Sign in

Engineer Security

Rancho Cucamonga, California, 91701, United States
May 24, 2010

Contact this candidate
Sponsored by:
Post Jobs to
Multiple Job Boards &
Get more Candidates
Try it Free!
Start your 30-day
Free Trial

Larry C. Cox


Phone: 951-***-****


California State Polytechnic University, Pomona, CA

Bachelor of Science, Computer Information Systems

Professional Certifications:

CCNA - Routing & Switching (Current)

CCNA - Security (Current)

Cisco Firewall Specialist Certification (Current)

CCSP - (Current)

CCNP - (Expired) Recertification in progress

Technical Skills

Cisco Router: 1700, 2500, 2800, 3600, 3800, 4500, 7206VXR,

7500 w/VIP2 & dual RSP

Cisco Switching: Catalyst 2900, 3560, 3700, 4500, 5000, 5500,


Cisco AVVID: CallManager 3.3, Unity 4.0, Cisco 7960 & 7905 IP

phones, 6608 T1 PRI MGCP gateway for Catalyst 6500

chassis, Cisco IOS MGCP gateways, FXO ground start


Switching: Cisco, Foundry, Force10 Networks, Extreme, Nortel

Firewalls: Cisco ASA, Cisco Pix, Juniper NetScreen, Checkpoint NG

Wireless Networks: Cisco Wireless, Cisco Access Points, Aruba


WAN connectivity: T1/T3, OC3, OC12,, MPLS, Frame-relay, ATM,


General Telecomm: ATM (VBR-nrt), ATM to Frame Relay

internetworking, IPSec, SSL, VPN, NAT, GRE, OSPF,


Operating Systems: Windows 98/2000/XP, Linux (RedHat and SuSE),

Solaris, AIX, HP-UX

Network Applications: Cisco ACS, Cisco MARS, Cisco ASA, PIX, Cisco

CSA 6.0, Checkpoint/Nokia FW1, IRONPORT, Bluecoat

Proxy, F5 Load Balancer, OPNET ACE, SHUNRA WAN

Simulator, HP LoadRunner, Raptor Firewall, Tripwire,

DHCP, DNS, RADIUS server, Active Directory, sendmail,

SpamAssassin, Apache, IIS, RADIUS, RightFAX, MySQL,

LDAP, Riverbed WAN Accelerators

Languages: Perl, C, JCL some TCL

Professional Summary

Team-oriented Senior Network & Security Engineer with over fifteen years

experience in providing network solutions for LAN's, WAN's, Wireless, VOIP

and Network Security. Expertise includes design; implementation and

support of internet networked switched and routed systems, with

specialization in network security solutions, application analysis and risk



ESPN, Los Angeles, CA

2/2009 - Present

Sr. Network Engineer

. A $34 billion multinational, multimedia sports entertainment


. Provided 24x7 on-call operational support for all aspects of ESPN's

On-Air broadcast network & security infrastructure which includes;

LAN/WAN/WLAN/VOIP/VPN/Network, firewalls, IPS and network security

infrastructure in a Linux, Windows and Unix environment.

. Responsible for implementation, configuration and supporting Cisco

6500 Switches and F5 Load balancers which support On-Air EPSN

SportsCenter and access to ESPN.Com high volume WEB sites.

. Responsible for support and troubleshooting ESPN's, mission critical

broadcast transmission operations 10Gbs WAN, which transports all

Video/audio signal feeds into the facility, in order for the editors

to capture highlights for SportsCenter show.

. Responsible for supporting ESPNS Multi-Protocol Label Switches

(MPLS) backbone network, which provides on-air connectivity. ESPNs

MPLS network spans four continents and consists of state-of-the-art

broadcast equipment.

. Responsible for supporting Multi Dual Cisco 6500 10gig switched

network infrastructure, with dual 10 Gb/s SONET WAN connections to

Bristol Connecticut.

. Responsible for installing, configuring and troubleshooting Cisco

ASA's site to site, IPSEC VPN tunnels, SSL clientless/ Anyconnect,

Tunnels between ASAs, Routers and end-user VPN client access.

. Mentored junior systems administrators and editors in quickly

troubleshooting and resolving technical on-air application

performance problems.

. Implemented 2 Cisco IronPort gateways for anti-spam & spam

mitigation. Also responsible for supporting IronPort PXE encryption

technology for secure encrypted email delivery, between ESPN and 3rd

party business partners.

. Responsible for supporting Cisco Security Agents CSA 6.0 (HIPS)

installed on DMZ servers supporting Responsible for continued

upgrades and troubleshooting all issues.

. Provided 2nd - 3rd level security incident investigation and liaison

to ESPN's and Disney's Incident Response Office.

. Responsible for monitoring and responding to MARS security

incidents alerts. Resolved, categorized MARS events and security

issues, ensuring that none of ESPN's broadcast infrastructure has

been compromised.

. Responsible for managing, maintenance and upgrades to ESPN's mission

critical perimeter web and email security infrastructure appliances:

Cisco ASA firewalls and Bluecoat Proxy systems.

PFF Bank and Trust, Rancho Cucamonga, CA 9/2007 - 2/2009

Sr. Network Engineer

. A $4.3 billion financial and banking services company.

. Provided 24x7 on-call operational support for all aspects of the

banks network infrastructure which included;

LAN/WAN/WLAN/VOIP/VPN/network security network.

. Successfully migrated 50 PFF bank branches from Frame Relay to

USbanks managed MPLS WAN network

. Responsible for installing, configuring and troubleshooting Cisco IP

Telephony/Cisco Unified Communications products including Cisco

Unified Call Manager Express, Cisco Voice Applications, Voice

Gateways (H323, SIP, and MGCP) and Cisco IP phones at 50 branches.

. Implemented 4 Cisco IronPort gateways for anti-spam & spam

mitigation and to meet federally mandated secure email compliance


. Successfully deployed Cisco Security Agents CSA 5.2 (HIPS) to 50

branch ATMs, 150 servers and 1,500 bank desktops. Responsible for

continued upgrades and troubleshooting all issues.

. Implemented IronPort PXE encryption technology for secure encrypted

email delivery and to meet federally mandated secure email

compliance requirements.

. Successfully implemented and deployed two F5 Loadbalancers/3-DNS

controllers, configured Wide-IPs and DNS to load-balance and monitor

real-time network conditions, for the banks mission critical online

banking portals, across two data centers infrastructure located in 2

distinct regional data centers.

. Headed the design, configuration and deployment of 2 Cisco CSS

11500 load balancers for customer content delivery and SSL

termination, which dramatically improved application, infrastructure

availability and uptime.

. Worked closely with the Banks Information Security & Operational

Risk Management teams to monitor & responded to MARS security

incidents alerts. Resolved, categorized MARS events and security

issues, ensuring that none of banks electronic infrastructure has

been compromised.

. Responsible for managing, maintenance and upgrade the Banks mission

critical perimeter web and email security infrastructure appliances:

IronPort and Bluecoat Proxy systems.

. Responsible for managing and maintenance of the Banks perimeter ASA

& PIX firewalls, Intrusion Prevention systems, IronPort gateways and

other critical network infrastructure.

. Assisted information security with the design, implementation and

management of an enterprise Intrusion Detection System.

Warner Bros. Entertainment, Inc., Burbank, CA 11/2002 - 9/2007

Sr. Network Security Engineer

. An $8 billion entertainment division of TIME WARNER INC.

. Environment: Windows, Unix.

. Supported Warner Bros WAN which consisted of 72 sites located

worldwide and connected via frame-relay and IPSEC VPN tunnels.

. Successfully upgraded 74 Warner Bros WAN routers from Cisco 2600s

routers to Cisco 2800. This project required coordinating down time

and interfacing with business divisions, management divisions and

technical divisions worldwide.

. Provided 3rd level international network technical support by

resolving technical user issues escalated from the Help Desk and

NOC. Also performed WAN maintenance, upgrades and repairs locally

and remotely.

. Administered Qualys vulnerability management solution for threat

analysis and prevention across enterprise network systems.

. Implemented and monitored Network Access Control solution (NAC) and

administered NAC policies in support of corporate security policy

and standards.

. Implemented and managed Tripwire to help monitor perimeter network

configuration changes and validated network configurations to

minimize security risk and maintain SOX & WB security compliance.

. Interfaced with business units for all 3rd party (B2B, B2C) LAN-to-

LAN IPSEC, SSL VPN connection requests. Responsible for

documentation, configuration, testing/troubleshooting and deployment

of all 3rd party connectivity supporting WB global enterprise.

. Participated in a 24x7 "on call" rotation schedule for security

related enterprise incidents and all aspects of the WB network

infrastructure which included; cabling-racking


. Successfully implemented Cisco CSS11506 load balancers for content

delivery which dramatically improved application and infrastructure

availability and uptime.

. Responsible for day-to-day management, configuration and

troubleshooting of WB domestic Cisco 3030 IPSEC, VPN Concentrators

with secure network authenticating to RSA tokens supporting 4,000-

users worldwide.

. Lead high-visibility migration of ~60 mission critical DMZ servers

from Checkpoint/Nokia FW1 to Cisco PIX 535's infrastructure; working

closely with site IT leadership to plan and efficiently resolve all

network, connectivity and security issues, ensuring smooth cut-over

with zero downtime. (Received People's Choice Award for these


. Responsible for managing and maintenance of WBEI perimeter firewalls

and other mission critical network infrastructure.

. Assisted Information Security, with the design, implementation and

management of an enterprise Intrusion Detection and Prevention


. Served as a subject matter expert of network design team and in

collaboration with Information Security, network vendors and

architecture group, developed strategic plans for secure network


. Participated in development of information security baselines for

network devices including firewalls, routers, switches,

concentrators, etc.

. Responsible for WAN application performance management and

application Capacity Planning utilizing OPNET IT Guru, OPNET ACE to

analyze, diagnose and resolve business-critical application

performance issues in real-time for faster throughput and higher

network uptime.

. Successfully installed and configured Cisco 6509's including

firewall & VPN modules to support Warner Bros. worldwide rollout of

SAP EBP/R3/BW. (Received People's Choice Award for these efforts).

. Utilized OPNET IT Guru, OPNET ACE application Capacity Planning to

ensure superior and more efficient bandwidth utilization for support

of global WAN locations.

DirecTV, El Segundo, CA 1/1997 - 11/2002

Network Engineer

. An $8 billion entertainment division.

. Provided network services and support for 1,500+ VPN users worldwide

and Implement authentication mechanisms using Tacacs, Radius and RSA

Secure Tokens.

. Lead multiple security engineering projects such as Firewall

migrations (Checkpoint NG Clusters, Cisco PIX, and Symantec Raptor),

. Provided WAN support and troubleshooting to backhaul local

television channels signals to two Broadcast Centers via frame-

relay. This required Carrier/Telco coordination, circuit ordering,

circuit tracking and troubleshooting.

. Successfully upgraded DirecTV's Internet access from a single Raptor

Firewall and T1 access to Cisco Pix firewalls and DS3 Internet


. Implemented two Nortel Contivity 4500 VPN gateways to provide

reliable and secure remote access from practically anywhere it the

world. This resulted in a net savings of over 50% on remote access

charges and greatly increased the satisfaction of our internal


. Led team that successfully deployed ATM over SONET that provided

redundant connectivity to both broadcast centers. Deployed, Cisco

6500's for two complete building build outs.

. Responsible for all business partners connectivity, which included;

several DS3 ATM circuits, multiple T1s, ISDN PRI's and Frame Relay

utilizing Checkpoints FW1 as gateway and Migrated of existing

business partners WAN links to VPN (where feasible).

. Provided 2nd and 3rd level network support including support of the

LAN/WAN and Engineering CBX OC-3 networks.

Whittier Police Dept., Whittier, CA

5/1992 - 1/1997

Information Systems Manager (11/1995 - 1/1997)

. Successfully designed, configured and implemented Frame Relay WAN

Network with PRI ISDN backup support access to California Department

of Justice.

. Successfully deployed 375, Motorola 9100-386 Mobile Digital

Computers, utilizing TCP/IP over an RF infrastructure, to support of

law enforcement in Whittier and the neighboring City of Santa Fe

Springs. As part of the above project, directed the rollout of a

cleaner IP addressing scheme, using DHCP throughout the enterprise.

All subnets were allocated /24 blocks from a /16 block.

Summarization was used back to the rest of City.

. Worked with Network Engineers from the FBI and DEA and successfully

configured, tested and installed an encrypted remote access NAS

which provided Whittier's narcotic officers secure access the State

Wide Integrated Narcotic Network (SINS).

. Implemented frame relay connections to Los Angeles County Sheriffs

Department and LA PD for intra agency collaboration in joint Auto

theft and Anti Gang task forces.

. Installed and configured routers, DSU/CSUs, Repeaters, Windows NT

Advanced server software, Pathworks Client Software and TCP/IP.

. Supervised the upgrade and installation of CAT5 cable plant, racks,

and patch panels, fractional T1 lines. Other duties included network

trouble shooting, capacity planning, system tuning and user


. Installed, configured, and deployed Microsoft Exchange Server and

client software.

Programmer/Analyst (5/1992 - 10/1995)

. Responsible for providing 24-hour on call system management, and

user support for the Police Departments Local Area VAX Cluster,

which consisted of 3 DEC Alpha's and a Pathworks network.

. Other duties included, system security management, DCL programming,

system maintenance coordination and Network Software Support.

. Independently analyzed, evaluated and installed computer hardware

(Terminal Servers, Repeaters Hubs, Routers and Network Interface

Cards), software and networking components.

. Designed, developed and implemented software programs to support law

enforcement personnel. Planned the organization and efficient usage

of computing resources.

. Monitored daily systems activities and resolved problems.

. Prepared user documentation and provided user training as needed.

. Responsible for all administration and procurement actions

associated with the operation of these systems.

Boeing Corporation, Long Beach, CA 2/1987 - 3/1992

Sr. Engineer/Systems Manager

. Ensured that all computer systems, software and peripherals, were

classified, marked and handled in accordance with the Defense

Security Service (DSS) & Department of Defense (DoD) governing


. Provided assistance to DSS & DSS Counterintelligence (CI) staff to

ensure that polices and implementing procedures related to other

areas of computer security including physical security

countermeasures, information security and industrial security were

being maintained.

. Served as the focal point of contact for all LAN & computer system

audits. Was awarded letter of commendation from DOD for assisting

with the security & remediation.

. Provided classified/unclassified VAX/VMS and PC computer support

which consisted of the following: Authorized user accounts,

installed, updated and upgraded the systems and their layered

products, assisted in feasibility studies of new hardware/software,

defined/configured new system components.

. Configured Decnet-VAX Ethernet local area networks, and Local Area

VAX Clusters, troubleshot hardware/software problems, wrote DCL

utility programs and interfaced with users, vendors and managers.

. Trained new users, safeguarded information assets from unauthorized

access, loss, or damage.

. Managed all aspects of information and equipment access on a 24-hour

on call basis.

. Worked multiple subcontractors to assure that avionic software being

developed and maintained on VAX/VMS systems complied with MIL-S-

52779A & DOD-STD-2167A. And if any problems were detected in

subcontractor processes/products these where promptly reported and

entered into software corrective actions.

. Security Clearance: Top SECRET

Aerojet Ordinance Co., Tustin, CA 6/1985 - 1/1987


. Advanced Systems Division

. Designed and maintained database programs utilizing DATATRIEVE and

ORACLE Forms 3.0 for program administration.

. Performed systems management on DEC VAX/VMS systems this included

authorizing user accounts, installing, updating and upgrading the

systems and their layered products.

. Provided programming, training and technical support to end users;

purchased installed, configured and maintained PC hardware/software,

network and peripheral equipment.

. Security Clearance: Secret

Contact this candidate