Sr. Principle Network Engineer

**** ******** **** 703-***-**** (C)

Willamsburg OH 45176 513-***-**** (W)

*****.*****@*****.***

WOR K E X PE R I EN C E

September 2008 – Present: CACI Inc., Chantilly VA Sr. Principal Engineer. Current responsibilities include, but not limited to, all aspects of planning, design, deployment, maintenance, monitoring, automation, standardization, and trouble shooting of the transient network, data centers, and branch offices. Additional activities include the production of an alternative solution for connectivity to the transient network using Cisco DMVPN migrated from MPLS. Results included long overdue redundancy as well as a ten times increase in available bandwidth. Financial savings include an annual reoccurring budget reduction estimated at 12 million USD. Completed the planning, designing and implementation of two ground-up datacenters while providing transitional networks reducing down-time for system and service transition. Built automation for monitoring, alerting, and logging using custom scripting reducing the time to resolution, and providing a look-ahead capability. Developed a versioning system to be used with network configuration management and change control providing consistency and accountably for network operations. Built an automation standardizations platform to provide uniformity to operation configuration as well as set the standards for these configurations by providing the templates for implementation. Recommend, deployed, maintain network taps to replace span ports used by security. Built NTP stratum 2 servers to provide precise timing throughout the network. Assist with most Unix and Linux system deployments company wide. Participate in network engineer mentoring helping to provide a secure environment to allow network engineers to grow and learn. June 2007 - September 2008: Npulse Network Systems LLC, Crozet VA. Principal Engineer. Responsible for all aspects of engineering, including hardware design, software design, research and development, quality assurance, product creation, maintenance, customer support, professional services, and internal infrastructure. Focused is on high speed computing in relation to networking, included high speed disk capture, high speed packet capture and analysis. Design, built, and delivered three product lines supported on a custom operating system of my design. Product lines included deep packet inspection, network flow statistic sensors and collectors, and network recording with playback. All products have a min requirement of zero packet loss at the line rate. Rates range form multi gigabit Ethernet, to ten (10G) gigabit all with multiple interfaces September 2006 - June 2007: August Schell, Rockville Maryland. Sr. Network and Security Engineer. Chartered to provide kernel level performance tuning in support of the U.S. Department of Defense PKI/PKE infrastructure. Redefinition of role led to providing the DOD with a global load balancing designed around the existing PKI/PKE infrastructure. In accordance with the Senate oversight mandated process, provided the DOD with the design, testing and documentation allowing the project to be certified for implementation. Certification included working directly with DISA and JITIC personnel. Deliverable was deployed and is currently the system and architecture used site wide for all authorization and authentication in the DOD.

December 2004 - May 2006: Endace USA, Reston Virginia. Network Security Engineer. Responsible for the design and implementation of related security platforms for high speed networking needs, ranging from Gig copper up to and including OC-192. Duties include hardware specification, operating system configuration, tuning, testing, and contribution to the backend software development. Designed and build systems that are capable of capturing OC- 768 network data without filtering and without packet loss while writing data to disk. Deliverables have so far included seven variations on two hardware platforms, capturing the full spectrum of customers needs. Responsibilities included researching upcoming technology, testing and reporting for potential use. Integrating customer feedback to provide a future feature set for these products. Additional responsibilities included researching the latest kernel capabilities of CPU by manufacturer to evaluate branch prediction accuracy, translation look-aside buffer efficiency, virtual and shared memory efficiency, SMP affinity, spin/sleep locks, NUMA vs. UMA, and overall cache efficiency to determine the best system configuration by CPU architecture. The final product was the award winning Ninjabox.

Christopher L. Scutt

May 2004 – December 2004: Navisite Inc., Vienna Virginia. Sr. Network Security Engineer. Responsible for all aspects of Navisite’s security and process automation, including redesign, integration, implementation, and maintenance. Responsible for producing the Navisite IDS product from sensors to the monitoring infrastructure. This tool provided a standardized configuration of firewalls, minimizing the overall time spent troubleshooting problems while increasing the overall security posture. Designed and implemented an automated firewall configuration program that reduced customer deployment times from 45 minutes to 10 minutes. Reconfigured and upgraded all firewalls to provide centralized, detailed reporting of traffic and anomalies. Reconfigured customer networks to provide RFC compliance at the IP level, eliminating malformed packets from ingressing and egressing the network. Designed and implemented a centralized method of managing both customer and corporate firewalls, reducing management time required while providing complete accountability audit trail. April 2002 – May 2004: America Online, Reston, Virginia. Network Security Engineer. Handled all aspects of AOL production security for Time Warner, Netscape, RoadRunner, and CompuServe, including design, implementation, maintenance, automation, and support. Set up the entire security offering for AOL’s managed customer business unit, including levels of service, SLA, information on portals, and best practices. Provided oversight, review, documentation, and implementation of security features for AOL’s managed hosting department and its customers, as well as DDOS tracking mitigation for all production assets. Presented research, evaluation, design, documentation, and testing of new security products, including vendor and custom-design products. Instructed engineers regarding design and implementation of network security, including VPN configurations, firewall policy design, routing, IDS configuration, HA design, and VIP configuration. Built automated tools to aid management and maintenance of the AOL production security infrastructure. Researched, designed, implemented, and helped with API coding of an IDS system that greatly overcomes many known industry limitations, making real-time IDS monitoring and alarms possible in AOL backbone network locations. Managed and maintained more than 3,000 ACL’d interfaces throughout the AOL backbone across multiple vendors. Solely responsible for the automated monitoring of VPN devices and firewalls, allowing AOL to track usage, trend requirements, attacks, and maintenance requirements. Designed, implemented, and deployed the Visa-certified network that provides electronic banking for AOL members. February 2001 – April 2002: Conxion Corp., Herndon, Virginia. Sr. Network Security Project Lead. Responsible for all aspects of customer and corporate network security including design, implementation, maintenance, and support in a fully redundant, global (Santa Clara, Chicago, Herndon, London, Hong Kong) environment. Performed scheduled and unscheduled security audits on customer and corporate networks/systems. Used IDS (GNU and commercial) as an early warning system for network reconnaissance. Implemented IDS with database integration for long-term tracking of stealth and paranoid network attack/reconnaissance. Provided secure remote access and authentication for server management. Guided network engineers in designing secure, flexible, and optimized fully redundant backbone and customer networks. Implemented complex meshed VPNs, allowing seamless global integration of content and services for corporate and customer networks. Reviewed, tested, documented, implemented, and supported new technologies in networking, security, and operating systems. Developed and implemented a secure, fully redundant solution for remote server management for the corporate infrastructure. Guided internal departments in secure network integration. Performed forensic investigations for both customer and corporate servers. Provided guidance and direction to network engineers regarding corporate implementation of VoIP. Implemented security changes to UNIX/Linux OS baselines. Provided a means of 24x7 monitoring of all VPNs in the global network environment. September 2000 – February 2001: BlueStorm Inc., Mclean, Virginia. Sr. Network Security Engineer. Performed penetration testing for clients using conventional (ISS) and non-conventional (GNU/GPL) tools, including tradecraft, social engineering, and war dialing. Performed physical security analysis through dumpster diving, social engineering, gaining access to unauthorized spaces, and collecting data from these spaces. Generated detailed client reports detailing mail, web, file server, firewall, router, logging, clear text remote control, and network design security exposures. Implemented, automated, and helped support IDS systems such as SNORT providing clients with near real-time malicious activity information and detailed logging. Tailored IDS systems to client networks to provide the highest level of detection with the least amount of false positives. Reviewed, recommended, and helped implement corporate security policy and network topology for clients. Analyzed firewall rule bases and router ACLs to provide up-to-date, layered security for client networks in addition to configuring and armoring servers. Educated clients on good security practices, risk vs. operational risk, layered security, armoring operating systems, and attack signatures. Provided detailed reporting and documentation on all tasks performed. November 1999 – September 2000: UUNet Technologies, Fairfax, Virginia. Network Security Engineer / Specialist. Assisted external fortune 100 customers in all aspects of routing and network/internet security including secure routing through firewall, security design, planning problem resolution for local, wide-area and world-wide area connectivity. Troubleshot points of failure from packet origination to destination. Assisted customers in successful implementation of corporate VPNs for both firewall-to-firewall encryption and client-to-firewall encryption. Advised customers on the administration of all LAN/WAN-related equipment as it relates to the firewalls (UNIX/NT), routers (Cisco IOS), bridges, dial-up and dedicated lines (T- 1s and Frame Relay), hubs, switches, servers, and workstations. Guided customers in the secure implementation of all Internet-related activities including DNS, HTTP, and Sendmail. Engineered and managed UUNet Security Support group’s LAN for simulation of customer network security scenarios, including everything from troubleshooting firewalls (Checkpoint 4.0 and Raptor 5.0/6.0) and recreation of hacking attempts. Researched latest network and internet security practices for internal engineering briefs. June 1998 – November 1999: Systems Engineer III, CACI Federal Inc., Arlington, Virginia Network Security Administrator. Assisted Network Security group in all aspects of the corporate communications backbone including design, planning, maintenance, and repair. Managed the administration of LAN/WAN and related equipment, including firewalls, routers, bridges, dial-up and dedicated lines (T1s and Frame Relay), hubs, switches, servers, and workstations. Supported, monitored, and coordinated all internal Internet-related activities including DNS, HTTP, and Sendmail. Assisted internal and remote administrators in the management and evaluation of corporate applications and audits of corporate-wide computer network security including the corporate website and all servers operating outside the corporate firewall. Provided consultation to remote CACI offices on connectivity issues and network optimization.

January 1992 – July 1998: United States Navy

Security Officer. Maintained the Automated Information System Local Area Network, platforms included UNIX, Windows 3.x, NT, and Groupwise run on a segmented network of fiber optic, coaxial, and twisted pair cabling. Provided updates and recommendations as required. Wrote and installed batch files to collect systems information from these platforms. Maintained a systems integration management database, instrumental in the planning and programming of network operations. Conducted network management and troubleshooting.

T EC HN I C A L S K I L L S

Network / Operating Systems:

OSX 10.X,Apple MAC OS 7.1 - 7.5, Apple A/UX 3.01, DOS, AT&T System V, DEC Digital-UNIX 4D, HP-UX 10.1, SCO, Sun Solaris 2.25 – 10, BSDi 3.0 – 4.1, NetBSD, OpenBSD, FreeBSD, DragonflyBSD, SlackWare, Fedora, RHEL, Suse, Debian, Gentoo, CentOS, Ubuntu, Catapulta, Cisco IOS 9 – 15, Cisco NXOS, Cisco IOSXE,Screen OS 2.4.6 – 5.2, Cisco PIX OS 4.2 – 7.1 ASA 8 - 9, IRIX 6.2, AIX, FortiOS 2.5-3.1, JunOS 10 Software / Protocols: WAN/MAN/LAN, netflow, iScsi, Stone Beat (Cluster), Rainfinity (Cluster), SecureID, VoIP, VoFrame

(Cisco), FLAP (AOL), P3 (AOL), ISS Netscan, ISS Webscan, Nmap, Nessus, SAINT, SARA, Demarc, RDDTool, MRTG, NTOP, nProbe, NMAP, Cyber Cop, Ansible, SnifferPro, wireshark, ettercap, dsniff, tcpdump, tcpwrapers, arpwatch, Snort, snort-inline, tcpreplay, iptraf, stealth, iplog, fping, smokeping, nsping, fragrouter, hping, SSH, OpenSSH, SSL, OpenSSL, MPLS, Cisco DMVPN, OpenVSwtich, SQL, MySQL, Solaris Disk Suite,, PF_ring. OSPF, BGP, EIGRP,GLBP, HSSRP,TTCP, VRRPD

Programming Languages: Basic Perl, limited PHP, limited C, Python, TCL,UNIX shell scripting (Bourne/Bash shell) Hardware / COTS: Checkpoint Firewall-1, Axent Raptor Firewall, Fortigate Firewall, InterLock, Cisco CBAC Firewall, Cisco PIX Firewall, Juniper Routers and Firewalls, Cisco Routers Switches, Cisco access concentrators, Cisco Nexus 2k, 3k,5k, and 7k, Foundary, 3com TotalControl, CableTron, Commodity Hardware from IBM,DELL,SUN,HP et. Al., RSA SecureID, HP OpenView, Adaptec DuraStore 6320 SS, Endace DAG, NapaTech NT and X series, Chelsio T310, PKI/PKE, LDAP. CE RT I F I C A T I ON / T R A I N I NG

Certification

• Checkpoint Certified Security Administrator (CCSA) • UNIX Administration(General)

• Checkpoint Certified Security Engineer (CCSE) • Linux Administration(General)

• Netscreen (NMTP) • Linux Administration(RedHat)

• InterLock Firewall • Internet Security

• Network Technical Support • VMware 3.1

• Computer Electronics • Microsoft Certified Professional (MCP)

• Computer Industry Knowledge

Netscreen Certified Training, Netscreen HQ, Sunnyvale, CA: November 2001

• Netscreen INSS version 2.6b

Microsoft Certified Training, Global Learning Center, Alexandria: VA, May 1999

• Windows NT Server 4.0 • TCP/IP

• Windows NT Enterprise • IIS Server 4

• Networking Essentials • Proxy Server 2.0

The United States Navy

• Basic Electronic Engineering • Total Quality Leadership

• Advanced Electronics Repair & Troubleshooting • Electronics Calibration & Repair

• Weapons Control and Doppler Radar Repair &

Troubleshooting

• IFF Transponder/Transceiver Advanced

Calibration

• Subject Matter Expert Instructor School • Advanced Microwave Calibration & Repair Clearance

• Top Secret SSBI SCI (active)

ED UC A T I ON

The University Of Cincinnati: 1989 – 1991

Contact this candidate