SUMMARY:

• Cisco Certified Internetwork Expert (CCIE) Routing and Switching - passed lab 2007, lapsed 2015
• Cisco Certified Internetwork Expert (CCIE) Service Provider - passed lab 2011, lapsed 2015
• Cisco Certified Internetwork Expert (CCIE) Data Center - passed lab 2013, lapsed 2015
• Cisco Certified Network Associate, Routing & Switching (CCNA)
• Cisco Certified Network Associate, Data Center (CCNA)
• Cisco Certified Design Associate (CCDA)
• Cisco Certified Network Professional, Routing & Switching (CCNP Routing & Switching)
• Cisco Certified Network Professional, Data Center (CCNP Data Center)
• Cisco Certified Design Professional (CCDP)
• Cisco Certified Internetwork Professional (CCIP)
• Cisco Certified Voice Professional (CCVP)
• Cisco Certified Network Professional, Voice (CCNP Voice)
• Cisco Certified Security Professional (CCSP)
• Cisco Certified Network Professional, Security (CCNP Security)
• Cisco Qualified ASA Specialist
• Cisco Qualified Firewall Security Specialist
• Cisco Qualified IOS Security Specialist
• Cisco Qualified IPS Specialist
• Cisco Borderless Networks R&S Support Specialist
• Cisco Borderless Network Route and Switch Field Engineer Representative
• Cisco Data Center Networking Infrastructure Design Specialist
• Cisco Advanced Data Center Networking Infrastructure Support Specialist
• Cisco Unified Fabric Technology Design Specialist
• Cisco Unified Fabric Technology Support Specialist
• Cisco Data Center Unified Fabric Design Specialist
• Cisco Data Center Unified Fabric Support Specialist
• Cisco Unified Computing Technology Design Specialist
• Cisco Unified Computing Technology Support Specialist
• Cisco Identity Services Engine Field Engineer
• Cisco Identity Services Engine Systems Engineer
• Cisco Video Network Specialist
• Cisco Collaboration Support Specialist 1
• Cisco Collaboration Support Representative 1
• Palo Alto Networks Accredited Configuration Expert (ACE)
• VMware Certified Professional (VCP-DCV)
• VMware Certified Professional (VCP-NV)
• VCE Certified Converged Infrastructure Associate (VCE-CIA)
• Blue Coat Certified Proxy Professional (BCCPP)
• Brocade Certified Network Engineer (BCNE)
• INFOSEC Professional Status (4013 Recognition)
• Fifteen-plus years of sales engineering, and direct client-facing experience, in technical sales roles, consultative engagements, and hands-on technology deployment and implementation via VARs and partners wif multiple vendors, most notably Cisco, VMware, Palo Alto, Juniper, CheckPoint, and Brocade. All sales, VAR, and consultative roles has required the skills needed for managing time and resources - human, technical, and financial - for large, enterprise-wide projects, and agile and TEMPeffective communication, both written and verbal, to audiences of every type.
• TCP/IP networking and standards, including all IPv4 and IPv6 routing protocols. Heavy hands-on Cisco route/switch configuration, troubleshooting, design, architecture, and implementation, including all major Cisco operating systems such as IOS, IOS XE, IOS XR, CatOS, Catalyst IOS, and NX-OS
• Heavy hands-on experience wif Service Provider technologies, both privately- and provider-owned. These include MPLS networking, Multiprotocol BGP, Multicast networking, Provider and Provider Edge routing redistributing from routing protocols such as EIGRP, OSPF, and BGP. Vendors’ data-center class equipment employed in these pursuits include Cisco switches and routers, Juniper switches and routers, Brocade/Foundry routers and fibre-channel switches, and EMC, NetApp, Nimble and IBM Cloud storage networking.
• Heavy hands-on experience wif Cisco Data Center switching technologies including Nexus models 9000, 7000, 6000, 5500, 5000, 3000, and 2000 series switches and fabric extenders, including Cisco UCS implementation and configuration, troubleshooting, design, architecture, and implementation experience, such as wif UCS B, C, and S-series servers, Fabric Interconnects, UCS Manager and CIMC, Hypervisor (multiple vendors) installation and configuration on UCS chassis, Nexus 1000v switch, instantiation of Windows and Linux Servers of varying distributions in a virtualized environment, including physical-to-virtual (P2V) migrations.
• Direct hands-on experience wif SDN, SDDC, and SDWAN platforms and other cloud and virtualization technologies including, but not limited to, Cisco ACI, VMware NSX, OpenStack, IBM Cloud (Softlayer), Amazon Web Services, and Microsoft Azure.
• Hands-on experience wif Automation and Orchestration such as spinning up virtual machines, assigning compute resources, configuring virtual networking, and interoperability wif physical architecture. The tools which me has used are Ansible, Vagrant, and Bash shell, Python, Perl and YAML scripting.
• Heavy hands-on experience wif Cisco Identity Services Engine (ISE) and Cisco Access Control Server (ACS) in implementing NAC, 802.1x, RADIUS, and TACACS autanticated clients in networks of all sizes, both wired and wireless.
• Heavy hands-on security configuration, troubleshooting, design, architecture, and implementation. Network security vendors include Cisco, Palo Alto, Juniper, and CheckPoint and Meraki firewalls, both physical and virtual for all vendors.
• Heavy hands-on experience wif VPN and packet cryptography standards, such as IPSec 3DES, AES, SSL/TLS, and DMVPN (all versions).
• Heavy hands-on content switching and server load balancing wif proficiency in configuration, deployment, and operational management and maintenance of Cisco 11500 Series content switches, F5 BigIP LTM/GTM, Citrix Netscaler, and A10.
• Heavy hands-on experience wif Cisco Wireless LAN Controllers (WLC), both autonomous and LWAPP access points, Meraki Wireless access points and access switches, and the Meraki Cloud Controller
• Heavy hands-on experience wif all LAN technologies, including Cisco Nexus switching wif OTV, LISP, and vPC, Cisco Catalyst LAN switches, VSS switching, wired Ethernet from 10BaseT all the way up 100G-BaseX, Spanning Tree Protocol including 802.1d, 802.1w, and 802.1s.
• Heavy hands-on experience wif all WAN technologies, including Serial lines, xDSL, ISDN, PPP, Frame Relay, MPLS, ATM, Metro Ethernet, Long-haul Ethernet, SONET/SDH, and OC-x.
• Convergent data and voice network design and implementation, me.e. converting and migrating TDM voice to Voice-over-IP (VoIP), wif specific focus on the Cisco Unified Call Manager versions 3.x, 4.x, 6.x, 7.x, and 9.x, Cisco Voice Gateways including the VG series, and router-based VoIP gateways including MGCP, H.323, SIP, and CUBE, and Cisco IP Phones, and Cisco Wireless IP Phones
• DNS/DHCP administration wif the Blue Cat Adonis server platform
• Internet proxy engineering and administration wif Blue Coat SG Proxy appliances
• Layer 1 physical network infrastructure, such as LAN cabling (both copper and fiber), DS-1/DS-3, E1/E3, ISDN PRI, CSU/DSU/TSU, MUX/Inverse MUX, DSLAM, POS, SONET/SDH, et al.
• Detailed network planning documentation, including scopes of work, engineering site surveys, in-depth network diagrams and schematics
• TEMPEffective management of many projects and teams of engineers over the course of my career
• Outstanding written and verbal communication skills

PROFESSIONAL EXPERIENCE:

Confidential - Irving, Texas

Cloud Infrastructure Architect / Networking & Virtualization SME

Responsibilities:

• Provide architectural oversight and hands-on implementation for a large healthcare client. me deal daily wif the client at all levels, discussing architectural ideas and best practices for implementing ideas and plans for migrating all their physical data centers to the IBM Cloud. me regularly has engagements wif Director, and Vice-President level staff, as well as technical engineering staff, including the client’s Chief Network Architect, so my audience and the form in which me deliver content varies at any given moment. me is considered the preeminent subject matter expert for all forms of data networking, and for all methods of software and hardware virtualization. The vendor technologies wif which me normally deal include, but are not limited to, Cisco, Juniper, VMware, Microsoft, RedHat, Ubuntu, Brocade, IBM Cloud, and Amazon Web Services.
• me also possess coding and scripting skills used to assist in automating and economizing network-related tasks. The tools me use include, but are not limited to, Ansible, Bash shell scripting, and Python, Perl, and YAML scripting, all from the Linux server command-line interface.

Confidential - Irving, Texas

Senior Networking & Cyber Security Consultant

Responsibilities:

• My specific role entailed the buildout of a new hybrid-cloud data center collocated in Plano, Texas. me was responsible for everything having to do wif routing, switching, cyber security, load balancing, server, workload, storage virtualization, and development of automation and orchestration of the new data center. Vendors me dealt wif on a daily basis were Cisco route/switch, CheckPoint firewalls, Palo Alto firewalls, F5 load balancers, VMware NSX hypervisor, EMC storage, and Windows, Redhat Linux, and IBM AIX servers, and converting all production application workloads to the cloud over time.
• Used Ansible wif Python scripting and REST API access to F5 Viprion load balancers to create virtual load balancers (VLBs) and to create virtual servers and other necessary components to support migrating applications from a legacy environment to a new virtualized, hybrid cloud data center.

Confidential - Grapevine, Texas

Senior Networking Consultant

Responsibilities:

• Assisted wif oversight, planning, and hands-on work for the migration and collapse of all data center infrastructure from six locations to two. dis is a merged company and the network was unstable and disparate from one entity to the next. me personally handled the conglomeration of two Virginia data centers into one. That was my role, and since that role is completed, me is on the market again. me handled routing/switching (Cisco Nexus), firewall (Checkpoint and Cisco ASA), VPN (Meraki), wireless (Cisco and Meraki), and load balancing (F5 and Citrix Netscaler).

Confidential - Plano, Texas

Principal Network Architect

Responsibilities:

• Oversaw all phases of voice and data communications throughout the North American enterprise infrastructure. Served as chief architect to manage not only several ongoing large-scale projects, but also leading a team of ten engineers by mentoring,, and delegating workloads so that project deliverables could be met.
• The technologies wif which me deal hands-on daily are Cisco Routing/Switching, Cisco ACI, Openstack, Ansible, F5 BigIP LTM and GTM, Palo Alto firewalls, Checkpoint firewalls, Aruba Wireless, Cisco Wireless, and Cisco and Avaya VoIP, among many others.
• Used component of the software development life cycle (SDLC) to develop a solution by which legacy virtual servers for supported applications were migrated from the Cisco CSS platform to the F5 LTM platform. 731 virtual servers and all attendant components were migrated using tools such as Ansible, Vagrant, Python and YAML scripting, and wif access to the REST API of the F5 load balancers.
• In a Principal role, me was included in the development of new internal and customer-facing technologies and traveled to Altice company offices in the United States, France, The Netherlands, Spain, and Portugal during my tenure for meetings among Principals in all Altice business units.

Confidential - Tampa, Florida

Senior Network Architect

Responsibilities:

• CSRA Corporation, Bossier City, Louisiana - dis was a telecommute position engaging as a third party to implement and support new data center and network security solutions at various military installations throughout the United States. Managed two large projects and all resources therein for data center deployments. There were several technologies being deployed in these multi-vendor environments. The vendors and technologies wif which me was working daily included Brocade routing and switching, Palo Alto Firewall/VPN, Checkpoint Firewall/VPN, Cisco Firewall/VPN, BlueCat DNS/DHCP/IPAM, F5 Load Balancers, and VMware virtualization for both application servers and network appliances.

Confidential - Houston, Texas

Senior Network Architect

Responsibilities:

• Houston Texans, NRG Stadium, Houston Texas - Engaged as a third party to manage the implementation of a new network at NRG Stadium prior to the opening of the NFL football season. Entailed cost analysis and adhering to budget and technology standards. Included working wif several vendors that were subcontracted for different phases of the project delivery. Provided hands-on configuration and support for the new network including the following technologies: Cisco ASA5585X - pair of firewalls in an Active/Standby HA configuration, SSL VPN for administrators, and site-to-site VPN for multi-node WAN; Cisco UCS implementation is the data center space at the stadium; VMware environment wifin the UCS build for several virtual machines hosting network services such as DHCP, DNS, NTP, etc.; the server environment is built on several VMs wif Windows Server 2012 R2.

Confidential

Solutions Architect

Responsibilities:

• Halliburton Corporation, Houston, Texas - My engagement wif Halliburton involves the reconfiguration and reallocation of assets at the two primary and secondary data centers in Houston, Texas. At the primary data center, the project involved accommodating the readdressing of the data center to accommodate the revocation of Halliburton’s previously owned Class A private IP address space. Readdressing the Internet edge and all DMZ-resident hosts that are public facing, reconfiguring all NAT to adapt to the changes being made in all levels of the network, including load balancers, firewall VIPs, application server VIPs, etc. At the secondary data center, there was an implementation for NAT resiliency known as Stateful Interchassis Redundancy (SIR). Wif SIR, two NAT routers, working in parallel, are configured such that one will dynamically preempt the other, and vice versa, during a failover event. That technology TEMPhas been successfully implemented on a pair of ASR 1002-X routers.
• M&T Bank, Buffalo, New York - me was assigned to dis engagement to help not only unravel some things that were not going well wif the way their SAN connectivity was being implemented, but also to begin the process of providing an architectural engagement that would result in the TEMPeffective design of several hot standby data centers strategically located in the Upper Midwestern and Northeastern United States. dis architecture took into account several factors, including capacity planning for adequate bandwidth to primarily support application resilience and backend SAN data transfers between data centers. Redundancy planning and implementation was part of dis design. me created the SOW, BOM, estimated the number of ma hours and number of human resources needed to successfully bring the project to completion.
• CVS Pharmacy, Phoenix, Arizona - me was assigned to be a resource acting as a Routing/Switching SME during a series of critical changes and data transfers that occur over the New Year’s holiday annually for the CVS network. me was requested to be on premise at the client’s primary data center location in Scottsdale, Arizona, to be at the ready to triage and troubleshoot any issues to resolution that might occur during dis critical period, which happened to be the entire month of January 2015. All went well, and no lingering issues were president at the time me left for home.
• Carnival Cruise Lines, Inc., Miami, Florida - me was engaged wif Carnival for two reasons. First, me went to the primary data center location in Miami, Florida, and set up an appliance to gather NetFlow data for further analysis at a later date, in dis case to determine if any of the previously encountered bugs from several previous network outages were evident in the perusal of that data. Second, there was a request for an updated architectural approach to how the ship to shore network communications could be improved and made more resilient and redundant. dis design involved taking into account not only basic ideas such as connection speed for passengers using the Internet out at sea, but also more importantly the satellite communications necessary and made configurable such that latency was kept at a minimum for critical application usage. Resiliency and redundancy were addressed by having multiple land-based (ship in port) and multiple satellite-based (out at sea) private network connections over which a private MPLS infrastructure was to be built, and also over which redundancy and resiliency of any link failure(s) would be handled by the BGP protocol (specifically MP-BGP) wif manipulation of metrics, communities, BFD, timers, etc.
• Dell Corporation, Austin, Texas - me was assigned dis engagement to go on premise at Dell’s primary date center in Austin, Texas, and physically install and configure an appliance that would probe the network using multiple protocols (DNS, DHCP, SNMP, NetFlow) in an attempt to narrow the focus on issues Dell was having wif interoperability between Cisco Nexus switches in the core of their network and non-Cisco (primarily Dell) switches running at aggregation and access layers of dis particular network.
• City of New York, New York - me has been engaged wif the City of New York for a twofold objective. First, me is supposed to create a more resilient, redundant, and highly available network between what are now the City’s two primary data centers. Since the dual 10 Gbps links between the data centers run on city-owned dark fiber, tan it seems to be a matter of optimization of routing and perhaps the implementation of technologies such as OTV and LISP between the edge Nexus switches at each location. Second, the City as a whole is requesting an RFP-style submittal for an entity-wide network refresh, including SOW, BOM, budgetary estimations, approximated project timelines, et al. That effort is in process.

Confidential - Dallas, Texas

Senior Systems Engineer

Responsibilities:

• Quality of Service - dis was a project undertaken to rewrite and reapply QoS rules across the enterprise to primarily support the Cisco VoIP network, but to also take into consideration the pre-existing Avaya and Nortel VoIP phones that were to remain in production for the duration of the Cisco voice deployment. The approach taken was a combination of Layer 2 and Layer 3 queuing methods, which included the complete removal of the AutoQoS configuration from all Layer 2 access layer switches, marking and classification at the campus distribution layer, and disposition and handling of the marked and classified data in a Nexus core data center.

Confidential - Odessa, Texas

Senior Systems Engineer

Responsibilities:

• Tarleton State University, Stephenville, Texas - called upon to implement a new campus-wide initiative for wireless LAN technology, upgrading legacy WiSM technology to the Cisco 5508 series Wireless LAN Controller (WLC). The project entailed detailed mapping (location/GPS services) of access points (APs) around campus, both indoor and outdoor, configuration of those APs to scope of work (SOW) specifications and mapping them in Cisco Prime NCS for Wireless Infrastructure. A total of approximately 300 new APs were deployed.
• Lubbock Independent School District, Lubbock, Texas - performed duties necessary to the implementation of the Cisco Identity Services Engine (ISE) to support both approved district-sanctioned PCs and laptops, plus BYOD for students using Windows Active Directory Domain Services to autanticate users, ISE to profile them, and Cisco WLC to forward them to the proper VLAN (Guest, Internal User, et al.). dis project supports approximately 3000 wireless users throughout the district.
• Dumas Independent School District, Dumas, Texas - implemented a new Cisco UCS solution wif 5548UP core switches, 6248 Fabric Interconnects, the Cisco B-series blade chassis, VMware installation and configuration, Physical-to-Virtual (P2V) conversion, and spinning up new virtual machines to replace bare metal servers such as their Windows Active Directory Domain Controller in the VMware environment. Legacy servers were Windows Server 2003, wif new VM servers being a mixture of Window Server 2008 and 2012.
• Oldham County, Texas - configured a fully virtualized Unified Communications system on UCS for dis client, spanning several entities wifin the county governance, including, but not limited to, CUCM, Unity, PSTN gateways, SIP trunks to PSTN, et al.
• Netherland Sewell & Associates, Inc., Houston, Texas - provided all professional project management and systems engineering services to execute all deliverables on a broad statement of work (SOW). The SOW included the “rack and stack” of a new core network in both the Houston and Dallas locations of Netherland Sewell. The configuration of all hardware included Cisco Nexus 5500 series switches, Cisco Catalyst 3800 series switches, and Cisco Meraki cloud-based wireless LAN controllers and access points. Successfully executed all deliverables on the statement of work.
• First Southwest Corporation, Dallas, Texas - several projects are entailed here for First Southwest. They include implementation and configuration of new Cisco 5508 wireless LAN controllers in the Dallas primary data center and the Denver secondary data center, configuration of all Aironet 3500 series access points, configuration of HREAP for all remote offices, and the dynamic routing, switching, and security components necessary for the wireless LAN to operate on a best-practice basis. Another project was the implementation of two Cisco Identity Services Engine (ISE) appliances, one in Dallas and one in Denver. The ISE project entailed setting up from scratch all identity posturing and assessment as it specifically referred to the wireless LAN and particularly BYOD-type users. Users on non- corporate machines, tablet computers, or smartphones were delivered to a captive portal that was configured for the capture and redirection of BYOD users. Corporate laptops and other corporate assets wif wireless capability were allowed X.509v3 -based autantication wif additional input of Windows Active Directory credentials presented to AD by the RADIUS server capabilities of the ISE appliance.

Confidential - Keller, Texas

Senior Network Engineer

Responsibilities:

• Designed and implemented a controller-based wireless architecture using Cisco controllers and access points. The wireless controllers resided at our two data centers in Coppell, Texas and Elk Grove Village, Illinois; so, they were set up wif H-REAP for local drop-off to a VLAN at the local sites. The wireless LAN was spread over various locations in Texas, Illinois, and New York.
• Worked wif my counterpart senior engineer in Chicago to design a management network based on the VRF-Lite capabilities built in to the Cisco Nexus switch platform. Using NX-OS, we were able to logically separate traffic from different VRFs for the purposes of creating a management domain for all elements in the network including routers, switches, firewalls, DNS/DHCP, Internet proxy, servers of all OS types, SAN, etc. Presented test bed results to peers in Network Security.
• Acted as the primary resource for Blue Coat proxy moves/adds/changes coz of my status wif Blue Coat.
• Helped to manage an extensive VoIP infrastructure based on Cisco Unified Communications Manager, comprising about 1000 nodes wif all manner of application capabilities such as videoconferencing, emergency response (E911), voice mail, IP Contact Center, among others.
• Took the lead on engineering a NAC solution for OCC. Conducted Proof of Concept (POC) trials wif multiple vendors to satisfy a federal mandate to has a NAC POC completed by end of April 2013. These efforts lead to a NAC implementation at OCC by the end of FY2012.
• Part of daily operations included management and configuration of all F5 BigIP load balancers, including all virtual server, resource pool, SNAT, and iRule configurations, to list a few.

Confidential – Cincinnati, Ohio

Senior Network Engineer

Responsibilities:

• Work for CBTS' largest client, General Electric, in support of their enterprise network. It is an all Cisco network except for a few sites that has HP switches, or Juniper or Checkpoint firewalls, all of which me has worked wif as well.
• Completed a project entailing the upgrade of all global DMVPN sites, including hub locations, to meet new networking standards set out by GE Corporate IT. dis involved over 600 locations globally and me was the primary resource for the project. Completed the project in six months wif no outside assistance – dis included design, procurement, and implementation phases.
• Worked on the team responsible for designing and implementing a new “Next Generation” core network (NGN) infrastructure and participated in standing that network up in parallel to the legacy network and tan cutting over the core such that the NGN was the new core and the legacy was in process of being decommissioned.
• Had a role in Network Operations providing oversight and quality control of all complex network changes, by which me review the change, vouch for its efficacy or return it to the lead engineer for revision if me find something amiss that me think will cause an issue during the change, or in some cases the information provided in the change scripting is incomplete or incorrect. It was in my purview to get all that work double-checked and corrected prior to implementation, and tan actually sat on the changes me reviewed to ensure that they went according to plan.

Confidential – Southlake, Texas

National Network Operations

Responsibilities:

• EDN Migration – A project that entailed the whole-scale migration of the Enterprise Data Network (EDN) from its legacy OSPF-routed architecture to the corporate MPLS backbone infrastructure. dis included all privately routed IP subnets enterprise-wide and involved such application bases as AAA, DNS, network security, all network support systems such as CiscoWorks, Cisco ICS, HP OpenView, SolarWinds, and the like, not to mention end-user subnets for corporate PCs and servers. In all, the old infrastructure was divested of approximately 1,200 prefixes, now subject to the corporate BGP routing policies and traversing the MPLS core. The end result was accomplished by providing multi-Ten Gigabit Ethernet connectivity from the EDN distribution switches (Cisco 6513s running VRF-Lite) to the PE routers on the edge of the MPLS backbone. dis effort rendered the legacy infrastructure ready for decommission when NNO management so chooses to proceed. Preparation included project management such that it was delegated to me to deal wif stakeholders for the network segments that were to be migrated, working wif each not only to allay concerns and “be the face” of NNO to them, but also to insure a well-timed, well-reasoned, and successful network migration. me was personally responsible for writing configurations and detailed implementation documentation in the form of Method of Procedure (MOP) documents that were delivered to the staff that were to actually implement the changes. me acted as the primary on-call engineer for the entire migration, which lasted about three months, running concurrently wif other projects.
• RIM XR routing platform – The nature of dis project was to provide a dedicated platform to which Verizon Wireless’ vendor RIM (Research in Motion) could connect and route traffic destined to and coming from Verizon Wireless Blackberry customers. The scope of the design involved building out routers (Cisco ASR1013s running Cisco IOS XR) to connect, via several VRFs designated by geographic region, to the upstream PE routers (Cisco CRS3s also running IOS XR) in both the Texas and New Jersey primary data centers, wif the Texas entry point being most preferred. There were also ancillary routing connections built to encompass the regional PE routers servicing the mobile sites that allowed Blackberry users connectivity to the Verizon Wireless network. The real task of dis project, delegated to me, involved writing, basically from scratch, an XR-friendly configuration for the ASR1013s wif all necessary MP-BGP routing (use of both IPv4 and IPv6), QoS, routing policies, access lists, and MPLS, et al., as derived from a legacy Cisco 12000 series router running native IOS. The final production configuration of the ASRs approximated 12,000 lines of code each. me wrote MOP and change control documentation to support the effort and took on the work of implementing the changes myself. The length of dis project was around four months, running concurrently wif other projects.
• Daily operational responsibility included management and configuration of F5, A10, Cisco CSS, and Cisco GSS load balancers including all elements of virtual servers for various pod-type environments in a firewalled DMZ (Internet-facing), and DNS redirection wif the GSS.

Confidential – Richardson, Texas

Senior IP Infrastructure Engineer

Responsibilities:

• Cross-border Call Encryption – TerreStar currently provides service in the United States and Canada, so working under guidelines set forth by the Department of Homeland Security and Canadian authorities, dis idea was extrapolated into a means of providing encryption and making “hackproof” the voice and data streams that would originate in one country and terminate in another. dis was accomplished by implementing an MPLS over GRE solution wif opposite endpoints of the GRE tunnels terminating in the US and Canada, respectively. In order to make dis work, the core engineering team (two engineers including myself), mocked up in a lab environment the routing, switching, and security elements required to provide dis level of service. Some of the information is the property of the Department of Homeland Security and is proprietary and soon to be classified, but the basics are these: compacting the overhead of MPLS/LDP including VRF routing, IP Routing (both OSPF and MP-BGP), QoS, and IPSec/ISAKMP encryption over a GRE tunnel. Extensive calculation and testing had to be performed to determine the optimal MTU size of Ethernet frames being sent across the GRE and that MTU had to be explicitly configured at all ingress and egress points of the network in the path that was to be encrypted. Produced and distributed detailed technical documentation of the project for management, engineering, and field implementation staff.

Confidential – Bedford, Texas

Senior Network Consultant

Responsibilities:

• City of North Richland Hills, Texas – Brought in after an initial engagement to complete the intended tasks per the scope of work and FutureCom’s contractual obligations. dis work involved an exhaustive network audit covering aspects of routing, switching, security, voice, and wireless. Configured the elements of the network according to accepted and current best practices, focusing primarily on core routing, WAN routing, Internet routing, core switching, edge security, site-to-site VPN design and implementation, QoS to support the voice component of the network, and optimization of AAA security for secure access to network elements.
• City of Richardson, Texas – dis project was a forklift upgrade of an entire municipality’s network infrastructure from legacy Nortel to all new Cisco hardware, and the accompanying technologies commensurate wif dis type of implementation. Technologies focused on primarily were Cisco Virtual Switching System (VSS), Reconfiguration and reconvergence of a Nortel-proprietary spanning tree protocol (STP) to a standards-based Rapid Spanning Tree deployment, dis being the case coz the entire city ran on its own dark fiber and the entire network was Layer 2 from the core outward. Configured Layer 2 QoS in a switched environment wif CoS to DSCP markings as traffic entered the switching fabric so that it could be properly handled by Cisco Unified Communications Manager infrastructure. Migration of firewall rules from ASA to FWSM residing in the VSS core. Implementation and configuration of CiscoWorks, including Windows server build from scratch and integration wif Cisco Secure ACS. Acted as lead engineer on dis project responsible for timely deployment of all phases of the network, providing reports and updates to the Project Manager several times weekly, including regular update meetings wif the client.
• Texas Wesleyan University, Fort Worth, Texas – was part of a team of engineers on a complex deployment, focusing primarily as subject matter expert on Cisco routing and switching. Duties included configuring BGP routing to the Internet and working wif ISPs to govern route advertisements for the CIDR blocks the university owns. Tasks also included WAN routing optimization and configuration of new routing to support a new core infrastructure replacing a legacy Cisco network wif Nexus 7000 series switching at the core, a new fiber plant being run to all IDFs around the campus (86 IDFs total wif multiple stacked 3750 switches in each IDF). Migration of existing routing paradigm to new routing scheme for accessibility of remote sites to vital servers and services. Configuration of QoS to prioritize appropriate traffic.

Confidential – Herndon, VA

Senior Network Consultant

Responsibilities:

• Confidential Systems, Inc. – Colege Station, Texas: Implemented a collocated data center for dis client at the Savvis facility in Fort Worth, Texas, including configuration and installation of Cisco Nexus 7000 series switches, Cisco ASA 5500 series firewalls, conception of the network in the collocated environment consisting of SSL VPN access and multiple DMZ layers, educating the client as to the design and intent of the network schemes, and documentation of said network primarily via Microsoft Word and Microsoft Visio documentation.
• Agilent Technologies, Inc. – Colorado Springs, Colorado, Santa Clara, California, Santa Rosa, California, Wilmington, Delaware, Andover, Massachusetts, Mississauga, Ontario, Canada, Penang, Malaysia: Conceived, designed, tested, staged, configured, implemented and documented the voice and data networks at the above listed facilities, which included roughly 10,000 employees and Cisco phones. At the core of each site’s network was a Cisco Catalyst VSS 1440 Switching System wif numerous subtended Intermediate Distribution Facility (IDF) closets containing Cisco Catalyst 3750 switches in a Stackwise configuration. The core of the WAN varied by region but was linked via a common MPLS backbone conglomerating multiple carriers. The voice network consisted of Cisco Unified Communications Manager (CUCM) 7.x servers, wif Cisco Unity, Presence, Unified Messaging, and Contact Center applications.

Confidential – Dallas, Texas

Senior Network Engineer/Architect

Responsibilities:

• Implemented a new switching distribution layer in the enterprise data center to isolate the server farm environment and to give it robustness and stability. Two distribution layer Cisco Catalyst 4507R switches were inserted into the network between the core layer and the server farm switches at the access layer. Each distribution switch was connected to the network core via fiber optic uplink as well as being connected via fiber to each server farm application layer switch. The distribution switches were configured wif Multiple-instance Spanning Tree (MST) to provide a uniform and resilient means of switching data traffic to and from the server farm switch fabric. The server farm was further isolated at Layer 3 by providing a dual-homed HSRP gateway to every IP subnet resident in the server farm domain. dis entire configuration offered a more modular solution for the addition of switches that more adequately furnished the transport of application and data resources to the rest of the enterprise network.
• Provided a plan to rid the City network of its dependency on Policy-Based Routing (PBR). The plan involved the gradual removal of all route maps that directed all traffic toward a central point in the network that contained rules governing which traffic could pass and where it is allowed to go. dis was an old design put in place many years back that had become arcane and needed to be addressed. Instead, the plan was to configure EIGRP routing in all areas of the network to provide a more dynamic and active means of transmitting routing information from the core to far points of the network. Small remote sites would be configured as EIGRP Stub domains to reduce the usage of WAN bandwidth for sending routing updates and information. Appropriate restrictions via the use of EIGRP routing manipulations mainly via Distribute Lists would still be put in place to manage traffic to and from areas that were deemed to be more secure than others.
• Provided a comprehensive plan to the City to upgrade its Point-to-Point Protocol architecture to a Metro Ethernet backbone and Metro Area Network (MAN) spanning over 350 locations. Since all sites are wifin the same general locale, the Metro Ethernet option was a viable one. dis access upgrade would be done in conjunction wif another initiative that was being undertaken to upgrade all the network hardware in the City infrastructure. Conjointly, both upgrade paths would provide more residual bandwidth to remote sites that were more progressively requiring the implementation of multicast and streaming applications; and the upgraded hardware would replace obsolete and unsupported infrastructure that had been in place in some cases as long as eight years.
• Developed and designed a comprehensive network solution for Dallas Water Utilities regarding the transmission and compilation of SCADA data for Dallas Water Utilities. dis 74-location network was a separate infrastructure from the City's enterprise voice and data network. It was comprised of a core site, a disaster recovery (DR) site, twenty-two distribution layer sites, and fifty-one access layer sites, whereby the access sites home to a distribution site, and the distribution sites home to the core and DR sites, respectively. BGP was the chosen routing protocol for dis network implementation coz of its ability to handle complex route aggregation and coz of the many attributes that can be manipulated to force routing behavior. BGP is also easily configurable to peer over IPSec VPN tunnels which was called for in dis network design. The core and DR sites were to be linked wif a point-to-point DS3 to facilitate database transfers between the two locations. The distribution layer sites were to be linked to the core and DR sites wif a mixture of DS1 to Channelized DS3 (primary link), DSL to the Internet terminating into a Metro Ethernet medium at the core site, over which an IPSec tunnel would be built (secondary link), and a cellular modem connection to the Internet terminating into a DS1 Internet connection, again over which an IPSec tunnel would be built (tertiary link). QoS would be configured to support a video application used to monitor water pump stations, wif the video only being supported when the primary link was engaged.
• As part of the City’s data center infrastructure, there was an extensive virtualized server environment consisting of VMware ESXi hosts in cluster configurations wif banks of paired F5 and Cisco CSS load balancers for further virtualizing access to clustered applications.

Confidential – Irving, Texas

Senior Network Engineer

Responsibilities:

• Implemented a BGP confederation splitting several functional groups in the Irving, TX, campus into separate sub-autonomous systems (sub-AS). Each sub-AS was configured wif a peer group that governed routing policies, and those routing policies were shared wif other sub-AS peers as required throughout the BGP routing domain. The primary purpose of the confederation was to consolidate Internet accessibility for all functional groups while allowing each group to maintain address space that had been assigned to each sub-AS from the NEC enterprise-wide CIDR blocks.
• Successfully completed migration of the core BGP routing to a dual-homed ISP architecture such that the NEC autonomous system was reachable via multiple inbound AS paths from the rest of the public Internet. The full Internet BGP table was accepted at the NEC network edge and shared via iBGP wif a core router inside the autonomous system. In dis arrangement, all routing to the Internet was computed as best path via either of the dual-homed ISP connections.
• Migrated all legacy Frame Relay and PPP circuits into a common backbone that would centralize all WAN reachability into and updated routing platform (7206 router vs. 7513 router). dis allowed for the consolidation of routing policy for all WAN-connected links regardless of medium, whether they be MPLS, traditional Frame Relay, or PPP.
• Was responsible for a security audit of the campus LAN in Irving, TX, which found that all switches wifin the campus architecture required a more comprehensive and robust access methodology. TACACS was deployed via CiscoSecure ACS such that two-part autantication was tan required for console and VTY access to all campus network elements.
• Performed an extensive survey of all enterprise LAN/WAN infrastructure to map interoperability, connectivity, etc. Tan provided detailed diagrams and other documentation that logically illustrated the entire network architecture and the elements that were a part of it.

Confidential – Addison, Texas

Senior Network Engineer

Responsibilities:

• Exhaustive documentation of the core data center architecture, WAN infrastructure, security architecture, and the network elements of the most vital satellite offices.
• Designed and implemented a new disaster recovery data center including WAN, Internet, and server farm infrastructure elements to provide redundant resources in the event of primary data center failure. dis was the first phase of a large data center migration between the Savvis Collocation facility in Fort Worth, TX, and the new corporate data center in Carrollton, TX. The WAN segment consists of diverse carrier, dual-homed MPLS links wif unique BGP ASNs for each site on the MPLS backbone, controlling BGP preferred path to the “core” private AS wif the Local P attribute. The Internet segment also consists of diverse carrier, dual-homed links, which are used to advertise AmeriPath’s public BGP ASN. Inbound path p to the public AS is controlled wif the MED and Community attributes between the diverse carriers. The Internet segment also includes Checkpoint NG Firewall-1/VPN-1 and Juniper SA4000 SSL nodes to control Extranet and Telecommuter access to internal resources.
• Planned and implemented the merger of the primary and disaster recovery data centers via a Metro Ethernet link between core LAN switches at each facility. dis was the second phase of a large data center migration between the Savvis Collocation facility in Fort Worth, TX, and the new corporate data center in Carrollton, TX. The link serves as an EtherChannel between the core switching environments so that VLANs from both data centers are propagated to one another. dis required careful control of VTP and STP metrics to maintain the integrity of the core environment while keeping availability to all core network segments at a high level. The merger also stipulated that two separate OSPF Area 0 networks be combined into one. OSPF had to remain in place coz of multi-vendor hardware (Checkpoint and Nortel) only capable of running open standard routing protocols.
• Planned and implemented a conversion of the disaster recovery data center to act as the primary data center. dis was the third and final phase of the aforementioned data center migration between the Savvis Collocation facility in Fort Worth, TX, and the new corporate data center in Carrollton, TX. The new primary data center is in a space that is staffed by AmeriPath IT personnel, while the “new” disaster recovery center is housed at a collocation facility. The manipulation of routing metrics in OSPF and BGP was used to cause data to traverse desired paths to and from the data center environment, from both the private WAN and the Internet.
• Designed and implemented an SSL VPN solution to be used as an extranet solution for vendors and customers of AmeriPath needing secure access to private network resources. Installed a cluster of Juniper SA4000 SSL gateways in the primary data center that provide a GUI front end to file share and application access required for the Extranet environment. dis solution was intended to be a possible long-term replacement for the deployment of edge VPN gateways at remote satellite offices, coz the cost to the customer of the SSL solution versus a traditional IPSec hardware VPN is vastly minimized. dis platform is currently in production for consultants and some vendor connections. Rollout to the general usership is pending.
• Designed and implemented a load balancing solution utilizing a cluster of F5 BigIP LTM appliances. The load balancing environment provides a virtual entry point for three of the major application platforms that are in production in the AmeriPath infrastructure. Each application TEMPhas a hosted Virtual IP on the F5 cluster that is load balanced among clustered server, application, and database resources resident in the core data center.
• Planned and implemented a comprehensive network monitoring and alerting architecture comprised of SolarWinds for front end visibility and SNMP trap monitoring in a NOC environment, NetScout nGenius wif NetFlow probes and collectors for more granular capture and analysis of real-time network events and trends, and CiscoWorks for configuration management and Syslog offloading.

Confidential – Coppell, Texas

Senior WAN Engineer

Responsibilities:

• Planned, designed, and implemented a global WAN architecture wif access for all offices in all international theaters to the corporate backbone via MPLS. The design involved multihomed connection to two MPLS carriers for a primary/backup scenario. Links to the MPLS carrier networks were made via eBGP, wif each site being assigned its own private AS number. The link to the primary eBGP peer was configured wif a higher Local P so that all data would traverse that path in a full production environment. Therefore, the secondary link was used for failover in the event the primary link went offline for any reason.
• Designed and implemented a change to the core of the corporate network infrastructure – both Data Center (DC) and Disaster Recovery (DR) facilities – that included multihoming of links to MPLS carriers (2 at DC, 2 at DR, all via eBGP), reconfiguration of core routing to facilitate reachability to sites via MPLS networks while having to insure efficient connectivity wif interaction between EIGRP and BGP in the core of the DC/DR environments, redesign and redeployment of QoS mechanisms for most TEMPeffective policing across the MPLS architecture, and planned migration of traditional Frame Relay PVCs to MPLS access into core network resources and processes (migration of WAN routing from EIGRP over point-to-point PVCs to BGP access via MPLS “one hop to the cloud”).
• Undertook an initiative to audit all managed network elements to insure consistency of configuration in similar environments and hardware builds wif regard to network and device security (AAA, RADIUS, TACACS+ parameters), configuration of routing protocols and routing metrics, SNMP read/write access for purposes of monitoring, etc.
• Assisted Operations and NOC staff in optimizing network monitoring agents to insure proper levels of device, interface, and process discovery, alarm thresholds for prioritized network events, and proper notification and response to these events.
• Wrote white papers detailing design and enterprise-wide deployment strategies for both MPLS and VoIP. The audience to which these documents were presented included all international theater IT operations management.

Confidential – Carrollton, Texas

Senior Network Engineer

Responsibilities:

• Engineered, designed, and implemented a Wireless LAN solution for all McKesson Pharmaceutical distribution centers. Project included refitting 30 locations to use the IEEE 802.11b Wireless standard for clients wif handheld computers roaming large warehouses. Work entailed replacing legacy infrastructure – Cisco 3640, Cisco Catalyst 2900, 5500, 6500, and 900 MHz ISM band Wireless LAN – wif updated switched Gigabit Ethernet backbone, Cisco 3745 routers, Cisco Catalyst 4500 and 3550 switches, Cisco Aironet AP1230 access points, and customized spectrum coverage and antennae deployment for each location.
• Engineered, designed, and implemented a network infrastructure upgrade for McKesson Provider Technologies, comprising 20 locations in the USA and Canada. Work included replacing legacy Nortel and 3Com routers and switches in a flat architecture and upgrading to a hierarchical, multi-VLAN scheme that included a fully redundant Gigabit Ethernet backbone, Cisco 3745 routers, Netscreen 204/208 firewalls, and Cisco Catalyst 4500, 3750 and 3550 switches. Conversion of legacy RIPv2 network areas into EIGRP that is tan aggregated and redistributed into BGP in the corporate backbone.
• Designed and implemented core network infrastructure for corporate VoIP initiative. Used a centralized multiple-site model that includes distributed server clusters in geographically diverse locations. There are six clusters (of four servers each) in total – two Cisco CallManager, two Cisco Unity Messaging, and two Cisco IP Contact Center.
• Re-engineered McKesson’s Carrollton, TX data center and subsidiary LAN from legacy Cisco Catalyst 5500 and 2900 switches to a new Gigabit Ethernet backbone spanning the network core (MDF), the campus LAN (5 IDFs supporting 1000 users, 100BaseT to the desktop), two production server farms, and one development server farm. Deployed Cisco 7609 core routers, Cisco Catalyst 6509 as collapsed core switches, and Cisco Catalyst 4500 and 3550 as access layer switches.
• Engineered a WAN redundancy solution for subsidiary locations to has alternative egress to the corporate backbone in the event of primary network link failure. The redundant connection is an IPSec VPN tunnel from a secondary router to a DMZ area in the core data center. The remote site’s network is advertised into the backbone via eBGP peering.
• Published documentation on standardizing how IP networks are addressed, assigned, and routed wifin the enterprise network. The scheme is based on the 10.0.0.0/8 address space and is variably subnetted to meet allocation requirements for data centers and offices of various sizes. Each site is assigned a BGP private AS number and advertises its subnet(s) to the backbone via eBGP peering.

Confidential – Dallas, Texas

Data/Voice Network Design Engineer

Responsibilities:

• Helped develop the technical assurance process for larger customers. dis entailed auditing and approval of all designs that were proposed to external clients.
• Developed and delivered new-hire and ongoing technical to sales personnel in the areas of telecommunications basics and history, networking basics, LAN and WAN access, legacy application considerations, Internet application and bandwidth considerations, network security, and VPN design constraints.
• Consistently managed 30-35 active projects at any given time in addition to the de facto technical support role that was assumed coz of having an abundance of Cisco experience. These projects encompassed defining the network design requirements, documentation of same for downstream team members and client IT personnel, and implementation of the final designs into client networks.

Confidential – Dallas, Texas

Senior Network Engineer

Responsibilities:

• O’Reilly Auto Parts, Springfield, MO – designed, engineered and implemented an enterprise network solution for an 841-location client. Core data center/headquarters office (Cisco 7206 routers, Cisco Catalyst 6500 and 3550 switches, and Netscreen 50s as the enterprise firewall and VPN concentrators). 41 regional hubs (Cisco 3640 routers, Cisco Catalyst 3550 switches). About 800 store locations (mix of Cisco 1750 routers and Netscreen 5XP firewall/VPN appliances). Each regional hub would home connections for 15-20 store sites, and the regional hubs were homed to the corporate data center. OSPF routing was deployed wif the core data center being Area 0 and the regional hubs designated wif different area numbers and using Area 0 for transport to other areas. The store locations were configured as stub areas and default routes were injected from the area border routers at the regional hubs. IP address allocation was such that each of the 41 regions could send a single summary route advertisement to the core of the network (Area 0). Some sites connected directly to the core data center via IPSec VPN tunnel and were not included in the OSPF routing process. O’Reilly also uses an AS400 mainframe for inventory control in the stores. Data-link Switching (DLSw) was configured to bridge SNA traffic from the stores to the core data center.
• Luby’s Cafeterias, San Antonio, TX – designed, engineered and implemented an enterprise network solution for a 204-location client. Core data center/headquarters (Cisco 3640 routers, Cisco Catalyst 6500 and 3550 switches, and Netscreen 25 firewall/VPN appliance). 203 restaurant locations (mix of Cisco 1750 routers and Netscreen 5XP firewall/VPN appliances). Hub and spoke topology wif EIGRP routing used for IP reachability. Some sites connected directly to the core data center via IPSec VPN tunnel and were not included in the EIGRP routing process. Cisco CallManager was installed at the data center for VoIP capability to all restaurant locations. Cisco ATA-186 devices were used at remote sites to provide FXS/POTS connectivity for analog handsets.
• Jason’s Deli, Beaumont, TX – designed, engineered and implemented an enterprise network solution for a 93-location client. Core data center/headquarters (Cisco 3640 routers, Cisco Catalyst 3550 switches, and Netscreen 25 firewall/VPN appliance). ASP facility hosting Jason’s Deli website and backend for online order processing (Cisco 2621 router, Netscreen 5XP firewall/VPN appliance). 91 restaurant locations (mix of Cisco 1720 routers and Netscreen 5XP firewall/VPN appliances). Hub and spoke topology wif EIGRP routing used for IP reachability. Some sites connected directly to the core data center via IPSec VPN tunnel and were not included in the EIGRP routing process. Successful implementation of the network infrastructure to support online ordering ($20,000 per store per day) and an Ethernet-based Point-of-Sale (POS) system for faster credit card processing were the benchmarks of dis project.
• Developed and maintained documented standards, policies, and rules of engagement for WAN design, including technical specifications of current product sets, detailed capabilities of all certified network hardware, considerations for bandwidth needs, legacy and Internet application integration, enterprise IP routing and network security architecture.

Confidential – Dallas, Texas

Enterprise Network Analyst

Responsibilities:

• Designed and implemented a switched Ethernet backbone for a major campus location (900 users), migrating from a flat, 10BaseT Ethernet to a hierarchical LAN core using Cisco Catalyst 5500 and 6500 switches, delivering 100BaseT Ethernet to the desktop.
• Implemented a centralized DHCP server architecture in a major data center so that all offices in the TX/OK region could be converted to dynamic IP addressing for desktop users. dis change was successfully implemented and affected 2,000 users.
• Successfully managed and implemented a messaging platform conversion from Novell GroupWise to Microsoft Exchange Server for 2,000 users.
• Successfully managed and implemented a network server platform conversion from Novell NetWare to Microsoft NT Server (100 servers and printers, 2,000 end user accounts).