Security Manager
Resume:
Gary Armstrong
Dallas, TX 75001
****@*****.***
QUALIFICATIONS
Over 15 Years experience in IT across various roles of Software Developer, Systems/Network/Storage Management, Servers up to Mainframe, Security Management. In crossing over many of the disciplines I can see the big picture when engaging with in projects and providing greater value to my employer.
Worked independently and in teams for Medium and Large firms in the areas of Network/Server/Web Operations, Security, Performance/Scalability, Troubleshooting/Problem Determination, Disaster Recovery Planning/Execution, Migration.
Strong organizational and analytical skills, able to lead teams as well as follow. Strong communication skills, able to communicate with technicians, users and up to management in their language and understanding. Strong troubleshooting skills.
SKILLS
Azure Active Directory / Intune / Teams.
PKI (Public Key Infrastructure) Engineering. Active Directory Certificate Services (ADCS), Venafi Trust Protection Platform
Security/Firewalls/Content: SonicWALL NSA 2600/3600 series and Fortigate 200 and 80 series firewalls.
Storage (SAN) Networking: EQUALLOGIC SAN (iSCSI), Dell EMC 204 SAN, Synology NAS (iSCSI).
Server Operations: Microsoft Windows 2019/2016/2012 R2/2008 R2, Hyper- V, SunOS (Open Solaris), LINUX (appliances)
E-Mail Operations/Security/Encryption: Exchange O365/EXO/2013/2010
(Single/Multi-Site). Exchange migrations. AD/GPO. Mimecast / Encryption / Data Loss Prevention.
Security: AlienVaultUSM, Threat Response, Symantec Endpoint Manager/Client. Symantec Mail Security (SMSMSE). Event Log Manager. Correlog Mainframe to Splunk.
Disaster Recovery / Planning / Documentation – SunGard Availability Services, IBM Business Recovery Services.
Backup: Backup Exec Tape/Cloud/NAS (Agents: Exchange/Hyper-V/SQL). Replication.
Performance Monitoring: Solarwinds Orion NPM / Engineers Toolset, PRTG, MRTG. WireShark.
Internet Operations / Public-Private IP Communications: Design/Planning/Provisioning. VOIP / IP WAN/LAN Performance Monitoring Web based Application (deployment/management) clients facing Browser/Phone Apps.
Load Balancing / Fault Tolerance (IP WAN, Web Server, Cisco LB/IP SLA/) Windows NLB, DNS Dynamic RR, etc.
Security Logging: SPLUNK, Kiwi SYSLOG, Solarwinds Event Log Monitor. Data Center / Azure Cloud operations.
VOIP/Videoconference: Cisco Unity, Star2Star, Cisco Telepresence. WAN/LAN: Cisco 2960/3650 Switches, 2900/1900 Routers. Wireshark/PCAP. Software:
Programming: Javascript (light, studying), PowerShell (light, studying), Assembler (IBM Mainframe), COBOL. Fedora LINUX, Kali LINUX. INDUSTRIES
Banking / Insurance / Securities / Manufacturing
PROFESSIONAL EXPERIENCE
Please note that the employment dates overlap due to my work as a non-full time consultant. The clients, projects and hours varied as required and most engagements were long term.
Microsoft (via Apex Systems): From: 1/2020 through now. Support Engineer 3
Working as a Support Engineer in the Intune and Teams Azure Cloud environment. Working in the Azure / O365 suite of products to provide analysis of production issues related to Intune (Windows/Android/iOS/MacOS) and Teams products primarily, and how they inter-relate to Azure Active Directory, Hybrid AD join, MFA, Exchange Online, Sharepoint, OneDrive, NDES and SCEP technologies. Using my background as a Senior Systems Administrator to assist customer Systems Administrators/Staff to analyze and resolve their Azure / O365 issues.
(I have to flesh out this job description more….)
Bank of America (via Apex Systems): From: 4/2019 through 11/2019. Senior Systems Administrator.
PKI-iCA Engineering group. Working as a contractor with the PKI-iCA Engineering Team. Worked with the team to test, script, Proof of Concept the migration of the Windows Active Directory Certification Services from the Windows 2008R2 up to the 2012R2 platform. Participated in analysis and debugging of PowerShell scripting of migration scripts. Analyzed PowerShell scripts used for Certificate Authority functions. Wrote Documentation for the installation procedure for migration standardization purposes. Participated in project teleconferences with related support teams. Performed migrations of CA DEV and UAT servers. Assisted in operational issues and debugging. Provided the opportunity to learn a significant amount of BofA’s IT Support groups and their unique processes in a highly silo-ed environment. Participated in important PKI events such as the CRL signing ceremony and Encryption ceremony. The opportunity allowed me to deepen my knowledge of PKI from public only to private CA PKI infrastructure in a large scale, security driven environment. Multi Root offline CAs spanning SHA1/SHA2. Intermediate and Subordinate Issuing CAs.
Venafi Engineering Support group. Worked as a part-time resource to the Venafi Support Team. Providing support to the international user community for onboarding of Applications, Projects, Security Processes unto Venafi Trust Protection Platform CMS (Certificate Management System) connected to Public and the internal iCA Certificate Authority. Also started to provide support to onboarding user automated Certificate Management processes into Venafi via API processes.
Gemalto SafeNet HSM. Studied the SafeNet HSM documentation to deepen my knowledge of the HSM as it is implemented at BofA for secure storage and usage of certificate private keys for iCA Certificate Authority servers. Nippon Life Assurance of America (NLIA.COM): From: 4/2001 through 4/2019.
Health/Life Benefits Insurance Carrier, American subsidiary of Japan based Nippon Life.
Senior Systems Administrator. Security Administrator/Network Administrator
Advisor to management on systems strategy and operations methods.
Set and implemented Security Policy via firewall / Content Filtering
(Websense) / GPO Policy / Anti Virus console / Data Loss Prevention products.
Designed the networking strategy through to implementation and ongoing operations.
Azure: Extended On-Premises Active Directory to Azure Active Directory. Migrated On-Premises Exchange 2013 to Hybrid O365 Exchange 2016 Online environment. Implemented Azure MFA (Multi Factor Authentication). Enhanced Email security with Mimecast Cloud Email
Security/Filtering/Delivery.
Managed Web Content filtering via the use of on-premise WEBSENSE proxy/filtering servers. Also used firewall based web content filtering services on SonicWall firewalls and extended function DNS services.
Implemented AlienVault USM Cloud based SIEM. Captured Device SYSLOGs, Server Event Logs, internal service logs capture and alert triggering of significant security based events, as well as an audit trail of transactions and activity. Used Splunk as a secondary event processing engine.
Installed and configured Solarwinds Orion NPM for SNMP/WMI based network monitoring. Multi-site, IP link quality, firewall, router, switch, server monitoring, performance reporting and alerting,
Multi-site Active Directory administration, Cross Domain trusts and Federation between parent/child organizations. GAL replication between organizations. AD Federation to Azure AAD.
Implemented Storage Area Networking (iSCSI SAN) on NEXENTA and EQUALLOGIC products for VM Fault Tolerance, large Disk Volume storage and Backup volume storage.
Managed multi-site Exchange 2013/2007/2003 servers as well as specialized DLP MTAs (ZixVPM) for mail security of protected HIPAA personal information between business partners and clients. Mail encryption. Filtering.
Migrated Exchange 2013 to Hybrid Azure O365 Exchange Online.
Implemented Fault Tolerant Exchange Hyper-V stretched Clusters.
Worked as a senior IT resource to assist and mentor junior staff.
Worked with Team to develop and deploy customer facing cell phone application supporting the company’s products.
Worked with the team to securely deploy key income producing Insurance Quoting Web application to remote clients even though business restrictions prevented us from properly auditing the application for public web security.
Configured and managed the Remote and VPN interconnections with the company’s business partners that included the Regional Offices, key business partners, remote developer company locations and tele-workers.
Migrated servers to Hyper-V. SCVMM P2V.
Helped to develop a multi-site internal Fault Tolerance / Disaster Recovery plan for key customer service and income producing applications.
Configured the Cisco infrastructure of routers and switches at head office and branch offices as well as VPNs to business partners. Wilkinson O’Grady and Company (acquired by Fiera Capital): From: 5/2004 through 01/2016
Securities Investment firm.
Systems Administrator. Network Administrator
Managed the ongoing operations throughout my engagement with the firm.
Managed the firms security policy via firewall access rules and content filtering, GPO policies limiting desktop permissions to minimum practical levels.
Used SYSLOG and Event Log capture and recording to provide SIEM-ish capability and key event reporting such as Login Failures, Account Lockouts, Permissions changes, etc.
Managed and migrated the Exchange environment from Exchange 5 to Exchange 2010. Blackberry Enterprise Server to MDM/Email.
Migrated the server infrastructure to Hyper-V.
Implemented NAS and iSCSI for bulk storage via Synology NAS/iSCSI services.
Configured interconnections with Bloomberg infrastructure (on site BB servers, fiber connections, DR methods, etc.)
Planned, documented and executed the Disaster Recovery plan at Sungard Availability Service in Carlstadt, NJ.
Implemented Cloud based Backup via EVault Cloud.
Worked with VOIP vendor to implement and administer the Cisco CME Call Manager Express, related networking and firewalls. Added Cisco Telepresence connectivity to the parent companies office over the MPLS IP internetwork.
Used GALsync to replicate AD Contacts between loosely related company affiliates.
Managed, configured via IOS CLI, and monitored the Cisco ASA, Router/CME, WiFI, VOIP and Data Switches and Sonicwall firewalls. REFERENCES
Upon request
INTERESTS/HOBBIES
Aviation: Private Pilot / IFR Rated.
Language: Japanese language speaker (not fluent), student of Asian culture and History
Studying: COMPTIA Security+, Javascript, CCENT.
Travel: Europe and Asia primarily.
Contact this candidate