SUMMARY:

Eager to bring a broad range of Windows, Active Directory and network administration knowledge and experience to bear on behalf of your enterprise. Experienced working in the smallest enterprises to the very largest global, multinational, and most advanced Active Directory implementations. Especially focused on securing and protecting your data assets while creating and maintaining a responsive infrastructure.

TECHNICAL SKILLS:

• Windows 10 and Server 2016, plus all progenitors back to NT 3.51
• Active Directory, Cross - Forest Trusts, OU management, Group Policy management, Kerberos, LDAP, NTLM, AD Replication, Site management, FSMO management
• Advanced PowerShell, Remote PowerShell, C#-embedded PowerShell including marshalling, PS Modules, PS Class Declarations, PS .NET exploitation, Advanced Windows batch (.cmd) scripting, JavaScript, VBScript, some T-SQL, some Perl
• Extensive Hyper-V experience, some VMWare ESXi experience, some vSphere training
• TCP/IP, IPv6, DNS, DHCP, VLAN, VPN
• SSL/TLS, Certificate Authority services, certificate management
• Cisco (and other) Switches, Routers, Firewalls, VPN appliances, PoE, SM & MM fiber some OSPF, limited BGP
• Anti-Malware, Anti-ADware and Anti-Spam defenses and strategies
• Exchange, Lync / Skype for Business, PSTN, VoIP, SMTP
• IIS, SQL Server, Backup systems administration including Backup Exec and SCDPM
• Some C#, .NET, substantial legacy VB6 including Win32api, multithreading, Windows Service

OTHER KNOWLEDGE AND SKILLS:

• Informal Project Management experience
• Familiar with Agile and SDLC concepts and practices
• Vendor and Contract negotiation and management
• Technical writing, user and help desk documentation
• Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA)
• ITAR qualified / eligible: DFARS, OPSEC

PROFESSIONAL EXPERIENCE:

Site IT Administrator (Windows System Engineer)

Confidential

Responsibilities:

• Support new user provisioning in MFA environment.
• Maintain Active Directory OU and sub-OUs for the site (Users, Groups, Computers/Servers.)
• Upgrade (remediate) user workstations (mostly laptops) to use bitlocker and MFA, and perform rolling reimage to Windows 10.
• Support user problems resolution, printing issues, file access approval tracking and management, transition users to recently-implemented ticket system and corporate help desk.
• Bring all servers to current maintenance / patching levels.
• Instruct and guide local IT support in implementing Windows file security best practices in an ITAR and OPSEC environment involving complex access and security issues.
• Create, document, and implement a script (PowerShell) to re-establish all file security settings over a critical set of highly-sensitive engineering resources and documents- establishing at the same time a two-level role-resource security model in Active Directory (also partially scripted.) This script is designed to be re-executed at any time in order to ensure that data security precisely matches the policies encoded in a machine-readable (.,csv) document.
• Migrate virtual machine servers from older end-of-life Hyper-V hosts to upgraded newer ones to improve energy efficiency, reliability, manageability, storage and memory utilization - shutting down 11 out of 15 physical hosts. Transitions performed variously by live migration; replication and failover; and VM cloning from WS2008R2 to WS2012R2 hosts. Some VMs required extensive reconfiguration of VHD architecture due to prior methods of resolving storage constraints: one is larger than 6.5 TB.
• Migrate six virtual machine servers over the wire and mostly live from New York State site to Redmond site via Hyper-V replication and planned failover. Some were larger than 2 TB.
• Implement Business Continuity / Disaster Recovery support by upgrading a surplused but under-warranty physical host, creating Hyper-V replicas of all critical virtual servers, and then relocating the host to Eastern Washington.
• Construct and implement automation to ensure that BC/DR replication remains healthy with very minimal if any manual intervention.
• Construct automated scripts to report on security and BC/DR health for audit purposes.
• Work with permanent site IT manager (FTE) to plan for implementation of better virtual computing environment involving blade server hosts in either Hyper-V or VMWare clusters with shared storage.
• Document recommendations for future development to corporate IT management in CT and NC.
• Propose and implement small datacenter environmental monitoring and alerting solution using ABC NetBotz appliance and temperature-humidity sensors with email and SMS alerting capabilities.

Service Availability Engineer

Confidential, Bellevue, WA

Responsibilities:

• Worked to prepare Microsoft Active Directory infrastructure for full roll-out of Windows Server 2016 with updated Active Directory support, which will involve rebuild of hundreds of highly sensitive servers.
• Rewrote the Domain Controller Patch-and-Reboot process to make it a fully automated robot and shrink the monthly patch-deployment interval across about 300 servers to 96 hours with absolutely minimal human intervention and full reporting / logging.
• Participated in AD Support on-call rotation.
• Responded to an inter-domain trust failure major incident while monitoring DC reboots (but was not the on-call member) and was the first person to identify that the event was caused by improper deletion of Well-Known SIDs in multiple domains (apparently by another engineer’s inadequately vetted automation script for purging stale FSPs.)
• Improved Domain Controller monitoring and patch-audit processes using PowerShell.
• Updated, corrected, and streamlined Domain Controller deployment scripts for WS2016 including adding a shared script module (.psm1) embedded C#, and better logging features.
• Supported several Domain Controller move projects and the Puerto Rico hurricane recovery.
• Diagnosed and corrected name resolution and other issues related to certain server and service decommission activity and implemented AnyCast DNS on all Domain Controllers.
• Coordinated decommission and rebuild activity with DNS team including decomm of WGIA domain.
• Circumvented WS2016 support issues in VBOS by creating and distributing preconfigured, sysprep’ed VHDs to worldwide sites where they were used for RODC redeployment.
• Worked to mitigate impacts of certain WS2016 support delays in other teams.
• Worked to mitigate impacts of two major Microsoft datacenter closings.
• Mentored and supported an FTE new hire in same team - openly shared all knowledge.

Microsoft System Administrator

Confidential, Bellevue, WA

Responsibilities:

• Improved team responsiveness by cutting through months-old support ticket backlog and bringing Lync/Skype support queue current (about 20:1 ticket queue reduction)
• Worked to further improve responsiveness by documenting common user issues and effective resolutions for Tier 1 Service Desk knowledge base
• Wrote client-side diagnostic and remediation tools / scripts
• Offloaded service availability and deployment teams that deal with server-side issues
• Wrote framework of new Operations Manual initially covering Skype for Business (Lync) and Exchange in both On-Premises and Office 365 deployments - including on-boarding information, introduction to ticketing system and practices, descriptions of how to access administrative tools for On-Premises and Office 365 services, descriptions of local administrative tools and their use, descriptions of client dependencies, descriptions of various problem remediation procedures, descriptions of common client-reported issues enumerating applicable remediation procedures

Service Availability Engineer

Confidential, Redmond, WA

Responsibilities:

• Served as liaison between Confidential IAM and Store Engineers NSO Team in support of 40+ New Store Openings
• Attended weekly New Store Opening meetings with members of Confidential and the Retail Store Engineers Team to coordinate work related to building and opening new stores
• Protected store-opening schedule by configuring Active Directory sites and links and building, deploying and promoting in-store Read-Only Domain Controllers in consistently timely manner
• Contributed to smooth store Grand Openings by attending live store-opening calls and responding immediately to any suspected Active Directory-related issues
• Prevented business disruptions by independently identifying, diagnosing and repairing/patching critical in-store RODC issues
• Helped prevent losses by responding to Retail Store emergencies; for example shutting down and securing in-store servers before - and restarting/verifying them after - Storm Sandy
• Attended daily “War Room” calls where the migration project was planned and managed
• Helped prevent costly missteps by counseling on Active Directory cross-forest trust and Security Group nesting and other critical trust issues
• Supported Store Engineers by implementing required Security Group and Organizational Unit structures, and Retail Technology Group by creating, maintaining and managing required Group Policy Objects
• Prevented delays and blockages by attending in store migration calls when existing stores moved to new Active Directory forest
• Mitigated security risks by tracking and closing out and decommissioning deprecated Confidential resources for migrated stores
• Ensured continuous business operations by monitoring and maintaining roughly 400 Active Director Domain Controllers globally across all of Microsoft Corporate
• Minimized or prevented business impacts by performing initial triage for reported Active Directory availability and performance issues - including “after-hours” alerts - and by approving actions and engaging other teams as appropriate
• Further minimized impacts by Identifying, isolating, diagnosing and resolving issues and failures in Domain Controller operation, connectivity, availability, loading, replication, and software and firmware faults across 24 Confidential Active Directory domains and 12 forests.
• Helped ensure business continuity and recovery by managing Domain Controller backup subscriptions (backups performed by MS Data Protection Services using SCDPM)
• Helped maintain server infrastructure by directing and tracking orders for new domain controllers in numerous countries worldwide by national procurement teams
• Kept Confidential infrastructure current by rebuilding Domain Controllers remotely from W2008R2 to WS2012, then to WS2012R2, and some further to WS2016 MR2, TP3 and TP4 - as many as 20+ complete rebuilds a week during deployment sprints.
• Protected sensitive data by initiating and tracking secure decommission of end-of-life Domain Controllers worldwide
• Ensured smooth functioning of team projects by maintaining and extending Domain Controller deployment and monitoring scripts (advanced PowerShell and very advanced Windows Batch) and related monitoring automation
• Developed expert level skills in both PowerShell and legacy batch (cmd) highly advanced scripting; wrote high-value auditing and interrogation scripts using PowerShell Remote Scripting, .WMI, Net sockets (TCP / UDP) and other advanced concepts to interrogate, monitor and manage large numbers of servers very efficiently
• Worked with our dedicated SCOM developer / administrator, suggesting monitoring improvements implemented for our Domain Controllers, particularly to suppress false alerts.
• Ensured code currency by maintaining and extending Domain Controller auto-patching (“Patch Tuesday” response) scripts and then monitoring auto-reboot cycles; and additionally by performing semi-annual major server firmware, software and security patching (called “IPAK”) on all Domain Controllers
• Verified and maintained domain controller Antivirus policy configuration - FEP, SCEP
• Responded to day-zero threats by quickly deploying or helping deploy special patching across hundreds of servers in a single shift or less
• Ensured server maintainability and security by maintaining and verifying Remote Management Boards (remote “KVM” console controls) on all physical Domain Controllers worldwide
• Ensured team continuity and standardization of effort by maintaining and extending team procedural and reference documentation (team “cookbook”)

Lab Engineer

Confidential, Redmond, WA

Responsibilities:

• Supported Partner testing by deploying specified configurations (called ”topologies”) of Lync Server and Exchange Server UM, including alpha test versions of Lync Server W15 in new shared-service modes later used in Office365
• Helped standardize partners and devices testing and certification process by rigorously documenting test topology deployment procedures incorporated directly into published Microsoft test and certification specifications for business partners
• Enabled testing with global business partners by ordering and managing isolated Direct Internet Access (“DTAP”) subnets
• Supported gateway device testing by managing and maintaining inventory of Telco PRI lines
• Streamlined partner test deployments and test processes by constructing two networks of Hyper-V servers on isolated DTAP using repurposed servers, firewalls and switches
• Integrated three large labs and two “vendor bays” by ordering and implementing new fiber connections between new Cisco switches and copper extensions to workbenches
• Maintained software and firmware currency on scores of lab test servers
• Improved lab responsiveness by auditing and reorganizing equipment inventories

Service Availability Engineer

Confidential, Seattle, WA

Responsibilities:

• Responded to trouble tickets on massive hosted Exchange clusters worldwide
• Ensured availability and data protection by resolving / repairing mailbox database replication failures and other emergent issues
• Helped maintain SLAs by investigating performance and other issues identified by SCOM
• Escalated hardware issues to appropriate datacenter teams and tracked resolutions

Manager, Technical Services

Confidential, Kirkland, WA

Responsibilities:

• Oversaw all technical infrastructure: Windows Servers, networks, legacy computer systems and storage, operating systems and licensed software, all voice and data communications systems, environmental systems; negotiated hardware, software and vendor contracts
• Protected code investments and streamlined development and product upgrade deployments by implementing version control system (Subversion) and migrating existing source code and revision history intact from an older version of Virtual Source Safe. Worked with development manager to implement formal release-management and defect-tracking/response framework.
• Protected business continuity as project manager on highly successful Y2K remediation
• Enabled new business and market initiatives by leading implementation of Windows technologies and virtual desktop (Citrix) service delivery (SaaS) for external clients, and developing novel solutions to problems encountered deploying this emerging technology in real-world business services
• Managed Microsoft Certified Solution Provider contract and subscriptions
• Helped maintain business continuity and control costs by proposing and implementing novel technological solutions during severe corporate downsizing (2001 - 2010)
• Supported cost-control measures by planning and managing or helping manage two complete datacenter moves including all networking, Internet access, IP and DNS changes, firewall changes, physical breakdown / relocation / re-installation, and other reconfiguration
• Windows and Active Directory Administration, Network Administration:
• Managed and maintained a farm of about 25 Windows and one Netware server, and up to 100 user workstations
• Protected critical assets and Protected Healthcare Information security by creating and managing three separate Windows NTLM domains (migrated to Active Directory ca. 2000) and inter-domain trusts
• Specified server and network hardware and managed it in production
• Further protected asset and information security by researching, selecting or building, and managing perimeter defenses, DMZ network, firewalls and firewall policies, endpoint malware protection, and anti-spam defenses; successfully repulsed hundreds of malware attacks and notably all such after 2001 and through 2010
• Protected employee assets (as well as hardening corporate defenses) by learning to clean worms and root kits non-destructively from employees’ personal (home) computers and teaching employees proper procedures and required resources to prevent recurrence of such infection
• Enabled external partner data sharing and employee remote access by specifying, installing and managing effective, secure and integrated VPN solutions
• Enabled deployment of client SaaS products and services using Citrix Metaframe servers in a secure high-availability (loosely clustered redundant) configuration
• Maintained corporate presence, optimized connectivity and controlled costs by negotiating, managing and administering ISP contracts and connections, domain registrations, IP address space, DNS, DHCP, file and web services and email systems
• Enabled key business initiatives by writing several specialized support applications in MS VB6/Win32API. Later performed limited application maintenance in C# .NET. Yet later studied .NET, WPF and XAML with purpose of migrating some of these applications to newer standards.
• Enabled improved SaaS user experience by developing a number of highly specialized JavaScript utility projects including a highly-flexible context menu system, two different calendar date-picker controls and a recurring-event scheduling control for a complex browser-deployed “desktop-like” application suite
• Enhanced worker productivity by managing and extending user workstation technology from WFWG 3.11 through all of Window 9x, Windows 2000, XP and Vista
• Maintain business continuity by responding to all service availability and performance issues

Legacy Systems Administrator

Confidential

Responsibilities:

• Controlled costs by managing hardware vendor and maintenance contracts and leases
• Integrated operations by planning administering of TCP/IP implementation on legacy system, (replacing leased-line networks and legacy terminal systems with Windows workstations)
• Further controlled costs by converting legacy systems to run under FLEX/ES emulator running under UNIX on an Intel server - replacing a roomful of processor and DASD arrays with a Dell server
• Protected code investments by maintaining and extending legacy systems written in COBOL, ADPAC and S/390 Assembler
• Enhanced productivity and controlled costs by selecting, contracting, implementing and administering telephone system, voice mail, Telco and toll services vendor contracts; and by enabling initial VoIP implementation
• Assured compliance with regulatory requirements by serving as rescue Project Manager for HIPAA Privacy Rule implementation with just six weeks remaining, by designing a novel approach that resulted in successful implementation meeting deadline
• Served as Project Manager for HIPAA Security Rule implementation
• Served as HIPAA Compliance Officer
• Designed and implemented key sections of HIPAA Transactions and Code sets compliance project
• Coordinated all implementation and testing of HIPAA-compliant payee and clearinghouse claims submission