*CONFIDENTIAL*

Network Architect

ITILv3, GIAC - GISP #1413,

JNCIA, JNCIS, CCNP, CCDP

CCSA, nCA, nCP

OBJECTIVE:

My objective is to provide sound solutions, expertise, and support for converged networked environments.

The background I have includes a combination of converged technologies, security, operations, system

management, design, and implementation. These skills have been successfully applied in both the public

and private enterprise. I am capable of providing a dependable addition to any team or project, and am

committed to seeing through to completion.

WORK EXPERIENCE:

2013 to present

PWC (Price Waterhouse Coopers)

Sr. Network Engineer

- Provided lead engineering and security role for a large converged network environment

- Leveraged FCAPS model for framework and planning of network management architecture.

- Leveraged ITIL model for Security Management Architecture development/planning

- Failover test plans conducted for a scenarios w/ circuits not redundant at primary site

- Auditing and security/firewall policy management and monitoring with FIREMON

- Performance management and service delivery customization with NETSCOUT

- Configured redundant ACME Packet NN-2620 Session Managers in HA-mode.

- Worked in a NN-2620 topology-based simulated environment w/ (2) NN-2620

- Configured devices in HA-mode and w/ redundant IPC Nexus ESS.

- Workarounds with a system that does not support HA configuration.

- Cisco ACE Design for DNS/IP Load balancing back to Juniper SA/MAG Farms

- Conducted failover tests, validate, capture traces and document the impact.

- Juniper STRM log management/monitoring for auditing and service assurance

- Juniper SRX (cluster/standalone) design, implementation, support for secure DC strategy

- Juniper SA and MAG 6500 design, implementation, and support for SSL VPN strategy

- Integrating network solutions based on full life-cycle of security

- Security assessment, recommendation and implementation of apps, servers and networks

- Designs based on Accounting Services Framework relative to dual DC-environments

- Security tools and metrics used for analysis, inspection, and correlation

- Multi-vendor Network/Security Infrastructure: Cisco, Juniper, Acme Packet, Checkpoint

- Multi-vendor IP Service Infrastructure: Citrix, IP-LB, Proxy, Cache, DNS & IP Accelerator

- Network management and tooling solutions for global bank network architecture

- Development of multi-platform network management solutions for performance monitoring

- Documented monitoring architecture prior to planning new NMS design/implementation

- Created Converged-System Project Work Flows (voice-data-security integration)

2009 - 2013

Bank of America

Global Solutions Architect (contract through HP)

- Provided lead design solutions for a global network of trader locations

- Leveraged FCAPS model for framework and planning of network management architecture.

- Leveraged ITIL model for Security Management Architecture development/planning

- Failover test plans conducted for a scenarios w/ circuits not redundant at primary site

- Carrier recovery & Activation of redundant circuits via re-direct to alternate hub or DR site.

- RPL’s (Cisco VGs) hosting the circuits non-redundant considerations such as HSRP router

- Design considerations to allow the carrier circuits to be swung over.

- Configured redundant ACME Packet NN-2620 Session Managers in HA-mode.

- Worked in a NN-2620 topology-based simulated environment w/ (2) NN-2620

- Configured devices in HA-mode and w/ redundant IPC Nexus ESS.

- Workarounds with a system that does not support HA configuration.

- Design for DNS/WideIP used to address redundant devices w/ DNS names (SRV record).

- Configured new SIP trunks between the Cisco 3945 to the alternate DC SM

- Re-configured SIP trunks between the SMs and the alternate ESSes.

- Conducted failover tests, validate, capture traces and document the impact.

- Involved devices included NN-2620 SMs, IPC ESSes, and IPC SIPX cards. -

- Solid understanding of SIP-Trader framework: Targeted IPC UnigyArchitecture

- Planning around PBX, EV SIP VOIP, Dial-tone, Intercom, Line-Network, Voice Mail

- (MWI), Toll Free #'s, Recording, Recording on Demand, Proteus, Analog Lines, T1/E1

- Hoots, RPLs, MOH, Monitoring, TV Audio, CeBS, Unigy Omni Soft Turret

- Unigy Edge 100/200, HA/failover, SIP-specific design/implementation around redundacy

- Integrating network solutions based on full life-cycle of security

- Security assessment, recommendation and implementation of apps, servers and networks

- Designs based on Financial Services Framework relative to EBNC/Colo-environments

- Security tools and metrics used for analysis, inspection, and correlation

- Multi-vendor IP Service Infrastructure: Citrix, IP-LB, Proxy, Cache, DNS & IP Accelerator

- Network management and tooling solutions for global bank network architecture

- Development of multi-platform network management solutions for performance monitoring

- Documented monitoring architecture prior to planning new NMS design/implementation

- Created Converged-System Project Work Flows (voice-data-security integration)

- Created Network Standards for design, implementation, and security

- Created Global KPI Portfolio (key performance indicators)

- Architecture and design for holistic Network and Application Management Framework

- Physical Diagrams/Design - SBC(ACME N-N 4500), SM(ACME N-N2600)

- CTI Voice Blast w/ Net-Net 2600 Session Mgmt. & Cisco 3845 Voice Gateways

- Worked closely to build project plans that aligned with key engineering milestones

- GTS Switched Voice/Transport Engineering for Acme Packet SBC/SM Voice Blast Design

- IPC Call Flow troubleshooting for CTO Voice Blast w/ Acme Packt SM & SBC layout

- Helped structure the responsibilities and roles in the security management framework.

- Deep understanding of h323/SIP, TCP/IP, and other L2/L3 protocol suites

2005 - 2009

Merrill Lynch

Regional Design Architect (contract through AT&T)

(Network Architect)

- Played integral role in the security of converged environments.

- Supported new equipment installs, upgrades, and rollouts of new products and services

- Played integral role in the design of a large financial data center.

- Created Root-Cause Analysis Reports and improvement plans to support Operations

- Prepared budget and scopes, detailed designs based on standards

- Over a combination of 200 core, distribution, and access Layer-3 switches.

- Dealt with complex issues regarding an architecture of over 50,000 nodes

- Complete Market Data architecture design for multiple services & clients

- NASDAQ, Bloomberg, Reuters, Thomson, Radianz, FIX, CBOE, PHLX, etc.

- Security-based design: Firewall design, VPN architecture, & Backup/Restore

- VoIP Redundancy/Survivability, IP Voice Recording, ESS/LSP

- Worked with Voice Design Engineering groups to define voice security requirements

- Secure devices: Netscreen 5200 Firewalls migrated over from Checkpoint NGX

- IP Services infrastructure: Citrix Netscaler, IP LBs, Proxy, Cache, DNS and IP accelerators

- Cisco 6509-e L3 switches (sup-720) architecture for IP Routing, QoS, Multicast, etc.

- Worked to develop security standard-compliant solutions for external vendors

- Developed routing policies: BGP communities, attributes, multicast routing, etc.

- Routing Protocols included: BGP, OSPF, and EIGRP

- Spanning Tree Protocols included: STP, MSTP, PVST, and RSTP

- Layer 3 Redundancy with HSRP and GLBP

- QoS Policy Development & Configuration (utilized features of MQC)

- VoIP: Gateway configuration and redundancy SRST

- VoIP: Security projects for SIP & H.323 devices

- WAN/LAN: T1 – OC3 links, 3570, 3550, 3560, 6504-e, 6509-e, 7200

- Cisco IOS: newest 8.4 Cat-OS. 11.2 - 12.13.x IOS / full-native + hybrid IOS

- Wrote technical design documents for implementation engineers.

- Coordination with managers regarding the details for integration & migration.

- Lab Testing: environment simulation w/ IXIA Packet Generator

- Key responsibilities with project-management: budget, cost, resources, & strategy

- Effectively communicated details about network solutions to the ML business

- Operations Security including: Resource Protection and Asset Management

- Integrated planning concerning equipment life cycle and software licensing

- Managed incident response, remediation, and review (e.g., root cause analysis)

- Implemented preventative measures against attacks

- Solid Understanding of network change and configuration management

- Solid Understanding of system resilience and fault tolerance

- Business Continuity and Disaster Recovery: exercise, assess and maintain plans

2004 - 2007

Internetwork Learning Institute (ILI)

Network Security Instructor (part-time)

- Taught Evening Cisco-based classes in the following areas: Networking, Security, & TCP/IP.

- Provided a key technical resource and consultant for multi-vendor client relations

- Mentored students to attain a solid understanding of fundamental networking

- Taught classes on network security analysis with converged technology integration

2004 - 2005

Avaya

Converged Network Expert

- Published AVAYA White Paper on troubleshooting Toshiba SIP endpoints

- Converged IP network involving both voice and data packet analysis

- Responsible for providing Tier IV Support for Data, Security, and Voice over IP

- Endpoint devices utilizing H.323, SIP, IPSEC-VPN, and IP-based protocols

- Worked with Development Life Cycle to address various security issues

- Assisted with source code security including escalations and backdoor code

- Assessed the effectiveness of software security with patches and releases

- On-site security solutions and support in Tokyo, Japan for a 1000+ SIP endpoint

- Deployment and network troubleshooting at Toshiba’s World Headquarters.

- Assisted in development of Avaya SIP-based endpoint & Security standards

- Complex troubleshooting involving traces, logs, and debugging tools. (Ethereal, Agilent, NAI Sniffers)

- Solid Understanding of secure design, including the implications of multi-layer protocols

- Understanding security concerns with transmission media including wired, wireless, fiber, etc.

- Worked heavily with Filtering strategies and Network Access Control (NAC) Devices

- Established Secure Communication Channels (e.g. VPN, TLS/SSL, VLAN)

- Understanding of Remote Access concerns (e.g., virtual app/desktop, telecommuting)

- Understanding of Data Communications threats/vulnerabilities/attacks (e.g., DDoS, spoofing)

- Provided high-level technical support for converged environments which include Cisco, Nortel, Avaya.

- Routers, switches, firewalls (Checkpoint/Juniper), VPNs, SIP proxies, and call servers

- VoIP Interoperability lab testing – H.323/SIP-CCS with various vendors.

- Documented analysis for converged solutions involving SIP, H323, wireless-VPN, and IP endpoints.

- VoIP-trunks: H323 / SIP configuration / Wireless networking

- Avaya and Cisco AP devices. 802.11a/b/g

2003 - 2004

Verizon

Network Engineer

- Technical escalation point to resolve/develop Network Management Solutions

- Root cause analysis reports and improvement plans to Operations Management.

- Provided Daily Reports for management systems and related performance tools

- Provided trend analysis and recommendations to Operations Management.

- Troubleshooting of 19,000+ node internetwork including:

- Cisco routers (2500, 2600, 3600, 3700, 7200 series)

- Cisco switches (1900, 2900, 4000, 3500, 6500 series)

- Nortel Passport 6400 telco switches

- VPN 3000 series concentrators

- Cisco PIX firewalls / FWSM modules

- Cisco 1100 series Aironet Wireless AP

- Security & Network Monitoring with Netcool, CiscoWorks, & CiscoView:

- SNMP trap configuration and management

- Remedy was used for problem tracking and ticketing.

- Troubleshooting complex internetwork protocols:

- TCP/IP Routing: RIP, OSPF, EIGRP, BGP, HSRP

- Switching: STP, VTP, VLANs, ISL, 8021.Q

- QoS/VoIP: CoS, DSCP, IP Precedence, TCP Compression

- WAN: FR, ATM, ATM-IMA, ISDN, T-1, DS-3, OC-3, OC-48, Hssi, Serial V35

2002 - 2003

UNISYS: TSA contract

(Transportation Security Administration)

Network Engineer

- Solid understanding of concepts/methodologies/technologies for access-control

- In-depth analysis of threats/vulnerabilities/attacks including:

- Threat modeling, Asset Valuation, Vulnerability Analysis, Access aggregation

- Identity and access provisioning lifecycle (e.g., provisioning, review, revocation)

- Lead Security Engineer for the remote deployment of over 500 secure sites

- Configuration management, troubleshooting, monitoring, and redundancy planning

- Worked with Legal, Regulations, Investigations, and Compliance

- Solid Understanding of professional ethics :Professional and Organizational codes

- Solid Understanding of supporting investigations; Policy, roles, and responsibilities

- Sound implementation of rules of engagement, authorization, and scope

- Understanding of forensic procedures including Hardware/embedded device analysis

- Ensured security in contractual agreements and procurement processes

- Cloud computing, outsourced resources, and strategic interaction w/ vendor governance

- On-site setup and configuration in ‘highly-secure” federal facilities (TSA)

- ATM, Frame-Relay, IPSEC, 3DES, PIX PDM for Firewall 515E

- VLAN setup with various routing, switching, and security-related infrastructure components.

- VoIP security/support in a SRST-supported telephony environment:

- Cisco 7040 IP Phones, Cisco Call Manager 3.0, and Unity voice-mail.

- Worked heavily with Cisco routing and switching

- Security; IPSEC, Crypto Maps, GRE Tunnels, and VPN-based services. Encryption (DES, 3DES)

- PIX 515e, 525, 535 firewalls, VPN 3060s, Cisco 3600, 3700, 7200 routers, Cisco 3550, 4000, 6500

- Remote site management with HP Openview, Sun Solaris OS, Peregrine ticketing and CiscoWorks.

- Microsoft Visio network designs for documentation.

- Participated in site and facility design considerations

- Supported the implementation and operational security of facilities

- Understanding of personnel privacy and safety (e.g., duress, travel, monitoring)

2001 - 2002

IP SYSTEMS

Network Security Engineer

- Solid understanding of security governance (e.g., acquisitions, divestitures, governance)

- Risk Management & Information life-cycle (e.g., classification, categorization, ownership)

- Ensured security in contractual agreements & procurement process

- On-site assessment, document exchange and review, process/policy review

- Applied risk management concepts, assessment, and analysis

- Risk mangement as it pertains to Tangible and Intangible asset valuation

- Managed team of RFE (Remote Field Engineers) in the rollout of various

- Router/switch upgrades; Inc.IOS, hardware, platform spec.security and multi-service needs.

- Consulted various businesses for design, implementation, support of network

- Consulted with the business regarding the requirements of both security and growth.

- WAN CPE setup: DS3s, T-1s, router/switch, CSU/DSUs, IP-based metrics

- LAN support: TCP/IP issues and various hardware/software replacements/installations.

- Multiple Unix servers running Sun Solaris 8., NT servers running Windows NT, 2000, XP.

2000 - 2001

XEROX CONNECT

Network Consultant

- Developed new processes and procedures for the integration of products and services

- Support of LAN/WAN protocols, IP-based systems.

- Security device & application hardening including.

- Microsoft NT, UNIX, Cisco IOS, Linux RedHat, & MacOS.

- Cabling: ethernet, coaxial, and V35 serial

- Hardware: routers, switches, PC workstations and servers.

- Software: Cisco NetRanger, Network Utilities

1998 - 2000

AMR

Technical Consultant

- Worked with the cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)

- Understanding of methods of cryptanalytic attacks (eg. Brute Force, rainbow tables, specialized, etc.)

- Employed cryptography in network security for various solutions and countermeasures

- Employed cryptography to maintain application, architecture, and design security

- Understanding of software and system vulnerabilities, risks, and threats

- Distributed systems considerations (e.g., cloud, grid computing, peer to peer)

- Provided improvement recommendations to Operations Management for various areas

- Areas include Proactive monitoring, Fault resolution of network and Customer issues

- Output-data security systems: daily management

- Tape-drive back-up / disaster recovery procedures

- Router configuration for WAN connectivity.

- IP over Frame-Relay and ISDN backup links with dial solutions.

- Out-of-band setup w/ console connections / modem-dial access servers /etc.

EDUCATION / TRAINING:

University / College study:

University of Tennessee: 1992-1994 – Computer Science

Georgia State University: 1996-1998 – Telecommunications

Vocational / Lab study:

Internetwork Learning Institute (2001-2003)

- Completed In-depth Routing, Switching, & Security Lab Exam

- Cisco Engineering for Voice and Data Converged Security

- Cisco Engineering for Network Management

Global Knowledge (2004)

- CCIE Routing/Switching Lab Training

NetMasterClass (2005)

- NMC-1 CCIE: Routing/Switching

- NMC-2 CCIE: R&S

CyscoExpert (present)

- CCIE Routing/Switching

- CCIE Security

Cisco Systems (2006: on-site training)

- Multicast Troubleshooting

- CEF, d-CEF, 6509-e CFC/DFC

- Sup-720 vs. Sup-II Architectures

VoIP Lab & Technical Study:

- Voice Architecture: Toronto, Canada (2009)

SANS Security & GIAC Study (continued):

- SANS-Security GISP Training: Tampa, FL (2009)

- SANS GIAC Security Management

CERTIFICATIONS:

GISP #1413 (GIAC Certified Information Systems Security Professional)

ITILv3 (Certificate in ITIL V3 Service Lifecycle Management)

CCIE Security (Passed written exam / Working on CCIE Security Lab)

CCSA (Checkpoint Certified Security Administrator - NGX)

CCDP (Cisco Certified Design Professional)

CCNP (Cisco Certified Network Professional)

CCDA (Cisco Certified Design Associate)

CCNA (Cisco Certified Network Associate)

JNCIA (Juniper Certified Network Associate)

JNCIS (Juniper Certified Internet Specialist [Security])

NCP (Netscout Certified Professional)

NCA (Netscout Certified Analyst)

TECHNICAL SKILLS:

Network Services Implementation: Hot Standby Router Protocol (HSRP), Gateway Load Balancing

Protocol (GLBP), Virtual Router Redundancy Protocol (VRRP), Network Time Protocol (NTP), DHCP,

Web Cache Communication Protocol (WCCP).

Layer 2 Technology implementation: Spanning Tree Protocol (STP), 802.1d, 802.1w, 802.1s, Loop guard,

Root guard, Bridge protocol data unit (BPDU) guard, Storm control, Unicast flooding, Port roles, failure

propagation, loop guard operation, VLANs, VLAN Trunking Protocol (VTP),trunks, trunk protocols,

EtherChannel, and load-balancing. Ethernet technologies; Speed, duplex, Ethernet, Fast Ethernet, Gigabit

Ethernet, PPP over Ethernet (PPPoE), switched Port Analyzer (SPAN), Remote Switched Port Analyzer

(RSPAN), flow control. Frame Relay; Local Management Interface (LMI), Traffic shaping, Full mesh,

Hub/spoke, Discard eligible (DE). High-Level Data Link Control (HDLC) and PPP.

IPv4 Implementation: IP version 4 (IPv4) addressing, sub-netting, variable-length subnet masking

(VLSM), tunneling, Generic Routing Encapsulation (GRE), RIP version 1+2. Open Shortest Path First

(OSPF: Standard areas, Stub areas, Totally stubby areas, Not-so-stubby-areas NSSA, Totally NSSA, Linkstate

advertisement types, Adjacencies on a point-to-point or on a multi-access network, graceful restarts).

Enhanced Interior Gateway Routing Protocol (EIGRP: Best path selection, Loop-free paths, operations

when alternate loop-free paths are available or when they are not available, queries, Manual summarization,

auto-summarization, stub routes). Border Gateway Protocol (BGP: Next hop selection, Peering, Internal

Border Gateway Protocol IBGP, and External Border Gateway Protocol EBGP). Policy routing,

Performance Routing (PfR), Cisco Optimized Edge Routing (OER), filtering, route redistribution,

summarization, synchronization, attributes, and other advanced features.

Quality of Service (QoS) Implementation: Modular QoS CLI (MQC), Network-Based Application

Recognition (NBAR), Class-based weighted fair queuing (CBWFQ), modified deficit round robin

(MDRR), low latency queuing (LLQ), Classification, Policing, Shaping, Marking, Weighted random early

detection (WRED) and random early detection (RED), Compression, Layer 2 QoS: weighted round robin

(WRR), shaped round robin (SRR), L2 QoS policies, link fragmentation and interleaving (LFI) for Frame

Relay, generic traffic shaping, Resource Reservation Protocol (RSVP), and AutoQoS.

IPv6 Implementation: IP version 6 (IPv6) addressing (different addressing types), IPv6 neighbor

discovery, basic IPv6 functionality protocols, tunneling techniques, OSPF version 3 (OSPFv3), EIGRP

version 6 (EIGRPv6), filtering, and route redistribution.

Network Troubleshooting: Complex Layer 2 network issues, complex Layer 3 network issues, a network

in response to application problems, network services, and various network security issues.

Network Optimization: Syslog and local logging, IP Service Level Agreement SLA, NetFlow, SPAN,

RSPAN, and router IP traffic export (RITE), Simple Network Management Protocol (SNMP), Cisco IOS

Embedded Event Manager (EEM), Remote Monitoring (RMON), FTP, TFTP, TFTP server on router,

Secure Copy Protocol (SCP), HTTP and HTTPS, Telnet.

ASA/Firewall skills: Firewall Initialization, device management, address translation (nat, global, static),

ACLs, IPv4/v6 routing, object groups, VLANs, filtering, failover, layer 2 Transparent Firewall, security

contexts (virtual firewall), Modular Policy Framework, Application-Aware Inspection, high availability

solutions, QoS policies, CBAC, Zone-Based FW, Audit, Auth Proxy, PAM, access control, performance

tuning, advanced IOS FW.

VPN skills: IPsec LAN-to-LAN (IOS/ASA), SSL VPN (IOS/ASA), Dynamic Multipoint VPN (DMVPN),

Group Encrypted Transport (GET) VPN, Easy VPN (IOS/ASA), CA (PKI), Remote Access VPN, Cisco

Unity Client, Clientless WebVPN, AnyConnect VPN, XAuth, Split-Tunnel, RRI, NAT-T, High

Availability, QoS for VPN, GRE, mGRE, L2TP, advanced Cisco VPN features.

MPLS Layer 3 VPN Implementation: Multiprotocol Label Switching (MPLS), Layer 3 virtual private

networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers, virtual

routing/forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite).

IP Multicast Implementation: Protocol Independent Multicast (PIM) sparse mode, Multicast Source

Discovery Protocol (MSDP), inter-domain multicast routing, PIM Auto-Rendezvous Point (Auto-RP),

unicast rendezvous point (RP), and bootstrap router (BSR), multicast tools, features, source-specific

multicast, IPv6 multicast, PIM, and related multicast protocols, ex. Multicast Listener Discovery (MLD).

IPS/IDS skills: Sensor appliance: initialization, sensor appliance management, virtual Sensors, security

policies, promiscuous & inline monitoring, signature tuning, custom signatures, signature blocking, TCP

resets, rate limiting, signature engines, IDM usage, event actions, event monitoring, advanced features on

the Sensor Appliance, Cisco IOS IPS, and SPAN & RSPAN on Cisco switches.

Control and Identity Management skills: RADIUS and TACACS+ security protocols, LDAP, Cisco

Secure ACS, certificate-based authentication, proxy authentication, 802.1x, advanced identity management

features, Cisco NAC Framework. Routing plane security features (protocol authentication, route filtering),

control plane policing, CP protection and management protection, broadcast control and switchport

security, additional CPU protection mechanisms (options drop, logging interval), disabling of unnecessary

services, device access (Telnet, HTTP, SSH, Privilege levels), SNMP, Syslog, AAA, NTP, authentication,

(FTP, Telnet, HTTP, etc), RADIUS and TACACS+ security protocols, device management and security.

Advanced Security: Mitigation techniques to respond to network attacks, packet marking techniques,

security RFCs (RFC1918/3330, RFC2827/3704), black hole and sink hole solutions, RTBH filtering

(Remote Triggered Black Hole), traffic filtering using access-lists, IOS NAT, TCP Intercept, uRPF, CAR,

NBAR, NetFlow, anti-spoofing solutions, policing, packet captures, transit traffic control and congestion

management, Cisco Catalyst advanced security features.

Network Attacks Identification/Mitigation: Fragmentation attacks, malicious IP option usage, network

reconnaissance attacks, IP spoofing attacks, MAC spoofing attacks, ARP spoofing attacks, Denial of

Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, Man-in-the-Middle (MiM) attacks,

port redirection attacks, DHCP attacks, DNS attacks, Smurf attacks, SYN attacks, MAC Flooding attacks,

VLAN hopping attacks, and various Layer2 and Layer3 attacks.

ADDITIONS:

- SP85 Security Clearance (Public Trust through Homeland Security)

- 15+ years hands-on experience troubleshooting complex LAN/WAN environments.

REFERENCES AVAILABLE UPON REQUEST