From: route@monster.com
Sent: Friday, May 06, 2016 1:35 PM
To: hg@apeironinc.com
Subject: Please review this candidate for: Cloud
This resume has been forwarded to
you at the request of Monster User xapeix03
|
|||||||
|
|||||||
|
|
|
||||||
|
||||||
|
Jeffrey J.
Sicuranza
Page 1 Due the volume of phone calls and current client commitments I
cannot respond to voice calls quickly and do not want to inconvenience
anyone. So, please email first– include “Network Engineer or Architect” in
subject line. I will only answer if you include the following: end client
name to prevent double submission, rate range C2C and project/role details.
Only C2C projects. NO SKILLSET forms either. This way I can respond quickly
with a yes or no to reduce any phone or email “tag”. This is a
“Recruiter’s Resume” with all details included. Professional
Summary ·
Provide
Networking Technology and Management Consulting services plus offer strategic
and tactical direction to IT executives and directors for a diverse set of
Fortune 50-1000 clients with regard to achieving economic and productivity
improvement to the enterprise through the use of technology and sound
methodologies. ·
Applied
experience in the technical disciplines of enterprise and data center network
infrastructure architecture, upgrade, implementation and problem solving with
a special emphasis on network architecture, design and troubleshooting,
protocol analysis, application performance impact and modeling plus data
center energy consumption analysis and remediation. ·
Knowledge of
current business trends with relation to gaining a competitive advantage
utilizing technology to provide business solutions to clients with an
emphasis on quality, efficiency, flexibility, scalability
and cost reduction. Experienced working as a team member or leader with
all levels of management, technical staff and clients. ·
Functional
experience includes in-depth enterprise level architecture, planning,
engineering, implementation, upgrading, training and troubleshooting of
enterprise Data Center, LAN/MAN/WAN/Fabric/Overlay and wireless based
networks. Provide network architecture and design recommendations plus
strategic or tactical planning of complex LAN, Data Center, MAN and
Boarder/Edge WAN infrastructures to a diverse clientele. Experienced working
with applications, servers and workstation systems with emphasis on performance,
scalability and flexibility over networks. ·
Experienced
in analyzing the impact on enterprise networks from integrating custom
internally built distributed Client/Server, ERP/CRM, Internet, Intranet, Web
2.0, SaaS, Security, Voice, E-commerce, Collaborative, Video/general media
technologies, Energy/SCADA, Virtualization, Cloud, Big Data, and Social
Networking type applications. ·
Provide
strategic and tactical direction to CEOs, CIOs, IT executives and directors
with regards to applying technology to business requirements. Work closely
with application developers, business analysts, operations and end user
customers to ensure sound design and implementation of new or expanding
systems. ·
Extensive
project management experience that entails an in-depth understanding of
qualifying business and project requirements to ensure technical solutions
meet business goals within the range of technical feasibility and cost. Over
two hundred projects as a hands-on functional project manager and technical
engineer completed. Provide clients with a unique skill base to utilize by
possessing the ability to communicate from a management to an engineering
level plus manage projects, document, train staff and implement technical
solutions concurrently. ·
Experience in
managing project related issues for budgets, staffing, Statements of Work,
legal documents, and mentoring of team members. Proficient in building and
managing teams of engineers to complete various integration projects. Applies
best practices such as ITIL and PMBOK. ·
Possesses
outstanding written and verbal communications skills, plus authored numerous
documents pertaining to design requirements, architectural framework, Finite
State Machine, process mechanics, analysis results, problem post mortems, and
operational or business process based policies and procedures. ·
Provide
technology consulting services to over four hundred different small, medium
sized and Fortune 50-1000 commercial and non-profit organizations during my
career as an independent consultant or through Systems Integration firms,
plus experienced in managing a Systems Integration business and private
consulting practice. ·
Completed
several vendor neutral and vendor specific certification programs to provide
clients quality services with demonstrated knowledge of technical concepts
supported by practical experience. ·
Understands
the ramifications and impact of social networking (Facebook, Twitter et al.),
mobile, pervasive, and cloud platforms to the enterprise. ·
Adept
at succeeding with projects and engineering tasks which at times, may be
outside the scope of my immediate technical experience. If selected to “get
it done”, I always “get my man” and complete the project to use a cliché. It
is from my diverse background in many areas of technology and business that
helps me to succeed within a team or individually thus ensuring the team and
business is successful. Technology
Acumen Summary Technical
experience and knowledge acquired over career encompasses many products,
technologies and protocols across the OSI layers, some but not all are listed
here:
Stay abreast of
current industry and scientific topics that may apply to a client's
technology investment.
Recent professional
achievements/activities Montefiore Medical
IT - Yeshiva University/Einstein College of Medicine - 5/2015 - Present Role- Application Integration and Project
Consultant for Cloud Services Technical and planning consultant for
special Migration projects between Yeshiva University(YU)/Einstein and
Montefiore network infrastructures. ·
All of my migration efforts apply
a surgical approach with waves and phases to move the particular project
along in a controlled and paced manner due to the technical constraints and
unique relationship between networks. Proof of concept phases were also
conducted for each project. ·
Currently Migrating the Campus
Aruba based wireless network. Conducted tests on how a wireless access points
is migrated between networks. Access points will reside on Montefiore’s
network but will still connect to YU’s controller during migration periods.
Drafted migration approach and order of operation steps for team lead to use
when sweeping across the campus with minimal impact to the user’s wireless
experience. ·
Currently Migrating Building
Management systems(HVAC, Elevators, Water, Steam) from YU to Montefiore’s
network and this entails working with building engineering and various
vendors to understand IP based devices, sensors plus routing for the systems
critical time sensitive data between networks for no loss of control or
visibility. ·
Currently Migrating Security
Systems which include IP and Analog Cameras, guard desk VMS,
encoders/recorders, servers, and access control card swipe panels. This
entails working with the campus security department to understand how the
entire systems works and traffic flow and device dependencies in addition
with various vendors IP based security products and understanding protocol
watchdog timers, video resolution rate bandwidth requirements, routing
between networks and performance tuning prior any migration activity. This
approach ensures that during migration periods the security department can
continue to support the campus population and do not lose any visibility. ·
Currently planning the migration
of the Epidemiology and Population Health department’s Informatics systems
which has its own unique infrastructure carved within in YU’s standard
network, with Firewalls in place, public addressing, NAT, AD, DNS and remote
access requirement plus entails NIH and HIPPA scans which cannot be
interrupted nor incomplete during migration periods due to strict compliance
requirements. ·
Conducted discovery asset phase
scans of entire campus using tools such as Zenmap and created custom Nmap
scripts to identify unique devices by port signature. ·
Worked with application and
database developers on creating a custom SQL schema for importing and sorting
migration assets from discovery phases. This data provided management with
guidance reports and provides migration leads the data to cast migration
waves and phases. Worked with developers on custom script to address staging
and migration of desktop assets. ·
Successfully migrated the CERC(Children’s
Evaluation and Rehabilitation Center) department PCs, IP phones and dental
clinic from YU’s network to Montefiore’s during an aggressive schedule that
had financial ramifications if late. ·
Provide technical plans and order
of operation steps for Montefiore’s’ deployments teams relating the
integration of all existing switches on campus(to be owned by Montefiore
after migration) to Montefiore’s Nexus based core and distribution switches
also located on campus. ·
Provide technical, project consultation
and management guidance to assist Montefiore with the Yeshiva University
divestiture of Albert Einstein College of Medicine into the Montefiore system
during ongoing contractual and fiduciary negotiations. The Albert
Einstein College of Medicine will become the New College of Medicine (NewCom)
under Montefiore. The first phase of the migration entailed integrating a set
of complex Financial and Human Resource (HR) applications for college
employees, logical and physical network separation, Active Directory(AD)
account migration and engineering the various user credential types to meet
Montefiore’s access requirements plus integration of existing new hire
onboarding process to Montefiore’s with little to no change to the user
credential. ·
Conduct technical planning
meetings with the cloud providers to determine their VPN peering and AD
authentication options (ADFS/LDAP, SAML) available for single sign on. The
project also includes providing the same initial applications currently
available at Yeshiva but now to Montefiore’s system for the New College of
Medicine employees via several different, SaaS, PaaS and IaaS cloud
vendors(Banner student application module services via ellucian Luminis
platform cloud services, Argos eVision hosted by ellucian cloud services,
Kronos timekeeping, payroll and HR services via Kronos Cloud services, OBIEE
platform for finance and analytics via Biztech’s cloud services, SciQuest
platform for analytics, sourcing and finance via ellucian utilizing loginXML
to authenticate Sciquest cloud services, lastly iCIMS applicant tracking
platform). ·
Conducted work stream planning
sessions with the Security and AD technical team leads for AD ID duplication
analysis, integration into Montefiore AD, attribute use for unique identifier
and for various onboarding process uses. Assist in outlining engineering
process with security and application teams to cover, existing credentials,
new hires and non hires that will use both college systems after the formal
transition date. ·
Conducted work stream planning
sessions with network technical team leads for a tactical secure SSL based
network separation solution until asset discovery is completed. ·
Provide tactical and strategic
engineering design and migration guidance for supporting network architectures
between organizations and cloud vendors. ·
Provide tactical and strategic
guidance to support the VOIP migration between the organizations. ·
Provide project management
guidance and recommendations on scheduling of resources and approaches for
using cloud vendor SME’s in an optimal way to facilitate project engineer’s
design and build needs. ·
Conduct project and status
meetings, create application authentication workflow diagrams to assist
design engineers. ·
Work with business analysts,
finance, legal and other non-technical contributors from the university and
Montefiore to validate requirements, set expectations plus identify risk or
shared fate points. ·
Facilitated bringing together the
colleges business and Montefiore’s technical teams to collaborate on custom
solutions or additional legacy requirements discovered during migration
process. ·
Manage AD consulting vendor and
provide escalation support for their AD related migration testing activities
amongst the colleges and between cloud vendors. ·
Produced project plans,
documentation, network designs, and authentication flowcharts for contributor
use plus create proposals with team leads and directors and conduct
presentations to management for direction decisions. ·
Identify project risk points,
escalate issues when necessary and strive to prevent scope creep. ·
Provide technical guidance to
other project managers when applicable. ·
Provide networking related
technical guidance to all contributors when applicable. ·
Successfully managed project
phases to assist SMEs in complex AD trust peering and migration between the
colleges and Montefiore’s AD systems and the initial application cloud
vendors. ·
Successfully coordinated the build
of a custom legacy application tool for Montefiore which was critical to the
project’s overall functional success. This application’s function as part of
the service chain was overlooked in the planning scope and needed to be
integrated immediately so existing application scripts worked and testing
personnel can validate critical financial related transactions without
further impeding the project schedule. Conducted planning and technical
sessions online with developers and administrators to build and test the
replicated legacy solution to completion for Montefiore’s NewCom use. ·
Successfully planned and manage a
team of engineers to conduct a complete sweep of the Albert Einstein college
campus of IDF, MDF, BDF closets for asset discovery, verification and to
provide information for Montefiore network engineers to conduct initial
network design integration planning. Created sweep process with team and
applied to a schedule. This sweep was completed ahead of schedule. ·
Successfully provide technical and
process guidance in setup up PGP transfers of critical payroll and accounts
payable transactions between the NewCom University and banking institutions. Major lessons
learned from project exposure: ·
I learned that when dealing with
cloud based projects that entail various SDLCs involved to replicate systems
the cloud vendor capabilities must be fully vetted for areas such as project
plan WBS and schedule must align with various cloud capabilities/SLAs and
provisioning tenant schedules to determine hidden risks to the entire project
from newly discovered yet unavoidable change schedule scope creep. ·
In addition I also learned that
coupling application migration, authentication, application re-builds, and
any further customization from a rooted legacy environment to various cloud
provider platforms is extremely challenging if the original planning
conducted wasn’t detailed enough to identify potential hidden risks. The
project schedule from an overall standpoint was extended from its original
aggressive schedule due to such discoveries. Columbia
University, 2/15 – 3/15 Role- Infrastructure Analyst ·
Provided management and technical
consultation to CUIT and Accenture project team leads related to migrating
legacy applications from their existing infrastructure to a FlexPod based
converged infrastructure platform. Provided guidance in project
approach, process flow, migration best practices and application protocol
dependency identification. Validate technical migration approach with
application and infrastructure stakeholders. Identify application
dependencies and review current approach for migrating applications from
current to target state environments. Provide recommendations on project
quality control, resource recruiting and roles. Developed custom application
and protocol mapping FSM template diagrams to depict current to target state
application transition and risk points for migration leads to use throughout
migration process. The diagrams provide a before and after state of the
application’s flows and network plus provide completed post migration
documentation. ·
Provided technical recommendations
such as use of VMware NSX and Logical Firewalls, F5 firewalls, Docker and
various ACL consolidated security points over current host based ACLs plus
application protocol discovery techniques using NBAR, iptables, netstat,
tcpdump and COTS tools. Reviewed FlexPod network infrastructure and university routing core
for best practices use cases. Contributed to technical standards for ACL
management, application discovery questionnaires, and dependency inventory.
Outline project schedule, order of operation, technical risks and review risk
management processes. Propose methods to manage, mitigate, or remove risks
and outline any inefficiencies in migration process. First National Bank
of LI – 1/15 – Present Role- Sr. Network Architect ·
Provide ongoing technical
management consulting services to the VP of Networking and Security.
Reviewing current campus and branch wireless solution, security impact and
testing options. Review their planned 10 Gigabit backbone upgrade of campus
network core fiber and data center switch upgrade approaches, current plans
and provide guidance and recommendations. Review the bank’s MPLS based WAN
branch solution from their new provider, backup path solution, security, IP
address schema and network management visibility options. ·
Conducted a network assessment of
the Bank’s LI multi building campus Data Centers/DR Data Center and provide a
set of tactical and strategic recommendations for the Bank to upgrade and
positon their current core campus network to support a converged
infrastructure for 10-100Gigabit Ethernet, Brocade FCoE SAN extension, eVault
storage, VMware Vmotion and DRS between DCs, a new VOIP system, Video and a
new branch WAN carrier vendor due to additional branches coming online.
Provided guidance on the following: moving from vendor owned public IP
address space to Bank’s private IP schema, general traffic levels, volumetric
application distribution, security camera traffic segmentation, MTU, Jumbo
frames, VLAN tagging, IP subnet schema, suboptimal routing, firewall ruleset,
FHRP/gateway routing, infrared link usage between campus buildings, STP, LACP
issues, HP core switch management and Cisco WLC redundancy. Identified and
outlined critical security issues present. ·
Reviewed all Data Center HP core
HP 8200 zl switches for code levels and SDN/OpenFlow capabilities. Surveyed
IDF/MDFs for best practice violations and for RTO/RPO compliance. Provided
recommendations on updated network management tools and IPAM solutions for
management to consider. Outlined current immediate illnesses with remedies to
position for upgrades. Reviewed proposed third party branch wan solutions and
provide deployment approaches. An executive summary roadmap document for the
CIO/CTO outlining all issues and recommendations plus current and future
state network architecture diagrams for further planning reference was
delivered. Core network upgrade planning is ongoing through my office. DELL and Arizona
State University, AZ 2/13 – 2/15 Role- Sr. Network Architect ·
Successfully completed ASU’s Data
Center(DC) migration and redesign upgrade project. The new design is a
collapsed version from a classical three tier to a two tier hybrid Fat Spine
and Leaf architecture for enhanced flexibility, scalability and positions ASU
for further converged infrastructure capabilities and SDN without the rigid
constraints of the original architecture. The resulting design consisted of
utilizing existing production assets as a tactical solution for CAPEX/OPEX
compliance, improved performance and redundancy between the campus based DC
and a new Co-located DC facility at IO. The enhancements applied from
previous Proof of Concept (POC) design and testing projects now positions ASU
for next generation DC converged POD network capabilities, resiliency and
performance at current operational baselines without a major forklift CAPEX
incursion. Authored a set of tactical and strategic network roadmap executive
summaries as well as a best practice applicability matrix for post migration
reference. Provided guidance and mentoring to ASU staff engineers and
outsource third party network engineers regarding implementation and
troubleshooting approaches. Provided management consulting to ASU in the
areas of carrier SLA contract review and negotiation approach. ·
Applied advanced NX-OS features
and best practices for consistency, enhanced performance and stability such
as SoC port alignment, Fabricpath ISIS Overload, VLAN Pruning, VPC+, PKL,
LACP, Storm Control, Authentication and FabricPath ISIS related tuning
options (FTAG roots, SWID hierarchy, routing and various metrics/timers) for
optimal local and DCi site convergence use. Created a DEVOPS NX-OS based
custom Operations menu and command set based on EEM, Aliases and command
scripting. ·
Implemented Sampled Netflow V9 and
Embedded Etheranalyzer for enhanced visibility. Migrated from default VDC to
Admin plus Data Center VDCs and assigned necessary interface resources. I
worked on troubleshooting 5k/2k FEX microburst/queuing and MAC flooding
related bugs and scaling issues with iSCSI based NetApp clients and Citrix
XEN STP/Linux bridge related issues. Conduct review of Cisco Prime DCNM,
NetflowLogic’s Splunk application for Netflow v9 and NetBrain for DC
management and documentation use. ·
Conduct POC testing for failover
and DR behavior, Intra and Inter DC traffic pattern observation, pre
migration staging and order of operation execution script creation plus to
glean baseline RTO and RPO metrics of updated architecture. Provide hands on guidance
and assistance with production migration post POC. The reference and detailed
design planning included FSM operational state diagrams and configuration
“snippets” for each engineered section plus provides a documented workbook
post migration. Conducted custom FabricPath and IPERF based traffic
generation on switches to simulate MAC table flood for DRAP and Jumbo MTU
related performance testing. Provide detailed latency and network behavioral
POC results documentation for migration use reference. This documentation
also provides details about discovered product behavior and protocol bugs
with detailed reference matrixes for tactical and strategic use across all
areas of the DC including Network, Firewall, Load balancers, Access/Storage,
Applications, Trombone/traffic flow. DELL and Arizona State University
(continued) ·
Provided reference and detail
network design POC planning and execution for ASU’s new DC. This activity
included Nexus 7k OS ISSU upgrades, cable/port inventory, VDC planning/provisioning
across F2 modules, testing of various design options including FabricPath and
VPC+ domains, ANYCAST FHRP, Citrix Netscaler Route Health Injection(RHI),
Check Point VSX-VSLX Cluster plus storage protocols across DCi. Also, testing
of OSPF/EIGRP for North to South and East to West prefix signaling, 65k VSS
failover, ARP, CEF and TCAM table allocation/timing considerations plus the
integration to the core campus network cloud. Additionally, optional solution
items vetted were OTV/LISP/VXLAN overlay, FabricPath Multitopology use,
Overload/Vlan pruning, TTL and ECMP, collapsed L3 based VDCs for routing
protocols and GSLB/FHRP, iSCSI protocol tuning, as well as any changes to
various VMware, Citrix, NetApp and Check Point components. ·
Provided technical and management
consultation to ASU for their current DC migration and network architecture
upgrade project. This entails reviewing FabricPath, Overlay Transport
Virtualization (OTV) and Locator Identity and Separation Protocol (LISP),
VXLAN, VMware NSX and Cisco’s Dynamic Fabric Automation as various DCI and VM
mobility options with ASU and their network/storage/security and load
balancing product vendors to ensure ASU’s design considerations are defined,
captured and met. Spearheaded the design meetings/session with vendors and
ASU staff, Cisco, Check Point and Citrix vendor engineering representatives
to validate design mechanics and functionality. Provide engineering and
testing guidance to ASU for DCi link provisioning and testing. Provide troubleshooting
guidance with Cisco TAC, ASU and CenturyLink regarding Nexus related bugs
affecting FabricPath, Spanning-Tree, VPC+, ARP tables and DCI interconnect.
Assist with DELL and ASU on VM migration proof of concept testing project for
the university. Authored overall DC design consideration document to capture
and outline all options from vendors and track design changes to document the
final solution selected. Reviewed managed provider’s SLA agreement and
provide ASU guidance on SLA objectives for Data Centers and DCi links. ·
Reviewed their current Cisco Nexus
7k and 5k FabricPath based DC core for performance, intra and inter DC
traffic flows, inconsistencies in configurations and behavior and for DCI use
between the current and migrated sites for VM mobility, SAN and
application/database synchronization needs. Identify options to progress
their current single location DC from an Active/Passive model into an
Active/Active version between DC locations with current technology assets and
vendor recommend solutions. Reviewed their migration IP addressing(reuse or
new), use of Nexus VDC and unified fabric for FCoE use, ISP and BGP peering
to DC failover plans, EIGRP use for load balancing, DNS, Netscaler and NetApp
performance and expected application traffic flows. A detailed report was
delivered to ASU as part of a larger DELL initiative to assist ASU in
progressing towards a fully converged infrastructure between DC sites to
support the entire ASU campus, WAN, affiliates and their vendors. The report
covered identified illnesses, risks and shared fate points, topological
disaster recovery and traffic flow planning matrixes, an assessment of their
migration approach with tactical and strategic recommendations. ·
Conducted a high level assessment
of its DC network to provide tactical and strategic recommendations for the
migration of a section of its current DC from the Tempe Az. campus to a new
Co-located DC vendor IO. The assessment also provides ASU ideas to progress
towards a converged infrastructure by leveraging its current DC assets. This
assessment entails a review of network infrastructure diagrams and
documentation present, interviews with staff and management, migration design
and cut-over plans plus a review of their support and operations provisioning
process and tools used. In addition a review of their DC technology assets,
configurations and a cursory traffic analysis was conducted against the major
DC connection arteries for a performance and capacity baseline. Outline
observations relative to the general health of the network and capture any
issues related to the migration. In addition a review of network management
and operations process for improvement and suggestions was conducted. ·
I was also requested outside of my
DC project responsibilities to provided design and protocol level
architecture guidance regarding an Internet2 SDN solution for a Cancer
Research based High Performance Computing Cluster(HPCC) Big
Data/Hadoop/Cloudera based system. This design entailed NEC ProgrammableFlow SDN
controllers, OESS, ASR9k and DELL/Force10 OpenFlow based switches for end to
end provisioning of L2 circuit between research universities over the
SunCorridor Internet2(I2) POPs. I reviewed the solution’s protocol FSM and
OpenFlow capabilities against the 1.3 specification to determine protocol
functional parity for pipelines and action set behavior. Reviewed I2 ALS2 and
3 services and ASR 9000 100Gb interface requirements. Created detailed
diagrams to illustrate OpenFlow mechanics and outline configuration and
deployment considerations. Reviewed DELL/Force10 10/40Gb Ethernet based HPCC
network infrastructure for Fabric, OSPF routing and general post deployment
compliance. Aetna
Inc., Ct. - 9/12 – 2/13 Role- Sr. IPv6 Consultant ·
IPv6 Consultant - I was engaged to
conduct a strategic IPv6 readiness analysis for Aetna’s public facing
internet infrastructure. This encompassed two data centers in the US and one
in London with multiple DMZs comprised of routers, switches, load balancers,
firewalls, application plus specialty security and application appliances. An
IPv6 compliance analysis was conducted against production IPv4 inventory and
vendor/ISP capabilities. The analysis produced an asset readiness and business
risk impact report entailing an enterprise IPv6 addressing schema,
architecture recommendations that included tactical translation NAT64/DNS64
and strategic Dual Stack approaches, personnel skills development with lab
requirements, high level implementation steps, five year migration strategy
roadmap and timeline. The object of the readiness assessment report was to
help measure the complexity of deploying IPv6 while deriving budgetary and
scheduling data for planning purposes plus analyzing cost impacts CAPEX/OPEX
for enabling on IPv6 on non-compliant devices. Additional recommendations
include: Identification of unknown and high risk areas if IPv6 is not
deployed and remediation steps. A criterion for addressing new and existing
hardware, software, and outsourced service providers to ensure forward
compatibility. Vendor discovery, ISP capabilities and analysis as vendor
roadmaps solidify and mature. Identification on cost impacts and labor
estimates for utilizing staff vs. integration provider estimates. A testing
approach/methodology and recommended remediation strategy and timeline. A
detailed deliverable report was produced for upper management and staff with
supporting costing and readiness spreadsheets for additional planning use. United
States Department of Energy (DOE) Enterprise
Savannah River Site (SRS) and Savannah River National Laboratory (SRNL), SC.
1/12 – 6/12 Role- Sr. IPv6 Consultant/Engineer ·
Designed and deployed a dual stack
IPv6 solution on public facing Internet and DMZ infrastructure to meet the
U.S. federal government’s Office of Management and Budget IPv6 mandate four
months ahead of schedule and budget plus to position this federal agency to
reach global Internet customers ahead of its competitors. The IPv6 project involved
protocol research of vendor operating system stack capabilities, operation
bugs and security advisory scrubs across all platform operating systems,
USGv6 NIST SP 500-273/267 and RFC compliance. In addition, security testing
which included crafting custom IPv6 packets to test WEB, FTP, SMTP, McAfee
8.x firewall, DNS, Solaris, Apache, Redhat, Cisco ASR IOS-XE for general use
and exploits. Utilized project to sweep public Internet and DMZ network
sections for operating system and product upgrades. We needed to ensure that
the IPv6 mandate was achieved and as securely as possible. ·
Tested and enabled IPv6 on servers
and appliances used for DNS, Web, FTP and Sendmail application services.
Resolved protocol stack bugs with Infoblox, McAfee, Solaris/Redhat, Bluecoat,
and Cisco relating to IPv6 and dual stack architecture. Engaged vendors to
correct key IPv6 shortcomings that could affect production implementation and
security posture. ·
Discovered IPv6 Cisco ASR IOS-XE
RP to ESP TCAM bug related to the size type of ACL entry and McAfee firewall
resource depletion attack vector using IPv6 Fragmentation EH as two of many
different issues uncovered during research. ·
Discover and document McAfee
Firewall IPv6 related rule shortcomings to prevent security breaches. Created
Global Unicast and custom Link Local address schema and use policy for DMZ
and public facing devices. ·
Tested other DMZ devices slated in
future for IPv6 compliance such as Cisco VCS 7.0.3, McAfee ESA 3400, Bluecoat
Proxy SG and Cisco ASA 5520. Project included replacing single point of
failure IPv4 Solaris BIND based DNS with a high availability Infoblox for
IPv4/IPv6 DNS solution thus upgrading the organization’s public DNS system a
year early as a positive extra byproduct of project results. ·
Work with application developers
and server administrators to ensure IPv6 related APIs and Sockets stacks were
compliant across all services. ·
Built an IPv6 lab to mimic
production environment for extensive research, testing and validation of all
IPv6 dual stack related Internet servers, applications, security, DMZ related
protocol operation and testing. The lab was also utilized as a deployment
staging, practice and training tool and built for future use by staff for
testing features such as DNSSEC, IPv6 related patches or testing of new IPv6
related features before production use. Created and conducted custom hands on
IPv6 training classes for agency staff which covered the protocol’s use and
mechanics through specific product use for ongoing operation and maintenance.
Conducted “lessons learned” sessions and provided agency with IPv6 industry
related information resources and educational material. ·
Conducted an analysis of possible
IPv6 extension header exploits and used open source tools to construct
crafted packets to test security features of firewalls, router ACLs and all
other vendor IPv6 stack related functions. Validation of protocol exploits was
conducted with packet capture and analysis and results were reviewed with
agency cyber security personnel. Executed IPv6 traffic level and packet
exploit stress testing against dual stack components in lab and documented
behavioral results. United
States Department of Energy (continued) ·
Created detailed matrix based
documentation that include NIST/USGv6, product and RFC pass/fail compliance,
addressing schema, bug scrub and OS version upgrades, security packet attack
testing and per device/product dual stack feature testing results for all
devices involved in production environment. The matrices were required to
track the compliance, testing and bug discovery progress at a granular level.
Detailed diagrams for the lab and production environment plus a multi
operating system IPv6 command line user guide for function testing and
validation was also created. ·
Developed a deployment approach
and detailed testing criteria based on results gleaned from research which
ensured the smooth and outage free integration of IPv6 over production
running equipment. The approach ensured that some common IPv6 issues such as
RFC 6555 “Happy Eyeballs” from affecting current IPv4 customers or Sendmail
unable to handle IPv6 spam were addressed. Developed a custom Cisco IOS-XE
IPv6 router management and operations menu and a command line toolset for
staff to quickly identify and troubleshoot IPv6 related issues. Utilized IOS
based tools for the deployment and post deployment use such as a “kill
switch” for zero day deployment, Denial of Service policer, NBAR, Netflow,
and packet tagging for DMZ IDS filtering to provide full IPv6 visibility from
the perimeter router for operations and security staff. The tools also
included the use of Embedded Event Manager applets to automate IPv6 support
related functions and toggle Embedded Packet Capture functions. Applied IPv6
reverse path verification, ACLs and Bogon lists to interfaces. Tested IPv6
BGP and recommended auto Bogon BGP peering service from Team Cymru. ·
I worked in liaison with the DOE
Project Manager, created project plan, conduct project meetings with all
stakeholders and agency representatives, escalated issues within agency and
to vendors. Attend federal IPv6 task force meetings when applicable. Managed
schedule to prevent scope creep resulting from outside initiatives impacting
project resources and kept project on and eventually ahead of schedule to a
successful completion. We were one of the few agencies in the federal
government to meet the federal Office of Management and Budget IPv6 mandate
early and were prepared for World IPv6 Day with a secure and easily managed
solution. Provided additional guidance and recommendations regarding IPv6
industry best practices for future agency IPv6 related projects. ·
Requested to participate in
another, larger scale project, after the IPv6 project was completed. This
project entailed upgrading a DOE site wide data center core from a L2 core to
a MPLS Core for VPN services utilizing various Catalyst 6500 and Nexus 7/5K,
MPLS, M-BGP, OSPF and Nexus 2k FEX for top of rack server farm access. The
300 square mile government site consisted of many research areas (some
classified) and each are to become CE/PEs and communicate via MPLS core for
common services. Basically building a carrier network within the
enterprise. This is a very complex, highly secure, government network
with their own private telecom switching stations, fiber infrastructure and
power plants on site plus firewalls and various monitoring systems present between
all layers to protect classified and unclassified data thus making
evolutionary upgrades extremely difficult and imposes many design
constraints. Client had issues with onsite vendor and project fell six months
behind schedule. After first site cutover had difficulties I was asked to
provide protocol and approach guidance. I outlined technical architecture
issues related to the new core deployment of MPLS/BGP and the risks during
future transition steps. ·
Resolved issues relating to
initial deployment result affecting major server farm switch Port Channels,
CE to PE VRF VPNv4 prefix mutual redistribution leaks resulting in VPNv4
routes present in Core routing tables and routing loops. Also reviewed were,
vPC, FEX pinning, MTU and MPLS fragmentation, iBGP/Route Reflectors, VLAN
distribution and sprawl, VTP, STP, OSPF Superbackbone down bit/domain tag
prefix list, IP subnet size issues and wireless controller platform approach.
Provided consultation on approach for migration based on protocol mechanics
behavior, application impact of sites involved and the security overlay
restricting a graceful deployment. ·
Reviewed existing migration plans
and provided recommendations on scheduling, approach and resources required
to complete with minimal impact to the site. Recommended options such as
pushing vendor for proper resources to aid client, Fabric Path as possible
tool to alleviate design constraints. Improve planning for staging time and
cut over practice, the possible use of VDC to create overlay based solution
or the use of RT extended community for hub and spoke option. ·
Also recommended reviewing
architecture use of layer 2 through 4 protocol notification from
carrier/debounce/damping through OSPF/LDP/BPG/NSF timer synchronization
options and route inventory snapshot before and after any site cutovers.
Conducted ad hoc VRF/MPLS/BGP training classes to help staff understand how
routes in VRFs from sites will propagate. Provided list of possible “gotcha”
issues that could appear during transition. Drafted post mortems on problems
discovered and resolved and conducted lesson learned sessions with team. ·
Provided general network
engineering, troubleshooting support and guidance in many other areas of this
agency’s network including providing Cisco ASR 10Gbs and BGP peering support
for National Lambda Rail connectivity to other national labs. Assisted in
staging Cisco network infrastructure to support DAS and SCADA applications
for the Clemson University wind turbine testing center project in North
Charleston, S.C., IPTV, ASA and GLBP, BGP Multipath, server virtualization
connectivity, 802.11 wireless controller and guest access security related
issues. Applied
Methodologies, Inc. 9/11 – 12/11 IPv6
research project for Offsite Disaster Recovery and Cloud Company Role- Sr. IPv6 Consultant ·
Research all aspects of IPv6
protocol operation, mechanics and deployment/management options for
enterprise and data center to support a cloud company’s remote access clients
and the cloud company's data center core. Determine the feasibility of
migration, outline deployment caveats and provide staff an understanding of
IPv6 in general and its benefits for migration. ·
Deployed IPv6 in labs from client
and AMI’s utilizing various Cisco platforms and routing protocol environments
- IPv6 - BGP/EIGRP/OSPFv3 and ISIS to better understand native use. The
project encompasses working with IPv6 code relating to Cisco IOS 12.x and
15.x on various router and switch platforms Windows 7 and Server 2008 R2,
Ubuntu Server 11.xDocumentation of all research and testing results. ·
The project included the following
features and options of the protocols to be tested: Protocol
exploits in various main and extension header fields and FSM issue for
security, IPv6 Transition technologies, OSPFv3, EIGRPv6,
IS-ISv6, Dual stack/protocol environment analysis, DHCP and DNS in IPV6,
Single IPv6 routing protocol end to end for server connectivity, Multiple
routing protocols for IPv6 SIN routing, Flow label use, QOS dual and single
mode, IPv6 tunnels via MPLS core, IPv6 based IBGP core, IPv6 DMPVPN, GREs
VPLS, BGP multihome ARIN prefix allocation process, IPv6 tunnel/transition technologies,
IPv6 routing protocol redistributions, IPv6 BGP internal and external, V6PE,
IPSEC, Path MTU testing, Jumbogram testing, addressing changes /120 /126/127
prefixes for router to router links, addressing of 6 to 4 and general
prefixes for core, NAT, Netflow use with IPv6, IOS DHCP server on router,
Multicast services, IPv4 through IPv6 core and IPv6 through IPv4 MPLS core,
IPV6 on ASA, IPV6 IOS firewall, IPV6 Wireless, Multiple OSPFv3 and EIGRPv6
instances/contexts and AFs on routers vs. VRF, VRF for IPv6, NTP, ISATAP,
6to4, Teredo, Firewall and content appliance review for IPv6, IPv6 SLA, IPV6
ACLs and CEF. Applied
Methodologies, Inc. 7/11 – 8/11 Thermoelectric Generation Systems (TGS™) ·
TGS related US Patent Office
Action response work deadline in August 2011. Completed response to USPO
office action regarding my TGS prototype patents pending. The Hershey Company, Pa. 11/10 – 6/11 Role- Sr. Wireless Network Engineer ·
Designed and implemented a large
scale Cisco Unified Wireless Network(CUWN) for the enterprise campus and
manufacturing plants. The new CUWN replaced a large scale Cisco autonomous
based system. The CUWN positions Hershey for enhanced wireless services to
support enhanced data, voice, video, guest users, mobility services and support
of iPad and iPhones for executive staff. The CUWN also positions Hershey to
leverage current and future mobile technologies – merging 4g and WIFI to
enhance productivity and cut costs at its campus and manufacturing plants. ·
The CUWN design and configuration
entailed over six Cisco 5508 Wireless LAN Controllers and various models of
LWAPs(Lightweight Access Points), including Mesh and Clean Air models.
Conducted physical and RF site surveys for AP deployment, utilized existing
coverage patterns of legacy APs for LWAP swap related locations. Utilized RRM
to triangulate coverage holes once initial deployment at a site was
completed. Used Clean Air statistics from LWAPs at manufacturing plants to
support LXE based warehouse bar code scanners. Configured all 5508
controllers in redundant pairs and tested failover and LWAP join process.
Create all WLAN SSIDs and AP Groups. Tested Cisco 1231 Autonomous AP to LWAP
“on the pole” conversion process of converting 1231 and 1142 APs from
Autonomous mode to Lightweight and back to Autonomous mode for deployment and
rollback consideration for plant deployment. ·
These APs are for use in various
plant environments to support a critical LXE based barcode scanning
application that currently supports original Barker and CCK codes lower
802.11b rates. Manufacturing operations cease if barcode function is paused.
Use WLC Configuration Analyzer for WLC configuration comparison.
Resolve client and LWAP join related “stickiness” issues. Submit any issues
and bugs discovered during deployment to Cisco for review. Implement AP and
rogue security policies. ·
Utilize Spectrum analyzer and
wireless sniffer for coverage and protocol violation detection. Tuning and
troubleshooting of various 802.11 B/A/G/N issues relating to RRM, DCA, TPC,
AP Load Balancing, MIMO, Beam forming(Client Link), coverage hole detection,
RADIUS/EAP timers and rogue detection/RLDP. Provided 802.11n bonded 40Mhz
channels on 5Ghz and utilized legacy 2.4Ghz channels for 802.11n MCS rates
for full coverage potential and barcode rate support. Troubleshoot and tune
client related driver roaming issues. Change production LWAPs into Monitor or
Protocol Analysis Mode, when needed, to conduct remote troubleshooting
operations. Troubleshoot any CAPWAP and LAG related issues. Configured and
tested Voice Wlan usage with Cisco 7925 IP phones. ·
Trained Hershey personnel on the
basics of LWAP provisioning, 5508 wireless controller fundamentals and CAPWAP
protocol functionality for support and troubleshooting during the deployment
plus created/held a custom two day training class that covered basics of
LWAPs, CAPWAP process, Split MAC and WLC architecture with labs and reference
material for support personnel to utilize post training. Supported legacy WDS
based Autonomous system during upgrade and globally for sites not updated to
CUWN. The
Hershey
Company
(continued) ·
Lead a team of network support
personnel through the deployment of campus site cutover from the legacy
Autonomous system to the new WLC LWAP system. I developed project plans,
cutover and rollback scripts conducted project meetings and spearheaded the
execution of all tasks with the team. We achieved successful deployments of
over six campus sites and plants with no impact to the business through sound
project approach and planning. ·
Setup Wireless Control System(WCS)for
controller management, WLC configuration archiving, future provisioning
template usage plus imported controllers, maps, and campus building
information. Created custom reports on usage statistics, alarms and events
for support personnel to utilize. ·
Develop initial (pre Mobility and
Guest Server product purchase) campus wide “Guest access” services utilizing
WLC based DHCP and Web Authentication services. The Guest access service
utilized a common cable internet access connection to a Cisco 2921 router
running IOS 15.x, VRF Light and Zone based firewall feature set. I developed
the Zone based firewall policies(class/parameter maps), denial of service
policer, implemented NBAR for protocol/traffic profiling, LAG switch
and WLC ACLs and created a custom IOS menu for support personnel’s use to
review firewall policy, NBAR and traffic statistics. This custom router used
for Guest wireless access also included the use of IOS Embedded Packet
Capture tools for support personnel to execute captures of guest traffic for
compliance needs quickly from the custom IOS menu. Guest services can be
provided by assigning any enterprise LWAP throughout the campus into the
defined Guest AP group on the WLC to provide dual internal and guest access
services. ·
Cisco/Tandberg Telepresence pilot
network support, I provided engineering and general support for the pilot
project of demonstrating Telepresence technology for the Hershey senior
executive staff. This entailed ensuring the network infrastructure, where the
pilots are deployed, supported “end to end” QoS so the Telepresence traffic
was placed into the proper queues and received the correct PHB. Configure
Cisco/Tandberg Profile 65s and EX90s for DSCP markings, codec settings,
conference protocols (H323 suite and SIP) plus bandwidth rates for voice and
video. Configure and tuned Codian MSE 8510 blades for bandwidth, codec,
conference handling and resolution control of connected laptops for sharing
presentations. Monitor pilot conferences via Codian and switches plus troubleshoot
any issues. The pilots were successful convincing senior management the need
to deploy Telepresence globally. ·
Complete global switch QOS
deployment project to support upcoming Cisco/Tandberg Telepresence
deployment. This project entailed review of QOS policy and queuing
configurations plus pushing the configurations out to over 11k ports
throughout the world and validating. ·
Conduct global Cisco switch IOS
and port macro upgrade. The macros were developed and tested for various
types of switch ports, LWAPP, Telepresenece device, and general workstations.
They were deployed to all global switches utilizing REXX and CiscoWorks. All
switches were staged for IOS upgrades and executed outside of business hours. ·
Develop IPv6 lab to test basic
IPv6 protocol configuration and comparison of deployment between IOS 12.4T
and 15.1.3 routers. Also tested IPv6 based routing protocols (BGP, OSPF,
EIGRP), prefix lists and filtering for functionality and SIN routing. The lab
is for Hershey personnel to use to learn about the protocol and test possible
deployment scenarios in a scratch pad environment. ·
Provide daily level three support
for the Hershey global network and MPLS based WAN cloud as well, some of the
items I supported are: Cisco ASR based core WAN routers, 28/2900 based global
site routers, DMVPN, AT&T/Sprint MPLS, EIGRP, eBGP, iBGP, Catalyst 6500
standard and VSS platforms, 10Gigabit Ethernet, Zone based firewall
configurations, 4500R+E platform, legacy plus MST Spanning Tree,
Multiple VTP domains, Dragon/Gigawave PtP wireless links between campus
buildings, 2900-3750X series switches in L2 and L3 modes and stacks,
CiscoWorks, Cisco ACS, complex general campus and WAN
domestic/international remote site network infrastructure. Mentor staff
members and provide guidance to new interns. Bank
of Smithtown/Peoples United Bank 8/10 – 10/10 Role- Sr. Network Security Engineer ·
Designed and implemented a branch
wide failover network to back up the bank’s regional MPLS WAN. The failover
network provides, per branch office, on demand redundant path protection over
a regional cable ISP’s network. The failover design utilizes Cisco ASA
firewalls(at OS 8.3(2), IPsec based L2L VPN tunnels, EIGRP to provide
successor cutover mechanism, definition of ISAKMP and Encryption security
policies for the bank. Tested and tuned Cisco ASAs to ensure state-full
cutover process is sound, no impact to client application flows and that
asymmetrical routing was not present. Applied
Methodologies, Inc. 6/06 – 4/10 Thermoelectric Generation Systems (TGS™) ·
Contributed to the “Greening“ of
the data center by developing an alternative energy harvesting system that
converts waste heat in IT Servers, Switches, Routers and any other IT device
into usable electricity for use to offset enterprise data center energy
consumption costs. I demonstrated successfully the powering of a Cisco
enterprise class Ethernet switch solely from the byproduct waste heat energy
produced by the prototypes employing my system outlined in the patents. ·
I developed the patents and
authored a white paper discussing the economics of data center energy
consumption and efficiency metrics in the enterprise plus discuss my
Enterprise Energy Vision. I conducted all the necessary electrical and
thermoelectric research, engineering, analysis and design plus prototype
development. I also developed the project website and online demonstrations
outlining the details of my solution and prototypes. I moved the idea from
paper to prototypes and prepared all the content necessary for interested
investors. Netstream:
11/09 – 12/09 Role-
Sr. Wireless Consultant ·
Contracted to assist with
troubleshooting a Cisco based wired/wireless VoIP solution for a hedge fund
manager’s private office suite. Conducted spectrum analysis of wireless cells
to determine interference issues. Performed 802.11n and VoIP protocol
analysis to determine whether the issue is VoIP or wireless related. Applied
tuning parameters to Wireless LAN Controller and LWAPs for Dtim broadcast,
codec and QoS parameters. Applied changes to WiFi phones, executed tests and
resolved issue. Applied Methodologies, Inc. 6/08 – 10/09
(Various Consulting Projects and TGS) (Various Consulting Projects) are projects
lasting from 1 day to 1 month. I am either hired directly from a client
(local or remote)or I provide short term consulting work on the behalf of
other systems integrators. Consolidated
Edison 10/07 – 5/08 Role- Sr. Technical and Compliance Oversight
Manager ·
IT Construction Oversight Manager
of data center communication room construction projects for new electrical
Transmission or Distribution Substations in the NYC area. Provided Project
Management services, Project Management mentoring to new PMs assigned to IT
substation projects, network and electrical engineering support and conducted
communications room build out compliance oversight to ensure that all
communication rooms within a substation meet the ConED, National Electric
Code, OSHA, NERC and FERC technical and safety standards. ·
Facilitate communication between
the IT and construction teams to ensure that all critical redundant optical
voice and data networks are operational prior to substation start up. Review
construction blueprints from below grade level to rooftop to ensure data
center communication rooms are built to IT specifications. Drafted and
enforced several project and compliance related processes and reports for the
PMs to utilize. ·
Assist in the development,
enforcement and practice of the utility’s substation communications
engineering specification and design guidelines. These guidelines outline the
basic criteria for the engineering and design of the required communication
facilities for all newly designed area and transmission substations. The
specification provides the substation with a reliable means of communications
during normal and emergency situations. This shall include the communications
within the substation, throughout the yard areas and buildings, to the Energy
Control Center (ECC) and Alternate Energy Control Center (AECC) plus other
utility locations, as required. TAM Corporation/Redwood Toxicology: 8/07 –
9/07 Role- Sr. Network Consultant ·
Hired as the lead remote troubleshooting
consultant for a medical screening company. Worked with overseas developers,
local network engineers and business management to resolve an application
upgrade transaction issue. The new application was experiencing performance
issues and timing out thus causing a backup in screening applications. Work
was conducted remotely to analyze packet traces of SQL transactions to
determine if the application or the network was the cause. Also, outlined
potential points to upgrade and tune for all components (servers, client PCs,
middleware, routers, switches and medical data acquisition equipment)
involved in each screening transaction. Coordinated all troubleshooting
activities remotely to isolate and resolve the issue. Applied Methodologies, Inc. 1/07 – 7/07
(Various Consulting Projects and TGS) (Various Consulting Projects) are projects
lasting from 1 day to 1 month. I am either hired directly from a client
(local or remote)or I provide short term consulting work on the behalf of
other systems integrators. New York Life: 11/06 – 12/06 Role- Sr. Wireless Security Consultant ·
Conducted a Radio Frequency (RF)
and general wireless security audit for the investment division of New York
Life. The audit covered RF leak point analysis, spectral analysis, rouge
workstation and access point identification, cell size analysis, packet
encryption and general 802.11 traffic/protocol analysis to determine the
security issues present. A detailed report was submitted which outlined all
issues observed with recommendations. Applied Methodologies, Inc. 11/05 – 10/06
(Various Consulting Projects and TGS) Consolidated
Edison: 1/05 – 10/05 Role- Sr. Network Engineer ·
Created a Quality of Service (QoS)
strategy White Paper to provide strategic recommendations regarding Cisco
based QoS planning and implementation in the enterprise. This document was an
encompassing, strategy, plan and “how to” guide to assist ConEd in deploying
and managing “end to end” QoS across its enterprise network to support a call
center disaster recovery VoIP based system and upcoming enterprise wide VoIP
and Video deployments. The paper included all QoS related configurations
commands and scripts plus a custom QoS deployment menu system developed for
ConED utilizing Cisco’s IOS menu features. ·
Contracted by ConEd’s legal
department during last minute subsidiary sale negotiations to provide
industry based subject matter expert opinion, facts and research for ConEd
regarding Metro Ethernet, MPLS and MST technologies to help ConEd make a
decision regarding a multimillion dollar Metro Ethernet carrier subsidiary
transaction. ·
Upgrade enterprise headquarters’
Cisco Catalyst 6500 based core backbone from Supervisor II to Supervisor 720
modules and convert configuration from Hybrid to Native. Created custom
cutover core backbone port state diagrams in Visio to track critical points
during overnight upgrade. ·
Provide support for enterprise
wide DWDM optical MANs. Identify any issues with Dynamic Packet Transport and
802.17 Resilient Packet Rings (RPR) and Spatial Reuse Protocol (SRP) plus
implement advanced SRP features on Cisco 10720 Metro/Optical Internet Routers
to improve resiliency. ·
Provide in-depth hands on
consulting and mentoring to engineers responsible for the upgrade of a major
electric control Supervisory Control and Data Acquisition (SCADA) network. ·
Developed a low cost distributed
protocol analysis solution to save ConEd almost half a million dollars that
would have been used on a commercial solution. ·
Provide industry trend consulting
to management regarding the consideration of utilizing MPLS and VPLS on their
core enterprise backbone to cut costs for voice circuit switch trunks and
cross enterprise Control Center SCADA traffic flow through. ·
Provide day to day high level
support of the network infrastructure and routing protocols. Provide mentoring to staff members and
guidance to new members. Work history prior to 12/05 is listed on master resume and can
be provided at request. Education
and Professional Certifications: Education:Empire State
College (S.U.N.Y.) Computer Science Industry
Certifications Achieved:
Industry
related texts:
References:Furnished upon
request |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|