Summary

VPN Encryption cards, line cards, Checkpoint Nokia IP 440, Checkpoint Splat, GAIA, Cisco IDS, Juniper Big Iron, Foundry, Alcatel switches, Alcatel enterprise Routers, Lucent Brick firewalls, Network General sniffers, Netscout Probes, Palo - Alto, Radware, SonicWall, HP A-E series Switches, Fortinate, ArcSightSoftware/Languages:

IIS 5.0, Norton Antivirus 2000, HP Open View, Cisco Works, IT Opnet modeler, Visio 2003, Office 2007, Cisco IOS, LogLogic, Orion Solarwinds, MazuNetworking:

LAN/WAN, TCP/IP, IPX/SPX, WINS, DNS, FTP, VLAN's, VPN, RIP, RIP V2, IGRP, OSPF, ISDN, FRAME RELAY, BGP, Ethernet, OSI model, Cisco Architecture, Cisco IOS, CAT OS, EIGRP, BGP, MPLS, ACL, Subnets, LAN/WAN installation/configuration troubleshooting,VTP, T1, DS3, Frame-relay, Wireless, VPN LAN-to-LAN and Remote Access, IPSEC, SAN NAS, SNMP, DHCP, SSH, Proxy CE, WinGate, AnalogX, Anti-virus, Performance tuning, and Active Directory

Professional Experience

Confidenital

Senior Security Architect

• Responsible for the day to day security best practices for the United airlines security infrastructure
• Responsible for the management, architecture, deployment of over 100 checkpoints VSX firewalls.
• Assisted in the security design efforts of the new Data center in regards to the firewall deployment that utilizes over 30 virtual VSX clusters built on 12000 series firewalls.
• Responsible for developing the new security airport design standard to be implemented globally on all united airlines airports.
• Created the engineering and troubleshooting guide for the new checkpoint R77.20 release.
• Designed the new PCI and PII data DMZ zones to house the new c7000 HP VM servers for the new data center united airlines reservation department.
• Working with the server team to create the new deployment for the Hadoop big data deployment.
• Responsible for the role out of zscaler cloud based solution for all of North America airports to be integrated with the 12000 and 4800 checkpoint series firewalls.

Confidenital

Senior Technical Security Manager /Architect AT T, Global Customer Security Services Design, Integration, Custom Engineering, Team

• Responsible for architecture, development, and engineering of custom security technology designs supporting fortune 100 clients. Key accounts include Amgen, Eli Lilly, Shell, Amtrak, Macquarie, IBM among others.
• Manage, escalate, and drive satisfactory resolution of customers' technical support, service and infrastructure issues based on company products and technologies
• Proactively develop and deliver notifications of new company products and technologies to Premium Support customers
• Proactively monitor reporting information and policy configurations of company technologies at customer sites and make on-going recommendations
• Responsible for the migration, planning and implementation of over 50 firewall appliances transitioning to Checkpoint GAIA R 7 series on a VSX environment
• Set up a DMZ lab for multivendor testing consisting of Fortinet, Checkpoint, Juniper, Cisco firewalls as well as Tipping point IPS appliances.
• Responsible for the testing and evaluation of a new managed security services offering utilizing the Tufin 1000XL appliance.
• Assisting in the migration/transitions from a checkpoint crossbeam chassis to the newest 12000 series appliances.
• Testing the service offering for the Blue Coat ProxySG 510 server and a Trend Micro Anti-Virus ICAP server on Sun hardware.
• Writing the deployment guide support code 4.2 and later for the Sourcefire Sensor and Defense Center Staging Procedures.
• Working on finalizing the ETG engineering troubleshooting guide for the Palo Alto next generation firewall supporting the PAN OS version 4.1.8. The Guide focuses on providing guidance on deploying the Palo Alto firewall part of ATT's managed security offerings
• Working on testing the interoperability of a new WSS web security service offering in conjunction with the cisco ASA x series 9.1.0, checkpoint Splat 75.40, and Fortinet 5.1.0 release.
• Finalized the ETG engineering troubleshooting deployment guide focusing on the new R77.20 Gaia OS release
• Responsible for the engineering, testing, and design of a Blue Coat role out for one of our global customer. Deliverables included the Cloud integration with their existing infrastructure, deployment of two BC reporters, and integration with the Blue coat AV engine as well the implementation of a BC director.

Confidenital

Senior Pre Sales Engineer

• Work closely with the AdvizeX Technology Solutions group and the Account Managers to develop repeatable, Value-added Solutions for AdvizeX customers
• Acted as the technical lead on complex proposals conduct final review, edit proposals and approve technical content
• Performed PoC proof of concept on various vendor technologies including Mobile Iron, Fortinet, ArcSight as well as the HP suite of products.
• Assisted clients with technical and strategy for multiple information security disciplines such as security policy, awareness and education, risk management, incident response, vulnerability management, intrusion detection and prevention, regulatory compliance, and security operations.
• Developed the AdvizeX BYOD bring your own devices security strategy positioning HP and partner offerings technologies.
• Performed multiple wired and wireless assessments on perspective clients.
• Coordinate, deliver and ensure quality presales deliverables within the domain of the account which may include items such as configurations, architectural diagrams and Statements of Work for Professional Services.
• Develop and propose technology solutions that meet customers' needs ensure that proposed solutions when implemented meet the needs and functional requirements of the customer.

Confidenital

Senior Security/Network Engineer consultant contract

• Responsible for the Network and Security health of the FTDI network infrastructure on a global level.
• Manage the day-to-day Juniper SRX 3600 core firewalls such as security rule implementations, log reviews, troubleshooting, and maintenance upgrades.
• Responsible for the management of the perimeter ASA 5540/5550 firewalls.
• Manage the ASA 5540 VPN appliance. Responsibilities included setting IPsec Lan-to-Lan vpn, Nat-translation and firewall rules.
• Implemented a new role out of the SA-4000 ssl-vpn juniper appliance for the DR site.
• Responsible for the management of the infoblox Grid manager.
• Provided support for the Nexus 7000 core switches as well the 2800 series mpls routers.
• Manage the day-to-day F5 BIG-IP's 6 devices which included irules, virtual-servers, and traffic log analysis.
• Responsible for the initial project deliverables of evaluating a new role out for a NAC solution to be deployed on a global level.
• Responsible for the role out of the new Impreva SecureSphere application firewall.
• Responsible for the configuration, and day-to day-support of the perimeter NGX-R65 firewalls.
• Engineered, designed, and implemented the transition of a new mpls network for a new remote site.
• Reevaluated the company security policy and standardized the best practices for all of the security devices.

Confidenital

Senior Cisco Security Engineer/Consultant contract

• Responsible to provide maintenance and operational support in areas of firewall and network security infrastructure on a daily basis for the Applus network in North America
• Analyze and evaluate technology and network services for current and future network development
• Roll out a new cisco ACS 1120 to manage all of the Applus network infrastructure appliances 100 devices including firewalls, switches and routers.
• Managed the core and perimeter firewalls which included cisco 5510, 5520 ASA as well as Sonicwall NSAE-7500 series appliances.
• Implemented a new roll out of cisco 1242 AP access-points on 35 sites
• Deployed a 1030 LAN wireless manager to manage all of the cisco 1242 AP 35 sites
• Installed, configured, and design and new cisco failover pair of 5520 including the AIM-IPS module.
• Upgraded over 40 firewalls to the current 8.4 IOS
• Configured multiple site to-site VPN tunnels for partner access.
• Performed vulnerability assessment to critical application and servers to insure regulatory compliance
• Implemented a new SSL-VPN architecture using Netextender appliance for the remote users.
• Designed the logical and physical network security infrastructure for their entire North America network expanding to 6 states.

Confidenital

Lead Network Security Consultant

• Thru TEK-Systems contacted to assist in the transitioning and migration of the Lake forest Memorial Hospital to NMH.
• Responsible to architect and manage the new 5050 ASA failover pair firewalls for the new connectivity between the Lake forest Hospital and Northwestern Memorial Hospital.
• Assisted in the new role-out of the Cisco Security Manager appliance CSM to manage all of the perimeter security products including firewalls, VPN appliances, and IPS.
• Configured multiple 5500 series ASA firewalls to replace a number to obsolete 500 series Cisco PIX's
• Administer, configured, and maintained the Internal and external ASA 5050 firewalls.
• Replaced and transition the configuration and rules to a new 6509 switch including new firewall VLAN assignments for a routed mode multiple context FWSM module
• Written and presented a best security practices document after evaluating the security infrastructure of NMH thus ensuring better security measures.
• Part of a team that is validating a new NAC solution which includes interaction with multiple vendors such as Cisco, Juniper, BlackBox, Symantec in validating the best solution for Northwestern Memorial Hospital.
• Upgraded two 2 FWSM's running 2.3 codes to the latest 4.0 code and implemented the firewall rules for a new deployment.
• Documented and re-designed on a Visio the entire internet firewalls as well as DMZ zones physical and logical layouts.
• Conducted vulnerability and penetration testing on selected critical servers to further secure applications and block unused ports.
• Assisted on the configuration, and administration of the new IDP-800 juniper appliance role out.
• Configured on a daily basis ACL's and object-groups on multiple firewalls per incident request.
• Installed a new failover pair of two new ACS 5.1 appliances and migrate the database from the older 3.3 ACS.
• Design, implemented, and configured the new 5.1 ACS appliances for the management of over 1200 devices.
• Implemented a new AAA best practices approach that was tested and implemented to the new ACS 5.1 appliances that incorporated authorization and accounting rules in addition to the legacy authentication only policy.
• Configured multiple IPSEC VPN tunnels using a 3030 concentrator to establish connectivity for partners thru out the US.
• Administer the day-to-day Websense appliance.

Confidenital

Network Segmentation/Security Consultant

• Contracted thru IBM as a lead network security/segmentation consultant to assist on the CIGNA's datacenter segmentation project following the company's security policy.
• Responsible for generating reports and analyzing application behavior as related to the network segmentation efforts, with an end state goal of building enterprise network ACLs applied to more than 400 switches based on the analysis.
• Configured the IP 695 and IP 1285 checkpoint appliances using the Horizon Manager after evaluating the data traffic.
• Lead the project effort and delegate responsibilities to junior security engineers.
• Assisted on the configuration and implementation of the new Cisco MARS appliance
• Utilized network analysis tools such as sniffers, syslog, Mazu network profiler, LogLogic, and IT Opnet guru to evaluate and analyze traffic behavior, patterns and trends.
• Responsible for the review and build assistance with virtual security technologies security context, FWSM including ACL development, testing and implementation.
• Reevaluated, analyzed, and segmented an extensive virtual mainframe network z/OS z/Linux
• Design and document post-segmentation application configuration, including firewall access controls based on traffic analysis, and Visio diagrams.
• Prepare regular status progress reports and documentations within the network segmentation project scope and presented to senior engineers and management.

Confidenital

Pre-sales Engineer

• Providing expert consulting services related to the Network General/Netscout product lines. The types of services range from architecture to deployment of the Network General Suite of products to more advanced services for clients. Advanced services included network and data center assessments, application predictive analysis, network fault analysis and isolation, optimization and complete solution deployments of network intelligence suite of products.
• Lead pre and post sales support as needed to clients nationwide to achieve project deliverables.
• Provide training seminars and knowledge transfer presentations to clients to enhance their knowledge and best practices using our product line.
• Assist sales and engineering by providing customer feedback to further enhance our product line and meet customer demands.

Confidenital

Lead Security Consultant

• Contracted by SDI-Consulting Inc to assist in the design and evaluation of multiple Cisco ASA's, Cisco secure ACS, as well as VPN concentrators to house the new Internet Gateway infrastructure and failover between two core locations for the CTA. Chicago transit Authority
• Provided technical, installation, move, change, and maintenance support for managed firewalls and routers for the LAN and WAN environment.
• Reevaluated and redesign the ACL access control lists for their corporate firewalls with the use of group-objects thus optimizing performance and management on their firewalls.
• Supported the day-to-day network infrastructure which included multiple 6500 layer 2 and 3 switches as well as 40 remote access facilities

Confidenital

Network Security Engineer

• Responsible for the perimeter security best practices of Lucent's worldwide facilities including sites in over 50 countries NAR, CALA, EMEA, APAC with over 70,000 end users.
• Possess excellent verbal and written communication skills used daily to manage projects. Correspond with clients to determine their needs to achieve the best IT solution for their company.
• Develop, design and implement secure network connectivity between corporate private networks and third party networks following security best practices and adhering to the corporate security policies.
• Administer and implement Lucent firewalls Juniper big Iron, security rules, ports security and policies to meet the corporate standards.
• Deployed and integrated for multiple enterprise customers 7750 SR service routers
• Redesigned and reengineered an extensive frame-relay network with cost savings of over 150,000 annually with the use of IPSEC VPN's and Point-to-Point connections.
• Reengineered and redesigned an extensive OSPF network for a new data center located offsite with increased security and disaster recovery by implementing Radius Authentication and failover DS1 links.
• Created and developed training manuals for the administration of the lucent brick firewalls for the EMEA region.
• Identify and assess security risk profiles to meet the corporate IT security standards.
• Coordinate and manage security audits and vulnerability assessments to ensure corporate IT security standards are met and enforced.
• Developed documentation manual for information security naming standards, best practices and guidelines.
• Coordinated the migration and consolidation of over 150 VPN connections from multiple sites worldwide to our newest data-center for better management and administration.
• Evaluated, tested, and certified new WAN hardware and software solutions for the corporate environment.

SHORT TERM PROJECTS

Confidenital

Lead Network Engineer / Consultant, Contract

Contracted By TCML as a consultant to install, configure, and test the implementation of multiple 6500 series switches and two Cisco 3600 routers, for a major financial company. The project involved upgrades in multiple locations in the greater Chicago area. The project increased network efficiency and productivity by replacing the obsolete network equipment.

Confidenital

Network Supervisor / Project Manager, Contract

Supervised team of technical personnel in the conversion of two Citizen Bank branches into Charter One. This project involved the installation of multiple Cisco routers and switches, as well as T1 links between the multiple sites. This conversion was successful and allowed for a smooth transition into Charter One's regular operations.

Confidenital

Network Security Engineer / Consultant

• Assigned to work into multiple projects supporting the University Of Chicago Graduate School Of Business and the Networking Services Information Technology Department.
• Responsible for the overall design, configuration, and implementation of the FWSM firewall service module on the Catalyst 6509 switch for the new Graduate School of Business facility. Implemented complex and accurate rule sets with the use of group objects and ACLs for two security contexts and multiple VLANS to secure the network and services of 150 servers and over 4000 users. Implementation of the FWSM was in compliance with key government regulations such as HIPAA and FISMA.
• Implemented Intra-Chassis failover via trunking to protect against switch level failure.
• Installed and configured multiple PIX firewalls 501, 506E, 515E for departmental use to further secure servers and applications. Troubleshot firewall connectivity problems and performed modifications on Ports, ACLs, IP Filters, and Group-Objects to simplify or correct the configuration of the aforementioned firewalls. Installation of these firewalls increased optimization and ease of administration by 35 percent.
• Reviewed logs and alerts from firewalls and Intrusion Detection Systems for possible attacks or network utilizations. Analyzed routers and firewalls for IOS vulnerabilities and proper network configurations.
• Provided consulting on optimizing current security processes by implementing effective and efficient role-based management. Provided recommendations best practices on how to create and optimize their security policies across their entire network. Provided training on multiple firewall usage to system administrators.
• Responsible for the evaluation and research of multiple network management security solutions Solsoft, Voyence, Arcsight, and Cisco Works for the management of the 30 firewall platforms used by the network security department.
• Restricted access to servers, application software and data using the features of the encrypted file system EFS and domain-based policy by incorporating PKI.

Confidenital

Network Security Consultant contract

• Implemented AAA authentication using TACACS to further secure the network login process.
• Established Internet traffic policy in Cisco PIX Firewall to allow hosting of corporate website.
• Recommended policies to management to be adapted for corporate network security.
• Also utilized host-based Checkpoint Firewall to further secure sensitive applications on multiple servers.
• Established site-to-site and remote VPN connections to corporate Firewall with IPSec.
• Maintained, implemented, and modified access-lists and Group-Objects on Firewalls and edge routers when necessary.
• Conducted memory and IOS updates on PIX Firewalls and network routers.
• Facilitated training seminars for Customer Services, 30 member team both in fault diagnosis and customer and equipment awareness.
• Monitored Internet traffic and made appropriate recommendations to upper management.

Confidenital

Network Security Consultant

• Contracted by Mercer HR Consulting to assist in the installation, implementation, and configuration of Cisco 3550 and 6500 series switches to accept Mercer's new IP phone system for later deployment.
• Contracted by Chase Winters to oversee and document their network Architecture, due to network Bottlenecks, and security issues.
• Over a six-month period, implemented the following solutions for Waterworks, Inc. in the greater New York area:
• Designed, implemented and maintained local and wide area Network as well as remote access infrastructure based on Cisco and 3Com equipment for 1000 person company, including thirteen remote sites.
• Worked daily with ATM, Frame Relay, ISDN, Fast Ethernet, Gigabit Ethernet, VLANs, Multicast, Layer-3 Switching, BGP and RIP.
• Designed, implemented Active Directory and maintained security infrastructure including multiple firewalls, intrusion detection systems and VPN concentrators.
• Provided Support for Active Directory and Windows 2003 Server/domain strategy and supported all networking components used by Windows WINS, DHCP, DNS, Domain Controllers and RADIUS Authentication .
• Assisted in analyzing and documenting Network performance issues in the Clarify Customer Relationship Management software product line.

Confidenital

Network Integrator/ Administrator

• Responsible for the installation and configuration of the technical environment along with accessing NT and NetWare servers via Ethernet LAN, WAN links, and Dial-Up Networking.
• Performed required maintenance on Cisco routers switches to include overall device health, line cards, image upgrades, monitoring of log files alarms, and resolution of issues. Support distributed routing protocol architecture to include RIP, IGRP, EIGRP, and OSPF.

Confidenital

Network Specialist Level II

• Member of a six-person team responsible for installing, configuring and supporting NT servers, active directory in a TCP/IP environment.
• Provided help desk support, to the network environment by resolving network hardware and software issues.
• Designed and orchestrated LAN segmentation using Cisco 2900, 3500 and switches to establish multiple VLANS via trunking across multiple switches.