PROFESSIONAL EXPERIENCE:

Confidential

Enterprise Security Consultant

• Primary role worked as a Contractor Confidential Information Technology Security Engineer focusing primarily on developing and building the SOC SIEM ArcSight Security Management Suite Infrastructure solution and Data Lake environment solution development.
• Assisted with GRC compliance and audit functions to ensure monitoring requirements of specified CenturyLink assets are satisfied.
• Designed and supported web applications for Corporate Security within the GRC framework.
• Migrated unsupported ArcMC to current ArcMC / ADP 2 Gen9 servers
• Built 4 ArcSight Load - Balancer v1.2 Connectors running on RHEL7 on 3 NICs each
• Upgraded 83 SmartConnector software to 7.4.0.7983 and above
• Upgraded existing ArcSight ESM to 6.9.1c patch 1 at the time
• Built 2 new ArcSight ESM 6.9.1c servers running on RHEL 6.7
• Upgraded Loggers to current 6.2.0
• Managed Service SAID and software entitlements

Sr. ESP Security Consultant

Confidential, Palo Alto, CA

Responsibilities:

• Delivered security services around IT Security Event Log Management on HPE Enterprise Security Product Suite (ArcSight ESM, Logger, ArcMC, Connector Appliances, HP Smart Connectors, and ArcSight Express Appliances)
• Provided service delivery disciplines ranging from the Public Energy Sector, Retail, Financial GRC Auditing.
• Managed clients, and SOW delivery

Information Security Operations Lead

Confidential, Santa Ana, California

Responsibilities:

• Sr. Security Engineer and Operations Supervisor for 5 US engineers and 12 offshore analysts
• Developed and onboarded from the ground up the Security Operations Center
• Built all SOC operations processes and procedures
• Performed gap analysis on security operations capabilities
• Developed and built documentation to meet Corporate Security, and GRC under the CISO’s office into the SOC
• Built and collaborated on run books, developed all SOC templates
• Provided project planning in security service support, including functional specifications, testing and quality assurance, implementation and support
• Lead technical engineering services to support and update existing security systems and works to automate processes related to security implementations, monitoring, and security policy enforcement
• Investigated, recommended, evaluated, deployed, and integrated security tools and techniques to protect corporate assets and infrastructure.
• Assessed security exposure and analyses of the enterprise
• Built and implemented security tools such as;
• SourceFire IPS 4x 3D 8250/Defense Center1500 later becoming Cisco FirePOWER 8000 Series NGIPS
• FireMon Security Manager, Policy Planner, Risk Analyzer - integrated with QualysGuard scans
• QualysGuard w/Vulnerability Management process and procedures for the enterprise
• Quest Software Intrust PKI
• Imperva SecureSphere
• Kiwi Syslog Server
• Aruba Networks 6000 Mobility Controller and AP’s
• ArcSight ESM and Express, ArcMC, and Logger, SmartConnectors
• SecureFTP
• Cisco MARS management, retirement
• VMware server builds
• Managed/Administered WebSense Triton

Consultant

Confidential

Responsibilities:

• Consulting build out of Security Operations Documentation
• Performed SOC gap analysis for process and procedures
• Created maturity model assessments on security operations platforms
• Performed assessments on SOC capabilities and readiness

Project Lead

Confidential, LONG BEACH, CA

Responsibilities:

• Lead IT Infrastructure team of 8 contractors
• Managed and lead all IT Infrastructure projects
• Designed solutions to meet business requirements.
• Managed KPI statistical reporting and analysis
• Ensures 99.99% network availability on the LAN, WAN, VoIP, and Wireless network infrastructure.
• Managed and planned maintenance activities was also a member of the Change Control Board
• Lead internal audit controls and participate in JSOX and PCI-DSS audits
• Lead and participated in IT Infrastructure Disaster Recovery rehearsals at offsite CoLo cutover and tests
• Responsible for hiring, motivating, evaluating, developing group/department personnel
• Provides coaching and mentoring to team members
• Lead IT Infrastructure Vendor Management (Service Contracts, Licensing, Services, Contract Management)
• Managed budget and forecasting OPEX and CAPEX
• Project lead responsible 2 Building Remodels of all network cabling each building housed 4 floors each.
• Rebuilt IDF closet wiring with updated diagram and documentation
• Lead multiple IT infrastructure projects
• Maintained all JSOX, and PCI audit deliverables
• Planned and oversaw all the maintenance schedules
• Lead and oversaw IT Network Disaster Recover preparedness rehearsals
• Managed all IT Network and Security Vendors
• Oversaw project budgets
• Developed all IT Network project proposals and budgets
• Provided KPI and stats on Network Operations
• Implemented and updated construction of conference rooms media and telecom equipment build out

Manager IT Infrastructure

Confidential, Los Angeles, CA

Responsibilities:

• Reported to the Director of Enterprise Apps and IT Support
• Served as manager over two departments, Server Apps, and Network Operations. With 5 direct reports and as much as 8 while reorganizing the department.
• Improved customer approval ratings within 4 months (based on helpdesk ticket surveys)
• Created and implemented new SLA’s plan. This involved;
• Created On-call tech support 24x7 service support
• Created and implemented company escalation service and support process and procedures
• Created proactive customer support plan
• Developed KPI reporting for monitoring operational uptime
• Managed budget and forecasting OPEX and CAPEX
• Managed and implemented the disaster recovery plan
• Managed IT security controls and policies
• Regarding cost allocation and budgetary impact
• Tasked with restructuring the IT Infrastructure Department to increase customer approval ratings -
• Accomplished this in a 4-month time frame by creating and implementing SLA’s by successfully implementing new service levels goals, processes, and improved support procedures
• Created On-call tech support 24x7 service plan with helpdesk support placed a full-time network operations FTE into Helpdesk to accomplish this - this was direct result of the number of tickets that were being generated.
• Created a network operations escalation process for larger more impacting network operations issues.
• Was responsible to reduce work force by 2 FTE’s upon hiring which I did. Later was able to add one FTE position back as result of providing budgetary proposal in response to workload data I provided to company
• Installed and maintain Cisco Works LMS 2.6 and trained staff to support
• Designed and mentored Network Team to implement redundancy in the 6509 Core
• Stabilize Campus network by designing and mentor the Network Team to implement new network distribution in the company IDF’s
• Oversee PCI-DSS and SOX audit works for the entire IT Infrastructure.

Confidential, Los Angeles, CA

Network Manager

Responsibilities:

• Reported to Director of IT Infrastructure, manage a junior network engineer
• Worked independently maintaining daily IT operations at the Marina Del Ray facility.
• 24x7 service levels, monitor and report LAN/WAN for response times, congestion and outages
• Built fault tolerance Layer 3 switching and MPLS network
• Updated all Build books, Run books, Red Book (Restore Doc). Create topology and physical network drawings
• Kept inventories, create stock replacement program, maintained service contracts and licensing
• Reduced outages by 85% by developing core network infrastructure in WAN.
• Reduced local switch network outages by creating redundant link support with load-balanced capability
• Brought network security infrastructure into the facility for the first time
• Developed security controls to address audit work. At the time, there was no audits being performed but planning for future SOX and PCI as well as PII data controls that would be brought into place to prepare the environment to be ready for audits
• Install and monitor Network General InfiniStream i1602
• Document inventories, create stock replacement program, negotiate pricing and place all Cisco equipment on SmartNet with Cisco
• Install and maintain Cisco Works LMS 2.6
• SolarWinds Orion Network Management 7.8.5 build IDS monitor system using Snort 2.6.1.1 w/Base and Aanval
• Implement an automated alerting system using Kiwi and Orion, and Snort IDS using various messaging systems such as text messaging, e-mail systems, and backup modem text message.
• Upgrade PIX 525 from ver 6.3 to 7.0 and upgrade ASA 5520 to latest 7.2.1 IOS with ASDM
• Upgrade frame-relay T3 network to T3 MPLS (Global Crossings) using Cisco 2820 routers
• Maintain complete and up-to-date documentation of the network and backup configurations daily utilizing Kiwi backup config tool
• Create new topology and physical drawings of the entire infrastructure
• Create and maintain Disaster Recovery Documentation with the collaborative help of the Server manager
• Implement automated fail-over of WAN services to back T1’s

Sr. Network Analyst/Lead Analyst

Confidential, Inglewood, Ca

Responsibilities:

• Monitors the Wide Area Network (WAN Cisco MPLS Network on 7206, 3745, 2621XM) for response time, congestion and outages. Monitor the SBC SONET Ring (Kentrox MUX and DSU rack) for system alerts and/or failure to the data communication lines. Monitored the network infrastructure hardware to ensure the continual operation of the Herbalife network for Business-2-Business (B2B) operations and to ensure employees and contractors can access and utilize the network. Monitors system resource usages (Tools like CA/Concord eHEALTH 5.7, HP OpenView NNM 7.01) and preserves network access and capacity for mission critical applications. Manages the data network bandwidth to prevent any one application from monopolizing the network using NAI/Network General Sniffer Distributed/InfiniStream Protocol Analyzers.
• Oversaw all vendor activities and manages the hardware and software supporting mission critical applications. Ensures each vendor monitors performance, reviews security logs.
• Implement and manage change management activities. Tracks and reports on the historical usage of data networks and Internet usage. Manage Internet and/or network access using filtering, firewall or non-routed network addressing (Cisco PIX 525, ASA 5500 series, 515E, 506E, 501). Designed and architected the Local Area Network (Cisco Catalyst 6509/SUP720) and the Wide Area Network (WAN - Telco providers are Equant/MCI/Intermedia/Global Crossings/SBC) to support business requirements. Includes infrastructure changes, assessing new technology and employing new tools to support the organization.
• Provides server support and also manages vendor activities to ensure the network is secure from malicious intrusion (Cisco CSA Server 3.5), viruses and the like on a 24/7 basis.
• Grants access to the corporate network via VPN using Nortel Contivity 1700 switch and Cisco PIX 525 firewall. Established and enforced polices/rules regarding access to the corporate network and acceptable use of information technology resources. Referred to in Herbalife’s Information Security Policy Standards.
• Troubleshot telecommunication issues. Ensures all circuits, cabling (voice and data) is managed effectively utilizing wire management and wire management documentation.
• Ensures a formal Disaster Recovery / Business Continuity plan is in place for recovery of major business systems and services in a technical role. Maintains the Disaster Recovery documentation and ensures adherence to the defined policies referred to in the I.T. Disaster Recovery / Business Continuity policies.
• Provides all Sarbanes Oxley (SOX’s) compliances are met working with auditors to ensure all polices and practice procedures comply with standards.
• Built 2 ANNEX (temporary) computer rooms with then Directory Bryan Andrews - My primary role was the Switch and Routing network architecture design, then personally built and deployed the entire network infrastructure
• Built 2 CoLo computer rooms in CSC San Diego (housed traditional green screen HP UXIX platform) and HP ESS SCO Colorado Springs (housed new Oracle GRC Platform - modules were; Financials, Order Entry, ERP, Forecasting, and Logistics warehouse management)
• Designed and built entire network infrastructure of two warehouses in Carson Ca. Developed dual redundant network infrastructures for highly available network fault tolerant network using PPP muilti-links and automatic re-routing protocols using OSPF
• Designed and rebuilt and updated entire corporate network operations campus in Inglewood and Century City
• Designed and built the new corporate network operations campus building in Torrance Ca. (this included the new corporate computer room on the 4th floor) approx. 3,000 sq ft. computer room 80 racks approx. capacity of 1200 servers
• Designed and implemented a full fiber 10 Gig backbone layer 3 switched network on 14 6909-E Catalysts Switches
• Supervised a junior network engineer
• Hired and trained additional staff for security infrastructure support (firewalls and VPN)
• Built and installed MPLS WAN on Cisco 7206, 3745, 2621XM - Equant/Orange (by consolidating what was 6 other network vendors) for 65 countries in 190 offices worldwide
• Implement Cisco NAC/CAS on 4400 WLAN controllers with 1200 series AP’s for secure wireless access to the network.
• Created Enterprise security standards and polices for the corporate network. This included by not limited to security incident management/reporting and forensic analysis
• Lead all SOX and PCI audits for network infrastructure and security environment working directly with auditors
• Built CA/Concord eHEALTH 5.7 network monitoring platform running on HP UXIX system
• Built HP OpenView NNM 7.01 running at first on HP UNIX and then built on a Windows NT
• Built NAI/Network General Sniffer Distributed/InfiniStream 1608 platform

Consultant

Confidential, Long Beach, Ca

Responsibilities:

• Infrastructure consultant focused on services and support of Confidential customers
• Primarily role was to design and deploy network and server application services
• Built an IBM 750 Intel server on NT 4.0 OS and an IBM 350 server on NT 4.0 OS to replace 4 IBM OS/2 WARP servers
• Migrated 4 IBM OS/2 servers to 2 Microsoft NT 4.0 (one PDC and one BDC AD servers) completed in 2 weeks
• Assisted with roll out of new Foundation Systems Software to call centers
• Developed and documented software procedures and operations guides for software role out.
• Assist with rollout of new $200K HP UNIX server by designing and deploying the network campus backbone network infrastructure to support new platform
• Deployed new Token-ring MAU’s
• Developed and created network topology diagrams and drawings
• Assisted with design and roll out of the hard disk array for HP UX server
• Deploy Confidential & Touché offices Windows 95 laptop rollout. Approx. 250 IBM laptops.
• Deployed built new campus network. Below is a list of equipment that was installed.
• Built 2 Multi-processor Compaq Proliant 4500R’s with Windows NT 3.51 server running Lotus Notes, RAS, and ARCserve for NT.
• Built a Windows NT 4.0 server running Internet Information Server 2.0, WINS, and DHCP.
• Built 6 CD Boffin Towers (7 16x CD ROMs Per each unit).
• (3) DLT 2000 Tape backup drives running with Cheyenne ARCserve.
• Built 20 Windows NT 4.0 Workstations.
• Built 30 Windows 95 workstation.
• Setup local Microsoft NT network using 1 PDC and 2 BDC’s.
• Installed Lotus Notes workstation ver. 4.1 on 30 workstations.
• Installed Network Peripherals FDDI Switch,
• Installed Cisco Catalyst 5000 and 2900 series CatOS switches
• Norton Navigator for Windows 95 on 11 workstations. cc:Mobile on 4 workstations
• Digi board w/ 16 rack-mount modems for remote dial-in to Lotus Notes 4.0 and RAS support on NT 3.51 servers
• Multi-site 6 Channel ISDN Video conferencing system called V-Tel.
• Setup with Sprint a T1 connection to Corporate located in Hermitage, TN.
• Installed the Wellfleet Router and Kentronics CSU/DSU.
• Designed and installed Confidential ’s high speed infrastructure core on FIDDI.
• Duties were to perform programming of SQL scripts against the database, to strip out unwanted data from a Mainframe database migration to SQL server. The solution was a bridgeware solution to port mainframe data out on to MS SQL servers later to displace the IBM Mainframe all together.
• Primary duties were to implement Microsoft Server across a WAN SBC leased lines using Cisco 3640 routers network located at Manhattan Beach Corporate office.
• Built the Cisco 3640 Router
• Brought up dual redundant Verizon lease lines
• Built MS NT 4.0 PDC server
• Built new MS SQL Server
• Built and rolled out store WAN role out plan for all 17 stores