Professional Experience:

Network Runners, Inc., Information Security Engineer, Jun. 2013 to Mar. 2014

Assisting banks accessing data and applications, with router configurations, access design, and project management on new and existing networks.  Worked with routers, operational changes, disaster recovery validation, and upgrades.  Provided administration and operational changes to Cisco DMVPN, Check Point, Sophos, and occasionally, F5. Resolved network issues and access to databases, applications for file transfer, disaster recovery, and license upgrades with assistance in and out of the cloud.

FreeLance7, Information Security Engineer, (contract: 3-mos), Jan. 2013 to Jul. 2013

Installed DNSSEC, and public key infrastructure (PKI) with configuring multi-factor-authentication for Windows Server 2012 and Linux.  Configured Cisco ASA and Check Point firewall layers securing existing datacenter infrastructure.  Used tcpdump and WireShark to find issues with application-block size affecting the access performance of mid-tier-server, to the backend-databases.  Increased LAN traffic throughput by over 12 percent.  Designed network/business analytics (extract/transform/load) using Python, Unix scripting, and Regular Expressions.  Installed SQL Server 2012 Enterprise with Developer Extensions.  Proposed WatchGuard System Manager for deep, real-time, and historic analysis into networks, user events, and access-activities.

Wells Fargo & Company, Information Security Engineer, (contract: 6-mos), Jan. 2012 to Dec. 2012

Provided firewall change analysis, and design strategy assistance to all lines of business, using VPN/firewall services: Using Cisco Security Manager, and Check Point’s SmartDomain Manager (Smart Dashboard / Provider-1) I supported a large banking firm.  Reduced network complexity by decommissioning firewalls, policies, applications, servers, and routers – over 600 devices removed.  Upgrades and device cleanup was required following the acquisition of Wachovia Bank two years previous.

Berkshire Hathaway Energy (MidAmerican Energy) / PacifiCorp, Security Analyst, (contract: 6-mos), Apr. 2010 to Dec. 2011

Performed audits, and security assessments of digital control systems (DCS), supervisory control and data acquisition (SCADA) equipment, and on all “generation equipment” in accordance with Federal Energy Regulatory Commission (FERC) and North-American Electric Reliability Company (NERC) critical infrastructure protection standards (CIPS), electrical power-plant policies, and existing procedures.  Automated the audit of syslog files, event log files, firewalls, routers, and switches from plant equipment per NERC-CIPS requirements.  Files were text, raw binary data, automated reports, database reports, SQL queries, and scripts.  Input files were aggregated, cleaned, and normalized for database import, from systems used in power generation and corporate infrastructure.  Responsibility over syslog data, and event-log data from NIDS, HIDS, IDS, firewalls, routers, switches, servers, Pinnacle CCTV, and physical-access card-readers.  Reported to Directors, Systems Administrators, Network Engineers, DBAs, and Developers with recommendations to remediate threats, and improve designs.  External audit confirmed our success in minimizing security risks threatening the safety and continuity of the firm’s systems and networks.  Analysis tools: Excel, MySQL queries, along with basic Unix tools like vi, ed, sed, awk, Perl, regular expressions, and unix shell scripts.  Reporting tools: Unix, Perl, regular expressions, Toad queries made to MySQL, and DOS scripts used to organize output formats, and extend the functionality of tools like Microsoft’s Log Parser Toolkit, syslog, and MySQL reporting.

Unisys, Global Outsourcing & Infrastructure Services, Network Design Engineer / Analytics, Dec. 2005 to Apr. 2010

Audited, designed, and supported secure network architectures for public, private and Federal Government customers using ArcSight, Check Point, ASA, Nokia, F5 BIG-IP, F5 FirePass, SourceFire, Snort, Nessus, FoundStone, Unix, Linux, and Windows solutions.  Received Cisco “Advanced Security Training and Cisco “Designing High Availability Training.”  Diagnosed communications issues (IP, TCP, UDP, VPN, and VRRP) between routers, switches, firewalls, and servers for both client and vendors.  Resolved communications issues between VPN endpoints, web servers, applications servers, and databases.  Assisted all technical levels of IT professionals with protocol and packet analysis using tcpdump, WireShark, windump, win-pcap, snoop, Nmap, Netcat, ArcSight, shell scripts, and Perl.  Conducted forensic analysis, vulnerability assessments, and security audits for Unisys and its clients.  Prepared statements of work, technical proposals, architecture reviews, remediation, incident responses, and disaster recovery procedures.  Participated in consulting, network design, log collection, data cleaning / normalization, vulnerability scans, system inventory scans, and network traffic analysis scans.  Our secured network designs run industries like Banking, Health Care, Telecommunications, Universities, and security functions for State and Federal Government contracts held by Unisys.  Awarded Silver Recognition Awards for Security Services to GOIS Customers, and Eradicating Federal Threats, and Bronze Recognition Awards for Accuracy in Security Deliverables and for Accuracy Completing Client Requests.

CMGI International / ModusLink, Sr. Network Security Administrator,           Apr. 2000 to Dec. 2005

Installed and configured Check Point firewalls, Cisco routers, PIX firewalls, Cisco 3000 VPN-concentrators, and several HA solutions including large firewalls using Check Point, Sun, and Nokia hardware.  Configured a full VPN mesh with 73 locations worldwide, and WAN network design for over 90 additional VPN sites for online customer software licensing,  credit-card authorization, DVD/CD stamping/authoring worldwide for Microsoft, HP, McAfee and Oracle/Sun.  Employed Nagios reporting, automated data exchange scripts, as well as automated router backup, and dual-boot disk scripting for Windows, Solaris, and Linux.  Administered three instances of Provider-1, configured StoneBeat FullCluster, DNS, and OpenView software for sites in Europe, Asia Pacific, North America, and Central America.  Lead security resources involved in network design, audits, scans, remediation, and penetration testing, and in writing security policy and procedures.  Certified in security-training courses for SANS, VeriSign, IP network analysis, Intrusion Detection (IDS), Intrusion Prevention (IPS), active/passive HA firewall configurations, and Check Point’s most advanced VPN/Security training.

Evans & Sutherland, Sr. Systems Administrator, and Team Lead,Oct. 1997 to Apr. 2000

Responsibility for performance and uptime of Sun Solaris, SGI IRIX,  Linux, and IBM AIX servers for Visualization Databases, the board and chip simulations engines, as well as various corporate databases,.  Managed switched fabric, fiber channel SANs, using both Cisco and Brocade switches for both Unix and Windows servers.  Managed Sendmail, DHCP, DNS, NIS, Check Point Firewall-1, HP OpenView, WebSense, Samba, FTP, and Oracle applications on Linux, Solaris, Windows operating systems, Legato’s NetWorker, and VLSI simulation servers running real-time simulations for chip/board layout.  Designed and administrated multi-terabyte disk SAN and NAS subsystems used by UNIX and Windows servers.  Attended Sun, Check Point and SANS Security Conferences for Intrusion Detection, HA networking, HA routing, and HA VPN design, HA firewall design and attended specialized IPSEC, ITIL Incident, Problem, Change and Configuration Management coursework as well as attending two Check Point VPN encryption training sessions.  Solved NAS/SAN backup issues for unix, Windows, and Legato Backup on HPUX, IRIX, Solaris, Windows, and AIX.

Kodak / Danka - Digital Services, Systems Engineer,                                       Jan. 1997 to Oct. 1997

Administered Rasterizing Image Processor servers at most US locations.  Supported proprietary compilers written in c and PostScript for publishing custom, and limited run books and documentation on high-speed, roll-fed printers.  Administered enterprise NAS, SAN, Samba, NFS, and disk subsystems.  Improved safety and scalability using a Fiber Channel NAS, and SAN used by Solaris, AIX, and Windows servers for print rasterization to PostScript to high-resolution bit maps.  Viewed files using GhostScript, and printed books and bound pamphlets on 600 DPI, 440 page/minute IBM printers for on-demand publishing.

Valek International, Sr. UNIX Systems Administrator,                                          Dec. 1995 to Dec. 1996

Supported TeraData and Oracle servers with installation, backup, cloning, RAID, client-server development, and configuration scripting for UNIX and Windows.  Supported Oracle’s financial, manufacturing, and MRP modules with performance analysis, code updates, and bug fixes.  Increased performance 20% using tuning adjustments recommended by consultants from Oracle, NCR, Intel, Sun, HP, TeraData, and ATT on large data-mining servers.

University of Utah, and Raytheon Sarcos Research, Network Security Administrator,May 1993 to Dec. 1995

Performed systems administration and network security consulting for the Computer Science Department, Electrical Engineering Department, and the Center for Engineering Design (CED) at the University of Utah and Sarcos Research, now Raytheon Sarcos Research.  Managed simulations servers for Electrical Engineering, Mechanical Engineering, and CED.  Servers and software were used by professors, graduate students, staff engineers and robotic simulations laboratories for upper division MS EE/ME, and PhD EE/ME, coursework.  Configured super-computers supporting chip/board fabrication, robotics design, Finite Element Analysis (FEA), 5½ -axis mills, 3D printing, and electronics databases used to manufacture robots.  Robot manufacturing used Pro-Engineer, vxWorks real time OS, Unix, X11, Ideas, MatLab, Paradigm’s MultiGen, and ModelGen.  Supplied SGI solutions for X11 control/monitoring dashboards used in simulation and Universal’s Jurassic Park theme-park ride, and animations for the move, Jurassic Park. 

Alpine Engineering Systems, Systems Engineer, Oct. 1992 to May 1993

Provided project applications development, systems administration, network design, security operations, and consulting for the firm.  Provided technical support, and large account support to 14 teams in four western states.  Administered DNS, sendmail, Computer Aided Design (CAD), Geographic Information Systems (GIS), Finite Element Analysis (FEA), and Unix Systems software.  Provided contract development for Federal clients (Internal Revenue Service), Military clients (US Air Force), State (various state agencies), Salt Lake County, and City agencies.  Provided network/systems administration, database development, data import/integration, and CAD conversion/programming for ESRI’s ARCH/INFO, ArcView, ArcGIS, AutoDesk’s AutoCAD development, Sun Microsystems, and Windows servers.

Eyring Research, Systems Engineer, (secret clearance) Apr. 1990 to Oct. 1992

Designed and programmed real-time helicopter flight systems trainers, and weapon systems trainers, providing new simulated malfunctions, and improving flight-dynamics with improved flight-fidelity math modeling.  Programmed real-time-OS features for servers, using assembler, c, FORTRAN and some Ada.  Designed and coded analog-to-digital and digital-to-analog interfaces for all gauges, dials force feedback hydraulics and flight control loading hydraulics found in the actual aircraft’s airframe.  Helicopter simulators train Navy, Marine, and Air Force test pilots from 40 countries worldwide in dealing with failures and malfunctions without endangering real crews or aircraft.  The military aircraft simulations used Sun, and SGI for simulations graphics, hydraulics, and electronics conversions, while the real-time simulations ran on Wind River real-time OS, Evans & Sutherland, and Harris Mainframes.

Education:

Graduated:Westminster College, Salt Lake City, Utah (1989-1990) (full scholarship).  BS: Computer Science, Emphasis in Software Engineering & Artificial Intelligence.

Attended: University Of Utah, Salt Lake City, Utah (1983-1988) studied Econometrics and Finance.

Certification Training:Check Point, Engineer-I, Engineer-II, and Engineer-II-Plus, for versions: 4.1, NG, NG-AI, and NGX.

Check Point Training Conferences for Advanced Security Topics, 1999, 2001, and 2004.

ArcSight Certification Training, May 2007, May 2008, May 2009.

SANS Security Conferences, 1995, 1998, 2000, 2002, 2005, 2006, 2007, and 2008.

SourceFire/Snort Training, July 2009.

Riverbed: WireShark and Cascade Pilot Traffic Analysis Workshop.  March 2013.