SUMMARY:

Experienced network and security engineering professional specializing in the design, implementation, and support of LAN / WAN routing and LAN switching infrastructures. Excellent leadership, communications skills, experience with management of large projects and/or teams, and a high self - initiative to improve technical abilities and project management skills. Able to identify technical strategies to reduce cost, increase revenues, strengthen customer relationships, improve business processes and to achieve corporate business objectives.

PROFESSIONAL EXPERIENCE:

Confidential, Suwanee, GA

Cloud Infrastructure Architect

• Primary Infrastructure architect responsible for creating and implementing a new conceptual design for restructuring Confidential corporate internal infrastructure and all customer cloud services infrastructure. Confidential developed a new cloud business initiative to streamline their top ten largest national data centers to adequately support their growing cloud services and colocation customers. The refreshed network infrastructure standard will consist of Nexus 7000 & 9000 series switches (7010, 9500 & 9300 Nexus switches), ASR9000 (ASR9006) core routers for Internet peering and WAN backbone connectivity, the Unified Computing System (UCS) platform, MDS fabric switches, ASA firewalls, F5 load balancers, VMware hypervisor multi-tenancy for compute, and EMC VNX SAN array for storage;
• Responsible for creating the conception for a new network infrastructure design, implementation and operational support for all production national data center network infrastructures and newly acquired international colocation customers. The new network infrastructure design will allow Confidential as a first phase to implement a new multi stage CLOS fabric architecture within ten of their largest national data centers. This new architecture will require Confidential to migrate from a traditional core / distribution / access network model using the legacy Cisco Catalyst 6500 platform, to the new Cisco Nexus 9000 product line switches (9300 & 9500). The multi stage CLOS fabric architecture using Cisco Nexus switches are configured for a Spine / Leaf topology with a VXLAN bridging and routing overlay in “NXOS standalone” mode, F5 load balancers and ASA firewalls for our services layer, and automation tools used for configurations / provisioning (Rest API clients, Ansible, Bash shell scripts using Curl);
• Responsible for creating the conception for a new production network infrastructure design, implementation and operational support for a Spine / Leaf design at a new Confidential data center acquisition in downtown Chicago for our new cloud business initiatives in the mid-west market region. The design has a full-blown Spine / Leaf implementation using Cisco’s ACI (Application Centric Infrastructure) solution and will provide full automation for provisioning Confidential ’s corporate internal and customer network infrastructures. The design consists of Nexus 9500 switches for the “Spine” layer and Nexus 9300 switches for our “Leaf” layer, redundant APIC controller cluster, F5 load balancers and ASA firewalls for our services layer, automation tools (Rest API clients, Ansible, Bash scripts using Curl), and research / testing of orchestration tools (Cisco NSO, Puppet, Chef) for automated provisioning of customer virtual infrastructure workloads;
• Responsible for creating the conception for a new network / security design, implementation and operational support for a PCI compliant infrastructure to support hosting Confidential internal and customer compliant services. This new PCI compliant enclave will use Palo Alto firewalls (5060 hardware model) for IPSEC VPN, firewall and IPS inspection, a Nutanix hyper-converged cluster for compute, and software defined storage (SDS) using EMC ScaleIO. Compliant services provided will be secured AD directory with MFA (multi factor authentication), dedicated secure RDP / SSH jump servers, secure Splunk logging, Anti-Virus, combination of commercial and open source vulnerability / audit tools, file integrity using Tripwire, SNMP monitoring, and dedicated network backup / archival appliances;
• Responsible for creating the conceptu al design, implementation, maintenance, and operational support of a new lab infrastructure that will simulate a new NAB (Network Access Backup) / Archival & Restore solution to support Confidential internal and customer compute / physical servers. This new backup / Archival solution has been designed to work across two separate environments, one running Cisco Nexus 9000 product switches in a “NXOS standalone” Spine / Leaf topology and the second lab environment is running a full “ACI” (Application Centric Infrastructure) mode. The backup / Archival solution will also utilize the Spine / Leaf overlay fabric using VXLAN bridging and routing, plus VMware NSX for micro-segmentation of backup / archival network traffic;
• Responsible for creating the conceptual design, implementation, maintenance, and operational support of a new lab infrastructure that will simulate all Spine / Leaf topology designs implemented in production. The Spine / Leaf lab infrastructures will consist of two separate environments, one running Cisco Nexus 9000 product switches in “NXOS standalone” and the second lab environment is running a full “ACI” (Application Centric Infrastructure) mode implementation using a pair of Cisco Nexus 9000 “baby spine” switches (9336PQ) along with Nexus 9300 switches at the “Leaf” layer;
• Responsible for creating the conceptual design, implementation, maintenance, and support for the lab infrastructure that contains a demo for testing vendor SD-WAN solutions (Viptela, Velo Cloud, and Talari Networks) to be used in Confidential ’s service portfolio for Customer managed WAN infrastructures and testing multi stage CLOS fabric overlays (Spine / Leaf) from other vendors as Arista and “white box” switching solutions using Cumulus Linux as the NOS (Network Operating System) with either Dell or Mellanox switch hardware. Confidential in an effort to reduce capex costs for their new cloud business initiative, is conducting research and testing on ways to reduce costs for implementing efficient, scalable future fabric overlays in their datacenters.
• Responsible for implementation, maintenance, and operational support of the lab virtual infrastructure which includes a Cisco Computing System (UCS Mini) with four M3 B200 blades. This lab has been constructed to provide simulated customer multi-tenancy environments, testing automation and orchestration tools (Ansible, Rest API clients, Cisco NSO, etc.) for automated provisioning of simulated customer virtual workloads (IaaS). The lab is also connected to an AWS VPC and a Google Cloud Virtual Network via a VPN direct connect for provisioning of virtual instances. Our lab will consist of a VMware VCSA cluster running ESXi 6 to test VMware and additional hypervisors / containers (KVM, Docker & LXC containers) cloud compute capabilities, future plans for a Nutanix hyper-converged cluster, future plans for software defined storage (SDS) using EMC ScaleIO, and eventually future plans for a working managed OpenStack (Mirantis or Canonical MAAS / JUJU) infrastructure to test future cloud computing provisioning platforms for IAAS workloads (Infrastructure as a Service);

Confidential, Norcross, GA

Network Architect / Team Lead

• Primary network architect responsible for developing the conceptual network and security design for Confidential corporate office and two data centers in downtown Atlanta and El Segundo, California. My responsibilities also included implementation and operational support for all three sites, which will be migrated from legacy Cisco 6500 catalyst switches to Cisco’s Nexus 7K, 5K, and 2K FEX series equipment. Confidential ’s new business directive is to develop a hybrid public / private cloud infrastructure, reduce its carbon and physical footprint in all data centers by consolidating over 60% of the network infrastructure, improving high availability for the network core infrastructure, and investing in virtualization technology using the Cisco UCS platform with VMware and KVM hypervisors;
• Responsible for implementation, maintenance, and operational support of the Unified Computing System (UCS), which provided multi-tenancy for all VMware ESX and Red Hat (RHEV) KVM hypervisors. The Confidential UCS infrastructure has two UCS pods (6100 and 6200 series) which consists of the two Fabric Interconnects and six 5108 chassis fully populated with a combination of half and full width blades (M2 B200, M2 B230, & M2 B440 blades);
• Responsible for implementation, maintenance, and operational support of a pair of Cisco MDS 9148 Fabric Switches, which provided Fiber Channel connectivity (VSANS, Zones, etc.) between the UCS pods and our Hitachi SAN infrastructure. Additional Cisco MDS 9148 fabric switches were also used for a SAN upgrade and migration project for upgrading our Hitachi AMS SAN to a new enterprise Hitachi HUS VM SAN infrastructure. Additional project responsibilities included implementing and configuring a new SAN solution utilizing the Cisco MDS 9506 Director fabric switch, which is used as Confidential ’s standardized SAN fabric switch for all future SAN Fiber Channel zoning and SAN replication between data centers using FCIP;
• Responsible for implementation, maintenance, and operational support of two Cisco ASR 1002F routers that provided Internet connectivity for all of Confidential ’s public facing web applications and internal resources. The Cisco ASR 1002 routers provided Internet access redundancy utilizing BGP external peering between two separate Internet Service Providers (Internap, Level3, Zayo), ensuring Confidential maintained high availability access to the Internet for all web applications and internal resources;
• Responsible for implementation, maintenance, and operational support of all backup site-to-site IPSEC VPN Tunnels between Confidential ’s corporate office and data centers. The site-to-site IPSEC VPN Tunnels provide a tertiary backup path for network connectivity between sites;
• Responsible for developing a firewall migration plan to consolidate Confidential ’s entire legacy firewall infrastructure at all sites, which consisted of Check Point Nokia and PIX firewalls to new Cisco ASA 5550 firewalls. Confidential new security initiative helped drive to develop other projects around web proxies (Blue Coat) and firewall migration plans for new next-gen firewalls with application intelligence to allow greater application visibility;
• Responsible for re-design, implementation, and administration plan for replacing the legacy remote access VPN solution. The current remote access VPN solution will be temporarily migrated to more robust, high availability Cisco ASA firewalls. Responsible for also developing an additional new security initiative to drive development for an additional migration project to replace all IPSEC VPN ASA firewalls with a Juniper SSL VPN solution (MAG6610 with Junos Pulse). This new Juniper SSL VPN solution will offer easier integration, operational support, and provides a cost-effective solution for all of Confidential ’s remote satellite offices across the country to migrate away from the outsourced remote access managed solution in place currently;
• Responsible for submitting a security design to Confidential security audit team, in conjunction with Confidential ’s security initiative, to migrate from legacy Tipping Point IPS appliances to a Sourcefire IPS solution utilizing new 8000 series appliances. The new Sourcefire IPS solution will provide management of the enterprise and open source IPS appliances and delivers signature inspection for all network traffic at Confidential ’s edge and core network infrastructure;
• Responsible for implementation and support of a new wireless infrastructure at Confidential ’s corporate site using an Aruba wireless solution. The Aruba wireless solution will consist of two 3400 Mobility controllers and the proper mixture of 105, 115 and 135 model access points for all floors based on a wireless site survey that was conducted for Confidential ’s corporate offices;
• Monitoring and troubleshooting of internal / external networks using Solar Winds Orion, TCPDUMP, Wireshark (Sniffer), and various other Open Source (NMAP, NESSUS, METASPLOIT, etc.) and network management tools;
• Responsible for day-to-day network troubleshooting and switch maintenance, IOS / NX-OS software configurations and upgrades, and maintenance of dynamic core routing topology (EIGRP) and remote site network connectivity;

Confidential, Atlanta, GA

Senior Network Engineer / Consultant

• Primary senior network engineer responsible for all core backbone 6500 switches, distribution layer switches configurations and maintenance. Responsibilities also include core and edge firewalls (Netscreen ISG, SSG, ASA, FWSM), Tipping point IPS appliances, and Juniper SSL VPN appliance configuration and maintenance;
• Assisted with re-design planning, implementation, and administration of Manheim’s new network infrastructure, which will be housed at a new data center. Manheim’s green initiative calls for deploying to a N+1 data center and pushing Virtualization technology to help reduce their physical and carbon footprint in a data center. The network infrastructure for Manheim’s green initiative consists of clustered Cisco Nexus 7K, 5K, 2K FEX switch / routers, clustered firewalls (Netscreen and Cisco), Tipping Point IPS, Cisco UCS (Unified Computing System), and VMware ESX clusters which will provide a secure, highly redundant tiered ingress/egress to Manheim’s production internal network infrastructure and remote sites;
• Assisted with re-design planning, implementation, and administration of Manheim’s new ETEST (application development, QA, & testing), and simulation lab network infrastructure. The network infrastructure for the new ETEST environment will consists of a single Nexus 7000 switch / router, Cisco UCS, VMware ESX clusters, data and storage access switches, firewalls, and a Tipping Point IPS which will be the concept model for the new green initiative data center;
• Responsible for re-design, implementation, and administration plan for replacing the legacy remote access VPN solution. The remote access VPN solution was migrated from legacy Cisco VPN 3000 concentrators to Juniper SSL VPN appliances to allow Manheim corporate full time employees and contractors access to internal resources;
• Monitoring and troubleshooting of internal / external networks using Solar Winds Orion, Cisco works, and various other network management tools. An open source security tools server was also implemented to do network troubleshooting, security assessments and auditing;
• Implemented a training lab utilizing VMware 4.1 ESXi server with NFS & ISCSI using an open source storage solution, VirtualBox, VMware workstation, and a network routing simulator to model routed network designs;
• Assisted with day-to-day network troubleshooting and switch maintenance, IOS software configurations and upgrades, and maintenance of core routing topology (EIGRP) and remote sites;

Confidential, Lawrenceville, GA

Senior Network Security Engineer / Consultant

• Primary Senior network security engineer responsible for all technical aspects for a large re-design project for the Gwinnett County Department of Transportation’s (DOT) Traffic Control Center (TCC). The Gwinnett County DOT has been in the process of deploying traffic cameras, traffic signal controllers, and access points to major intersections in Gwinnett County to provide real time video traffic to the TCC and all public safety municipalities. The DOT video camera topology design utilizes multicast to route real time video traffic to aggregation routers where several hardware and/or software encoders will display the live video traffic for the TCC technicians;
• Primary network security engineer responsible for the design, implementation, and administration of a new services DMZ to provide web hosting for the Gwinnett County main website and all web based applications. The network and security infrastructure for the new DMZ consisted of clustered routers, switches, Cisco FWSM, ACE load balancers, Cisco ASA 5550 firewalls, Imperva web application firewall, and a Tipping Point IPS to provide a secure, highly redundant, and scalable tiered ingress/egress to not only the main Gwinnett County website, but all other Gwinnett County municipalities (public safety, Fleet, DOT, corrections, Sheriff, Courts, etc.) who required web hosting services;
• Primary network security engineer that is part of network re-structuring team to help design and implement physical and logical routing connectivity for all major Gwinnett County municipalities on a new scalable and redundant fiber mesh backbone. The new design topology for the fiber mesh backbone consisted of physical and logical connectivity using OSPF between Confidential and the new E911 Annex building to form the OSPF backbone, with the major Gwinnett County municipalities dual-homed to both data centers inside NSSA stub areas;
• Primary network security engineer that assisted with the design and implementation for connectivity between Confidential and a Commercial Connectivity Service (CCS) through AT&T utilizing BGP peering to allow field inspectors, Police investigators, and Gwinnett DOT to use 3G wireless cards to have dedicated VPN connectivity service back to Confidential resources;
• Primary network security engineer responsible for design and implementation of a clustered pair of Cisco ASA 5520 firewalls at the Gwinnett County police headquarters for security policy inspection and NAT translation services for their new multi-million dollar Motorola digital radio system. Gwinnett County police headquarters required security, network segmentation, and NAT for connectivity to the Internet for the new digital radio systems in all police squad cars and other mobile police vehicles;
• Monitoring and troubleshooting of internal / external networks using Solar Winds Orion, Cisco works, and various other open source network management tools. An open source security tools server was also implemented to do security assessments and auditing;
• Responsible for day-to-day network troubleshooting and switch maintenance, IOS software configurations and upgrades, and maintenance of core routing topology and remote sites;

Confidential, Atlanta, GA

Senior Network Security Engineer / Consultant

• Primary network security engineer responsible for all firewall and IPS technical aspects for a large re-design project for Manheim’s corporate ITRAX initiative. The ITRAX initiative was put in place to re-structure Manheim’s production, ETEST (application development, QA, & testing), and simulation lab network infrastructure;
• Assisted with design, implementation, and administration of Manheim’s OVE (Online Vehicle Exchange) initiative. The new OVE project initiative was developed to give Manheim’s customers’ access to dealer auto auctions over the Internet through a dedicated web front end. The network infrastructure for OVE consisted of clustered routers, switches, firewalls, and an IPS to provide a secure, highly redundant tiered ingress/egress to Manheim’s production internal network infrastructure and remote sites;
• Responsible for installation, administration and maintenance of a Cisco Intrusion Prevention System (4240 & 4260 series) using exploit signatures to inspect and filter all customer and internal traffic flows;
• Responsible for installation and administration of a Cisco MARS event collector used to collect signature events, Netflow, and Syslog traffic for analysis and correlation;
• Responsible for administration and maintenance of all Cisco ASA firewalls ( series) and Cisco Catalyst FWSM (firewall services) modules which included all security policy changes and NAT translations providing connectivity to network resources and services;
• Responsible for installation, administration and maintenance of Manheim’s external Netscreen Firewalls (SSG500 series) running in active/passive HA mode, which included all security policy changes, NAT translations, and deep packet inspection;
• Responsible for installation, administration and maintenance for the NSM Express appliance (Netscreen Security Manager), which allowed a centralized management solution for all Netscreen firewalls implemented;
• Assisted with Cisco router and switch installations, IOS software configuration, and maintenance of core routing topology and remote sites;

Confidential, Atlanta, GA

Senior Network Security Engineer / Consultant

• Responsible for development, implementation, and support for a new GDOT network infrastructure for their new executive office building, which also includes an infrastructure, redesign of their Data Center, LAN infrastructure, enterprise VOIP solution, and remote site connectivity. The entire GDOT network restructuring will include re-addressing IP Address space, network equipment refresh, and LAN / WAN topology bandwidth upgrades;
• Responsible for all network configurations for EIGRP, OSPF, HSRP, Access list configuration and all hardware equipment and IOS upgrades;
• Administration of an internal Cisco ASA firewall (5520 series) used for testing of remote users to utilize IPSEC VPNs or SSL VPN capabilities and a Checkpoint firewall (Nokia IP 560), which included implementation of rule bases and security policies for the GDOT Intranet and extranet, review of audit logs & reports to providing secure access for internal private network using NAT and internal Web, FTP, and E-mail servers
• Worked with Telco providers to turn up all WAN circuits (T1s, Frame Relay) to a MPLS WAN cloud to allow remote GDOT district sites connectivity and redundancy to their main Data Center;
• Configuration and installment of Cisco ISR and 7200 series routers supporting remote site and Internet connectivity;
• Configuration and installment of Cisco Catalyst 3500, 3750 stackable switches LAN switches for various network topologies (VLANS, & 802.1Q trunking, Ether-channel);
• Development and implemented a security initiative for GDOT which included testing / evaluation of a Cisco IPS with MARS as an event collector. Exploit signature events, Netflow and syslog information was configured and directed towards the Cisco MARS appliance for analysis and correlation;
• Monitoring and troubleshooting of internal / external networks using Wireshark (Sniffer) Solar Winds Orion and PRTG network management systems and various other open source network management tools;