SUMMARY

• A highly skilled, creative technologist with hands-on knowledge of designing, building, and maintaining secure, high-performance, fault-tolerant enterprise infrastructures (including facilities, networks, systems, and services).
• A proven communicator and leader, with a demonstrated ability to balance technical needs with business needs in order to find and apply cost-effective solutions.
• A dedicated professional working in the IT field over 23 years as a lead, who understands the criticality of efficiency and automation in the fast-paced, high-pressure IT industry.
• A creative thinker, a self-starter, and a hard worker with strong organizational, planning, and leadership skills.

PROFESSIONAL EXPERIENCE

Confidential, Columbia, MD

Enterprise Cloud Architect

Responsibilities:

• Lead architect for enterprise data center migration and transition projects for several multi - national corporations. (The biggest one was 34,000+ servers, 3000+ data centers consolidation.
• Architect Multi-site/hybrid cloud solution for IaaS, PaaS, and SaaS leveraging Microsoft Azure, Oracle Cloud and AWS platforms.
• Design Microsoft Azure components such as: Express Route, site-to-site / point-to-site networking, internet gateway, multi-site VPN, IP address assignment, Cloud Services, Resource Groups, firewalls and NSG rules, ILB, Auto scaling, OS/ data vhd store, Cloud storage, site recovery, Application Insights, azure automation (management interface/ review interface, CLI, PowerShell scripting), Service Bus, cloud service (web role/ worker role) and provide fundamental security & isolation methodologies features in multi subscription environments.
• Architect Microsoft Team Foundation Server (TFS) platform along with installing TFS 2015 servers, configuring MSBuilld server, creating build agent/build controllers, TFS groups, Workitems, reporting services and backups.
• Create branching strategy for different teams and support parallel development by creating multiple branches in TFS.
• Setup Azure data factory, data warehouse and data lake analytics for big data / data mining operation.
• Establish Microsoft Identity and Access Management (IAM) to create multiple users with unique security credentials, integrate with Active Directory, SSO based federated service, and manage the permissions for corporate users.
• Architected security and authentication platforms with Microsoft Forefront Identity Manager (FIM) to manage users' digital identities, credentials and groupings throughout the lifecycle of their membership.
• Installed, configured, and troubleshoot Microsoft Forefront Identity Manager (FIM) 2010 R2 along with Microsoft Active Directory Single Sign on (SSO) integration.
• Designed, installed and prepare Microsoft Identity Manager (MIM) to work with Azure Active Directory including setting up Group Policies Objects (GPO), MIM 2016 Synchronization Service (Sync), MIM 2016 Service & Portal, SSPR Registration Portal, the SSPR Reset Portal, Synchronization Rules in the MIM Portal, and MIM 2016 Add-ins & Extensions.
• Setup Microsoft Identity Manager to work with the self-service account unlock and password reset using Multi-Factor Authentication (MFA) with Microsoft Azure Active Directory, and as a service for cloud and on-prem enterprise applications to regain access to end-user account and resources via SMS or telephone calls.
• Migrated platform and all its components from Microsoft Forefront Identity Manager (FIM) 2010 R2 to Microsoft Identity Manager 2016 in Windows Azure Active Directory.
• Architect Amazon AWS EC2 platform along with AWS Direct Connect, Amazon Virtual Private Cloud (VPC) and its components such as: internet gateway, security groups, VPC subnet, Elastic Load Balance (ELB), SSL / PKI certificates, create auto scale instances and assign elastic IP address to the instance, create templates with Amazon Machine Image (AMI) to provision multiple virtualized instances; monitor EC2 instances (CPU, memory, disk IOPs, network traffic with CloudWatch; distribute incoming traffic by creating an elastic load balancer; allocate Amazon Elastic Block Storage (EBS) network-attached persistent storage to Amazon EC2 instances; use Amazon S3 (Simple Storage Service) a distributed data store with simple web services interface to store and retrieve large amounts of data as objects in buckets (containers); setup/operate Amazon Relational Database Service (Amazon RDS) to launch a DB Instance and get access to a full-featured MySQL database; Setup Amazon Route53, a highly scalable DNS service to manage DNS records by creating a HostedZone for each domain.
• Design, deploy, and configure container platforms and code repository such as Docker, Kubernetes, Git, and GitHub.
• Establish AWS Identity and Access Management (IAM) to create multiple users with unique security credentials, integrate with Active Directory, SSO based federated service, and manage the permissions for corporate users.
• Team lead of application migration (Legacy, COTS, Mainframe, Unix/Linux, Windows, hardware- appliance to converged networking) from multidirectional data center to AWS platform without application down-time.
• Design VMware Hybrid cloud solution with vRealize and integrate with existing data center vSphere environment.
• Provide SDDC solution with EMC product, such as Federation Enterprise Hybrid cloud (EHC) along with VMware NSX networking, vBlock components, EMC Avamar, EMC RecoveryPoint, and VCE hardware platform.
• Deploy Citrix virtualization with XCP cloud platform/ XenCenter, Citrix Access/Secure Gateway, and Citrix NetScaler MPX/ VPX along with Xendesktop/XenMobile.
• Establish PKI infrastructure with Root, Intermediate and Subordinate CA (Certificate Authority) and manage SSL certificates distribution among Windows 2012 server, Windows 2016 server and Windows 10 workstations.
• Establish Microsoft Forefront Identity Manager (FIM) and integrate with Active Directory, MS Exchange/365 platform.
• Design and manage Office 365 migration, along with ADFS setup and Exchange 2007/2010/2013 phase migrations.
• Well versed with Windows, Red hat Enterprise Linux (RHEL), Ubuntu, CentOS, Android, iOS, and open source OS.
• Manage systems engineers and network admins to complete datacenter/cloud migration projects (up to 42 members).
• Participate in and follow the change control procedure to optimize SLA metric and provide highest efficient services.
• Conduct meetings, webinars, training sessions, mentoring and knowledge transfer to the team members.

Confidential, Baltimore, MD

Lead Network Engineer/Sys Architect

Responsibilities:

• Manage, team-lead and administer networks over 5000 users, supporting 130+ servers, 5000+ workstations/laptops/ handhelds, 190+ network printer, switches, hubs and peripherals on LAN and WAN.
• Support a network of TCP/IP, DNS, WINS, DHCP, IPSec, PPTP, WWW, FTP, EAP, and Wi-Fi protocol.
• Manage State agency wide Active Directory, email solutions, file/data solutions, print solutions on Windows 2008/2003 servers, VMware ESX/ESXi, MS Exchange 2007/2003 servers, OWA, MS Outlook 2007/2003 clients and handheld devices.
• Administer Confidential Active Directory clean up and migration process for the State Agency and all other sub-sites.
• Configured VBScript/WSH to migrate users, groups and OU’s from old platform to new AD sites.
• Design a future plan to migrate Exchange 2003 to Exchange 2007 on cluster environment.
• Install and manage VMware server-firm platform on ESX/ESXi, including installing servers/workstations, creating VMware images and temples and migrate Windows 2000/2003 servers.
• Setup and administer Blackberry Enterprise Server (BES) solution for Confidential and high profile clients such as; State School Superintendent, Asst. Superintendents, and division directors.
• Manage Symantec Mail Security for Exchange, Symantec Mail Security for SMTP gateway, Symantec Mail Security for clients to mitigate virus infections and Cymtec IDS to identify infected clients.
• Support/maintain Citrix Meta frame platform including applications and printers setup.
• Administer and manage patch solutions for over 3000 servers and workstations using MS WSUS2/WSUS3.
• Install and support MS SharePoint 2007 server and participate on application migration process.
• Support/help team members to image new and old servers/workstations with industry standard products such Acronis, Ghost and VMware imaging.
• Manage PKI (SSL certificate) deployments for state agency websites.
• Install and support SQL 2000 cluster servers including server and storage management..
• Setup EMC CLARiiON Storage Systems along with Brocket CX400 fiber channel switch with Emulex/QLogic HBA for DAA on Confidential network.
• Day to day activity on Dell Blade/ ProwerEdge/Optiplex/Precision / IBM Netfinity server, Cisco switches and TeraStation; security implementations and follow the guidelines of state DBM, NIST, CERT, FISMA, etc.

Confidential, New Carrollton, MD

System Engineer/Security

Responsibilities:

• Manage and administer EPA national critical data center and work with a team of engineers and specialists.
• Install, maintain, and troubleshoot Checkpoint NGX firewall on Linux hardware platform and SecuRemote VPN connectivity for remote offices and users; including hardware, firmware and patch upgrade, log generation/migration, install policies/rules, account creation and report generation, etc.
• Install and maintain PKI and managed PKI (MPKI) solutions for EPA’s test and production environment including 28 certificates, CAM server, Root CA, Weblogic and Java certificates through DST, Verisign, Identrust, ACES representatives, Microsoft, etc.
• Install and configure IBM Blade servers and migrate contents from Dell PowerEdge platform to blade servers.
• Manage EPA’s development/test and production servers (Windows 2000/2003 platform) running IIS, BES, WSUS, Citrix, SQL servers on TCP/IP/WINS/DNS environment.
• Ghost (image) EPA’s development, test and production servers before migration, product upgrade, application deployments, and security patch installation.
• Remote control EPA’s production servers using Remote Admin software and configure software perimeters.
• Support EPA’s two domains on different locations, including Domain Controllers, Active Directories, DNS’s, Veritas BackupExec and BrightStore backup solutions.
• Configure and troubleshoot EMC SAN storage systems to accommodate all six web servers’ storage.
• Install and manage VMware server on Dell PowerEdge servers to test web applications on Windows 2000 OS.
• Manage and edit scripts to update application patches/ software to the remote location servers and test the network connectivity using VBScripts/WSH tool.

Confidential, Washington, DC

IT Engineer/Security, DC OCTO IT Security Dept

Responsibilities:

• Monitored and maintained physical and logical security and access to DC government citywide network.
• Created, deployed and managed incident response policies and guidelines for 35,000+ users network.
• Designed and implemented security patches and service packs (based on CERT and product vendors) for production servers/desktops; and centrally distributed them to the entire network.
• Supported McAfee EPO virus protection central systems for OCTO (15,000+ nodes).
• Audited network security breaches for DC agencies, using scanner and analyzer (nmap & ISS, LANguard).
• Tested and evaluated new security products; compare, classify and categorize different vendor’s product; bench mark final selection and provide recommendations to appropriate management.
• Installed SSL certificate on the DC Gov’s critical web servers for certificate authentication with Verisign, Inc.
• Communicated with all DC agencies servers using VNC, DameWare, Intel LANDesk, Windows Terminal Server, and Symantec PC Anywhere communication software.
• Designed and implemented Active Directories including Exchange 2000 mail platform for DC Gov. agencies.
• Provided platforms support for Win 98/2000 Pro/XP and NT/2000/2003 Servers.
• Supported AD/PDC/BDC, Print, Application, SMS 2.0, SQL, EPO Virus Protection, and GIS servers.
• Managed backup jobs using ArcserveIT 6.61 and Veritas Backup Exec 8.6.
• Migrated all servers from Windows NT 4.0 to Windows 2000 for DC government agency.
• Established and supported Microsoft mail systems (Exchange 5.5/2000 and Outlook) on cluster servers.
• Designed and implemented new file structures for the DC Office of Planning.
• Security design for PDC/BDC, TCP/IP/WINS/DNS, Exchange and file servers at DC Office of Planning.
• Maintained and provided troubleshooting for all Cisco routers, switches and hubs.
• Provided software support for the DC agencies: MS Office products, Visio, Norton/McAfee Antivirus, PCAnywhere, SQL, and IIS servers.
• Test OS, new software and special applications on VMware server platform before deployment.
• Coordinated IT support/purchase between vendors and agency managements.
• Created images of 40+ critical servers and workstations for disaster recovery.

Confidential, Herndon, VA

Network Engineer/ IT Manager

Responsibilities:

• Administered and supported a team of desktop group on Windows NT BackOffice 4.0 including multiple Exchange 5.5 Servers, Internet Information Server 4.0, SQL Server 7.0, System Management Server 2.0 and RAS Server.
• Set up, enhanced and kept up hardware and software for ideal performance.
• Performed capacity planning of the LAN, hardware and software, backup and disaster recovery procedures.
• Recovered mailbox (calendar, contacts, inbox, and sent items) from backup tapes in case of disaster.
• Network hardware management tasks included: performing setup, configuration and upgrades of switches, routers, hubs and cable connections; managing trace routes and network traffic.
• Converted mailboxes from ccMail to MS Exchange and MS Outlook interface.

Confidential, Columbia, MD

Network/Hardware Specialist

Responsibilities:

• Built high-end computer servers, performed initial disk management tasks, installed server software and custom-developed diagnostic features for several government agencies.
• Designed, analyzed, implemented, and tested networks of 100-1000 user: including router, switches, hubs, and cable connections.
• Managed, configured and diagnosed Windows NT 4.0, MS Exchange 5.0, SMS 1.2. and SQL Server 6.5.
• Furnished technical support for software, hardware and connectivity problems for 56 workstations.
• Set up, enhanced and kept up hardware and software for ideal performance.

Confidential, Los Angeles, CA

Network Administrator

Responsibilities:

• Migrated all Novell Netware 4.0 servers to Windows NT 4.0 platform.
• Administered, configured and diagnosed Windows NT 4.0 servers, including MS Exchange 4.0 and IIS.
• Provided technical support for software, hardware and connectivity issues for 120 workstations.
• Configured, and supported workstations with Windows95, MS Office Suite, MS Internet Explorer, MS Front Page, MS Outlook.