|
geoffrey@gfcsquared.com ô(305) 517-3138ôhttp://www.gfcsquared.com
Geoffrey F. Cameron, Jr.
DEVOPS CLOUD SECURITY ARCHITECT
SaaS, PaaS & IaaS Cloud Security|Security Orchestration
& Automation|Automatic Vulnerability Remediation
|
|
Versatile and performance-oriented IT &
Cloud Security professional with more than 15 years’ experience in making
impressive contributions in the fields of risk management, regulatory
compliance, security architecture, operational security policies, and
infrastructure architecture. Delivered results even beyond expected
projections and successfully facilitated cloud adoption for clients from
various industries. As a subject matter expert, with a focus on AWS and
security, created applications & cloud readiness assessments, and
provided directions and recommendations on cloud technologies. Highly
regarded for the ability to provide the most sophisticated solutions, which
are always the result of a thorough research, as well as to efficiently
drive cloud architecture projects and deliver them within the specified
time-frame. Acquired experience is very specific and will be of great value
to the company that can recognize these attributes.
|
|
¨ Security
Automation
¨ SOA/XML
Firewall Architecture
¨ BYOD
Network Access Control
¨ Cloud
Readiness/Migration
¨ IDS/IPS
Signatures Tuning
|
¨ Cloud
Security Architecture/Controls
¨ API
Implementation
¨ Firewall/Web
Security Engineering
¨ Data
Center Transformation
¨ SIEM Event
Correlation
|
¨ AWS/VMware
¨ Cloud
Computing
¨ Microsoft
Azure
¨ Vulnerability
Mgmt/Remediation
¨ Technology
Consolidations
|
|
LARGE SCOPE PROJECTS
-
Completed a Cisco ISE BYOD software upgrade and
802.1x client authentication pilot for an automotive manufacturing company
with 7 billion in annual revenue, ensuring only domain assets are granted
the ability to log into the corporate network.
-
Completed a regionally distributed Cisco ISE
BYOD deployment and upgrade for a school district with over 50,000 students
and 100,000 devices utilizing public and private PKI
infrastructures.
-
Planned and documented a Cisco ISE deployment
for MarketAxess, a Tier 1 trading company with 80 billion in monthly
trading volume.
-
Completed a Cisco NAC project for one of the
top three cancer centers in the United States, complementing the
architecture for the isolated PCI DSS network infrastructure.
DEVOPS
-
Utilized DevOps tools and methodologies while
re-architecting Hearst Corp. infrastructure into a Cloud model utilizing
SaaS, PaaS, and IaaS.
-
Achieved to increase the amount of time
dedicated to providing added value, at the expense of the time required for
resolution of project’s problems, thus ensuring that innovative solutions
are in line with company’s strategic objectives.
CLOUD SECURITY
-
Track record of delivering architectural
improvement solutions for SaaS, IaaS, and PaaS platforms, and their
deployment models, as well as holding lectures on related topics to
executives from Firefly.
-
Made a significant contribution towards
designing an Internet edge solution, which included designing Cloud DDoS
mitigation functionality.
|
|
TELETECH, Denver, CO
|
November 2015 – Present
|
|
FIREWALL MIGRATION CONSULTANT, Next-Gen Firewall, Next-Gen IPS, and Next-Gen
Internet Edge
Participate in the design of an Internet edge
solution that will serve as the base of the design for the next 5 – 10
years, including next-generation firewalls, Intrusion Prevision Systems
(IPS), and Cloud DDoS mitigation functionality, supporting over 30,000
users and 61 lines of business (LOB). Collaborating with the client’s
senior architects to design, review, implement, and document solutions for
the T1, T2, and T3 support staff. Finally, lead training sessions regarding
the knowledge transfer to the support staff after LOB clients are live on
infrastructure.
-
Use ten years of prior Check Point and
Internet edge architecture experience to help facilitation of a Next-Gen
Internet edge solution using DDoS protection, Identity Awareness, Anti-Bot,
Anti-Virus, IPS, Captive Portal, Proxy, Application Control, URL Filtering,
VSX, VSLM, and ClusterXL on R77.30
-
Review Internet edge design with TeleTech
architects and Check Point professional services to ensure features
complement each other.
-
Configure CMA and CLM within Check Point Smart
Domain manager.
-
Apply patches and hotfixes to 10 Check Point
firewalls within the new infrastructure.
-
Create documents that outline how to add
virtual firewalls to the VSX cluster, add policy packages to the Check
Point Smart Domain manager, and troubleshoot a CheckPoint VSX with VSLX
configuration.
-
Ensure Check Point firewalls can communicate
with the Check Point Threat Cloud to download anti-virus and anti-bot
signatures, retrieve application control and URL filtering updates, and
open files in a sandbox to offer zero-day protection.
-
Worked with Check Point Smart Domain Manger,
Smart Dashboard, SmartView Monitor, SmartView Tracker, and SmartUpdate to
manage the environment.
|
|
|
|
CDW, Vernon Hills, IL
|
Aug 2015 – Present
|
|
CISCO ISE SECURITY ARCHITECT, BYOD and Identity Management
Lead the process of Cisco ISE integration into
existing environments, for various CDW clients. Additionally, mentor and
guide team members and staff through the Cisco ISE implementation process,
utilizing experience from numerous prior deployments for enterprise
clients.
-
Apply in-depth knowledge of 802.1x and end
point authentication behavior and characteristics of a variety of device
and access media.
-
Well versed in overcoming the challenges faced
when deploying Cisco ISE and experienced with the different authentication
and authorization models within ISE 1.2, 1.3 and 1.4.
-
Showcase deep understanding of authentication,
authorization, accounting (AAA), posture, and profiler and how to tune each
feature based on the client’s endpoint diversity and peak authentication
load (authentications per second peak).
-
Review Cisco ISE release notes hardware
compatibility matrix; detect bugs and get client’s approval, before
proceeding with the ISE appliances or virtual machine upgrades.
-
Upgrade Cisco UCS BIOS, including CIMC, on
Cisco ISE 3395 and ISE 3355 appliances.
-
Develop change control documentation and submit
to client’s change review board before making any changes in production,
avoiding unplanned outages.
-
Provide recommendations and guidance on
Microsoft PKI infrastructure on Windows 2012 R2 or Win2K8 R2.
-
Offer suggestions for gaining posture from the
profiler within Cisco ISE or configure appropriate Cisco NAC Agent posture
settings.
|
|
|
|
HEARST
CORPORATION, San Francisco, CA
|
Jan 2015 – Aug 2015
|
|
IT SECURITY ARCHITECT, Cloud Computing Transformation
Spearheaded efforts in leading Hearst
Corporation to transform its infrastructure and applications in order to
align it with the Cloud model, utilizing Microsoft Azure and Amazon AWS.
Additionally, mentored and guided team members to facilitate various
technical and business initiatives related to cloud computing and
automation, deployment, enterprise SIEM and vulnerability management
solutions, to achieve service excellence.
-
Ensured a smooth flow of various DevOps
development initiatives, by providing technical leadership and choosing the
most optimized tools and solutions.
-
Made architectural improvements for different
variations of Cloud platforms (Saas, Iaas, Paas), and their deployment
models.
-
Maintained successful relationships with
stakeholders and sponsors; ensuring expectations are met, by delivering
successful projects within a specified time frame.
-
Executed technical and quality of service
requirements tests, to ensure provided solutions are up to the company’s
high criteria.
-
Generated efficient solutions for high availability
and disaster recovery, through series of thorough research, to diagnose the
optimal design patterns.
-
Employed a strategic approach and placed Cloud
projects into business perspective, to mitigate the risks.
-
Keeping up with latest technologies and
striving to provide judicious solutions that are both innovative and
reliable.
|
|
|
|
BIG HEART PET
BRANDS, San Francisco, CA
|
Nov 2014 – Apr 2014
|
|
IT SECURITY ARCHITECT, Identity Management
Provided architecture guidance on an end to end
identity management solution for physical, virtual, and guest endpoints by
taking into account the current and future business requirements.
-
Made sure identity management systems are in
line with Cisco hardware and software, and follow TACACS+, RADIUS
standards, or both, by utilizing Cisco Access Control Server as an AAA
server.
-
Intergraded remote access VPNs and wireless
scanners with the Cisco ACS server in a redundant manner, minimizing the
risk when outages occur.
-
Deployed, Patched, and synchronized a cluster
of Cisco ACS 5.5 servers with VMware, spanning geographically diverse data
centers.
-
Ensured routers, switches, firewalls, and
wireless controllers integrate seamlessly after the ACS 4.4 to 5.5
migration, by performing phased deployment.
|
|
|
|
MARKETAXESS, NYC, New York
|
Oct 2014 – Dec 2014
|
|
IT SECURITY ARCHITECT, Cisco Unified Data Center
Steered the strategic direction and provided architecture
guidance on the Cisco ISE, Cisco Security Manager, and Cisco Prime
Infrastructure solutions, which resulted in successful implementation of
each solution within 90 days.
-
Developed a project plan and tasks associated
with the delivery of the Cisco ISE, Cisco Security Manager, and Cisco Prime
Infrastructure projects.
-
Mentored other contractors (internal and
external) and various IT departments, leading them through the project life
cycle phases and ensuring the successful results by taking accountability
for personal and team actions.
-
Integrated different Cisco access devices
including firewalls, switches, routers, and wireless access points with the
configuration needed to work with ISE Change of Authority (CoA) and various
probes (collectors), including the HTTP, DNS, RADIUS, SNMP, and NetFlow
probes.
-
Deployed Cisco Prime Infrastructure 2.1 and 2.2
to monitor all Cisco infrastructure devices @ MarketAxess, reducing the
time needed to perform a network inventory from days to minutes.
-
Utilized Cisco Security Manager on Windows
Server 2012, ensuring a stable platform for Cisco Security Manager 4.7 and
4.8, and the API programmability features that align with SDN.
-
Provided recommendations on migration to a new
security model called Cisco TrustSec, reducing the need to configure
numerous devices while relying on automation tools like AlgoSec or FireMon,
enabling firewall automation in the short term.
|
|
|
|
GUGGENHEIM
PARTNERS, Chicago, IL
|
Jan 2014 – Aug 2014
|
|
IT SECURITY ARCHITECT, Cisco Unified Data Center
Developed IT Security strategy, as a result of
the meeting with the highest officials (PMO, CIO, Managing Directors), to
ensure security architecture was included in each new project or after
major infrastructure changes.
-
Led the centralized enterprise deployment
process of all IT Security solutions supporting 3500 end users over 2000+
servers, by delegating tasks to the IT Security Team and solely performing
many important tasks.
-
Identified and documented information security
risks, and recommended mitigating controls via software or procedural
changes.
-
Converted the corporate security policy into
enforceable digital policy within Cisco ISE’s authentication,
authorization, host posture assessment, and profiled policies enabling the
firm to enforce access control at endpoint level in hardware.
-
Enhanced perimeter security by detecting gaps
in intrusion detection and malware/botnet policies leading to the
deployment of Cisco IPS modules and the Cisco Botnet Filter across all
Internet access points.
-
Served as the lead of the Computer Security
Incident Response Team (CSIRT) and completed security investigations.
|
|
|
|
FIREFLY, San Jose, California
|
Apr 2013 – Apr 2014
|
|
INSTRUCTOR, Cisco Unified Data Center/Cloud Computing
Delivered top quality IT courses to employees
of the “Cisco Global Learning Partner of the Year for 2012”. Explaining
cloud computing related topics to CIOs, IT Managers, Consultants, and IT
Staff, was a great incentive to approach the course preparation with the
utmost professionalism and dedication.
-
Utilized strong knowledge of modern SAN, LAN,
WAN networks to explain the benefits of converged infrastructure solutions
that paved the path to cloud computing.
-
Delivered “test drive” workshops for Cisco
FlexPod, VCE Vblock, and Cisco UCS allowing IT decision makers, architects,
and engineers to practice hands-on with cloud computing technologies.
-
Assisted with beta testing activities of each
new course prior to public release, to ensure courses meet highest
standards, and all lab configurations and solutions are in line with the
course workbooks.
|
|
|
|
MARKETAXESS, NYC, New York
|
May 2013 – Sep 2013
|
|
IT SECURITY ARCHITECT, Cisco Unified Data Center
Led efforts in managing architecture objectives
aimed at improving security aspects of the Active/DR data center, by
utilizing the Cisco Virtualized Multiservice Data Center Reference
Architecture.
-
Integrated Cisco Nexus, Cisco 6500-E, Cisco ASA
5585-X with SSP-20, Cisco UCS servers, and Checkpoint R75 firewalls
entering thousands of lines of code into the devices during the duration of
the successful project.
-
Reviewed and implemented all changes on 70+
firewalls across three data centers and seven remote offices.
-
Configured site-to-site and remote access VPNs
for application access, business partners, and employees.
-
Planned the deployment of the Cisco ISE on the
wired, wireless and VPN networks.
-
Provided security recommendations regarding
Cisco ASA Botnet Filter, Cisco hardware configuration standards,
auto-conflict detection, and policy object manager.
-
Utilized FireMon to accelerate the addition of
firewall rules within the new primary data center.
|
|
|
|
HEWLETT PACKARD,
Palo Alto, CA
|
Jan 2013 – Mar 2013
|
|
FIREWALL MIGRATION CONSULTANT
Managed a team responsible for converting 1100
Checkpoint firewall rules to the Juniper SRX platform. Prior to
conversions, developed and delivered Visio documentation, outlining
existing and new architecture.
-
Utilized AlgoSec and Firemon technology to
determine which rules were used to avoid migrating “vulnerable rules” onto
the new platform.
-
Coordinated bi-weekly meetings within HP
business units to precisely define migration processes and associated
risks.
-
Added extra value by turning on security
features unavailable on the legacy Checkpoint platform, such as Juniper
SCREENS, application inspection, and Juniper IPS, allowing the security
team to locate and address previously overlooked vulnerabilities.
-
Added only one rule for 800 servers behind the
firewall, demonstrating the high level of accuracy of the Juniper rule
base.
|
|
|
|
ST. LOUIS
UNIVERSITY, St. Louis, MO
|
Jun 2012 – Sep 2012
|
|
SENIOR FIREWALL CONSULTANT
Developed a hardened firewall security template
for use on over 100 Cisco firewalls, which required a comprehensive
understanding of the pros and cons of TACACS+ or RADIUS authentication
protocols, among other challenges.
-
Deployed and configured Cisco Security Manager,
enabling the university to centrally manage the firewalls and reduce the
number of total rules by 70%.
-
Integrated Cisco Security Manager with Cisco
ACS Server 4.1.
-
Created an AAA configuration template for Cisco
ASA firewalls.
-
Redesigned the firewall application inspection
policies to ensure use of Layer 7 deep protocol inspection and validation,
in addition to Layer 2 – Layer 4 firewall rules.
|
|
|
|
ROCKWELL
COLLINS, Cedar Rapids, IA
|
Mar 2012 – May 2012
|
|
NETWORK AND APPLICATION FIREWALL ARCHITECT
Brought firewall security solutions for WAF and
XML to a higher level, using Imperva, Layer 7, and Forum Systems.
Additionally, created a document that outlined the current landscape, as
the current XML firewall solution was turning EOL.
-
Developed migration strategies for Cisco ASA to
Checkpoint R75 firewalls, using SmartDashboard.
-
Worked with Check Point 2200 hardware for
migration efforts.
-
Migrated anti-spoofing and security policy
configuration from Cisco ASA to Checkpoint firewalls.
-
Used tcpdump to troubleshoot firewall’s
connectivity issues via command line.
|
|
|
|
FISERV, Atlanta, GA
|
May 2011 – May 2012
|
|
XML GATEWAY FIREWALL ARCHITECT
Worked on securing inbound and outbound web
services calls for over 100 applications with clusters of Cisco ACE XML
Gateway application firewalls. As a result, achieved to minimize the risk
for the SOA ESB infrastructure that supports over 1 billion messages daily.
-
Applied WS-Security concepts to messages,
including client mutual authentication, HTTPS termination, message
transformation, SOAP body or header signing and/or encryption, and limited
DDoS protection.
-
Utilized application firewall hardware to
detect, block, and remediate security incidents, as well as to maintain
compliance with industry regulations including PCI DSS, SOX, and GLBA.
|
|
|
ADDITIONAL CONTRACT EXPERIENCE
|
IBM, Atlanta, GA| Juniper Firewall Security
Consultant
AirTran,
Atlanta, GA| IT
Security Consultant
Exxon Mobil, Houston, TX | Endpoint
Security Engineer
MD Anderson
Cancer Center, Houston, TX | PCI Security Architect
TracFone
Wireless, Miami, FL | PCI Security Architect
Time Warner
Cable, New York, NY | Data Center Security Consultant
Dimension
Data/HHC, New York, NY | Network Security Engineer
Pacific Pay
Systems, Sunrise, FL | Data Center Architect
The Academy, Fort Lauderdale, FL | Technical
Instructor
KnightRidder/McClatchy,
Miami, FL | Network Security Engineer CyberGuard/SecureComputing, Deerfield Beach,
FL | Firewall Security Engineer
Dell
SecureWorks, Atlanta, GA | Senior Firewall Engineer
InfoSight, Miami Lakes, FL | Network
Security Engineer
|
Jan. 2011 – May 2011
Nov 2010 – May 2011
Oct 2009 – Nov 2010
Feb 2009 – Oct 2009
May 2008 – Feb 2009
Dec 2007 – May 2008
Jun 2007 – Dec 2007
Dec 2006 – Jun 2007
Jun 2006 – Jan 2007
Apr 2006 – Oct 2006
May 2005 – Apr 2006
Jun 2004 – May 2005
May 2000 – Jun 2004
|
EDUCATION AND CERTIFICATIONS
|
Broward College
NETWORKING
SERVICES ENGINEER
|
Davie, FL
|
|
Certifications:
-
CCIE Security Written Exam
-
CCSP: Cisco Certified Security Professional
(upgrading to CCNP Security)
-
CCNP Data Center: Cisco Certified Security
Professional Data Center
-
CCNA Data Center: Cisco Certified Network
Associate Data Center
-
CCNA: Cisco Certified Network Associate
-
Securing Hosts with Cisco Security Agent
-
CCSA: Checkpoint Certified Security
Administrator
-
JNCIA-FWV: Juniper Networks Certified Internet
Associate Firewalls
-
NSTISSI-4013: National Assurance Training
Standard for System Administrators (SAs)
-
MCSE: Microsoft Certified Systems Engineer 2000
-
Network+: Network Technologies
-
CISSP: Certified Information Systems Security
Professional
|
|
|
|
-
NETWORKING TECHNOLOGIES: OTV, Fabric Path, vPC, LAN/WAN, TCP/IP, DNS, DHCP, SMTP, Sendmail,
NDS, MPLS, Frame Relay, T1/T3, SSL/TLS, IPSec, GRE, VLAN, VTP, 802.1x, AAA,
RADIUS, TACACS+, CA, HSRP, EtherChannel, NAT, Spanning-Tree, OSPF, EIGRP,
BGP, Metro Ethernet, NFS, IPv4, FCOE, TCP, UDP
-
SECURITY: 802.1x
Port Authentication, MAB, Cisco ASA Firewalls Ver. 7.0/8.0/9.0, Cisco
Firewall Switch Module, Juniper Netscreen Firewalls v5.3, Juniper SSG
Firewalls, Juniper SRX Firewalls, Nessus Security Scanner Ver. 3.2, Retina
Security Scanner 5.8.3.1657, Cisco CSA Agent 5/6, Cisco MARS v4.2, Cisco
ACS Server Ver. 3/4/5, IBM Site Protector v6.1, IBM ADS v 2.3, netForensics
3.4, Rapid 7 Nexpose and Metasploit, Symantec Endpoint Protection 12, Cisco
Security Manager v3/4.7, Cisco ISE 1.2/1.3, Imperva WAF
-
CISCO HARDWARE: Cisco ASR, Cisco UCS 6100 Interconnects, Cisco Fabric Extenders
2100/2200, Cisco Nexus 7000, 5000, 2000, 1000v, 7200 - 1700 Series Routers;
6500 – 2950 Series Switches; 5505, 5510, 5520, 5540 ASA, Firewalls; Firewall
Services Module v3/4; 3000 Series VPN Concentrators; 4200 Series IPS
Sensors; GSS/CSS/ACE Series Load Balancers; Cisco ACE XML Gateway
-
SERVER HARDWARE: Cisco UCS B and C Series, HP, Dell, IBM
-
OPERATING SYSTEMS: VMware 4/5, Hyper-V 2012, XenServer, Novell Netware 5 and 6, Windows
XP/7/8/10, Windows 2003/2008/2012 Server, Unix, Linux
-
DATACENTERS INVOLVEMENT: Nap of the Americas, Terramark, The Miami Herald, New York City
Health and Hospital Corporation, Time Warner Cable, MD Anderson Cancer
Center, AirTran
|
|
-
ISACA: Information Systems Audit and Control
Association
-
(ISC)²: International Information Systems
Security Certification Consortium, Inc.
|
Geoffrey F. Cameron, Jr.
1
| Page
|