- Experience with Security, Remote Access and Cloud products based on Microsoft Azure, Win 2012/2016 R2 ADFS, Office365 SSO, AWS; launch instances, provision resources, move VHDs & setup on - premise/cloud2cloud replication
- SunGard validated - originally authored (LDRPS / Toolkits guided), successfully developed / coordinated, designed enterprise Business Continuity Disaster Recovery Plans (BCDRP) for Hospitals Data Centers & health care providers,
- Organize people and train Business Continuity recovery teams for failover exercises, coordinate & support CISO for complete end-to-end audit certifications on ISO 22301, 27001, collect, standardize document, update BCDR plans
- Hands-on experience with IT architectures, converting traditional IT infrastructure from legacy servers to virtual cloud environments: IaaS, DRaaS, migrate to Azure, AWS, Hybrid/Private/Public cloud, Virtual Dedicated Servers
- Experienced in “virtualizing” servers (hot / cold cloning) P2V, Disk2VHD, VHDX migrating entire server farm to Hyper-V hosts, VMware ESXi. Built backup, Site Recovery of: Configuration, Process and Master target servers
- Hands-on (as lead engineer) “installed, administered and managed” Hospital life-support Disaster Recovery implementing integrated failover network infrastructure of hospital patients Nurse Call Systems (Hospitals: UCI, City of Hope, Methodist of Arcadia, UMC Las Vegas). Hospital environment combines wired and 802.11 media appliances
- Was trained - certified by Confidential (medical products OEM) on strict US government rules & certifications required to handle life-support medical devices associated with secured wired, wireless communication networks and appliances.
- Administered 20 PetaByte footprint FlexProtected clustered nodes: EMC Isilon OneFS Scaleout NAS, integrated with NetApps, Alta Vault clustered array solutions, maintaining daily snapshots backup / recovery operation,
- Implemented Clinical Applications, HIS, ADT, CPS, Epic EHR/EMR (for dialysis clinical web applications eg.: CMS Crown Web, Regie, Falcon, Snappy, etc.). Post deployment: in-service, training nurses, doctors & utility engineers
- Brainstormed with stakeholders’ matrix-managed organizations, SMEs’, client owners and department-managers in finalizing requirements prior to commissioning applications to virtual cloud infrastructure.
- Developedcriteriaand conducted vendor assessment by identifyingcare providers’ keyworkflow high-priority goals.
- Singlehandedly coordinated entire Business Continuity DR activities from end-to-end. Built DR web portal single point of reference to collect, collaborate project schedules; orchestrate action plans, gaps, scopes and developed recovery training procedures, templates and scripts. Prepared DR post-mortem reports, solidifying lessons learned in perfecting another DR exercise. Took charged as a single-point of ownership on “all BCDR” concerns.
- Responsible in originating meeting agendas, daily action list, action plans, next-steps, gaps & risk analyses, formulating Business Continuity Contingency planning emergency preparedness management meetings; clarifying and guiding each individual participant in the DR exercises.
- Provided technical leadership in brainstorming details with SMEs’ & external professional services in fulfilling US GRC control requirement such as SOX, PCI, HIPAA, ISO 27001, ISO 22301, EU GDPR governance & audit compliance.
- Streamlined Helpdesk Incident Management and Change Control System, establishing threshold performance, alarm trend, monitoring major real-time outages, tracking configuration changes, automating notification response resolution / escalation process. Implemented web-based customer resolution feedback satisfaction surveys.
- Implemented web-based customer resolution feedback satisfaction surveys.
- Built Redhat Linux Virtual Dedicated Servers and host webservers at Godaddy; register domain names, create index html and manage websites, design webpages & html links, create custom web-mailboxes, setting up FTP and DNS
- Old-schooled (solid 24+ years exposure in computing) - knowledge and experience in DOS commands, Azure CLI, VBScript, EB CLI for Linux/Windows, PowerShell CLI scripting: automating Win tasks on access, mounting points, cmd batch-files, querying objects, creating access login scripts, ACLs’, Importing / exporting CSVs’, etc.
- Knowledge of and experience with IIS for Windows and Apache for Linux. Good understanding of AWS-IAM, AWS-API, Amazon EC2, S3 bucket, CloudFront, Route 53 (DNS), AWS-CLI, CloudWatch monitor & CloudTrail audit
- Knowledge of and experience in managing servers using tools such as Windows Server Update Service (WSUS), MS System Center Configuration 2012/ 2016 (SCCM/SCOM), Puppet, Ansible and SaltStack, etc.
- Designed Change Control documentation, designing server-build templates following ISO 9001, latest ITIL / COBIT / Agile, methodologies, frameworks and concepts, refining RTO / RPO, ownership-of-appliances ROI justification, organizing software licensing, pro-actively forecasting technical end-of-life cycle (SDLC).
- Knowledge of and experience with FISMA-related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.
- Knowledge of and experience in applying NIST SP 800-37 Risk Management principles, interpreting requirements and developing implementation guidance.
- Knowledge of and experience with Federal Privacy requirements to include Privacy Impact Assessments PIA and Personally Identifiable Information (PII).
- Knowledge and experience of NIST SP 800-18, 800-30, 800-34,800-37,800-39, 800-53A, 800-53, 800-60, FIPS 199, FEDRAMP.
- Knowledge and experience in writing policies, scripted procedures, guidance, standards and instructional materials.
- Contributed in designing, developing and implementing FISMA compliant solutions that meet current and future business requirements, enhance and optimize the existing security architecture.
- Successfully migrated 3000 users, to Active Directory Microsoft Windows 2000, from Novell Netware NDS 4.11 with Lotus CC-Mail to Exchange 5.5
- Authored technical manuals for Muller Barbieri AG’s total turn-key Measurement and Process Control Systems, based in Zurich Switzerland; prints translated into 5 international languages. Trained international engineers on mainframe system operation and maintenance.
- College graduate scholar (pls. see transcripts) - school publications writer / artist, College Editors guilder (CEGP).
Hardware: Servers EMC Clustered nodes Isilon NAS New Generation F800 (1PB all Flash), Hybrid, Archive, IBM Blade Center HS23, HP-385G, Cisco UCS 5100 B250 M2 Blade Server, Dell Power Edge 2950, R200, M600, PowerEdge M710HD Blade Server, HP ProLiant BL460c G7, HP ProLiant BL685c G7 Server Blade, IBM P Series Power 520 for AIX. Compaq / HP Proliant 2500 / 6500 / 7000 , DL 580,380,360's or ML series rack servers. Apple Mac Pro 3.2Ghz Intel Xeon Quad Core, Mac Air 1.8Ghz i5 10.7.4, Aruba Wireless Controller, ARU- AP 225 802.11 Access Point
Software: EMC Isilon OneFS 8.0, Sungard LDRPS / Paragon DRBC Tool, Disk2VHD, Open SSH, Putty, Rufus, BartPE, VMWare P2V Win Converter 4.3, Azure CLI 2.0.23, EB CLI 2.6/3, MAC OS X CLI, GitHub, PowerCLI 6.5.1 for Windows Power Shell 5, Bash 3.37 / 4.1, Puppet 5,1 /5.3, ServiceNow(Fuji) Change Request / Incident / Configuration Management, NDS to AD migration, VMWARE Fusion 8.2 / vSphere 6.0/ 6.5, ESXi 6.5 vCenter Server / Platform Service Controller Appliance, Ubuntu Linux 12.04, Wireshark, Suse Linux SLES 11 SP3, Windows/Outlook 2016, Azure, Microsoft System Center 2012 /16 Suite Operations Manager Unix/Linux monitoring (SCOM), WSUS, Office 365 Business, Sharepoint, Windows 10, IIS 7.5/8.0, SQL2k8/2k12 (Core, Standard / Enterprise / Datacenter), AD-FS (2.0)Win2012 Quest AD Migration Utility V8.8, Novell 4.11/5.16,, HP OpenView, SmartStart, HP Insight Manager Cisco ASDM 6.3, ASA 8.3, IOS 12.4(2), Symantec NetBackup 7.6, 7.1, 6.5, 6.0, 5.1, Redhat 9, RHEL 7.4 Enterprise Linux, Centos Linux 6.2 Kernel 2.6,.32, GNU nano 2.0.9, (Python 2.7 / 3.4)Tomcat 7, Plesk Control Panel 7.5, Fedora Core, Apache 2.2/2.4, Aix5.3, Remedy, Heat Helpdesk, PC Anywhere, Macintosh10.x, MSOffice 2007, CaArcserve, CaEhealth, CaSpectrum OneClick 6.0. Pandora 2.0, Solarwinds Orion Net Performance Monitor, NetApps Data OnTap 8.X, Net2Vault DR, Open System SnapVault, SnapManager, SnapMirror. Nurse-Call Confidential Comlinx, Vocera
Data Storage / Interface: EMC Isilon (20PB Footprint), F800, H600 (SAS, SSD) /500/400 (SATA, SAS, SSD), A2000 (SATA), X/S 200-210, NL/HD 400-410, IBM Storewise V7/5000, NetApp Systems FAS2040, SAN EMC CLARiiON CX-300-500-700, Dell MD1000 - ML6000 PowerVault, Ultrium / HP LT01-LTO4, ADIC SCSI DLT's, Dell Perc, EMC PS4000E / PS6000XV, BusLogic-LSI Logic, Adaptec
Confidential, Glendale CA
Sr. Systems Engineer / DRBC Solutions Architect
- Managed Healthcare Providers and Hospital Data Center’s cloud IT Recovery Infrastructure, maintained & provided technical support in the deployment of effective backup & recovery solutions, implementation of resilient High-Availability replica of production’s critical applications, “and”, services - replicated to a redundant off-premise remote DR hot-site where to execute & simulate Disaster Recovery exercise, as a fail-over alternative, aside from the cloud.
- Migrate legacy on-prem applications / IT Infrastructure resources to AWS cloud. Provision AMI: purchase, lease, software / hardware and launch instances (T2, M5, M4, M3), deploy, manage and scale applications. Create users and groups and assign security credentials to control IAM access from EC2 to S3 container resources and services,
- Installed Docker on Ubuntu 14.04 AMI, (also on Windows 2012 R2), configured CloudFront edges, create Webserver image, launch containers.
- Create buckets, store Mura CMS assets and secure policy permissions of S3 interface default encryptions. Manage instances using Auto Scaling. Configure ELBs - create and balance endpoints to streamline traffic, ensuring fault tolerance across services in the clusters. Manage AWS Infrastructure code using Terraform, Puppet and other needed management configuration tool for E-Commerce large data warehouse.
- Migrate customers’ Windows applications and resources to the cloud. Managed customers’ Azure portal, launch instances and containers, clone application source codes, create container images, test the images in Docker environment, upload images to Azure’s container registry; deploy containers, applications & test customer access.
- Lead Engineer / Project Manager - Hands-on: built server-farms from scratch, rack & stack, terminate servers to Top of Rack (TOR) switches, redundant AC circuits, configure IP-based remote-controllable power strips. Design high availability, redundant storage provisions, creating pools, configuring array replication & spare drive assignments,
- Configured Smart Connect & monitored InsightIQ EMC Isilon NAS, create/mount shared volume repositories, assign pool of “service IP’s” subnet0 to DNS-resolved & load balanced zones. Daily routine: SnapshotIQ, Flexprotect
- Hands-on: created customized “confidential DRBC portal” using Microsoft Publisher. Created web pages, internally published, (my originally- authored web contents), hosting “my strategies & instructions”, collaborated DR procedures (co-developed with my DRBC team & alternates), detailing systematic reporting schemes & organizational chart
- Manage FTP access of DRBC teams, uploading: system builds, appliance configurations, scripts (step-by-step instructions) defining each & every role of individuals involved in the DR, defining statement of work, limits & scopes
- Developed action plans, helping every business department manager, every DR participant, in identifying gaps, “interdependencies” and establishing Business Continuity workflow impact analyses translated into IT concepts.
- Assembled, coordinated and guided corporate DR / BCP teams identifying critical needed exhibits to suffice audit compliance following required IT governance frameworks in implementing controls for SOX, PCI, HIPAA, GDPR, etc.
- Participated with Stakeholders, IT and Department Management, Business Continuity group on disaster recovery initiatives, identifying next steps, studying and refining existing backup and restore solutions
- Surveyed customer’s existing Tier1 enterprise resources, documenting server, network connectivity and system builds. Developed proactive 1st emergency response mitigating single point of failure and un-wanted outage.
- Prepared risk assessment vulnerability report, detailing security data encryption, intrusion detection and prevention of single sign-on global authentication and authorization across both networks and hosts, VPN, Directory Services: audit and Proxy servers centralized logging, synthetic time original configuration change control and recovery, studying 3rd party security agents and admin objects security profile over SNMP device and file servers.
- Worked with system engineers to accelerate backup throughput and shorten backup time, setup-up hot-site.
- Upgraded Symantec Netbackup 5.1, 6.0, 7.6 master-server version to full scale Symantec Veritas NetBackup Appliance family 5230-5240, updated all service packs, installed bkup agents and reconfigured backup policies.
- Deployment projects entail building server farms and colo, installing blade servers, storage pools using Windows2012R2, Active Directory Federation Services (ADFS) for Office365 Integration, Win201 6 / 2008 R2, 2012 Datacenter, MS Server OS installation, configuration and troubleshooting
- Installed, configure, troubleshoot Active Directory(2008 -2012R2), MS Exchange(2010) - admin / configuration and troubleshooting, Linux, with Win 7 desktop, VPN upgrades and roll-outs
- Configured and automate system Win processes using back-end basic scripting tools: Windows PowerShell, SSH Putty accessed CLI, and Web GUIs’ admin interface to manage, secure and configure appliances’ interconnectivity
- Setup remote office work workstations, install and configure Wireless Router, and access point wireless devices
- Researched technical system performance, source-out availability, lease agreements, negotiate material and service procurement quotations from vendors, establish credit relations and supervise RMA transactions with both clients and vendors
- Participated in hiring, terminating, training and mentoring tech resource assets, talents; evaluating technical skills and performance
- Build HTTP/S Apache servers on Redhat Linux at Godaddy, host webservers, register customer domain name, create index html page, design and manage webpages, create webmailboxes, setup DNS, provide FTP access to customers
Confidential, Los Angeles CA
DR Architect / SE II / Project Manager
- Developed Designed Disaster Recovery (DR) Plan Network Initialization, Test Execution. Validation scripts and coordinated overall DR exercise program
- Assembled and lead a group consisting of network engineers, system administrators and desktop technicians assigning the tasks concentrating on DR project
- Reverse engineer, rebuild, document server builds of identified Tier1 systems, daily backup and restoration
- Create and design an intranet web-based DR portal to coordinate management and engineers on entire DR activities, "giving next steps" directives, rallying and publishing identified gaps to solicit DR teamwork solutions
- Developed DR vendor's web portal (SUNGARD Paragon) engaging project managers involved in incorporating plans of Business Continuity, Risk Management departments representing IT group, reviewing DR test results, post mortem to corporate stakeholders / owners, briefing them the 3 critical steps and authentication to follow in declaring an official DR to recover critical IT large scale infrastructure ensuring continued business contingency of 168 hospitals nationwide following ITSM and ITIL directives
- Achieved 92% all data center servers included in the backup schedule (from discovered ailing 42%), optimize differential back-up policies, reduce full backup time from 6 days to 18 hours
- Implemented tape-to-tape migrated to disk-to-disk backup solution
- Upgraded and built 3 backup master servers using robotic tape drives, from Tape to Disk using Symantec Netbackup 5.1 / 6.0 to 6.5
- Decommissioned all stand-alone LTO1 drives upgraded to Robot tape library LT04, implementing Dell MD1000 disc-to-disc using ML6000PowerVault storage
- Virtualized and decommission acquired company servers: either warm or cold cloned and migrated to corporate ESX Environment. Refined backup policies to shorten RTO and nullify undecided RPO requirement/s.
- Built, configured and staged servers: Windows / Linux-Unix on and moved to production with appropriate change control documentation after a successful pilot staging process from the testbed environment then added to backup schedule (either incremental, differential or full)
- Built and developed warm site backup solution for legacy needed restores migrating catalogs from legacy backup master-servers
Confidential, Batesville, IN
- Provided hospital Life-Support disaster recovery solution of both network, data and telephony servers integrated with communication appliances executing pre-designed rapid response support infrastructure, recovery of medical information repository and patient database.
- Installed hospital's "nurse-call" network infrastructure. Integrate healthcare devices (serial-to-Ethernet) LIFE SUPPORT COMMUNICATION SYSTEMS combining PBX (Comdial VoIP Telephony)
- Troubleshoot field system issues
- Built SQL database Win2000 on IBM Wintel based servers and Dell clients nurse-manager desktops
- Integrate hospital patient Admit / Discharge / Transfer (ADT) database to Comlinx Nurse Call Solution SQL server
- Collaborated with Hospital IT in configuring Confidential nurse call network for remote access and administration
- Responded to 24 hr. field problems and outages
- Installed Symantec anti-virus, PC Anywhere and security 3rd party application managers in compliant with careful knowledge and consideration of HIPAA, HL7
- In-service nurses and train hospital engineers to resolve nurse call related communications and application problems
Confidential, Cerritos, CA
Network Systems Administrator
- Administered a production enterprise network with more than 3000 users, integrating 5 satellite offices spread nationwide (with multi-site Exchange connectors & File / Printing servers)
- Built Y2K Fault-Tolerance servers - Novell SFT III. Installed NW 4.11 SFT from NW 3.11 migrated to Win2000, installed clustered SQL 2005 on Win 2003R2
- Managed IT team covering 24X7, using Solarwinds Orion Net Performance Monitor troubleshooting user access and closely monitor Helpdesk SLA.
- Backup servers and monitor Server-farm performance using Computer Associate’s product: CaArcserve, CaEhealth, CaSpectrumOneClick, HP OpenView Network Node Manager
- Successfully deployed consecutive generation of platform migration from Win95 to NT then to WinXP client, Server OS migration from NW 3.11 to NDS for NT / Netware 4.11SFT finally migrated to AD Win2000 server operating system. From CC-Mail to Outlook messaging client
- Lead Disaster Recovery Team - document Server-builds. Championed: Fault Tolerance, Redundancy and Spare.
- Implemented daily "Lions Checklist" monitoring Virus / Security outbreaks, engine and DAT definitions
- Employed web distributed-monitoring Customer Satisfaction Response Survey using HEAT application
- Championed delivery of "Customer Service Satisfaction" by systematically mobilizing multi-specialized well trained elite team providing highest level of desktop support tiers involving network admins and backend engineers
- Organized emergency support teams focused on "Network Down" systematic reporting & on-spot-solution procedures analyzing proactive measures to avoid un-scheduled outage or future similar downtime
- Review incident reports and escalate issues necessitating executive decision. Pioneer building TESTBED, duplicating production for simulating service packs, patches, application updates
- Interacted with department managers, executives and business analyst on establishing needs to achieve corporate goals integrated to IT discipline
- Listen and assimilate workflow needs by translating high level IT concepts into concise, clear, detailed policies, projects, procedures and standards
- Managed technical equipment research; negotiate with vendors on price quotations for new projects and or replacement of existing network equipment
- Created user, groups, share folders, user distribution mailboxes, FTP accounts, HP / Axis print servers
- Designed security access policies and access scripts and backup and restore brick, mailbox or user data
- Resolved 3rd tier level help tickets troubleshooting user / client access to network printers, e-mail, web or FTP certificate servers
- Shadow and support external IT consultants on server builds / configurations, developing and customizing Delta Dental's CPS homegrown application webserver issues with ODBC, CGI, IIS, DNS, HTML, HTTP, SQL hurdles
- Worked with Application Developers on Crystal Reports and OS/400 on resolving network issues.
- Monitor and troubleshoot connectivity, net traffic problems using SOFTPerfect tool, Fluke sniffers and protocol analyzers, DMZ, VPN, RAS servers
- Responsible for move, add and "change-control" review, to ensure impact-less scheduled patches, service-packs, anti-virus DAT, array storage upgrades, and volume space expansion or extension
- Ultimately responsible to guarantee restoration of failed server outage back to original configuration
- Organize backup tape rotation transported to and from off-site for safe keeping and prepare annual DR exercise
- Help clients secure, extract encrypted PGP files, troubleshoot similar Ws FTPpro compatibility issues
- Championed "server build" documentation and daily admin operation checklist and procedures
- Modified entire server-farm's backup Disaster & Recovery solution from 8mm to DLT / SUPER-DLT media using Arcserve 6x (Netware) and Backup Exec 8x specializing in brick level restore non-agent open database recovery
Senior Technical Analyst
- Managed IT operation of 65user "executive-partners / corporate owners" satellite office located in Avenue-of-the-Stars, Los Angeles. LAN is integrated to Confidential International, a global intranet-comprising the entire corporate Big-5 enterprise-WAN offices located at approximately 150 countries
- Lead laptop deployment, workstation swap and roll-out, migrating messaging client from CC-Mail to Outlook
- Recommend and implement network devices infrastructure modification and additional PVC ATM, CSU / DSU equipment that increased system performance and capacity