SUMMARY:

Confidential is an award - wining engineer with extensive experience in product roll-out, end-of-life cycle, design and implementation, functional requirements analysis management. Functions as an experienced technical team lead. Areas of expertise include security management and cyber security. Experience includes project management network security and contingency planning, risk assessment management, configuration management, training and instructional expertise, application and software testing, network design, installation and configuration, network troubleshooting and resolution, with customer support services. Confidential has over eighteen years of experiential management and technical organizational and administrative leadership. Confidential ’s experience include design and optimization of Active Directory architectural design, implementation, installation and configuration, product evaluation and review of emerging technologies such as 365 Office Cloud offering and VMware. Confidential also researched and produced DARs on Web Collaboration Tools, Enterprise e-Fax solutions and Web Application Firewall (WAF). He was recognized and commended for his excellent DAR on Web Collaboration Tools, which is now used as organization standard for projects.

TECHNICAL SKILLS:

SECURITY TOOLS & DEVICES: IDS and Cisco Sensors, Netscreen and Alcatel VPNs, Cisco and Raptor Firewalls Arcserve, Backup Exec, Veritas, Harris STAT, ISS Real Secure, clustering, F5, Checkpoint, Firewall and VPN with HA and clustering, IDS, IPS, LAN, WAN, Norton Enterprise, McAfee Enterprise, NMapTcpdump, Languard, Ethereal, Snort, Nessus, FW Monitor, Nokia Horizon Manager, Secure Platform, Nokia IPSO 3.5 to 3.8, MacAfee Foundstone, Trusted Agent, CSAM, RMS, Security Expressions, Dragon IDS IPSec, 3DES, AES, SecureID, NetMon, PerfMon and INFOSEC methodologies.

SECURITY STANDARDS: FISMA, HIPPA, SOX, PCI, GLBA, NIST Special Publications, C&A

OPERATING SYSTEMS: Windows 2012, 2008, 2003, 2000,Terminal Server, NT, Exchange Server, Vista, XP, Windows 98/95, LINUX, UNIX

PROTOCOLS: TCP/IP, ARP, RARP, DHCP, RIP 2.0, OSPF, FTP, SFTP, TFTP, SSH v2, SNMP, POP3, SMTP, NTP, NNTP; NAT, NETBIOS, NWLink, IPX/SPX, SAP, VPN, SSL, Telnet

APPLICATIONS: SMS, SCCM, IIS, Weblogic, Appachie, SQL, Remedy, Tivoli, Cisco Works, HP OpenView, Citrix, SAP, Oracle, Microsoft Word, Excel, PowerPoint, MS Project, MS. Outlook 2007, Publishers, Netscape and Web authoring and management tool like FrontPage., Internet Explorer 9.0, MS Word, Excel, MS Publisher, Visio

HARDWARE/APPLIANCES: Dell Power Edge, Compaq, Sun Enterprise series servers, Nokia IP Series. 3Com, HP, Nortel and Cisco switches. Cisco 2600,3600, and 4000 series routers, ADIC Tape Store, DLT, Autoloaders, 3Com and Cisco AS 5300 RAS appliances, Remote Access, SCSI, CSU\DSU, Lucent Definity switch, NAS, RSA ACE Server, Nokia

SERVICES: AD, DHCP, DNS, WINS, IIS, RIS, WSUS, SMTP, SNMP, TS, WMS, VPN, RAS, PKI, RADIUS, CA IPrinting, SMS, MOM

DATABASE: SQL Server

VIRTUALIZATION TECH: VMware Server ESX/ESXi 4.1, VMware Workstation 7.5, Microsoft Virtual PC 2007, Microsoft Virtual Server, HP Virtual Connect Flexfabric Module, Hp Insight Control

PROFESSIONAL EXPERIENCE:

Confidential

Identity Engineer/Domain Architect

Responsibilities:

• As an Identity Engineer, and AD expert work employing the Agile Methodology which focuses on iterative and incremental development where requirements and solutions evolve through collaboration between self-organizing and cross functional teams.
• Confidential is the chosen tool for Service Design to coordinate workflow and tracking throughout all teams. Team Foundation Server is the collaboration platform at the core of Microsoft's application lifecycle management (ALM) solution.Foundation Version Control or Git), reporting, requirements management, project management (for both agile software development and waterfall teams), automated builds, lab management, testing and release management capabilities. Function as validation and verification Identity Engineer across projects.
• As a DA initiate and develop design documents and also conduct design verification, designated to eliminate obvious flaws, consider bottle necks and possible ways a product might fail. Also, conduct test verification which includes electronics, equipment and bench environment verification. Perform failed product verification to determine why a product failed in testing which might contribute to a redesign improvement and also conduct product validation.
• Work on the DoD Visitor project. Created for the project draft documents TMP-115A and TMP-209. The DoD visitor is a Government Off-the-Shelf (GOTS) software that is installed on existing Windows Active Directory Domain Controllers which support end user device login. The DOD Visitor installation package includes three signed software elements: the GOTS software itself, a Group Policy Object (GPO) template, and the WinPcap software library. The GPO follows the least privilege access model and may be tailored by the installing Component. The software elements which are installed and maintained on the Active Directory Domain Controller are not installed on the end-user workstation.
• Commenced work on both the Crypto Logon and cDNS projects developing all pertinent documentation.
• As SME worked on the AD Red Forest Black Forest concept and DFS.
• Worked on the migration of Microsoft Identity Integration Server (MIIS) to the ForeFront Identity Manager (FIM)
• As one of the key Identity Engineer, was responsible for identifying Validation Authority in W2K3 PKI CA servers and replacing them with W2K12 virtual and physical servers.
• Identified all W2K8 PKI servers and replace them with W2K12 PKI virtual or physical when virtual resources not available.
• Validated the Online Certificate Status Protocol (OCSP).
• Designed the removal and replacement of Axway Validation Authority from the environment ensuring that all revocation clients ceased using the Axway Desktop Validator.
• Created the TMP-115A, TPM-017, TMP-209 and a draft copy of the TMP-400 document for the project Also, created and updated many of the CSP documents in support of the project.
• Worked across functional teams on the Navy Enterprise Microsoft O365 ITAR. The Navy Enterprise Microsoft O365 pilot, leveraged the existing Navy Reserve Force (RESFOR) Microsoft O365 ITAR solution including a separate instance of Active Directory that is hosted within Amazon Web Services.
• Users are able to authenticate to the Microsoft O365 ITAR cloud using DADF. Active Directory Federation Services (ADFS) is used to federate DADF with the Microsoft O365 ITAR forest. A hybrid Exchange environment is implemented between NGEN and Microsoft O365 ITAR in order for pilot users to migrate their mailboxes and share free/busy information between users within both Exchange environments.
• Federation Services is established between NGEN and Microsoft O365 ITAR which includes an instance of Azure Active Directory Connect within the NGEN forest to synchronize the objects within Active Directory (AD).
• The hybrid Exchange environment between the on-prem Exchange and the Microsoft O365 ITAR solution is designed to maintain, to migrate mailboxes, share free/busy information and streamline administrative functions between the environments. The project also include exchange mobility and various mobile devices.
• Worked on the following aspects on the PAM project, assistance in automating the process of creating new role based for users; creating new connectors, load balancing ability of application publishing and how to set RDP applications up. Also, functioned as validation and verification Identity Engineer
• Worked on VAP working on POAMs.
• Updating patches, hotfixes and updates to NMCI enterprise wide systems.
• Created the TMP-115A and the TMP-209 for the project as well as the TMP-400.

Confidential

Systems Engineer/PM

Responsibilities:

• Actively engaged as technical lead for Engineering and as a Project Manager within OPM’s PMO.
• Provided guidance on IT projects involving complex technical issues or solutions.
• Engaged as the technical lead on high profile high visibility projects such as Active Directory upgrade to 2008 R2, Lync deployment, Office 356 Cloud offering, Health Claims Data Warehouse (HCDW).
• As the Project Manager, managed the HSPD-12, Personally Identifiable Identification, the Local Admin Password Reset projects, and the AD, Domain Administrator and GPO security lockdown.
• Windows 2012 r2 Active Directory
• Worked within and across practices and organizations as the Active Directory Subject Matter Expert (SME) and System Engineering Technical Lead.
• Assisted with the conceptualization and architectural design, test and support integration of windows solutions based on sound foundation.
• Led a team of engineers to a successful migration of Active Directory Windows 2012 within the Dev and Test environments.
• Developed migration checklist, implementation plan and performed system upgrades.
• As the Technical Lead, worked within and across practices and organizations. Led efforts on the modernization and hardware refresh in the entire organization. Worked on migrating from the legacy systems. Worked on 3 year and 5 year hardware refresh projections and implementation plans. Developed a migration or refresh path and checklist for various hardware and software solutions.
• Cloud Projects - As the Project Manager, commenced as the technical research engineer on a DAR on private and public cloud. Project evaluation expanded into various aspects of the cloud technologies. As the Project Manager, currently managing the various cloud projects:
• Dynamic Load-Balanced Multicast for Data-Intensive Applications on Clouds
• Open Source Cloud Apps Solution with Saas
• Full Cloud Computing, which includes - Cloud Computing for Satellite Data Processing on High End Compute Clusters: the Method and Tool of Cost Analysis for Cloud Computing etc.
• Technical Security Issues in Cloud Computing
• Exploring parallel processing paradigms for COTS/GOTS-based, public Clouds.
• Application Performance Isolation in Virtualization
• Worked intensely with the security team and designated the DSO for the engineering team. Focused on various Security Compliance updates, such as the Privacy Threshold Analysis (PTA), Continuous Monitoring Report (CMR), Corrective Action Plan (CAP) and ARRTS on all systems in the Dev/Test and Production environments.
• Health Claims Data Warehouse (HCDW) As the Technical Lead, led a team of about 15 technical and non-technical team members. As the technical lead, conducted and wrote research documents detailing solutions addressing client’s business and technical requirements, wrote the System Design Document (SDD), Project Implementation Plan, estimated materials and costs in the BOM, and creates high level work breakdown structure associated with the solution
• As lead, served as Subject Matter Expert (SME), analyzed and designed solutions to meet customer requirements. Designed the HCDW system solutions and architecture designated for OPM’s production environment.
• Designed the HCDW ETL server, SFTP server and the installation and deployment of the SAS application, DataFlux, DataStage applications on the ETL server for analytical processing. Provided administration and production support for multiple applications in a Statistical Analysis System (SAS) architecture environment.
• Coordinated with security and the Network Operation teams to stay abreast of security vulnerability risks, technical and business requirements to ensure that the data warehouse system meets those requirements. Ensured system security, including managing users, passwords, and system security settings within the Proof of Concept (POC). Worked with the sample user community to troubleshoot and resolve technical problems
• Served as lead technical person for the group’s FEHBP Claims Data Warehouse, overseeing and managing multiple virtual data warehouse environments (DTP) for OPM and PPA. Oversaw system maintenance to ensure compliance with OPM security and PPA uptime requirements relative to the service level agreements (SLAs)
• Managed primary system administration functions, hardware inventory to ensure proper warranty coverage; maintains hardware in peak operating condition and ensures and maintains software license compliance, including VMware, Linux, UNIX, Windows 2008 r2 and ORACLE database licenses for the Health Claims Data Warehouse.
• Deployed VMware virtual networks in the Development, Test and Production environments with the HP BL460C GEN8 Blades for the Oracle and SQL server databases connected to the HITACHI VSP Tiered Storage system Raid 5 external data storage arrays via device interface UF cable and flash module drive.
• Manages systems backup process using Symantec NetBackup and offsite storage.
• Established with security a secure SFTP server pulling data from external carriers decrypted by Netronome and routed through TippingPoint/FireEye/Netwitness for inspection.
• Windows 2008 r2 Active Directory As the Active Directory Subject Matter Expert (SME) and Technical Lead, led a team of engineers to a successful migration of Active Directory Windows 2008 r2. Developed migration checklist, implementation plan and performed system upgrades. Primarily responsible for the security and health of the domain controllers in the Office of Personnel Management (OPM) network. Worked within and across practices and organizations to design leading-edge technology, help with conceptualization and architectural design implementation and support integration of solutions based on sound security foundation. Monitors and maintains multiple domain controllers and certificate servers for Personal Identity Verification (PIV) authentication.
• Microsoft Lync Actively engaged as the Technical Lead, gathered OPM’s business and technical requirements, led the design and deployment of Lync to a successful completion. eFax Functional Technical Lead conducted analysis of Alternatives, Business Case Analysis, Material Solution Implementation Plans,
• SecureSphere Engaged as Technical Lead analyzed technical changes for alignment to mandates, strategies and functional priorities; led the research for iPV6 compatible proxy server or Web Application Firewall replacement of the ISA server.
• Domain Administrator and GPO security lockdown As project Technical Lead led and conducted the research, installation configuration and implementation of AGPM as part of Microsoft Desktop Optimization designed to increase control of Group Policy and reduced downtime.
• HSPD-12 As Project Manager performed on 2 aspects of HSPD-12 demonstrating expertise of security management. Section of the project later put on hold.
• Personally Identifiable Identification (PII) As the Project Manager demonstrated exceptional management of all work packages needed to complete the project, from defining customer needs to deployment of Guardium, Websense and Symantec DLP in the development environment. Enrolled Guardium credentials on 120 databases in SQL and Oracle environments. Worked with team to configure data classification scans for PII data discovery, monitoring and reporting. Project design to capture PII data in transit and data at rest.
• Local Admin Password Reset - As Project Manager demonstrated strong facilitation skills, knowledge of requirements gathering, functional business process mapping skills; enforces compliance with OMB password requirements where local administrator accounts are required to be changed routinely on all Windows workstations and servers. Deployed LAP through the application of the GPO in GPP, in all three environments (DTP). Applied the registry time stamp to demonstrate the date/time the Local Admin Password changed.
• ENSOC project, led the efforts in the installation, configuration and deployment of the Tripwire Enterprise (TE) server at OPM. Also developed the design document installed and deployed the agents.
• Worked with other engineers on Netwitness, and Netronome.

Confidential

Infrastructure Architect

Responsibilities:

• Responsible for monitoring server’s security vulnerability, risk assessment, risk mitigation and investigation of possible intrusions and recommendation.
• Responsible for protecting TSA information systems nationwide and shared data shared by various entities throughout the agency.
• Microsoft Forefront Identity Management (FIM) was provided to the security team for evaluation and deployment.
• Develop security policies, procedures, and standards based on NIST special publications and in response to audit recommendations. Information Security SME (Subject Matter Expert) for EAS. Assess all security scans from Foundstone, categorize, and prioritize all high and medium vulnerabilities, conducted risk analysis, recommended mitigation strategy to engineering group Managed Dragon enterprise software used for forensic analysis Maintained a process for planning, implementing, evaluating, and documenting deficiencies in security policies, procedures, and standards (POAM). Researched and recommended new security policies and tools to upper management Maintained compliance with Federal IT Standards and Guidelines NIST, FISCAP, FISMA Managed several IT projects from inception to delivery and support
• Worked as an outage incident resolution manager as a first line of defense in direct contact with clients. Has vast experience in generating and managing numerous reports such as Outage Incident report, Daily Status Report (DSR), Executive Summary Report, Interim Incident Report and Bandwidth Utilization report. Manage and coordinate all departmental RFCs, scheduled planned maintenance projects, the Domain Administration Audit Account, Top 10 CPU utilization report, Outage Summary Sites (OSS), BES exchange Weekly report and the monthly CIO reports.
• Coordinate and manage bridge calls on severe outage incidents on software, TOP applications, enterprise servers, Cisco routers, switches, VOIP, Exchange, Active Directory and BES exchange server.
• Worked on the Secure Boarder Initiative (SBInet) Project as a Senior Infrastructure Design Architect. Involved in engineering research, design analyses. Helped with conceptualization of architectural design for the lab and incident management and resolution procedure. Developed System design document, Implementation plan, RTM and numerous other documents. Worked on cross-platform research between Linux and Windows using LDAP with a third party utility (Ventila) from Quest. Develop documentation on PKI SDD and a new ePO anti-virus solutions system for the project.
• STIP Project As the Technical Lead on the Security Technology Integrated Program (STIP) I owned and drove the STIP project to production. Provided guidance to other architects and engineers as needed. Created, reviewed, and communicated specific technical solutions to engineers, PM and client and collaborated with multiple vendors on the project. Developed the Implementation Plan, RTM, RFC and also reviewed, revised and evaluated the project SDD.
• TSA Operations As part of the TSA Operation Center (TOC) and tech lead, was in charge of monitoring and maintaining over 240 Domain Controllers using NetIQ, Altiris, What’s Up Gold, HIDS and Hyena. As an integral part of my responsibilities, I was involved in troubleshooting and return to service of critical systems.
• Worked with privacy and security group to introduce Microsoft’s Identity Lifecycle Management (ILM) to the TOC and later utilized it as a member of the TOC and AD technical group. I also worked briefly on the Credant project in an effort to transition Credant from development to operations.
• Also on the security end, I planned and supported penetration testing and vulnerability scanning of production environment - performed analysis of results and provided security POAM inputs.I provided procedural and architectural recommendations to Government, management and engineering staff on security matters.
• Alsoresponsible for running network scans using Foundstone, Nessus, and other scanning tools to identify potential security vulnerabilities and security patches.
• Provided for business continuity and disaster recovery planning Windows 2003 Active Directory Design with capacity planning Windows 2003 Architecture Modeling