SUMMARY:

• Worked as Consultant / Sr. Network Security / Analyst / Microsoft Network Architect for USDA - NICT, Black and Veatch, Sprints, Microsoft, and Federal agencies for NERC CIP, FISMA, HIPAA, SOX, PCI, etc. in Kansas City. Worked with W2k12-R2 Active Directory, Exchange, IIS, and Red Hat. Performed Vulnerability Scanning and Pen-Test with Metasploit framework, Web and Software Security, Palo-Alto NGFW (Next Generation Firewall), Cisco ASA NGFW with FirePower Service plus SourceFire, URL Filtering, Advanced Malware Protection and FireSIGHT Management Center, DR, Mobile Device Management (Mobile Security Management), Operation Procedures and Processes.
• Worked as System Admin & Network Security Auditing / Analyst for Confidential (MHDC), and taking care of Microsoft and Cisco networks, Palo Alto Firewall, Vulnerability Scanning and Pen-Test (SAINT), Sophos Endpoint Protection, DR Operation, and Remote Storage Procedure.
• Worked as Enterprise System Admin / System Architect for federal enterprise Microsoft network operating system W2k3 / W2k8-R2 for more than 3000 servers, 50,000 nodes within multiple Active Directory forests, multiple domains and child-domains, plus Exchange 2k7 / 2k10 - Front-end Edge server / Back-end, SharePoint Portal, SCOM 2k7, SCCM 2k7, IIS 5.0 / 6.0, 7.0, Active Directory - Integrated DNS, Caching-Only DNS, DHCP, WINS, RIS (Remote Installation Services),WSUS (Windows Software Update Services), DFS (Distributed File System), Group Policies, Net Backup, Data Protection Manager, etc.; implemented a large scale Active Directory W2k3, Upgrade W2k3 to W2k8-R2, W2k8-R2 to W2k12-R2, and Exchange 2k10 throughout the nation.
• Worked as Consultant / IT Security Manager, managing 9 technical staffs (4 MCSEs, 1 CCIE - Network Engineer; 1 Network Security Analyst (Vulnerability Scan and Pen-Tests), and 3 Desktop Specialists). Managed a large and complex Microsoft network with multiple forests and domains, including AD-Integrated DNS, DHCP, WINS, Dfs (Distributed Files System), Exchange 2k7 front-end / back-end, MOM 2k5, Group Policy, IIS, FTP, Norton Live-Recovery Backup System, Trend-Micro anti-virus.
• Had over three years working as an MCSE instructor / MCT (Microsoft Certified Trainer) at several CTECs, ATECs in the Kansas City Metropolitan area, such as CompUSA, PC-University, Network Knowledge, and National American University. Have over two years working as Adjunct Assistant Professor at Confidential - IT division for NT 4.0 + Windows 2000 + Windows 2003 MCSE courses. Nominated for the Best Adjunct Professor of the Year over the Information Technology Center (ITC) at JCCC for three year in a row.
• Had written hundred how-to lab articles, and sold them to various authors, three of which had been posted on Microsoft Websites TechNet.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. System Network Security Architect

Responsibilities:

• Re-designing / re-architecting network security on both Microsoft network especially in the DMZ region.
• Building several Caching-Only DNS servers.
• Establishing a procedure and requirement for all applications in DMZ.
• Helping to strengthen DNS security (DNSSEC) and Replication Security.
• Providing training for W2k12 Microsoft Active Directory.

Confidential

Sr. System Engineer and Network Security Engineer / Architect

Responsibilities:

• Re-designed / - re-architect network security on both Microsoft and Linux especially in the DMZ region for several Web applications.
• Help upgrading W2k8-R2 to W2k12-R2 Microsoft Active Directory.
• Building Cache-only DNS servers in DMZ.
• Building AD ADFS, and AD LDS environments.
• Providing training for W2k12 Microsoft Active Directory.

Confidential

Sr. System Engineer / Application Architect

Responsibilities:

• Performed W2k8-R2 / W2k12 Microsoft Active Directory Assessment for several domains and a lot of IIS (Web), File and Printing servers and architect.
• Performed Application installation / configuration / maintaining.
• Provided training for W2k12 Microsoft Active Directory.
• Performed vulnerability and compliance scans (Nessus Security Center) for all Windows / Linux / Cisco gears as well as Database and contents based on HIPPA regulations.
• Performed pen-test on web application, proxies, and wireless routers.
• Performed MDM - Mobile Device (Security) Management
• Performed Web Security Scanning and Attack.

Confidential

Network Security Admin / Analyst

Responsibilities:

• Re-designed network security on both Microsoft and Linux, including the DMZ for Fortinet firewall
• Performed W2k8-R2 / W2k12 Microsoft Active Directory Assessment for several domains and a lot of IIS (Web), File and Printing servers. Helping to redesign Microsoft Active Directory network, Exchange 2k10, and RODCs at the remote offices as well as Caching-Only DNS and several IIS servers at the DMZ zone.
• Provided training for W2k12 Microsoft Active Directory.
• Performed vulnerability and compliance scans (Nessus Security Center) and pen-test for Red-Hat and Windows.
• Performing pen-test on web application, proxies, and wireless routers.
• Performing network access control (ForeScout)
• Participated in Software Security Committee
• Handling security incidents (LogRhythm) + File integrity (CimTrack) + Computer / Mobile Forensics (Encase).
• Using Regular Expression, SQL Query, NSE (NMAP Scripting Engine)
• Helping to create a general IT Security Policies for FISMA, PCI and SOX
• Performed Day-to-Day Operation, DR Operation, and Remote Storage Procedure auditing.

Confidential

Sr. Network Security Engineer / Architect Consultant

Responsibilities:

• Working on various projects for clients.
• Design Microsoft AD + Implement Windows Terminal Server in DMZ
• Perform Vulnerability Scanning and Pen-Test
• Perform audit on NERC CIP, FISHMA, HIPAA, SOX, PCI, etc.
• Perform computer / mobile forensics for electronic crimes.

Confidential

Network / System Engineer

Responsibilities:

• Managing the W2k8-R2 Microsoft forest and several domains of 100 servers, 200+ nodes, GPOs, Active Directory - Integrated DNS, WSUS, IIS (Web), Exchange 2k10 including the Edge server, SQL 2k8, IIS 7.0, SCCM 2k12, Dfs (Distributed File Servers), File and Printing, Evault Backup.
• Managing all Cisco routers and switches.
• Handling all security incidents.
• Managing Palo-Alto Next Generation Firewall (a pair for HA) with IPS, URL Filtering, Application ID based, and anti-x built-in (where x is a malware, viruses).
• Perform auditing on Operating Systems, Applications, and Procedure of backup and restoration.
• Sophos Endpoint Protection for AD, Exchange, Web, SharePoint, File servers and all desktops / laptops client.

Confidential

IT Security Manager / Sr. Network Application / Security Architect / Sr. Windows System Engineer

Responsibilities:

• Performed pen-tests as Network Security Consultant, and Vulnerability Scan on all segments of network. Managed Firewall Policies. Performed domain security tasks (File, Active Directory & DNS Security, and Web access).
• Created general IT policies.
• Perform vulnerability scanning and pen-test for federal.
• Mobile Device Management (Mobile Security Management)
• Worked as Network Application Security Analyst for BMC-Remedy product, which involves scripting (Java Script), gathering all the requirements - including ports and security associated with daily tasks as well as monthly maintenance, testing all new releases from the beta environment to production environment, and perform security check from the product front-end to the database back-end with vulnerability scanning, pen-test, and firewall application-id based filtering.
• Created all GPOs for W2k3 and W2k8-R2 forest /domains, and based line security policies for all servers.
• Managed over 300 servers, 1500+ nodes, multiple forests / domains, Active Directory, GPOs, DNS (Primary/Secondary, Active Directory - Integrated DNS), WINS, WSUS, IIS (Web), Exchange 2k / 2k3 (front-end and back-end), Exchange 2k7 and Exchange 2k10 including the Edge server, MOM 2k / 2k5, 2k7, SCCM 2k7, Dfs (Distributed File Servers), File and Printing, Backup (such as Net Backup), and Security.
• Managed Hyper-V environment.
• Managed nine (9) technical staff; one is CCIE - Cisco; one is Network Security; four are MCSE’s - System Engineers, and three are Desktop Specialists.
• Composing technical articles as well as conducting the trainings for various teams on W2k3 and W2k8 technologies as well as Hyper-V, etc.

Confidential

Enterprise Architect/Enterprise System Admin

Responsibilities:

• Provided services to the USDA-FSA and managed multiple Microsoft W2k / W2k3 forest / domain, Print, File, Exchange 2k / 2k3, MOM, IIS, and Application servers (roughly about 1500).
• Managed three technical staff, directly, and many large projects.
• Mobile Device Management (Mobile Security Management)
• Performing Web Attack and Software Security Scanning.

Confidential

Network Manager/Sr. System Administrator

Responsibilities:

• Managed the IT team, its budget and technical staff (10 full-time and 5 contracts). Providing in-house hands-on training.
• Migrated NT 4.0 multiple domains and its BackOffice products - such as IIS 4.0, Exchange 5.5 - to W2k domains and IIS 5.0, Exchange 2000, Conference, Share-Point Portal, Microsoft Office Management (M.O.M.), W2k-Terminal, IIS 5.0, SQL 2000, SMS 2.0.
• Creating and managing Domain Controllers, DNS, DHCP, WINS, FSMO, Sites, RIS, Distributed File System (Dfs), Group Policy, IntelliMirror, Security, and routine maintenance on the domain-wide.
• Created and managed mailboxes, storage groups, policies on incoming and outgoing mail, routing groups, public folders, instant message, security and routine maintenance on all front-end / back-end Exchange 2000 servers.
• Created and managed the disaster recovery plan, including the backup, power and network outage.

Confidential

Adjunct Professor

Responsibilities:

• Taught NT 4.0, W2k Server and W2k Active Directory classes at JCCC as Adjunct Professor / several CTECs as Microsoft Certified Trainer.
• Voted best instructor by the IT division within JCCC. Nominated for the Lieberman award for the years of 2001, 2002 and 2003 .

Confidential

Lead of Network Administrator

Responsibilities:

• Manage NT 4.0 domain, three sites, and 40 servers, all PDC, BDCs, WINS, DHCP, DNS, IIS 4.0, File and Print servers, Exchange 5.5 server, policies, security and routine maintenance.
• Managed SMS 2.0 server.
• Provided in-house hands-on training.

Confidential

Technical Lead

Responsibilities:

• Worked as a Tech Lead - Managing multiple NT 4.0 domains and their member servers (15 servers in total) + Backup (Veristas then Backup Exec)
• Managed the Medical Tracking Device project (50 servers in total).

Confidential

Technical / Project Manager

Responsibilities:

• Managed 35 full-time server and desktop / laptop technicians.
• Hired and conducted performance reviews for all staff.
• Managed multiple projects for multiple clients at any given times.
• Managing NT 4.0 multiple domains, multiple sites, over 3000 nodes, 200 servers.
• Providing in-house hands-on training for all staff.