Sign in


York, PA, 17402
January 31, 2015

Contact this candidate



Networking and Security Engineer/Architect

*** ********* ****

York, PA 17402

Cell: 717-***-****



I am a highly-experienced professional engineer, with a strong sense of

responsibility and commitment to quality work. I have developed skills in

the areas of network architecture, implementation, and operations of data

and security systems in very large scale environments with recent focus on

very large data center environments. Self-motivated and adept at distilling

information, identifying requirements, spotting issues, and developing a

systematic approach to implementing practical and sound solutions. Possess

strong written and verbal communications skills. Adept at conveying

information and providing understanding to technical as well as non-

technical audiences, Demonstrated leadership in ability to lead or work

within groups, set expectations, and provide direction toward completion of

objectives, providing both management and hands-on contributions. Possess

CCIE-level routing, switching skills and broad range of security

technologies as well as skill in deployment of very large scale IP

implementations networks from Enterprise, Data Center and Service Provider



Network and Security Engineer Time Warner Cable 2006-Present

Working in the role of security and network engineering for this large,

national cable provider has enabled me to add in-depth security and load

balancing skills based on best practice perimeter and internal principles

in support of multi-tiered application, hundreds of IPSEC-based remote

vendor and partner VPN and DMZ access points. These datacenters serve

corporate functions spanning all TWC facilities and including thousands of

devices. This environment is comprised of high capacity Cisco and Juniper

core routers (spanning the US and utilizing OSPF, BGP and MPLS), as well as

Cisco Nexus switches. In addition Cisco ASA security devices are deployed

to serve remote client VPN. Cisco Nexus devices and Fabric Path

technologies In addition, I have installed and administered dozens of

Juniper Netscreen and SRX firewalls performing normal rule-based functions

as well as hundreds of site-to-site IPSEC VPNS. I have also performed

administration and build of scores of F5 Big IP Global and Local load

balancers and enterprise managers providing diverse services such as

redundant datacenter failover, internal and external DNS and SSL offloading

in addition to writing iRules to preform customized functionality. In

addition, I have built and administered F5 Firepass solutions for TWC

allowing secure, remote access via reverse proxy and two-factor

authentication. I have been responsible for planning connectivity and the

implementation of many applications and functions participating with

internal and external employees and customers.

2006 Lockheed Martin in Support of Social Security Administration.

Designed, developed, and deployed solutions to implement three-tier

applications into Social Security's application networking infrastructure.

These solutions were built largely around standardized Cisco 6500 and 7600

platforms in a multi-tiered web-hosting facility utilizing firewall (FWSM),

load-balancing (CSM), routing and switching functions(720 Supervisor

engines) Also, utilized inline NAM modules to permit traffic sniffing,

packet capture and anomaly detection. These devices were built to maintain

application security while enabling high-availability and performance

access to applications for multiple sets of users and developers in

production, test and QA environments. Worked with customers to define

requirements, developed and presented solutions including supporting

diagrams and theory of operations documentation to customer for buyoff

prior to performing testing and implementations. Performed test builds and

verified proof of concept for solutions prior to implementation.

2006 Consultant to TSA Pentagon City, VA

Sr. Infrastructure Subject Matter Expert

Working at the Transportation Security Agency (TSA) headquarters reviewing

network and infrastructure design and cost proposals for technical

feasibility, cost, and standards oversight for over 500 domestic airports.

In addition, was responsible for the development and implementation of

alternative connectivity solutions for areas which did not fit standard

horizontal cabling profiles to include wireless, DSL and other connectivity

methods. Evaluating VOIP requirements and solutions to include sizing and

implementing gateway and circuit solutions for PSTN and in-band based

calling as well as data circuit sizing based on user and device

requirements. Managed processes for a portion of airports under contract. I

chaired the ISEC group initiating field surveys, conducting technical

reviews, and reviewing cost proposals for building dozens of network


2004-2005 NETCO Gov. Services, Inc.

Architecture Group and Standards, Testing, and Quality Lead Engineer

I worded within architecture group to develop solutions to provide

functions for general network connectivity. In addition, built and directed

a group of engineers responsible for developing standards and defining an

audit process to ensure compliance with requirements for security,

infrastructure, and configurations for the Navy/Marine Corp Intranet (NMCI)

network for over 500 domestic sites. Met with clients, partners, and

internal engineering groups to review emerging requirements and planned

implementation of solutions. Reviewed designs and configurations initiated

actions to correct deficiencies. Wrote script code and developed methods

to automate device configuration delta information and design drawing

updates using tools like PERL and VISIO (VBA and database interaction).

Responsible for interfacing with many groups including Network Management

Systems (NMS) to help define effective ways to capture Cisco device

configurations and to capture changes for automated processing as well as

distributing periodic changes as required by evolving government and vendor

standards and recommendations..

2003-2004 Advanced Management Technologies Sr. Network Engineer/ Manager

Contract for FAA

Provided overall technical guidance, planning, and leadership to a group of

six individuals responsible for the Information Technology infrastructure

and security for a segment of the FAA. Planned, implemented and provided

web engineering and database administration support of a network web server

farm facility supporting a customized portals and multi-tiered applications

built with MS IIS, MS SQL, MS Active Server, and protected on a site and

user basis by Siteminder and a MS digital certificate service. Attended

meetings and planning sessions related to application and network

architecture in support of MS .NET development environment, Visual Studio

.NET and Active Server Scripting components where understanding these

components was essential to development and production efforts. Migrated

intranet applications from discrete platforms to redundant HP blade

servers, consolidating application and database functions, reducing space,

power, and cooling requirements. Designed and implemented a load-balanced,

fault-tolerant multi-site topology utilizing Cisco 11503 Content Switching

devices and APP DNS-based site failover functionality for both http and

https secure sockets functions. Designed and built a highly secure, multi-

tiered, fully-redundant DMZ infrastructure using Cisco PIX firewalls and

Cisco Intrusion Detection devices in support of Internet facing services.

Supported and expanded an infrastructure based on Windows 2000 and Active

Directory Services that featured a multiple domain scheme. Also supported

Cisco 5300 Access-router and channeled T1 with Citrix Metaframe. Developed

and configured site-to-site VPNS, connecting remote work areas and

terminating on firewalls in the FAA HQ facility.

2002-2003 Darwin Partners Engineering Consultant for the TSA, Unisys

Reston, VA

As a member of engineering design team, created network physical and

logical infrastructure designs utilizing Frame Relay, Gigabit and Fast

Ethernet media for several US airports, as well as detailed implementation,

security, and migration plans for Federal Aviation Authority (FAA) entities

folded under the Transportation Security Administration's integration into

the TSA network infrastructure. Interfaced with regional and site

management as well as TSA management to assess and define requirements and

to provide comprehensive integration solutions for individual facilities.

Wrote several design and project plan documents which were submitted

formally to TSA for approval of designs and plans. Planned and implemented

general network services on the Windows 2000 platform for such things as

DNS, DHCP, Directory Services, file and print services, mass-storage

solutions, Voice-Over-IP (VOIP), applications integration and Network

Intrusion Detection Systems (NIDS), general security to include Cisco Pix

firewalls in a secure, fault-tolerant manner etc. Designed, planned and

managed, migration of Novell-based network at FAA headquarters over to

Windows 2000, Active Directory based platform.


2001-2002 E-Street Networks, Inc

Independent Consultant/Engineer York, PA

Self employed. Was directed toward helping small and medium sized

businesses find and implement solutions related to Internet connectivity,

firewall security, intranet applications and e-mail. Planned and

implemented WAN routing and internal switching, security, and

infrastructure capacity planning. I worked on developing scripting and

automation skills for network management and network updating.

2000-2001 E-Street Networks

Sr. Network Engineering Consultant Lucent, Warren, NJ

Worked as a design and level-4 support contact for network functions

providing Lucent's worldwide corporate access to the Internet. This work

included design of multi-homed BGP peering functions over DS-3 connections

providing redundancy, load-sharing, and fail-over provisions for Internet

connectivity with multiple ISPs. Worked on multiple issues related to multi-

homing multiple ISP BGP peers and load sharing and failover issues. Worked

with internal OSPF network design and support personnel and configurations

in efforts to add stub areas in support of network expansion, and providing

coordination in developing load-shared, redundant Internet connections.

Designed, tested, and implemented Juniper-based solutions to be integrated

with existing Cisco components. This work included interoperation and

redistribution of internal OSPF and external ISP BGP peering connections,

as well as a new secure and redundant DMZ design for web-server

connectivity and secure connections to back-end database servers that were

scalable, redundant, and fault-tolerant. Mapped and documented many areas

of the corporate network infrastructure relative to Internet services and

provided detailed Visio representations of these networks. Participated in

planning meetings and provided technical input in decision processes.

Performed product and interoperability testing and evaluation for multiple

vendors network components for suitability of use in network. These

products included Extreme Networks, Cisco, Juniper, and Enterasys.

1999-2000 E-Street Networks Sr. Network Consultant AT&T

Solutions Middletown, NJ

TELECOMMUNICATIONS: Performed project-based work on development of product

offerings and customer requested testing of features for the ATT Solutions

group. This included work with SNA, BGP, OSPF, and EIGRP routing platforms

over a variety of Local Area and Wide Area mediums. This work was performed

primarily on a variety of Cisco hardware platforms. Planned, conducted, and

documented results for regression testing, as well as testing of new IOS

features in various Cisco routers and switches. Helped develop and document

canned BGP solutions for dual-homed offerings for clients to include IGP,

IBGP, and EBGP configurations.

1998-1999 E-Street Sr. Network Consultant, AT&T Worldnet, Lincroft,


TELECOMMUNICATIONS: Provided level-4 technical support to ATT Internet

services platforms. Designed, implemented, and maintained access and

security methods and components. Implemented and maintained firewall

services, access-list security and control, as well as IPSEC-based VPN

services to business partners over public Internet connections. Provided

managed component configuration for HP Openview network monitoring system.

Worked on a variety of developmental projects for production and test

environments as well as being responsible for tier 3 and 4 network support.

Redesigned and implemented layer-2 switching design for client access to a

portion of AT&T WorldNet services infrastructure providing fault-tolerance,

redundancy, and fail-over services. Provided layer 3 and layer 4 security

and access control methods to Internet-facing routers. Develop IP address

space plans as well as router and ACL optimization techniques to foster

efficiency. Developed security plans, adding and removing various network

segments and functions. Designed and improved layer-4 load balancing access

to UNIX and NT-based server functions for inbound client requests.

1996-1998 Corporate MIS Manager/ Sr. Analyst Sylvan Learning

Systems, Baltimore, MD

Directly reporting to the Vice President of MIS, I was responsible for the

planning, design, build, and maintenance of corporate data infrastructure

at five major sites and 15 international remote sites utilizing TCP/IP and

IPX transport protocols in a mixed NOS environment consisting of NetWare

4.11, 3.12, Windows NT 3.51, & 4.0 and Solaris. Designed and implemented

local and wide-area network topology utilizing Cisco routers (75XX, 25XX,

16XX series) connecting via frame relay, T1, fractal T1, and FNS circuits.

Designed and implemented a switched design and of bandwidth to desktops

utilizing Catalyst 5000 and 3000 series in a 100mbps FDDI up-link/backbone

environment. Performed troubleshooting and resolved wide-area connectivity

security, and routing issues. Planned and implemented universal private IP

addressing scheme for this multi-site, international firm making use of

DHCP, WINS, and DNS services utilizing Windows NT. Planned and implemented

redistribution of multiple routing protocols integrating EIGRP, and

retaining RIP and static routes where required. Design and implementation

of a multi-vendor e-mail system comprised primarily of GroupWise and Lotus

Notes and SMTP via gateways. Provided support for MHS and ccMail functions

including gateways and clients for interaction with external clients and

partners. Security planning and implementation: Implemented Cisco PIX

providing internet security and address translation allowing use of

internal private address space (RFC 1918) and port/protocol filtering.

Designed and implemented secure remote access via RAS and Citrix Winframe,

both asynchronously and via WAN. Areas under my direct management involved

the activities of 30 professional staff members and a range of consultants

whose responsibilities included Lotus Notes administration and development,

intranet application development in HTML and ActiveX. Managed technical

teams involved in the implementation of PeopleSoft Financials (Ver6) to

include Oracle DBAs, Solaris UNIX administration --- all back-end servers

and systems supporting corporate computing environment.

Additional work history has been removed for purposes of brevity and

relevance. While essential skills have been distilled and summarized in the

proceeding section, specific information can and will be in provided in

detail upon request.


Protocols Summary: Fabric Path, TRILL, IPv4, Ipv6, Network Address

Translation, RIP, OSPF, BGP, IGRP, EIGRP, Layer-three routing and

switching, Bridging, STUN, DLSw+, HSRP, VRRP, VLAN, VTP, SNMP, Spanning

Tree, ISL and 802.1Q trunks, HTTP, HTTPS, FTP, ATM edge-devices., ISDN BRI,

ISDN backup, channelized T-1 in support of dial, dial-on-demand routing,

layer-4-7 load balancing, remote access, RAS, thin clients, protocol

tunneling, Voice-Over-IP, Cisco based QOS and queuing technologies.

Media types: Frame-relay, T1, Fractional T1, T3, DS-3, 10/100 Ethernet,

10/100 and gigabit Ethernet, single and multimode fiber and termination,

ATM OC-3, DS-3, FDDI, Token-ring, 802.1b Wireless.

Security protocols and devices: X.509, IPSEC, HTTPS and Secure Sockets, SSL

VPN technology, Kerberos, Public Key Infrastructure and Digital

Certificates, Cisco PIX and ASA security products, Cisco Intrusion

Detection devices, Cisco VPN concentrators, Checkpoint Firewall One,

Netscreen firewalls, McAfee IPS devices, Cisco Secure and secure access

tokens, VPN and IPSEC technologies, Foundstone Network security scanning,

NETCAT, Trend Micro Golden Gate Network Antivirus admission and client

control devices.

Routing/Switching Hardware/ Platforms: Cisco serial terminal servers, 25XX

series routers, 1600, 1700 series remote-office routers, 26XX and 36XX

series modular routers, 4000/4500 series routers, 75XX series routers.

Catalyst 2900, 3550, 4000, 5000, 5500, 72XX, 65XX, 76XX series switches,

Local-director, Cisco Content Switch (CSS), Content Module (CSM), F5 Big IP

load-balancing products. LS1010 and LS100 ATM switches, Foundry Big Iron,

Net Iron, Fast Iron, Server Iron products. Juniper routers to include:

J2300, M10, M20, M40, and M160, as well as various models within the

Juniper SRX gateway platform.

Miscellaneous: Intel/Linux work stations, Sun, Intel/ WINNT, Intel/XP,

Intel/98, Intel/95. Red Hat Linux, Apache, Microsoft Internet Information

Server, shell scripting, Perl, Novell (multiple versions), Mail platform

architecture and interoperation: Lotus Notes, SMTP, Groupwise, MS Mail,

Exchange, Active Directory and Novell Directory Services, WINS, DNS,

Multiple CSU/DSU types, HP Openview, Cisco Works. Bind, QIP, Tivoli.

Programming and Development: Solid experience with PERL in a Linux and

MS/CYGWIN setting. Have sound grasp of MS development environment, HTTP and

HTTPS support and general support of multi-tiered, SQL-backed, web-based

development and Active Server scripting methods in Windows 2000 and 2003

settings. Good familiarity with MYSQL, PHP 5.0, and Apache development.


Brown College, Minneapolis, MN: Degree in Electronics Technology,

Cisco Certification (CCNP) CCIE candidate - Multiple classes and tests in

routing and switching track.

NetMasters - ECP1 and ECP2 - High-level preparation for the CCIE lab exam.

Juniper Routing Architecture - Routing Policy, troubleshooting, MPLS

configuration and operation.

Juniper JNCIA-FWV - Firewall and VPN

Juniper JNCIA-SSL - SSL-based VPN devices

Microsoft Certifications (MCPS) Windows 2000 and TCP/IP

Oracle/PeopleSoft Education

Intro to Oracle, Oracle DBA, People Tools 1, Data Management

Foundry Systems and Architecture

RS Means Cost Electrical/Mechanical estimating

Novell training and testing to include all courses required for Master CNE.

F5 Big IP Load Balancer training

McAfee IPS devices

Cisco Wireless LAN Fundamentals

Cisco Voice over IP

SANS Perimeter Security Training -Firewall Analyst

Juniper SRX Security Products Training

Juniper SRX Advanced Junos Security Training

Cisco ACS

Cisco Nexus Data Center

JUNOS Space - Administrative Training

Troubleshooting Cisco Nexus

Licenses, Certifications, Associations, and Security Information

. Cisco Certified Networking Professional (CCNP) (Routing and Switching)

. Cisco Certified Internetworking Expert (CCIE) written passed -

. GIAC (Global Information Assurance) - Certified Firewall Analyst

. Novell Master Certified Network Engineer

. Foundry Certified Network Engineer

. Windows NT Server, Windows NT workstation, TCP/IP Product Specialist.

. Granted interim clearances in many instances - for contracting work

. Member IEEE

Contact this candidate