SUMMARY:

Experienced Infrastructure Architect with a unique combination of technical expertise, managerial experience, leadership, and design / production support to lead the delivery and implementation of mission-critical software systems. Hands-on skills in successfully implementing redundant, secure, and cost effective operations. Invested in helping the company be profitable, easily scalable, and providing the best service to its customers.

HIGHLIGHTS:

Personal

• Talent for making ideas, proposals, and projects successful.
• Ability to quickly understand the needs of the company and departmental direction.
• Highly motivated, sharp, attention to detail, and dependable.
• Vigorous analytical and problem-solving abilities.

Relations

• Outstanding communication skills patient and receptive.
• Committed to excellent service and satisfaction.
• Work effectively both independently and as a team member.
• Support peer s and management to create, work towards, and obtain goals.

Technical

• Ability to quickly analyze and understand complex end to end business environment in order to provide support and/or suggestions utilizing current best practices.
• Author of proposals, summaries, evaluations, standards, procedures, recommendations, and many other documents for departmental/company use utilizing available or future technology. Big proponent of collaboration and training multiuse and streamlining tools and knowledge.
• Excellent capabilities to design and/or realign business operations to include security, disaster recovery, reliability, redundancy, upgrades, scalability, and support to reduce cost, errors, and down time.
• Adept at making teams and individuals work smarter and better.
• Enhanced knowledge of budgets, forecasts, and strategic planning, with extensive use of comparisons, variances, regressions, trends, and historical research/analysis.

DOMAINS:

• This is only an overview of significant IT hardware / software I have used. There are many more that are not listed.
• Architect Frameworks: TOGAF, Zachman, FEAF, SDLC, ITIL, Six Sigma
• Compliance: ISO, SOX, HIPAA, PCI
• DevOps: Hudson/Jenkins, Puppet, Chef, FPM, Cobbler, Salt,
• UNIX: Sun Solaris/SunOS, HP-UX, AIX, Linux RedHat, Ubuntu, Debian, SUSE, SCO
• Microsoft: DOS, Windows all , Office, Project, Visio, Exchange, SQL, IIS, SharePoint
• J2EE: Sun Java, ATG Dynamo, Oracle Weblogic, IBM Websphere, Cold Fusion, JBoss
• Database SQL/NOSQL : Oracle RAC, MySql, MS SQL Server, PostgreSQL, MonetDB, Memcached, Velocity,
• MongoDB, GigaSpaces, Cassandra, HBase
• SOA/ESB: IBM Message Broker and MQ Series/DataPower, TIBCO, Oracle SOA, SAP
• Content Management: Sharepoint, Documentum, FileNet, OpenText, Alfresco, DocuShare, WorkSite
• SAN/NAS storage : EMC, IBM, Hitachi, HP, Sun, NetApp, Dell, FalconStor, OpenFiler
• High Availability: Veritas, Sun Cluster, IBM HACMP, HP-UX Service Guard, Microsoft Cluster, RedHat Cluster,
• Oracle Cluster, EMC RecoverPoint, IBM DataPower
• Virtualization: AWS, Azure, OpenStack, OpenNebula, Eucalyptus, VMWare, Solaris Logical Domains and
• Zones, IBM LPAR, HP-UX VPAR/NPAR, Microsoft Hyper-V, KVM / XEN
• Network: Cisco 7x00/3x00/2x00/1700/800 Routers, 6/5/3/2xxx Catalyst Switches, Juniper, Extreme
• Network Topology: MPLS, OC/DS3, T/E1, Frame-Relay, ISDN, xDSL, Satellite, Wireless, VoIP, OSPF, EIGRP,
• BGP, MPLS, ACL, WCCP, VPN, QoS, Radius, TACACS
• Load Balancer/DNS: Cisco CSS/CSM/SCA, Foundry, F5 LTM/BigIP, GTM/3DNS , Alteon
• Firewall/VPN: Cisco PIX/ASA/FWSM, CheckPoint, Nortel, Nokia, ipFilter/ipTables, F5 SSL, Bluecoat
• Proxy/Cache: Cisco ACNS, Microsoft Proxy, Sun, Cacheflow, NetApp/Blue Coat, Squid
• Monitoring: HP Openview, Tivoli, UniCenter, ProActiveNet, NetCool, eHealth, MRTG/Cricket,
• OpenNMS, Nagios, Fluke, Ethereal, SolarWinds, snoop/tcpdump, syslog
• Security: LDAP, SSL, PGP, Entrust, RSA, CA Siteminder, Oracle IDM Oblix , Sun Directory,
• Active Directory, vulnerability scanning, intrusion detection, pathology
• Programming: Shell, Perl, PHP, AWK/SED, HTML, Java, ASP, Visual Basic

EXPERIENCE:

Consultant/Contractor

Innovative Solutions

Confidential

• Architected, researched, purchased, and implemented hardware and software to create hybrid cloud infrastructure for development, QA, and production environment. Created self-service portal for virtual machines and the capability to move VM's between main office, colo datacenter, and hosted sites with Rackspace, AWS, and Azure.
• Full due diligence inventory of hardware and software. Created drawings showing port mappings, connectivity, storage layout, and security to show weaknesses and strengths. Authored technical proposal to achieve next generation/future infrastructure roadmap via updated hardware and software.
• Installed and configured Windows 2012 R2 Active Directory in each working area development, stage/QA, and production to allow testing in their own environments and creating their own test users freely except in production. This was to keep production clean and adherence to security and audit standards.
• Reconfigured entire network to subnet all working areas, iSCSI, core company applications, and workstations. Added ACLs and locked down firewall so contractors were only allowed into test areas. Created guest networks for wired and wireless to only allow Internet access.
• Moved off of 5 different SANs onto two SANs that was replicated in their colo data center facility.
• Purchased blade servers with 10Gb switches for iSCSI enhancement and to reduce cabling.
• Reconfigured SAN for VM and database enhancement.
• Installed and configured company-wide monitoring of internal applications and network along with hosted applications. Taught system administrators how to use and acknowledge outages and read syslog information for proactive response to potential issues.
• Followed all best practices and mentored current system administrators by creating online wiki information and links to SME information.
• Created run books, detailed asset books with IP/MAC addresses, serial numbers, and contract information.
• End of contract.

Confidential

• Architected, researched, and purchased equipment to create private cloud infrastructure for new start-up corporation development and testing environment. The project allows the company to grow and upgrade software without the cost of spinning up more Amazon EC2 instances. Also maintained current environments and operational on-call for production environment in Amazon Cloud EC2 . The main objectives were:
• Windows 7/8/2008/2012, Linux RedHat 6x, CentOS 6x, SuSE 11x: upgrades, maintenance, automation, security.
• Purchased network, blade, and SAN architecture for better redundancy and use of disk space.
• LDAP cluster for SSO environment on all corporate assets including Cisco VPN, UNIX/Linux, Windows, Mac, Google Apps, NAS/SAMBA/CIFS shares and private cloud VM's in VMWare .
• Upgraded and redundant DNS/DHCP environment with multiple zones and dynamic updates from clients.
• Corporate/internal open-source groupware server with jabber capability VM's in VMWare .
• Research, install, and test several different private cloud packages - OpenNebula, OpenStack, Eucalyptus original private cloud .
• Choose OpenStack due to upcoming features, hybrid cloud capability, redundancy, multiple hypervisor capability, multiple image capability, and cost.
• Install and maintain multi-node, multi-node, multi-project private cloud on the new hardware.
• Create images vmdk to use for development sandboxes.
• Create images to use for new testing environment.
• Install all application software and make recommended performance tuning enhancements.
• Recommend and implement performance tuning enhancements for production environment.
• Fix set up issues with load-balance, caching, and multiple web/app/database servers.
• Document all hardware and software information, create runbooks and wiki for all environments.
• Backup instances of all vital service servers in a different region within the Amazon Cloud.
• Utilization of cached images Amazon and global load balancers Akamai .
• End of contract.

Confidential

• Technical SME providing lead project management, design, and implementation of upgrades to successfully complete ISO certification. None of the systems, from end to end, had been updated in 5 years some longer . All work completed with original equipment. Some of my accomplishments include:
• Windows 7/2003/2008, Mac, Linux RedHat 5x, Debian: upgrades, maintenance, automation, security.
• Auditing and inventorying all components and pointing out risks, end-of-life hardware and software, and best practices.
• Upgrade all network components to latest software levels and auditing configurations for security compliance. Make changes to configurations where needed, e.g. updating wireless security from WEP to WPA2, adding SSL VPN to PIX, and changing to SSO - Radius authentication.
• Implement brand new iSCSI SAN to replace FC SAN. Pointed out need to upgrade all Linux servers that connect to SAN to utilize multipathing not available on RHEL2/3 and newest TCP rewrite/improvements.
• Upgrade all SAMBA/CIFS clusters from RHEL3 to RHEL5 with security. The shares were previously available via Guest access. This was changed to Active Directory AD access via groups. AD access was also made available to local logon to operating system and sudo for developers and system administrators.
• Upgrade Oracle RAC 10g 10.1 on RHEL3 to RHEL5 with OCFS2, ASM, iSCSI and multipathing, and 10.2 with latest patches per best practices.
• Installed new and configured separate Oracle GRID infrastructure with separate database.
• Maintained SAP ERP cluster, IBM FileNet cluster, Oracle Enterprise BPM Aqualogic Fuego , Tomcat, JBoss, Jasper, Birt, Apache, Service Bus Technology MQ Series, JMX .
• Correct many inconsistencies in network setup, database configurations, application design and implementation, and backups.
• Applied best practices, redundancy, and security to all levels of hardware and software where possible.
• End of contract.

Confidential

• Technical SME maintaining hardware and software, clusters, SAN, security, and disaster recovery, for large, diversified customer base. Some of my accomplishments include:
• Windows 2003, Mac, Linux RedHat 4x, SuSE 10p: upgrades, maintenance, automation, security.
• Fixing all previous issues from old implementations utilizing best practices and documentation. An example: there was a cluster that never worked only one node worked for over five years that I was able to fix.
• Install and maintain SAP, Peoplesoft, Weblogic, ATG, Sun Java, Cold Fusion, Websphere, Oracle, web server clusters for customers. Create standards for security, audit trail, and periodic maintenance.
• Implementation of a software password crypt for root and application usernames and passwords, instead of passing around in a spreadsheet. For internal and customer base use.
• Updates to seven data centers included redesign of each shared SAN and backup infrastructure for each data center. Also includes business case for new servers and SAN frames and upgrade of software.
• Lead project on planning, implementing, and supporting SSO / LDAP efforts internally and for customers. Utilizing Sun LDAP, Access and Identity Management applications.
• Managing and mentoring all mid-range administrators 10-20 with creation of standards, teaching how to use Solaris, HP/UX, AIX, VMWare, RedHat Linux, Veritas, cluster software Veritas, Sun, RedHat , application support, redundancy, and troubleshooting.
• Managing Oracle DBA's and creating standards and documentation for the group and future troubleshooting.
• Create automatic startup and shutdown scripts for Oracle DB and other applications.
• Create Oracle backup architecture, policy, and scripts using RMAN.
• Create better monitoring scripts for hardware and software.
• Creation of standards needed to make sure all admins follow same procedures.
• Architect, recommendation of hardware and software, and implementation for many different platforms and application uses. Increased attention on doing right the first time to limit the amount of rework.
• Analyze all trouble-tickets to understand areas that need more mentoring/teaching, standards, and process change.
• Creation of online documentation for quick troubleshooting and standards lookup. On-call for break/fix opportunities.
• Business process reengineering and written procedures to follow standard ITIL practices.
• End of contract.

Confidential

• Helped improve operations business process engineering from keeping things running to work smarter, not harder ethic by documenting all aspects of infrastructure including drawings at several different layers, mentoring system administrators, and working with management and development staff. My core achievements included:
• Planned, documented, and implemented disaster recovery of entire business production layer at offsite vendor. This included flawed findings, some manual interim procedures, and future enhancements of procedures and any additional improvements.
• Lead largest project ever implemented merger of systems with another company by planning and documenting SLA agreements, co-writing data transfer application and monitoring, and ensuring business compliance of security and service levels.
• Security and SOX compliance: I was able to convince both companies to use SFTP instead of FTP in transferring company data and to use ssh-keys instead of passwords. The ease of automation with keys pushed the project ahead of schedule where it was in jeopardy previous to my involvement.
• Cost reduction: planned and implemented Linux RedHat clustered servers with Weblogic, in-house written java code on Solaris 10, and Microsoft virtual servers for multiple SQL server pools.
• Untrusted domains/MSSQL Server: Three separate companies needed to send distributed transactions to each other, each on different domains. One of the clusters kept failing. Followed Microsoft best practices and moved ports for MSDTC to different than MSSQL by default they use the same ports and the services may fail if they need to use a port that is not available , assigned a unique user that was exactly the same and local on each server, and utilized that user as the authorization to send distributed transactions.
• End of contract.

Confidential

• Brought into one of the largest airlines to rescue portal SSO project, for 150,000 employee/retiree/dependents, with Oblix and Websphere Portal. My work entailed:
• Worked with vendor on new code, plug-ins, and workarounds for company-wide portal with very strict adherence to union objectives. Uptime was extremely vital as client is largely a union company.
• Setup and implemented Oblix WebGate, Identity, Federated applications. Federated application involved connectivity to third party vendors including maintenance and reservation systems.
• Fixed issue with not enough file descriptors and the need to purchase more servers due to the potential load.
• Reinstalled all applications to industry best practices. This included multiple Websphere/Websphere Portal servers and separate web servers utilizing IBM Apache. Was able to launch on time and within budget.
• Create secondary hive of Microsoft Active Directory servers to contain information that would retrieve and/or update company utilized Novell eDirectory. This would separate the portal and any type of intrusion from internal company directory.
• Create necessary scripting to provide self-service password reset.
• Meet with representatives of departments to document needs then create all Oblix rules for several Web applications by groups.
• The plugin was in beta for Websphere. Performed and rectified all performance issues. Bugs were given to vendor to fix and patches were subsequently installed.
• End of contract.

Confidential

• Worked on all aspects of servers, providing content and sustainment of corporate applications to internal and outside customers. This includes website, billing, customer service, and accounting. Installation and maintenance of Sun F series computers with large SAN/NAS setup. Following are the highlights:
• Setup and maintain redundant dual F15K's with EMC SAN in two sites for disaster recovery of online view of billing for web customers. Veritas cluster high availability setup with 24/7 on-call rotation. BEA Weblogic cluster with eDocs document control system.
• Company-wide SAN setup for consolidation of storage with zoning on fibre channel switches for security.
• Setup and maintain first time usage of large ldap single sign-on project with Oblix front-end.
• Redundant setup in two data centers with Sun Cluster high availability on Sun StorEdge storage.
• Disaster recovery setup proposal between two data centers including network, servers, storage, and scripts. Outside and internal monitoring implementations included.
• Triple DMZ setup with bastion host on external DMZ that requests data to secondary DMZ and secondary DMZ requests data from internal network so that all data is secure and not accessible from the outside.
• Sustainment of applications including, but not limited to: Apache, iPlanet/SunOne, ATG Dynamo, BEA Weblogic, Oblix, BMC, Tivoli.
• Mentoring junior SA's and subordinates in day-to-day maintenance of UNIX systems.
• Authoring documentation and website for peers to use in daily maintenance of systems.
• End of contract.

Confidential

Perot Systems

• This company is a Managed Service Provider providing all areas of IT support including outsourcing. Assigned to one of the largest accounts managing a two year project for VPN capability site to site and client allowing personnel and external business partners controlled access to resources inside the accounts network. Following are the highlights:
• Tools utilized for the VPN project are CheckPoint Firewall-1, SecuRemote/SecureClient, Nokia appliances, VPNet VSUs, Cisco routers with VPN capability, Netscape Directory Server, and Entrust PKI.
• The projected cost savings over the current dial-up user configuration over three years is over two million dollars. There currently is not a way to monetarily track the potential for clients who have never had access and now can access resources on the network.
• Firewalls are fault tolerant with Rainwall Rainfinity and CheckPoint on Solaris servers and VRRP and CheckPoint on Nokia appliances.
• Set up and maintain DMZ with bastion host servers providing Intranet capabilities from the Internet for those remote employees who do not have the ability to install client VPN software.
• Concurrently implementing IDS capabilities with ISS network and server sensors. Scanning is done with multiple tools, including: ISS Scanner, Cisco NetSonar, SolarWinds Discovery Tool, and SATAN.
• Maintain all WAN connected sites Cisco 7500, 7120, 7204, 4700, 3600, 2600, Catalyst Switches - DS3, T1, Frame Relay, ISDN , Packetshapers, Netcache, and network monitoring equipment including: HP Openview, Tivoli Netview, snoop/tcpdump, distributed sniffers, Fluke, Cisco Works, and MRTG, and hardening of UNIX systems running firewall software.
• VPN sites include multiple London, UAE, Saudi Arabia, and stateside sites to Dallas.
• Newest project is wireless LANs and PDA Internet accessibility.
• Extensive use of Microsoft products and Visio.
• Previous projects/accounts include:
• Installation and consulting for JDEdwards OneWorld, Peoplesoft, and Baan ERP software products on UNIX, NT, and AS/400 platforms. Proven ability to troubleshoot problems, create foreign data sources, write UBEs for data conversions, install and fine tune servers including Terminal Server Edition and databases. Written proposals to improve and/or implement network upgrades, hardware requirements, and IT staffing needs. Taught classes on how to create reports and setup users and printers.
• Migration planning portion of a large outsourcing project by authoring proposal for moving off of legacy systems and upgrading 20 UNIX servers to RS/6000 SP platform, then implementing the migration plan.
• Upgrading a large RS/6000 server with RAID array to current operating system level with installation of SAS and added X-Windows connectivity from PCs.
• Assessments of a client MIS departments functionality and technology with detailed document on recommendations, including ability to quickly ramp up from a 100 person organization to several thousand with short notice and implement many types of mobile communications to send vital information to key personnel quickly.
• Business was slow and while waiting on bench for next account, received great opportunity for consulting / implementation of new data center.

Confidential

• Maintain forty-eight Sun Enterprise Ultra-Sparc, HP/9000, and IBM RS/6000 UNIX servers and network access for 2000 employees at several sites Dallas Spokane Dublin, Ireland and Sydney, Australia . The projects I planned and implemented are:
• Install and maintain large storage arrays for Sybase databases with Veritas Volume Manager.
• Install and maintain CA-Unicenter job scheduling and monitoring software.
• Introduced DLT tape library technology and ARCServe for large scale backup capabilities on all platforms UNIX, Netware, and Windows NT .
• Plan and implementation of Disaster-Recovery between Dallas and Spokane, Washington servers and network - included buying new technology and migrating current technology to Spokane .
• Configuration of VPN between Dublin, Ireland, Sydney, Australia and Dallas with Checkpoint Firewall-1 version 1.0.
• Installation of Internet router and packet filtering Cisco .
• Implementation of web site tracking and blocking to improve employee productivity Webtrack .
• Improved management of FDDI, ATM, frame-relay, fast-ethernet, ethernet, and token-ring networks throughout this site and other sites throughout the world Netview on IBM RS/6000 .
• Migrate network from Bay Networks hubs 10Mb to Xylan switches 100Mb .
• Worked on several large projects for outside clients including Firewall and UNIX server setup.
• Recruited by PSC Associate whom I worked with at Software Spectrum, for an outstanding opportunity.

Confidential

• Set up and maintain servers, network access, workstations, PC's, printers and other peripherals for 3000 employees which included the installation and maintenance of SunOS, Solaris, and HP-UX multi-cpu servers and workstations for engineers. Daily duties included:
• Maintain DNS, NIS, NIS , UUCP, sendmail, and other pertinent network services.
• Beta-tested Sun Solaris 1.0.
• Installation and maintenance of engineering CAD software ProE and Unigraphics .
• Installation of X-terminals and other emulation software to access mainframes, UNIX servers, printers, and Internet.
• Installed first WWW server at this location.
• Maintained switches, concentrators, hubs, and routers using Netmatrix, HP Openview, Sun NetManager, and distributed sniffers. Installed first fiber switch at this location.
• Set up and maintain terminal servers and modem pools.
• Authored detailed awk/sed scripts.
• Evaluation and recommendation of project/resource management software.
• Participated in Japanese Deming Award preparations Visio 1.0 drawings .
• Planned and implemented attaching all desktop PCs to network by setting up ethernet/TCPIP network with FDDI backbone connection of all closets and servers , evaluating and purchasing telnet emulation software for PCs, loading software and adding network cards to PCs.
• Recommended and implemented resource based project management software - Project Workbench.
• AT T spinning off of Bell Laboratories, NCR/Global Information Systems, and other divisions forced dissolving many departments, early retirements, reduction of staff, forced relocation, and outsourcing of IT departments. Did not wish to relocate to New Jersey or Pennsylvania.

Confidential

• Supervised 5 person administration section that interviewed inactive Marines on their monthly visits to update vital information. Also participated in short 1-2 weeks TADs Temporary Active Duty to set up small LANs and PCs for automating military Post Offices and fixing LANs and PCs wherever it was needed. Other jobs included:
• Involuntarily activated for Desert Shield/Storm. Located inactive reserve and retired Marines anywhere in the world , activate and relocate them to Saudi Arabia or to become instructors at Camp LeJuene or Camp Pendleton.
• Crash/Fire/Rescue Active-Duty - Fireman for the air wing jets, etc. .
• Launch and Recovery Active-Duty - Utilize catapalt and arresting gear. Ability to make new, portable airfields in combat to catch small fighter planes in a war zone, second echelon behind infantry. Airfield functioned exactly like an aircraft carrier.
• End of military obligation.