Cloud Security Lead
Resume:
Lloyd J. Rochon III
Hayward, Ca. 94542
510-***-**** (home)
510-***-**** (cell)
*****@*******.***
Senior/Lead Cloud/Network/Security/VOIP/Video Architect/Engineering Professional – Project managed, develop, write, architect, engineer, and implement policies, standards and procedures for clients from any industry or size business incorporating network issues, policy issues, physical environments, personnel issues, organizational issues, and technology issues to provide a practical, cost effective, business requirements based NexGen Private or Public Cloud security/network/VOIP/UC solution.
Technical Skills: Trouble Shooting and Support of the Following:
Software:
Cisco ACI, Cisco DNA, SDN, Cisco ISE, Cisco ASA 55XX, Cisco Firepower, Cisco SNS 3515/3595, Palo Alto Firewalls PA-7000/5000/3000/500/200 series, Panorama, Fortinet Firewalls, SonicWall Firewalls, Symantec Firewalls/IPS, Meraki, Cisco Nexus 7K/6K/5K/3K/2K/1K, Cisco Prime, Cisco AnyConnect, Cisco Unified Communication Manager 11.x/10.x/9.x/8.5/7x/6x/5.x/4.x/3.x/2.x, Unity Connection, Unity 7.x, CUMA, CUPS, CCME, Cisco Telepresence, CiscoTanberg, Windows 2012/2008/2003/2000, Active Directory, Windows 7/8/10, UNIX, Solaris, SUSE Linux, UBUNTU Linux, Redhat Linux, Apple IOS, Macintosh 8.5, 7.1, 7, 6.1, 5, Cisco IOS, SQL Server 6.0/6.5/7.0,Oracle7, 8i, 9i, 10i, 11i, Compaq Smart Start 4.6, Zero Administration Kit, MS DOS, MS Word, MS Excel, MS Access 2.0/95/97, MS Project, Project workbench, Solomon 4.0, ClickNet 4.0, SMS 1.2,2.0,Laplink, PC Anywhere, ControlIT 4.5, Remotely Possible, Seagate Backup Exec 7.0, 7.2, Veritas Backup Exec 7.3, Exchange 5.0/5.5/2000/2010, AS400 computer operations, Trend Scanmail for Exchange, McAfee Netshield, Norton Antivirus, Norton Ghost, Windows NT Option Pack; IIS 3.0/4.0, ACE Server, BubbleNet, FTP, DNS, DHCP, WINS, Telnet, Steel Belt Radius, Cisco Service Connection Manager, ARP, HP OpenView, WindRiver WinPOeT, Enternet 300, RADIUS, WhatsUP Gold, IP Monitor, Viso 4.5, 5, 2000, Citrix Winframe 1.8, Back Office Server 3.0/4.0, Tivoli Security Manager/Policy Director/Netview/Workload, Symantec DCS, Scheduler/Enterprise Console, OpenNet, Nokia IPSO/Voyager, Cisco Call Manager, Compaq Storage Works, Bit9, Cisco Network Registrar, Cisco Secure, SNORT, Tivoli Storage Manager, Tivoli Security, NMAP, ISS, Visual Pulse, Visual Route, RAT, Ncircle, Tripwire, Project Server, LDAP, Cisco Secure TACACS+, SolarWinds, Nagios, Cacti, Rancid, etc. PCI DSS 1.X, 2.X, 3.2, Symantec Endpoint Encryption, UCCAAS, PAAS/aPAAS, CAAS, IAAS, FAAS, Amazon, Microsoft Azure, Websense, F5, Netapp, Palo Alto, Cisco, Cloud deployments
Protocols:
TCP/IP, IGRP/EIGRP, GGP, EGP, XTP, OSPF, AppleTalk, IP, DCAP, GDP, HSRP, RIP, BGP, PPP, X.25, IPX/SPX, NetBEUI, DLC, RS232, PPPOE, PPPOA, ATM, MGCP, SIP, H.323, LDAP, LDAP3, MGCP, SIP, Skinny, etc
Programming: Python Scripting, C++, Visual Basics 5.0/6.0, HTML, Java, Assembly Language, AS400 Command Line language, RPG/RPG3; etc.
Hardware:
Compaq, Dell, Sun, HP, IBM, Foundry, Juniper, Mac, Nokia, Cisco: Workstations, Servers, AC/DC circuits, motherboards, hard-drives, floppy-drives, CD-ROM drives, video cards, network cards, RJ 45 cables, FIDDI cables, phone switches, PBX, SCSI cards; SCSI drives, PC computer repair, circuits, hubs, routers, Cisco Catalyst 29XX, 35XX, 4XXX, 55XX, 65XX 72XX, 75XX, 10,000 switches/routers, Cisco AS5300, DSU/CSU, modems, frame relay, ISDN, DSL, ADSL, T1, T2, DS3, OC3 Fort Knox Firewall, Check Point Firewall-1, Cisco Pix Firewall, UPS back-up; RAID0/RAID5 backup drives; DSLAM, CPE, access concentrators, AC120, Lucent CBX500, F5 BIG-IP Load Balancer, Cisco PIX 510/520, Cisco IDS, Compaq RA8000, Netscreen 1000/500/100, Cisco AVVID Technology, VG routers, Juniper SA, Cisco Nexus 9K/7K/5K/2K switches, Cisco MDS, Cisco UCS, Cisco ASA 5585-X/55XX series, VMWare/VCenter 4/5/6
Security:
ISO 13485:2016, ISO 9001:2015, ISO 17799, HIPPA, SOX, SSAE 16, SOC 1 & 2 Type 1 & 2 Audits, FIPS-140-2
Education: Heald Institute of Technology, AAS: Electronics, Computer Science, and Network Technology
CAL State Hayward, BA: Computer Science
Chabot College: Business/Marketing
Mission San Jose High School
CopperMountain IP Networking
CopperMountain ATM/Frame Relay
CopperMountain CE200 DSLAM
Cisco 6130/6160 DSLAM
Cisco 6400 Access Concentrator
Cisco 7500/6500 Router /Switch
ICRC/ACRC course
VMware 4/5/6
Microsoft MCSE – NT 4.0/Novell Netware 4.11
Hello Computers – CCIE Routing and Switching, Security, Service Provider, & Voice, CSS1, CCSP CCNP, CCDP, CCDE, CCNA, CISSP, CISA, CISM, SCNA – Solaris I &II
Certifications: CCIE – Emeritus, Data Center, Security/Routing & Switching/Service Provider/Storage Area Networking/Collaboration/Voice
Cisco Certified Internetworking Expert, Cisco Certified Design Expert, Microsoft Certified Systems Engineer, MCP+ Internet, A+, Cisco Certified Network Associate, Cisco Certified Network Professional, Certified Novell Engineer, CheckPoint Certified Security Engineer, Cisco Security Specialist 1 Network +, Certification for Information System Security Professional, SCNA – Solaris I &II, JNCIE-ENT,JNCIE-SEC, GSEC, CISM, PMP, MCSE 2003 – Security, RHCE, VCP4/5/6-DCV, PCNSE6/7, CCSE R77.30, CCSM R77.30, AWS Certified Solutions Architect Professional, MCSD - Microsoft Azure Solutions Architect Certified, CCISO - Certified Chief Information Security Officer, GCP Cloud Architect certified
Employment History:
11/16 – Present Large Software Company South San Francisco, Ca
Cloud Network/Security Architect – Team Leader/Owner
Lead large software company in their journey to bring their workloads into the Cloud. Designed and architected their first Cloud deployment for their Sales Demo environment into Microsoft Azure working as the Lead architect and managing the MS, GCP, AWS account teams. Implemented the solution and took it globally to a production and EDR design globally and expanded to a multi-cloud architecture using N+1 architecture in Azure, GCP, AWS and Converged Cloud. Built and managed their Platform Cloud Network and Security Operations global team of over 30+ team members. Staffed global resources for a follow the sun model. Cisco ACI, Datacenter network and Security Audits, PCI DSS 3.2 Audits, assessments, scanning, and mitigations. CyberSecurity team lead. Palo Alto, Cisco ASA firewall, F5 Load Balancers, implementation and support. Multiple large enterprise and ISP level Data Center migrations, implementations and support. Responsible for architecting, designing, planning, engineering, and operational support of the Production Sales Demo Azure Environment and Enterprise network infrastructure both on premise and in the Azure, GCP, AWS clouds. Power Shell, Python, Terraform Scripting and automation. Proficient in Cisco IOS for configuration troubleshooting of routing protocols: MP-BGP, OSPF, EIGRP, RIP, BGP v4, MPLS. Expert understanding of VPN technologies, including but not limited to VPLS, L3VPN, L2TPv3, IPSec, and MPLSoGRE. Built on prem to cloud WAN architecture using BGP underlay/overlay routing with IPsec encryption. Cisco SD-WAN global design with regional Virtual hub to hub routing between the Multi-Cloud providers for the migrations of all workloads from on-prem to Cloud
3/16 – 11/16 Cornerstone San Mateo Ca
Lead Cisco Security Architect – ISE implementation (Consulting Position)
•Advanced support and experience with deployment, configuration and deep troubleshooting of Cisco ISE (Identity Services Engine), Cisco Prime, Cisco 5585 ASA, PKI, MFA and mobile device management. CyberSecurity team lead
• Experience configuring and deploying Cisco AnyConnect Secure Mobility Client with Network Access Manager, ISE Posture Module, VPN
• Thorough understanding of wired, wireless and remote security provisioning and authentication with Cisco ISE and Microsoft Active Directory (AD)
• Advanced configuration of Cisco 4500, Cisco Nexus switches and routers
• Configuration of F5 load balancers
• Sold experience with OSPF and BGP
• Configuration and support of Riverbed Steelhead WAN optimizers and mobile client
• CCNP - Security (required)
• Experience with Cisco ISE, Cisco Prime, Cisco 5585 ASA, PKI, MFA and mobile device management
• Experience with Cisco AnyConnect Secure Mobility Client with Network Access manager, ISE Posture Module and Cisco VPN
• Experience with wired, wireless and remote security provisioning and authentication with Cisco ISE and Microsoft Active Directory
• Provided pre and post sales engineering/architecture.
• Architected, designed and deployed and configured Cisco SNS 3515/3595 and Cisco ISE Virtual appliances
• Configured failover between DC’s for PAN/PSN’s
• Google Cloud Platform migrations and design
• MS Azure migrations and design
• Amazon migrations and design
12/14 – 3/16 State Compensation Insurance Fund Pleasanton/Vacaville Ca
Lead Cloud Architect (Consulting Position)
Member and Team Lead for the Company’s Cloud Engineering and NetES Group
• Project Lead and sole resource for all SCIF Cisco FlexPod Environments
• Project Lead for Company’s Big Data Infrastructure
Implementation.
• Project Lead PCI DSS Compliance
• Project Lead Company's new Private Cloud Engineering Group
• Project Lead to implement Company's Flexpod Cloud Engineering UCS
based Infrastructure. Python Scripting and automation.
• Project lead for Cisco ISE/802.1x deployment and upgrades
• Helped migrate existing infrastructure and applications to new
private cloud infrastructure
• Provided Tier 3 support for Network/IT Unix/Linux/Storage/VMWARE
Operations and support NetEs
• Project Lead Network Segmentation using Palo Alto Firewalls and Panorama management
• Palo Alto Firewalls PA-5000/3000
• Advisor/Mentor NetEs/CE/Unix/Linux/Storage members on Team
• Helped resolved various production problems
• Define standards/Policies and procedures for the
NetES/Linux/Unix/Storage/CE Team
• CheckP 0063oint, Palo Alto, Fortinet, Cisco ASA management
• Datacenter migration and implementation to DR site
Environment:Cisco FlexPod, Cisco UCS,RHEL4 – 6, VMWARE 5.x HP-UX 11.31, NetApp Filers3270, Hitachi AMS 2500/USPV, Nexus, Brocade san switches 5100 series T4QLK cf gfdsXZhhgx
HealthCare Client Projects – Sutter Health, Alameda Hospital, Alta Bates Hospital, McKesson, and Shaklee Corporation.
2002 – 2009 Alta Bates Hospital -
Senior Network/Security/Wireless Consultant
2007 –2012 Sutter Health –
Senior Network/Security/UC Consultant
2010 – 2015 Dignity Health –
Senior Network/Security Consultant
2010 – 2011 Shaklee Corporation., Pleasanton, Ca
2014 – 2016 Global Cloud/Network/Security/UC Consultant
2012 – 2016 Verizon Business, Pleasanton, Ca
Senior Solutions Architect
o Senior Data Center Infrastructure engineer responsible for the deployment, maintenance and support of the Unified Communications and Collaboration as a Service (UCaaS) system.
oo Responsibilities include:
1) Integration of UCaaS services into the data center shared infrastructure
2) the design, build-out and maintenance of Unified Communications Systems (UCS) infrastructure for Voice over IP Customers.
3) Data center UCaaS capacity planning
4) Firmware/hardware upgrades for Cisco Unified Computing Systems (UCS) chassis, blades, v1k switch and management system
5) UCaaS and VCenter VM maintenance, upgrades and administration
6) UCaaS and Unified Communications system backup and replication system infrastructure design and support
7) UCaaS VCenter and UCS systems access, roles and Active Directory management
8) Tier-3 responder to UCaaS data center issue resolution, including UCS, MDS, Nexus, VCenter, and SIP trunking
9) Data center migration
oo Hardware systems include UCS N20-B6625-1 servers with Palo CNAs, 2104XP fabric extenders, Cisco Nexus 1kv switch, Nexus 7k switches, MDS 9222 FC switches, VCenter VM/Active Directory operations, and Acme SIP session border controllers.
o Build-out of customer enterprise networks as cloud services within the shared hosting center.
o Responsible for network design and implementations for 1) web hosting, 2) customer and 3) WAN infrastructure implementations. Implementations include Nexus 7k, Cisco 12410 GSRs, 65xx switches, Cisco FC MDS 9222, Cisco security appliance (5580, 5520) configurations, in layer 3 and transparent modes, single and multi-context.
o Provide highest escalation for customer network related issues
o CheckPoint, Palo Alto, Fortinet, Cisco ASA management
o Project lead for Cisco ISE/802.1x deployment and upgrades
2014 – 2016 Safeway Inc., Pleasanton, CA
Cisco/CompuCom Lead UC Architect Implementation/Remediation
Collaborate with senior Safeway business and technical stakeholders, and Cisco network engineering team, to design site specific remediation and implementation plans to successfully deploy a multimillion dollar Cisco Voice over IP (VoIP) solution at over 1300 Safeway Inc. brand retail stores and 100 supply chain and corporate office locations.
Design overall program implementation methodology and structure to successfully manage multiple concurrent site surveys and solution deployments across the country. Architect all phases of VoIP deployment from site survey, remediation, provisioning, installation, testing, troubleshooting, turn-up and customer sign-off. Datacenter migration from test, staging and then to production.
Conduct and Lead site specific survey at all locations to assess current LAN/WAN network, PBX infrastructure and develop remediation recommendations to support VoIP solution. Develop and direct technical project teams and business stakeholders throughout the project life-cycle to create and deploy custom engineered VoIP solutions to enable specific business requirements. Built, tested, and deployed configurations scripts for Voice Gateways, WAN routers, Core, Access, and Distribution switches, and required rules for firewalls. CheckPoint, Palo Alto, Fortinet, Cisco ASA management Escalation point for all technical aspects of the project.
2011 – 2016 Shaklee Corporation., Pleasanton, Ca
Chief Information Security Officer – CISO/CSO
2010 – 2015 WWT – World Wide Technology, Hayward, Ca
Senior Network/Security Consultant
7/11 – 12/11 Franklin Templeton Investments, San Mateo/Rancho Cordova, Ca
Senior Cisco VOIP, Security, Network, UC Consultant - CCIE – (Consultant)
Senior UC Consultant lead brought in as SME for reviewing their current Global Avaya design to integrate with a Global Cisco UC integration Pilot initiative. Worked with the Franklin Templeton Investments team to deliver a world class unified communications fabric to the FTI business. FTI already had over 5,000 users worldwide enjoying the benefits of Microsoft MOC video, voice and IM collaboration as well as an extensive Tandberg video environment. Deployed Cisco Call Manager Express to a number of small offices and established their first regional Cisco Call Manager system as a pilot to support initial technology users and then business users. Managed and worked with Cisco VAR and partner BT for Pilot and deployments globally. Fully integrated Cisco CUCM with the Microsoft OCS/Lync UC client and with the Tandberg video products as well as legacy Avaya systems to provide a completely seamless experience for their internal business clients. Installed configured and managed Cisco CUBE, Session Manager clusters, CUCM clusters, and Cisco Unity Connection clusters globally on Cisco UCS platforms. Converted all remote CCME and CUE across the WAN to SRST Voice gateways and migrated from MGCP to H.323 for centralized management and call processing at the HQ clusters. Managed and designed all global templates. Configured SNR and mobility utilizing the new features in CUCM 8.6.1 and also CUPS and CUCM features based on business requirements. Implemented, designed, and managed Cisco Tanberg servers for Video conferencing globally. Implemented industry standard best practices for their Global dial plan. Setup naming convention with site code based on location. Implemented standard CoS with line level blocking utilizing CSS’s and Partitions at the device and line level. Setup Call Admission Control, Regions and Codec’s with intrasite default g.711 and g.729 for intersite calls. Provided ongoing documentation and training to IT Staff on their new Cisco UC and VOIP Architecture.
Global CUCM, CUMA, CUPS, and Unity design, implementation, and configuration.
Global dial plan design and implementation
Global Cisco Tanberg design, deployment and support
Architect, monitor, and maintain WAN/LAN infrastructure supporting business-critical services
Support Cisco switches, routers, firewalls, VPN; ASA firewalls
Build / support connections for site-to-site VPNs and for user remote access
Troubleshoot and quickly resolve network issues
Manage and maintain VoIP, video and voice mail services
Maintain documentation, inventory, and licensing
Periodic on call duties required (after hours / weekend)
1/11 – 12/15 Good Technology Inc., Redwood City, Ca
Senior Cisco VOIP, Security, Network Consultant - CCIE – (Consultant)
Senior VOIP and Network Consultant brought in as SME for reviewing their current Global Cisco VOIP design and to assist in accommodating their implementation and design for Exchange 2010 and Lyncs Server 2010 deployment for their Global Unified Messaging Solution. Consolidated and migrated their existing CUCM 4.1 deployment in RWS to a new CUCM 7.1.3 deployment in RWS and upgraded their CUCM 7.1.3 to the latest version at the time CUCM 8.5.1. The licenses from the original 4.1 install were migrated to the newer Cisco DLU model. In addition the software feature license for the CUCM 7.1.3 upgrade to CUCM 8.5.1 was obtained and installed. Converted all remote CCME and CUE across the WAN to SRST Voice gateways and migrated from MGCP to H.323 for centralized management and call processing at the HQ clusters in RWS. Configured SNR and mobility utilizing the new features in CUCM 8.5.1 and also CUPS and CUCM features based on business requirements. Implemented, designed, and managed Cisco Tanberg servers for Video conferencing globally. Implemented industry standard best practices for their Global dial plan and migrated from 4 digits extension to 7 digits with first 3 digits indicating location. Setup naming convention with three letter site code based on location. Implemented standard CoS with line level blocking utilizing CSS’s and Partitions at the device and line level. Setup Call Admission Control, Regions and Codec’s with intrasite default g.711 and g.729 for intersite calls. Configured SalesForce Connector and provided post office consolidation support. Provided documentation and training to IT Staff on VOIP Architecture. Planning for move from RWS to Sunnyvale
Global CUCM, CUMA, CUPS, and Unity design, implementation, and configuration.
Global dial plan design and implementation
Global Cisco Tanberg design, deployment and support
Architect, monitor, and maintain WAN/LAN infrastructure supporting business-critical services
Support Cisco switches, routers, firewalls, VPN concentrators; F5 Networks LTMs; Juniper NetScreen firewalls
Build / support connections for site-to-site VPNs and for user remote access
Troubleshoot and quickly resolve network issues
Manage and maintain VoIP, video and voice mail services
Maintain documentation, inventory, and licensing
Periodic on call duties required (after hours / weekend)
9/10 – 6/11 SalesForce, San Francisco, Ca
Senior Network, VOIP, and Security Consultant – CCIE (Consultant)
Provided the design, implementation of global voice infrastructure, for their mergers and acquisitions. Provided enterprise security such as network segmentation, application firewall, proxy services, VPN, global build out related to facility, data and voice circuit provision, vendor coordination, and cross functional team dependencies.
• Analyzed, designed, tested, documented, implemented and support of global voice solutions and converged network technologies.
• Analyzed and recommended contemporary and emerging technologies for deployment across the enterprise, including but not limited to MPLS WAN in a dual carrier cloud, QOS marking and policy map
• Subject Matter Expert – IP routing protocols including BGP, EIGRP, OSPF, IP Multicast, MPLS.
• Assisted in the roll-out of hosted contact center technology and integration with Cisco Unified Communication Manager.
• Designed and implemented Cisco IP Telephony applications, including the configuration and deployment of Cisco Communications Manager, Cisco Unity, Cisco Contact Center Express, Cisco Emergency Responder, and Presence.
• Designed and implemented Cisco Voice gateways with Survivable Remote Site Telephony (SRST) for remote sites.
• Designed and implemented Cisco Unity in configurations supporting Unified Messaging with Exchange.
• Configured and troubleshot voice services on all Cisco LAN/WAN hardware including: ISR Router/Voice Gateway, LAN Catalyst switches, and Communication Media Modules.
• Prepare and maintain up to date documentation for internal and external customers detailing configuration of deployed solutions.
• Resolved operational issues involving Cisco Communications Manager infrastructure and Cisco IP Telephony applications.
• Prepared disaster recovery plan for Cisco Communication Manager and related IP Telephony applications.
• Project lead for Cisco ISE/802.1x deployment and upgrades
• Provided 3rd tier support for corporate IP Telephony
• Trained and mentored to develop members of the team and other technical resources, as necessary
1/10 – 1/16 Aeris Communications Inc., San Jose, Ca
Chief Security, Network, and VOIP Architect – (Consultant)
Senior Network Consultant brought in as IP SME to support Aeris’s corporate and production networks. Performed network assessment and provided documentation with recommendations. Provided day to day network engineering and design tasks while working with the BU for strategic overall IP architecture. SME for 7609 with MWAM card for Aeris Mobile customers and designed and configured redundancy between San Jose and Las Vegas datacenter facilities. Setup and managed Aeris Global Cisco VOIP and Video implementation. Cisco Unified Call Manager 8.0 and Unity 7.0 with Cisco Teleprecence for video conferencing. Trained and mentored full time Senior Network engineer.
3/08 – 10/13 Elan Pharmaceuticals, Inc., South San Francisco, Ca
Chief VOIP, Security and Network Architect – VOIP/Security/Network Engineering (Consultant)
Brought in as Chief Network Consultant and was responsible for architecting and supporting all new and existing projects for Elan. Projects involved the design and build out of two subsidiary company expansions. Responsibilities also included for designing and building out a new three story building and coordinating their data center move. Company build outs were expedited projects with extremely condensed timelines. Designs included VOIP, Network Security, Wireless, Network Expansion/Consolidation and Vendor management. Trained and mentored replacement on site Senior Network Engineer.
Global CUCM, CUMA, CUPS, and Unity design, implementation, and configuration.
Global dial plan design and implementation
Nortel Legacy PBX integration with Cisco Unified Communications Manager deployment.
Global Cisco Telepresence design, deployment and support.
WAN design and upgrade from legacy AT&T Frame product to AT&T A-VPN
End to end QOS design and implementation
Direct responsibility for all vendor designs, coordination and management including; construction team meetings, cabling, and IT reseller.
Build out of Cisco Unified Wireless Network lightweight access points for parent company. Multiple Cisco 4404 LAN Controllers for redundancy and one WCS for central management of remote LAN Controllers.
Developed Security architecture leveraging Cisco ASA’s, IPS’s, Site to Site VPN’s and processes to enable communication with parent company
Established Security and Network standards, policies, and guidelines to comply with ISO requirements.
1/07 – 3/08 Visa, Foster City, Ca
Chief Security and Network Architect – Security/Network Engineering (Consultant)
MPLS lead design consultant for DEX, DPS, Corporate and International for Visa’s global MPLS deployment. Interviewed and selected Carriers for MPLS service providers for Visa Globally. Designed and configured Wireless LAN deployment for Visa Corporate networks and standards. Worked with Airdefense and Cisco on deployment. Worked with CIS teams to maintain compliance for IS policies and procedures and PCI compliance initiatives. Configured DMVPN for extranet build out, MPLS & WAN encryption, and to support services such as VOIP, multicast, QoS, etc
9/06 – 9/07 Chevron, San Ramon, Ca
Senior GLIRM Consultant – Global Information Risk Management (Consultant)
Provided High level Risk/Security assessments and high level Risk/Gap analysis to Chevron’s internal and external clients. Responsible for conducting high level analysis based upon International Privacy laws, the ISO 17799 and its controls and the Chevron internal security policies and procedures to review their vendors and clients policies and architecture to ensure a level of compliance and to cite any Risk/Gaps between the vendor and Chevron. Traveled to several vendor and sites throughout the world and the United States and Canada for on site reviews of their facilities and security procedures. Lead consultant for Chevron’s Global downstream and Corporate HR Privacy project. Assisted in the development and implementation of Risk management and Privacy tools for Chevron globally.
1996 – Present INSI - Internetworking Specialists Inc., Hayward, Ca
Senior Cloud/Network/Security/UC Consultant
Reporting to founder and CEO of INSI a Professional Services, Staffing, and IT consulting firm
Cisco ACI, Datacenter network and Security Audits, PCI DSS 3.2 Audits, assessments, scanning, and mitigations. CheckPoint, Palo Alto, Fortinet, SonicWall Cisco ASA firewall management, Symantec Endpoint Encryption, Symantec DCS, Symantec Firewalls/IPS, F5 Load Balancers, Bit9, Imperva, implementation and support. Multiple large enterprise and ISP level Data Center migrations, implementations and support. Responsible for architecting, designing, planning, engineering, and operational support of Enterprise network infrastructure both on premise and in cloud (AWS, Azure, etc.) Python Scripting and automation. In depth engineering experience in traffic management solutions, including the design, low level engineering, and delivery of new hardware systems as well as application load balancing solutions for client applications across the pre-provisioned infrastructure. Deploying, sustaining, managing, UCCAAS, PAAS/aPAAS, CAAS, IAAS, FAAS solutions with large Enterprises leveraging multiple ISP’s and Cloud providers. In depth knowledge of F5 BIG-IP Hardware Platforms. In depth knowledge of F5 TMOS Architecture including currently generally available software versions. In depth knowledge of F5 API. In depth knowledge of TCP/IP Protocols. Functional understanding and experience F5 load balancing in production E-commerce environment. Cloud based implementations and integrations with on prem datacenters. Both Microsoft Azure and Amazon. Deployment of Websense Cloud based solution using ForcePoint.
Functional understanding of network Layer 2 /3 switching and routing protocols.
Knowledge of ADC F5 LTM and GTM hardware platforms including engineering design and deployment implementation guidelines. Functional understanding of diverse set of networked applications requiring application traffic management solutions, including HTTP, HTTPS, SSH, FTP, DNS, NTP, ANYCAST services, and others. DMZ Network infrastructure knowledge including topology, security policies, firewalls and the L2/L3 switch and router infrastructure is required. Understanding of LTM Inbound SNAT configurations and outbound NAT server to IP mapping. F5 IHealth, IControl, and Payoda AppviewX self-service application experience. F5 certified. Google Cloud Platform, MS Azure, Amazon Cloud.
Contact this candidate