SUMMARY:

A dynamic Security Consultant and Network Security Engineer providing effective leadership of financial, Health, IT Cyber Security programs. An experienced leader of cyber security operations, design and engineering, crisis management and policy development. Analytical, results - oriented professional with proven success in streamlining procedures, realizing corporate goals and increasing efficiency through effective business strategy. Substantial experience encompassing a variety of cyber security tools, procedures and policies. A respected driver of stakeholder engagement, process improvement, efficiency and automation. Exceptional track record for reducing system and network down time, increasing controls, security, efficiency, eliminating errors, and delivering superior results on time and under budget.

EXPERTISE AREA:

• Hands on experience with Windows Server, WorkStation, and Linux operating environment
• Hands on experience with Networking (TCP/IP)
• Hands on experience with Firewalls (Checkpoint, Cisco ASA, Palo Alto, etc...)
• Hands on experience with Network Access Control (Cisco etc...)
• Hands on experience with Vulnerability Scanning & management (Nessus,etc...)
• Hands on experience with Enterprise URL Filter and Anti-Virus solutions (McAfee, Websense,etc...)
• Hands on experience with Patch management software. (SCCM, SMS etc)
• Hands on experience with Security Information and Event Management tool (Splunk, Log Rhythm, QRadar)
• Hands on experience with intrusion detection/prevention systems IDS\IPS (Tipping Point, FireEye)
• Hands on experience with Penetration Testing
• Hands on experience with Traffic Visibility & management
• Hands on experience with Network Full Traffic Capture
• Possess strong troubleshooting skills specific to network security and ability to effectively work in cross functional teams as needed to resolve issues
• Exposure to Proxy configuration and management
• Experience configuring/administrating technologies including: Palo Alto and Checkpoint
• Advance knowledge of routing and switching protocols to include security policy setup, threat protection (IDS/IPS)
• Experience with IPSEC, VPN, and SSL
• Strong attention to detail in work plan and policy preparation
• Strong networking ability and knowledge of firewall platforms to assist in rapid identification and isolation of issues during incidents and outages
• Familiarity with IT governance standards and compliance including ITIL, PCI, and SOC
• Knowledge of Software Defined Networking (SDN)
• Knowledge of virtualization technologies (HP Blade running VMware)

TECHNICAL SKILLS:

OS & Enterprise Apps: Windows NT/ 2000/2003/2008 Server, Exchange Server, ISA firewall, Proxy Servers, Load balancers, Linux (Centos, Ubuntu and Red hat), VMware ESX, Terminal Server, Citrix Netscalers, Cisco IOS, NX-OS, MS Outlook/Exchange 5.5/2003/2010, Juniper NOS, Palo Alto PA-OS, Checkpoint OS SPLAT/Gaia OS, F5 LTM/GTM., A10 networks, McAfee, TOS,

Technologies: AD, DNS, WINS, DHCP, VPN, RIS, Remote Desktop, IIS, Checkpoint

Connectivity & Hardware: Cisco Access/Distribution/Core Routers and Switches, Nexus 1k/2k/5k/7k Switches, ASA, Palo Alto PA-4000/5000 Firewalls, Wireless Controllers, Ethernet, Cable/DSL Modem, Dell Servers, ProLiant, HP Servers, Citrix Netscalers NSSDX11515, F5 BIG-IP, Riverbed Steelhead, Cisco WaaS, FireEye NX/EX and CM7400, HP Tipping Point N/NX series, Web Sense Triton, RSA SecurID 250,

Programming & Database: MS-SQL Server, MySQL, Oracle 10G, Python, Perl

Software & Tools: Solar Winds, Kiwi CAT tools, Cisco Works NCM, Site scope, MRTG, SDM, Arc serve, Splunk, Cisco WLS, NetScout Sniffer, Snort, Tenable Nessus Security Center, Proventia, Websense, Bluecoat, HP Open view, Algosec Firewall Analyzer, Splunk, Panorama, CUCM, CUPM, Indeni, Wireshark, Net brain, SIEM Tools, Trust wave, Log Rhythm

PROFESSIONAL EXPERIENCE:

Confidential, Center Valley, PA

Consultant and IT Security Advisor

Responsibilities:

• Set overall Information Security strategy for Confidential , working in conjunction with Olympus Tokyo to define and implement global security initiatives.
• Promote, exhibit and develop a corporate culture that is committed to Governance, Risk & Compliance, and Information Security best practices throughout the organization.
• Maintain responsibility for all SAP security matters, ensuring compliance, remediation and security of application information.
• Conduct periodic security risk/vulnerability assessments, assessing overall exposures and identifying the actions required to address any gaps.
• Create a process to manage and approve exceptions to the security policy.
• Lead cross-functional teams to design and implement new security solutions, such as identity management, data leakage protection, Full Disk Encryption, Endpoint and Advanced threat protection.
• Collaborate with key stakeholders to validate, verify and address audit findings, control deficiencies and remediation plans.
• Oversee an ongoing security awareness program for employees across the business and ITS.
• Provide subject matter expertise and consultative support to application developers in the identification of information security issues and requirements.
• Manage System Policy Compliance and Configuration within the SAP GRC application.
• Manage SAP Security and Access Management and Privileged Access Management functionality.
• Lead the OCA Information Security Response Team to minimize effects of viral outbreaks and zero day vulnerabilities.
• Perform annual Information Security reviews, vulnerability assessments, penetration tests, and assessment of organization s security posture.
• Remediate identified security weaknesses, assess the risk, and recommend appropriate compensating controls.
• Work with other ITS, Corporate, and Business groups to participate in meetings and to provide security solutions related to, but not limited to SOX, HIPAA HITECH, PCI DSS, Massachusetts Data Law.
• Research and evaluate latest in Information Security technologies and liaison to IT colleagues.
• Participate in implementations and deployments of new technologies.
• Respond to escalated requests for technical assistance regarding viral outbreaks and assist in troubleshooting hardware failures.
• Work both independently and with a team to accomplish multiple tasks and projects.
• Develop and maintain technical documentation including design documents, test plans, project plans, procedures, incident reports and troubleshooting guidelines.

Confidential, Washington, DC

Network Security Engineer

• Manages Firewall team of 5 that maintains and support BLS Checkpoint Firewalls, IPS, IDS, and Endpoint servers, PKI and network security Infrastructure.
• Engineer and Support the agencies security infrastructure consisting of Firewalls, IDS, Proxies, Endpoint Security products and PKI.
• Engineered BLS Checkpoint infrastructure which consists of 100+ firewalls running different flavors of hardware and Checkpoint OS such as (R71, R75, R76 and R77).
• Configured, installed and maintained checkpoint endpoint security E80.40/E80.50 management and policy servers.
• Migrated four Checkpoint management servers to Multi-Domain Management server as part of the consolidation projects.
• Maintains Entrust servers and manages PKI environment.
• Maintains McAfee Web Gateway Appliance that protects the agency from cyber-attacks.
• Provide guidance and leadership to the Network Operations Team to enforce and maintain the Agency’s information security policy.
• Successfully rebuilt E80.40 mgmt. and policy servers to fix issues in production.
• Checkpoint log server upgrade from R71.40 to R75.40 to take advantage of Smart logs.
• Firewall management server redesign and consolidation to one management server environment.
• Manages all upgrades and engineering projects which include McAfee Web Gateway, PKI upgrade, Check Point Firewall upgrade and Endpoint server upgrade from E80.40 to E80.50 etc.

Confidential, Washington, DC

Network Security Architect

• Designed and implemented Checkpoint Endpoint solution for OIG/HHS.
• Designed and implemented Checkpoint mobility access and site-to-site solution for OIG/HHS. This helped to save money spent on T1 lines.
• Validated and updated configurations for all of the Checkpoint software blades.
• Recommended changes that improved performance of the CheckPoint gateways 13500 appliances.
• Ensure that the fully implemented solution meets industry standards and conforms to customer requirements

Confidential, Arlington, VA

Network Security Engineer

• Led team of 3 Security Engineers providing subject matter expertise in Palo Alto firewalls.
• Successfully configured and managed the deployment of 46 Palo Alto Firewalls in cluster to replace existing Firewall.
• Provide monitoring of all Palo Alto firewalls traffic and logs.
• Configured user-id, app-id, content-id, ssl-decryption and policies on Palo Alto Firewalls.
• Maintained and managed PAN-OS and 5050, 4050 and 3050 Firewall that protects FDIC’s data.
• Integrated Checkpoint firewall into client’s existing network to provide security for applications
• Directly lead and provided oversight for multiple complex infrastructure projects.
• Represent Information Security on infrastructure governing boards
• Develop roadmaps, provide recommendations on projects, process and policy changes
• Manage staffing levels to minimize budgetary impact while providing maximum service
• Support service and equipment procurement activities
• Secure customer support for building Endpoint Security team, improving tool management
• Supports new design initiatives to secure the perimeter of FDIC’s network.
• Creates SOPs and guidelines for FDIC.
• Provides support for PAN Firewalls and Cisco ASA Firewalls
• Managed McAfee Network Security Manager used to provide perimeter security.
• Managed Juniper Firewalls that support remote access for FDIC.
• Managed Sentrion Email Security Appliance to filter spam emails for FDIC.
• Managed ZixGateway appliance used for email encryption and filtering.
• Managed and Configured F5 BiG IP to provide Load Balancing for Email Server farm
• Configured SSL offloading, bridging and pass through for custom applications  per business needs
• Act as Tier 3 support for the Security operations center.
• Performed peer review of work plans for standard changes as requested
• Provide security consultation as needed for product development and industry marketing solutions
• Investigate security incidents and recommend actions needed to resolve situations
• Coordinated all tickets associated with the adding, moving or decommissioning of network elements
• Monitor systems for unauthorized internal and external access attempts and recommend remediation needed.

Confidential, Columbia, MD

Security Consultant / Network Engineer

• Provided timely troubleshooting measures for employees to ensure a satisfactory resolution is provided.
• Configure, Support, update and install Checkpoint R75/76/77 firewalls.
• Provide monitoring of all Checkpoint firewalls traffic and logs.
• Maintained and managed Checkpoint software blades, licenses and updates. (R75/76)
• Provided day-to-day support for users Checkpoint and clients. 
• Integrated Checkpoint firewall into client’s existing network to provide security for applications.
• Network Firewall Remediation project.
• Network Segmentation project.

Confidential, Silver Spring, MD

Security Consultant / Network Engineer

• Tested and configured Checkpoint R77 to work with VMware.
• Configure, Support, update and install Checkpoint (R75/76) firewalls.
• Provide monitoring of all Checkpoint firewalls (R75/76) traffic and logs.
• Maintained and managed Checkpoint software blades, licenses and updates.
• Provided day-to-day support for users Checkpoint and clients. 
• Integrated Checkpoint firewall into client’s existing network to provide security for applications.
• Installed configured and maintained security policies for ASA 5505 firewalls.
• Created custom firewall rules in VMware ESX platforms.
• Installed, configured and maintains security policies on Checkpoint Security Gateway firewalls.
• Installed, configured and maintains security policies on Palo Alto Firewalls for clients.
• Installed, configured and manages Centos Linux to support in-house requirements.
• Installed and configured VMware ESX to support in-house requirements.
• Tested, configured and Converted configurations from two Checkpoint appliances currently deployed in high availability mode to two CISCO ASA 5525 for Lottery Company.
• Migrated legacy F5 LTM appliance to newer version appliances
• Created complex rules utilizing TCL scripting to perform load balancing decisions
• Upgraded GTM modules from version 9, and 10 to version 11+
• Design and deployed F5 LTM load balancer infrastructure per business needs from the ground up approach
• Configured and deploy LTM for application such as Exchange, 2010, 2013, SharePoint, VMview, using iApp and manually
• Advanced skills of designing, coding, and troubleshooting iRules
• Strong understanding of the different load balancing options & features to include OneConnect, Persistence, SSL offload functions, HTTP profiles
• Provided SME Level 3 support and direction for production related issues. 
• Deep knowledge of application requirements (such as persistence), understand SSL offload and implementation of SSL certificate and Key, and web acceleration and TCP optimization
• Advance experience with F5 configuration via CLI ( advance shell and traffic management Shell (TMSH) )
• Experienced with packet capture analysis (Wireshark, tcpdump) software for troubleshooting
• Configured F5 BiGip to provide Load Balancing for server farm
• Configured SSL offloading, bridging and pass through for custom applications  per business needs
• Responsible for High and low Level design as it pertains to load balancing infrastructure and changes
• Deployed code upgrade from version 11.2.1 to version 11.4.1 on the LTMs
• Design and Deployed F5 LTM load balancer infrastructure per business needs
• Configured and deployed LTM with Inbound SNAT configurations and outbound NAT server to IP mapping.

Confidential, Washington, DC

Network Security Consultant

• Migrated both PIX 535 to ASA 5520 for NBC.
• Designed and implemented new Sec network that includes 200+ cameras, 120 users and 40 servers.
• Implemented VRF LITE on core 7206 VXR router and 3750 switch for Sec network.
• Installed, configured and managed ASA 5500 firewalls.
• Installed and configured Juniper Net Screen ISG 1000.
• Configured and maintained security policies for Juniper and ASA firewalls.
• Installed and configured Riverbed Steelhead for WAN optimization
• Installed and configured Orion Solarwinds NPM version 10.2.2
• Migrated Orion Solarwinds NPM version 9.0 to 10.2.2 for NBC DOI.
• Tracked network bandwidth and cut downtime by 25% while supporting DOI OS VIPs.
• Installed, configured and managed 2 Cisco Wireless LAN Controllers 4402 to manage 100 Cisco Access Points.
• Installed, configured and managed Cisco Secure ACS appliance version 5
• Installed, configured and managed Cisco 7200 router to connect to VZB.
• Installed Solar Winds SNMP server, configured traps and MIBs to manage new SIB network.
• Eliminated single point of failover for MIB NBC by setting up 2 6509 switches.
• Installed and configured 6509 switches and configured HSRP for redundancy going to ASA 5520 firewalls.
• Created network diagrams on MS Visio.
• Terminated T1 lines for NBC IOC.
• Replaced DS3 line cards on Cisco 2900 router at AFRH.

Confidential, Washington, DC

Senior Network Engineer

• Worked on different projects and created SOPs for daily maintenance and troubleshooting.
• Installed and configured Cisco Multi-Layer switch (4500/6500 series).
• Installed and configured Cisco Routers (2500/2600/3700/7200 series).
• Installed and configured and maintained security policies for Palo Alto Firewalls running PAN-OS.
• Installed and configured and maintained security policies for Checkpoint firewalls. (R65/70)
• Deployed Checkpoint VPN firewalls to Confidential regions and datacenters. (R65/70)
• Installed, configured, and tested Secure Checkpoint and VPN to implement in RAS network. (R65/70)
• Managed RAS Network Management infrastructure using Cisco works for windows server and site scope for monitoring.
• Tested, installed, configured and migrated Checkpoint Firewalls to Palo Alto Firewalls to support Confidential CFO's office to protect financial data.
• Migrated 3 clusters of Checkpoint Provider Firewalls to Palo Alto Firewalls using the Palo Alto migration tools.
• Migrated all access and distribution switches from Cat OS to Cisco IOS.
• Managed Cisco AS5350/AS5850 Universal Gateway and Cisco secure Access control servers.
• Configured SNMP traps and MIBS on 4510 switch.
• Configured MPLS and QOS before deploying VOIP.
• Manages Cisco secure Upgrades and implement new solutions to improve Confidential 's network.
• Supervises Regions LAN/WAN Administrators and provided 3rd Tier level engineering support for the Confidential .
• Built several Cisco Secure ACS servers on Dell Power Edge 2950 and ACS 4.0
• Upgraded, backed up, restored, and replicated Cisco Secure ACS crossing nation wide regions
• Performed various tests on ACS versions. Performed system implementation accordingly product phased out and SDLC.
• Setup and configured Cisco Router AS 5350,AS5850, 3600, 3700, 7200 and Catalyst Switch 2950, 3550,3750, 6506, 6509 and Cisco 804/806.
• Implemented Site Scope network server monitor application into existing network environment.

Confidential, Irvine, California.

LAN/WAN Engineer

• Performs initial troubleshooting, problem analysis and isolation of network events in accordance with Client escalation guidelines
• Performs tracking and management of network events to resolution in accordance with standard Client Event Management Procedures.
• Tracks and supports Network Change Control schedules and activities.
• Supports and executes Network Change Control functions for Client and Regional Operations Groups under the direction of a NOC Team Leader.
• Performs administrative tasks for NOC Network Management Tools, contact, escalation and mailing lists and other documentation or systems under the direction of NOC Leadership
• Installed and configured Cisco 2600 and 3600 series routers and Catalyst 1900, 3524 and 3550 switches from scratch in an enterprise network. Tasks included: console and remote configuration of Ethernet/serial interfaces, RIP, IGRP, EIGRP, OSPF, and BGP routing, access lists, PVCs, DLCIs, Frame Relay, PPP/CHAP authentication, Telnet sessions, and password security.
• Performed network configuration, tested UTP (unshielded twisted pair) cable connectivity between PCs and NICs, allocated IP address schemes and subnets, monitored patch panels and hubs, and connected cables and hardware devices.