting: anchor controller, flexconnect
• Cisco ISE implementation for Guest access with Cisco Wireless Controllers using EOIP guest wireless services
• Cisco ISE implementation for 802.1x authentication
• Cisco ASA deployment and configuration for nationwide VPN connectivity to business partners
• Cisco ACS implementation for 802.1x authentication
• Nexus Switch 5K,9K deployment and migration from existing Cisco Core Catalyst switches
• Configuration, deployment and distribution of various models of Catalyst Core and Distribution switches
• Migration from MPLS/DWDM only to MPLS/DWDM and Metro Ethernet using Cisco OTP.
• Cisco UCS VOIP Multi-State Implementation
• Creation of multiple python apps to aid in network documentation and management of Cisco IOS, IOSXE and NXOS switches including data parsing from Nexus 9k switches

Confidential

Responsibilities:

• Replacement and migration of entire Nortel Network for major Casino in Pennsylvania with Cisco Core Nexus switches and distribution switches including Nexus 7K and Nexus 5K
• International ISE deployment for Human Resources Company
• Cisco Anchor controller Guest configuration setting up EOIP between two international companies that were going through merger

Confidential

Contract Consultant

Responsibilities:

• Onsite Datacenter engineer installing and supporting routers, switches, wireless and ASA security appliances
• Implement Wireless Rogue Detection in 4600 stores using Cisco Wireless Controllers and Cisco Prime

Confidential

Responsibilities:

• Design, installation and support of Cisco Nexus 7K, Nexus 6K, Nexus 5K and Nexus 2K for clients throughout Pennsylvania for multisite enterprise networks
• Design, installation and support of Cisco Catalyst 4500x, Catalyst 4500 and Catalyst 6500 switches for clients throughout Pennsylvania for multisite enterprise networks
• Design, installation and support of Cisco VSS on Catalyst 6500 switches used as Core switch for DWDM backbone connectivity for Campus deployment for Enterprise customer.
• Design, installation and support of Cisco 5760 Wireless LAN controllers and Cisco 5508 Wireless LAN controllers in Enterprise networks exceeding 500 Wireless Access Points
• Design, installation and support of Cisco ASA, Adaptive Security Appliances for use as both firewall and VPN termination devices.
• Design, installation and support of Cisco ISE, Identity Services Engine for use in Wireless environment and with LAN connected devices for 802.1x NAC authentication. Implementations include: device provisioning, Web Authentication, 802.1x MAB, 802.1x EAP-TLS, 802.1x AD authentication, Guest authentication among others.
• Troubleshoot network and security issues on Enterprise networks, including determining location of network loops and security issues resulting from hacking from the internet.
• Network Design of Enterprise network and security solutions.
• Network Design and Implementation of VOIP QOS and Voice Vlans Cisco VOIP and Shoretel VOIP
• Design and installation of Cisco Meraki Wireless network components.
• Design and installation of Cisco Meraki Security and LAN network components for Enterprise customer with 20 remote locations
• Installation and Configuration of Cisco Nexus 7000 in datacenter and DR site. Configuration of OSPF for backbone routing protocol.
• Installation and Configuration of Cisco Catalyst 4500-x with 2960 Stacks in multiple IDFs configured to support VOIP using QOS.
• Installation and Configuration of Cisco 5760 WLC supporting 1000 Access Points, Multiple Corporate WLANs and Guest WLAN
• Installation and Configuration of Cisco Prime Infrastructure for Enterprise Network
• Wireless survey using Air Magnet for multiple casinos

Confidential, Harrisburg, Pennsylvania

Responsibilities:

• Installation and support of Cisco VSS on 6509's for PA. Senate Republicans
• Cisco hardware refresh for PEMA consisting of multiple 4500 Switches and 6500 series switches
• Wireless design and configuration for Clorox headquarters in Oakland, CA consisting of two Cisco 5508 controllers. Implementation required configuring new 5508 controllers so that they were in same Mobility group and same RF group as existing 4400 controllers.
• Cisco ISE Pilot implementation for PA Department of Health
• Post incident analysis for network outage at the PA. Turnpike. Required analysis of Cisco Nexus 7000 switches.
• Wireless Network design and configuration for PA Turnpike

Confidential, Harrisburg, Pennsylvania

Responsibilities:

• Support of Agency converged media networks (voice, video, data). Consisting of real-time Video Traffic and Voip traffic.
• Design and installed first Enterprise Wireless environment for Commonwealth of PA
• Designed solution to migrate Commonwealth Keystone Building from Nortel to Cisco switches. Environment consisted of 10 floors, 4000 users and 4 separate State Agencies
• Design and Implement Statewide DMVPN solution for over 120 PENNDOT Driver License centers and Photo Centers using Certificate based authentication
• Design and Implement IPS for data center protection
• Design and Implement 3G backup for over 120 Driver License and Photo Centers using DMVPN to encrypt traffic back across 3G network to central site in Harrisburg
• Implement Cisco WAF (Wide Are File system) and WAAS throughout the state of Pennsylvania for PENNDOT
• Deploy VOIP proof of concept using Cisco Unified Callmanager
• Deployment of VOIP QOS templates to all sites in support of enterprise VOIP
• Installation of a distributed Checkpoint Firewall Solution consisting of a stand alone management server and two Nokia firewalls
• Design and Implement core network changes to logically move the connection from the Unisys maintained mainframe Data Powerhouse Network behind the PENNDOT core network
• Author network security and response plan for PENNDOT
• Designed and implemented Cisco Secure ACS (TACACS) for over 400 Cisco routers and switches throughout the PENNDOT network.
• Implemented bandwidth and throughput analysis using Ixia Chariot bandwidth analysis tool
• Conducted Network infrastructure audit based on Cisco Best Practices documentation, resulting in plan to overcome deficiencies.
• Design and implement redundant router configurations for the PENNDOT MAN connection to the Riverside Office Center (ROC) and other Penndot Sites
• Design “Warm Site” disaster recovery site for PENNDOT
• Oversee daily operations of network consisting of over 400 devices and 300 remote sites
• Monitor enterprise firewalls on a daily basis to ensure that legitimate traffic is passing through the firewalls as it should.
• Maintain Cisco Content Services Switch for load balancing PENNDOT servers and applications
• Maintain and support district wide port security project
• Deployment of Cisco Identity Services Engine (ISE)

Confidential, Mechanicsburg, Pennsylvania

Communication Engineer Advanced, Lead Network Security Engineer

Responsibilities:

• Provided design and implementation support for: Network Security for the Commonwealth’s Internet Connection, F5 Big IP load balancing devices, FSecure Content Scanners, ISS Network IDS, Toplayer IDS Load Balancer, Toplayer Appswitch Load Balancers, Cisco 3015 VPN Concentrator, Cisco 3060 VPN Concentrators, Cisco Secure TACACS and Radius software, Cisco CSS, Cisco Routers and Cisco Switches, Checkpoint Enterprise Firewall solution for the Commonwealth’s Internet Connection, Funk Radius software, RSA Secure ID software and Marconi ATM switches.
• Network Engineer responsible for maintaining, troubleshooting and configuring network devices and connections between over 200 worldwide sites for York International Account. Included configuration of Cisco 6500 switches, 4006 switches and 2950 switches. Configured and maintained worldwide ipsec connected network using the internet as a backbone and Cisco Pix firewalls as the endpoints with one location using a Cisco 7206.
• Design team engineer responsible for research, design and implementation of 3 million dollar Enterprise VPN solution for the Commonwealth of Pennsylvania (COPA) . Resulting in deployment of redundant VPN concentrators at diverse physical locations, upgrade and implementation of two factor authentication, creation of supporting procedures and documentation and integration into current billing system. Included multi-vendor ‘bake off’ for product selection.
• Engineer in charge of design and installation of Cisco CSS load balancers and multiple Nokia 540 Checkpoint firewalls at Commonwealth Technology Center creating high availability firewall solution for Commonwealth DMZ.
• Install and managed load balanced IDS solution using Toplayer IDS load balancer in conjunction with ISS RealSecure Intrusion Detection Software to monitor network traffic for the NOC firewall security zones, the COPA internet firewall internal zone and the COPA DMZ/business partner zone. Created custom reports using Crystal Reports for specific reporting requirements.
• Network Security Manager for NOC, responsible for writing and implement network security policies.
• Responsible for implementation and maintenance of router configuration of CISCO routers and switches between the NOC and other entities.