SUMMARY:

• IT professional with more than 20 years of professional and technical experience in program/project management, contract management, financial management, change management and improvement for complex and technical efforts. Effective leadership with regards to engineering, analysis, design, management, installation, configuration, implementation, integration, and troubleshooting of various technologies for medium and global enterprise environments; this includes proficiency in routing, switching, security (firewalls), voice, wireless and datacenter technologies.
• Implement trunk ports and implement granular control of VLANs and VXLANs using NX - OS to ensure virtual and flexible subnets that can extend further across the network infrastructure than previous generation of switches.
• Implement port-profiles as part of the NX-OS command structure that allows for configuration of multiple ports and port-types via inherited configurations applied via a single command that reduces administrative error and allows for better configuration readability.
• Implement a virtual version of Confidential: Nexus1000v into VMWare to extend Confidential capabilities directly adjacent to virtual machines so that they benefit from Cisco switching capabilities and network topology consistency ensuring VMs maintain their subnet/VLAN relationships during failover.
• Implement secure privileged administrative access to the Cisco IOS system.
• Enable the encryption of system passwords to prevent unauthorized users access to passwords in the system configuration.
• Implement secure access to the console and vty ports, and set the interval that the Confidential command interpreter waits until user input is detected on the Console and vty ports. Also, configure the console and vty ports log messaging to not interfere with active device configuration.
• Implement VLAN Trunking Protocol to reduce administrative overhead.
• Enable secure sharing of VLAN information to prevent the introduction of rogue devices from affecting the VLAN database. Shutdown unused switchports following Layer 2 security best practices.
• Create and manage Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding.
• Utilize VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays. Modify spanning-tree parameters for manual root bridge assignment. Implement ether-channels between each switch using PAgP for negotiation. Modify ether-channel load balancing method.
• Implement WAN links between sites using frame-relay point-to-point and multipoint connections to establish connectivity between each of the four sites as required. Establish frame-relay point-to-point connections three of the sites creating a full mesh. Implement hub and spoke network between three of the sites with the main office as the hub for redundant connections.
• Implement EIGRP routing for point-to-point and Non Broadcast Multi-Access networks. Ensure that the spoke routers are receiving routing information about each other from the hub. Configure EIGRP unequal-cost load balancing to also use the lower capacity multipoint links when routing packets.
• Prevent neighbor adjacencies from being formed as well as the sending and receiving of routing updates on unnecessary interfaces. Implement EIGRP MD5 Message Authentication between sites to prevent unauthorized insertion of routes into the domain. Implement manual EIGRP route summarization to reduce routing protocol demand on CPU resources, memory, and bandwidth used to maintain the routing table.
• Implement OSPF routing with multiple areas for networks between sites. Implement totally stubby areas to lower the system resource utilization of routing devices for the network. Implement NSSA area to allow injection of external routes into the area and propagation into the OSPF domain.
• Implement backup and recovery of Cisco IOS Images. Perform password recovery on Cisco IOS routers/switches and a Juniper EX2200 Series switch to restore administrative access. Backup and Restore startup-comfit file for disaster recovery.
• Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office. Implementation of the VPN includes the following configurations: Internet Key Exchange Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac to define how the traffic is protected, crypto-map to associate the previously configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint.
• Implementation of Zone-Based Policy Firewall on the Cisco 1841 ISR with the following components: three zones, class-maps specifying traffic that must have policy applied as it crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.
• Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser. Prepare the Cisco ASA with necessary configurations to self-signed certificate generation. Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self enrollment, and configure CA trustpoint interface association.
• Configure Syslog on the Cisco ASA5505 with logging to a host and internal buffer. Forward all logging to an internal Syslog server for monitoring and management. Configure and manage Syslog output generation using custom message lists. Implement FTP backup of internal buffer when it is exceeded.
• Implement Basic Threat-Detection, Advanced TCP Intercept, and Scanning Threat-Detection. Simulate attacks on network to manage threat-detection rates and verify Syslog generation.
• Utilize Cisco ASA5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic. Configure HTTP inspection policy to block restricted sites and file downloads.
• Implement a local voice network with the following network elements: Cisco 2811 ISR (VoIP) with a Cisco Unity Express Network Module (NM-CUE) installed, Cisco Communications Manager Express, a standard Cisco 3550 Switch, and a Cisco 3550 switch with Power-over-Ethernet. Create and manage Data and Voice VLANs, and configure ports with static VLAN assignment and 802.1Q trunks for layer 2 forwarding. Configure edge ports for fast-transitioning into the forwarding state to fix workstation startup connectivity delays.
• Configure Fast Ethernet main and sub-interface assignments as required for intervlan routing. Implement static routes for local connectivity. Implement NTP server, DHCP server, and TFTP server for support of the VoIP network. Modification of system level parameters including max phones, max directory numbers, display format for date and time, and setting the Time-Zone.
• Implement Unity Voicemail on the Cisco Unity Express Network Module. Configure a dial-peer on the Cisco 2811 ISR to define the attributes of the packet voice network connection to the Cisco Unity Express Network Module. Enable call forwarding on busy or no answer. Implement Message Waiting Indicators and Voicemail access via SMTP. Daisy-chain PCs to VoIP phones to reduce network cabling costs. Utilize PoE ports for VoIP phones to reduce power infrastructure costs.
• Implement a wireless network infrastructure providing access to wired LANs to increase mobility and productivity utilizing the following network elements: Cisco Wireless LAN Controller (WLC) 2106, a Cisco 3550 switch, a Cisco 1130AG series Access Point, and a Cisco 1121G series Access Point. Create wireless LANs and configure interface association, security parameters, and radios used. Utilize the Wireless LAN Controllers web GUI to configure and manage the wireless network. Configure internal DHCP scopes for WLANs.
• Prepare infrastructure for AP registration on same subnet as management VLAN and for AP registration on different subnet. Configure AAA AP policies to allow Self Signed Certifications for APs shipped without a Manufacturer Installed Certificate. Implement AP Grouping to ensure WLAN SSIDs are only broadcast by the APs desired.
• Set up VLANs and access ports connecting virtual machines using the NX-OS CLI on a Cisco Confidential 1000v virtual machine and VMWare vSphere Client networking.
• Configured routing policies and service profiles for separate levels in an organizational hierarchy using a Cisco Prime Network Services Controller virtual machine. These policies and profiles were applied to Cisco Cloud Service Router 1000v (CSR 1000v) virtual routers.
• Configured a CSR 1000v router using the Cisco IOS 15.4 CLI.
• Configured the Nagios XI monitoring tool to monitor routers and switches and customized its dashboard.
• Configured SolarWinds Orion NPM and used it to monitor traffic on a network.
• Configured the CACTI tool to graph traffic from a router and to generate alerts based on a threshold traffic level.
• Used the Wireshark tool to study HTTP, telnet, and SSL traffic.

TECHNICAL SKILLS DETAIL:

Routing/Switching Products: Cisco Routers (3900, 2900, 1900, 800 Series), Cisco Catalyst Switch (6500, 5500, 4900, 4500, 3750, 3560 - X, 3100), Cisco Confidential 1kv, 2k, 5k, & 7k Series, Juniper Routers & Switches, HP Routers & Switches, Alcatel/Lucent Routers & Switches.

R/S Protocols & Standards: WAN, LAN, TCP/IP, Spanning Tree, BPDU, CDP, ACL, NAT, PAT, RIP, RIPv2, OSPF, OSPFv6, EIGRP, BGP, MPLS, VTP, SNMP, SMTP, ARP, TCP, UDP, Static Routing, Stub Routing, VLAN, VLAN Trunking, VXLANs, multicast routing, HSRP, SVI, CEF, Etherchannel, Portfast,. VSS, vPC, VRF.

Data Center Technologies: VMware VSphere, VCenter Server Appliance, VMware ESXi Hypervisor, F5 Big-IP load balancing (GTM/LTM), Cisco AnyConnect VPN management, Riverbed WAN Optimization device management, Cisco IPS/IDS, Meraki cloud based, Rackspace private cloud or public network cloud, 10G/40G Ethernet, FCoE, SAN, Port-channels, VXLANs, vPC Port-Profiles, Routing Profiles, and Service Profiles, SFP+, NAS, RDX, DB

Security/Firewalls Technologies: Cisco Security Manager Suite, Cisco ASA 5500 series firewalls, Cisco FWSM, Cisco IPS/IDS, Cisco ACS, Fortinet, checkpoint, Advanced Firewall Manager (AFM), BlueCoat /policy, Sonic Wall Router/Firewall combos, Cisco ASA 1000V cloud firewall, Juniper vSRX&SRX series, Protocols & Standards - AAA, TACACS+, RADIUS, SSH, VPN, IPsec, SSL/IPSec, Data Loss Prevention, IPSec, Data Management Zone, Pretty Good Protection (PGP), Public Key Infrastructure (PKI), Internet Key Exchange Policy, Port Security, MAC Address Filtering

Voice/Wireless Technologies: Cisco WLC, Aironet, Bluetooth, CUCM, UCCM, UCCX, Avaya AURA Communication Manager, Avaya Definity, Avaya IP Office, Protocols & Standards - VoIP, VoIP/SIP, MGCP, RTP, SCCP, SRTP, QoS, PoE, IEEE 802.1x & 802.11, WLAN, WAP, AP, SSID, LWAPP, CSMA/CA, MMDS, LMDS, CCK, DSSS, JDSU, LVPOsView

Monitoring/APPS: Zenoss, Finisar, Wireshark, Remedy, OpNet, Cacti, Nagios, VMware, Solarwinds, Riverbed, Cisco Works, LogicMonitor, Cisco Security Manager Suite, Server, Sniffer, Ethereal, SNMPv2c, SNMPv3, RMON, Syslog, tcpdump, DNS, DHCP, FTP, Telnet, HTTP(S), SMTP, tunneling protocols, point-to-point, SFTP.

Programming Languages: C, C++, Oracle Database, Perl, HTML, Java, Visual Basic, Shell Scripting, SQL.

Applications: Windows XP/2000/2003/7, Active Directory, Exchange 2003/2008, Microsoft Project

PROFESSIONAL EXPERIENCE DETAIL:

LANWAN ProfessionalLAN/WAN Manager

Confidential

Responsibilities:

• Responsible for assessing, supporting and mentoring LAN/WAN professionals and contractors located throughout the continental United States on various professional and technical issues relating to local area networks (LAN) and Wide Area Networks (WAN) including routing, switching, voice, wireless and security.
• Primary activities included technical assessment of a candidate’s qualification to perform the duties of various LAN/WAN positions including escalation support, administration, engineering, analysis and project management.
• Additional responsibilities included reviewing configuration, implementation activities to ensure proper functionality and providing necessary mentoring to engineers engaged in these activities to ensure proper implementation.
• Other activities included as needed and schedule reports to senior management on the status of technical implementation activities, professional/technical review on LAN/WAN Professionals and its overall success, monitored and worked to streamline/improve the company’s standards and processes.

Confidential

Technical Lead/Analyst

Responsibilities:

• Earned Six Sigma Greenbelt certification, approved by Confidential .
• Led effort to identify Space and Missile Systems Center “Core Processes” and align them with Confidential and Confidential policies.
• Composed & performed Process Improvement Overview training for personnel on-boarding to Los Angeles AFB.
• Set-up Six Sigma Training for facilitators and monitored their progress toward certification.

Confidential

Senior Systems Engineer/IPT Lead

Responsibilities:

• Linked Material, Procurement & Engineering databases to Program Schedules, giving early identification of risks
• Led build effort for radar hardware 15 years out of production through Engineering Review and into manufacture.
• Prepared and conducted successful Gate Reviews for development and production proposal efforts.
• Assumed Lead Position for behind schedule Supplier Team; “cured” schedule slip without budget increase.
• Qualified Confidential Six Sigma Specialist and Confidential Company Subject Matter Expert (SME) for Microsoft Project.
• As Confidential Microsoft Project SME, conducted scheduling training classes at various sites across the Business Unit.
• Led effort to improve internal communications in leveraging Government-funded technology development efforts.
• Served as SAS SBIR Liaison, identifying Small Business efforts that supported Confidential ’s technology roadmap.
• Developed/coordinated radio program Estimates-at-Complete for reviewing by Confidential Leadership.

Confidential

Schedules/Plans Advisor

Responsibilities:

• Developed ‘ Confidential ’ Scheduling Processes, compliant with Confidential contract data submission requirements.
• Automated cost & schedule data transfer processes between software applications, improving program monitoring.
• Developed/implemented processes to combining operations of multiple software applications for seamless Cost/Schedule Integration.

Confidential

Senior Project Manager

Responsibilities:

• Developed and integrated critical path schedules and associated cost data involving multiple sites and managers.
• Developed strategies for effective Integrated Master Plans and Schedules generation.
• Developed and implemented strategies for coordinated use of Microsoft Project and cost management software for program management reporting to civilian clients and their Confidential customers.

Confidential

Acquisition Lead/ Senior Acquisition Manager

Responsibilities:

• Designed and implemented special cost report formats to standardize Cost/Schedule Control Systems Criteria data across contracts.
• Organized finance, technical, and contract professionals into a team to streamline contract modification process.
• Co-authored corporate policy on program management/presented results to Assistant Secretary of the Confidential .
• Defined software specifications for Confidential Office funds allocations tracking application.
• Reviewed, evaluated, and recommended successful revisions to Business Management operating procedures.