SUMMARY:

• Insightful and performance - oriented Cloud Security Architect with more than ten years’ experience in making notable contributions securing cloud and data center migrations, as well as big data and artificial intelligence transformation. Delivered results even beyond expected projections and successfully facilitated cloud migration processes for clients from various industries, both in physical and virtual environments.
• As a subject matter expert, with a focus on Azure, created applications & cloud readiness assessments, and provided directions and recommendations on cloud technologies.
• Highlights in a nutshell:
• Responsible for providing security controls within AWS and Azure with the goal of adhering to US or Global Regulatory compliance including PCI DSS, HIPPA, GLBA and following cloud security best practices from the Cloud Security Alliance
• Familiar with AWS security controls such as and created security policies for VPC Security, Security Groups, Network ACLs, AWS Shield (DDoS Mitigation), CloudFront, Data Encryption, Key Management and Rotation, CloudTrail, CloudWatch, IAM, and Two Factor Authentication
• Used AWS Trusted Advisor to research and implement 17 key security controls for multiple clients
• Familiar with Azure security controls such as and created security policies for Virtual Networks, Network Security Groups, Azure CDN, Azure Autoscale, Data Encryption, Key Management and Rotation, Azure Logging, and Two Factor Authentication
• Used Azure Security Center to research and implemented over a dozen security controls for multiple clients
• Demonstrate effective use of cloud technologies and Proof of Concepts, by using automation to reduce time for cloud migration and security assessments
• Mentor and guide team members, by sharing best practices and insights, to facilitate processes towards projects completion

CORE COMPETENCIES:

• AWS Security
• AWS VPC Firewalls
• SaaS, IaaS, PaaS Models
• Cloud Security Architecture/Controls
• Cloud Readiness/Migration
• AWS VPC
• Security Group Config
• Windows Server 2003/2008/2012
• AWS Shield
• CloudWatch
• CloudTrail
• DevOps

TECHNICAL SKILLS:

NETWORKING TECHNOLOGIES: OTV, Fabric Path, vPC, LAN/WAN, TCP/IP, DNS, DHCP, SMTP, Sendmail, NDS, MPLS, Frame Relay, T1/T3, SSL/TLS, IPSec, GRE, VLAN, VTP, 802.1x, AAA, RADIUS, TACACS+, CA, HSRP, EtherChannel, NAT, Spanning-Tree, OSPF, EIGRP, BGP, Metro Ethernet, NFS, IPv4, FCOE, TCP, UDP

SECURITY: 802.1x Port Authentication, MAB, Cisco ASA Firewalls Ver. 7.0/8.0/9.0, Cisco Firewall Switch Module, Juniper Netscreen Firewalls v5.3, Juniper SSG Firewalls, Juniper SRX Firewalls, Nessus Security Scanner Ver. 3.2, Retina Security Scanner 5.8.3.1657, Cisco CSA Agent 5/6, Cisco MARS v4.2, Cisco ACS Server Ver. 3/4/5, IBM Site Protector v6.1, IBM ADS v 2.3, netForensics 3.4, Rapid 7 Nexpose and Metasploit, Symantec Endpoint Protection 12, Cisco Security Manager v3/4.7, Cisco ISE 1.2/1.3, Imperva WAF, Azure, Amazon Web Services

CISCO HARDWARE: Cisco ASR, Cisco UCS 6100 Interconnects, Cisco Fabric Extenders 2100/2200, Cisco Nexus 7000, 5000, 2000, 1000v, 7 200 - 170 0 Series Routers; 6 500 - 295 0 Series Switches; 5505, 5510, 5520, 5540 ASA, Firewalls; Firewall Services Module v3/4; 3000 Series VPN Concentrators; 4200 Series IPS Sensors; GSS/CSS/ACE Series Load Balancers; Cisco ACE XML Gateway

SERVER HARDWARE: Cisco UCS B and C Series, HP, Dell, IBM

OPERATING SYSTEMS: VMware 4/5, Hyper-V 2012, XenServer, Novell Netware 5 and 6, Windows XP/7/8/10, Windows 2003/2008/2012 Server, Unix, Linux

DATACENTERS INVOLVEMENT: Nap of the Americas, Terramark, The Miami Herald, New York City Health and Hospital Corporation, Time Warner Cable, MD Anderson Cancer Center, AirTran, Azure, Amazon Web Services

PROFESSIONAL EXPERIENCE:

Confidential

AZURE APPLICATION ARCHITECT

Responsibilities:

• Map a legacy IIS application to the Azure Cloud from a legacy hosting company
• Interview all IT Staff to create a cloud migration readiness document and address any challenges in our migration plan.
• Use Azure web application and SQL PaaS platform to host the new application
• Successfully migrated application to POC environment using Azure Websites Migration Assistant and addresses issues within the assessment report
• Upgrade application to .NET 4.7 from .NET 4.0 to gain performance, security, and stability improvements
• Configured Azure Autoscale and Application Insights to make data driven decisions about scaling the application during peak use times
• Successfully tested application with 10,000 active users while maintaining response times within managements goals reducing page load times by 75%
• Migrate code repository from SVN to Git to integrate with Visual Studio Team Services and Visual Studio Professional 2017
• Build CI pipeline to automate the deployment and testing of the myAVID application including unit testing, performance testing, and quality assurance.

Confidential

AZURE AND AWS SECURITY ARCHITECT

Responsibilities:

• Develop an enterprise cloud security plan by addressing logging, cloud access security broker, vulnerability management.
• Work with the network team to architecture VPN, Direct Connect, and Express route connections to AWS and Azure
• Dive in AWS VPC design as it relates to managing AWS for hundreds of clients and using automation to produce the same recipes based on their client’s needs
• Work with the sales team to deliver quotes for AWS application migration and interviewing clients technical staff and mapping dependencies

Confidential

CLOUD SECURITY ARCHITECT

Responsibilities:

• Added AWS security controls; applying commercial knowledge gained from delivering similar large scope projects.
• Focused on network security especially AWS firewall VPC design and networking
• Discuss different forms of AWS network connectivity (Direct Connect or VPN) including introducing Cisco CSR 1000V routers into the AWS VPCs
• Created Visio documentation to outline the various pros and cons of different firewall security models from Palo Alto, CheckPoint, and Cisco
• Developing documentation and maintaining compliance with Cloud Security Alliance (CSA).
• Maintaining a high level of communication with external and internal stakeholders, to ensure smooth process flow project delivery

Confidential, San Francisco, CA

CLOUD SECURITY ARCHITECT

Responsibilities:

• Build security controls for AWS and Azure IaaS lab and production environments using Chef for security automation.
• Develop and tune the cloud security readiness checklist to guarantee application have appropriate security controls in place before we initiate the AWS cloud migration.
• Use SumoLogic as our enterprise SIEM and inject logs from the Azure and AWS servers and infrastructure.
• Test solution within cloud environments for feasibility then certify and have engineers implementation in the production environment.
• Use IBM AppScan to discover application vulnerabilities, work with developers to fix, and then rescan once in the cloud environment before production release.
• Implemented DirSync, integrated O365, added custom domains and monitor Azure AD.
• Responsible for the architecture and documentation of the global Azure Information Rights Management rollout.
• Scaling up and out using Azure Websites and SQL Database, configuring data replication patterns, updating websites with minimal downtime, backup and restore data, designing for disaster recovery, deploying websites to multiple regions for high availability, designing the data tier.
• Configuring websites and applications for scale and resilience; configuring auto-scale using built-in and custom schedules, as well as by metric, changing the size of an instance. Selecting patterns, implementing transient fault handling for services, responding to throttling, disabling Application Request Routing (ARR) affinity.

Confidential, NYC, New York

CLOUD/IT SECURITY ARCHITECT

Responsibilities:

• Developed a project plan and tasks associated with the delivery of the Cisco ISE, Cisco Security Manager, and Cisco Prime Infrastructure projects.
• Mentored other contractors (internal and external) and various IT departments, leading them through the project life cycle phases and ensuring the successful results by taking accountability for personal and team actions.
• Integrated different Cisco access devices including firewalls, switches, routers, and wireless access points with the configuration needed to work with ISE Change of Authority (CoA) and various probes (collectors), including the HTTP, DNS, RADIUS, SNMP, and NetFlow probes.
• Deployed Cisco Prime Infrastructure 2.1 and 2.2 to monitor all Cisco infrastructure devices @ MarketAxess, reducing the time needed to perform a network inventory from days to minutes.
• Utilized Cisco Security Manager on Windows Server 2012, ensuring a stable platform for Cisco Security Manager 4.7 and 4.8, and the API programmability features that align with SDN.
• Provided recommendations on migration to a new security model, Cisco TrustSec, reducing the need to configure numerous devices while relying on automation tools like AlgoSec or FireMon, enabling short-term firewall automation.

Confidential, Chicago, IL

CLOUD SECURITY ARCHITECT

Responsibilities:

• Leading centralized enterprise deployment process of all Cloud Security solutions, supporting 3500 end users over 2000+ servers.
• Designing security architecture on Azure for designated applications and workloads.
• Designing Azure virtual machines and VM architecture for IaaS and PaaS; understanding and recognizing availability sets, fault domains, and updating domains in Azure; differentiate between machine classifications.
• Securing resources by using managed identities.
• Defining differences between Guggenheim’s Active Directory and Azure AD, programmatically accessing Azure AD using Graph API, and securing access to resources from Azure AD applications using OAuth and OpenID Connect.
• Identifying appropriate data security solutions, by using the appropriate Access Control List (ACL); identifying security requirements for data in transit and data at rest.
• Designing a role-based access control strategy through securing resource scopes, such as the ability to create VMs and websites.
• Identified and documented security risks; recommended mitigating controls via software or procedural changes.
• Converted the corporate security policy into enforceable digital policy within Cisco ISE’s authentication, authorization, host posture assessment, and profiled policies enabling the firm to enforce access control at endpoint level in hardware.
• Enhanced perimeter security by detecting gaps in intrusion detection and malware/botnet policies leading to the deployment of Cisco IPS modules and the Cisco Botnet Filter across all Internet access points.
• Served as the lead of the Computer Security Incident Response Team (CSIRT) and completed security investigations.