Engineer Security
Larry C. Cox
Email: abmrn2@r.postjobfree.com
Phone: 951-***-****
Education
California State Polytechnic University, Pomona, CA
Bachelor of Science, Computer Information Systems
Professional Certifications:
CCNA - Routing & Switching (Current)
CCNA - Security (Current)
Cisco Firewall Specialist Certification (Current)
CCSP - (Current)
CCNP - (Expired) Recertification in progress
Technical Skills
Cisco Router: 1700, 2500, 2800, 3600, 3800, 4500, 7206VXR,
7500 w/VIP2 & dual RSP
Cisco Switching: Catalyst 2900, 3560, 3700, 4500, 5000, 5500,
6500
Cisco AVVID: CallManager 3.3, Unity 4.0, Cisco 7960 & 7905 IP
phones, 6608 T1 PRI MGCP gateway for Catalyst 6500
chassis, Cisco IOS MGCP gateways, FXO ground start
trunks
Switching: Cisco, Foundry, Force10 Networks, Extreme, Nortel
Firewalls: Cisco ASA, Cisco Pix, Juniper NetScreen, Checkpoint NG
Wireless Networks: Cisco Wireless, Cisco Access Points, Aruba
Wireless
WAN connectivity: T1/T3, OC3, OC12,, MPLS, Frame-relay, ATM,
ISDN (PRI & BRI)
General Telecomm: ATM (VBR-nrt), ATM to Frame Relay
internetworking, IPSec, SSL, VPN, NAT, GRE, OSPF,
EIGRP, BGP4, xDSL, FDDI
Operating Systems: Windows 98/2000/XP, Linux (RedHat and SuSE),
Solaris, AIX, HP-UX
Network Applications: Cisco ACS, Cisco MARS, Cisco ASA, PIX, Cisco
CSA 6.0, Checkpoint/Nokia FW1, IRONPORT, Bluecoat
Proxy, F5 Load Balancer, OPNET ACE, SHUNRA WAN
Simulator, HP LoadRunner, Raptor Firewall, Tripwire,
DHCP, DNS, RADIUS server, Active Directory, sendmail,
SpamAssassin, Apache, IIS, RADIUS, RightFAX, MySQL,
LDAP, Riverbed WAN Accelerators
Languages: Perl, C, JCL some TCL
Professional Summary
Team-oriented Senior Network & Security Engineer with over fifteen years
experience in providing network solutions for LAN's, WAN's, Wireless, VOIP
and Network Security. Expertise includes design; implementation and
support of internet networked switched and routed systems, with
specialization in network security solutions, application analysis and risk
analysis.
Experience
ESPN, Los Angeles, CA
2/2009 - Present
Sr. Network Engineer
. A $34 billion multinational, multimedia sports entertainment
company.
. Provided 24x7 on-call operational support for all aspects of ESPN's
On-Air broadcast network & security infrastructure which includes;
LAN/WAN/WLAN/VOIP/VPN/Network, firewalls, IPS and network security
infrastructure in a Linux, Windows and Unix environment.
. Responsible for implementation, configuration and supporting Cisco
6500 Switches and F5 Load balancers which support On-Air EPSN
SportsCenter and access to ESPN.Com high volume WEB sites.
. Responsible for support and troubleshooting ESPN's, mission critical
broadcast transmission operations 10Gbs WAN, which transports all
Video/audio signal feeds into the facility, in order for the editors
to capture highlights for SportsCenter show.
. Responsible for supporting ESPNS Multi-Protocol Label Switches
(MPLS) backbone network, which provides on-air connectivity. ESPNs
MPLS network spans four continents and consists of state-of-the-art
broadcast equipment.
. Responsible for supporting Multi Dual Cisco 6500 10gig switched
network infrastructure, with dual 10 Gb/s SONET WAN connections to
Bristol Connecticut.
. Responsible for installing, configuring and troubleshooting Cisco
ASA's site to site, IPSEC VPN tunnels, SSL clientless/ Anyconnect,
Tunnels between ASAs, Routers and end-user VPN client access.
. Mentored junior systems administrators and editors in quickly
troubleshooting and resolving technical on-air application
performance problems.
. Implemented 2 Cisco IronPort gateways for anti-spam & spam
mitigation. Also responsible for supporting IronPort PXE encryption
technology for secure encrypted email delivery, between ESPN and 3rd
party business partners.
. Responsible for supporting Cisco Security Agents CSA 6.0 (HIPS)
installed on DMZ servers supporting
ESPN.LosAngeles.com/ESPNDallas.com. Responsible for continued
upgrades and troubleshooting all issues.
. Provided 2nd - 3rd level security incident investigation and liaison
to ESPN's and Disney's Incident Response Office.
. Responsible for monitoring and responding to MARS security
incidents alerts. Resolved, categorized MARS events and security
issues, ensuring that none of ESPN's broadcast infrastructure has
been compromised.
. Responsible for managing, maintenance and upgrades to ESPN's mission
critical perimeter web and email security infrastructure appliances:
Cisco ASA firewalls and Bluecoat Proxy systems.
PFF Bank and Trust, Rancho Cucamonga, CA 9/2007 - 2/2009
Sr. Network Engineer
. A $4.3 billion financial and banking services company.
. Provided 24x7 on-call operational support for all aspects of the
banks network infrastructure which included;
LAN/WAN/WLAN/VOIP/VPN/network security network.
. Successfully migrated 50 PFF bank branches from Frame Relay to
USbanks managed MPLS WAN network
. Responsible for installing, configuring and troubleshooting Cisco IP
Telephony/Cisco Unified Communications products including Cisco
Unified Call Manager Express, Cisco Voice Applications, Voice
Gateways (H323, SIP, and MGCP) and Cisco IP phones at 50 branches.
. Implemented 4 Cisco IronPort gateways for anti-spam & spam
mitigation and to meet federally mandated secure email compliance
requirements.
. Successfully deployed Cisco Security Agents CSA 5.2 (HIPS) to 50
branch ATMs, 150 servers and 1,500 bank desktops. Responsible for
continued upgrades and troubleshooting all issues.
. Implemented IronPort PXE encryption technology for secure encrypted
email delivery and to meet federally mandated secure email
compliance requirements.
. Successfully implemented and deployed two F5 Loadbalancers/3-DNS
controllers, configured Wide-IPs and DNS to load-balance and monitor
real-time network conditions, for the banks mission critical online
banking portals, across two data centers infrastructure located in 2
distinct regional data centers.
. Headed the design, configuration and deployment of 2 Cisco CSS
11500 load balancers for customer content delivery and SSL
termination, which dramatically improved application, infrastructure
availability and uptime.
. Worked closely with the Banks Information Security & Operational
Risk Management teams to monitor & responded to MARS security
incidents alerts. Resolved, categorized MARS events and security
issues, ensuring that none of banks electronic infrastructure has
been compromised.
. Responsible for managing, maintenance and upgrade the Banks mission
critical perimeter web and email security infrastructure appliances:
IronPort and Bluecoat Proxy systems.
. Responsible for managing and maintenance of the Banks perimeter ASA
& PIX firewalls, Intrusion Prevention systems, IronPort gateways and
other critical network infrastructure.
. Assisted information security with the design, implementation and
management of an enterprise Intrusion Detection System.
Warner Bros. Entertainment, Inc., Burbank, CA 11/2002 - 9/2007
Sr. Network Security Engineer
. An $8 billion entertainment division of TIME WARNER INC.
. Environment: Windows, Unix.
. Supported Warner Bros WAN which consisted of 72 sites located
worldwide and connected via frame-relay and IPSEC VPN tunnels.
. Successfully upgraded 74 Warner Bros WAN routers from Cisco 2600s
routers to Cisco 2800. This project required coordinating down time
and interfacing with business divisions, management divisions and
technical divisions worldwide.
. Provided 3rd level international network technical support by
resolving technical user issues escalated from the Help Desk and
NOC. Also performed WAN maintenance, upgrades and repairs locally
and remotely.
. Administered Qualys vulnerability management solution for threat
analysis and prevention across enterprise network systems.
. Implemented and monitored Network Access Control solution (NAC) and
administered NAC policies in support of corporate security policy
and standards.
. Implemented and managed Tripwire to help monitor perimeter network
configuration changes and validated network configurations to
minimize security risk and maintain SOX & WB security compliance.
. Interfaced with business units for all 3rd party (B2B, B2C) LAN-to-
LAN IPSEC, SSL VPN connection requests. Responsible for
documentation, configuration, testing/troubleshooting and deployment
of all 3rd party connectivity supporting WB global enterprise.
. Participated in a 24x7 "on call" rotation schedule for security
related enterprise incidents and all aspects of the WB network
infrastructure which included; cabling-racking
LAN/MAN/WAN/WLAN/VoIP/VPN/FIREWALL and wireless.
. Successfully implemented Cisco CSS11506 load balancers for content
delivery which dramatically improved application and infrastructure
availability and uptime.
. Responsible for day-to-day management, configuration and
troubleshooting of WB domestic Cisco 3030 IPSEC, VPN Concentrators
with secure network authenticating to RSA tokens supporting 4,000-
users worldwide.
. Lead high-visibility migration of ~60 mission critical DMZ servers
from Checkpoint/Nokia FW1 to Cisco PIX 535's infrastructure; working
closely with site IT leadership to plan and efficiently resolve all
network, connectivity and security issues, ensuring smooth cut-over
with zero downtime. (Received People's Choice Award for these
efforts).
. Responsible for managing and maintenance of WBEI perimeter firewalls
and other mission critical network infrastructure.
. Assisted Information Security, with the design, implementation and
management of an enterprise Intrusion Detection and Prevention
System.
. Served as a subject matter expert of network design team and in
collaboration with Information Security, network vendors and
architecture group, developed strategic plans for secure network
architecture.
. Participated in development of information security baselines for
network devices including firewalls, routers, switches,
concentrators, etc.
. Responsible for WAN application performance management and
application Capacity Planning utilizing OPNET IT Guru, OPNET ACE to
analyze, diagnose and resolve business-critical application
performance issues in real-time for faster throughput and higher
network uptime.
. Successfully installed and configured Cisco 6509's including
firewall & VPN modules to support Warner Bros. worldwide rollout of
SAP EBP/R3/BW. (Received People's Choice Award for these efforts).
. Utilized OPNET IT Guru, OPNET ACE application Capacity Planning to
ensure superior and more efficient bandwidth utilization for support
of global WAN locations.
DirecTV, El Segundo, CA 1/1997 - 11/2002
Network Engineer
. An $8 billion entertainment division.
. Provided network services and support for 1,500+ VPN users worldwide
and Implement authentication mechanisms using Tacacs, Radius and RSA
Secure Tokens.
. Lead multiple security engineering projects such as Firewall
migrations (Checkpoint NG Clusters, Cisco PIX, and Symantec Raptor),
. Provided WAN support and troubleshooting to backhaul local
television channels signals to two Broadcast Centers via frame-
relay. This required Carrier/Telco coordination, circuit ordering,
circuit tracking and troubleshooting.
. Successfully upgraded DirecTV's Internet access from a single Raptor
Firewall and T1 access to Cisco Pix firewalls and DS3 Internet
access.
. Implemented two Nortel Contivity 4500 VPN gateways to provide
reliable and secure remote access from practically anywhere it the
world. This resulted in a net savings of over 50% on remote access
charges and greatly increased the satisfaction of our internal
customers.
. Led team that successfully deployed ATM over SONET that provided
redundant connectivity to both broadcast centers. Deployed, Cisco
6500's for two complete building build outs.
. Responsible for all business partners connectivity, which included;
several DS3 ATM circuits, multiple T1s, ISDN PRI's and Frame Relay
utilizing Checkpoints FW1 as gateway and Migrated of existing
business partners WAN links to VPN (where feasible).
. Provided 2nd and 3rd level network support including support of the
LAN/WAN and Engineering CBX OC-3 networks.
Whittier Police Dept., Whittier, CA
5/1992 - 1/1997
Information Systems Manager (11/1995 - 1/1997)
. Successfully designed, configured and implemented Frame Relay WAN
Network with PRI ISDN backup support access to California Department
of Justice.
. Successfully deployed 375, Motorola 9100-386 Mobile Digital
Computers, utilizing TCP/IP over an RF infrastructure, to support of
law enforcement in Whittier and the neighboring City of Santa Fe
Springs. As part of the above project, directed the rollout of a
cleaner IP addressing scheme, using DHCP throughout the enterprise.
All subnets were allocated /24 blocks from a /16 block.
Summarization was used back to the rest of City.
. Worked with Network Engineers from the FBI and DEA and successfully
configured, tested and installed an encrypted remote access NAS
which provided Whittier's narcotic officers secure access the State
Wide Integrated Narcotic Network (SINS).
. Implemented frame relay connections to Los Angeles County Sheriffs
Department and LA PD for intra agency collaboration in joint Auto
theft and Anti Gang task forces.
. Installed and configured routers, DSU/CSUs, Repeaters, Windows NT
Advanced server software, Pathworks Client Software and TCP/IP.
. Supervised the upgrade and installation of CAT5 cable plant, racks,
and patch panels, fractional T1 lines. Other duties included network
trouble shooting, capacity planning, system tuning and user
training.
. Installed, configured, and deployed Microsoft Exchange Server and
client software.
Programmer/Analyst (5/1992 - 10/1995)
. Responsible for providing 24-hour on call system management, and
user support for the Police Departments Local Area VAX Cluster,
which consisted of 3 DEC Alpha's and a Pathworks network.
. Other duties included, system security management, DCL programming,
system maintenance coordination and Network Software Support.
. Independently analyzed, evaluated and installed computer hardware
(Terminal Servers, Repeaters Hubs, Routers and Network Interface
Cards), software and networking components.
. Designed, developed and implemented software programs to support law
enforcement personnel. Planned the organization and efficient usage
of computing resources.
. Monitored daily systems activities and resolved problems.
. Prepared user documentation and provided user training as needed.
. Responsible for all administration and procurement actions
associated with the operation of these systems.
Boeing Corporation, Long Beach, CA 2/1987 - 3/1992
Sr. Engineer/Systems Manager
. Ensured that all computer systems, software and peripherals, were
classified, marked and handled in accordance with the Defense
Security Service (DSS) & Department of Defense (DoD) governing
regulations.
. Provided assistance to DSS & DSS Counterintelligence (CI) staff to
ensure that polices and implementing procedures related to other
areas of computer security including physical security
countermeasures, information security and industrial security were
being maintained.
. Served as the focal point of contact for all LAN & computer system
audits. Was awarded letter of commendation from DOD for assisting
with the security & remediation.
. Provided classified/unclassified VAX/VMS and PC computer support
which consisted of the following: Authorized user accounts,
installed, updated and upgraded the systems and their layered
products, assisted in feasibility studies of new hardware/software,
defined/configured new system components.
. Configured Decnet-VAX Ethernet local area networks, and Local Area
VAX Clusters, troubleshot hardware/software problems, wrote DCL
utility programs and interfaced with users, vendors and managers.
. Trained new users, safeguarded information assets from unauthorized
access, loss, or damage.
. Managed all aspects of information and equipment access on a 24-hour
on call basis.
. Worked multiple subcontractors to assure that avionic software being
developed and maintained on VAX/VMS systems complied with MIL-S-
52779A & DOD-STD-2167A. And if any problems were detected in
subcontractor processes/products these where promptly reported and
entered into software corrective actions.
. Security Clearance: Top SECRET
Aerojet Ordinance Co., Tustin, CA 6/1985 - 1/1987
Programmer/Analyst
. Advanced Systems Division
. Designed and maintained database programs utilizing DATATRIEVE and
ORACLE Forms 3.0 for program administration.
. Performed systems management on DEC VAX/VMS systems this included
authorizing user accounts, installing, updating and upgrading the
systems and their layered products.
. Provided programming, training and technical support to end users;
purchased installed, configured and maintained PC hardware/software,
network and peripheral equipment.
. Security Clearance: Secret
Contact this candidate