WORK SUMMARY:
Over twenty years of experience in enterprise network architecture design and implementation, network security engineering, network strategy and architecture evolution planning, communications systems design, information systems consulting, system administration, and business development.

PROFESSIONAL EXPERIENCE:

12/2008–Present: Network and Security Engineer/Architect Confidential,San Diego, CA
Chief network architect responsible for designing and engineering a next-generation enterprise network and security architecture for Sempra Energy, a Fortune 300 energy services company that serves 29 million customers worldwide.

• Designed Sempra’s private MPLS/IP WAN architecture which interconnects 300+ sites throughout California. WAN supports 14,000 employees as well as VOIP, video, mobile communications, SCADA, Smart Grid, and Smart Meter services. WAN based on Juniper Networks MX, M, and J series routers.
• Designed Sempra’s data center network architecture and external security perimeter at two data center locations. Architecture uses Juniper M/MX/EX series routers, Juniper SRX 5800/3600 Firewalls, Palo Alto Firewalls, and Tipping Point Intrusion Prevention Systems (IPS).
• Developed detailed architecture drawings and various documents to include: Enterprise QoS Strategy and Framework, Network Security Assessment and Recommendation, Firewall Vendor Analysis and Recommendation, Juniper Router (JUNOS) Standard Baseline Configurations, and network device/architecture test plans. Performed proof-of-concept and vendor interoperability testing of various designs and technologies.

Architecture design highlights:

• Architecture reduces both capital/operation costs by replacing multiple WAN networks with a single “carrier class” IP/MPLS converged services WAN using network virtualization and traffic engineering technologies.
• Designed a flexible and highly available cloud-based data center topology that reduces server provisioning times and supports Sempra’s virtualized server and Services Oriented Architecture (SOA) environments.
• Developed security models to protect data center systems from both external and internal threats. Replaced 90+ firewalls distributed throughout the enterprise with a few specialized application-aware firewalls centrally located within the data center environments (web application firewalls, XML firewalls, database firewalls).
• Architecture facilitates a “zero data loss” business continuity based on active/active data centers. Architecture supports global server load balancing (GSLB), synchronous data replication, live virtual server application migration, and high available clustering of systems between two geographically dispersed data centers.

Key technologies: MPLS Layer 3 VPNs (RFC2547bis/4364), MPLS Layer 2 VPNs, Virtual Private LAN Services (VPLS) with BGP auto-discovery/signaling, Layer 3-7 load balancers, OSPF-TE, MP-BGP routing, BGP Route Reflectors, and MPLS Traffic Engineering/FastReroute.

12/2007–8/2008: Independent Network/Security Engineer Consultant Confidential,San Diego, CA
Developed Confidential, long-term enterprise network and security architecture strategy and evolution design plan in support of key energy Smart Grid modernization initiatives. Strategy encompasses WAN, data center, and security perimeter with the objective of creating a single converged services network infrastructure and secure data center production systems from both external and internal threats. Strategy based on IP/MPLS enabled applications.

4/2007-11/2007: Independent Network/Security Engineer Consultant-IBM Confidential,Miami, FL
Provide consulting services to Miami/Dade County. Evaluated and documented existing network and designed a network security perimeter architecture to secure all facets of Miami/Dade county business functions. Developed network security policies and secure router/switch baseline configuration standards.

6/2002-11/2004: Independent Network/Security Engineer Consultant Confidential,San Diego, CA
Evaluated and documented existing network architecture and designed the next generation network and security architecture for Intuit’s e-commerce environment (Cisco/Check Point). Design encompasses data center, network management, development and test networks, and enterprise systems and services. Architecture accommodates 2,500 e-commerce servers and provides a multi-region fault tolerant disaster recovery scheme. Developed network security policies, Cisco router/switch configuration standards, and best practice guidelines.

3/2002-3/2004: Independent Network/Security Engineer Consultant Confidential,San Diego, CA
Provide network/security engineering consulting for Sempra Energy. Evaluated and documented existing network and security topology. Designed and implemented a fault tolerant perimeter network security architecture, web hosting environment, and network management scheme (Cisco, Check Point). Developed security models to protect wireless networks, mission critical production systems, and electrical/gas distribution control systems (SCADA).

1/2001-4/2001: Independent Network/Security Engineer Consultant Confidential,San Diego, CA
Confidential,and assisted in the migration of network communications and security equipment from Digital Lighthouse’s computing data center to Level 3 Communication’s hosting environment.

4/97-8/03: Network Engineer Consultant Confidential,San Diego, CA
Provide network and security engineering consulting in support of government and commercial organizations. Travel to customer sites to analyze and assess customer enterprise network architectures/systems and propose technical solutions. Tasks and associated clients are summarized below:

Confidential,Washington, DC: Assessed the USDA communications and security infrastructure and developed a large-scale Wide Area Network design plan and strategy. Design accommodates 120,000 users and utilizes 6,000 Cisco routers configured with OSPF and BGP routing.

Confidential,, New York, NY: Reviewed and analyzed Citicorp’s existing network security architecture and recommended various network security configurations and topology enhancements in support of Citicorp’s merger with Travelers Insurance.

Confidential,New Orleans, LA: Documented and analyzed Entergy’s existing network architecture and presented recommendations to improve both network security and performance issues.

Confidential,Developed a design and integration plan to facilitate secure cross company communications between members of the Fuel Cell Alliance.

Confidential,Regina, Saskatchewan, Canada: Designed the LAN, WAN, VPN, and perimeter security architecture for the provincial Saskatchewan Health Information Network.

Confidential,Washington, DC: Evaluated and documented WRAMC’s existing network architecture and provided engineering consulting related to future network design concepts and topologies.

Department of Veteran Affairs (VA) Telecommunications Infrastructure: Implemented performance related architectural changes to the VA enterprise WAN at six major hub sites. Migrated enterprise WAN from Frame Relay to ATM backbone services and replaced old technology with new Cisco routers and Fore Systems ATM switches. Developed an enterprise wide IP OSPF WAN routing scheme.

ENRON Corporation: Designed tech control facility networks and installed Cisco routers and switches at Enron based Internet ISP sites throughout the United States.

Confidential,San Antonio, TX: Lead technical engineer responsible for upgrading DoD hospitals and Department of VA telecommunications sites to ATM technology. Implemented security firewalls and network security design plan for several DoD hospitals.

Confidential,San Antonio, TX: Analyzed and evaluated USAMISSA’s worldwide DoD facility remote management architecture and developed a risk assesment report illustrating potential security vulnerabilities.

Confidential,Honolulu, HI: Researched and evaluated technologies as they apply to computer security, user authentication/data encryption, and secure network communications. Evaluated and tested IPSec based Virtual Private Network (VPN) devices, X.509 Digital Certificate technology, and X.500 Directory services. Developed a secure communications plan to support telemedicine between commercial and government hospitals and heath care providers in the Pacific theatre.

Confidential,Boston, MA: Assessed network environment and provided recommendations for both HEALTHvision and their ASP data center provider, Eclipsys. Performed a VPN vendor analysis, evaluation, and recommended solution. Developed a methodology for Eclipsys to evaluate and seamlessly integrate customer servers and networks into their data center/application service offerings.

Business Development: Participated in SAIC business development activities related to network engineering design, security engineering, and network evaluation and recommendations.

2/95-4/97: Sr. Network Engineer Confidential,Honolulu, HI
Designed, implemented, and managed a 5,000 user enterprise network at Tripler Army Medical Center (TAMC). Designed, implemented, and documented a prototype network security architecture for U.S. Army Medical Command. Evaluated and implemented security authentication and encryption technologies and enterprise Intranet web systems. Managed UNIX-based firewall systems and other enterprise systems critical for network operation.

10/90-2/95: Sr. Network/Systems Engineer Confidential, San Diego, CA
Performed systems engineering/networking engineering in support of the Composite Health Care System (CHCS), a DoD medical information system based on DEC VMS VAX/Alpha and PC UNIX platforms. Designed and implemented a Cisco router based X.25 and Frame Relay WAN linking DoD military medical facilities throughout the world. Designed the Medical Health Systems Standard LAN and WAN architecture for DoD hospitals. Researched, evaluated, and tested communication and networking technologies, protocols, and products for the integration into the DoD medical network architecture. Traveled to customer sites to consult and troubleshoot network/system problems and provide recommendations.

7/89-6/90: Electrical Engineer Confidential,San Diego, CA
Provided field-engineering services in support of Military Command Centers. Designed and installed communication systems hardware and AC power systems. Designed a fiber optic video (CATV) system for secure signal transmission, modified and troubleshot computer communication circuits and power distribution systems, and developed equipment test procedures.

2/88-6/89: Communications Systems Engineer Confidential,Sierra Vista, AZ
Designed secure military computer communication systems such as packet-switched, satellite, and multiplexed voice/data networks in support of the US Amy Information Systems Engineering Command (ISEC).

EDUCATION:
B.S. Electrical Engineering