PROFESSIONAL SUMMARY:

• Accomplished IT Network Architect including over 20+ years of lead positions in various industries & enterprises.
• An IT Professional with 20 years of technical architect, design experiences, expertise in the areas of network, IT cyber - security architect, cloud architect and server virtualization.
• A visionary, proactive, task-oriented, and result-driven individual who can sense the proper course of action, determine the appropriate resources, and understand the complexities of today’s domestic and global market for outstanding IT services.
• A working manager reported to EVP/CIO/CTO/Directors throughout several organizations overseeing network, security, and server teams to ensure the continuity, quality of service, and customers satisfactory.
• Oversee daily operations, development, implementation of the services, infrastructure improvement initiatives.
• Supported organizations with technology definition, management policies, personnel, solution architecture design.
• A dedicated leading Engineer with broad technical knowledge and proven records troubleshooting skills, particularly in the topics of infrastructure design and implementation, WANs and LANs networking, information security, Cisco routers configuration, Storage Area Network and Data Replication using Fiber Channel over IP & iSCSI
• Accomplished IT Professional with outstanding technical abilities at Network Infrastructure & Service Provider, Information Security, excellent troubleshooting skills, and great ability to learn and excel.
• Designed and Implemented NSX in Multi-Regional Data Center, micro segmentation, Load balancing
• Setup VMWare NSX Distributed Firewall (DFW) for Micro Segmentation and Distributed Load Balancing
• Designed, tested and produced document with specific focus on underlay network installations and services based on Cisco ACI designs and NSX Design Guide levering VXLAN underlay/overlay network
• Provided technical support to both staff and customers who are working to implement VMware NSX platform
• Troubleshoot and engage with NSX Engineering on customer reported issues, identifying viable workarounds.
• Hands on experience with VMware ESX Server or VMware products
• Proven experience and deep knowledge of the networking technologies and vendors such as VMware VDS, Cisco, F5, Riverbed, Force10, Brocade, Arista, Infoblox, Palo Alto Networks
• Experience with network components such as, ASR routers, switches, firewalls, ASA, etc.
• Virtual networking components VSG, Nexus1000V, BGP & OSPF,EIGRP protocol, Cisco UCS and storage
• Experience in deploying complex Storage Area Networks, including Fibre-channel over Ethernet based & iSCSI
• Migrating from physical servers to virtual using VMware (P2V tools) and Cisco UCS with storage systems (NAS, SAN) including Nimble Storage, EMC and VBlock.
• SDN and SD-WAN services, and Cloud converge systems in data center. data centers Network virtualization in Data Center and IAAS, PAAS, SAAS architecture in public clouds (AWS, Azure, Google GCP, IBM-Softlayer)
• Bluecoat Proxy, Symantec DLP, CASB, Web application firewalls, Qualsys vulnerability scanning & remediation
• SIEM (ArcSight, IBM QRadar, Splunk) log correlation and event alerting systems, IT Infrastructure Monitoring
• Experience in IVR Call Flow, telephony and Speech Recognition experience
• Ability to design contact-flows from requirement documentation and workshops
• Expert knowledge of 1 or more IVR development environment such as Cisco Contact Center and Unity IVR, Avaya AOD, Amazon Connect IVR
• Working knowledge of IVR Environments and Operating Systems
• Working knowledge of telephony technologies including call routing, SMS, VOIP
• Understanding of APIs and web services leveraging REST, JSON, XML, YAML
• 20 years’ experience with large enterprise networking, diverse security infrastructure and in-depth knowledge of current network Cisco ISR/ASR routers
• Extensive knowledge with standards of external auditors (E&Y, PriceWaterhouseCooper, OCC, Deloitte, Confidential ) for Sarbanes-Oxley Section 404 compliance. Internal controls under the COSO/COBIT framework using inquiry/observation tests, substantive & compliance testing and compliance testing computed assisted audit techniques.
• Extensive knowledge of IT security governance framework such as ISO1779/BS779, CISSP, SANS Institute.
• Infrastructure security firewalls including Checkpoint, Palo Alto, Juniper, Fortinet, Cisco ASA/Firepower firewalls
• IPS/IDS solutions including Checkpoint, Palo Alto, Juniper, Fortinet, Cisco SourceFire/Firepower, Tipping Point
• Network Access Control solutions including Fortinet/Bradford NAC, Netscout, Cisco ISE/Prime wireless controller
• Identity Management solutions including Cisco ISE Identity management and Aruba ClearPass
• Web Filtering solution including ZScaler, BlueCoat Proxy SG, and WebSense
• Web Application Firewall solutions including F5-ASM WAF and Imperva
• SIEM solutions including Splunk, Q-Radar/Juniper STRM, Arcsight, AlienVault, FireEye Helix
• FireEye HX, PX, NX, EX and Helix SIEM
• Netscalar and F5 Application Delivery Controllers
• ASA, Juniper SRX and Palo Alto Firewalls/Intrusion Detection Systems
• Web Application Firewalls including F5, Imperva, Symantec WAF
• VMWare ESXi and NSX working knowledge
• Data Center Infrastructure design, implementation, migration, relocation, business continuity & disaster recovery
• Software Defined Network solutions including Cisco ACI/APIC, Arista and SilverPeak SD-WAN
• Data Center Infrastructure including Cisco Nexus 7K & 9K, Catalyst 6800 Core Switches & UCS server platform
• Design & implemented Juniper Netscreen and similar successor firewalls (Palo Alto and Fortinet)
• Cisco ASA 5580 and ASA-X next generation firewalls, NAC, SourceFire Intrusion Detection/Prevention System.
• Layer 3 MPLS-IP-VPN, VPRN, VRF, Layer 2 MPLS/VPLS.
• Voice over IP / Voice Gateways and Gatekeepers, Proxy, SIP, MGCP, SCCP and QoS.
• Internet Service Provider IP-Backbone with BGP and OSPF.
• Cisco Catalyst 2k,3k, 4k,6500, Nexus 2000, 5500, 6000, 7000, 9000 class switches.
• Cisco 1200, 2600, 2700, 3700, 3800 series Wireless Access Points and Cisco 5500, 5700, 8500 Wireless LAN Controllers TCP/IP, SSL, LACP, LLDP/CDP, EIGRP, OSPF, BGP, MPLS, HSRP, GLBP, SNMP, STP, VPC, VSS, VDC, MSDP, PIM, IGMP, RTP, SIP, H.323, LWAPP, RADIUS, TACACS+, Fiber Channel, FcoE, iSCSI, 802.11abg, 802.11n, 802.11ac, XML, DNS, DHCP
• Customer's last mile reach including DSL DSLAMs/PPPoE, VPLS peers, MetroEthernet inner/outer VLAN tagging 8100TT/9100TT) over SONET OCx, TDM or dry copper pair.
• Business continuity & disaster recovery sites data replication using EMC Storage Area Network disk subsystems & Fiber Channel over IP using Cisco MDS-9216/IPS Director Class & Brocades Fiber Channel Switches.
• Successfully designed and built several Service Provider Class Networks and implemented security using Checkpoint and PIX Firewalls, Radius/TACACS+ server, Confidential on Cisco Routers, IDS/IDP.
• Extensive experience with F5 Big IP Load Balancer, Juniper, Juniper SSL-VPN, Cisco ASA 55xx SSL-VPN.
• Extensive firewall experience with Cisco ASA 5550, PIX 515, Netscreen SSG, Nokia IP-530/Checkpoint NG FW-1.
• Cisco routers, IP, X.25, various routing protocols for each including MPLS, IS-IS, OSPF, RIPV2, EIGRP, and BGP.
• LAN MultiLayer Switching, ISL, 802.1q, Spanning Tree, WANs, Frame Relay, DSx, Packet over SONET, Satellite Communication, and WIFI.

TECHNICAL SUMMARY:

• Palo Alto Firewalls and Panorama Centralized Security Manager and Orchestration
• Juniper Netscreen firewalls - ISG2000, NS-500, SSL-VPN IVE-SA5000/ Intrusion Protection- IDP500
• Juniper SRX/SSG firewalls, Palo Alto, Fortinet, Cisco ASA/ASA-X, and Checkpoint.
• Cisco Nexus and Cisco UCS Data Center Infrastructure and unified fiber channel fabric.
• Alcatel Service Routers (SR7750), Cisco GSRs, Brocade/Foundry XMR, FESX, Adtran TA5000, NetVanta TA908e
• Web Load Balancers: Juniper DX3650, Cisco CSS/ACE, F5 Big IP SSL Accelerator & 3DNS, Alteon, Radware
• SAN-Storage Area Network, EMC VNX/Clarion, Symmetrix, LSI-Logic, StorageTek D-178, 9176, QLogic HBA
• Fiber Channel Network and Switches - Brocade 2800, 3800. Cisco MDS-9216 Director Class FCIP/IPSM 5428
• Cisco ASA5550/PIX 515,535, VPN 3030, NAC-CAM, CAS, Nokia IP530 FW, CheckPoint FW-1/VPN NG
• Cisco Wireless Access Points IEEE802.11abg WEP Encryption, WPA-Enterprise and LEAP Authentication, Cisco 1400 IEEE802.11a wireless Bridge, VPN/IPSEC over Wireless
• Cisco AVVID Voice Over IP, Call Manager, IP Telephony, TDM, Voice Gateways, Soft Switches and Soft Phones
• Nortel Meridian and Norstar PBX, fax servers, Cisco Call Manager versions 3.3 to 10.5
• Cisco GSR 12416 SONET Backbone routers, 2821XM, 3740, 7206VXR, 6400, Catalyst 6513/MSFC2/SUP Gig, Catalyst 2960, 3560, 3750, 3850, 6500, 6800
• Juniper M Series Routers, Redback SMS, Fore/Marconi ATM, Sun Enterprise 250
• Compaq Proliant DL380 G1/G2, DL360, 1850, Compaq SCSI Array RAID Controller
• Dell PowerEdge 1650, 1750, 2650, 6650, PowerVault NAS, Tape Library
• HP NAS-Network Attached Storage, Dell PowerVault, StorageTek L-40 and 9730 Tape Library
• LANs and WANs (Routers, Bridges, Switches, Wireless, SONET, T3/T1, CSU/DSU, ISDN-NT-1, TA, etc.)
• Hughes Network System Satellite Products (DirecPC, DTE/DCE, HSSI, X.21etc).
• Palo Alto PANOS, Fortinet, Juniper SRX, Netscreen OS, Powershell Scripting, Python
• Microsoft Azure, Amazon AWS, Google GCP (Cloud Platform) Kubernetes, Docker, OpenStack, Ansible
• Cisco IOS, Juniper ScreenOS, JUNOS, Redback AOS, Marconi ForeOS, OPNET Service Provider
• Cisco Internetworking Operating System, Cisco Secure IDS/TACACS /Radius, Steel Belted RADIUS
• EMC Navisphere, Oncourse, SAN Copy, Snapview
• StorageTek SANTricity, Snapshot, Falcon Store Data Replication
• Confidential BackupExec, Storage/Volume Replicator, Legato Networker, Brightstore ArcServ
• Sun Enterprise 250 Solaris UNIX Servers, Red Hat Linux 9.0, Fedora, N-Cube Servers, Free-BSD, Net-BSD
• Windows 2000/2003 Server and Vista Workstations, Active Directory, MS Clustering Services, Novell Netware
• SQL Server 2000, IIS, Proxy, MS Exchange 2000/2003, Oracle, My SQL
• Intrusion Detection Services and Internet Security Systems, CheckPoint Firewall NG, Gauntlet Firewall
• Cisco Works 2000, HP Open View, What’s up Gold, Lucent Vital Net 8, Argent Guardian, SNMP
• Microsoft Project 2003, Office 2007/2003/XP, Visio 2003, NetViz

PROFESSIONAL EXPERIENCE:

Confidential, Miami, Florida

Senior Network and Security Solutions Architect

Responsibilities:

• Expanded remote VPN capacities for users to work at home due to the COVAID-19 Corona virus pandemic
• Contributor of IT infrastructure architecture and standards development
• Design, plan, document, and support the configuration of logical and physical system layouts
• Provide direction for the installation and configuration as needed to support business requirements
• Perform analysis and develop solutions based on established service agreements for capacity planning, performance tuning, and participate in the development of system solution standards
• Develop detailed design, installation and configuration documentation for enterprise system
• Ensure in solutions and deployments, the security of our enterprise infrastructure & compliance with all applicable security standards (PCI, PII, HIPAA etc.)
• Oversee projects that expand, change, or improve the systems and related infrastructure
• Provide assistance, reviewing performance, capacity requests as well as design solution resolution
• Collaborate with the Brand service delivery leaders to ensure an understanding of business cases and to ensure that the appropriate solution is selected that meets the business need
• Develop solutions with a focus on reduce operating costs or increasing guest and crew experience
• Provide Capital Expenditure Request level hardware, software, license & labor estimate detail for projects
• Contribute as necessary in a hands-on manner with the implementation of solutions in support of projects
• Act as the highest level of engineering escalation for issues encountered
• Worked with other infrastructure teams for new systems designed and engineered
• Provide system support and troubleshooting expertise as needed for designed solutions

Confidential, Lousianna & Texas

Enterprise Security Solutions Architect, (Contractor)

Responsibilities:

• Assisting with design & implementation of a robust information security architecture to ensure security of all Corporate IT, Operational Technology (OT), and Internet of Things (IoT) enabled systems at Confidential .
• Implement security solutions to protect the enterprise and maintain compliance with all regulatory requirements.
• Deliver on continuous improvement of the company’s security posture to ensure the security of data and critical systems and will provide Subject Matter Expertise (SME) over security architecture, and policies and procedures as it pertains to security across multiple platforms & technologies.
• Assist with the design and implementation of an overall information security architecture strategy that supports the organization's objectives
• Design and deliver process excellence on delivering world-class IT security architecture for corporate and operational technology needs, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
• Comply with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
• Participate in the design and implementation of information security architecture strategy and technology roadmap to ensure the best balance of security, efficiency, effectiveness, and scalability while protecting against internal/external threats across all platforms
• Work closely with other team members to establish current and future state IT and OT security architectures across multiple technologies and ensure that the solutions are engineered in accordance with these architectures
• Assist with efforts that tailor the company's security architecture and standards for use in cloud environments
• Design and implement security controls for Advanced Metering Infrastructure (AMI) and (Bulk Electric System) BES communications networks
• Participate in continuous improvement efforts to in corporate security requirements & testing in delivery lifecycle
• Act as a technical resource for the enterprise
• Assist with technical engagements with audit, regulators, clients, and third parties, when required
• Lead the design, planning and implementation of the F5 appliances utilizing best practices of F5 technology along with other aspects of client security
• Architect, engineer and configure the F5 Reverse proxy and Load Balancer modules
• Develop iRules and apply rules within the F5 appliances
• Subject matter expert regarding the capabilities of F5 and related technologies
• Document operational policies and procedures based on established client requirements and security controls, industry-standard practices and vendor recommendations

Confidential, Broward County, Florida

Security Architect, Senior Network Architect

Responsibilities:

• Palo Alto Firewall Engineer for an enterprise customer in Broward County for tuning the Palo Alto firewall to different external applications within the environment.
• Using Confidential Terraform for orchestration script based deployments to Amazon AWS and virtual Palo Alto FW
• Responsibility for researching and identify rules required to integrate the firewall with the third party applications.
• Work with a team of security engineers to document, tune and test the firewalls within each integration.
• Integratration of the following application with virtual Palo Alto firewalls deployed in the Amazon AWS cloud Mulesoft, Informatica, Axway, JBOSS, Oracle Data Manager - ODM, PWC, PWX, DataPower, Engine X

Confidential, Tampa, Florida and Texas

Network Security Architect, Senior Network Engineer

Responsibilities:

• On premises Data Center Infrastructure migration to collocation Data Center and disaster recovery site.
• Infrastructure security firewalls including Checkpoint, Palo Alto, Juniper, Cisco ASA/Firepower firewalls
• IPS/IDS solutions including Palo Alto, Cisco SourceFire/Firepower, FireEye, Symantec Host based IPS
• Network Access Control solutions including Netscout, Cisco ISE/Prime wireless controller
• Identity Management solutions including Cisco ISE Identity management
• Web Filtering solution including BlueCoat Proxy SG, FireEye appliances
• Web Application Firewall solutions including F5-ASM/WAF
• SIEM solutions including Splunk, Q-Radar, Arcsight, AlienVault, FireEye Helix
• Tufin, Cisco FMC, and Palo Alto Panorama Centralized Firewall Management Solution
• FireEye HX, PX, NX, EX and Helix SIEM
• Software Defined Network solutions including Cisco ACI/APIC, Nexus 9K in ACI mode
• Cisco ASA 5580 and ASA-X next generation firewalls, NAC, SourceFire Intrusion Detection/Prevention System.
• Palo Alto firewall VPN architecture and migration from Checkpoint VPN-1 to Palo Alto

Confidential

Network Security Architect, Senior Network Engineer

Responsibilities:

• Support for security requirements of local, regional, and global network managers in ensuring business units & the company as a whole receive world-class network connectivity that is as secure as possible according to requirements & best practices.
• Infrastructure security firewalls including Checkpoint, Palo Alto, Juniper, Fortinet, Cisco ASA/Firepower firewalls
• IPS/IDS solutions including Checkpoint, Palo Alto, Juniper, Fortinet, Cisco SourceFire/Firepower, Tipping Point
• Network Access Control solutions including Fortinet/Bradford NAC, Netscout, Cisco ISE/Prime wireless controller
• Identity Management solutions including Cisco ISE Identity management and Aruba ClearPass
• Web Filtering solution including ZScaler, BlueCoat Proxy SG, and WebSense
• Web Application Firewall solutions including F5-ASM WAF and Imperva
• SIEM solutions including Splunk, Q-Radar/Juniper STRM, Arcsight, AlienVault, FireEye Helix
• FireEye HX, PX, NX, EX and Helix SIEM
• Software Defined Network solutions including Cisco ACI/APIC, Arista and SilverPeak SD-WAN
• Data Center Infrastructure including Cisco Nexus 7K & 9K, Catalyst 6800 Core Switches & UCS server platform
• Design & implemented Juniper Netscreen and similar successor firewalls (Palo Alto and Fortinet)
• Cisco ASA 5580 and ASA-X next generation firewalls, NAC, SourceFire Intrusion Detection/Prevention System.
• Analysis and design of local (Data Center or branch office), regional, and global network architectures, resulting in consistent, reliable, secure, and, where appropriate, resilient communications for the organization.
• Interaction with internal business units and technical groups globally as well as vendors and clients outside the company, partners and competitors, as well as companies outside the industry
• Provide strategic direction (consultatively) of security products and technologies. Design and ensure lifecycle of network security products and connectivity inside and outside of the organization. Configure and maintain security products and any other network software or appliances according to current (or developed) procedures, standards, and methodologies practiced, logically (initial configurations or ongoing configuration changes) or physically (cabling, interface cards/optics, racking) or anything related that deem necessary.
• Interact with customers - Direct interaction is required with customers in supporting requirements & business processes. Provide excellent customer service, enabling the customers to do business quickly & efficiently using network technologies.
• Support local, regional, & global projects - Use best practices & tools in project management so as to efficiently deploy network security products, technologies, & architectures using appropriate resource & time management
• Achieve, maintain & constantly advance the capacity of being the subject matter expert (SME) in network security products, technologies, architectures, & methodologies - Maintain & constantly advance expertise through research,, accreditation, & hands-on activities. Provide knowledge transfer activities to ensure the global network team is well prepared to carry out the operational security functions. Company benefits from a high-level of internal technical expertise
• Architect to requirements - Lead & assist the design architecture, process, standard or methodology in network security.
• Investigate emerging technologies for viability - Engage with other companies, vendors, trade shows, conferences for analysis of technologies, methodologies, architectures that are interesting to network security operations' current & future needs..
• Provide analysis & recommendations/roadmaps to global teams, acting in an advisory role for local, regional, & global network security strategic & support functions in the performance of operational & strategic operations.
• Lead the development & enforcement of programs, procedures & standards for all network security engineering & analysis activities.
• Lead other network analysts & engineers in creating, enforcing & promoting best practices & enforcement models for how & when engineering or analysis of network security technologies are done.
• Architecting & supporting large, complex LAN/WANs and firewall/VPN infrastructures with application quality, resilience, redundancy, security, and scalability as the tenets of the process.
• Architecting & supporting global, complex IP Telephony & videoconferencing architectures unified communication
• Troubleshooting & benchmarking network security issues using multiple diagnostic & monitoring tools to analyze traffic & provide capacity planning & trouble remediation.
• Evaluating, recommending, & developing standards in diagnostic in using network security applications
• Designing global standards, processes & procedures for network security operations to follow
• Presenting security & technology roadmaps to managers & network engineers/Architects
• Researching & applying new technologies to design new solutions, optimize costs, & improve network security
• Provides network security architecture design, installation, support, monitoring, maintenance documentation for the global data/voice/video network. Drives & participates in security projects regional & global network teams.
• Plan, research, and design robust security architectures based on current best practices & industry frameworks.
• Prepare standard SOP procedures & protocols of network security products & architectures, cloud & on-premise
• Develop technical solutions & security tools to help mitigate security vulnerabilities & automate repeatable tasks
• Lead & assist in cross-functional projects.
• Write reports including assessment-based findings, outcomes & propositions for further security enhancement
• Participate in application & infrastructure projects to provide security planning & guidance
• This position will be responsible for understanding cross-company business needs & designing solutions that meet business requirements while maintaining confidentiality, integrity & availability of information & systems
• Create Security Architecture Specifications for multiple Information Security Domains including but not limited to; Governance, Cloud, Wireless, Collaboration
• Collaborate with network team & other IT teams to develop recommendations concerning network security.
• Participate in design, operation & maintenance of global network, connectivity between all locations; contact vendors to establish connectivity; deploy & configure routers, switches, and security firewalls.
• Lead & assist in cross-functional projects.
• Monitor latency, bandwidth utilization, and the general condition of the WAN.
• Drive third level fault isolation & troubleshooting on network supported systems.
• Participate in developing network hardware & software configuration standards.
• Collaborate with the network team to develop recommendations concerning equipment life cycle & replacement.
• Understand & adhere to company policies & procedures on a daily basis.
• Create & maintain detailed network documentation & procedures.
• Interface with technicians & vendors on a global basis.

Confidential

Network Infrastructure Architect & Voice Engineer/Consultant

Responsibilities:

• Designed and Implemented NSX in Multi-Regional Data Center, micro segmentation, Load balancing
• Designed, tested and produced document with specific focus on underlay network installations and services based on Cisco ACI designs and NSX Design Guide levering VXLAN underlay/overlay network
• Provided technical support to both staff and customers who are working to implement VMware NSX platform
• Troubleshoot and engage with NSX Engineering on customer reported issues, identifying viable workarounds.
• Hands on experience with VMware ESX Server or VMware products
• Proven experience and deep knowledge of the networking technologies and vendors such as VMware VDS, Cisco, F5, Riverbed, Force10, Brocade, A10 Networks, Arista, Infoblox, Palo Alto Networks
• Experience with network components such as, ASR routers, switches, firewalls, ASA, etc.
• Virtual networking components VSG, Nexus1000V, BGP & OSPF,EIGRP protocol, Cisco UCS and storage
• Experience in deploying complex Storage Area Networks, including Fibre-channel over Ethernet based & iSCSI
• Migrating from physical servers to virtual using VMware (P2V tools) and Cisco UCS with storage systems (NAS, SAN) including Nimble Storage, EMC and VBlock.
• SDN and SD-WAN services, and Cloud converge systems in data center. data centers Network virtualization in Data Center and IAAS, PAAS, SAAS architecture in public clouds (AWS, Azure, IBM-Softlayer, Equinox connect)
• Deployed cloud providers (AWS/Azure, etc.) interconnectivity via Equinox cloud to AWS, express route to Azure.
• Security design data center cloud connects co-location public facing perimeter cloud security virtualized firewalls.
• Configure checkpoint, Fortigate firewall to authenticate users based on user identity, user group, session and PC-User Authentication.
• Implementation of VMware NSX kernel level distributed firewall architecture and Checkpoint vSec for NSX POC
• Setup Overlay/Underlay Software Defined Networks (SDN) utilizing VXLAN/VTEP protocols
• Technical owner in project for NSX design in a multi-regional data center deploying six NSX/Dell chassis
• Cisco Nexus 9K Spin&Leaf Architecture using NX-ACI with ACI/APIC Software Define Network Orchestration
• Implemented virtual firewalls for public cloud (AWS, Azure) security including Checkpoint/F5 Application Manager
• POC evaluation of various WAF (Web Application Firewall) products including Impervia, F5-WAF, and Baracuda.
• Hands-on experience with Cisco ISE, Aruba Clear Pass Enterprise Identity Management and Profiler products.
• Designed seamless redundant data center disaster recover failover utilizing VXLAN, VMware NXM, Nexus/ACI
• Operations management & configuration of Juniper Netscreen firewalls & Pulse Secure SSLVPN devices. Also in the process working on a Palo Alto firewalls proof of concept and equipment refresh/replacement plan.
• Designed reserve proxy re-rewrite of internal resources utilizing Pulse Secure SSLVPN & firmware upgrades.
• Provided the CIO & Directors with strategies on how to stabilize the Infrastructure and also cost savings tactics.
• Migrated MPLS network from traditional TDM circuits to Ethernet handoff to cut 30% ($30K MRC) in cost savings.
• Oversees Cisco Voice Infrastructure - CUCM (Call Manager), Unity Voicemail, Contact Center, CUBE Gateways.
• Managed over 1500 Cisco VOIP Domestic and International desk phones and Cisco Jabber softphone clients.
• Re-deploy robust Tandberg VCS/MCU video conferencing Infrastructure & migration to virtual Expressway C&E.
• Migrating existing sites from traditional PRI & analog PBXs to packet voice VOIP technology for cost savings.
• Redesigned backup solutions for Ubiquiti Touchswitch, AirFiber AirGrib outdoor wireless infrastructure.
• Data Center core switch migration from Cisco Catalyst to Nexus 7009 data center switch to prepare for UCS.
• Redesigning legacy site-to-site IPSEC VPN Infrastructure to Cisco ISR 4000 robust iWAN+DMVPN solution.
• Cisco Wireless Controllers for centralized lightweight WAP in the process of deploying Cisco Prime WCS
• Re-building a functional disaster recovery site with semi-real time EMC SAN storage replication and backup.
• Designed and turned-up multiple domestic & International MPLS spoke locations with both packet voice payload
• Deployment of Cisco 810/819 series of 4G/LTE routers and 4G/LTE WIC cards for roaming and portability.

Confidential

Senior Network & Security Engineer/Senior Unified Communications Engineer - Voice Lead

Responsibilities:

• Data center and building Infrastructure relocation including Network, Security and Voice devices.
• Implemented Fortinet Security, Fortinet Analyzer, Fortinet Email Security, Fortinet Forti Token, Fortinet UTM
• Prepare and document SOP of network security products and architectures for both public cloud and on-premise
• Security design for AWS and Azure public cloud providers.
• Global traffic management utilizing Akamai and DDOS DNS protection
• Evaluated/POC Fortinet firewall products and Splunk SIEM for security correlation.
• Developed security architecture specifications for vairous Security Domains for governance and cloud security
• Deployed Cisco DMVPN for branch sites redundancy to various global firewalls
• Initial network design for a new building construction plus a new data center with the deployment of core switches (Cisco 6807), C4510 and C3750/3850 access layer switches.
• Co-design, implement, ongoing management and troubleshooting of Cisco Unified Communications Systems, including CUCM V10.5, Cisco Packaged Contact Center Enterprise (Call Center)m Finesse, Exchange Messaging and troubleshooting of Cisco voice gateways/CUBE media gateways, IP phones, design, implement, maintain and support centralized telecommunications infrastructure.
• Co- Built out Cisco Packaged Contact Center ESXi VMware Infrastructure with Cisco UCS C240 &C260 servers.
• Maintain knowledge of Cisco CUCM (Unified Call Manager), PCCE, and network enhancements through both personal and company-sponsored continual including courses, seminars, conferences, professional publications.
• Migration/cutover Nortel/Avaya CS1000/Option 81c to CUCM
• Migration/cutover Nortel Symposium ACD to Packaged Contact Center Enterprise & Finesse.
• Plan, Design & implement UC Cisco Packaged Contact Center Enterprise for 250 call center agents.
• Support and administer CUCM Cluster,PCCE, Global Network Infrastructure for 28+ international sites in Europe, South America, Australia, and Asia/Pacific.
• Implemented SIP for registration of Cisco voice gateways at collocation data centers with a centralized Cisco CUCM clusters at the corporate location including SIP fallback for business continuity & DR.
• Configuration installation Voice Interfaces T1 (PRI,CAS,FXS,FXO) VG224 fax gateways, analog/modems to VOIP.
• Implemented Akkadian labs operator console and auto attendance IVR system.
• Implemented centralized voice recording systems using Zoom International CallRec system.
• Support & administer Microsoft Lync 2013 (Skype for Business) Enterprise Voice Unified Communications Clusters

Confidential

Senior Network Architect

Responsibilities:

• Co-Designed the Cisco ASA firewall architecture to support the Enterprise users.
• Published POC and deployment plan for Confidential Cisco TACACS+/RADIUS HA cluster for centralized authentication.
• Designed and published deployment plan for Carrier Class Voice over IP & TDM Voice (PRI/CAS) mux/aggregation to SIP trunks using Cisco AS5400 Universal Voice Gateways with Adtran Total Access 9xx IADs.
• Designed and implemented multiple class of services QoS, H-QoS, network QoS utilizing PHB Diffserv/DSCP, CoS/PCP priority bits, and MPLS-LSP-EXP bits utilizing Alcatel SR7750's QoS/H-QoS features.
• Published POC for Voice over IP/Voice Gateways/IADs and SIP Trunking.
• Designed and published deployment plan for layer 3 MPLS-IP-VPN, VPRN/VRF IP Core Backbone.
• Architecture for Carrier Class Voice over IP/Voice Gateways/IADs and SIP Trunking. Designed and published deployment plan for Carrier Class Voice over IP and TDM Voice (PRI/CAS) muxing/aggregation to SIP trunks utilzing Cisco AS5400 Universal Voice Gateways along with Adtran Total Access IADs.
• Designed and published deployment plan for Channelized OC12 MUX to TDM (DS3/DS1) and migration of all existing DS1/T1s from Cisco GSR 12008/12416 to Alcatel SR7750-CHOC12 IOM/MDAs.
• Designed and published migration plans for Internet Service Provider IP-Backbone with BGP and OSPF utilizing a combination of Alcatel SR7750 Service Routers, Cisco GSR 12008/12416 and Brocade/Foundry Switches,
• Logical network provisioning job write up for customer's last mile reach utilizing VPLS peers, Metro Ethernet inner/outer VLAN tagging (8100TT/9100TT) over SONET OCx, TDM, or Ethernet over dry copper pairs utilizing Overture Networks HN 6100/4000/408 and HN508 for Ethernet over T1 bonding.
• Layer 2 MPLS/VPLS for Metro Ethernet EVCs aggregation using Alcatel, Brocade/Foundry XMR, Adtran TA5000, Hatteras/Overture Networks 6100/408/508.

Confidential

Network & Voice Infrastructure Manager, Senior Security Network Engineer

Responsibilities:

• Designed and implemented Fortinet NAC (Formerly Bradford NAC solution) throughout the campus
• Managed a team of Junior/Senior Network and Voice Engineers within the Network/Security & Infrastructure team
• Plan, research, design robust security architectures based on security best practices & industry frameworks.
• Work with external auditors on HIPAA/PCI and other regulatory compliance and findings remediation.
• Deployed Arcsight security SIEM for log consolidation and correlation.
• Conducted POC of various DLP products including Vontu, Symantec DLP Cloud-SOC
• Responsible for the Juniper IDP 500 Intrusion Protection Services
• Managed projects for Network Access Control (NAC) deployment to perform network port security
• Implemented centralized management of 20+ firewalls using Netscreen Security Manager (NSM)
• Project lead for the planning of Unified Treat Management (UTM) system using SSG-Firewalls for physicians
• Lead architect for 100+ LAN-to-LAN IPSEC VPN tunnel implementations with various Enterprise vendors
• Project lead for Cisco SSL-VPN and AnyConnect implementation
• Lead support of the Cisco ASA 5550 /PIX535 Firewalls, Juniper Netscreen ISG-2000, NS500, SA-5000 SSLVPN
• Deployment of RSA-ACE, administration and troubleshooting token related issues
• Contributed to Microsoft Active Directory and LDAP structure security and management
• Architect and project lead for the migration of the VPN Endpoints to an IPS environment
• Architect and project lead for Juniper SSL-VPN cleanup and migration to latest version of firmware.
• Operation support of the Juniper SSL-VPN, Netsceen 500 VPN, Juniper SA-6000 SSLVPN
• Responsible for the TON (Top of the Net) Firewalls and backup for the Internet Peering Routers
• Conducted TON Firewall Internet Peering migration and assisted with BGP cutover
• Operation support of F5 Big IP Load Balancer, Juniper DX3650 Load Balancer
• Contributed to the MPLS/VRF design and implementation for the Research Institution Physicians segregation
• Initial planning for data center design to utilize Cisco latest Nexus 7000, 5000, and 2000 series switches.
• Managed projects involving the migration of TDM-PBX to VOIP systems.
• Managed projects involving network and voice infrastructure deployment for new constructions and remote sites.
• Performed upgrades of Solarwinds and What’s UP Gold network management tools
• Assisted with the implementation and troubleshooting of Cisco Voice over IP and SRST gateways
• Architecture design and planning of MPLS core backbone utilizing VRFs for network virtualization
• Worked on the initial design for DHCP services migration.
• Worked on Network infrastructure refresh and migration to routed access for faster voice convergence.
• Implementation of Cisco Catalyst 65xx, 45xx-E, 3750, 4948 and all various Cisco routers 3845, 7206VXR
• Designed and setup HA redundancy for the PACS imaging network for reliable video streaming.
• Worked on project plan for ISP eBGP Peering migration from one vendor to another
• Contributed to the deployment of the VoIP project and assisted with VOIP QoS planning
• Deployed a major CISCO IOS upgrade to multiple core and distribution routers and switches

Confidential

AVP, IT Audit Manager

Responsibilities:

• Regulatory compliance self-, Risk Management, Audit Remediation Management, Risk Analysis.
• Extensive knowledge of IT security governance framework such as ISO 1779/BS779 and SANS Institute CISSP
• Extensive hands-on experience in Sarbanes-Oxley Section 404 compliance and operating effectiveness.
• Evaluate the bank’s system of internal controls under the COSO/COBIT framework using inquiry/observation tests, substantive and compliance testing and compliance testing and computed assisted audit techniques.
• Performed required audit procedures for the assigned operational, financial and compliance audits within the established time budget for each audit.
• Plan, research, and design robust security architectures based on current best practices and industry frameworks.
• Interacted with all levels of IT management & staff to identify the existing internal controls in areas under review.
• Produced comprehensive reports including assessment-based findings, outcomes propositions for security enhancement.
• Conducted special investigations on potential regulatory violations.
• Participate in application and infrastructure projects to provide security planning and guidance
• Setup BindView modules for Active Directory, SQL Server, Oracle, Unix in order to meet security compliance
• Conducted a router & switch config consultation to provide recommendation for monitoring securing devices
• Served as an IT consultant for the process owners to provide recommendations for infrastructure improvements
• Maintaining confidentiality, integrity and availability of information and systems
• Provided consultation for the improvement of the Enterprise Infrastructure pertaining to both LAN and WAN
• Provided consultation for computer operations, active directory schema, network architecture
• Deployment consultation and security assessments of Oracle ERP (Enterprise Resource Planning) system

Confidential, Jacksonville, Florida

Infrastructure Manager / Lead Infrastructure Engineer

Responsibilities:

• Created a set of practices, polices, and control recommendations essential for effective business protection.
• Conducted onsite audits with Confidential to meet federal regulations and obtain ecommerce security .
• Worked directly with various external large auditing firms for regulatory compliance
• Implemented real-time incident response and intrusion detection system.
• Designed and implemented Disaster Recover and Business Continuity Plan
• Designed, implemented, tested, improved disaster recovery procedures and system designs for 24/7 operation.
• Built a remote Hot Site data center from ground up utilizing FC over IP for semi-real time replication of the SAN.
• Developed strategies that will increase reliability, availability, and 24/7 uptime monitoring.
• Set up redundant high-availability firewalls and VPN concentrators
• Developed a security infrastructure design with firewalls (Cisco PIX 515 and Checkpoint NG cluster firewalls)
• Implemented real-time incident response IDS (Cisco WS-X6381-IDS, Cisco Secure, SNORT)
• Setup VPN Infrastructure using Cisco VPN Concentrators 3030, 3003 and Nokia CheckPoint NG VPN-1
• Manage Active Directory and IT Security infrastructure
• Network Infrastructure Design and Cisco Router and Switch Implementation with high availability and redundancy
• Implemented Storage Area Network and high-availability redundant clustering system using EMC and StorageTek
• Manage Storage Area Network and Designed Redundant Fiber Channel Topology using Cisco MDS-9216/IPSM
• Worked on Storage Area Network using Brocade Silkworm switches for HBA connectivity.
• Manage Network Systems, Data Centers monitoring using HPOV, What’s UP Gold, Cisco Works 2000
• Forecast and manage capacity of systems and services