CURTIS L. PHILLIPS
Networking and Security Engineer/Architect
York, PA 17402
Cell: 717-***-****
Email: acn32v@r.postjobfree.com
SUMMARY OF QUALIFICATIONS
I am a highly-experienced professional engineer, with a strong sense of
responsibility and commitment to quality work. I have developed skills in
the areas of network architecture, implementation, and operations of data
and security systems in very large scale environments with recent focus on
very large data center environments. Self-motivated and adept at distilling
information, identifying requirements, spotting issues, and developing a
systematic approach to implementing practical and sound solutions. Possess
strong written and verbal communications skills. Adept at conveying
information and providing understanding to technical as well as non-
technical audiences, Demonstrated leadership in ability to lead or work
within groups, set expectations, and provide direction toward completion of
objectives, providing both management and hands-on contributions. Possess
CCIE-level routing, switching skills and broad range of security
technologies as well as skill in deployment of very large scale IP
implementations networks from Enterprise, Data Center and Service Provider
perspectives.
WORK EXPERIENCE
Network and Security Engineer Time Warner Cable 2006-Present
Working in the role of security and network engineering for this large,
national cable provider has enabled me to add in-depth security and load
balancing skills based on best practice perimeter and internal principles
in support of multi-tiered application, hundreds of IPSEC-based remote
vendor and partner VPN and DMZ access points. These datacenters serve
corporate functions spanning all TWC facilities and including thousands of
devices. This environment is comprised of high capacity Cisco and Juniper
core routers (spanning the US and utilizing OSPF, BGP and MPLS), as well as
Cisco Nexus switches. In addition Cisco ASA security devices are deployed
to serve remote client VPN. Cisco Nexus devices and Fabric Path
technologies In addition, I have installed and administered dozens of
Juniper Netscreen and SRX firewalls performing normal rule-based functions
as well as hundreds of site-to-site IPSEC VPNS. I have also performed
administration and build of scores of F5 Big IP Global and Local load
balancers and enterprise managers providing diverse services such as
redundant datacenter failover, internal and external DNS and SSL offloading
in addition to writing iRules to preform customized functionality. In
addition, I have built and administered F5 Firepass solutions for TWC
allowing secure, remote access via reverse proxy and two-factor
authentication. I have been responsible for planning connectivity and the
implementation of many applications and functions participating with
internal and external employees and customers.
2006 Lockheed Martin in Support of Social Security Administration.
Designed, developed, and deployed solutions to implement three-tier
applications into Social Security's application networking infrastructure.
These solutions were built largely around standardized Cisco 6500 and 7600
platforms in a multi-tiered web-hosting facility utilizing firewall (FWSM),
load-balancing (CSM), routing and switching functions(720 Supervisor
engines) Also, utilized inline NAM modules to permit traffic sniffing,
packet capture and anomaly detection. These devices were built to maintain
application security while enabling high-availability and performance
access to applications for multiple sets of users and developers in
production, test and QA environments. Worked with customers to define
requirements, developed and presented solutions including supporting
diagrams and theory of operations documentation to customer for buyoff
prior to performing testing and implementations. Performed test builds and
verified proof of concept for solutions prior to implementation.
2006 Consultant to TSA Pentagon City, VA
Sr. Infrastructure Subject Matter Expert
Working at the Transportation Security Agency (TSA) headquarters reviewing
network and infrastructure design and cost proposals for technical
feasibility, cost, and standards oversight for over 500 domestic airports.
In addition, was responsible for the development and implementation of
alternative connectivity solutions for areas which did not fit standard
horizontal cabling profiles to include wireless, DSL and other connectivity
methods. Evaluating VOIP requirements and solutions to include sizing and
implementing gateway and circuit solutions for PSTN and in-band based
calling as well as data circuit sizing based on user and device
requirements. Managed processes for a portion of airports under contract. I
chaired the ISEC group initiating field surveys, conducting technical
reviews, and reviewing cost proposals for building dozens of network
infrastructures.
2004-2005 NETCO Gov. Services, Inc.
Architecture Group and Standards, Testing, and Quality Lead Engineer
I worded within architecture group to develop solutions to provide
functions for general network connectivity. In addition, built and directed
a group of engineers responsible for developing standards and defining an
audit process to ensure compliance with requirements for security,
infrastructure, and configurations for the Navy/Marine Corp Intranet (NMCI)
network for over 500 domestic sites. Met with clients, partners, and
internal engineering groups to review emerging requirements and planned
implementation of solutions. Reviewed designs and configurations initiated
actions to correct deficiencies. Wrote script code and developed methods
to automate device configuration delta information and design drawing
updates using tools like PERL and VISIO (VBA and database interaction).
Responsible for interfacing with many groups including Network Management
Systems (NMS) to help define effective ways to capture Cisco device
configurations and to capture changes for automated processing as well as
distributing periodic changes as required by evolving government and vendor
standards and recommendations..
2003-2004 Advanced Management Technologies Sr. Network Engineer/ Manager
Contract for FAA
Provided overall technical guidance, planning, and leadership to a group of
six individuals responsible for the Information Technology infrastructure
and security for a segment of the FAA. Planned, implemented and provided
web engineering and database administration support of a network web server
farm facility supporting a customized portals and multi-tiered applications
built with MS IIS, MS SQL, MS Active Server, and protected on a site and
user basis by Siteminder and a MS digital certificate service. Attended
meetings and planning sessions related to application and network
architecture in support of MS .NET development environment, Visual Studio
.NET and Active Server Scripting components where understanding these
components was essential to development and production efforts. Migrated
intranet applications from discrete platforms to redundant HP blade
servers, consolidating application and database functions, reducing space,
power, and cooling requirements. Designed and implemented a load-balanced,
fault-tolerant multi-site topology utilizing Cisco 11503 Content Switching
devices and APP DNS-based site failover functionality for both http and
https secure sockets functions. Designed and built a highly secure, multi-
tiered, fully-redundant DMZ infrastructure using Cisco PIX firewalls and
Cisco Intrusion Detection devices in support of Internet facing services.
Supported and expanded an infrastructure based on Windows 2000 and Active
Directory Services that featured a multiple domain scheme. Also supported
Cisco 5300 Access-router and channeled T1 with Citrix Metaframe. Developed
and configured site-to-site VPNS, connecting remote work areas and
terminating on firewalls in the FAA HQ facility.
2002-2003 Darwin Partners Engineering Consultant for the TSA, Unisys
Reston, VA
As a member of engineering design team, created network physical and
logical infrastructure designs utilizing Frame Relay, Gigabit and Fast
Ethernet media for several US airports, as well as detailed implementation,
security, and migration plans for Federal Aviation Authority (FAA) entities
folded under the Transportation Security Administration's integration into
the TSA network infrastructure. Interfaced with regional and site
management as well as TSA management to assess and define requirements and
to provide comprehensive integration solutions for individual facilities.
Wrote several design and project plan documents which were submitted
formally to TSA for approval of designs and plans. Planned and implemented
general network services on the Windows 2000 platform for such things as
DNS, DHCP, Directory Services, file and print services, mass-storage
solutions, Voice-Over-IP (VOIP), applications integration and Network
Intrusion Detection Systems (NIDS), general security to include Cisco Pix
firewalls in a secure, fault-tolerant manner etc. Designed, planned and
managed, migration of Novell-based network at FAA headquarters over to
Windows 2000, Active Directory based platform.
.
2001-2002 E-Street Networks, Inc
Independent Consultant/Engineer York, PA
Self employed. Was directed toward helping small and medium sized
businesses find and implement solutions related to Internet connectivity,
firewall security, intranet applications and e-mail. Planned and
implemented WAN routing and internal switching, security, and
infrastructure capacity planning. I worked on developing scripting and
automation skills for network management and network updating.
2000-2001 E-Street Networks
Sr. Network Engineering Consultant Lucent, Warren, NJ
Worked as a design and level-4 support contact for network functions
providing Lucent's worldwide corporate access to the Internet. This work
included design of multi-homed BGP peering functions over DS-3 connections
providing redundancy, load-sharing, and fail-over provisions for Internet
connectivity with multiple ISPs. Worked on multiple issues related to multi-
homing multiple ISP BGP peers and load sharing and failover issues. Worked
with internal OSPF network design and support personnel and configurations
in efforts to add stub areas in support of network expansion, and providing
coordination in developing load-shared, redundant Internet connections.
Designed, tested, and implemented Juniper-based solutions to be integrated
with existing Cisco components. This work included interoperation and
redistribution of internal OSPF and external ISP BGP peering connections,
as well as a new secure and redundant DMZ design for web-server
connectivity and secure connections to back-end database servers that were
scalable, redundant, and fault-tolerant. Mapped and documented many areas
of the corporate network infrastructure relative to Internet services and
provided detailed Visio representations of these networks. Participated in
planning meetings and provided technical input in decision processes.
Performed product and interoperability testing and evaluation for multiple
vendors network components for suitability of use in network. These
products included Extreme Networks, Cisco, Juniper, and Enterasys.
1999-2000 E-Street Networks Sr. Network Consultant AT&T
Solutions Middletown, NJ
TELECOMMUNICATIONS: Performed project-based work on development of product
offerings and customer requested testing of features for the ATT Solutions
group. This included work with SNA, BGP, OSPF, and EIGRP routing platforms
over a variety of Local Area and Wide Area mediums. This work was performed
primarily on a variety of Cisco hardware platforms. Planned, conducted, and
documented results for regression testing, as well as testing of new IOS
features in various Cisco routers and switches. Helped develop and document
canned BGP solutions for dual-homed offerings for clients to include IGP,
IBGP, and EBGP configurations.
1998-1999 E-Street Sr. Network Consultant, AT&T Worldnet, Lincroft,
NJ
TELECOMMUNICATIONS: Provided level-4 technical support to ATT Internet
services platforms. Designed, implemented, and maintained access and
security methods and components. Implemented and maintained firewall
services, access-list security and control, as well as IPSEC-based VPN
services to business partners over public Internet connections. Provided
managed component configuration for HP Openview network monitoring system.
Worked on a variety of developmental projects for production and test
environments as well as being responsible for tier 3 and 4 network support.
Redesigned and implemented layer-2 switching design for client access to a
portion of AT&T WorldNet services infrastructure providing fault-tolerance,
redundancy, and fail-over services. Provided layer 3 and layer 4 security
and access control methods to Internet-facing routers. Develop IP address
space plans as well as router and ACL optimization techniques to foster
efficiency. Developed security plans, adding and removing various network
segments and functions. Designed and improved layer-4 load balancing access
to UNIX and NT-based server functions for inbound client requests.
1996-1998 Corporate MIS Manager/ Sr. Analyst Sylvan Learning
Systems, Baltimore, MD
Directly reporting to the Vice President of MIS, I was responsible for the
planning, design, build, and maintenance of corporate data infrastructure
at five major sites and 15 international remote sites utilizing TCP/IP and
IPX transport protocols in a mixed NOS environment consisting of NetWare
4.11, 3.12, Windows NT 3.51, & 4.0 and Solaris. Designed and implemented
local and wide-area network topology utilizing Cisco routers (75XX, 25XX,
16XX series) connecting via frame relay, T1, fractal T1, and FNS circuits.
Designed and implemented a switched design and of bandwidth to desktops
utilizing Catalyst 5000 and 3000 series in a 100mbps FDDI up-link/backbone
environment. Performed troubleshooting and resolved wide-area connectivity
security, and routing issues. Planned and implemented universal private IP
addressing scheme for this multi-site, international firm making use of
DHCP, WINS, and DNS services utilizing Windows NT. Planned and implemented
redistribution of multiple routing protocols integrating EIGRP, and
retaining RIP and static routes where required. Design and implementation
of a multi-vendor e-mail system comprised primarily of GroupWise and Lotus
Notes and SMTP via gateways. Provided support for MHS and ccMail functions
including gateways and clients for interaction with external clients and
partners. Security planning and implementation: Implemented Cisco PIX
providing internet security and address translation allowing use of
internal private address space (RFC 1918) and port/protocol filtering.
Designed and implemented secure remote access via RAS and Citrix Winframe,
both asynchronously and via WAN. Areas under my direct management involved
the activities of 30 professional staff members and a range of consultants
whose responsibilities included Lotus Notes administration and development,
intranet application development in HTML and ActiveX. Managed technical
teams involved in the implementation of PeopleSoft Financials (Ver6) to
include Oracle DBAs, Solaris UNIX administration --- all back-end servers
and systems supporting corporate computing environment.
Additional work history has been removed for purposes of brevity and
relevance. While essential skills have been distilled and summarized in the
proceeding section, specific information can and will be in provided in
detail upon request.
TOPICAL BREAKOUT OF SKILLS, KNOWLEDGE, AND EXPERIENCE
Protocols Summary: Fabric Path, TRILL, IPv4, Ipv6, Network Address
Translation, RIP, OSPF, BGP, IGRP, EIGRP, Layer-three routing and
switching, Bridging, STUN, DLSw+, HSRP, VRRP, VLAN, VTP, SNMP, Spanning
Tree, ISL and 802.1Q trunks, HTTP, HTTPS, FTP, ATM edge-devices., ISDN BRI,
ISDN backup, channelized T-1 in support of dial, dial-on-demand routing,
layer-4-7 load balancing, remote access, RAS, thin clients, protocol
tunneling, Voice-Over-IP, Cisco based QOS and queuing technologies.
Media types: Frame-relay, T1, Fractional T1, T3, DS-3, 10/100 Ethernet,
10/100 and gigabit Ethernet, single and multimode fiber and termination,
ATM OC-3, DS-3, FDDI, Token-ring, 802.1b Wireless.
Security protocols and devices: X.509, IPSEC, HTTPS and Secure Sockets, SSL
VPN technology, Kerberos, Public Key Infrastructure and Digital
Certificates, Cisco PIX and ASA security products, Cisco Intrusion
Detection devices, Cisco VPN concentrators, Checkpoint Firewall One,
Netscreen firewalls, McAfee IPS devices, Cisco Secure and secure access
tokens, VPN and IPSEC technologies, Foundstone Network security scanning,
NETCAT, Trend Micro Golden Gate Network Antivirus admission and client
control devices.
Routing/Switching Hardware/ Platforms: Cisco serial terminal servers, 25XX
series routers, 1600, 1700 series remote-office routers, 26XX and 36XX
series modular routers, 4000/4500 series routers, 75XX series routers.
Catalyst 2900, 3550, 4000, 5000, 5500, 72XX, 65XX, 76XX series switches,
Local-director, Cisco Content Switch (CSS), Content Module (CSM), F5 Big IP
load-balancing products. LS1010 and LS100 ATM switches, Foundry Big Iron,
Net Iron, Fast Iron, Server Iron products. Juniper routers to include:
J2300, M10, M20, M40, and M160, as well as various models within the
Juniper SRX gateway platform.
Miscellaneous: Intel/Linux work stations, Sun, Intel/ WINNT, Intel/XP,
Intel/98, Intel/95. Red Hat Linux, Apache, Microsoft Internet Information
Server, shell scripting, Perl, Novell (multiple versions), Mail platform
architecture and interoperation: Lotus Notes, SMTP, Groupwise, MS Mail,
Exchange, Active Directory and Novell Directory Services, WINS, DNS,
Multiple CSU/DSU types, HP Openview, Cisco Works. Bind, QIP, Tivoli.
Programming and Development: Solid experience with PERL in a Linux and
MS/CYGWIN setting. Have sound grasp of MS development environment, HTTP and
HTTPS support and general support of multi-tiered, SQL-backed, web-based
development and Active Server scripting methods in Windows 2000 and 2003
settings. Good familiarity with MYSQL, PHP 5.0, and Apache development.
EDUCATION AND TRAINING
Brown College, Minneapolis, MN: Degree in Electronics Technology,
Cisco Certification (CCNP) CCIE candidate - Multiple classes and tests in
routing and switching track.
NetMasters - ECP1 and ECP2 - High-level preparation for the CCIE lab exam.
Juniper Routing Architecture - Routing Policy, troubleshooting, MPLS
configuration and operation.
Juniper JNCIA-FWV - Firewall and VPN
Juniper JNCIA-SSL - SSL-based VPN devices
Microsoft Certifications (MCPS) Windows 2000 and TCP/IP
Oracle/PeopleSoft Education
Intro to Oracle, Oracle DBA, People Tools 1, Data Management
Foundry Systems and Architecture
RS Means Cost Electrical/Mechanical estimating
Novell training and testing to include all courses required for Master CNE.
F5 Big IP Load Balancer training
McAfee IPS devices
Cisco Wireless LAN Fundamentals
Cisco Voice over IP
SANS Perimeter Security Training -Firewall Analyst
Juniper SRX Security Products Training
Juniper SRX Advanced Junos Security Training
Cisco ACS
Cisco Nexus Data Center
JUNOS Space - Administrative Training
Troubleshooting Cisco Nexus
Licenses, Certifications, Associations, and Security Information
. Cisco Certified Networking Professional (CCNP) (Routing and Switching)
. Cisco Certified Internetworking Expert (CCIE) written passed -
. GIAC (Global Information Assurance) - Certified Firewall Analyst
. Novell Master Certified Network Engineer
. Foundry Certified Network Engineer
. Windows NT Server, Windows NT workstation, TCP/IP Product Specialist.
. Granted interim clearances in many instances - for contracting work
. Member IEEE