SUMMARY

• I am a network and security engineer with over 25 years of experience and at a senior level for the last 20 years. I have expertise in network design and implementation utilizing my strengths on but not limited to CheckPoint, Cisco, Aruba, Juniper, F5, VMware, and Microsoft technologies. I have excellent communication (from executives to end users), design and problem solving skills. I enjoy mentoring junior staff and helping them reach their career goals.

TECHNICAL SKILLS

• 2500, 2900, 3900, 4451, 4431, 7000, 7500, 12000, RSM
• CSR and ISR series routers - 1900, 2900, 3500, 4000, 4500, 4948
• 6500 Catalyst switches, 93186, 5596 and 2232 Nexus switches f5 Herculon
• Cisco PIX and ASA, Nokia IP 650 and IP 440, Cpfw1-41 and NG
• Checkpoint 12200 and 13500, Netscreen 500, ISG 2000, Sonicwalls, WatchGuards and Fortigate
• Load Balancers - Cisco and f5
• Global Traffic Manager - f5
• Cisco and Aruba
• Riverbed and Silverpeak

PROFESSIONAL EXPERIENCE

Senior Network and Security Engineer

Confidential

Responsibilities:

• AWS Architect VPC layout (Regions, availabilityzones, network layers, IP network ranges)
• AWS Transit VPC - Using Cisco CSR cloud formation I rolled out a transit VPC tying the Cisco CSR to our corporateIWAN (SD-WAN) using both Direct Connect and multiple VPN’s.
• Architect and engineer SD-WAN using Cisco IWAN solution for our complete WAN using ISR 4451, 4331 and CSR 1000v.
• Design and implement Aruba Remote Access Point solution for home remote users, reconfigure the existing campus wireless with heat maps for better coverage, implement AirWave for management and security of the Aruba infrastructure and design and implement wireless for all branches.
• Re-engineer our dot1x implementation to require both client and user certificates for both wired and wireless access.
• Design and help create policy and procedures on a new multilayer DMZ solution. All new internet-facing projects are now using the multilayer DMZ over a flat layer DMZ.
• Architect new core solution by breaking up Campus/DC core into separate cores for both Campus and datacenter. I mentor a junior staff member on the engineering side of breaking up a legacy core and moving the correct VLANs, routing configuration and ACLs to the proper core switches.
• Design and implement new data center Nexus 5596 for the distribution and for the top of rack Nexus 2232 access layer connecting our ESXi, SANs, Main Frame and all other network equipment.
• Redesign the existing iSCSI network by tying it into the Nexus infrastructure for higher traffic throughput and redundancy.
• Architect firewall replacement project. I lead the PoC with multiple vendors (CheckPoint, Palo Alto, and Fortigate). Design and install the CheckPoint with all UTM (application, URL, IPS, Anti-Bot, threat emulation, Email spam, and identity awareness) blades. I mentor a junior administrator on the day-to-day management of the CheckPoint. He became so good with them that he has full ownership of that platform. f5 GTM architect and engineer of our inbound external connections between multiple ISP at our main data center and single ISP at our DR data centers. f5 AFM (Advanced Firewall Manager) - I installed and configured AFM on our GTMs to offset some for the security traffic from our firewalls. I use the AFM heavily for geo protection of our inbound traffic. f5 Herculon SSL orchestrator - We had a security requirement to inspect outbound SSL traffic. We work with CheckPoint with their SSL inspection feature and we were not able to get it to work properly even with their SSL lead in Israel. We brought in f5 Herculon product and warped it around a VSX CheckPoint firewall. This solution worked and now have it in full production.
• Lead and mentor junior network administrators. I brought in a couple of administrators straight from college and one is has turned into a mid-level security analyst and the other is now working heavy in our AWS infrastructure as DevOps.
• I have a voting right on the seat on our IT security board that consists of executives, SR IT management and IT security manager.
• Architect and implemented AnyConnect it here at MoE to replace an EoL Juniper solution. We used Microsoft MFA for two-form authentication and used the always-on feature. This was a big hit with our VPN users; they really like the ease of it over the older Juniper solution. The IT security really like the always-on solution. Whenever a MoE machine left the MoE network it automatically VPN back into MoE if an end user cancels the VPN it stops all network connectivity.
• In charge of the network infrastructure budget and was for maintenance, telecom circuit (MPLS, Point-to-Point (DCI), and Internet), HW life cycle, and new technologies. I was able to reduce my Cisco maintenance from 200k down to 105k by leveraging third party support for older equipment. I also able to bring our telecom budget down from 350k down to 175k by bringing a competing vendor for competition and diversity.

Senior Engineer

Confidential

Responsibilities:

• Lead Engineer with integrating BCS (acquisition) 32 sites plus datacenter into Confidential network (MPLS or VPN).
• Redesign Global wireless infrastructure for 802.1x and new SSID
• Design and implement a biz-to-biz VPN solution to different service providers.
• Co-Design and implement new data center/DMZ using firewall-routed interfaces to segregate all network traffic. Between the different layers of the production, acceptance, test, and development networks.
• Design and globally implemented Cisco Anyconnect always-on VPN solution utilizing ScanSafe cloud base proxy, web filtering, and malware filtering.

Senior Network Engineer

Confidential

Responsibilities:

• Design and implement global MPLS network.
• Design and implement QoS for Voice, Video and ERP.
• Redesign and implement corporate datacenters for complete redundancy from layer 1 to layer 3.
• Redesign datacenters external networks to be fully redundant with multiple ISP’s using BGP and iBGP.
• Design and implement corporate edge sites for complete redundancy of LAN, WAN, and internet (32 sites totaled).
• Redesign corporate DMZ’s (Implement new firewalls, VPN, IDS, and ISA).
• Design and implement VPN solution to customer sites for customer support our equipment at customer sites.
• Worked with ARIN to keep Confidential 16 bit network range. Subnet the 16-bit range and implemented them with all 40 internet connections.
• Created global policy’s and procedures for all data centers (5 total)
• Global level two and three support of the network
• Design and implement global Aruba and Cisco wireless infrastructure.