DAVID LAI

CCIE-SP (written and lab)

IT / Network Architect

TS / SCI, NATO Secret

Washington, DC 20001

Cell:  210.264.8783

DavidLai.CCIE@gmail.com

 

PROFESSIONAL SUMMARY

 

 

•      Seeking remote network design and engineering positions.

 

•      Proven ability in providing expert level consulting services to customers in US Federal agencies, Department of Defense (DoD) arena, Medical, and Oil & Gas industries.

 

•      Expert level experience and knowledge include Service Provider and Enterprise level network architecture / design / engineering / implementation / Operations and Maintenance.

 

•      Able to provide scalable and robust design and engineering solutions based on customer requirements and changing organizational needs.

 

•      Top Secret / SCI, NATO Secret

 

 

TECHNICAL KNOWLEDGE / EXPERIENCE

 

Service Provider:

 

BGP, MP-BGP, MPLS, LDP, mLDP, L3VPNs, VPNv4, L2VPNs, Pseudowires, VPLS, MPLS-TE (RSVP-TE), Native IPv4 Multicast, ASM / SSM PIM Multicast, RosenMulticast VPN (MVPN) over mGRE, NG-MVPN, Label-Switched Multicast (LSM), Rosen MVPN over mLDP, MVPN w/ BGP AutoDiscovery over Partitioned mLDP, ISIS, ISIS-MTR, OSPFv2, OSPFv3, MSDP, Intra / Inter-AS L3VPNs, Intra / Inter-AS L2VPN Pseudowires, CSC L3VPNs, CSC L2VPN Pseudowires, SP-QoS, ASR1K, ASR9K, 7600 series, Cisco IOS-XR, MPLSoDMVPN, 2547oDMVPN

 

Enterprise:

 

RIP, EIGRP, IGMP, FHRP, Anycast, OSPFv2, OSPFv3, BGP, DMVPN, NHRP, QoS, GRE / IPSec Tunnels, VRF-Lite, Spanning-Tree, VLANs, LAN Switching, WAN / LAN Routing, Cisco IOS, Cisco 6500 series, various other Cisco switching and routing platforms

 

Security:

 

Cisco ASA Firewalls, Cisco Firewall Services Modules, Cisco NAC, McAfee Firewalls, Cisco NAC Profiler

 

Network Management and Misc:

 

Cisco ACS / AAA / TACACs, SNMP, Solarwinds Orion NMS, WhatsUpPro, TACLANES and various KIV / KG crypto devices, Forensics / Protocol Analysis via Wireshark, Spirent Test Center, NIPRNET, SIPRNET, CENTRIX

 

 

CERTIFICATIONS

 

•      Cisco Certified Internetwork Expert (CCIE-SP) (written and lab)

•      Cisco Certified Network Professional (CCNP)

•      Cisco Certified Internet Professional (CCIP)

•      Cisco Certified Network Associate (CCNA)

•      Cisco Firewall Specialist

•      Security+

 

PROFESSIONAL EXPERIENCE

 

Cisco Systems, Inc (through Insight Global)                                                                         Aug 2015 – Present

 

Network Consulting Engineer

 

•      Act as Trusted Advisor to Social Security Administration’s Director of Network Engineering and staff.

 

•      Provide consultation to SSA’s staff of network engineers on network designs and various methods in achieving organizational IT goals.

 

•      Provide consultation on Cisco’s product platforms to Social Security Administration’s engineering staff.

 

•      Led lab testing efforts in validation of Cisco’s products.

 

•      Ensure functionality of Cisco products and technologies in SSA’s environment.

 

ExxonMobil, (through Teksystems)     Jul 2014 - Aug 2015

 

Network Architect

 

•            Empowering ExxonMobil IT's staff of network engineers through introduction and consultation of staff to new technologies, design, and engineering solutions.

 

•            Architected and sourced high / low level design and engineering solutions to address ExxonMobil's vision in virtualizing network infrastructure on a big picture global scale.

 

•            Created lab infrastructure that leverages virtualization to enable ExxonMobil IT's staff to test, play, train, and perform proof of concept demonstrations prior to rolling out new technologies and design solutions to production network.

 

•            Evaluate new technologies for leverage in cost cutting and operational efficiency.

 

Cisco Systems, Inc (through Sagent Partners)                                                                   Mar 2013 – Jul 2014

 

Network Consulting Engineer

 

•      Consulting Engineer to US Federal / DoD clients involved in the function of delivering data, voice, and real time video to all four branches of the US military, various US federal agencies, and coalition partners in regional, continental, and global scale.

 

•      Consultation for US Federal clients included design, engineering, and testing of diverse array of scalable and MPLS based technologies for use in enterprise and service provider.

 

•      Consultation for Cisco’s internal engineers included theory, application, implementation, and troubleshooting best practices of MPLS based technologies.

 

•      Designed simulation architectures and originated testing methodologies for various large-scale multi-AS MP-BGP / MPLS VPN solutions including but not limited to L3VPNs, L2VPNs, AToM pseudowires, RSVP-TE (MPLS-TE), AToM Interworking, and carrier supporting carrier architecture on various Cisco platforms including Cisco 7600, ASR9K and ASR1K routers.

 

•      Provided internal testing within Cisco team in supporting recommendations to customer on various Service Provider Multicast options including Native IPv4 BGP multicast, Multicast ISIS, various flavors of mVPN, and label switch multicast (LSM).

 

•      Architected design and testing of a PIM free / BGP free service provider backbone network for next generation multicast solutions leveraging label-switched multicast (LSM).

 

SAIC                                                                                                                                         Dec 2011 – Feb 2013

 

Defense Information Systems Agency (DISA)  Europe – Patch Barracks, Stuttgart, Germany

 

Network Engineer

 

•      Responsible for large scale service provider (ISP) level network infrastructure servicing all 4 branches of the military as well as various federal agencies.

 

•      Served as subject matter expert on BGP, MP-BGP, MPLS, ISIS, OSPF, QoS, multicast, and other complex routing technologies to DISA.

 

•      Resolved complex routing issues involving BGP, multicast, OSPF, QoS, and ISIS on DISA’s Global Information Grid.

 

•      Trained fellow engineers on BGP, MPLS, QoS, ISIS, OSPF, and encrypted Tunneling in complex WAN routing environment.

 

•      Provided engineering and troubleshooting support for Joint Communications Support Element (JCSE) providing IP based communications to tactical missions around the globe.

 

Fulcrum IT                                                                                                                               Aug 2011 – Dec 2011

 

Special Operations Command (SOCOM) EUROPE - Patch Barracks, Stuttgart, Germany

 

Tactical WAN Engineer

 

•      Responsible for all tactical satellite network routing infrastructure involving BGP, EIGRP, OSPF, and DMVPN for Special Operations Command Europe (SOCOM Europe) on SIPRNet and NIRPNet.

 

•      Served as subject matter expert to SOCOM Europe on BGP, EIGRP, OSPF, and DMPVN.

 

•      Trained fellow engineers on BGP, EIGRP, MPLS, OSPF, and DMVPN.

 

•      Troubleshoot routing issues involving BGP, EIGRP, and OSPF.

 

Telecommunications Systems, Inc                                                                                         Sep 2010 - Jul 2011

 

USMC 1 MEF FWD & 2 MEF FWD - Camp Leatherneck, Afghanistan

     

Strategic & Tactical Enterprise WAN Engineer

 

•      Responsible for IP routing infrastructure of entire US Marine Expeditionary Force II (FWD) in Southwestern Afghanistan for all US Marine strategic / tactical sites in Afghanistan on both classified and non-classified enterprise networks with each network totaling up to 25,000 users.

 

•      Migrated a large unstable enterprise class WAN network spanning several US Marine strategic and tactical EIGRP sites to a stable multi-AS BGP environment resulting in significant improvement in quality of data and voice delivery.

 

•      Served as subject matter expert to 1 MEF & 2 MEF FWD on network design / engineering / implementation with a focus on BGP WAN routing, EIGRP LAN routing, Black Core Networks, Dynamic Multipoint VPN on tactical WAN networks, and WAN QoS.

 

•      Provided engineering guidance and implementation best practices for Dynamic Multipoint VPN (DMVPN) leveraged by the US Marine’s Support Wide Area Networks (SWANs) and SIPR / NIPR Access Points (SNAPs) over satellite TDMA mesh network for communications on battlefields.

 

•      Involved in all stages of design, engineering, implementing, and final tier troubleshooting for entire US Marine Enterprise strategic WAN network and tactical WAN networks operating in Southwestern Afghanistan.

 

Lockheed Martin                                                                                                                     Apr 2007 – Aug 2010

 

Brooke Army Medical Center (BAMC), Ft. Sam Houston, Texas

  

Senior Network Engineer / Firewall Engineer

 

•      Maintained security posture of the BAMC's network through engineering and daily administration of the hospital's Cisco ASA Firewall Services Module, BlueCoat, and IronPort web proxy / filter, ultimately controlling all traffic between BAMC and other US military hospitals around the globe.

 

•      Oversaw operations of BAMC's Network Engineering Branch which provided networking services to Army's premier medical facility totaling over 9,000 concurrent networked devices and over 1 million square feet.

 

•      Provided network engineering consultation to BAMC in medically-related IT implementation & integration projects, as well as BRAC-related network expansion projects.

 

•      Provided forensic analysis to solve wide variety of issues to include general communications issues, access issues, and security-related issues through use of logs, packet sniffers, and protocol analysis.

 

•      Managed BAMC’s “slash /17” public IP address space, its related subnets, and VLAN structure to facilitate hospital's IT expansion projects, while ensuring maximum stability and scalability.

 

•      IP Multicast engineer for BAMC when engineering hospital's network to provide fully redundant multicast capability to support new Draeger patient monitoring systems (critical system). 

 

•     Lead engineer in design and integration of Cisco NAC (Network Admission Control) with BAMC's network in wired, wireless, and VPN environments.

 

TEKsystems                                                                                                                             Sep 2005 – Oct 2006

 

Multimax, Camp Pendleton, CA       

Network Engineer

 

•      Provided network engineering services to the Navy Marine Corps Intranet (NMCI) on Camp Pendleton Marine Corps Base.

 

•      Prepared, configured, and installed Cisco multilayer switches while ensuring 100% functionality with existing network infrastructure, ie. ensuring no switching loops and correct root bridge assignment.

 

•      Surveyed sites and network closets for necessary Fiber and CAT-5 infrastructure required for successful implementation of new NMCI Cisco switches and workstations.

 

US Navy     Mar 2001 – Mar 2005

 

Information Systems Administrator

 

•      Responsible for ship's NIPRNET and SIPRNET networks.

 

•      Performed maintenance and troubleshooting services for ship's LAN and all attached network devices.

 

•     Maintained ship's NIPRNET and SIPRNET Cisco 2600 routers running OSPF IP routing protocol.