PROFESSIONAL SUMMARY:

Self-inspired and results-driven network / security / architect / engineer with extensive experience in designing, creating and managing multi-platforms focusing on LAN/WAN/Security systems, leading people and meeting goals. Managed project teams, implemented and supervised technology programs, administered multi-million dollar budgets, always staying focused on achieving results and ROI. An experienced network / security / architect / engineer who combines creative design and solutions thinking with excellent interpersonal skills -- efficient, well organized and accurate.

EMPLOYMENT:

Confidential - Professional Services

I joined Check Point to be on the bleeding edge of Security Technologies and have learned more than I could have imagined possible in a brief period of time. My primary function has been migrations since I started. Each engagement has brought new challenges. The most frequent things I run into is the lack or void of knowledge base about our products or customer networks. Our main charter is to make the customer very happy so we engage in all technologies to make their conversions, migrations and upgrades successful.

Confidential

Senior Network Engineer

• MY primary focus for Freddie MAC is to be either the Primary or Backup SME for all our network / security operations platforms.
• They include the following,:
• Checkpoint R77.10 R75.40 VS, R77, R67 VSX, Provider One Smart 150, 4807, 12407
• BlueCoat Sg Proxy 900 and AV1200, Reporter,
• Sourcefire IDS/IPS Defense Center, 8250, 6500 series appliances.
• F5 GTM, LTM, ASM, Viprion, 4200, 3600, 1600.
• Opnet ARX5000, Appexpert, App Mapper,
• InfiniStream appliances and NPM software.
• CiscoWorks LMS, NCM, ISE
• Lucent QIP, Infoblox,
• Spectrumn, Ehealth, Fluke Optiview.
• Gigamon HD8, 2404, 420
• During my time at Freddie MAC I have had a large influence on changing the design of our 4 data centers and 3 DR sites. I helped write, rewrite and deploy over 80 of the Network Reference and Security Architecture documentations required by the Government. I presented to upper management the many issues we were faced with that lead to the 1 1/2 year upgrade of our entire Network Security infrastructure. I introduced and made production Network Security Virtualization with the F5 Viprion and Checkpoint VSX technologies. I built a data recording and monitoring system with Gigamon, InfiniStream and Opnet technologies that captures and records every network segment for security analysis. I introduced IDS/IPS across the entire infrastructure. I also introduced the Idea of scaling wide for high performance Networking and Security.
• I changed the culture at Freddie MAC to embrace the idea that work is not done until it is completely implemented, and tested to design specification. I worked hard to make trouble shooting and root cause analysis became the teams strengths. After months of training and team skill building Enterprise Network Services became the team to come to for answers. We had the tools and skills to pin point problems and stop the finger pointing.

Consulting Services

Confidential

Intrusion Analyst

Confidential

Freddie Mac Security Engineer

My primary responsibilities were problem analysis for the Security Team. I worked on production issues on the F5, Checkpoint, and Blue Coat systems.

Confidential

Sr. Network Engineer

• Upon my arrival at Sitel, I was tasked to evaluate to the condition and states of our hardware and software for the Global Network Services team. My primary objective of this project was to bring about a cultural change to the team. We needed to shift our processes from reactive to proactive. I started by migrating the many different NMS systems into two products, Spectrum and Cisco Works. Once I started to scan and base line the Network I found that the Old version of Spectrum was missing 800 devices and did not provide any device backups. I also found that the inventory and Cisco contract controls had been ignored for the past 4 years resulting in hundreds of thousands of dollars wasted on decommissioned EOL/EOS hardware. In order to correct the contracts, missing audit trails and backup problems I deployed Cisco Works and Cisco ACS. With their deployment, we were able to reduce our expenses and remove EOL/EOS equipment as well as identify any PCI and security issues related to the IOS code running on the devices. Sitel's main functions are providing VOIP over our Global network. We support over 65,000 IP Phones making us one of the largest private VOIP networks in the world. Our also have an outsourcing division where we connect customers via local connections into our Data Centers Business Process Zones. Within the private connection we tunnel VOIP back to their telco switches and use our citrix servers to host their applications.
• My system responsibilities included the engineer training, deployment, maintenance, implementations and upgrades to the following systems:
• Checkpoint Nokia IP390's, IPSO upgrades for 3 HA clusters and CheckPoint upgrades. It was my responsibilities to teach team members how to analyze problems, audit traffic and write efficient rules. It was my responsibilities to all tcpdumps of the firewall whenever needs were required
• Firemon used for PCI audit trails and rule usage analysis. Using Firemon I was able to eliminate 20 of rule base and optimize running code to reduce 30 of cpu load extending the life of our IP390's.
• Cisco Wlse Wireless Server, used to control our wireless guest access for vendor meetings
• Fluke Visual Uptime Server, used to capture packets and statistics for our voip traffic.
• Fluke NetFlow Tracker appliance, used to analyze traffic patterns and link capacity
• Fluke NetAlly for VOIP and IPSLA testing, used to pre-certify links for voip readiness
• Fluke ASE, WGA, OPTIVEW, protocol analyzers deployed to trouble shoot voip traffic
• Cisco NAM's, used in our smaller routers to analyze packets
• Cisco SSM 10 and 20, configured, maintained signature updates and automated code upgrades
• Deployed Cisco Security Manager for ids signature upgrades, configurations, multi-mode backups of ASA's 5510, 5520, 5540, PIX 515, 515E, 535 and FWSM's
• Deployed Cisco ACS server 4.2 and 5.0 appliances for tacacs and radius support to meet pci standards for audit controls. Integrate ACS into AD for single signon.
• CiscoWorks LMS for monitoring Cisco Specific errors on our 3500 devices, implemented host specific snmp read write access of our devices. Use LMS to log all firewall access for audit trails
• Cisco Works NCM for PCI Auditing, Firewall backups, Code and software distributions.
• Blue Coat reporter, used to track all internet access, built custom reporting down to the subnet level for management review
• Blue Coat proxy server, using wccp we route specific subnets through the proxy server to limit and control internet access upon client request and contract needs.
• MARS administration, configurations, remediation and upgrades to all local and global controllers across the enterprise.
• GIGAMON's configurations and deployments, for all call recordings and screen pops, setup spans and rspan to route all mpls traffic to the gigavue 420 and MP units.
• Responsible for all Core Taps and configurations of span and rspans
• Responsible for all customization of CA Spectrum Network Monitoring System including graphing, alerts, user security, network scans, device backups and code pushes.
• VOIP Customer implementations and analysis, with the use of Fluke Tools I was able to discover a COS design flaw in our dhcp configurations. The flaw allowed our ip telephones to transmit voip traffic outside the predefined Real time queue/ It also uncovered our mls qos issue where we were ignoring and dropping COS headers.
• Integrations of Call Recording Servers and SIP trunks, designing and implementing switch configurations to integrate out Avaya equipment
• Modifications to DHCP Server configurations for Avaya IP phones
• Pre-implementation Voip testing of all circuits installed globally
• Customer interactions on trouble shooting call bridges to determine source of outage and contract responsibilities to limit charge backs against SLA's.

Confidential

Sr. Network Engineer /Sr. Security Engineer

• As a Senior Network Engineer of a highly fluid environment, my Duties cover an extensive range from personnel training, project management, to network design and management. They also include circuit and route analysis, statistically reporting, new company purchase integration, New Datacenter build out, MAN and WAN network design and Business Contingency Planning. It also includes circuit redundancy, and trouble resolution, Openview, Ciscoworks, Cisco Secure ACS, MRTG, Web Content management, load balancing both Cisco Arrow Point and F5 LTM, Lucent Vital QIP dns/dhcp management, wireless infrastructure, intrusion detection, Cisco PIX and Checkpoint clustered firewalls. Support all of VPN our connectivity using F5 Firepass and Cisco 3030 hardware. Some of my most recent projects have included the upgrade and replacement of our Checkpoint firewalls using Nokia IP380's to Checkpoint's Splat using Dell 2800 servers and the conversion of Cisco PIX 535's to Checkpoint 9070's power appliances. The installation and implementation of our wireless network using Cisco's WLSE solution and Cisco's Wireless Controller using AP1100's and 1200's with certificates. Installation and upgrade to our internet OC3's to OC12. The installation and integration of Lucent LitalQip 7.1 DNS/DHCP Solution into Windows 2003 Server Active Directory. I was responsible for upgrades our 6500 and 7600 switches to native IOS from CATOS.
• My primary Security responsibilities at InfouGroup were the design, deployment, and architecture our Check Point Firewalls, Intrusion Detection, Penetration testing and PCI remediation. I was responsible for the design and build out of an eight node multicast firewall design for our 2 Super Bowl ad campaigns. Using Checkpoint SPLAT as the base OS, I had to predictt the traffic volumes and built an 8 node multicast system that was financially responsible and provided the best throughput performance. During the running of the Ad's, our 8 node firewall cluster was able to maintain 1.6 million concurrent connections per second load balanced equally across each node. We peaked out at 60 across the cluster and with the theory of scaling wide we were able to successfully defend multiple DOS attacks against the cluster and provide excellent performance throughput for all the Super Bowl web and database servers. When we searched for a replacement firewalls for our PIX 535 cluster, my first choice was CheckPoint 9070 Power appliances running SPLAT. Replacing the 535's resulted in a 400 Percent throughput increase for our mail servers and allowed us to expand our business accordingly. I led design and implementation project for our F5 Firepass VPN solution as a replacement for our aging EOL/EOD Cisco 3030 VPN. I lead the PCI two factor authentication project selecting, designing, and implementing RSA's Secure Id with tokens. I led the Cisco WLSE replacement project using Cisco Wireless Controllers with certificates and existing Cisco wireless AP's . I was responsible for Cisco ACS authentications integrating them into Microsoft AD, and LDAP.

Confidential

Owner

My company's primary focus is Microsoft Small Business Server and all its functionality. Using Microsoft ISA Firewall, Checkpoint home and work products, IIS, Front Page, and Exchange Server, and DSL I provided secure internet connectivity and web presence for my customers. Because of my broad background, I also provide any additional 3rd party software, and server or pc support my customers asked for.

Confidential

Sr. Network Engineer

With 847 remote sites and 12,000 users, Aegon has one of the largest networks in the Midwest. My primary responsibilities were the designing, monitoring and trouble-shooting a sophisticated and complex data communications environment particularly as an new-technology , and on-call specialist working in the Network Technical Center, I also provided second and third-level support for all users. The majority of my work included the management of all network circuits, ISDN backup circuits, routers, and switches. Other duties included the monitoring, and trouble-shooting of all SNI, NDM, VPN, and FTP types of data transfers.

Confidential

Senior Systems Engineer II

• Primary responsibilities included the design and implementation of local and wide area networks in a mainframe, client/server environment. The network topology included 10/100/1000 Meg switched Ethernet, 4/16 Meg token ring, 10 Meg TLS Ethernet.
• Replaced leased-line networks with our redundant frame-relay network using Cisco 2513, 2514, 2621, and 3640 routers to create a stable and efficient WAN.
• Designed, installed both ATM / DS3 and frame-relay networks to support data, voice/PBX integrations, video, SNA traffic reducing monthly line costs 37 while providing free interplant long-distance phone services.
• Redesigned WAN to create a fully meshed frame-relay network with automatic failover to virtually eliminate any down time to the remote locations.
• Responsible for designing, installing, and maintaining Internet / Intranet sites, servers and firewall systems.
• Responsible for all server, mainframe, and satellite communication throughout the enterprise.

• Responsible for HP-Unix, SCO UNIX, Oracle databases, RF scanning equipment, IBM AS400 and mainframe VSE/ESA systems.
• Responsible for analysis, design, and implementation for all Internet, Intranet, Web, NT, Router, VPN, Firewall and intrusion detection Security systems.
• Responsible for Migration of 50 NT 4.0 servers to Windows 2000 and Windows 2000 Advanced Server with Active Directory structures and Enterprise and Group Policies.
• Installed Cluster services on Oracle Database servers and Network load balancing on Web server farm.
• Converted all mainframe printing to use Microsoft SNA 4.0 and HP LaserJet Printers.
• Responsible for all traffic protocol analysis SNA, TCP/IP, IPX, Token Ring, Frame-relay, and ATM. Through the use of HP Openview Network Node Manager, SMNP Mibs, 685 Fluke LanMeter, and MRTG.
• Responsible for the data-exchange infrastructure between NT, Unix, and mainframe.
• Through the use of Cisco Policy Manager and Cisco Secure Scanner, developed a system to detect policy infractions and open ports throughout the entire network, analyzed intrusion attempts, and recommended corporate policy changes to the Corporate Internet Policy Committee.
• Installed and maintained the following software products: SNA Server 2.11, 3.0 and 4.0, Proxy Server 1.0 and 2.0,ISA Server, IIS Server 2.0, 3.0 and 4.0, SMS 1.1, 1.2, 2.0, SQL Server 6.0, 6.5, 7.0, MS-Mail 3.5, Exchange Server 4.0, 5.0, 5.5, Novell Gateway Services, MAC file services, and ArcServe 6.0, 6.5, Oracle 7.2, 7.3, 8.05, 8i, FAX SR. 2.6, 3.0 and 3.01, FrontPage 97,98 and 2000, and Site Server 3.0 E-commerce edition, Windows 2000 Advanced server using Cluster services and Network Load Balancing,

Confidential

NETWORK ADMINSTRATOR

• Responsibilities included: design / implementation of all local and wide area networks topology included 10/100 base-t switched Ethernet and 4/16 Meg token ring. Corporate backbone was 100 Meg, fiber-optic, Ethernet. Wide Area Network used Cisco 2501, 2513 and 4000 routers.
• Responsible for all programming and problem analysis of the Cisco routers.
• Responsible for the installation / upgrades to the server software
• Responsible for Microsoft Back Office on all NT servers including: SNA Server, SMS Server, Mail Server, Internet Information Server, Network Monitor tools, and SQL Server.

SR. PROGRAMMER ANALYST

• Responsibilities included: system/data integrity and quality assurance. Duties included: all phases of training for IBM 4683 cash registers, IBM 8580 PS/2 computers, and communications setup and installation for Store Training and Help-Desk personnel.
• Provided software documentation of user applications and training manuals.
• Responsible for all software upgrades to PS/2 computers and registers.
• Functioned as project leader for conversion from Version 1 OS to Version 2 OS and installation of Electronic Draft Capture.

Confidential

TECHNICAL CONSULTANT:

• Through the use of RMCOBOL 85, created the communications script files needed to support ASYNC communications to Prime 9550. Trained customer support staff in operations and configurations.
• ConfidentialComputer Operator / SR. COMPUTER OPERATOR Systems Experience: Performed configurations of Bisync, switched, HSMP and TCM leased lines, local and RJE control unit description, local and RJE device descriptions and modem configurations.