chandlerlove.cisco.ccnp@gmail.com| (704) 780-6644

An IT professional with over 12 years of professional and progressive technical experience in engineering, configuration, installation, integration, support, resolving technical issues and troubleshooting of various technologies related to medium to global data communication systems which includes over 10 years of experience in both Cisco and Juniper routing, switching and network security with proficiency in voice, wireless and datacenter technologies.

 

·    Cisco Certified Network ProfessionalCCNP-Route/Switch

·    Cisco Certified Network Professional Security                CCNP-Security

·    Cisco Certified Design ProfessionalCCDP

·    Palo Alto Accredited Configuration Engineer                   ACE

·    National Security Agency 4013/ National Security Agency 40114013 Recognition/NSA 4011 Recognition

·    Comptia Security+-CE                                                             Security+ CE

·    Cisco Certified Design AssociateCCDA

·    Cisco ASA SpecialistCAS

·    Cisco Certified Network Associate – Routing & SwitchingCCNA-Routing & Switching

·    Cisco Certified Network Associate - Datacenter / VoiceCCNA-Datacenter/CCNA- Voice

·    Cisco Certified Network Associate – Wireless/ SecurityCCNA – Wireless / CCNA – Security

·    Secret Security ClearanceSSBI

Cisco Technologies:Cisco IOS, Nexus OS, ASR1000’s Cisco 2900, Cisco 2960X, Cisco 4500X, ASA 5585-X, Cisco 4240 IPS/IDS, ASDM, Cisco 800, Cisco Catalyst 6509e, Cisco 3750X, Cisco 3750v, Cisco Catalyst 3560, Cisco Catalyst 4500, Cisco 4948, Cisco Catalyst 6500, Cisco ACS Server, Cisco Nexus 1010/1010x, Cisco Nexus 2000’s Cisco Nexus(IBM) 4000, Cisco Nexus 5548’s, Cisco Nexus 5596’s, Cisco Nexus 5548P, Cisco Nexus 5548UP,  Cisco Nexus 7008, Cisco Nexus 7010.

Juniper Technologies:EX3200, EX4200, SRX-650, SRX-1400, SRX3400, SRX240, NS5200, ISG2000’s, ACX2000

Aruba Wireless:225 AP, 205 AP, 125 AP, RAP-3WNP, Mobility Controller, Clear Pass Authentication Server

Connectivity & Hardware:Exchange Server, Blade Servers, VMWare, DNS Servers, DHCP Servers, Web Servers Ethernet, Fast Ethernet, WAN, LAN, TCP/IP, RAID systems, Cisco ASA 5500 series.

Network Technologies:CDP, Frame-relay, PPP, Access Control List (ACL), Network Address Translation (NAT), Port Address Translation (PAT), RIPng, RIP, RIPv2, OSPF, EIGRP, BGP, MPLS, VTP, SNMP, DHCP, 802.1ad, SNMPv3, SMTP, ARP, TCP, UDP, Static Routing, Stub Routing, VLAN Trunking, NBMA, SONET, VLAN, VTP, HSRP, STP, SVI, CEF, Etherchannel, BPDU, Portfast, GLBP, VRRP, 802.1x. , PVLAN, DSCP, CoS, Reverse Proxy, Load Balancing, Policy Based Routing, Modular Quality of Service Command Line Interface, OTV, Fabric-Path

Peripheral Technologies:802.11 a/b/g/n/ac, WLAN, WAP, AP, SSID, LWAPP, CSMA/CA, AAA, IPS/IDS, TACACS+, RADIUS, SSHv2, VACL, PVLAN, VPN, Cisco ACS, VoIP, IP Phone, Catalyst, CUCM, QoS, PoE, CME, CUE, Port Security, SIP, RTP, SCCP, SRTP, UCCM, UCCX.

Monitoring Tools:Splunk, Fishnet, Dynatrace, Finisar,  Wireshark, Remedy, Openview, Cacti, Nagios, Solarwinds/Orion, Rancid, Cisco Works, LogicMonitor, Cisco Security Manager Suite.

Enterprise Technologies:        Windows 98/2000/XP/VISTA/7, Exchange 2003/2008 (R2),  DHCP, BOOTP, DNS, WINS, Microsoft Office Suite, VDI, VM Ware, Remote Desktop, Linux, Scanners, Desktop and Networked Printers, MAC, Netcool, LogMeIn Central, GPMC, RDP, Internet Information Services, DFSR, Network Access Control, SEIM

Miscellaneous Technologies: F5 BIG-IP LTM 6400, 6800, 8400; Palo Alto 200, 3050, 4050, 5050; McAfee Nitro Security, McAfee 4010-IPS;  Black Diamond—Extreme

 

GCI/TEKSystems      Network Engineer                                                2015-Present

IBM/TEKSystems                    Senior Network Engineer                                    2014-2015

Computer Sciences CorporationSenior Networking Associate2011-2013

DynCorp InternationalOnsite Technician2011-2013

United States Postal ServiceOnsite Engineer (EMM)2005-2008

 

Bachelor of Science, Computer Information SystemsStrayer University

United States Marine Corps – Honorable Discharge

 

 

 

 

General Communications, Inc/TEKSystemsNetwork Engineer                                   2015-Present

·   Network engineer on a team who coordinated and facilitated project goals with viable technical solutions, aided in the design and planning of network expansion, re-designs, new implementations, equipment software/firmware updates, technical refreshes and installed and upgraded switches, routers, firewalls,  authentication servers, wireless controllers, and intrusion detection hardware.

·   Technical Responsibilities include but not limited to maintaining of multiple enterprise firewalls and associated access rules to facilitate high availability, software currency, and granularly prescribed access to achieve business goals and to maintain customer satisfaction, monitored  and troubleshot network assets for outages, failures, bandwidth consumption, memory usage, and state changes

·   Provided vital inputs to ongoing and newly established initiatives to ensure sound design for scalability and future viability.

·   Provided escalation support for network issues related to user access, load balancing, IPSEC VPN’s, wireless connectivity, DHCP, routing, switching, PKI infrastructure, 802.1x, and firewall connectivity.

·   Aided in design and planning of network expansion, re-designs, new implementations, equipment software/firmware upgrades, and technical refreshes

·   Supported multiple organizational VOIP implementations

·   Communicated effectively, verbally and in writing, ideas and professional observations to managers, engineers, and other organizational stakeholders from varying technical  and professional disciplines

·   Provided input and recommendations for equipment purchasing to maximize added-value and scalability

·   Enforced and implemented sound technical network security practices and behaviors

·   Interacted with stakeholders at all levels to resolve technical issues

·   Responded to serious technical issues on a 24/7 on-call basis

 

 

IBM/TEKSystems(US Army Datacenter)Senior Network Engineer                   2014-2015

·   Senior network engineer providing network and network security design, implementation, and level 3 escalation support

·   Integrated firewall solutions for numerous client networks and enclaves

·   Designed and implemented core switching and routing functionality for datacenters utilizing primarily Cisco Nexus 7000, 5000, 4000, and 2000 series switches.

·   Oversaw numerous hardware upgrades, technical refreshes, and equipment migrations

·   Administered and engineered Cisco ASA, NetScreen5200, Juniper ISG , Juniper SRX, and Palo Alto firewalls to provide secure connectivity and integration with F5 reverse-proxy and load-balancing

·   Designed and implemented DMZ architectures

·   Provided tier-3 escalation support for enterprise technologies.   

·   Configured crypto-maps, isakmp policies, transform sets for IPSEC-VPN connectivity

·   Configured policy-based and route-based IPSEC-VPNs for Juniper ISG And ACX devices

·   Designed firewall solutions to include zones, policies, NAT & PAT, address-groups, and network objects.

·   Performed security audits to ensure optimal network functionality and hardening.

·   Designed and implemented  McAfee 4010 and Cisco 4200 series Intrusion Prevention and Detection System solutions

·   Configured data center switches for network backup, replication, and storage and resolved related technical issues.

·   Managed and maintained high-availability firewall clusters utilizing NetScreenOS (NS5200 & ISG1000), JunOS (SRX 240, 1400, 3400), Palo Alto (3050) and Cisco ASA (5585x)

·   Architected ACS TACACS+ solutions for client networks and administered user permissions

·   Developed local standard operating procedures and configuration guides for switches, routers, firewalls, and IPS/IDS devices.

·   Created and maintained network drawings and documentation utilizing Microsoft Visio and Office tools.

·   Designed and configured F5-BIGIP-LTM reverse proxy & load balancing solutions for client networks

 

Computer Sciences CorporationSenior Networking Associate2011-2013

Company Overview – Computer Sciences Corporation (CSC) is an American multinational corporation that provides information technology and professional services. CSC is acknowledged as the world’s fourth most admired IT services company that employs approximately 100,000 people globally. Due to CSC’s large global footprint in 90 countries, they use a highly complex global network infrastructure for a variety of business processes. Below will be a list of responsibilities handled:

·   Member to a team of professionals responsible for the day-to-day administration and support of mission critical networking technologies, to include routers, switches, and firewalls, located within a complex heterogeneous network infrastructure.

·   General responsibilities included design, administration, support, analysis, and incident management activities related networking technologies

·   Responded to Remedy Ticket change requests and incidents to provide resolution to firewall, reverse proxy, port-security, routing, and switch related issues

·   Configured port-channels, vlans, trunks, subinterfaces, and routing protocols—EIGRP, OSPF, BGP .

·   Racked and cabled network devices to include switches, routers, firewalls, servers, VPN concentrators, IPS/IDS

·   Implemented firewall policies to provide connectivity to customers as approved by the Information Assurance team.

·   Created access-lists, class-maps, route-maps, vlan access-lists, and control plane policing policies to ensure secure and functional network communication

·   Functioned as network team lead purposed to analyze, develop, and manage project activities to include providing feedback on planned designs, development of networking tasks and prerequisites from other IT teams, and coordination of human and technological assets to ensure timely and efficient progression towards outlined project goals and deadlines.

·   Coordination and communication activities included, but were not limited to, interdepartmental communications and coordination, timely reporting to appropriate groups, documentation, and providing detailed and effectively communicated reports and updates to project managers, service level managers, and outside customers and clients.

 

DynCorp InternationalOnsite Technician2009-2011

·   Responsible for the day-to-day administration and support of various mission-critical enterprise technologies to include Cisco routers, switches, and firewalls.

·   Primary activities included installing, configuring, administrating, and troubleshooting various network technologies and devices including verification of configuration, configuration, and hard-ware “break fix”.

·   Installed OS upgrades to network devices as directed

·   Secondary activities included project management, administration, documentation of network design and configuration, and providing reports to project managers and organizational customers.

·   Additional responsibilities and activities included but not limited to 2nd level support for systems/network administration

·   Provided as needed technical training of new team members.

 

United States Postal ServiceOnsite Engineer (EMM)2005-2008

·   Member to a team responsible for the day-to-day administration and trouble-shooting support for high-availability of enterprise level technologies located within a complex heterogeneous and multi-vendor network infrastructure.

·   Technical responsibilities included the installation, configuration, administration, and troubleshooting of enterprise technologies

·   Professional responsibilities included project management, administration, regulatory compliance, and documentation.

 

 

Routing & Nexus & Catalyst Switching

·               Implement trunk ports and implement granular control of VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than previous generation of switches.

·               Implement port-profiles as part of the NX-OS command structure that allows for configuration of multiple ports and port-types via inherited configurations applied via a single command that reduces administrative error and allows for better configuration readability.

·               Implement a virtual version of Nexus: Nexus1000v into VMWare to extend Nexus capabilities directly adjacent to virtual machines so that they benefit from Cisco switching capabilities and network topology consistency ensuring VMs maintain their subnet/VLAN relationships during failover.

·               Implement secure privileged administrative access to the Cisco IOS system.  Enable the encryption of system passwords to prevent unauthorized users access to passwords in the system configuration.

·               Implement secure access to the console and vty ports, and set the interval that the EXEC command interpreter waits until user input is detected on the Console and vty ports.  Also, configure the console and vty ports log messaging to not interfere with active device configuration.

·               Implement VLAN Trunking Protocol to reduce administrative overhead.  Enable secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused switchports following Layer 2 security best practices. 

·               Create and manage Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding.  Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches.  Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.  Modify spanning-tree parameters for manual root bridge assignment.  Implement ether-channels between each switch using PAgP for negotiation.  Modify ether-channel load balancing method.

·               Implement WAN links between sites using frame-relay point-to-point and multipoint connections to establish connectivity between each of the four sites as required.  Establish frame-relay point-to-point connections three of the sites creating a full mesh.  Implement hub and spoke network between three of the sites with the main office as the hub for redundant connections. 

·               Implement EIGRP routing for point-to-point and Non Broadcast Multi-Access networks.  Ensure that the spoke routers are receiving routing information about each other from the hub.  Configure EIGRP unequal-cost load balancing to also use the lower capacity multipoint links when routing packets.

·               Prevent neighbor adjacencies from being formed as well as the sending and receiving of routing updates on unnecessary interfaces.  Implement EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain.  Implement manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table. 

·               Implement OSPF routing with multiple areas for networks between sites.  Implement totally stubby areas to lower the system resource utilization of routing devices for the network.  Implement NSSA area to allow injection of external routes into the area and propagation into the OSPF domain.

·               Implement backup and recovery of Cisco IOS Images.  Perform password recovery on Cisco IOS routers/switches, a Cisco NX-OS switch, and a Juniper EX2200 Series switch to restore administrative access.  Backup and Restore startup-config file for disaster recovery.

·               Configure Cisco Nexus 5020 switches to utilize Nexus 2148 Fabric Extenders to provide access switchports.  Implement virtual portchannels in single-homed and double-homed topologies

 

Security

·               Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office.  Implementation of the VPN includes the following configurations:  Internet Key Exchange Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmacto define how the traffic is protected, crypto-map to associate the previously configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint. 

·               Implementation of Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components:  three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.

·               Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser.  Prepare the Cisco ASA with necessary configurations to self-signed certificate generation.  Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association. 

·               Configure Syslog on the Cisco ASA5505 with logging to a host and internal buffer.  Forward all logging to an internal Syslog server for monitoring and management.  Configure and manage Syslog output generation using custom message lists.  Implement FTP backup of internal buffer when it is exceeded.

·               Implement Basic Threat-Detection, Advanced TCP Intercept, and Scanning Threat-Detection.  Simulate attacks on network to manage threat-detection rates and verify Syslog generation.

·               Utilize Cisco ASA5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic.  Configure HTTP inspection policy to block restricted sites and file downloads.

·               Implement active/standby failover and automatic configuration synchronization of two F5 Networks’ BigIP devices using a browser-based GUI and via the command line. Implement a virtual web server to perform load balancing of multiple identical web servers using BigIP’s Local Traffic Manager.

·               Configure the Cisco ASA 5510 using both a browser and the command-line.  Implement active/standby failover between two ASA5510s.  Implement active intrusion prevention using an AIP-SSM inline module in the ASAs.  Utilize the AIP-SSM to log packets.  Simulate the response to an attacker by blocking a host IP on the AIP-SSM.

·               Simulate a device failure on both the BigIP device and the ASA 5510 during a file transfer to demonstrate failover.

·               Implement password recovery on the Cisco 5510 ASA.

 

Voice

·               Implement a local voice network with the following network elements:  Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE) installed, Cisco Communications Manager Express, a standard Cisco 3550 Switch, and a Cisco 3550 switch with Power-over-Ethernet.  Create and manage Data and Voice VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding.  Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.

·               Configure Fast Ethernet main and sub-interface assignments as required for intervlan routing.  Implement static routes for local connectivity.  Implement NTP server, DHCP server, and TFTP server for support of the VoIP network.  Modification of system level parameters including max phones, max directory numbers, display format for date and time, and setting the Time-Zone. 

·               Implement Unity Voicemail on the Cisco Unity Express Network Module.  Configure a dial-peer on the Cisco 2811 ISR to define the attributes of the packet voice network connection to the Cisco Unity Express Network Module.  Enable call forwarding on busy or no answer.  Implement Message Waiting Indicators and Voicemail access via SMTP.  Daisy-chain PCs to VoIP phones to reduce network cabling costs.  Utilize PoE ports for VoIP phones to reduce power infrastructure costs.

 

Wireless

·               Implement a wireless network infrastructure providing access to wired LANs to increase mobility and productivity utilizing the following network elements:  Cisco Wireless LAN Controller (WLC) 2106, a Cisco 3550 switch, a Cisco 1130AG series Access Point, and a Cisco 1121G series Access Point.  Create wireless LANs and configure interface association, security parameters, and radios used.  Utilize the Wireless LAN Controllers web GUI to configure and manage the wireless network.  Configure internal DHCP scopes for WLANs. 

·               Prepare infrastructure for AP registration on same subnet as management VLAN and for AP registration on different subnet.  Configure AAA AP policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate. Implement AP Grouping to ensure WLAN SSIDs are only broadcast by the APs desired.

 

Data Center

·               Configured VLANs and access ports connecting virtual machines using the NX-OS CLI on a Cisco Nexus 1000v virtual machine and VMWare vSphere Client networking. 

·               Configured routing policies and service profiles for separate levels in an organizational hierarchy using a Cisco Prime Network Services Controller virtual machine.  These policies and profiles were applied to Cisco Cloud Service Router 1000v (CSR 1000v) virtual routers.

·               Configured a CSR 1000v router using the Cisco IOS 15.4 CLI.

 

Monitoring

•    Used the Cisco Configuration Professional GUI to configure interfaces, passwords, hostnames, DHCP, EIGRP, and SNMP on a Cisco router.  Used the CCP monitoring tool to monitor traffic from that router.

•    Configured the Nagios XI monitoring tool to monitor routers and switches and customized its dashboard.

•    Configured SolarWinds Orion NPM and used it to monitor traffic on a network.

•    Configured the CACTI tool to graph traffic from a router and to generate alerts based on a threshold traffic level.

•    Used the Wireshark tool to study HTTP, telnet, and SSL traffic.