SUMMARY

• Insightful and performance - oriented Azure and AWS Security Architect with more than ten years’ experience in making notable contributions securing cloud and data center migrations, as well as big data and artificial intelligence transformation.
• Delivered results even beyond expected projections and successfully facilitated cloud migration processes for clients from various industries, both in physical and virtual environments. As a subject matter expert, with a focus on Azure, created applications & cloud readiness assessments, and provided directions and recommendations on cloud technologies.
• Responsible for providing security controls within AWS and Azure with the goal of adhering to US or Global Regulatory compliance including PCI DSS, HIPPA, GLBA and following cloud security best practices from the Cloud Security Alliance
• Familiar with AWS security controls such as and created security policies for VPC Security, Security Groups, Network ACLs, AWS Shield (DDoS Mitigation), CloudFront, Data Encryption, Key Management and Rotation, CloudTrail, CloudWatch, IAM, and Two Factor Authentication
• Used AWS Trusted Advisor to research and implement 17 key security controls for multiple clients
• Familiar with Azure security controls such as and created security policies for Virtual Networks, Network Security Groups, Azure CDN, Azure Autoscale, Data Encryption, Key Management and Rotation, Azure Logging, and Two Factor Authentication
• Experience aligning security frameworks to the Cloud Control framework from Cloud Security Alliance (CSA)
• Demonstrate effective use of cloud technologies and Proof of Concepts, by using automation to reduce time for cloud migration and security assessments
• Mentor and guide team members, by sharing best practices and insights, to facilitate processes towards projects completion
• Proficiently lead product owners, developers, network and database engineers, as well as system administrators and other stakeholders through cloud changes by applying know-how from prior engagements and gaining respect by the way I treat people and leading by example
• Familiar with microservices development and the cloud first shift which requires use of Containers, IaaS, PaaS, and SaaS solutions and the new security enhancements necessary to achieve compliance
• Comfortable guiding and negotiating cloud decisions as a member of a team or individually after finding accurate sources of data to support the conclusions
• Spent over eighteen years in IT Security with ten years as a consultant/architect leading to four years of direct Azure experience aimed at Fortune 1000 clients
• Strong understanding of Windows infrastructure components (Active Directory, WINS, DNS, DHCP) led to a once in a lifetime IT Security project at Exxon Mobil spanning 130,00 desktops, and 10,000 serves as the corporation upgraded every desktop and server to Windows 7 and Server 2008
• Experience gained on Azure and AWS security projects helps me map cloud concepts from Azure to AWS or AWS to Azure which benefits clients on their multi-cloud journey

TECHNICAL SKILLS

NETWORKING TECHNOLOGIES: OTV, Fabric Path, vPC, LAN/WAN, TCP/IP, DNS, DHCP, SMTP, Sendmail, NDS, MPLS, Frame Relay, T1/T3, SSL/TLS, IPSec, GRE, VLAN, VTP, 802.1x, AAA, RADIUS, TACACS+, CA, HSRP, EtherChannel, NAT, Spanning-Tree, OSPF, EIGRP, BGP, Metro Ethernet, NFS, IPv4, FCOE, TCP, UDP

SECURITY: 802.1x Port Authentication, MAB, Cisco ASA Firewalls Ver. 7.0/8.0/9.0, Cisco Firewall Switch Module, Juniper Netscreen Firewalls v5.3, Juniper SSG Firewalls, Juniper SRX Firewalls, Nessus Security Scanner Ver. 3.2, Retina Security Scanner 5.8.3.1657 , Cisco CSA Agent 5/6, Cisco MARS v4.2, Cisco ACS Server Ver. 3/4/5, IBM Site Protector v6.1, IBM ADS v 2.3, netForensics 3.4, Rapid 7 Nexpose and Metasploit, Symantec Endpoint Protection 12, Cisco Security Manager v3/4.7, Cisco ISE 1.2/1.3, Imperva WAF, Azure, Amazon Web Services

CISCO HARDWARE: Cisco ASR, Cisco UCS 6100 Interconnects, Cisco Fabric Extenders 2100/2200, Cisco Nexus 7000, 5000, 2000, 1000v, 7200 - 1700 Series Routers; 6500 - 2950 Series Switches; 5505, 5510, 5520, 5540 ASA, Firewalls; Firewall Services Module v3/4; 3000 Series VPN Concentrators; 4200 Series IPS Sensors; GSS/CSS/ACE Series Load Balancers; Cisco ACE XML Gateway

SERVER HARDWARE: Cisco UCS B and C Series, HP, Dell, IBM

OPERATING SYSTEMS: VMware 4/5, Hyper-V 2012, XenServer, Novell Netware 5 and 6, Windows XP/7/8/10, Windows 2003/2008/2012 Server, Unix, Linux

DATACENTERS INVOLVEMENT: Nap of the Americas, Terramark, The Miami Herald, New York City Health and Hospital Corporation, Time Warner Cable, MD Anderson Cancer Center, AirTran, Azure, Amazon Web Services

PROFESSIONAL EXPERIENCE

Confidential

LEAD CLOUD APPLICATION ARCHITECT

Responsibilities:

• Lay the framework for the client to move to the micro-services architecture with the use of containers as the ends state by separating application functions and making use of APIs
• Utilize Azure IaaS, PaaS, and containers (Kubernetes) to move a legacy application into the cloud first model
• Map the legacy application components to the Azure cloud from a legacy hosting company
• Interview all IT Staff to create a cloud migration readiness document and address any challenges in our migration plan
• Use Azure App Service and the Azure SQL PaaS platform to host the new application
• Successfully migrated application to POC environment using Azure Websites Migration Assistant and by addresses issues within the assessment report
• Upgrade application to .NET 4.7 from .NET 4.0 to gain performance, security, and stability improvements
• Configured Azure Autoscale and Application Insights to make data-driven decisions about scaling application demand during peak use times
• Successfully tested application with 10,000 active users while maintaining response times within managements goals reducing page load times by 75%
• Migrate code repository from SVN to Git to integrate with Visual Studio Team Services and Visual Studio Professional 2017
• Migrate SQL Reporting Services to use Azure PaaS SQL service and well as Azure IaaS SQL virtual machines
• Build CI pipeline to automate the deployment and testing of the myAVID application including unit testing, performance testing, and quality assurance

Confidential

AZURE AND AWS SECURITY ARCHITECT

Responsibilities:

• Learned the ability balance strategic and tactical skills as I dedicated my time to Azure and AWS maturity
• Knowledge in several of the following areas: infrastructure solutions (especially Microsoft), cloud technologies, networking, data center operations, platform migration, and enterprise directories
• Experience implementing/architecting cloud-based Active Directory solutions for Azure and AWS
• Understanding in cloud computing based services architecture, technical design and implementations including IaaS, PaaS, and SaaS.
• Proficient in cloud computing based services architecture analysis and design
• Focused on Azure VNET IaaS Architecture that can scale thousands of clients within using NAT
• Develop the Azure assets tagging strategy for all Contegix current and future clients
• Set up Cloudscape (RISC Networks) in client environments to prepare for a cost-effective cloud migration
• Used Dome9 as a security group management tool for Azure and AWS
• Configure AWS VPC Flow logs to integrate with enterprise SIEM
• Enable AWS CloudTrail logs in all regions with encryption, logging, and versioning turned on all S3 buckets
• Serve as the senior cloud architect/SME for high visibility cloud computing initiatives
• Develop an enterprise cloud security plan by addressing logging, cloud access security broker, vulnerability management
• Work with the network team to architecture Azure and AWS VPN, AWS Direct Connect, and Azure Express Route connections
• Dive in AWS VPC design as it relates to managing AWS account and VPCs for hundreds of clients and using automation to produce configuration consistency and automation
• Work with the sales team to deliver quotes for AWS application migration and interviewing clients technical staff and mapping dependencies

Confidential

AWS CLOUD SECURITY ARCHITECT

Responsibilities:

• Added AWS security controls; applying commercial knowledge gained from delivering similar large scope projects.
• Focused on network security especially AWS firewall VPC design and networking
• Discuss different forms of AWS network connectivity (Direct Connect or VPN) including introducing Cisco CSR 1000V routers into the AWS VPCs
• Created Visio documentation to outline the various pros and cons of different firewall security models from Palo Alto, CheckPoint, and Cisco
• Developing documentation and maintaining compliance with Cloud Security Alliance (CSA).
• Maintaining a high level of communication with external and internal stakeholders, to ensure smooth process flow project delivery
• Created AWS standards documents and implementation guidelines for EC2 instances and Identity and Access Management (IAM)

Confidential, San Francisco, CA

CLOUD SECURITY ARCHITECT

Responsibilities:

• Build security controls for AWS and Azure IaaS lab and production environments using Chef for security automation Develop and tune the cloud security readiness checklist to guarantee application have appropriate security controls in place before we initiate the AWS cloud migration
• Learn and document the security and archecture limitations within AWS VPC and Azure Virtual Networks
• Mirror the internal Cisco ASA and Check Point ACL archecture to AWS and Azure Network Security Groups in order to faciliate the Iaas migration
• Use SumoLogic as our enterprise SIEM and inject logs from the Azure and AWS servers and infrastructure
• Test solution within cloud environments for feasibility then certify and have engineers implementation in the production environment
• Use IBM AppScan to discover application vulnerabilities, work with developers to fix, and then rescan once in the cloud environment before production release.
• Used Azure security features to create DLP and encryption policies to protect corporate data and communication
• Responsible for the architecture and documentation of the global Azure Information Rights Management rollout
• Scale applications up and out using Azure Websites and Azure SQL Database, configured data replication patterns, updated websites with minimal downtime and backed up and restored data

Confidential, NY

CLOUD/IT SECURITY ARCHITECT

Responsibilities:

.

• Explore AWS and Azure to run a sandbox and bring up Cisco Security Solutions without the need to work with internal VMWare teams to build servers
• Developed a project plan and tasks associated with the delivery of the Cisco ISE, Cisco Security Manager, and Cisco Prime Infrastructure projects
• Mentored other contractors (internal and external) and various IT departments, leading them through the project life cycle phases and ensuring the successful results by taking accountability for personal and team actions
• Integrated different Cisco access devices including firewalls, switches, routers, and wireless access points with the configuration needed to work with ISE Change of Authority (CoA) and various probes (collectors), including the HTTP, DNS, RADIUS, SNMP, and NetFlow probes
• Deployed Cisco Prime Infrastructure 2.1 and 2.2 to monitor all Cisco infrastructure devices @ Confidential, reducing the time needed to perform a network inventory from days to minutes
• Utilized Cisco Security Manager on Windows Server 2012, ensuring a stable platform for Cisco Security Manager 4.7 and 4.8, and the API programmability features that align with SDN
• Provided recommendations on migration to a new security model, Cisco TrustSec, reducing the need to configure numerous devices while relying on automation tools like AlgoSec or FireMon, enabling short-term firewall automation

Confidential, Chicago, IL

CLOUD SECURITY ARCHITECT

Responsibilities:

• Leading centralized enterprise deployment process of all Cloud Security solutions, supporting 3500 end users over 2000+ servers.
• Designing security architecture on Azure for designated applications and workloads.
• Designing Azure virtual machines and VM architecture for IaaS and PaaS; understanding and recognizing availability sets, fault domains, and updating domains in Azure; differentiate between machine classifications.
• Securing resources by using managed identities.
• Defining differences between Guggenheim’s Active Directory and Azure AD, programmatically accessing Azure AD using Graph API, and securing access to resources from Azure AD applications using OAuth and OpenID Connect.
• Identifying appropriate data security solutions, by using the appropriate Access Control List (ACL); identifying security requirements for data in transit and data at rest.
• Designing a role-based access control strategy through securing resource scopes, such as the ability to create VMs and websites.
• Identified and documented security risks; recommended mitigating controls via software or procedural changes.
• Converted the corporate security policy into enforceable digital policy within Cisco ISE’s authentication, authorization, host posture assessment, and profiled policies enabling the firm to enforce access control at endpoint level in hardware.
• Enhanced perimeter security by detecting gaps in intrusion detection and malware/botnet policies leading to the deployment of Cisco IPS modules and the Cisco Botnet Filter across all Internet access points.
• Served as the lead of the Computer Security Incident Response Team (CSIRT) and completed security investigations.