Information Technology Cyber Security
Resume:
Anton De Lange Network Infrastructure Engineer & Architect Page 1 of 9
Anton De Lange Cyber Security Engineer & Network Infrastructure Engineer Contact: 604-***-****; ad4poh@r.postjobfree.com
https://www.linkedin.com/in/anton-de-lange-b87666b/ Vancouver, BC
A seasoned network cyber security engineer & network project engineer with 20+ years of experience in foundational and transformational it projects with focus on cyber security . Extensive evidence of multiple, successful projects made possible through dedication, hard work and successfully applying industry best practices. Translating business pain into technology solutions both for today and tomorrow, is what I do best.
Experience :
Company : Independent Contractor, Vancouver
Network Infrastructure Engineer, Goco TELUS Group in Burnaby 11/2023 – current
Participate in supporting and configuring the company’s network environment, including switches, routers, load balancers, wireless, firewalls, Sdwan and other hardware. Plan & migrate Datacentre migration from one operational to another operational datacenter without interrupting operational activities.
Make recommendations and provide daily operational maintenance of existing network infrastructure (mainly Cisco and Fortinet with some Juniper) HIGHLIGHTED SKILLS
• Metropolitan-area Ethernet, VPLS WAN, MPLS, LAN / Campus, data centre, cloud, logical security, security assessments and audits, policy management, wireless and managed services, voice as well as network management tools.
• System design for networks and multiple operating systems inclusive of storage devices, load balancers, firewalls, routers, switches, IPS/IDS and cloud-based services. Cisco’s SAAS as hybrid cloud service as well as Cisco VMS / MARS.
• Network analysis and performance analysis through tools such as Iris, Nagios, Cacti Smokeping, Netflow and Solaris.
• ITSM best practices for change requests and associated completion processes.
• Strong operational IT management skills with strong experience in BGP, OSPF, EIGRP in IPv4 & IPv6 environments.
• Project Management inclusive of project scope, timeline, project objectives with estimated deliverables and cost for design and implementation of infrastructure deployments
• Strong communication skills and leading clien
at a business and technical level.
• Technical lead planning, design, integration, p
and capacity management.
• Application of industry best practices to design implement end to end cost-effective solutions
application experiences.
• Able to map business needs and customer req
into cost effective technology solutions.
• Strong evidence for the implementation of qua
solutions to ensure client expectations are del
• Data Centre Network (DCN) design and implem
consisting of computing, application, storage,
nodes and services, where scalability, resilienc
and performance are the most common funda
considerations of a successful DCN design.
Anton De Lange Network Infrastructure Engineer & Architect Page 2 of 9 Planning and execution of changes, assessing and mitigating risks, and following IT change control best practices for predictable results
Provide highest level operational support, triage, break/fix, and incident resolution, including response to escalations, proactively notifying customers of network issues, and assessing and communicating business impact.
Participate and collaborate in various information technology projects Improve metrics collection on network devices and expand monitoring of network devices Use of network tools for administration, maintenance, automation, and visualization/reporting Prepare and maintain up-to-date documentation for internal and external customers detailing the configuration of deployed solutions
Demonstrate sound judgment in solving problems as well as identifying problems in advance, and proposing solutions and technology guidance to solve business problems and improve existing network Company : Independent Contractor, Vancouver
Cyber Security Consultant, TELUS Group in Burnaby
11/2022 – 09/2023
Provide ongoing security consulting services to an Utility service provider in Vancouver inclusive of the following aspects :
- Inspect firewall rules on Cisco FTD’s located in multiple datacentres and rectify with updating Service Now incident Vulnerability/threat analysis
Inspect ‘suspicious ‘ data flows & log incident for further inspection either on Ftd logs or Websense or Splunk Monitoring Tool
- Use Cisco FMC – (Cisco Secure Firewall Manager) to determine threat analysis creating custom rules to prevent to prevent attacks from advancing.
- Creating firewall rules & controls thousands of commercial as well as custom application being used.
- Defining of intrusion prevention levels,URL reputation rules and malware defense policies Zero Trust
- Support 400 virtual firewalls as well consisting of complex dmz zone architecture to ensure zero trust with ISE authentication & use of Cisco Umbrella url filtering & dns authentication with filtering
- In process to define project objectives to migrate multiple Cisco ASA context firewalls to Cisco FTD 4145 New Generation Firewalls to be managed by Cisco FMC
Day to day problem analysis –
Respond to Service incidents generated by ITSM Service Now in timely manner /some of the incidents are complex as it spans across multiple layers of firewall contexts and problem analysis like icmp,traceroute are not allowed and the use of Splunk and packet tracer to analyse and to resolve complex integrations facilitated via Citrix workspace.
- Other activities include ongoing maintenance support to ensure Cisco peripheral security devices and the management thereof
- Manage of Cisco Identity Services Engine (ISE) to manage access policies as a core requirement to zero trust networking Managing of enterprise IT teams with granular control of endpoints as well as ‘people’ as what resources can be accessed based on centrally managed policies
Anton De Lange Network Infrastructure Engineer & Architect Page 3 of 9 Ensuring of ISO27001 compliances with respect to the CIA principles – Confidentially, Integrity and Availability with focus on availability and integrity -
Company : Avenir Global, Montreal
Network Cyber Security Engineer
07/2021 – 10/2022
Managing of Avenir Global ’s infrastructure across 3 continents servicing 50 offices & datacentres, Montreal, Toronto, London,Brussels and multiple offices in US - inclusive of network & logical security infrastructure and Azure on cloud. Avenir Global it Services has also has services arm which provides technical and solutions provisioning to 10 external companies . NIST Cybersecurity Framework has being adopted in Avenir’s business model & to include the five areas: Iden fy, Protect, Detect, Respond, and Recover.
Role functions:
Zero trust
• Operational management – Cybersecurity Framework benchmarks for hardening systems and validates using baseline tools as well as endpoint security – i.e. Microsoft Defender .
Managed and keep abreast of Avenir Global’s technical infrastructure in multiple countries by using the appropriate internal sources of information with regards to Azure cloud platform,web services,logical security and voice services. Supported and monitored customer MPLS and LAN / Campus as well wireless infrastructure to ensure optimum network performance. Managing of Cisco Identity Services Engine (ISE) to manage access policies as a core requirement to zero trust networking & users access to resource access centrally managed
Cloud implementations
Roadmap of Avenir Global infrastructure – i.e downsize dc environments & move to cloud virtualization,management from on premises to on cloud
• Design & build of POC – migration of on premises Cisco FMC managing all regional FTD’s to Azure Cloud with FMC failover in Azure Cloud –
• Zero Trust Security solutions using Cisco solution architecture (New generation Firewall & FMC infrastructure ) with Zscaler as an additional functionality to manage Internet access
• Meraki Wifi & Meraki switch architecture to provide simplified wifi & switch provisioning using underlying Meraki Cloud infrastructure
• Azure cloud infrastructure to manage/migrate on campus management tools like Solarwinds,Cisco vFMC to on cloud infrastructure
• Use of Single sign on based on Microsoft Azure in conjunction with Cisco-ISE
• Follow up on team meetings – 15 minutes stand up each morning & update on task activities & critical issues
• Ongoing Infrastructure upgrades using Nessus to provide vulnerability scan reports & daily updates
• Provided Solutions Architecture Team within Avenir IT Global Team with Pre-Sales assistance on the following disciplines :
- Zero Trust Security solutions using Cisco solution architecture (New generation Firewall & FMC infrastructure ) with Zscaler as an additional functionality to manage Internet access
- Meraki Wifi & Meraki switch architecture to provide simplified wifi & switch provisioning using underlying Meraki Cloud infrastructure
- Azure cloud infrastructure to manage/migrate on campus management tools like Solarwinds,Cisco vFMC to on cloud infrastructure
- Use of Single sign on based on Microsoft Azure in conjunction with Cisco-ISE Recent projects completed:
Design & build voice solution based on Microsoft teams to illustrate use of teams for replacing traditional Cisco gateways after base solution submitted to management for approval
Anton De Lange Network Infrastructure Engineer & Architect Page 4 of 9 Design & build the migration of MPLS connected branches to Azure Virtual Wan – ongoing project in Canada (migration from mpls to Direct internet connected branches ) individual site to site Vpn for management purposes & migration with the use of FTD2100,FTD1120’s into Azure Cisco FMCv to manage firewall infrastructure Direct result of Azure Virtual Wan - Upgrade of 30 branches from mpls to dedicated internet with FTD 1120 new generation firewalls managed to be by Cisco FMC in Azure Cloud /traffic patterns changed from centric to cloud Design & implement branch WIFI AP’s to provide vlan isolation for branch users using laptop & universal printing for office use Design & build of Meraki Mr45 switch infrastructure in 4 continents & 50 offices to replace Cisco switch infrastructure and to be managed via Meraki Cloud infrastructure –
Direct result of Meraki cloud infrastructure – the onboarding of Cisco9330/9200 switches to provide once glance of overall switch infrastructure to Meraki on cloud management infrastructure Experience
Company : Independent Contractor, Vancouver & Toronto Network Architect & Cyber Security Engineer
07/2020 -06/2021
Role functions:
• Provide strategy planning - Collaborate with network, security and enterprise architects to create optimal network design topologies and configurations to ensure high availability & reliability for critical applications.
• Acquisition & Deployment –Support the development and implementation of networking projects and new technology installation with support of customer base in 8 continents, 40 countries inclusive of 6 datacenters.
• Operational Management – Perform evaluation, implement, maintain and continuously improve client's network infrastructure Implemented & upgraded various customer environments to include Asav1000 & Asa5545-X with Application control and URL filtering, Advanced malware protection and with DMZ’s as an additional layer of security to the network and acts as a buffer between a local area network (LAN) and a less secure network which is the Internet.
• Project management – definition of various projects – Solarwinds/orion global project/completion with project criteria i.e – costs,goal achievement,customer success measurement & project signoff.
• Design & POC – migration of on premises Cisco Fmc to Azure Cloud with FMC failover in Azure Cloud
• Troubleshoot network devices, cabling, and security devices as well as performance monitoring. Pro-active monitor customer environments to match sla’s & recommend improvement if sla’s exceeded. Perform the administration, maintenance and upgrade planning of all network infrastructure (firewalls, routers, switches, VPNs, load balancers, voice infrastructure
Ongoing performance monitoring use of Solarwinds to determine performance stats for VOIP traffic,web traffic daily & monthly trend analysis
• Achievements: Complete all tickets within defined repair SLA’s . All projects completed on defined target goals withing budget Complete all projects with sub projects within target goals on budget with complete customer satisfaction. Projects completed:
Design & implemented MFA authentication using Cisco-ISE via ASAv on vSphere/vmware against Windows AD in 8 data centers to enable any to any connectivity across multiple continents to allow cloud application access & Avaya soft phone - phase 1 of secure connectivity & vnet logical security & segmentation Anton De Lange Network Infrastructure Engineer & Architect Page 5 of 9 Completed implementation of Solar Winds to monitor all web applications, dns availability & windows services like Ad & overall network availability to match sla’s
Network Architect & Security Network Engineer
01/2019 – 12/2019
Company : Ten Lifestyle Group, London ( https://www.tenlifestylegroup.com/) Role:
• Operational management – Cybersecurity Framework benchmarks for hardening systems and validates using baseline tools as well as endpoint security – i.e. Forcepoint to conform with overall PCI conformance. Managed and keep abreast of Ten group’s IT technical infrastructure in 20 countries by using the appropriate internal sources of information with regards to Azure cloud platform,web services,logical security and voice services. Supported and monitored customer MPLS and LAN / Campus as well wireless infrastructure to ensure optimum performance of network infrastructure.
• Support and install Ip phones – Cisco7821 towards Cisco Call manager v12.5 for 200 branches from head office London to Europe branch offices
• Support Asa-5525-X firewall infrastructure & manage policies as well as security incidents with escalations -
• Acquisition & Deployment – project definition with plan, develop, control and deliver a project throughout the continuous implementation process until successful in accordance with customer agreements. Designed and implemented ASAv on vSphere / Vmware in 6 countries using Cisco-ISE with MFA / Microsoft with Cisco Any-connect portability from and to multiple datacentres.
Implementation of San within IBM Z14 complex using Ficon connected into Cisco Mds9706 – responsible for Linux & storage networking responsibilities.
• As per ISO 27001 definition the following criteria are being used as guidelines and tasks:
· Define a security policy.
· Define the scope of the ISMS.
· Conduct a risk assessment.
· Manage identified risks.
· Select control objectives and controls to be implemented.
· Prepare a statement of applicability
• Provide strategy planning - Established relationships with internal and external stakeholders to effectively deliver operating and work plans within time and on budget, effectively communicating progress, status, activities, issues and risks to all relevant parties.
• Provided Pre-sales functions to Solutions Architecture team on topics like Wifi security /campus infrastructure security use of Zero Trust disciplines included New Generation Firewall Achievements:
Successful completion of logical access project - improved customer portability by implementing any to any internet connectivity from all continents with single sign on flexibility.
Improved performance monitoring by implementing multiple SolarWinds instance to ensure ongoing Sla’s . Projects completed :
Design & implemented of mpls backbone with BGP peering in 8 data centres in 4 continents to replace public internet connectivity . Phase 2 implementation of ASA5525-x in 4 major data centre’s to redefine network security availability to enhance DC/data center by adding Internet block to Wan distribution and improve threat defense. NETWORK ARCHITECT & NETWORK SECURITY ENGINEER
01/2016 – 12/2018
Company: Three6five, South Africa /London (https://www.three6five.com/ ) Role :
• Provide strategy planning - served as the lead systems and infrastructure architect, including design, implementation, operations, disaster recovery aspects of network with project management responsibilities on complex designs for MPLS and logical security solutions using ITIL methodologies.
Collaborated actively in design, development and maintenance of technology architecture with the various customers with the result of technology roadmaps and defined high-level solutions. Worked actively with Presales and Sales to strengthen relationships and to raise engineering capabilities. Defined and maintained the required procedures with all documentation and work instructions for the Service delivery teams.
• Operational management – analyse and designed process flows for the implementations of new networks, problem and order management tools which integrated with existing, management & process tools. Implemented phase implementation to eliminate the threat of ransomware attacks by assisting organizations with augmenting existing security measures by implementing email, DNS, and anti-malware security capabilities Anton De Lange Network Infrastructure Engineer & Architect Page 6 of 9
.
Managed vulnerabilities, threats, risks and associated compliance as per defined security policies and with all aspects of security. Provided operational management and monitoring of multiple customer security environments.
• Acquisition & Deployment -implemented network design and architecture best practices through Proof of Concepts for a local ISP with the emphasis on FTTH and FTTB solutions using 802.1ah and with Ce2.0 compliance for product sets. These included the design and build of intelligent network landscapes to accommodate various business parks . Achievements:
Improved customer infrastructure availability with improved sla’s with 100 percent customer satisfaction. Improved customer performance monitoring by implementing multiple Solar Wind instance to ensure ongoing Sla’s . Improved security for major isp/hosting provider by implementing enhanced DDOS . Projects completed :
Design & implemented multi tier environment from flat network to multitier environment consisting of Enterprise core(Datacenter/Campus) with Wan distribution with clustered wan aggregation switches into wan access to allow wan termination & internet termination with redundant Dmvpn .
Design & implemented carrier ethernet solution in multi-zone environment with multi-vrf with a single SP managed environment to enable end to end virtualization .
Design and implementation multi-fabric path for virtualized Enterprise datacentre environment with multiple Hsrp’s via spine & leaf topology to provide any to any connectivity for vm environment with improved redundancy and throughput. Design & implementation of 802.1x multi-host environment using flexible authentication using Cisco-Acs for multi-domain customer. Managing Engineer & Project Manager
08/2015 – 12/2015
Xtreme Networking Nigeria ( http://www.xtechnologysolutions.com/ )
• Responsible for all high-level designs and architecture for multiple customers across many industries.
• Owned service delivery functions with associated support for the service provider in Africa (services included MPLS and ethernet designs with technical assistance during service delivery stages).
• Managed project definition with resource managing, plan, develop, control and delivering projects throughout the continuous implementation processes until successful in accordance with customer agreements. VERIZON COUNTRY MANAGER
2009/06 – 07/2015
Verizon / MCI Communications,Cape Town – ( https://www.verizon.com/ ) Functions :
Provide strategy planning -responsible for all high-level designs and architecture for various Verizon / MCI customers with the delivery of cost-effective product solutions within the defined SLA’s. Architected, planned, installed and configured logical security solutions in alignment with COBIT processes - including change, incident and problem management with all aspects of logical security and best practises. Lead systems and infrastructure architect, including the project management, design, implementation, operations, disaster recovery aspects of network on complex designs on MPLS and logical security solutions.
• Operational management - managed service delivery teams with product implementations with an emphasis on customer product requirements including cost, service delivery and availability obtained from 3rd party suppliers in accordance with agreement SLA’s. Managed virtual teams to assist with product definition and roll-out as well as the management of service delivery teams during implementation of defined products.
Recommended internet security solutions; influenced business stakeholders for the need to implement within an agreed timeframe to mitigate against Internet violations, threats and exposures. Provided consultation and security auditing services to a German organization with 4000 seats.
• Provide strategy planning -negotiated agreements with Telco’s for delivery of Ethernet and MPLS services for 48 countries in Africa. Lead systems and infrastructure architect, including the project management, design, implementation, operations, disaster recovery aspects of network on complex designs on MPLS and logical security solutions.
• Operational management – conducted & managed best practices with POC’s for an local ISP with emphasis on FTTH & FTTB solutions using 802.1ah and with Ce2.0 compliance for product sets like – Eline (EPL, EVPL) & E-LAN. Investigated and designed implementations of Netflow to determine IP flows for billing and accounting purposes. Anton De Lange Network Infrastructure Engineer & Architect Page 7 of 9
• Manage team functions
Managing of various team functions inclusive of budget, pipeline for sales,technical resource management,product updates as technical roadmap along with project management goals across 20 countries with total headcount of 40 personnel . Achievements :
Improved customer satisfaction with reference to service delivery and customer security implementations by improving product and pricing especially for African countries with 25% growth overall. Improved SLA’s for IT project implementation from 55 days to 30 days after feasibility studies completed for ethernet services in Sa. Improved customer confidence with security assessment & ensured increase of 15 % growth of LAN, WAN and security products. Projects completed :
Design & implemented mpls backbone with L3vpn – (MP-BGP Vpn based internet routing ) in South Africa & 8 African countries with NNI’s in South Africa,London & Germany to improve Verizon’s customer experience with regards to all Sla’s – Design & implemented ability for portable customer to access Verizon’s global infrastructure in Africa & South Africa by using Cisco’s Vpn client via 4g cell into nearest cell POP & vpn trunk traffic onto Mpls infrastructure into Verizon Global network – 2000/09 – 2009/05 IBM,Cape Town
Senior IT Professional, ITS (Pre-sales & Product support on Cisco Security product support ) Outline
Ongoing support to sales team by providing pre-sales support on all Cisco suite of products as well as engineering functions for wan
,Lan/campus & logical security as an post sales function Key Responsibilities
• Primary responsibility pre-sales support to Sales teams & POC of various suite of products – i.e Logical security inclusive of fw & ips/ids demo’s as well as Ciscoworks/vms & campus/lan& IPT solutions migrating from PBX to Cisco lan based IPT solutions Other functions included technical project management of implementation of new solutions as per SOW.
•Other functions included engineering functions like – design and implementation of switched campus (fully redundant) and Logical Security Solution for carrier supplier with logical access control with the use of Cisco(ACS ) & control 500 users inclusive of Ciscoworks/Vms
• Design and implementation of campus & wan/mpls solution (178 branches) – migration from 3com flat campus to Cisco switched based solution inclusive of FW solution with DMZ for branch & wan from frame-relay to Wan mpls infrastructure.
•Also provided operational support to customers with SOW for support mpls/wan & logical fw instances for ongoing support with performance monitoring to improve customer physical environments. Projects completed :
Implementation of full logical security solution – from Cisco Fw’s with Ids /failover pair with dmz ‘s as well Cisco-Mars to provide what if scenario’s after collating activities detail from Ids & firewall with resulting actions – to ‘halt’ vulnerable sessions Part of the security solution was CSA (Cisco security agent – behavioural based ) and all managed via Cisco-VMS Design and implementation of multitier campus implementation to cater multi thousand seat customer,from a flat single broadcast domain to multi-tier environment consisting of core,distribution and access devices to provide scalability and logical security to various customer division and managed by Ciscoworks-Lms.
Education & Qualifications
• CCDP – 2004, recertified in 2019
• CCNP – Security, 2004, recertified in 2019
• CCNP – Routing & Switching, 2019
• Recertify CCNA & CCDA 2020
Anton De Lange Network Infrastructure Engineer & Architect Page 8 of 9
• Completed Azure az900 /Azure fundamentals
• Busy with Azure Administrator – Az-104
• Completed Cisco Cyber-Security Associate – 200-201 08/2023
• Preparation for Cissp – completion end of January,2024
• CCDE – In progress – planning End of May 2024 theory exam
•
HARDWARE SKILLS ON THE FOLLOWING:
• Arista 7504 & 7308
• Calix & Accedian platforms for carrier Ethernet providers
• Cisco / ASR: 12000/1000, 76xx, 48xx, 36xx, 46xx, 65x9e,
• Nexus 4000, 5000 & Nexus 7700
• Nexus 9000 ranges
• Cisco 3850’s, 3750’s, 6504, 6506, 6509
• Cisco 9300 & Cisco 9200
• Cisco v1000, Cisco-Nsx,
• Cisco AsaV, Cisco-ISE
• Cisco Ftd’s – 2210,1140,1150’s,1120
• Cisco Asa5540’ & Asa5580 & Asa5525
• Cisco Meraki to manage Cisco Ap’s – Meraki56’s,Meraki45’s
• Extreme: X670-2, X480-2, x460-2
• Juniper: Mx960
• Fortinet 500d
• Fortinet: 60d
• Firewall Checkpoint r80
• Watchguard – Firewalls
• Aruba switches – 29xx,54xx
• HPE switches
Management Tools :
- Solarwinds/Orion
- Cisco/VMS/Mars
- Cisco Prime/LMS
- Scrutinizer/Netflow –
- Cisco-ISE
- Caati/Smokeping
- IRIS /performance monitor
- Cisco Security Manager
- Cisco Data Centre Manager
- Cisco FMC manager
- Splunk Monitoring Tool
- Websense/Forcepoint
- Network Performance Monitor
- Infoblox
- PRTG
References: can be supplied
Soft Skills
Solutions build Collaboration
Problem solving Negotiation
Attention to detail Communications skills
ACTIVITIES
Anton De Lange Network Infrastructure Engineer & Architect Page 9 of 9 I love running, hiking, photography, the outdoors, spending time with friends and family and helping others in any way possible. I’m always looking for a way to help someone and it forms a core part of who I am. This spills over into all areas of my work and personal life and makes me a versatile individual with a can-do attitude and a high drive to get things done.
Contact this candidate