A Security and Systems specialist with skills emphasis on designing, securing, networking physical and virtual distributed computing systems and environments.
2002(October)-Present, Senior Network Engineer
- Security and Networking
- snort, Sourcefire, nessus, nmap, Metasploit, Qualysgard
- tcpdump, ethereal
- Linux, Citrix, Windows servers, Squid, Websense and Blue Coat proxies, VMware, XenServer,XenDesktop
- Checkpoint, Cisco
Execute customer vulnerability scans, security assessments, penetration tests, Network Intrusion Detection System (NIDS) setup, monitoring, reporting, O/S and web site lock down and hardening. Also design, install and troubleshoot network systems including Checkpoint firewalls and rulebases, Windows & Linux operating systems, Cisco routers & switches as well as perform numerous Citrix installations throughout the U.S.
- Upgrade complete virtualized banking operations infrastructure from VMware 3.5 to 4.0
- Technical consultation and lead on migration from Sun Solaris Veritas Web Clustering to Suse Linux Clustered Web Services
- nagios,cacti SNMP design, implementation and monitoring resulting in decreased customer downtime
- Implement customer proxy environments utilizing Open Source Squid, commercial Blue Coat and wpad supporting infrastructure
1998(January)-2002(August), Distributed Computing Architect
- Enterprise Systems Architecture
- snort, ISS RealSecure, Tripwire, Qualys
- Citrix, Linux, Windows servers
- Corporate Intranet, .asp pages
Provide security and systems architectural direction and support to the Information Technology (IT) department at Donnelley Marketing, reporting directly to the IT senior vice-president. Key task is the application of technical solutions to business opportunities. Supporting tasks include project design reviews & project analysis for cost savings and streamlining, developing proof of concepts, developing vendor partnerships in a multi-tier, multi-platform environment. Perform capacity planning for infrastructure processes and application hosting environments. Design infrastructure to meet client service level agreements.
Spearhead project to provide Extranet and Internet security infrastructure for secure customer data and access to hosted applications. Implement same security infrastructure using open source and commercial security applications. Design and implement security systems to defend and monitor data center assets. Initiate project to host customer applications in a Citrix environment.
Design, develop & lead implementation of corporate Intranet site: Site includes features such as database access to employee skill set records, links to all corporate activities, collaboration and administrative interfaces.
Key accomplishments: Review & quick prototyping by the architecture group, of which I am a member, lead to removal of 20+ consultants and a streamlined, lower cost product offering.
1996(July)-1998(January), Project Engineer
Architect distributed systems infrastructure for Health Information Networks. Coordinate between six different development groups to deliver a common framework capable of providing security, directory, audit, time and object services in a distributed network/Internet/Intranet environment to heterogeneous healthcare systems. Project lead responsible for four developers; oversee their progress, provide technical insights & planning, as well as recruiting efforts.
1994(June)-1996(July), Distributed Systems Architect
Began as SQL developer as part of R&D team developing a clinical repository package. Selected to team responsible for architecting the network-centric, open systems-based Health Information Network’s (HIN’s) infrastructure that support AHC’s clinical repository (keystone), Global Participant Index (GPI) and third party HIN service providers. Key requirements include network management, data security, database independence, single sign-on, support and integration of heterogeneous computing environments and corporate Intranet support. Design and develop infrastructure to meet above requirements.
Analyze middleware products. Middleware’s purpose is to provide key network infrastructure services such as security, encryption, time and directory services. Potential solutions included AT&T’s Top End, CICS, Tuxedo, CORBA and DCE (the eventual selection). Design and setup the distributed computing development and sales lab. Develop prototypes of three-tier, DCE-aware servers in C++. Work closely with marketing, sales, clients and potential clients to keep infrastructure design in tune with market demands.
1993-1994, Client Server SQA Consultant
Train SQA team in all aspects of the client server environment. These include NetWare networking, ODBC, SQL Server and Microsoft N.T. Supporting tasks include installing SQL Servers and N.T. networking services, perform D.B.A. functions, code ODBC Windows 3.1 dynamic link library, and network troubleshooting utilizing a protocol decoder. Assisted in TCP/IP implementation on the N.T. & NetWare platform.
1991-1993, Sr. Systems Programmer
Port an integrated client server electronic forms development system from an IBM 3090 and Tandem to a client server platform. Design, create and implement multiple job servers to move data between IPX, TCP/IP and SQL applications. Responsible for Sybase dataserver operations support. Initiated, develop and maintain a communications gateway using Sybase’s Open Server product on a Sun SPARC 2 UNIX platform which decreased network traffic 40%. Analyzed connectivity products through which to integrate TCP/IP into one hundred server NetWare environment. Assisted in implementing TCP/IP, IPX/SPX network integration.
1989-1991 LAN Specialist: Provide training for in house technical support, field and account reps. Topics include advanced NetWare training and network product support. Responsible for research and assistance to support reps involved in network troubleshooting.
Initiated, designed and assisted in development of an Oracle database management system to administer one million record call tracking database. Report turnaround time decrease from several hours to minutes with a corresponding drop in LAN traffic. Design and program on-line monitor system to track call activities reported to the database, and track multiple support and mainframe systems for problem areas.
1987-1989 Technical Support: Supported clients in areas including mainframe to P/C communications, laser printing, DOS, Local Area Networks, and tax production software. Volunteered for additional LAN duties and LAN projects.
Operating Systems: Linux (Red Hat Enterprise Linux 4 & 5, VMware 3.5., 4.0, 4.0 esxi, Citrix XenServer, CentOS, SUSE 10, Novell NetWare 4.1, Sun Solaris 8, 9 Microsoft 2003, 2008, XP, Citrix Presentation Server, XenApp ServerSequent DYNIX/ptx 4.4.2
Security Tools: snort, Sourcefire, syslog, swatch, nessus, tripwire, ISS RealSecure, tcpdump, ethereal, netstumbler,Metasploit Framework 2.3, Whoppix, Checkpoint NG AI firewalls & VPN, Nokia Firewall appliances.
Languages (3GL/4GL): C, C++, Perl, SQL
Development Environments: g++, MSVC 1.0, 1.5, 4.X, 5.X
Graphical User Interface: KDE, motif, GNOME.
APIs: DCOM, ISAPI, ATL, LDAP, IPX/SPX, TCP/IP (BSD sockets), Sybase db-libs.
Professional Certifications: SANS GIAC Security Essentials Certification (GSEC), Citrix Certified Administrator (CCA) Presentation Server 4.0 & XenDesktop Enterprise, Citrix Certified Enterprise Administrator (CCEA), Checkpoint Certified Security Administrator (CCSA), Checkpoint Certified Security Expert (CCSE), Cisco Certified Network Associate (CCNA), RSA CSE (SecureID 6.0), VMware VTSP 4.0
Professional Activities: Information Systems Security Association (ISSA)
Current Certification(s) in Progress: CCA for Citrix NetScaler 9, ArcSight SIEM
Recognition: Donnelley Presidential mention for security infrastructure improvements
BA (1982) Southern Methodist University. Graduated Magna Cum Laude.
AA (1979) Santa Barbara City College.
1982-1987 Worked in financial industry fields of commercial and residential lending, as well as the financial futures markets.
Contact me at firstname.lastname@example.org