SUMMARY:

I am a senior network engineer, with over 20 years of experience, delivering effective, efficient and economic solutions to meet my customers’ needs. For the last few years I have been concentrating on Palo Alto Networks’ next generation firewalls and their associated anti - malware, URL filtering, and WildFire capabilities. I have managed teams in both operations, and design & build. I have technically managed several small projects and one larger project, with a capital budget of several million dollars. I have developed a standard system for network documentation, record keeping, and working practices, to ease the burden of operational support.

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Senior Network Security Engineer

• The college had purchased a pair of HP 12508 core switches, running as an IRF, with multiple MDCs; and an HA pair of Palo Alto Networks PA-5050 NGFWs for New-Net, to take the place of Old-Net, based around a pair of Cisco 6509s with a FWSM. TC had already replaced the Cisco edge switches with HP/Aruba 3800s and 5400s, but these were still connected to the Cisco core switches when I arrived.
• The basic architecture of New-Net, as designed, was in a very poor state and would probably never work. I presented my analysis of New-Net to the relevant directors and the CIO, along with my recommendations for what the architecture and overall design of New-Net should be: this was accepted with enthusiasm.
• Since then I have designed New-Net and built parts of it in a lab environment where we tested it successfully. I designed and documented a cut-over process for migrating users from Old-Net to New-Net and this migration has now started in the production network.
• I am now concentrating on the detailed design of the server subnets, including the public facing VPN, which includes F5 virtual servers; the secure VPN, which includes Oracle DB servers; and the PAN security policies.

Confidential, Rockaway, NJ

Senior Network Security Engineer

• I designed and implemented Allergan’s new, global, perimeter security solution which uses Panorama to manage HA pairs of PA-5060 and PA-3020 firewalls, each supporting multiple virtual-systems to keep their various purposes independent: L3 Internet access, secured vWire transport to our generic medicines’ division, and a placeholder for simple, future growth...
• I was responsible for the ASA to PANW migrations at Allergan’s five data centers and developed a simple, reliable method for implementing these to ensure a consistent configuration of the PANW NGFWs and a simple path to have NGFW style rules supersede the ASA IP 3-tuple rules.
• I was technical lead on Allergan’s Phase II Perimeter Rationalization project to increase security at 19 facilities which have local Internet access: This was accomplished by inserting a PA-500 or PA-3020, supporting a simple vWire, between, the site’s Internet router and the ISP’s CPE. My work included developing and gaining approval for the security policies and profiles, including the URL filtering practices & procedures which would be used; developing the Template and Device-Group configurations; developing and strengthening the initial cutover plans; and then training a colleague to carry out the remaining cutovers.
• I worked closely with Allergan’s Active Directory group to implement PANW’s, Windows based, User-ID Agents, by interfacing with a Microsoft Log Forwarding receiver.

Confidential, Woodland Park, NJ

Senior Network Security Engineer

• I upgraded Cytec’s main Internet Access Point from an HA pair of PA-2050s to an HA pair of PA-3020s, with a minimal interruption to service. I designed and implemented a new L3 firewall installation, using a PA-3020 pair, at Cytec’s new Marlow Data Center in the UK. I implemented several ASA to PAN migrations for internal firewalls at Cytec manufacturing facilities.
• I led a project to integrate the firewalls with a third party SIEM service, and developed procedures for Cytec to respond appropriately to their alerts. I was responsible for day-to-day management of the firewalls, approving new access and whitelisting requests etc.
• I suggested that Cytec investigate Security Awareness training for its employees and researched the various options and costs for implementing this. My recommendation, which was accepted, was a program from a provider that produced a series of on-line courses which included slides, animations, videos, play acting, and simple tests. I worked with the manager of CytecU to install the courseware on Cytec’s LMS and integrate it with the company’s mandatory training requirements.

Confidential

Senior Network Engineer

• I worked as an Confidential providing network engineering and support services to various clients

Confidential, Trumbull, CT

• Customer loyalty systems and services provider for the banking and airline industries.

Confidential, Englewood Cliffs, NJ

• Global Media, News, TV, Film, and other entertainments.

Confidential, Suffern, NY

National Retailer

• Administering and supporting Cisco based networks with ASA and Juniper firewalls.
• Designing and implementing new, secure, network segments using Cisco 6500 switches, VRF instances, FWSM contexts, and/or private VLANs.
• Designing and implementing data center networks using Cisco Nexus 7000s, 5000s, and FEX products; implementing VPCs, Rapid STP, backbone-fast and uplink-fast.
• Key player in NBCU’s east coast data center build out: Configuration of Cisco enterprise and Nexus switches, ASR9000 series routers, ASA 5585-X firewalls, IronPort proxies, F5 load-balancers, Juniper firewalls, InfoBlox DHCP/DNS appliances, and Tipping Point IPS appliances.
• Designing and implementing site-to-site IPsec VPN solutions.
• Implementing and administering Cisco AnyConnect and Juniper Remote VPN solutions.
• Implementing and administering Cisco NAC
• Working within PCI, SOX, and HIPPA regulations

Confidential, San Jose, CA

Senior Network Engineer

• Provider of systems and services to the cable TV industry
• General network and data-center engineering; I designed and implemented solutions using Cisco switches, routers, and firewalls; F5 load balancers; Dell hosts running VMWare, HP Storage Works, and other products and devices. I wrote a document that gave a layman’s explanation of the Confidential system which was used both for customers and employees.

Confidential, Santa Clara, CA

Network Operations Consultant

• Provider of IT staffing and consulting services
• Provided network operations support for several clients including.
• My achievements included a LAN redesign and technology change from Nortel to Cisco; the development, documentation and execution of operational procedures for a client's networked Linux clusters running systems based around MySQL, Apache, and Jboss;
• Providing companywide oversight, consultation, and mentoring for networked systems as Practice Leader for Taos

Confidential, Bethesda, MD

Network Operations Manager

• Provider of IT staffing and consulting services
• I managed a staff of 5 at the Smithsonian Institute's Network Operations Center.
• I ensured the effective, efficient, and economic operation of the SI network: a core of Cisco 7200 series routers, supporting the phones and computers of some 16,000 users across 30 sites.
• I introduced and documented Standard Operating Procedures based on ITIL, scheduled staff, coordinated with vendors, reported to senior management.
• I managed relationship between Confidential and the Smithsonian Institute regarding NOC issues

Confidential

Development & Support Officer

• YHMAN is the Yorkshire and Humberside Metropolitan Area Network, one of Janet’s regional networks; basically the ISP for universities and colleges in these counties.
• I was responsible for ongoing support and engineering of this network, which was built with ADVA DWDMs and Cisco 6500, 4500, and 3600 L3 switches. The connectivity was dark fiber in the core, Ethernet extended services to clients, ADSL for OOB, and included a microwave for a trunk link over the Humber estuary.
• I met with customers to determine their connectivity needs, including speeds, security, redundancy, and multicast routing.
• I managed projects to connect customers' campus networks to YHMAN; another to evaluate, recommend and implement Cisco Works.
• I introduced formal development and change processes to YHMAN and wrote and presented several technical papers to the YHMAN board, including recommendations for remote power and out of band management