PROFESSIONAL EXPERIENCE:

IT Security Manager

Confidential, Cincinnati, OH

Responsibilities:

• As the IT Security Manager I help direct the company towards a more secure posture. I advise and execute on changes that would help limit the companies exposure to threats. In some cases I am able to save money, improve stability and boost performance with those changes. During my time at O’Gara I have implemented a new LAN/WAN design, established centralized monitoring, centralized logging and moved all route, switch and server authentication to a centralized authentication model. I also moved voice services in house and helped stand up a new local datacenter for business continuity. Details are below.
• I worked to move from one WAN provider to another. This provides higher speeds and better resilience for the local locations. This project will also save the company monthly recurring costs while providing the benefits listed. Rolled out segmented networks to help define traffic and write security rules based on those network segments. The network segmentation along with the new firewall (PaloAlto) that I put in place will help secure data entering and leaving the networks.
• I installed centralized monitoring and logging using open source tools. I started to provide metrics and historic data to the business about reliability. This helped provide data to justify the WAN design capital. This also allowed me to easily find trends and search for issues that were logged in the network.
• I worked to move away from local accounts and to a centralized Active Directory authentication scheme. This allows better control of who can access the needed resources and easily remove access if needed. I also control the commands that users can run on the router/switch devices and log all commands run for auditing purposes.
• I’ve stood up a Shoretel voice system to replace the existing cloud hosted voice service. This helps keep all voice services in house and gives us greater control over the voice traffic. This allows us to also use the network segmentation to keep people from eavesdropping on the voice traffic. Increased user experience while cutting monthly costs.
• With a recent acquisition we were able to have the needed space to bring online a local datacenter. With this location we were able to have hands on access to the equipment and have higher bandwidth to access those resources with. We are also able to provide disaster recovery for the business. Defined the Tier A applications and worked with the Operations Manager to make those services available.

Technical Architect - Network Security

Confidential, Cincinnati, OH

Responsibilities:

• My duties included designing, installing and supporting Confidential Co. network. Technologies that I dealt with include Routing (Cisco, Juniper), Switching (Cisco, HP), Firewalls (Juniper, Checkpoint), Wireless (Meru), IPS/IDS (IBM/ISS), Load Balancing (F5 LTM and GTM), Web Proxies (Bluecoat, Netapp), VPN (Nortel, Juniper), DNS/DHCP/IPAM (Bluecat), Video conferencing/VoIP (Cisco/Tandberg), deep packet inspection, secure network design.
• Cisco is the primary routing and switching vendor that I deal with on a regular basis. I am fluent in BGP, OSPF and RIP routing protocols. I also have HP routing and switching experience as well. My main focus was the Active/Active internet setup. I dealt with the BGP announcement to the internet as well as the BGP/OSPF announcement to the internal Kroger network. My team also assisted with the internal LAN/WAN networking team when needed.
• Kroger utilized clusters of Checkpoints and Junipers throughout the network. Site-to-site VPN tunnels were configured on the Checkpoints to external vendors in addition to any approved firewall rules. The Juniper firewall clusters were used for approved firewall rules between the internal network and the DMZ environments and any internal segmentation we needed to implement. The Junipers also provided NAT and IDP services.
• IBM/ISS G2000 and GX5200 devices were used in conjunction with the SiteProtector management console to monitor packet flows within the network. These devices were inline and I was responsible for monitoring alerts that occurred and adjusting rules accordingly. We blocked many attacks with these devices and I was responsible for doing reports on what was blocked.
• Preferred load-balancing product was F5 BigIP. Duties on the load-balancers included setting up new pools and virtual IPs to create highly available environments. We also utilized SSL offload on the F5’s. The creation of the secure s and creating advanced iRules were part of my duties. We were also involved with the architecting of the applications to utilize the F5’s full abilities. We also provided intelligent DNS load balancing with the GTM units.
• Bluecoat web proxies were used in a forward proxy design to cache and authenticate users who access the Internet. Filtering was used to keep unwanted sites from being accessed and abused. Troubleshooting web applications through the Bluecoat was one of my duties.
• Kroger utilized Juniper SA SSL remote access products as its main VPN option for vendors and employees. Maintaining profiles, troubleshooting and monitoring logs was also part of my job. I was appointed to the Mobile Architecture team to look at how to connect mobile devices securely to Confidential network utilizing the Juniper SSL VPN.
• Bluecat appliances were the corporate DNS and DHCP solution. I was the technical project lead in the roll out of the Bluecat IPAM/DNS/DHCP environment. This was a multi-year deployment with many different resources to coordinate. I helped plan new IP deployments and proposed an enterprise redesign of Kroger DNS/DHCP and IP assignments. I also assisted the Windows team with Microsoft DNS/DHCP/Active Directory troubleshooting.
• Video conferencing/VoIP (Cisco/Tandberg)
• I was responsible for testing and designing the Enterprise Video Conferencing solution at Kroger. I worked with the vendors to choose the appropriate design and figure out the needed firewall design to secure the solution. This has been rolled out throughout the Enterprise.

Network Engineer

Confidential, Erlanger, KY

Responsibilities:

• I was responsible for the daily monitoring and support of the Confidential network. The network consisted of different Cisco routers, switches, PIX firewalls and VPN Concentrators. Daily tasks include monitoring bandwidth, syslog messages and assisting desk side and server personnel with troubleshooting. I was responsible for advising, planning and implementing projects that related to the network.

Network Engineer

Confidential, Sharonville, OH

Responsibilities:

• My responsibilities included troubleshooting and fixing a wide variety of issues in different networks around the country. I dealt with office personnel, doctors and IT persons to resolve these issues. I also published documents and hosted classes for other employees. I supported Windows servers and workstations, Cisco routers and PIX firewalls along with SonicWall and Watch Guard firewalls.

Network Management Tech

Confidential, Cincinnati, OH

Responsibilities:

• I was responsible for over 675+ Windows NT/Win2K websites, 2000+ Linux websites, 30,000+ dialup/Adsl customers RADIUS authentication and 200+ T1, Frame Relay, dedicated ISDN customers in the Cincinnati area. I was also responsible for multiple Windows and Linux servers around the country