From: route@monster.com
Sent: Friday,
November 4, 2016 8:52 AM
To: hg@apeironinc.com
Subject: Please
review this candidate for: PaloAlto
This resume has been forwarded to
you at the request of Monster User xapeix03
|
|||||||
|
|||||||
|
|
|
||||||
|
||||||
|
Lawrence Crawford LCrawford@lanwanprofessional.com | (720) 641 - 2752 Summary Senior Network
Engineer and IT professional with over 15 years of experience concerning
security, design, project management, evaluation, engineering,
implementation, administration, management, analysis, testing, escalation
support, documentation of enterprise concepts and design templates,
configuration and troubleshooting for various network technologies for large
to global enterprise environments which includes Juniper and Cisco equipment,
Load Balancing, proficiency in routing protocols (BGP, RIP, OSPF), switching,
voice (VOIP), wireless, data center technologies, firewall management (ASA),
authentication, authorization, accounting (AAA) and Identity Services Engine
(ISE). Professional Skills & accomplishment
highlights § Provided high-level, mission-critical technical analysis
in saving DST company costs. Some of the cost saving projects are RSA
keys project is to migrate to a soft token architecture which would save over
0.5 million in 5 years; ISE PSN project using VM OIC would reduce the cost of
7K as opposed to 30K for a rack mounted hardware; Wireless Comparison Project
for Aruba/Cisco/Meraki where the cost savings for setup of Branch Offices and
Remote Offices would save the company close to $1 million per year in
personal costs for onsite configurations. §
Network
Infrastructure Planning, Technical Review, Evaluation, POC, Project
management for redesign of Cisco, and large deployment of DNS servers, Cisco
VoIP, Cisco Call Manager, 4G LTE Wireless for over 3500 locations of Chipotle
throughout US and Canada. § Project management experience in advancing key IT projects by
partnering with existing teams of professionals, developing technology
strategy and support models, helping advance both department and company
projects to successfully accomplish performance goals, utilizing a sound
sense of business judgment with a forward thought processes. Technical Certifications & Skills § Cisco Certified Network Professional – Routing &
Switching (pending)CCNP –R & S § Certified WAN Professional/Certified WAN Enterprise
AdministratorCWP/CWEA § Cisco Security Administrator / Data Center AdministratorCSA
/ CDCA § Cisco Voice Administrator / Wireless TechnicianCVA /
CWT § Cisco Certified Network Associate – Routing/SwitchingCCNA
– R/S § Comp-TIA A+, Network+ and Security +A+, Net+, Sec+ § Microsoft Certified Solutions
Expert
MCSE § Clearances: Top Secret 1992 -
1997 Technical
Skills Detail Routing/Switching
Technologies - Cisco Routers (3900, 2900, 1900, 800 Series),
Cisco Catalyst Switch (6500, 5500, 4900, 4500, 3750, 3560-X, 3100), Cisco
Nexus 1kv, 2k, 5k Series, Juniper, HP and Palo Alto Routers & Switches,
WAN, LAN, TCP/IP, Cisco IOS, Spanning Tree Protocol, BPDU, CDP, ACL, NAT,
PAT, RIP, RIPv2, OSPF, OSPFv3, EIGRP, BGP, MPLS, VTP, SNMP, SMTP, ARP, TCP,
UDP, Static Routing, Stub Routing, VLAN, VLAN Trunking, VXLANs, Multicast
routing, HSRP, SVI, CEF, EtherChannel, PortFast, VSS, VPC. Security/Firewalls
Technologies - Cisco Security Manager Suite, Cisco ASA 5500
series firewalls, Cisco FWSM, Cisco IPS/IDS, Cisco ACS, Advanced Firewall
Manager (AFM), Cisco ASA 1000V cloud firewall, Checkpoint Firewall, Juniper
SRX series, Protocols & Standards - AAA, TACACS+, RADIUS, SSH, VPN,
IPSec, SSL/IPSec, Data Loss Prevention, Data Management Zone, Pretty Good
Protection (PGP), Public Key Infrastructure (PKI), Internet Key Exchange
Policy, Port Security, MAC Address Filtering Wireless/Voice
Technologies - Cisco WLC, IEEE 802.1x & 802.11, WLAN, WAP,
AP, SSID, LWAPP, Aironet, Bluetooth, Avaya, AURA - Voice Over Internet
Protocol (VoIP), VoIP/SIP, CUCM, UCCM, UCCX, MGCP, RTP, SCCP, SRTP, Quality
of Service (QoS), PoE, MMDS, LMDS, CCK, DSSS Monitoring/Data
Center/APPS - Wireshark, Remedy, Cacti, Nagios, VMware,
SolarWinds, Cisco Security Manager Suite, Server, Sniffer, Ethereal, Orion -
VMware VSphere, VCenter Server Appliance, VMware ESXi Hypervisor, F5 Big-IP
load balancing (GTM/LTM), Cisco AnyConnect VPN management, Cisco Prime, Cisco
IPS/IDS, Meraki cloud based - Splunk Enterprise, SNMPv2c, SNMPv3, DNS, DHCP,
FTP, Telnet, HTTP(S), SMTP, tunneling protocols, PTP, SFTP, RDP. Other - Windows 95,
Windows 8, WIN 32, WIN 64 bit interfaces, DOS, Unix, Linux, Mac OS, Microsoft
SQL, PostgreSQL, MYSQL, Python Paradox, Access, Fox Pro/Base, Crystal Reports Summary of Professional Experience DST SystemsSenior
Network Architect (PIC)2014 – 2016 Synergistic
Interactive SolutionsSenior Network Planner2007 – 2014 Performance
Software SystemsIT Director2002 – 2007 Synergistic
SolutionsIT Consultant1998 – 2002 Education ·
Certified WAN
Professional ProgramLANWAN Professional ·
Bachelor of
Science Degree in Computer ScienceColorado Technical University Professional Experience Detail DST SystemsSenior
Network Architect (PIC)2014 – 2016 Company Overview –
DST Systems works with companies in some of the world’s most
demanding industries where rapid shifts in consumer, regulatory, and
technology trends are increasingly affecting how our clients do business.
Keeping up in a landscape of constant change is becoming more and more
complex. Through their technology, strategic advisory, and business
improvement solutions they work with clients to help them stay ahead of and
capitalize on customer, business, and regulatory change.
Responsibilities included: ·
Senior Lead
(in-house Consultant) of a team of professionals responsible for
architecture, design, planning, configuration, cost analysis, project
management, support, management, implementation, installations for strategic
development for clients and initial day-to-day support for the overall
network LAN/WAN infrastructures. ·
Projects
overseen include but not limited to the New AAA project which included the
technologies AAA, ACS, ASA, ISE, Nexus environments’, and Onsite Acquisitions
envelopment; the ISE LIC Costs project for cost comparison and saving money
over Current AAA seat savings: between $15 to $36; and the ISR for Site
Conversion project with cost configurations and equipment for each suite
under the current rollout which saves about $50K per site savings. ·
Specific
technical responsibilities includes but not limited to development of
software/hardware systems, network solutions, reviewed vendor products for
POC with end to end testing, and security compliance against the HIPPA, SCC
guidelines, PCI and other federal guidelines regulating the Financial and
Healthcare Industries which include experience in delivering technical
training to highly technical audience such as senior SEs and
Architects. Several years of experience in a global role in order to
understand the cultural differences. ·
Professional
responsibilities included project management, management, administration,
documentation, training, risk analysis, quality assurance, budget, support,
development of process and procedures, following corporate procedures and
policies and reporting to stakeholders. Synergistic
Interactive SolutionsSenior Network Planner2007 – 2014 Company Overview –
Synergistic Interactive Solutions is a regional
company that provides professional and corporate business clients varying
products and services including, but not limited to: general hardware;
networking services; training services; general hardware/software retail; and
systems administration for corporate clients and ongoing improvement of
network, server, and storage infrastructure. Responsibilities included: ·
Lead to a team
of professionals responsible for redesign, installation, client/vendor
relationships, configuration, support, management, installation, documentation,
maintenance, implementation, monitoring, integrity through preventative
maintenance, upgrades with respective vendors and troubleshooting of various
LAN/WAN technologies which include but not limited to VoIP, wireless, and
network switch upgrades. ·
Technologies
handled includes but not limited to, Cisco ASA 5500 Series, Cisco 2951 ISR,
Cisco 2960-S series, Cisco MDS 9710, Cisco UCS C460 M2, Cisco Unified IP
Phone 7942G, 7962G, etc. ·
Network
infrastructure duties will include ongoing operational tasks such as switch
and router configuration and management, management and improvement of
network security, changes to the network infrastructure, support and issue
resolution, day-to-day monitoring, optimization, technical storage, security,
and server and storage operational tasks such as provisioning, connectivity,
storage allocation, incident and problem management, and the implementation
of changes to the storage operational infrastructure for the efficient and
reliable operations of all storage, server, and virtualization systems. ·
Specific
projects includes, redesign and deployment of network, server and software
for over 3500 locations of Chipotle utilizing DNS, Cisco VoIP, Call Manager,
4G LTE wireless network for all locations in US and Canada. ·
Project management
includes but not limited to virtualization projects, large network upgrades
and deployment of Cisco VoIP/Call manager for National Jewish Health and
Broadmoor Hotel for over 2500 IP Phones, over 100 managed switches and
thousands of users; and additional Administration projects includes with
DirecTV commercial administration, network infrastructure management for
various clients such as Crawford & Cleveland P.C., Carter Design
Builders, Masters Electric, KMD, Wayne Stewart Elder Law P.C., etc. ·
Responsibilities
included vendor management, administration, disaster recovery, following
corporate policies and procedures, documentation, backups, and
uninterruptible power to reduce infrastructure costs. Performance
Software SystemsIT Director2002 – 2007 Company Overview –
Performance Software Systems is a company
deals with large software programs where they specialize in the automotive
industry, telephony, and banking industries. They have offices in
Arizona, Florida, Michigan, New Hampshire, Washington and Wisconsin and
services the US and Canada. Responsibilities included: ·
Director to a
team of professional responsible for development, support, management,
analysis, implementation, installations for strategic development for
clients, day-to-day support, for the overall IT infrastructure. ·
Specific
technical responsibilities includes but not limited to development of Vehicle
Sales and Services Software/Hardware systems, network solutions, reviewed
vendor products for testing and security compliance against the Patriot Act,
developed integration for Upload and Download to Banking Institutions and
several DMS systems including Emulation and Data Verification. ·
Professional
experience includes networking experience, cyber security experience (Cyber
Security Expert), technical field role dealing directly with customers, technical training to highly technical audiences,
experience in speaking at trade shows and conferences to both the technical
and sales audiences with several years of experience in a global role in
order to understand the cultural differences, needs and preferences within
North America. ·
Professional
responsibilities included management, administration, documentation,
training, risk analysis, quality assurance, budget, support, development of
process and procedures, following corporate procedures and policies and
reporting to stockholders. Summary of Technical Accomplishments Routing & Nexus & Catalyst Switching ·
Implement trunk ports and implement granular control of VLANs and VXLANs
using NX-OS to ensure virtual and flexible subnets that can extend further
across the network infrastructure than previous generation of switches. ·
Implement
port-profiles as part of the NX-OS command structure that allows for
configuration of multiple ports and port-types via inherited configurations
applied via a single command that reduces administrative error and allows for
better configuration readability. ·
Implement
a virtual version of Nexus: Nexus1000v into VMWare to extend Nexus
capabilities directly adjacent to virtual machines so that they benefit from
Cisco switching capabilities and network topology consistency ensuring VMs
maintain their subnet/VLAN relationships during failover. ·
Implement
secure privileged administrative access to the Cisco IOS system. Enable
the encryption of system passwords to prevent unauthorized users access to
passwords in the system configuration. ·
Implement
secure access to the console and vty ports, and set the interval that the
EXEC command interpreter waits until user input is detected on the Console
and vty ports. Also, configure the console and vty ports log messaging
to not interfere with active device configuration. ·
Implement
VLAN Trunking Protocol to reduce administrative overhead. Enable secure
sharing of VLAN information to prevent the introduction of rogue devices from
affecting the VLAN database. Shutdown unused switchports following Layer 2
security best practices. ·
Create
and manage Local VLANs based on department function, and configure ports with
static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using
PAgP for layer 2 forwarding. Utilize VLAN Spanning-Tree in conjunction
with PVST+ for compatibility between Cisco and Juniper switches.
Configure edge ports for fast-transitioning into the forwarding state to fix
workstation startup connectivity delays. Modify spanning-tree
parameters for manual root bridge assignment. Implement ether-channels
between each switch using PAgP for negotiation. Modify ether-channel
load balancing method. ·
Implement
WAN links between sites using frame-relay point-to-point and multipoint
connections to establish connectivity between each of the four sites as
required. Establish frame-relay point-to-point connections three of the
sites creating a full mesh. Implement hub and spoke network between
three of the sites with the main office as the hub for redundant
connections. ·
Implement
EIGRP routing for point-to-point and Non Broadcast Multi-Access
networks. Ensure that the spoke routers are receiving routing
information about each other from the hub. Configure EIGRP unequal-cost
load balancing to also use the lower capacity multipoint links when routing
packets. ·
Prevent
neighbor adjacencies from being formed as well as the sending and receiving
of routing updates on unnecessary interfaces. Implement EIGRP MD5
Message Authentication between sites to prevent unauthorized insertion of
routes into the domain. Implement manual EIGRP route summarization to
reduce routing protocol demand on CPU resources, memory, and bandwidth used
to maintain the routing table. ·
Implement
OSPF routing with multiple areas for networks between sites. Implement
totally stubby areas to lower the system resource utilization of routing
devices for the network. Implement NSSA area to allow injection of
external routes into the area and propagation into the OSPF domain. ·
Implement
backup and recovery of Cisco IOS Images. Perform password recovery on
Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore
administrative access. Backup and Restore startup-comfit file for
disaster recovery. ·
Configured and verified internal
BGP peering using directly connected networks. ·
Configured and verified internal
BGP peering using loopbacks by using an interior gateway protocol (OSPF) to
provide routing information. ·
Configured and verified external
BGP peering using directly connected networks. ·
Configured and verified external BGP
peering using loopbacks and ebgp-multihop. ·
Configured and verified internal
BGP peering using a Route Reflector. ·
Used debugging diagnostic commands
to monitor BGP events. ·
Configured and verified MPLS
manually and using automatic configuration via OSPF. ·
Configured and verified virtual
routing and forwarding (VRF) instances with route-targets and route
descriptors. ·
Configured and verified MP-BGP to
send VRF traffic in an MPLS VPN. ·
Redistributed provider edge
networks into MP-BGP. ·
Verified end-to-end connectivity
over the MPLS VPN. Security ·
Implement an IPSec Site-to-Site
VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR
with a security IOS image at the main office. Implementation of the VPN
includes the following configurations: Internet Key Exchange Policy
using DES and SHA for encryption and authentication, access-lists to define
VPN traffic, transform set using esp-des esp-sha-hmac to define how
the traffic is protected, crypto-map to associate the previously configured
elements to a peer, and application of the crypto map to appropriate
interface or VPN endpoint. ·
Implementation of Zone-Based
Policy Firewall on the Cisco 1841 ISR with the following components:
three zones, class-maps specifying traffic that must have policy applied as
it crosses a zone-pair, policy maps to apply action to the class-maps’
traffic, zone-pairs, and application of policy to zone pairs. ·
Implement a Clientless SSL VPN
(WebVPN) to allow users to establish a secure, remote-access VPN tunnel to
the Cisco ASA 5505 using a web browser. Prepare the Cisco ASA with
necessary configurations to self-signed certificate generation.
Generate a general purpose RSA key-pair for certificate authority
identification, configure certificate authority trustpoint for the WebVPN
using self-enrollment, and configure CA trustpoint interface
association. ·
Configure Syslog on the Cisco
ASA5505 with logging to a host and internal buffer. Forward all logging
to an internal Syslog server for monitoring and management. Configure
and manage Syslog output generation using custom message lists.
Implement FTP backup of internal buffer when it is exceeded. ·
Implement Basic Threat-Detection,
Advanced TCP Intercept, and Scanning Threat-Detection. Simulate attacks
on network to manage threat-detection rates and verify Syslog generation. ·
Utilize Cisco ASA5505 Modular
Policy Frame-Work to configure and manage layer 3/4 interface service policies,
apply inspection and connection limits to services, apply inspection and QoS
policing to HTTP traffic. Configure HTTP inspection policy to block
restricted sites and file downloads. Voice ·
Implement a local
voice network with the following network elements: Cisco 2811 ISR
(VoIP) with a Cisco Unity Express Network Module (NM-CUE) installed, Cisco
Communications Manager Express, a standard Cisco 3550 Switch, and a Cisco
3550 switch with Power-over-Ethernet. Create and manage Data and Voice
VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for
layer 2 forwarding. Configure edge ports for fast-transitioning into
the forwarding state to fix workstation startup connectivity delays. ·
Configure Fast Ethernet main and
sub-interface assignments as required for intervlan routing. Implement
static routes for local connectivity. Implement NTP server, DHCP
server, and TFTP server for support of the VoIP network. Modification
of system level parameters including max phones, max directory numbers,
display format for date and time, and setting the Time-Zone. ·
Implement Unity Voicemail on the
Cisco Unity Express Network Module. Configure a dial-peer on the Cisco
2811 ISR to define the attributes of the packet voice network connection to
the Cisco Unity Express Network Module. Enable call forwarding on busy
or no answer. Implement Message Waiting Indicators and Voicemail access
via SMTP. Daisy-chain PCs to VoIP phones to reduce network cabling
costs. Utilize PoE ports for VoIP phones to reduce power infrastructure
costs. Wireless ·
Implement a wireless
network infrastructure providing access to wired LANs to increase mobility
and productivity utilizing the following network elements: Cisco
Wireless LAN Controller (WLC) 2106, a Cisco 3550 switch, a Cisco 1130AG
series Access Point, and a Cisco 1121G series Access Point. Create
wireless LANs and configure interface association, security parameters, and
radios used. Utilize the Wireless LAN Controllers web GUI to configure
and manage the wireless network. Configure internal DHCP scopes for
WLANs. ·
Prepare
infrastructure for AP registration on same subnet as management VLAN and for
AP registration on different subnet. Configure AAA AP policies to allow
Self Signed Certifications for APs shipped without a Manufacturer Installed
Certificate. Implement AP Grouping to ensure WLAN SSIDs are only broadcast by
the APs desired. Data Center ·
Configured VLANs and access ports connecting virtual machines using the NX-OS
CLI on a Cisco Nexus 1000v virtual machine and VMWare vSphere Client
networking. ·
Configured
routing policies and service profiles for separate levels in an
organizational hierarchy using a Cisco Prime Network Services Controller
virtual machine. These policies and profiles were applied to Cisco
Cloud Service Router 1000v (CSR 1000v) virtual routers. ·
Configured
a CSR 1000v router using the Cisco IOS 15.4 CLI. Monitoring ·
Used
the Cisco Configuration Professional GUI to configure interfaces, passwords,
hostnames, DHCP, EIGRP, and SNMP on a Cisco router. Used the CCP
monitoring tool to monitor traffic from that router. ·
Configured
the Nagios XI monitoring tool to monitor routers and switches and customized
its dashboard. ·
Configured
SolarWinds Orion NPM and used it to monitor traffic on a network. ·
Configured
the CACTI tool to graph traffic from a router and to generate alerts based on
a threshold traffic level. ·
Used
the Wireshark tool to study HTTP, telnet, and SSL traffic. |
|
|
|||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|