Network Security Systems
Resume:
NAME: FASOKUN, James
PHONE: 780-***-****
E-MAIL: ******@*****.***
PROFILE
I am an IT Professional with more than 10 years of continuous business experience in using Cisco Routers, Switches, and Security Appliances in LAN and WAN environments with experience also gathered supporting Windows platforms. I am an enthusiastic worker of a graduate caliber, who works effectively in a team and as an individual. I have excellent communication and documentation skills and an ability to think and act quickly to take charge of situations, which enable me to liaise with clients at different levels with an adaptable approach to a varied workload. I have a good understanding of business operational processes and project lifecycles applying PMI and ITIL methodologies.
SKILLS
Project Management, IT Service Management
Network Planning, Design, Administration and Optimization
Software Defined Networking
Ability to work in a multicultural environment
Negotiation and Persuasive Skills, Customer Facing
Network and Security Systems Support and troubleshooting on diverse Platforms CERTIFICATION
Certified Information Security Systems Professional (CISSP) – In view
The Open Group Architecture Framework (TOGAF) Foundation
Cisco Certified Network Associate CCNA
Cisco Certified Network Professional Enterprise CCNP Enterprise
Cisco Certified Network Professional Security CCNP Security
Cisco Certified Internetwork Expert CCIE (Written)
Palo Alto Networks Certified Network Security Engineer PCNSE
Fortinet Certified Network Security Administrator FCNSA
Juniper Networks Certified Associate JNCIA-Junos
Information Technology Infrastructure Library Foundation Certificate ITIL PROFESSIONAL EXPERIENCE
OT Security Consultant, LNG Canada Project (JGC FLUOR BC LNG JV)/Yokogawa Canada Inc. September 2024 to date
Manage, implement, and maintain operational technology (OT) and (IT) networks in accordance with industry best practices and company standards.
Configure and manage Fortinet firewalls, Cisco firewalls, Cisco switches, and Hirschmann switches to ensure the integrity and security of OT networks.
Deploy and implement Network OT applications and services.
Troubleshoot and resolve network issues, including performance optimization, connectivity problems, and security incidents.
Conduct Gap Analysis, Risk Assessment, and Vulnerability Assessments
Develop and maintain documentation, including network diagrams, configurations, and standard operating procedures (SOPs), and maintained accurate inventory of OT assets
Stay up-to-date with emerging technologies and industry trends related to OT networks and cybersecurity.
Develop and review critical project documentation, including Functional Design Specifications (FDS), Low-Level Design (LLD), High-Level Design (HLD), Factory Acceptance Testing (FAT), Site Acceptance Testing (SAT), Method Statements, and System Architecture. Network Security Consultant, Rio Tinto, Montreal, Canada November 2020 - April 2024
Inventory/Documentation of the entire Rio Tinto firewalls and security appliances as part of the recommendation of a security audit conducted on Rio Tinto’s IT infrastructure.
As a member of Rio Tinto’s TOC team, I managed asset PSIRT, Field Notice, and End of Life advisory management by working with Cyber Security and vendors (Accenture and CGI) managing the assets.
Collaborate with cyber security to detect, prevent, and defend security network vulnerability.
Implementation of SD-WAN (vManage, vSmart, vBond and vEdges/cEdges), application aware routing, creation of templates and policies to manage traffic flow within the SD-WAN infrastructure.
SD-ACCESS (Campus Fabric and DNA-Centre) implementation and management, Identity Service Engine (ISE), 802.1x authentication and Cisco TrustSec (using Security Group Tags).
Implementation of Cisco Application Centric Leaf-Spine Infrastructure, VTEP, Tenant, Context, Bridge Domain, Subnet, End Point Groups (EPG) and Contracts. Policy implementation.
Firewall management: Cisco Firepower Management Centre (FMC), Firepower Threat Defense (FTD), Adaptive Security Appliance (ASA), Palo Alto firewalls, and Panorama Firewall Management. Firewall high availability. NGFW deep packet inspection.
Virtual Private Network implementation (Site-to-Site using IPsec and remote access using IPsec and SSL/TLS), DMVPN.
Engage with external vendors and Rio Tinto Subject Matter Experts (SMEs) on technology evaluation and recommendation.
Provide technical expertise and fully engage during P1/P2 network escalation. Network management using SolarWinds.
Network Consultant, HP Enterprise (HPE) - Mercedes AMG Petronas, Banbury, UK November 2019 - March 2020
Backfilled for the client’s staff on BAU as they need to focus on ongoing projects. The project was the implementation of HP Composable Fabric (HP SDN). I helped with the documentation and configuration of VLAN assignments on HP Aruba and Brocade Switches. The old brocades were being replaced with HP switches.
Firewall policy creation and management: Access Control (Firewall rules, NAT, Application Control, URL Filtering, Deep Packet Inspection, Malware, and File inspections, SSL/TLS Decryption), Threat Prevention (IPS, Anti-BOT, Anti-Virus) on Cisco ASA, Cisco Firepower Threat Defense (FTD) Palo Alto PA-5220 and Checkpoint R80 firewalls, F5 Big-IP LTM
Administration of Spanning-Tree Protocol, Port Security, VLAN, HSRP, VRRP, DHCP, EIGRP, OSPF, BGP, IP Multicast, VPN (remote access and site-to-site) and firewall administration, Wireless LAN Controllers (WLC) and Access Points (APs).
Senior Network Analyst, Servus Credit Union, Edmonton, Canada April 2019 - September 2019
Creation of Configuration Management Database for Network Infrastructure in the enterprise.
Implementation and administration of Palo Alto PA-3220, Palo Alto PA-5220, Cisco ASA 5585, Cisco ASA 5525. Firewall upgrade. Vulnerability remediation.
Administration of Cisco 2911, Cisco ISR 4431, Cisco ASR 1002-X, Nexus 5548, N2K-C2224TP, N2K- C2348TP, N2K-2348UPQ, Cisco Switch 9300, 2960X, 3560X. F5 Big-IP LTM
Configuration and administration of LAN, WAN, Wireless LAN, and WLAN Controllers. Access Points, Identity Services Engine (ISE), 802.1X, MAC Authentication Bypass, Cisco TrustSec, Micro-Segmentation
(Security Group Tags – SGT).
Site-to-site and remote access VPN implementation and administration.
Change management to reclassify some minor changes to standard changes. Network Security Lead, Wipro – ATCO, Edmonton, Canada July 2018 - January 2019
Ownership of vulnerability management program, Remediation, and Recommendation advisory.
Management of periodic assessment scanning, both credential and non-credential to infrastructure and application using IBM QRadar Vulnerability Manager.
Security information and event management (SIEM).
Coordinating with multiple teams to track vulnerabilities and interacting with customers and stakeholders as required to perform the remediation.
Documentation involving a plan for remediation and follow-up on closure. Connect with customers to get risk acceptance based on inputs from the internal teams.
Working with project initiative teams, perform scans and ensure vulnerabilities are remediated to an acceptable level before assets go live.
IT Consultant, Barnsley College, Barnsley, UK November 2017 - April 2018
Providing IT consultancy services to Barnsley College.
Network documentation of the entire Barnsley College Campus network infrastructure.
Review of existing network infrastructure and providing recommendations.
Review of existing network and security policies and providing recommendations.
Implementation and management of Extreme Switches, Extreme Access Points and Firewalls.
Configuration and troubleshooting of OSPF, VLAN management, IP Address management.
Network vulnerability scanning using Nmap, Zenmap and Nmap Scripting Engine (NSE), BackTrack/Kali Linux.
Senior Network Engineer, Sopra Steria Group, Warrington, UK February 2017 - August 2017
Implementation of a two-tier firewall for the Office for Nuclear Regulation (ONR). Project engineer for the management of Cisco ASA 5525 Firepower and Palo Alto 3050 Firewall for ONR.
ASA 5555 Firepower and Checkpoint R75 firewall management and administration, firewall rule management. Site-to-Site VPN (IPsec), Remote Access AnyConnect VPN (IPsec and SSL), Proxy Server configuration (Forefront Threat Management Gateway). ASA 5525 and 5510 administrations.
Providing third-level support on layer 2 and layer 3 devices such as Cisco Catalyst 6509, 3750, 3560, 2960, VLAN management, HSRP configuration, Rapid Spanning Tree configuration, FEX, FabricPath, OTV, VXLAN.
Configuration of firewall High Availability, firewall multiple contexts.
Project implementation of Cisco Meraki cloud-managed MS410-32P and MS225-48P switches, Meraki MX 64 firewall and Meraki MR series wireless access points, configuration of Meraki dashboard.
Involved in high-level design of Cisco Application Centric Infrastructure (ACI) as a proposed solution to a client.
Worked on several IT projects for the Health and Safety Executive (HSE)
Network scanning using BackTrack/ Kali Linux. Penetration Testing.
Production of high-quality network documentation, network audit, network vulnerability assessment Senior Network Analyst, GYROCOM Limited, London, UK October 2016 – December 2016
ASA firewall management and administration, firewall rule management
Providing third-level support on layer 2 and layer 3 devices and technologies such as Cisco Catalyst 2960, 3750, 3560, VLAN management, HSRP configuration, Rapid Spanning Tree configuration
Remote AnyConnect VPN support, Site-to-Site VPN support
Production of high-quality network documentation, network audit Senior Network Engineer, iT Group, Strategy and Resource Directorate, Department for Education, Sheffield, UK January 2016 - July 2016
Project team member for the delivery of IT Modernisation programme for DfE.
Installation and Configuration of Cisco Catalyst 6500 switches (6509 and 6506), Cisco Catalyst 2960, 3750, 3560, Switch IOS upgrade. VLAN management, HSRP configuration, Rapid Spanning Tree configuration
Production of high-quality network documentation, network audit, and IP address management
Implementation of RADIUS on Windows 2012 R2 server, Implementation of AAA on active devices
OSPF configuration, Port Channel configuration.
Network Management using SolarWinds, Lead Network Engineer, Low-level network design. Network Analyst, Swinton Insurance, Swinton Group Limited, Manchester, UK July 2015 - December 2015
Design and management of Quality-of-Service networks capable of hosting voice-over IP services.
Production of high-quality network documentation, project plans, and technology proposals following defined templates. Incident management and root cause analysis.
Administration of LANDESK Management Suite, SolarWinds, PRTG Network Monitor, and Websense.
Configuration and troubleshooting of Spanning-Tree, Port security, HSRP, VLANs, EIGRP, OSPF, BGP, IP Multicasting
Configuration of Cisco Catalyst 3750, 3850 Switches, Cisco Nexus 2k, 5k and 7k. Implementation of Cisco Stack wise and Virtual Switching System VSS, VPC configuration, VDC configuration.
A member of a 3rd-line technical team with responsibility for a complex multi-site/multi-supplier LAN/WAN environment. Administration of FortiGate 50B
Produce and maintain audit documentation for PCI/DSS compliance. IP Business To Business Engineer, TalkTalk Technology, Greater Manchester, UK September 2014 - June 2015
Commissioning of L2 and L3 IP VPN Circuits over MPLS, conducting speed tests on circuits using IxChariot network assessment tool.
Configuration and troubleshooting of BGP, EIGRP, OSPF, VRF, HSRP, VLANs, DMVPN
Configuration of Cisco Switches, Routers and Firewalls
Traffic Shaping, Traffic Engineering, QoS. Implantation of ACL. Modular Policy Framework
Liaise with external suppliers to ensure timely delivery of network upgrades and enhancements, and provisioning of remote support to customers.
Support network changes or upgrades (in conjunction with Operations), ensuring that they are implemented with minimal interruption to the end customer Network Systems Engineer (Projects), ABB Telecoms, ABB Limited, St. Neots, Cambridgeshire, UK May 2013 to July 2014
Project team member in a strong Matrix environment, to deliver power automation driven by intelligent network solutions to the upstream oil sector for liquefied natural gas projects. Working on pilot phases for the implementation of Detailed Functional Design Specifications for the network integration of automated control systems. Documentation.
Installation and configuration of Juniper 6350 routers, SRX 240, 550 firewalls, SSG 20, 140 firewalls. Configuration of address book and address set, applications and application sets, security zones and policies, and firewall rules. High Availability Configuration on Juniper Firewalls. VLAN configuration.
Installation and configuration of Hirschman 1030 and 1040 switches, and Hirschman Tofino firewall, Eagle20. VMware Virtualization ESXi Hypervisor. RADIUS authentication
Installation and configuration of Cisco routers and switches. IP address management using GestioIP.
Clustering of Juniper SRX 240 Firewalls, Stacking of Cisco Catalyst 3750 Switches, configuration of Cisco Catalyst 2950 Switches. Configuration of STP.
Network design and documentation, Configuration Management, Implementation of Access-List. Configuration of Netgear M5300-28G3 ProSafe.
Conduct Factory Acceptance Test, Review of Project Queries, and sign off of the FAT document.
Switch migration for network upgrade, preparation of Method statement document for installation at site. LAN/WAN Engineer, Network Operations, Network Rail Telecoms, Network Rail, Stole-on-Trent, UK April 2012 - March 2013
Member, Network Operations Unit, monitoring over 3000 routers and switches and providing Layer 2 and Layer 3 support using various tools such as Cisco Works LAN Management Solution 3.2, Monitoring MPLS links
Provisioning of Service Desk and IT Service Management using Assyst Enterprise 8.0 to manage Incident, Problem, and Change Management. Used also for Configuration Management Database.
WAN Links management using Vital Suite and NetFlow Traffic Analyzer for SLA management, proactive as well as reactive incident management, Root cause/ trend analysis
Troubleshooting of various faults on Routers 1700, 2600, 2800, 3600, 3800, 7200 series, Cisco Catalyst Switches such as 2960, 3550, 3560, 3745,3750 amongst others, Cisco Nexus Switches and Firewalls ASA 5500 Series, Implementation of QoS.
Administration of RANCID for configuration file restoration on active devices. Administration of Cisco Access Control Server (ACS), Policy Based Routing. TACACS authentication.
Administration of Cisco ASA 5520 using ASDM and implementation of firewall rules, troubleshooting of BGP, EIGRP, Site-to-Site VPN, Layer 3 security
IP addressing implementation and administrations for the entire network, IP subnetting, route summarization (IPv4), VLAN Implementation, Network Segmentation, STP, HSRP, Layers 2 and 3 Switching, Layer 2 Security
Identifying network changes needed due to part replacement to maintain performance and submitting changes for approval to the Change Team
Infrastructure Network Analyst, Information Technology and Telecommunications Unit, ChamsAccess Limited, Victoria Island, Nigeria. May 2010 - December 2011
Design and implementation of network diagram spanning the LAN, telecom connectivity to providers, connectivity to over 1000 ATMs, connectivity to Network Operating Centre and Central Switch.
Design and implementation of IP addressing scheme for the entire network and DNS administration, IP subnetting, route summarization (IPv4), VLAN Implementation, Network Segmentation, Layers 2 and 3 Switching, VoIP, OSPF, BGP, Data Centre/NOC Management
Installation and configuration of Cisco 3800 series router, 2800 series router, 1841 router, 800 Series router, Cisco 2950 Catalyst Switch, Cisco 3560 Catalyst Switch, Cisco 6500 switch, Cisco ASA 5500 series, NAT Configuration, Access-List configuration
Creating Policies, Processes, and Procedures for the provisioning of telecommunication links to the various ChamsAccess Service Terminals.
Infrastructure Resource Management (Asset Management/Inventory Management through the use of Configuration Management Database)
Design, Implement, and test approved changes following ITIL and PMI methodology.
Vendor/Service Provider selection, engagement, and management (Service Level Agreement).
Led the unit for the ISO 9001:2008 Certification, Compliance with PCIDSS
Took ownership of network faults escalated and ensured resolution within agreed time frames, troubleshooting all network faults using various techniques and tools, and Network monitoring using WhatsUp Gold.
Identify, communicate, and resolve all network faults in a timely and efficient manner to ensure all SLAs are met.
Identifying network changes needed due to part replacement to maintain performance, writing procedures for carrying out the changes, and submitting changes for approval to the Change Team
Liaise with business clients, other teams, and 3rd parties to develop business solutions.
Project execution in both functional, projectized, and mixed-matrix-based environments, knowledge of project lifecycle, Stakeholder management, Requirements gathering, and Conducting User Acceptance Tests (UAT).
EDUCATION
Obafemi Awolowo University Ile-Ife, Nigeria
B.Sc./Electronic and Electrical Engineering
HOBBIES
Reading, Watching Soccer, and Listening to Music
Contact this candidate