Network Infrastructure Security

Roland Herrera

Professional Summary

With over 20 years of experience, I have a strong background in Cisco Network Security, Route/Switching, and Wireless technology. This extensive knowledge allows me to handle complex network challenges and provide effective solutions. I have a proven track record of coordinating with vendors and engineers to successfully implement and maintain secure, reliable networks that ensure seamless connectivity and optimal performance.

Skills:

●Managing day-to-day operational support. Gain knowledge of the most critical pain points and schedule time to address each item

●Evaluating the network infrastructure and confirming documentation from electrical dedicated circuits, UPS, Crack units, Data centers, Network closets, and cabling management to ISP service provider uplinks. To evaluate a network infrastructure, the following components should be assessed: routers, switches, firewalls, servers, wireless access points, network cabling, network monitoring tools, and ISP WAN uplinks.

●Confirm complete asset management, logs, disaster recovery configs /plans

●Evaluate current monitoring tools, and analyzers and make sure duplication of services is not taking place. Evaluate all Firewall policies to make sure best practices are in place along with disabling unused rules (This will go through Change management Process for approval)

●Work and coordinate with various vendors to make sure the company is getting the best ROI.

●Establish a WIP (Work in Progress) to document the T-shooting process to expedite the resolution of pain points for reference

●T-Shooting Application issues to network issues will be documented for reference along with tools used to determine the root cause.

●T-Shooting tools such as nslookup, Wireshark, SolarWinds Orion, Veeam, Extra hop, Azure Monitoring Nmap, and many others will be shared to train each other to be stronger.

●T-Shooting Tiger team to expedite the resolution of cloud-based, server, network, or application. The team will consist of each SME to determine the root cause and resolution

●Implement change management (ITIL) to identify change needs or implement best practices for application, IOS, and hardware updates, SOC 2, and ISO 27001 (Security best practices) . In a legacy network Core, the Distribution and Access infrastructure identifies all east-west traffic sources and destinations to eventually implement Zero trust access Policy to the application internal and remote if needed.

●Zero Trust access with Multifactor authentication must be established for all users on-premise and in the cloud.

●Know the routing policies and best practices for Palo Alto, Fortinet, and Cisco Fire Power devices or VMS.

Technical Skills:

Application and Web servers

Microsoft IIS, Apache Webserver, Microsoft Hypervisor and VMware vSphere for hosting applications such as NetMotion Mobility, Milestone, Vtech, SCADA Systems, BMS, MES, Veeam, Cisco Prime, DNA, Infoblox

Cloud Technologies

SAAS, Azure, AWS, OKTA, Microsoft Office 365, 8X8 VoIP solutions, SDWAN

Security

OKTA, 2FA, Cisco Umbrella, Crowd Strike, Secure Email, Microsoft Defender, Cisco Amp, Palo Alto Firewall, Cisco ISE, FortiGate NGFW, Fatigate Analyzer, FortiGate VPN, Cisco VPN, Palo Alto NGFW with Global protect for VPN and Cisco Firepower firewalls

Directories

Azure AD, LDAP Active Directory, Directory server

Monitoring Tools

FortiGate Analyzer, Log Analyzer, Introscope, Splunk, Wireshark, SolarWinds Orion, Extra Hop, Nmap, Tenable,

Vtech, SCADA Systems, BMS, MES

Database

Oracle, Microsoft SQL but must research to write the commands

Networking Protocols

And Hardware

TCP/IP, HTTP, HTTPS, FTP, SNMP Ver 2-3, LDAP, DNS, SSL, TLS Ver 1.2-1.3, DHCP, OSPF EiGRP IGB, EGB, BGP and PPP to name a few and Cisco Spanning Tree Protocol (STP), virtual Port Channel (vPC), or Cisco FabricPath exists, EVPN Multi-Site provides state-of-the-art interconnect abilities DNA, ARP, OTV, MPLS, VPN, IPsec, 802.1X: This is an IEEE standard for port-based network access control and WPA3 for WiFi access

Cisco Nexus 9k-1000k, Cisco 3560 switches to 9300 catalyst switches Meraki Firewall MX64, MS22P-HW Meraki MS22P 24PORT switch, Cisco Meraki MR57-HW WiFi 6E Indoor Wireless Access Point, Cisco 4500, Cisco 6509, Cisco WLC 8510, WISM blades, 9800 WLC. FortiGate 1100E – 60 F Firewall NGF, Fatigate Analyzer, FortiAuth for DMVPN, VPN used Cisco AnyConnect and FortiGuard for vpn, Palo Alto Firewall (5420) NGF

Hardware / OS

Microsoft Windows OS 7 - 11, Microsoft Windows Servers 2003 – 2022, Linux, MacOS

Languages

Python, Bash but far from being an expert but must research to write commands

Professional Experience:

EPMA - IT Network Specialist Aug 2023 – February 2024

EPMA is to support a leading Oil and Gas company, managing over 30,000 + sites remotely.

This role involved building trust relationships with local contacts to upgrade or install new networks within the US.

This involved working with BGP, OSPF, EIGRP, MPLS, VPN Tunnles, IPSEC, and Ike configuration on ROAS(Router on a Stick).

Each site was evaluated and scheduled for either network upgrade or new feature enhancements such as SDWAN over VSATS, 5G cell AT&T or Verizon, and landline Fiber or broadband where feasible

One of the main roles for me was coordinating the last mile between service providers and sites if feasable.

Professional Experience:

Ellucian - IT Network Manager /SME June 2021 to March 2023

The IT Network Manager is a key professional responsible for the planning, implementation, and maintenance of an organization's computer network infrastructure.

Coordinated with field staff in preperation for network upgrade on hardware by anaylizing what is currently on site.

Configured routers, switches and at times access points for the sites as needed to be shipped to designated area.

Established documentation and auditing of what hardware went were for accountability.

Coordinated with ISP in getting the last mile connections for the sites by way of Satillite, 4-5G, Broadband uplinks to whatever is available prior to shipping equipment.

In Streamlining the process I coordinated the ISP to let the team focus on the hardware needed. This RIO 90% more efficent Since I had experience in coordinating with the ISP I was selected to make this happen for the entire team.

Professional Experience:

ABM- Facility Network Operations Consultant September 2018 - February 2021

evaluating / analyze the network and infrastructure

identifying and resolving critical issues

implementing security measures

managing copper and fiber cables

ensuring proper power backup with UPS

maintaining appropriate cooling systems

scheduled network updates for routers and monitoring applications

collaborated with teams on VMware and Microsoft Hyperflex 2016 servers

The applications such as BMS (Biulding Management Sysytems) Milestone, IPAM Infoblox and much more.

Updated network console connetions from telnet to SSH v2 on 126 devices in 2 days

Enhaced redundacy on the network by esablishing portchannels to each switch

Cleaned up subnets to establish segmentation and efficiency

Ducumented and setup config backups to vmservers for disaster recovery

Documented logical and physical diagrams for reference by area rtu.

This cleared up many of the issues causing pain points but exposed other issues that were addressed much faster.

ROI was 98% time was saved in porperly t-shooting issues and proactivly identifying issues before the issues were called in.

Ordered the proper router, switches, cameras, cables and fiber equipment needed and sent back equipment not needed. ROI saved the company $260,000.

Professional Experience:

City of San Antonio, TX Network Administrator/Mobility Engineer May 2002 to June 2018

As a network administrator/engineer I embraced valuable feedback and disregarded unhelpful information in order to actively listen, learn, and develop myself as an essential support system for the team. This often meant committing to late nights of dedicated work to ensure a significant impact.

managing the inventory of power WIPs and circuits in the data center, connecting ISP circuits

managed and activated installation uplinks, and configuring routers,switches, cameras and access points.

took charge of training and onboarding new network managers and engineers to hit the ground running.

Managed 12 towers with point to point 2.4GHz and 5GHz .These various towers covered the City of San Antonio intersections to help with intersection traffic timing. ROI 80% as this was to hold the line and convert over to 5G Cell on CradlePoint routers.

Managed Netmotion Mobility VPN application that served the public safety departments. This project was a complete success and a major redundant application shared between 2 data centers for redundancy.

Managed monitoring the network infrastructure using Solarwinds, Netmotion, Wireshark to isolate issues proactively between applications (SAP, CAD, and tones of other apps)servers and the network. This again was 100% success in proactively tageting issues.

Supported of 244 offices(Not including 52 Firestations and 5 main Police substations and other small public safety offices) scattered all over the city of San Antonio that serves the people.

Educational Details:

●Associate Arts in Information Technology (2006) from University of Phoenix, Phoenix, AZ, US

Certification:

CCNA 2016 Cisco ID13047195

Consistently learning through Udemy IT classes and other resources online

Contact this candidate