SUMMARY:

Over my career, my breadth of experience includes enterprise network security, network engineering, network administration, computer hardware support, help desk, data processing, and mainframe computer operations. My current expertise is network security. Personal traits include being detail oriented, conscientious, and having a strong analytical and problem solving ability. I have been recognized for providing excellent customer service.

TECHNICAL SKILLS:

HARDWARE SKILLS: Cisco Next - Generation Firepower 4100 Series security appliances, Cisco Nexus 9500, 9300, 7000, 5548, 5510 series Cisco 7200, 3800, 2800, and 1800 ISR, and ASR1000 series routers, Cisco 6800, 6500, 4900M, 4500, 3850, 3750X, 3560X, 2960 series Catalyst switches, switches, Cisco 2248 fabric extenders, Cisco ASA 5500 series Firewalls, Cisco ASA Service module, Cisco FWSM, Infoblox 1550, Tandberg, Fortigate 1500D, Ixia, Sun Solaris, IBM, HP, Dell, RAID

SOFTWARE SKILLS: Cisco Firepower Extensible Operating System 2.1+, Cisco router IOS 12.2+,Cisco NX-OS 5.0+, Cisco IOS-XE 3.0.0+, Cisco Catalyst switch IOS 12.2+, ASA IOS 8.0+, Cisco CatOS 5.2(5)+, OSPF, EIGRP, RIP, BGP, IS-IS, QoS, MPLS, VoIP, Spanning Tree, VTP, Multicast, IGMP, HSRP, VRRP, GLBP, CDP, IPv6, VRF, DNS, VPN, 802.1x, EAP, SDM, TELNET, SNMP, SMTP, HTTP, POP3, LDAP, FTP, TFTP, LWAPP, Network Access Control (NAC), BMC Remedy, Dell OpenManage, CiscoWorks, Wireshark, Microsoft Word, Microsoft Excel, Microsoft Visio, Microsoft Groove, Microsoft SharePoint, Vandyke Secure CRT, APC InfraStruXure Central 6.0.1, Cisco ACS 5.5, Cisco TelePresence Management Suite, TMS, v13.1, Cisco TelePresence Video Communication Server, VCS v7.0.2, ManageEngine NetFlow Analyzer, WhatsUp Gold, MRTG, Nagios, SmokePing, HP Business Services Manager 9.25, HP Network Node Manager 10.10, HP Network Automation 10.11, Stonesoft Stonegate Management Center 5.2.1. Fortigate v5.0, Splunk 6.4.0, Ixia Chariot, Ixia Hawkeye, Netscout, Cisco NAM, Cisco ASDM, Cisco ISE, BlueCat Proteus IPAM

PROFESSIONAL EXPERIENCE:

Senior Network Security Engineer

Confidential

Responsibilities:

• Support over two hundred Cisco Firewalls Cisco ASA 5500, Series 5500 - X, and Cisco Next-Generation Firepower 4100 Series security appliances in standalone and high availability configurations
• Troubleshoot customer firewall problems; modify firewall access rules according to security policy to resolve client requests as reported in ServiceNow Incident Management
• Support Cisco AnyConnect remote access VPN users; troubleshoot connectivity issues to resolve a variety of problems
• Actively working site-to-site VPN project making firewall changes for services migrating to the AWS and Azure cloud
• Completed project to evaluate Cisco Next-Generation Firepower 4100 Series security appliances for both the virtual Firepower Threat Detection and the Virtual ASA modules to increase security in a production environment

Network Engineer

Confidential

Responsibilities:

• Primary responsibility was to provide day-to-day care and maintenance for a variety of network infrastructure equipment, including routers, switches, firewalls, load balancers, and network monitoring systems
• Worked with team members to resolve network-related service issues including outages, anomalous behavior, and network alerts for Local Area Networks in multiple locations
• Implemented approved changes to Cisco ASA appliances in a multi-context configuration, FortiGate, and StoneGate firewalls, created access rules based on IP address, port, and protocol to meet the customer’s access requirements
• Assisted team in formulating network management strategies; provide recommendations to optimize network architecture, operation, performance, and security
• Hands-on experience with modern Cisco data center platforms: Nexus 9500, 9300, 7000, 5500, 6800 and 6500 series, switches and Cisco Fabric Extenders, configured layer 2 virtual local area networks, layer 3 switched virtual interfaces, trunk ports, port channels, virtual port channels, and interfaces
• Configured a wide variety of other Cisco Catalyst switching platforms and Cisco routing platforms on a frequent basis, changed interface settings, created trunk ports, created Virtual Local Area Networks, resolved host connectivity issues, replaced failed modules and power supplies, tested cabling, reviewed interface counters for errors, configured Simple Network Management Protocol traps, and applied security configurations to harden devices
• Continually improved the quality of network event alerts by researching notifications, and determining its validity, when valid alerts were found, I researched, troubleshot, determined root cause, and resolved the issue, or escalated critical issues as necessary
• Followed Cisco Security Advisories daily for new announcements, when announced, determined scope of devices affected, determined services running on devices, reviewed device configurations, identified vulnerable devices, identified paths to mitigation, updated security documentation, and notified Network Security Team when vulnerabilities were mitigated
• Worked with Network Security Team, to determine validity of quarterly Nessus scan results, identified vulnerable devices, researched and developed mitigation plans by either by device reconfiguration or by IOS upgrades, documented and reported completed items to Network Security Team
• Performed annual inventory list of network devices, with regard to Cisco SMARTnet coverage, validating 100% device coverage; worked with vendor to remove decommissioned devices, and added new devices to coverage as needed
• Managed Cisco Secure Access Control Server 5.5 for controlling device access via TACACS+ authentication, authorization and accounting, familiar with Cisco Identity Services Engine (ISE)
• Comfortable working in Linux/Unix environments, navigating and operating in the CLI environment as well as installing and configuring server services
• Frequently worked with enterprise routing protocols such as multiple AS BGP, MP-BGP, multiple area OSPF, and multiple autonomous EIGRP, as well as mutual route redistribution between these routing protocols
• Familiar with TCPdump and WireShark for capturing live packets through the use of SPAN and R-SPAN sessions, and familiar with the Cisco ASA packet capture and packet-tracer commands
• Performed routine tasks with product life-cycle management for Cisco routers, switches and firewalls, receiving hardware, unboxing, racking, configuring, licensing, managing, upgrading, decommissioning, and excessing end of life products
• Produced network change requests, implementation plans, migration plans, project status reports, and technical documentation, configured network equipment and services according to documentation, build and test plans in network lab environments
• Completed project for migrating users to a dual stacked IPv4/IPv6 environment, resulted with users browsing the internet using IPv6
• Created checklist for verifying critical services are up and running each morning for distribution to other team members, customer like it so much that the checklist was shared with upper management.
• Participated in project for vetting, staging, and rebooting devices for IOS upgrades for over four hundred devices, steps included testing code in enclaves, scheduling outages, working through problems such as unidentified IOS software bugs, failed devices/modules, and resolved network problems that may have arisen
• Improved Network monitoring 90% by working with the Network Monitoring Team to deploy HP Business Services Manager 9.25, HP Network Node Manager 10.10 in the customer environment to monitor and alert for network equipment events using SNMP and ICMP
• Completed test plan and implemented Confidential Network Automation Software 10.11 in the enterprise operations environment to simplify and automate network changes, perform configuration backups, drive device policy compliance, and run diagnostics for troubleshooting
• Improved network team knowledge 50%, mapped business flows in the data center; determined applications, customers, and paths the data took throughout the data center. The goal was to identify what sites, applications, and customers would be affected by any network maintenance

Network Engineer

Confidential

Responsibilities:

• Primary responsibilities were to support the data center network operations which include Cisco routers and switches.
• Configured network equipment to support customer services, tested and supported network enclaves in various stages of deployment, including build-out of lab mockups for testing various network scenarios
• Assisted team in formulating network management strategies; provided recommendations to optimize network architecture, operation, and performance
• Performed vulnerability remediation after audits, disabled unneeded or vulnerable services, configured access controls and device IOS upgrades where this was to only course of action to remediate
• Improved Network backup capabilities 100% built RANCID server on Linux Fedora operating system and configured service to perform daily backup of network devices.
• Recommended device platform software standardization, analyzed devices, memory constraints, IOS versions and presented a proposal to the customer for implementation
• Developed groundwork to deploy a STIG to Cisco devices to provide for a standard configuration to reduce complexity and time required to troubleshoot network issues.
• Produced network implementation and migration plans, produced and reviewed technical documentation

Network Engineer III

Confidential

Responsibilities:

• Primary responsibilities were to resolve user connectivity issues such as no network connectivity or trouble accessing network resources, create DHCP reservations, assign VLAN memberships, resolve 802.1x Network Access Control issues, verify device STIG conformity, log event tracking and event remediation, IOS upgrades, failed component replacement, and the setup and configuration of new network hardware
• Monitored Cisco network devices; took preventative actions as needed to increase availability of services to the customer. Using vigilance, I discovered and corrected several configuration issues that went unnoticed by network monitoring systems
• Implemented published Security Technical Implementation Guidelines to promote device standardization, network stability, and increase the overall customer network security posture
• Had initiative to develop documentation in support of Standard Operating Procedures using Microsoft Word, Microsoft Excel, and Microsoft Visio, allowing network engineers to provide support for all team functions
• Planned and executed Cisco router and firewall memory upgrade project for almost 100 devices, worked with remote sites by providing direction for the installation of DRAM and Compact Flash, provided hands on installation for memory upgrades for local sites
• Performed routine scheduled maintenance, software and firmware upgrades to resolve known issues and hardware upgrades to allow for deployment of new or advanced device features on all Cisco devices
• Configured Cisco Nexus 5000 switches and fabric extenders to support growing data center service requirements
• Led engineering initiative in support of very high profile public affairs events for the Secretary of the Department of Energy, running Cisco Media Processor to stream live broadcast events to the internet

Network Engineer III

Confidential

Responsibilities:

• Took ownership of customer issues and resolved network problems to their successful conclusion, experienced with BMC Remedy in tracking incidents, ticket progress, and customer validation after completion
• Upgraded firmware on over 100 out-of-band Remote Service Modules to support two-factor authentication and decreased the security risk of a system breach to almost zero
• Supported and implemented all approved inbound security IP address blocks on Cisco routers, in accordance with recommendations by the Cyber Operations team, CERT, and other Federal agencies
• Participated in annual Continuity of Operations Program exercises as the network point of contact for the duration of the exercise
• Increased video conference capabilities 100% to external sites, migrated video capable devices to public IP address space for routing video traffic over the wide area network
• Coordinated with customers and configured Cisco routers to transition 40 sites to a new internet service provider after the Federal Networx contract was awarded
• Improved network security, consolidated internet access for field sites under the Federal Trusted Internet Connections Project
• Increased network performance 100-fold, worked on a Data Network Modernization project at the headquarters and Metro Area Network sites, replaced 10 Megabit hubs with 1 Gigabit Cisco 3750 series switches
• Completed a project that saved the federal government several hundred thousand dollars, consolidated over 200 access switch closets to less than 50