SUMMARY

Highly motivated, innovative and knowledgeable individual with over 14 years of experience in systems engineering, project deployment, enterprise architecture, business analysis, technical leadership and IT operations.

PROFESSIONAL EXPERIENCE

Project Architect / Technical Lead

Confidential, Richmond, VA

Responsibilities:

• Originally hired on to assist engineering but due to my extensive skillset and previous background in architecture and project deployment, I was then tagged by management to help tackle their largest project to date. I eventually ended up serving as technical leadership for not only this project but for areas such as web/systems architecture and dev ops as well.
• 6 month project focused primarily on a business requirement to stand up a second datacenter for failover, coupled with a security requirement of implementing new Palo Alto firewalls and zoning off network traffic in a more secure manner.
• Responsible for detailing out technical tasks and processes required for standing up the additional datacenter and implementing a disaster recovery failover system, consisting of 11 separate workloads, 3 companion projects and over 150+ major tasks.
• Ensured that all systems were configured to provide maximum performance, meet best practice standards, and account for the latest features such as VCS/PCS 6.5 HA architecture.
• Deployed SRM settings and configurations, creating various protection groups based on applications and services.
• Create zone segmentation and overall design layout for Palo Alto implementation in addition to all planning aspects for testing and cutover implementation.
• Provided designs and assistance on deployment and testing of Palo URL filtering as a replacement to an unorganized Sophos implementation.
• Documented full repair requirements in conjunction with their change management system, detailing out all current issues and assigning level of importance based on the project requirements, and an entire Active Directory forest replacement slated to occur later that year.
• Provided full documentation and designs to move away from corrupt outdated domain design and into new properly segmented and configured AD forest/environment.
• Provided rudimentary baseline to bring all four sections of IT into a foundational agreement
• Created Visio based diagram detailing the current environment including all datacenters and locations, now and future state. Broken down into system subsets based on the agreement, such as network, DNS, AD, load balancers, SQL, etc..
• Performed extensive deep level review of their existing core systems to provide detailed data flow charts for web and custom applications passing through incorrect load balancer implementation.
• Created action plan to secure major risks and meet the primary project demands as well as a detailed design on proper architecture and how to get there.
• Reviewed their existing environment to identify several major security issues, created and executed correction plans for each. Including items such as AWS unsecure calls, external DNS mapped to internal servers.
• Complete overhaul design of their existing DNS internal and external. Eliminating wildcard security leaks, segmenting off DEV, QA, UAT, and PROD environments in addition to accounting for the new datacenter and migrating resources.
• 1 - 3 month long projects where my time was focused primarily with the hands on technical aspect and deployment of each.
• Created detailed action plan required to move from onsite to exchange 2007 to Office 365 and deployed POC trial.
• Handled all aspects of this initiative including: Current configuration reconnaissance, GPO creation, testing review, documentation, automation and ongoing corrections
• Rebuilt complex scripts provided by subcontractor to design a simple set of 3 steps, simplifying the deployment.
• Built new images for use as their golden standard on desktops and laptops, focusing on a clean baseline with various post installation tasks to allow easy OS swap.
• Major GPO and permission overhaul to eliminate a ton of manual processes and reduce administration complexity. o Built and deployed a custom patching solution based on business / IT requirements and the companies’ lack of a true patching solution or funds to purchase at the time. Solution was based on WSUS combined with scheduled tasks and VBS to call upon the windows update service within a machine.
• Also created detailed action plan on implementing this solution into the business to ensure pilot testing, confirm security through Nessus scanning, prevent system interruption, and ensure continuous uptime.
• Provided insight on previous VDI deployment experience detailing out several solutions and the pros and cons for each based on Elephants business and technical needs. Citrix, RDS, and VMWare Horizon were all compared based on either a Wyse device or Linux client solution.
• Wiped, reconfigured and virtualized their entire K1000 series system for use in patching and asset management.

Owner - Linux Engineer / Android Developer

Confidential, Richmond, VA

Responsibilities:

• Linux system changes per NSA guide book, excluding those interfering with home use. FW rules, Apparmor profiles, Fail2ban configuration
• Generated full product testing jobs for API, MySQL stp, and PHP code confirmation executed after each build.
• UPnP used to locate home router and automatically setup port forwarding with no manual interaction oCrontab used to execute elevated commands via DB query and confirmation
• Custom ports and security configuration, Sec2 mod installed and configured and SSL applied to all sites API site with public access for Android POST operations
• Created complex stored procedures with (security definer) accounts for granular STP permissions Use of transaction method for rollback inclusion in the event of an error o All data stored with AES 256 encryption through user defined passphrase
• Custom security set through configuration ini files
• Web Console for the server was created on PHP with some static HTML content and CSS Android API based on POST forms with backend restricted functions Created all PHP functions ensuring SQL injection scrub before SQL STP calls
• All code stored with GitHub VMware Snapshots utilized before changes Periodic ISO captures stored in cloud services for DR
• Built with Android Studio, full details available upon request.

Infrastructure Team Lead

Confidential. Richmond, VA

Responsibilities:

• Team lead and top level engineer for their infrastructure department. Primarily in charge of system research and development using open source based solutions. Assisted the team through project management, weekly review and served as their “go to” resource for Windows, Linux, network, and architecture needs.
• Performed oVirt research and development (vCenter and ESXi Open Source Alternative)
• CentOS based SAN creation
• Deployed Spacewalk for CentOS Linux patching
• Scheduled Linux backups with Bacula
• Implemented free RADIUS with Google Authentication integration
• Tested various PKI alternatives to Windows AD PKI
• VMware administration
• Provided network redesign architecture and project plans for moving from a flat to segmented network.
• Zimbra administration: (Open Source Exchange Alternative)

Systems Architect / Lead Engineer

Confidential, Richmond, VA

Responsibilities:

• System architect and top level engineer for the infrastructure team, handling system design, process automation, business workflow improvement and project implementation for parent and child companies with 9 offices in 5 states 1000+ employees, 460+ servers. Supervisor to 6 technicians and responsible for transition of current business operations to newer technology based solutions.
• Right-hand to the VP of IT for technical review of all new and existing systems
• Backups accounted for and taken at regular intervals ( Avamar )
• HA ensured by load balancing systems as active/active between data centers.
• Power management and cooling monitored and accounted for via proper setup.
• Handle all product reviews, POC and selection for purchase
• Worked directly with the security audit team to implement or create technical solutions as needed. o Involved in all change management meetings to make sure all exceptions and considerations accounted for. o Reviewed systems during company acquisitions to provide merge process with our existing technology.
• Planned and implemented VSA and VDP based solutions at each of our branch offices
• Designed and architected full network layout logical and physical to support function
• Separate vCenter essentials server was setup to manage each branch
• Dell VRTX migration from VSA was implemented 2 years later as a new tech solution o Upgraded 5.0 to 5.1 for VC, Update Manager, and SRM in our main datacenter
• Required jumping into the ADSIEdit tool in order to correct an issue with SSO naming o Assisted network engineers with local and distributed switch configurations.
• Recommended and implemented LUN security via subnet and initiator address o Create, expand, delete LUNs when needed
• Designed and constructed new SharePoint 2013 farm
• Migrated all DB’s over from 2010 systems and upgraded on 2013
• Moved from single datacenter hosting to multi center LB through our NetScaler
• Configured MS AppExpert Templates for NetScaler
• Integrated Office Web Apps server cluster for Web viewing of documents o Primary admin for all front/back end systems.
• Workflow creation and process automation through SharePoint Designer.
• Designed and architected multiple solutions for moving from our 2007 setup to a full 2013 farm o Vendor aided in schema update and actual merger of 07 and 13 but all other aspects were tasked to me VM Creation -S/R Connector Setup -Journal S'etup -SCOM Alert Selection
• Originally implemented on our 2007 system and on-site data centers o Migrated to our offsite data centers during EX 2013 move and integrated into the NetScaler
• Tasked with restructuring and scaling to a proper enterprise grade farm.
• MB / Email Archiving, Discovery Accelerator, SQL Server, and Journal Retention o Required a full upgrade before Exchange 2013 integration o Required working with the vendor for theoretical “how to” do such a move o Tested confirmed, and trained new hire admin on process for completion
• Integrated Avamar backup process using PowerShell scripts to eliminate Backup Exec requirement
• Redesigned their contractor 3 leg implementation to properly secure 2 leg with admin subnet
• Deployed content switching policies to reduce our public IP footprint routing all addresses to a single IP
• Created security policies to restrict access to certain applications from outside the network
• Created LB policies for balancing services across multiple servers and datacenters
• Deploy AppExpert templates for complex system integration
• Citrix policies, App publishing, Permissions configuration. o Helped to integrate App Sense for limiting Excel to a certain CPU threshold o Thin client auto configuration and management through
• Redesigned entire AD environment for new line of business during a company acquisition. o Cloned entire domain to test forest raise against company designed code. Designed policies to automate, secures, and manage items that were being done manually.
• Constructed GPO’s to apply security hardening to various servers based on their role and audit security requirements
• Maintenance / migration of databases, security, ODBC, data pull and reporting. o Create databases when needed for complex scripting and process automation. o Create stored procedures for external system quick read and integration
• Responsible for all certificate operations within the company. o Integrated GPO’s to hand out root certificate
• Created policies to assign coding certificates to the developers for app signing