Mr. Smith is seeking a position to continue expanding his expertise in Cisco Systems TrustSec solutions. Brian is a senior network architect with fifteen years progressive experience as a network professional serving numerous federal government agencies to include; the Department of Defense, the Department of State, the Department of Commerce, and the Department of Homeland Security; as well as the commercial and private industry.  Brian has extensive experience in architecture, design test and deployments of large distributed information systems. Brian has over nine years experience managing small to mid-size teams in Network Services, Network Security, Incident Response, Certification & Accreditation, and Penetration Testing Projects and has excellent working knowledge of industry standards and technology.  He strives to continually improve project performance, security technology, understands the importance of security policies, standards, laws and regulations in ensuring a secure and reliable infrastructure that meets client needs and expectations.

 

·         CISSP – (Certified Information System Security Professional)

·         CCIE Route/Switch (written) – (Cisco Certified Internetwork Expert)

·         CCNP – (Cisco Certified Network Professional)

·         CCIP – (Cisco Certified Internetwork Professional)

·         MCP – (Microsoft Certified Professional)

Cisco Identity Services Engine (ISE 1.x), Cisco Secure Access Control Server (ACS 5.x), Cisco CallManager, Cisco Unity, Cisco 5508 Wireless LAN Controllers, Cisco Aironet G2 3600 series, Cisco Security Manager, Cisco Mobility Services Engine, Cisco Prime Infrastrucure, Cisco IOS, Cisco Firewalls, Cisco IPS, Brocade/Foundry Network Routers (EdgeIron series and FastIron series), HP TippingPoint IPS, Microsoft Active Directory, Citrix Metaframe XP, Citrix XenDesktop, Citrix XenApp, EMC Data Domain, EMC vCenter, Solarwinds Orion, Solarwinds Log and Event Manager (LEM), Nessus, Tenable Network Security Suite, ArcSight, Retina Vulnerability Scanner, AppDetectivePro, DISA Gold Disk, DISA Checklist, HP Web Inspect, Juniper Firewalls (SSG series, SRX series, Netscreen series) Brocade/Foundry Network Layer 4-7 Switches (ServerIron series).

DoD Secret Security Clearance – ACTIVE
DoC Title 13 Security Clearance – ACTIVE

DHS Public Trust Security Clearance – ACTIVE

 

CSC (Computer Sciences Corporation)

December 2010 – Present

Network Architect Lead

Responsible for conceptual designs, development of Initial Operational Concepts (IOC), implementation of IOC’s into the production environment and management of operations. Provide support as Solutions and Network Architect for the National Flood Insurance Program (NFIP), Federal Emergency Management Agency (FEMA).

Effectively evaluated FEMA’s review of the NFIP current network environment and successfully developed a viable redesign that was proposed to FEMA.

·         Made the following recommendations for the NFIP program:

o        9 additional resources to support the redesigned network, which resulted in the creation of a Network Services staff of 7 CSC FTE's and 2 CSC FTE’s for Technical Writing

o        The design and creation of a Network Operations Security Center (NOSC)

o        Expansion of the Disaster Recovery (DR) site to a full Continuity of Operations facility (COOP) that will lead to additional CSC work in the upcoming contract

o        Voice over Internet Protocol (VoIP), Video Tele-conferencing (VTC), wireless and mobile computing

·         Designed the following solutions:

o        A Cisco Identity Services Engine (ISE)/802.1x solution that supports two-factor authentication

o        A Virtualized Server refresh solution that included Microsoft Active Directory (AD) migration from AD 2003 to AD 2008

o        The recommended wireless solution for IOC, for full evaluation of wireless in the NFIP environment

·         Designed and implemented solutions for:

o        Backbone infrastructure for Remote Access to the Virtual Desktop Infrastructure (VDI) solution and DR

o        Cisco Identity Services Engine (ISE)/802.1x solution that provides machine authorization, user authorization, user authentication, and posture compliance

o        The recommended mobile computing from IOC to implementation into the production environment

·         Implemented the following solutions for the NFIP program:

o        The Redesign Network Backbone solution

o        The DR site to ensure a fully functional network backbone was in place to support replication and to have the ability to operate as a Full COOP

·         Designed solutions for other departments of NFIP and FEMA to include:

o        Virtual Desktop Infrastructure (VDI) solution for Remote Access and DR

o        Wrote the configurations and firewall rules utilized for the Government controlled firewalls, providing support for the initial setup of the firewalls until the client (FEMA) Security Operations Center (SOC) could take over ownership

o        Storage to Disk solution with replication to the DR site

·         Made significant recommendations for enhancements that would provide cost savings and efficiency for the customer and implemented these enhancements which included:

o        The test and development phases of the Network Redesign, which resulted in additional storage, virtual servers, network equipment to include routers, switches, and firewalls

o        Increased bandwidth to support the additional network traffic load, increasing the circuits for the NFIP programs main facility in MD and the DR site in NJ to DS3 circuits

·         Worked closely with other departments and organizations inside and outside of the NFIP program to include:

o        Provided Engineering support for the CSC Norwich Data Center on the implementation of the Network Redesign associated with the external mainframe circuits

o        Government clients to approve 2 cutting edge COTS applications by the FEMA and DHS Enterprise Architecture Committee of Excellence (EACOE)

o        Internal NFIP departments and FEMA Information Technology Security Branch (ITSB) to ensure the NFIP program was granted an Authorization to Operate (ATO)

o        Internal NFIP departments to ensure smooth network operations and network traffic latencies, adjusting and providing enhancements when necessary or required

o        Provided Engineering support for FEMA engineering personnel at both the NFIP LSS main facility in MD and at the DR site

·         Successfully transitioned the Network Redesign for the NFIP program from the Test environment into the Product environment, replacing the prior Network in its entirety on the approved scheduled date of 15 October 2012

·         Operations and Maintenance for Network Services:

o        Serve as the Network Services team lead for the NFIP program

o        Provide operational support for Cisco ISE ensuring AuthC and AuthZ profiles are working as intended.

o        Security layer operational support utilizing HP TippingPoint IPS, Cisco ASA Firewalls, Juniper Firewalls, Cisco IPS and HP ArcSight

 

Smith Consulting

March 2010 – November 2010

Consulting Services

 

Responsible for development, implementation and execution of security audit programs. Perform security performance reviews, update security standards to ensure minimized exposure to security threats supporting the private industry.

·         Provide technical and subject matter expertise to small to medium sized legal, insurance, and CPA firms

·         Performed penetration testing of small to medium sized networks

·         Performed reviews of security standards to ensure minimized exposure to security threats

 

SRA International (Systems Research Application)

July 2009 – March 2010

Network Engineer III

Responsible for development, implementation and execution of technical audit programs supporting the Department of State. Worked extensively with project managers, engineers, technical staff, and Information Technology Change Control Board representatives.

 

·         Developed the Network Security Configuration Standard for the Department of State

·         Performed reviews of ITCCB (Information Technology Change Control Board) requests and responded to technical inquiries (AskCS).  This was accomplished by providing research of new technologies and vendors as they are brought to the ITCCB for review.  All new technologies and vendors will be cross referenced to ensure they meet Dept. of State regulations

·         Provided technical review and subject matter expertise on special projects for DS/SI/CS (Department of State, Diplomatic Security, Systems Information, Computer Security Department):  worked with the State Messaging and Archive Retrieval Toolset (SMART) program

·         Participated on ENM's (Enterprise Network Management) Next Generation OpenNet  (NextGen) project, providing technical expertise with regards to security of the new world wide network design

·         Provided configuration guidance Symantec End-point Protection suite for Enterprise deployment

 

PRISM Inc.

May 2008 – January 2009

Network Engineer/ Security Engineer

Responsible for development, implementation and execution of technical audit programs supporting the U.S. Census Bureau. Worked extensively with project managers, engineers, and technical staff to deploy a VoIP solution.

 

·         Provided security review of design for remote access technologies to include IPSec, Cisco VPN Accelerators, and Juniper VPN appliances

·         Advanced IP troubleshooting, routing policy and configuration management for Cisco Routers and Switches, F4 Layer 4-7 switches. Cisco Unity and Call Manager provisioning

·         VoIP deployments for over 450 remote sites

 

SRA International

November 2003 – July 2008

Network Engineer III

Responsible for development, implementation and execution of technical audit programs supporting the Army National Guard. Worked extensively with project managers, engineers, and technical staff.

 

NOSC Network Operation Security Center Tier III Shift Lead

·         Advanced IP troubleshooting, routing policy, and configuration management for all GuardNet XXI Cisco Routers and Switches, Foundry ServerIron switches, and Bluecoat web cache/proxies

·         Third level troubleshooting / resolution of customer tickets for GuardNet XXI (Army National Guard’s Wide Area Network), including the Army protected DNS

·         Network design, routing policy definition, network peering negotiation, network node site roll out, and acceptance testing

·         Create network diagrams to document changes that are applied through the network

·         Ensured compliance with Communications Tasking Orders (CTO) and Warning Orders (WARNORDS) issued by Continental United States Theater Network Operation Security Center (CONUS/TNOSC) and DISA

·         Provided daily Situation Reports (SITREP) to government command staff

 

STIG Security Technical Implementation Guide (Audit) Test/Penatration Manager

·         Security and Audit testing on the following: Windows Operating Systems (workstations and servers), HP Unix OS, Sun Solaris OS, Microsoft SQL database, Oracle database, Informix database, Microsoft Internet Information Server (IIS), and Applications

·         Perform penetration vulnerability testing

·         Assist application developers where vulnerabilities were found

·         Implemented a Test Lab environment for mitigation testing

 

Special Projects Security Engineer

·         Drafted, peer reviewed, and delivered two documents (Security Features Users Guide and Technical Features Manual) for the Army National Guard in support of GuardNet XXI WAN Defense Information Technology Security Certification and Accreditation Process (DITSCAP) effort

·         Acted as Special Projects Network/Security Engineer Lead

·         Designed and developed an Enterprise DMZ solution to support an approximate 5,000,000 user Wide Area Network (WAN)

·         The solution was designed to be Load-Balance, High-Availability, maintain state of TCP/IP sessions, firewall vendor neutral, and scalable to accommodate multiple firewall zones while in a high security environment

·         Trained operations personnel to manage the new networking design and concepts.

·         Created purchase requests and track the shipment and receipt of all equipment procured

 

Network Security Engineer Lead

·         Served as Deputy Project Manager for five subcontractors, working on the Active Directory Implementation Project

·         Tested and ensure the net worthiness of Microsoft Active Directory 2003 into a Large Scale WAN environment

·         Designed, tested and implemented Security Policies for Forest and Organizational Units within AD 2003

·         Software support services including requirements analysis, software design and development, and software maintenance

·         Wrote documentation for implementation of Security Policies

 

Tidak Network Security Inc.

February 2002 – August 2003

Security Engineer

·         Responsible for development, implementation and execution of technical audit programs supporting the Department of Defense, TRICARE, that ensured the overall Security posture of the network

·         Provided guidance with regards to the DISA Security Technical Implementation Guides

·         Generated vulnerability metrics to management to assist with policy and direction

·         Performed monthly auditing activities using current assessment technologies, e.g. PGD, Retina, Hyena

·         Ensured compliance with Communications Tasking Orders (CTO) and Warning Orders (WARNORDS) issued by JTF-GNO and DISA

·         Managed and maintained the Vulnerability Management System for the network as ISSM

·         Performed incident response through IPS & HIDS, Certification and Accreditation activities (including documentation, scanning, mitigation activities, and identification of false positives, and software risk reviews) 

·         Generated mitigation strategy report, false positives, and vulnerability assessment documentation through auditing of server\workstation GPO, vulnerability results and registry values

·         Performed monthly audits of administrator rights and dormant accounts in order to enforce compliance and mirror real world network posture

·         Monitored, audited, and reported as well as advised on systems to enhance or to increase the Security level of the environment and support the TMA mission.(e.g. Guardian Edge HD & RS Encryption for Data at Rest)

·         Deployed, configured, and maintained the McAfee Host Based Security System (HIDS) including policy generation, deployment testing, and auditing activities

·         Performed, maintained, and audited secure baselines on a cycle basis with IA tools such as Tripwire (Integrity Monitoring) and HBSS

·         Created and documented proactive processes to monitor and detect threats and trends in the environment

·         Compiled, Implemented and Managed IA Workforce Directive, DoD 8570.01 across the enterprise

 

REFERENCES: AVAILABLE UPON REQUEST