Senior Network Engineer, CCIE and CISSP, with both Design and Implementation Experience
Over twelve years experience specializing in the design and deployment of medium and large-scale internetworks, Internet connectivity strategies for service providers and customers, data network security architectures, and voice/data integration solutions with a focus on Voice over IP. Currently serving as Assistant Vice President and Information Security Consultant for Wachovia Corporation located in Charlotte NC.
Background includes extensive experience with Cisco Systems products, as well as many other vendors, utilizing various networking topologies and technologies to innovate creative solutions for network design challenges. Possess significant experience in performing assessment on proposed design and existing network infrastructures, which generate detailed reports that are presentable to clients.
|
Training |
Certifications |
|
|
Designed an endpoint-security deployment architecture for a large financial institution (125,000 users) utilizing network enforcement technologies to categorize access-classes, technology classifications, and endpoint integrity condition.
Delivered a proof-of-concept and pilot test environment, documentation, and deployment guidelines for wireline and wireless authentication using IEEE 802.1x port-management for a 300,000 port enterprise.
Engaged as the senior network consultant for a complete network and security infrastructure redesign of the e-commerce infrastructure for one of the largest insurance carriers in North America.
Designed and deployed a metro-Ethernet centric service-provider network for a regional Internet service provider using IP switches. This network interfaced with leased-line, existing Ethernet, and PON/FTTH technology.
Staged and deployed Newbridge/Alcatel Mainstreet ATM switches in a service-provider environment to deliver Internet service. Staged and deployed juniper M20 Internet routers in conjunction with ATM switches to provide Internet edge and core services.
Converted a disaster recovery data-center network to a production network using a multi-layer switched Ethernet solution, after the September 11th attack for a large financial institution. Built a new disaster recovery center network and employee work center. Designed a fault-tolerant WAN solution to interconnect these sites.
Re-engineered BGP peering for a regional ISP and re-designed customer edge attachment services and core network services.
Designed and deployed a 24-site routed WAN to support IP and Novell IPX services for a large multi-service insurance carrier. Deployed voice-over IP services using IP QoS mechanisms on the WAN.
Participated in testing a full-bandwidth (12mbps stream), multicast video solution across a carrier IP backbone for a major news network. Configured and deployed CPE to support video through the use of multicast, IP Precedence, and IP QoS technologies.
Wachovia Corporation (7/06 to Present) – Charlotte, North Carolina
Assistant Vice President / Information Security Consultant
Working in the Wachovia Threat & Vulnerability Management group as a solution architect responsible for the design, deployment, and implementation of advanced security solutions at the bank related to endpoint-security. Also responsible for maintaining a up-to-date market benchmark view of the enterprise endpoint security landscape, interfacing with organizations such as the Gartner Group and Forrester Research. Participated in various security architecture initiatives including edge access-control architectures, and Internet/DMZ strategies.
BTS Partners (9/04 to 7/06) – Charlotte, North Carolina
Senior Consultant
Responsible for design and implementation of voice and data networks and security technologies at customer sites. Specializes in consultative design and delivery of large-scale documentation and design projects for security, management, and operational process and procedures.
As a consultant, responsible for the delivery of detailed design and architecture documentation related to network security initiatives at various customers. Investigated and documented existing architectures and operational policies as part of the design process. Also responsible for proof-of-technology testing, planning and delivery of technology pilot programs, and emerging technology testing at customer sites for technologies such as IEEE 802.1x, BGP optimization, server load-balancing, personal-firewall systems,
Premier, Inc. (5/03 to 8/04) – Charlotte, North Carolina
Network Infrastructure Manager
Responsible for all aspects of the data and voice communication infrastructure operations in a 1500-seat enterprise network. Manage a team of six people with responsibility for all aspects of personnel management for this team. In addition, set workflow process, manage projects, and maintain relationships with various business units within the organization. As an operations lead; responsible for all delivery of network services enterprise-wide, including data-center network infrastructure, remote-access/VPN, network component-level monitoring via HPOV Network Node Manager and Solarwinds Orion Network Performance Monitor. In addition, team is directly answerable to various service-level agreements and key-performance indicators associated with various applications and business units.
Highlights (Premier Inc.):
Design and deployment of a new corporate firewall system based on Nokia/Checkpoint firewalls for an e-commerce intensive network environment.
Development and deployment of best practices for internal network management functions
Participated in development and deployment of disaster recovery plan
Designed new corporate Wide Area Network (saved the company over $500k per year in recurring WAN costs)
Designed reorganization strategy for existing data-center, including new cooling facilities, new structured wiring, and new datacenter cabinets and arrangement to maximize cooling and power resources.
Broadwing Technology Solutions (9/99 to 5/03) – Reston, Virginia
Principal Engineer
Served as lead engineer on both the Enterprise and Service Provider consulting teams for network infrastructure and professional services at Broadwing Technology Solutions. Consulted on various projects related to service-provider and enterprise networks, specifically large financial and insurance institutions. At Broadwing, performed LAN/WAN/Datacenter design and deployment for both service-provider and enterprise customers, utilizing a variety of LAN switches routers, ATM switches, firewalls, intrusion-detection, remote-access equipment and VPN gear. Assigned as the primary network consultant for the US operations of a global financial institution, having designed and rebuilt their entire US enterprise network infrastructure after the 9/11 attack. During an eighteen month period, designed and deployed a new, resilient data-center infrastructure, disaster-recovery site, and metro-area network for this organization in the New York City area, and was involved in network security architecture, resilient LAN and WAN services, connectivity to a global network infrastructure, and rolled out network management services. In addition to this project, also designed and deployed other large-scale LAN and WAN projects for other customers, developed secure Internet infrastructures, performed detailed LAN and WAN analysis, security audits, and network feasibility studies. Assisted in the rollout of various enterprise applications, including thin-client deployments, IP-Telephony, network-based authentication, virtual-private networks and remote-access solutions. In addition to pure networking infrastructure, experience included building Linux, Solaris, HP-UX, Windows 2000 and NT 4.0 servers; deploying network services such as DNS, WINS, DHCP, authentication services, network management frameworks such as HP Openview Network Node Manger, Castlerock’s SNMPc, and others, on these platforms. Also engaged in IP service delivery design utilizing MPLS as well as IP-Storage Area Network technology. Major contributor to a business continuance/high-availability networking whitepaper/practice book for Broadwing Technology Solutions outlining best practices for deployment of various technologies in an Enterprise setting.
Highlights (Broadwing Technology Solutions):
Design and implementation of medium and large-scale Local Area Networks utilizing Cisco, Extreme and Foundry Layer-2 and Layer-3 switching technologies
Design and implementation of 802.1p Class of Service and IP Quality of Service on Cisco and Extreme LAN switches
Design and implementation of scalable, resilient, fault-tolerant networks utilizing 802.1s Multiple Spanning Tree (MST), 802.1w Rapid Spanning Tree (RST) and 802.3ad Link Aggregation Control Protocol (LACP)
Design and implementation of fault-tolerant layer-3 switching services utilizing dynamic routing protocols such as OSPF, IS-IS, RIP, BGP, and standby router protocols (HSRP, VRRP)
Design and implementation of multilayer LAN environments to support Voice and Video over IP using layer-2 and layer-3 QoS techniques, signaling technologies such as H.323 and MGCP
Design and implementation of secure Internet infrastructures, firewalls, Intrusion-detection systems, and personal remote-access and VPN solutions
Deployment and configuration of network management systems, including RMON probes, and framework applications such as HP Openview Network Node Manager
Design and deployment of medium and large-scale Wide-Area Networks (WANs) utilizing ATM, Frame-Relay, private-line and SONET technologies.
Design and deployment of various network-based Layer-4 switching solutions and network-based server clustering solutions
Design and deployment of various high-availability Internet architectures, firewall load balancing, and Internet load-balancing solutions.
Design and deployment of various Voice over data solutions and Quality of Service schemes utilizing Voice over Frame-Relay (VoFR) with Frame-Relay Traffic Shaping and Voice over IP (VoIP) utilizing Low-Latency Queuing, Resource Reservation Protocol (RSVP) and Weighted Fair-Queuing, for toll-bypass solutions in Enterprise WAN systems
Design and deployment of various time-division multiplexing (TDM) solutions to support converged voice, video and data
Deployment of Cisco IP Telephony solutions
Configured and deployed numerous server-based solutions for network based services such as network management stations, syslog and SNMP trap consoles, distributed network management applications, DHCP, and DNS, utilizing HP-UX, Solaris, Linux, and Windows NT/2000 for operating systems.
Develop and document complex standards-based network architectures for both existing network infrastructures and new “green-field” deployments.
Present documented design proposals to customers in a group setting
Performed detailed network architecture and security reviews for numerous clients’ Internet perimeter, internal networks, and remote-access deployments
Operated protocol analyzers, T1 and T3 BERT sets, and other network analysis tools to assist in troubleshooting and documentation
Generate and complete equipment staging and burn-in checklists
Thorough understanding through technical coursework and reading of major Ethernet technologies including emerging standards such as 802.3ae, 10Gb/s Ethernet
Thorough understanding through technical reading, coursework, and lab implementation of Multi-Protocol Label Switching, RFC-2547bis virtual private networks, Martini-Draft Layer-2 transport over MPLS (Frame-Relay over MPLS and Ethernet over MPLS) and MPLS traffic-engineering topics such as RSVP-TE signaling, constraint-based LSPs, and Label Distribution Protocol (LDP)
Thorough understanding through technical coursework, reading, and practical experience, of IP Quality of Service issues including Diff-serv, IP Precedence, queuing techniques, Random Early Detection (RED) methods, and traffic shaping on Cisco, Juniper, and Extreme network equipment
Understanding of Storage Area Network technologies and solutions
Understanding of Redundant Packet Ring (RPR) technologies and solutions
Understanding of Data-center components and concepts
Understanding of IP video architectures, multipoint conferencing utilizing H.323 zones and gatekeepers, and T.120 data-sharing applications
Powercom Inc. (5/96 to 8/99) – Santa Barbara, California
Director of Technology
Powercom was a Network Integrator. Responsible for all deployment of customer network equipment sold. As a manager, built a service department from the ground-up; implementing a billing system, rate schedule, vendor relations and sales coordination procedures, network operations and design bureau, training, and network turnkey systems and project management facilities. Helped develop relationships with several regional service providers that lead to Powercom becoming a sole-source provider and installer for customer premise equipment (CPE) used to terminate dedicated links to these service providers. In addition, spent extensive time deploying customer premise equipment for dedicated private-line, frame-relay, ATM, and SMDS circuits, coordinating and turning up these services and building private wide-area networks and virtual private networks. Designed and deployed multiple medium and large-scale enterprise local-area networks with routed VLANs, as well as routed WANs, bridged wireless links, wireless LANs, and voice/data integration using TDM, VoFR and VoIP technologies, and remote access solutions for several mid-sized financial institutions. Also deployed various network/networked applications on both Linux and Windows NT platforms at customer locations.
Highlights:
Project management for circuit turn-up coordination with various telecom vendors
Managed and developed customer and vendor relations
Advanced configuration of Cisco routers for ATM, DS1 and DS3 private-line, and Frame-Relay services
Design and implementation of numerous routed wide-area networks
Design and implementation of numerous switched local-area networks
Included in the Cisco beta-test team for router-based Voice over Frame-Relay and Voice over IP
Designed and implemented outsourced network management product
Designed, deployed and maintained local and wide-area networks for several mid-sized retail banking customers
Designed and deployed Internet perimeter security solutions using firewalls and other packet-filtration devices for various customers
Designed and deployed remote-access solutions using both dialup and IP-VPN, as well as supporting authentication-systems using RADIUS
Infonet Communications Inc. (6/95 to 4/96) – Fresno, California
Network Manager
Infonet Communications Inc. was a small Internet Service Provider located in Central California. Responsible for the design and development of their IP network and multiple Internet services such as SMTP/POP mail, Domain-Name System (DNS), NNTP News service, and web-server maintenance. Built a regional service-provider network using ATM/DS-3 links between several core and regional distribution sites, developed a remote-access platform for customers to use, and built several systems dedicated to various Internet services using the Linux operating system. Coordinated the delivery of services to all dedicated customers, including circuit delivery and CPE configuration and deployment. Participated in network planning and related issues such as IP allocations from the InterNIC (pre-ARIN) and to customers (SWIP). Also participated, as a potential customer, in initial planning meetings and discussions revolving the development of the Pacific Bell Network Access Point, (NAP) in Northern California.
Highlights:
Built and managed a small team of network engineers and operations personnel
Managed and maintained relationships with key telecom vendors
Designed and deployed a regional public IP network infrastructure
Built and maintained public peering and routing policies utilizing BGP at several network access points
Comtech Computers (12/94 to 6/95) – Fresno, California
Network Consultant
Comtech was a small computer shop that specialized in Novell servers and PCs. Served as consultant/technician responsible for PC repair/upgrades. Also spent time on a wiring crew. Before moving to Infonet, attained Novell CNA and spent time deploying Novell Netware servers, MS/Windows clients, and Windows NT servers.
Highlights:
Learned basics of computer architecture, assembled custom (white-box) computers and servers
Serviced numerous customer LANs
Learned basics of network wiring installation
Worked with Novell and Windows Network Operating Systems
California State University Fresno
Bachelor of Arts in Political Science (1994)
Minor in History
Affiliations
Institute of Electrical and Electronic Engineers, Inc. (IEEE)
International Information Systems Security Certification Consortium (ISC2)
Boy Scouts of America Troop 39, Matthews NC