PROFESSIONAL SUMMARY
A Senior IT Security Engineer/Architect/Analyst with 20+years experience in IT Security Infrastructure Management. My areas of expertise include Complex Network Security management. I have exceptional diagnostic and analytic skills for solving issues related to Security and Networks. As a Subject Matter Expert in Security Infrastructure Migration and Provisioning [On-prem and Cloud] I have a deep understanding of IT system architecture and functionalities.I possess deep analytical expertise in all high-end Firewalls [Checkpoint, Juniper, Cisco and Palo], routers, switches, Load Balancers and Proxies. As a Sec. Analyst too, I have experience in vulnerability assessments & remediation, security evaluations, policies review, procedures, principles, and controls. I have in-depth knowledge of PCI, HIPAA, SOX, NIST and NERC compliances. I possess interpersonal communication and consulting skills.
CERTIFICATIONS/TRAININGS
CMMC Certified
System Security Certified Practitioner [ISC]-2017
Juniper Network Certified Internet Specialist [JNCIS-SEC-JUNOS]
Juniper Network Certified Internet Associate [JNCIA-JUNOS]
Network Security Engineer (Global Knowledge Cert.) -1999-2001
IBM System-x HA. Servers Engineer-(IBM Engineering Cert.) 2007
TRAININGS
CheckPoint Maestro
Openstack
Machine Learning Programing
Blockchain-Hyperledger
TECHNICAL SKILLS
●Network/Security Administration
●In-depth knowledge of configuring, upgrading and maintaining all aspects of Juniper, Palo Alto and Checkpoint Firewalls, Cisco Routers, Switches, Proxies, IDS/IPS and AWS Cloud provisioning…etc
Devices/Infrastructure Applications.
●Network and next-gen Firewalls (Checkpoint, Fortinet, Palo Alto, Cisco)
●Intrusion detection/prevention (TippingPoint, McAfee, Cisco, IBM)
●Network Access Control (NAC) Cisco)
●Sandboxing and Analytics (FireEye,CheckPoint, Fortinet, Palo Alto)
●Application security (F5, Imperva, Citrix,)
●Network proxies (Blue Coat, McAfee, Websense)
●Network admission control (NAC) (ForeScout, Cisco)
●Firewall management and auditing (FireMon, Tufin, AlgoSec, RedSeal, Skybox)
●Network packet brokers (Gigamon, NETSCOUT,)
●SSL decryption (Blue Coat, F5, Gigamon, NETSCOUT)
●Identity and Access Management incl. Privileged Access Management (MS AD, CyberArk)
●Public key infrastructure (PKI, private certificate installation)
●Cloud access security brokers (CASB) (Symantec / Blue Coat / Elastica, Adallom, Skyhigh)
●Hardware security modules (HSM)
●Authentication solutions (RSA, Entrust, DUO)
●Endpoint protection (Cisco endpoint/Umbrela/Cloudlock, McAfee, CrowdStrike)
●Data loss prevention (DLP) (Symantec, McAfee, Websense, Cisco Sec Endpoint/Umbrella)
●System management technologies (Symantec, Microsoft, HPE Server Automation)
●OS Hardening (Windows, Linux, UNIX)
●Virtualization on a large scale (VMware, Citrix)
●Email security (Cisco Email)
●VM segmentation (VMware NSX.Openstack)
●Log collection and aggregation (ArcSight, McAfee / Nitro, Splunk, IBM/QRadar)
●File integrity monitoring (Tripwire)
●AWS security
●Network Design
Network requirement analysis (cabling, Protocols, Subnetting, VLAN and NAT, Cloud)
Network configuration design (router, switch, firewall and proxy)
Structured cabling
Visio diagram
●Server Hardware & OS Administration
IBM High Availability Servers (IBM x3950 and BladeCenter)
Windows 200X Active Directory administration
Red Hat/Suse Linux administration
Systems backup & recovery
Customer Technical Support
Assessing customer needs and specifications
Working with vendors for new product implementation
24x7 on-call rotation technical support and remote work
Performance improvement.
PROFESSIONAL EXPERIENCE
IP Consulting, Inc. (VA) Feb 2023 – June 2023
Managed Services Provider
Sr. Security Engineer/Analyst
Assignments:
-Responsible for assisting and evaluating clients for NIST 800-171 Compliance.
-Assisting in day-to-day IT Security Operation and management.
-Working closely with team members in designing, building and maintaining, new and existing customers network security solutions.
Application/Tools: RapidFire Tools, O365, Cisco Malware/Cloudlock/Endpoint/Umbrella, Connectwise, Fortigate, API Integration.
Citigroup (Citi Bank) ( NJ) June 2017 - Sep 2022
Senior IT Security Engineer/Analyst-L3
Supported & Managed the Security of Citigroup Stock Exchange Global Infrastructure[Equity eTrading]
-Responsible for evaluating, researching and implementing business critical changes.
-Monitored, analyzed, and reported metrics of network security services.
-Participated in Critical Security & Network incidents response and remediation.
-Managed Access Control devices such as Checkpoint Maestro, Palo Alto and Juniper Firewalls.
-Collaborated with Business partners in managing their access to the Bank services
-Documented network knowledge base and operational "Run-Book”
Application/Tools: Palo Alto Firewalls, Juniper SRX, Cisco Nexus, Splunk, ServiceNow, Netbox,Checkpoint Meastro, Panorama, Expediation-Palo and Ansible
TechFarm Technologies ( Michigan) Aug 2016 - June 2017
CEO/IT Security Consulting.
Providing IT Security consulting worldwide to businesses and Enterprise.
Designed and implemented Electronic Payment systems [Ebooth]-Africa
Participated in design and implementation of broadband distribution in Africa
Juniper Networks June 2014 – Aug 2016
Advanced Services Consulting group
Juniper Resident Security Engineer
Assigned to Clients in:
-Texas [CGG Veritas, Netsurion]
- Georgia [HOMEDEPOT]
Assignments:
-Micro Segmentation
-Firewall Migration
-Security Appliances Installation and Management
-Infrastructure Assessment.
Details Assignments:
Represented Juniper Networks at the customer site to assist in firewalls [ISG to SRX] conversion and Network segmentation.
Represented Juniper Networks at the customer site to assist in firewalls conversion.
Involved in Strategic Network Consulting, High/low Design, and knowledge transfer
Architected and configured complex VPN [ipsec] for two Co-locations
Assisted in configuring complex configurations to be deployed to 20,000 SRX.
Built and managed Junos Space
Assisted in writing SLAX script for hands-off deployment of SRX.
Aggressively tested SRX hardware and Junos Space to meet the client design requirements.
Constructed POC labs and led a group of Engineers
I was responsible of assisting CGG in designing, deploying and managing Juniper SRX Worldwide (migrated Checkpoint to Juniper)
Designed and implemented NSM Extended HA for (US and Europe)
Implemented STRM/multi collectors to collect firewall logs worldwide
Automated SRX-HA configurations for easy deployment worldwide
Worked on firewall revision control
Built partial-mesh route-based VPN for global deployment.
Wrote templates for future deployment
Built lab for feature testing before deployment
Responsible for knowledge transfer
Tools/Applications: Ansible, Juniper SRX, Juniper EX switches, Junos security manager, Junos Space, MS Certificate Server, Visio,
EXPERIS
City Of Portland (Portland, OR) Jan 2014 - April 2014
Sr. Juniper Security Engineer-
My responsibilities consisted of:
●Re-engineering and migrating Core/Distribution layers Security from Juniper Screenos to Junos platform.
●Moving all Juniper devices from NSM to Junos Space.
●Working on Juniper SRX clusters revision control with minimum downtime.
●Customized Junos Space to better manage all the Juniper devices.
Gained Public Safety experiences
Dimension Data (New York City) Sept 2013 - Nov 2013
Sr. Juniper Security Consultant- Assigned to NYSE (NY Stock Exchange)
Assignments:
●-Responsible for redesigning and implementing VoIP networks for Etraders Phone system[US and UK]
●-Configured Radius Server for User/Phone authentication
●-Configured PKI Servers to deliver Digital Certificates to Phones
●-Configured Juniper L3VPN and on-demand VPN
●-Configured Avaya Phones
State of Michigan (Lansing, MI) June 2012 – Jul 2013
Sr. Security Analyst Consultant
●Played major role in migrating servers from Cisco CSS to F5 load balancers
●Responsible for maintaining the State Of Michigan Security infrastructure
●Responsible for architecting and implementing site-to-site VPN (Hub/Spokes) for the Department of Correction and Justice
●Provided expertise (SME) in Juniper (SRX) configuration and management.
Liberty Mutual Insurance (Seattle, WA) Sept 2011 – June 2012
Sr. Firewall/Security Consultant
●Provided expertise in Juniper Firewalls (NSM,screenOs/Junos) management
●Responsible for implementing firewalls requests/changes and incident management
AAA Life Insurance (Livonia, MI) April 2011 - Sept 2011
Information Security Engineer/Analyst-(Consultant)
●Worked as Subject Matter Expert on the PCI DSS project.
●My responsibility consist of
●Assessing vulnerabilities and providing remediation.
●Infrastructure device hardening (switches, firewalls LB, and Vmware servers)
●Penetration and exploit testing
●PCI DSS requirements interpretation.
●Network segmentation review and device configuration.
●Interacting with IT departments, vendors and service providers to instruct and valid PCI requirements work.
Comerica Bank Data Center (Auburn Hills, MI) Apr 2010 – Dec 2010
Network Security Engineer/Architect (Consultant)
●Responsibilities include:
●Provided Juniper firewalls(NS 5400, 5200), CheckPoint and Cisco switches expertise in building Active Disaster Recovery networks and Production DMZ for the bank.
●Process flow review and implementation.
●Device configuration and wiring.
●Legacy network flow review.
●Disaster Recovery failover procedure writing.
●Firewall rules analysis, validation and documentation.
IBM/AT&T- IT Services (Durham, NC ) Jan 2008 - Aug 2009
Network Security Engineer Tier III (Consultant)
●Provided network security management and support for several commercial and Federal Government accounts (multi-vendor hybrid network environments).
●Responsibilities include:
●Advanced security/network problems mitigation (Operation) and system implementation (Engineering).
●Applications and devices vulnerabilities assessment and report.
●Data Center support (IBM-Durham)
●Firewalls (Checkpoint, Juniper, Cisco ASA/PIX/FWSM) rules request analysis and implementation.
●Layer2/3 Cisco switches change request analysis and implementation
●Load Balancer (CSS/CSM/ACE, Alteon, BigIP-F5) change request analysis and implementation.
●Project planning and documentation.
●New environment planning and configuration.
●Device health monitoring.
●Firewalls auditing.
●Logs review and reporting.
POMEROY IT Solutions (Morrisville, NC) Sept 2007 - Dec 2007
Systems Migration Team leader
●Led a team of engineers in migrating branch networks for NC State Employee Credit Union (SECU). Devices: Cisco switches configuration, IBM BladeCenter server installation, Teller terminal installation.
IBM Corporation-SYSTEM-X SUPPORT GROUP (Durham, NC) Feb 2007 - May 2007
IBM PRODUCT ENGINEER, LEVEL3
●Designed and supported IBM System x3950 (High-End Servers) Automated Support Advantage Program (ASAP Program)
●Scaled 3950 (IBM HA servers) to form a system to run Vmware (cloud) and SAN.
Sbnet Security, LLC (Ann Arbor, MI ) Oct 2001- Jun 2006
NETWORK SECURITY CONSULTANT /CEO
●Owned and operated network security services.
●Provided network design, firewalls implementation, Switch and Router installations, Patch Management, anti-virus protection, risk and vulnerability assessments.
●Analyzed customer IT needs and proposed corrective or improvement measures.
●Analyzed and resolved network problems.
●Sold (Authorized VAR) and supported several security products such as Cisco, Patchlink, Sonicwall, eEye Digital, Symantec and St Bernard, checkpoint, watchguard firewalls.
●Provided 24x7 remote network monitoring.
●Involved in the development of network infrastructure configuration standards and network security policies.
●Resolved Client's Active Directory and Windows problems.
●Worked on Wireless network projects abroad and trained local support specialists.
●Created and managed various IT projects for customers such as virus containment, data backup/recovery, Site-to-site and remote VPN.
Ave maria Foundation/Domino Farm (Ann Arbor, MI) Oct 2001- Jan 2002
NETWORK SECURITY ADMINISTRATOR/Consultant
●Performed network and servers audits.
●Performed vulnerability assessment.
●Tested and evaluated firewalls such as Cisco, Watchguard, Netscreen and other security applications.
●Involved in the development of network infrastructure configuration standards and network security policies.
●Modified Windows 2000, Novell Groupwise/Exchange servers’ security settings to meet the security requirement.
●Coordinated desktop security and patch management project.
FORD Motor Company (HQ) (Dearborn, MI) May 1998 - Jul 2001
NETWORK ADMINISTRATOR
●Responsible for administrating LAN/WAN
●Facilitated network and server upgrades.
●Managed Cisco routers and switches.
●Managed Unix, Windows 2000 servers and users.
●Designed and managed several projects for Ford HR.
EDUCATION
Washtenaw Community College Ann Arbor, Michigan 1992 - 1998
Associate Degree in Computer Networking
Cleary University Ann Arbor, Michigan 2003- 2004
Took course work towards BBA in Management Information Technology
University Du Benin, (Rep. of Togo Africa) 1985 - 1989
BS Electrical Engineering (Industrial Electronics)