SYau@lanwanprofessional.com | (949) 274-9473

Senior technical professional with over 18 years of experience in design, engineering, deployment, senior administration, project/change management,  policies and procedures management and enterprise analysis/management and trouble shooting and includes proficiency in routing, routing protocols, switching, security, wireless, data center technologies and enterprise monitoring and management tools.

·               Provided high-level, mission-critical technical support and delivery of enterprise wide technical Initiatives and helped 8 tier one customers to complete qualifications to bring in sales revenue of $100M per quarter.

·               Lead of a team professionals responsible for design, development, implementation, testing, project management, risk/change management for products and enterprise applications.

 

·               Cisco Certified Network Associate / Professional – Routing/SwitchingCCNA / CCNP –R/S

·               Cisco Certified Design Associate / ProfessionalCCDA / CCDP

·               Cisco Certified Network Associate / Professional – Security (Pending)CCNA / CCNP - SEC

·               Certified WAN Professional/Certified WAN Enterprise AdministratorCWP/CWEA

·               Information Systems Security Professionals / NSTISSI / CNSS / NSAINFOSEC

·               Cisco Wireless Technician / Data Center AdministratorCWT / CDCA

·               Project Management Institute / Certified Project Management ProfessionalPMP

·               SCRUM Study – Certified Scrum MasterSMC

·               6Sigma Lean Certification / University of California, Irvine – Six Sigma Green BeltSSLC / SSGB

 

Security/Firewalls Technologies: Cisco Security Manager Suite, Cisco ASA 5500 series firewalls, Cisco FWSM, IPS/IDS, ACS, Advanced Firewall Manager (AFM), Cisco ASA 1000V cloud firewall, Cisco ISE, Juniper SRX series, Juniper NetScreen, Palo Alto firewalls, Panorama, Checkpoint Firewall, Splunk, SIEM, Solarwind and ISE 1.4 and 2.0

Protocols & Standards - AAA, TACACS+, RADIUS, SSH, VPN, IPSec, SSL/IPSec, Data Loss Prevention, Data Management Zone, Pretty Good Protection (PGP), Public Key Infrastructure (PKI), Internet Key Exchange Policy, Port Security, MAC Address Filtering

Routing/Switching Technologies: Cisco Routers (3900, 2900, 1900, 800 Series), Cisco Catalyst Switch (6500, 5500, 4900, 4500, 3750, 3560-X, 3100), Cisco Nexus 1kv, 2k, 5k, 7k and 9k Series, Juniper, HP Routers & Switches, Riverbed WAN accelerators -  WAN, LAN, TCP/IP, Cisco IOS, Spanning Tree Protocol, BPDU, CDP, ACL, NAT, PAT, RIP, RIPv2, OSPF, OSPFv3, EIGRP, BGP, MPLS, VTP, SNMP, SMTP, ARP, TCP, UDP, Static Routing, Stub Routing, VLAN, Multicast routing, HSRP,  SVI, CEF, Etherchannel, Portfast.

Wireless/Voice Technologies - Cisco WLC, IEEE 802.1x & 802.11, WLAN, WAP, AP, SSID, LWAPP, Aironet, Bluetooth, Avaya, AURA - Voice Over Internet Protocol (VoIP), VoIP/SIP, CUCM, UCCM, UCCX, MGCP, RSTP, SCCP, STP, Quality of Service (QoS).

Monitoring/Data Center Technologies/APPS: Wireshark, Remedy, Cacti, Nagios, VMware, Solarwinds Orion, VMWare, Cisco Security Manager Suite, Server, Sniffer, F5 Big-IP load balancing (GTM/LTM), Cisco AnyConnect VPN, Cisco Prime, Cisco IPS/IDS, Meraki cloud-based Splunk Enterprise, SNMPv3, DNS, DHCP, FTP, Telnet, HTTP(S), SMTP, tunneling protocols, SFTP.

Methodologies: PMI / Waterfall, Agile / Scrum, Cisco PPDIOO, Six Sigma / Lean, ITILv3, SDLC management

Other Technologies: Cloud / AWS, SSD, HDD, HBA, expanders, RAID controllers, storage systems & devices, Microsoft Office Suite, Visio, Agile, SharePoint, Jira, CRM and BOM mgt tools, fluent in reading, writing & speaking Mandarin and Cantonese.

 

Scan Health PlanSr. Network Engineer2016 Jun - Present

Fox Entertainment Network Security Consultant2016 Jan - Jun

LAN WAN ProfessionalNetwork Security Contractor2014 - 2015

Western Digital CorporationSenior Engineering (PM)2011-2014

STEC Inc. / HGSTStaff Engineer / Lead2008-2011

Seagate TechnologySr. Engineer1994-2008

Master of Science in Computer EngineeringSan Jose State University

Bachelor of Science in Electrical EngineeringRMIT University, Australia

SCAN Health PlanSr. Network Engineer2016 Jun - Present

Company Overview – SCAN Health Plan is honored to be awarded 4 ½ out of 5 stars by Medicare for 2016. It is one of the largest not-for-profit Medicare Advantage company in the United States. Responsibilities:

 

·               Technical handled included, but are not limited to the design, configuration and deployment, analysis and troubleshooting datacenter network infrastructure and remote Disaster Recovery (DR) site.

·               Specific technologies worked with Palo Alto Firewalls, Panorama, F5 Big-IP LTM and APM, Amazon AWS and Cloud technology, Cisco routers and Catalyst switches, Avaya IP phones and Link Layer Discovery protocol.

 

FOX ENTERTAINMENTNetwork Security Consultant2016 Jan - Jun

Company Overview – Fox Entertainment Group is an American entertainment company with a global network that spans over 3 continents and operates through four segments: filmed entertainment, television stations, television broadcast networks, and cable network programming. Responsibilities:

 

·               Technical handled included, but are not limited to the design, configuration and deployment, analysis and troubleshooting of over 200 firewalls in the LAN /WAN network infrastructures in 60 sites globally.

·               Specific technologies worked with Cisco ASA 5585-X firewall cluster, site-to-site VPN and IPSec; FWSM on Cisco 6500 switch; Nexus 5020; Juniper SRXs and NetScreen; Palo Alto 2K and 5K series with Panorama, Splunk, Solarwind Orion and WireShark packet analyzer.

·               Involved in Management of Incident, Operation, Problem, Change and Tools; provided LAN/WAN services, architecture and Engineering services and vendor coordination.

·               Mapped out the schematics of network devices among sites to decide the implementation of security policies.

·               Planned, configured and deployed the migration of Juniper SRX and Cisco FWSM firewalls to Palo Alto 5k series firewall.

 

LAN WAN ProfessionalNetwork Security Contractor2014 - 2015

Company Overview – LAN WAN Professional is a nationwide membership organization of LAN/WAN professionals including administrators, engineers, consultants, analysts, architects located throughout the continental United States. Responsibilities handled:

 

·               Technical handled included, but are not limited to the configuration, installation, design, and implementation, analysis, testing and troubleshooting for large scale LAN /WAN network infrastructures including network components with routers and switches, security (firewalls), load balancing devices, wireless, voice and datacenter technologies and network access management solutions.

·               Specific technologies worked with Cisco ASA 5500-X series next-generation model 5505 firewalls; Cisco Routers (2621) and Catalyst Switches (3550, 4500 series); Nexus 5k series; Juniper switches (EX2000-C); F5 Load Balancers; Routing Protocols:  EIGRP, OSPF, BGP and MPLS.

 

Western Digital CorporationSenior Engineering Lead2011 - 2014

Company Overview –Western Digital Corporation is a computer data storage company.  It is one of the largest computer hard drive manufacturers in the world.  It also manufactures many other consumer electronic products for entertainment and gaming sectors.  Responsibilities handled:

 

·               Lead member of professionals responsible for development, design, integration, executed, monitoring, and deployment of enhanced processes from product inception to post releases with metrics.

·               Technologies handled by the team include but not limited to local area network (LAN) technologies, wide area network (WAN) technologies and server and enterprise infrastructure/security with different parties.

·               Define project scope, metrics, budget and quality measures, identify risk, create project schedule, milestones and manage project delivery process, stakeholders.

·               Specific responsibilities as a project management which includes strategic planning to target customers, delivery for every phase of the product, provided samples, resolved issues, qualifications, customization and on time delivery for products to stakeholders with conflicting agendas and business priorities.

·               Professional responsibilities include, but are not limited to project management, service management based on ITIL, client relations, planning, scheduling, deployment, status reporting, budget controls, risk control, issue solving and following corporate process and procedures for multiple projects.

 

STEC Inc. /HGST Staff Engineer / Lead2008 - 2011

Company Overview – STEC Inc. is now called HGST.  It is a nationwide company with R&D and manufacturing sites in China, Thailand, Japan, Malaysia, Silicon Valley and Taiwan.  It is a semi-conductor company that designs and manufactures enterprise and embedded solid state drives which are used in data centers, high end servers and mission critical purposes. 

Responsibilities handled:

 

·               Lead to a team of professionals responsible for implementation, validation, client/technical support, supporting manufacturing, testing, budget management for products and enterprise applications.

·               Technical responsibilities include, but are not limited to project management, manufacturing efficiencies, development, modifying, implementation and creation of enterprise products to bring in $100M revenue per quarter.

·               Specific responsibilities included deploying Six Sigma tools to eliminate process escape and delivery of wrong configuration to customers.

·               Professional responsibilities included developing an enterprise to meet the market demands, administration, documentation and following policies and procedures.

 

Seagate TechnologySr. Engineer1994 - 2008

Company Overview – Seagate Technology is a worldwide data storage company.  Responsibilities handled:

 

·               Lead to a team of professionals responsible development, integration, validation, analysis, configuration, implementation, configuration, risk management, migration, validation, testing, support and troubleshooting activities on various enterprise infrastructures.

·               Technologies handled by the team include but not limited to local area network (LAN) technologies, wide area network (WAN) technologies and server and enterprise applications which includes storage infrastructures and expanders.

·               Specific responsibilities handled were redefining and executing expanders qualification to reduce incompatibility by 80% over 6 months, applied lean tools to support a lean manufacturing environment, the scheduling and monitoring of the progress of projects, escalation of critical issues to senior management, and working with many departments to resolve many issues.

·               Specific technologies include auditing test sites, conducting Quality Business Review (QBR), transfer warranty products and equipment consignment to contract manufacturers/ODM globally.

·               Professional responsibilities included administration, training, product presentations, documentation, repair strategies to increase cost effectiveness, conducting customer meetings and reviews, following corporate policies and procedures and providing management presentations.

 

 

Security

·            Implement Hub-Spoke and Spoke-Spoke DMVPN, Hub-Spoke FlexVPN, configure IPSec and apply IPSec to tunnel interfaces, perform VPN modification with Cryptography change, setup local AAA parameters and configure IKEv2 and tunnel.

·            Implement AAA with Radius and TACACS+ (VMWare ESXi server) on IOS switches, configure 802.1x authentication on access-switch, configure Guest and Restricted VLANs for clients without 802.1x authentication.

·            Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office.  Implementation of the VPN includes the following configurations:  Internet Key Exchange Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac to define how the traffic is protected, crypto-map to associate the previously configured elements to a peer, application of the crypto map to appropriate interface or VPN endpoint and Cisco Identity Service engine.

·               Implementation of Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components:  three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.

·               Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser.  Prepare the Cisco ASA with necessary configurations to self-signed certificate generation.  Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association. 

·               Configure Syslog on the Cisco ASA5505 with logging to a host and internal buffer.  Forward all logging to an internal Syslog server for monitoring and management.  Configure and manage Syslog output generation using custom message lists.  Implement FTP backup of internal buffer when it is exceeded.

·               Implement Basic Threat-Detection, Advanced TCP Intercept, and Scanning Threat-Detection.  Simulate attacks on network to manage threat-detection rates and verify Syslog generation.

·               Utilize Cisco ASA5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic.  Configure HTTP inspection policy to block restricted sites and file downloads.

·               Migrate port-based Cisco ASA5505 firewall platforms to Application-based Palo Alto firewall.

·               Upgrade and verify the ISE 1.4 to ISE 2.1 for wireless users’ authentication

·               Create NAT and security policy that only allow a specified IP address to the production server’s NAT’d IP on TCP 443; create a virtual server on F5 and bridge SSL traffic

 

Routing & Nexus & Catalyst Switching

·            Configure Cisco 3950 router and multiple Cisco 3560 PoE switches with LLDP enable and daisy chain the switches to connect 75+ Avaya IP phones for Call Center Operation

·            Implement trunk ports and implement granular control of VLANs & VXLANs using NX-OS (5k, 7k & 2k FEX) to ensure virtual & flexible subnets that extend further across the network infrastructure than older generation of switches.

·            Configure L2 and L3 connectivity on Nexus 5k, 7k, 9k  and setup vPC in both single and dual-homed topology

·               Implement port-profiles as part of the NX-OS command structure that allows for configuration of multiple ports and port-types via inherited configurations applied via a single command that reduces administrative error and allows for better configuration readability.

·               Implement a virtual version of Nexus: Nexus1000v into VMWare to extend Nexus capabilities directly adjacent to virtual machines so that they benefit from Cisco switching capabilities and network topology consistency ensuring VMs maintain their subnet/VLAN relationships during failover.

·               Implement secure privileged administrative access to the Cisco IOS system.  Enable the encryption of system passwords to prevent unauthorized users access to passwords in the system configuration.

·               Implement secure access to the console and vty ports, and set the interval that the EXEC command interpreter waits until user input is detected on the Console and vty ports.  Also, configure the console and vty ports log messaging to not interfere with active device configuration.

·               Implement VLAN Trunking Protocol to reduce administrative overhead.  Enable secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused switchports following Layer 2 security best practices. 

·               Create and manage Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding.  Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches.  Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.  Modify spanning-tree parameters for manual root bridge assignment.  Implement ether-channels between each switch using PAgP for negotiation.  Modify ether-channel load balancing method.

·               Implement WAN links between sites using frame-relay point-to-point and multipoint connections to establish connectivity between each of the four sites as required.  Establish frame-relay point-to-point connections three of the sites creating a full mesh.  Implement hub and spoke network between three of the sites with the main office as the hub for redundant connections. 

·               Implement EIGRP routing for point-to-point and Non Broadcast Multi-Access networks.  Ensure that the spoke routers are receiving routing information about each other from the hub.  Configure EIGRP unequal-cost load balancing to also use the lower capacity multipoint links when routing packets.

·               Prevent neighbor adjacencies from being formed as well as the sending and receiving of routing updates on unnecessary interfaces.  Implement EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain.  Implement manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table. 

·               Implement OSPF routing with multiple areas for networks between sites.  Implement totally stubby areas to lower the system resource utilization of routing devices for the network.  Implement NSSA area to allow injection of external routes into the area and propagation into the OSPF domain.

·               Implement backup and recovery of Cisco IOS Images.  Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access.  Backup and Restore startup-config file for disaster recovery.

·               Configured and verified internal BGP peering using directly connected networks.

·               Configured and verified internal BGP peering using loopbacks by using an interior gateway protocol (OSPF) to provide routing information.

·               Configured and verified external BGP peering using directly connected networks.

·               Configured and verified external BGP peering using loopbacks and ebgp-multihop.

·               Configured and verified internal BGP peering using a Route Reflector.

·               Used debugging diagnostic commands to monitor BGP events.

·               Configured and verified MPLS manually and using automatic configuration via OSPF.

·               Configured and verified virtual routing and forwarding (VRF) instances with route-targets and route descriptors.

·               Configured and verified MP-BGP to send VRF traffic in an MPLS VPN.

·               Redistributed provider edge networks into MP-BGP.

·               Verified end-to-end connectivity over the MPLS VPN.

 

Voice

·           Implement a local voice network with the following network elements:  Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE) installed, Cisco Communications Manager Express, a standard Cisco 3550 Switch, and a Cisco 3550 switch with Power-over-Ethernet.  Create and manage Data and Voice VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding.  Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.

·               Configure Fast Ethernet main and sub-interface assignments as required for intervlan routing.  Implement static routes for local connectivity.  Implement NTP server, DHCP server, and TFTP server for support of the VoIP network.  Modification of system level parameters including max phones, max directory numbers, display format for date and time, and setting the Time-Zone. 

·               Implement Unity Voicemail on the Cisco Unity Express Network Module.  Configure a dial-peer on the Cisco 2811 ISR to define the attributes of the packet voice network connection to the Cisco Unity Express Network Module.  Enable call forwarding on busy or no answer.  Implement Message Waiting Indicators and Voicemail access via SMTP.  Daisy-chain PCs to VoIP phones to reduce network cabling costs.  Utilize PoE ports for VoIP phones to reduce power infrastructure costs.

 

Wireless

·           Implement a wireless network infrastructure providing access to wired LANs to increase mobility and productivity utilizing the following network elements:  Cisco Wireless LAN Controller (WLC) 2106, a Cisco 3550 switch, a Cisco 1130AG series Access Point, and a Cisco 1121G series Access Point.  Create wireless LANs and configure interface association, security parameters, and radios used.  Utilize the Wireless LAN Controllers web GUI to configure and manage the wireless network.  Configure internal DHCP scopes for WLANs. 

·           Prepare infrastructure for AP registration on same subnet as management VLAN and for AP registration on different subnet.  Configure AAA AP policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate. Implement AP Grouping to ensure WLAN SSIDs are only broadcast by the APs desired.

 

 

Data Center

·            Configured VLANs and access ports connecting virtual machines using the NX-OS CLI on a Cisco Nexus 1000v virtual machine and VMWare vSphere Client networking. 

·               Configured routing policies and service profiles for separate levels in an organizational hierarchy using a Cisco Prime Network Services Controller virtual machine.  These policies and profiles were applied to Cisco Cloud Service Router 1000v (CSR 1000v) virtual routers.

·               Configured a CSR 1000v router using the Cisco IOS 15.4 CLI.

·               Managed network devices via console cable, setup access server (Cisco 2511) and access switch (H3C S3600) and configured management network, automating connections in putty-nd.

·               Configured H3C S3600 switch, Juniper EX3200 switches and Juniper SRX210 firewalls in HA and Juniper J2320 router via an access server.

·               Setup VLANs, access ports, trunk ports and STP on H3C S3600 and Juniper EX3200 switches for L2 connection

·               Setup IP addressing on EX3200 switches for layer 3 connection.

 

Monitoring

·               Configured PRTG network monitor, IOS router/switch/ASA to send and monitoring station to receive Syslog/SNMPv3, configured NetFlow V9 sensor and NetFlow export on an ASA.

·               Used the Cisco Configuration Professional GUI to configure interfaces, passwords, hostnames, DHCP, EIGRP, and SNMP on a Cisco router.  Used the CCP monitoring tool to monitor traffic from that router.

·               Configured the Nagios XI monitoring tool to monitor routers and switches and customized its dashboard.

·               Configured SolarWinds Orion NPM and used it to monitor traffic on a network.

·               Configured the CACTI tool to graph traffic from a router and to generate alerts based on a threshold traffic level.

·               Used the Wireshark tool to study HTTP, telnet, and SSL traffic.