To work for a company where I always have the opportunity to learn new things and put my existing skills and knowledge to good use in a leadership role among a team of like-minded individuals.  I prefer full-time employment in the Charlotte, North Carolina area but I would consider relocating for the right opportunity.

I have over fourteen years experience specializing in the design and deployment of medium and large-scale internetworks, Internet connectivity strategies for service providers and customers, data network security architectures, and voice/data integration solutions.  I am currently serving as Assistant Vice President and a Senior Network Security Architect for Wachovia Bank NA located in Charlotte NC.

My background includes extensive experience with Cisco Systems products, as well as many other vendors, utilizing various networking topologies and technologies to innovate creative solutions for network and network security design challenges. I possess significant experience in performing assessment on proposed design and existing network infrastructures, and can generate detailed reports that are presentable to clients.

I am currently working in the Wachovia Bank Network Security Services group as a senior network security architect; responsible for the design of advanced security solutions at the bank related to network security, their architecture, evaluation of products, integration with existing systems and processes, design of supporting tools, and definition of operational specifications and standards for deployment.

Achievements:

• Developed and tested an architecture for Remote-Trigger Black Hole Routing (RTBH) via BGP route-injection to assist with data-leakage protection and denial-of-service attack mitigation.
• Developed and maintained the Network Security Services “Statement of Work” process and documentation template to assist in managing the scope of projects and associated resources and requirements.
• Designed a secure share-space network access strategy for a publicly accessible training area shared between Wachovia and Wake Forest University
• Presenter at the 2008 Burton Group Catalyst on Network Access Control technology

I was working in the Wachovia Threat & Vulnerability Management group as a solution architect responsible for the design, deployment, and implementation of advanced security solutions at the bank related to endpoint-security. I was also responsible for maintaining an up-to-date market benchmark view of the enterprise endpoint security landscape; interfacing with organizations such as the Gartner Group, The Burton Group, and Forrester Research.  I participated in, and contributed to, various security and network architecture initiatives including edge access-control architectures, and Internet/DMZ strategies.

Achievements:

• Designed the endpoint security access security strategy encompassing 350,000 access ports, wireless and over 225,000 endpoints
• Designed a RADIUS load-balancing system using application load-balancers and RADIUS appliances with a focus on redundancy and scalability
• Performed malware research and analysis as part of a threat management team
• Evaluated emerging behavior-based protection technologies for both endpoint and network
• Architected a wire-line guest-access strategy
• Designed and architected a clientless-device assessment tool for an 802.1x-enabled environment
• Defined and designed a monitoring and metrics tool system for an 802.1x-enabled environment
• Defined a perimeter router security standard (scorecard) and process to evaluate deployed configurations
• Defined an architecture for a remote-trigger black-hole system via BGP for the Wachovia Internet presence
• Co-authored endpoint security RFP

At BTS I was responsible for design, testing, and implementation of data network technologies and security technologies at customer sites.  I specialized in consultative design and delivery of large-scale documentation and design projects for security, management, and operational process and procedures.  As a consultant, I was responsible for the delivery of detailed design and architecture documentation related to network security initiatives at various customers.  I investigated and documented existing architectures and operational policies as part of the design process.  I was also responsible for proof-of-technology testing, planning and delivery of technology pilot programs, and emerging technology testing at customer sites for technologies such as IEEE 802.1x, BGP optimization, server load-balancing, personal-firewall systems, RADIUS authentication/authorization systems, and other related technologies.

Achievements:

• Designed an Internet network infrastructure strategy for a leading insurance company
• Investigated access-edge control strategies for a top-5 financial institution

At Premier, I was responsible for all aspects of the data and voice communication infrastructure operations in a 1500-seat enterprise network.  I managed a team of six people with responsibility for all aspects of personnel management for this team.  In addition, I set workflow process, managed projects, and maintained relationships with various business units within the organization.  As an operations lead; I was responsible for all delivery of network services enterprise-wide, including data-center network infrastructure, remote-access/VPN, network component-level monitoring via HPOV Network Node Manager and Solarwinds Orion Network Performance Monitor.  In addition, my team was directly answerable to various service-level agreements and key-performance indicators associated with various applications and business units.

Achievements:

• Design and deployment of a new corporate firewall system based on Nokia/Checkpoint firewalls for an e-commerce network environment.
• Development and deployment of best practices for internal network management functions
• Participated in development and deployment of disaster recovery plan
• Designed new corporate Wide Area Network (saved the company over $500k per year in recurring WAN costs)
• Designed reorganization strategy for existing data-center, including new cooling facilities, new structured wiring, and new datacenter cabinets and arrangement to maximize cooling and power resources.

I served as lead engineer on both the Enterprise and Service Provider consulting teams for network infrastructure and professional services at Broadwing Technology Solutions.  I consulted on various projects related to service-provider and enterprise networks, specifically large financial and insurance institutions.  At Broadwing, I performed LAN/WAN/Datacenter design and deployment for both service-provider and enterprise customers, utilizing a variety of LAN switches routers, ATM switches, firewalls, intrusion-detection, remote-access equipment and VPN gear. I was assigned as the primary network consultant for the US operations of a global financial institution, having designed and rebuilt their entire US enterprise network infrastructure after the 9/11 attack.  During an eighteen month period, I designed and deployed a new, resilient data-center infrastructure, disaster-recovery site, and metro-area network for this organization in the New York City area, and was involved in network security architecture, resilient LAN and WAN services, connectivity to a global network infrastructure, and the roll-out of network management services.  In addition to this project, I also designed and deployed other large-scale LAN and WAN projects for other customers, developed secure Internet infrastructures, performed detailed LAN and WAN analysis, security audits, and network feasibility studies. I was asked to assist in the rollout of various enterprise applications, including thin-client deployments, IP-Telephony, network-based authentication, virtual-private networks and remote-access solutions.  In addition to pure networking infrastructure, I gained additional experience, included building Linux, Solaris, HP-UX, Windows 2000 and NT 4.0 servers; deploying network services such as DNS, WINS, DHCP, authentication services, network management frameworks such as HP Openview Network Node Manger, Castlerock’s SNMPc, and others, on these platforms.  I was also engaged in IP service delivery design utilizing MPLS as well as IP-Storage Area Network technology.  Finally I was a major contributor to a business continuance/high-availability networking whitepaper/practice book for Broadwing Technology Solutions outlining best practices for deployment of various technologies in an Enterprise setting.

Achievements:

• Designed and deployed a metro-Ethernet centric service-provider network for a regional Internet service provider using IP switches.  This network interfaced with leased-line, existing Ethernet, and PON/FTTH technology.
• Staged and deployed Newbridge/Alcatel Mainstreet ATM switches in a service-provider environment to deliver Internet transport service.  Staged and deployed Juniper M20 Internet routers in conjunction with ATM switches to provide Internet edge and core services.
• Converted a disaster recovery data-center network to a production network using a multi-layer switched Ethernet solution, after the September 11th attack for a large financial institution.  Built a new disaster recovery center network and employee work center network environment.  Designed a fault-tolerant Metro-LAN solution to interconnect these sites.
• Re-engineered BGP peering for a regional ISP and re-designed customer edge attachment services and core network services.
• Designed and deployed a multi-site wide-area network for converged voice and data services for a large insurance carrier

Highlights and Experience Gained:

• Design and implementation of medium and large-scale Local Area Networks utilizing Cisco, Extreme and Foundry Layer-2 and Layer-3 switching technologies
• Design and implementation of 802.1p Class of Service and IP Quality of Service on Cisco and Extreme LAN switches
• Design and implementation of scalable, resilient, fault-tolerant networks utilizing 802.1s Multiple Spanning Tree (MST), 802.1w Rapid Spanning Tree (RST) and 802.3ad Link Aggregation Control Protocol (LACP)
• Design and implementation of fault-tolerant layer-3 switching services utilizing dynamic routing protocols such as OSPF, IS-IS, RIP, BGP, and standby router protocols (HSRP, VRRP)
• Design and implementation of multilayer LAN environments to support Voice and Video over IP using layer-2 and layer-3 QoS techniques, signaling technologies such as H.323 and MGCP,
• Designed and implemented secure Internet infrastructures, firewalls, Intrusion-detection systems, and personal remote-access and VPN solutions
• Deployed and configured network management systems and tools, including RMON probes, and framework applications such as HP Openview Network Node Manager
• Designed and deployed medium and large-scale Wide-Area Networks (WANs) utilizing ATM, Frame-Relay, private-line, and SONET technologies.
• Designed and deployed of various network-based Layer-4 switching solutions and network-based server clustering solutions
• Designed and deployed various high-availability Internet architectures, firewall load balancing, and Internet load-balancing solutions.
• Designed and deployed various Voice over data solutions and Quality of Service schemes utilizing Voice over Frame-Relay (VoFR) with Frame-Relay Traffic Shaping and Voice over IP (VoIP) utilizing Low-Latency Queuing, Resource Reservation Protocol (RSVP) and Weighted Fair-Queuing, for toll-bypass solutions in Enterprise WAN systems
• Designed and deployed various time-division multiplexing (TDM) solutions to support converged voice, video and data
• Participated in deployment of Cisco IP Telephony solutions
• Configured and deployed numerous server-based solutions for network based services such as network management stations, syslog and SNMP trap consoles, distributed network management applications, DHCP, and DNS, utilizing HP-UX, Solaris, Linux, and Windows NT/2000 for operating systems.
• Developed and documented complex standards-based network architectures for both existing network infrastructures and new “green-field” deployments.
• Present documented design proposals to customers in a group setting
• Performed detailed network architecture and security reviews for numerous clients’ Internet perimeter, internal networks, and remote-access deployments
• Operated protocol analyzers, T1 and T3 BERT sets, and other network analysis tools to assist in troubleshooting and documentation
• Developed and generated complete equipment staging and burn-in checklists
• Obtained a thorough understanding through technical coursework and reading of major Ethernet technologies including emerging standards such as 802.3ae, 10Gb/s Ethernet
• Obtained a thorough understanding through technical reading, coursework, and lab implementation of Multi-Protocol Label Switching, RFC-2547bis virtual private networks, Martini-Draft Layer-2 transport over MPLS (Frame-Relay over MPLS and Ethernet over MPLS) and MPLS traffic-engineering topics such as RSVP-TE signaling, constraint-based LSPs, and Label Distribution Protocol (LDP)
• Obtained a thorough understanding through technical coursework, reading, and practical experience, of IP Quality of Service issues including Diff-serv, IP Precedence, queuing techniques, Random Early Detection (RED) methods, and traffic shaping on Cisco, Juniper, and Extreme network equipment
• Gained an understanding of Storage Area Network technologies and solutions
• Gained an understanding of Redundant Packet Ring (RPR) technologies and solutions
• Gained an understanding of Data-center components and concepts
• Gained an understanding of IP video architectures, multipoint conferencing utilizing H.323 zones and gatekeepers, and T.120 data-sharing applications

Powercom was a Network Integrator. I was responsible for all deployment of customer network equipment sold. As a manager, built a service department from the ground-up; implementing a billing system, rate schedule, vendor relations and sales coordination procedures, network operations and design bureau, training, and network turnkey systems and project management facilities. I helped develop relationships with several regional service providers that lead to Powercom becoming a sole-source provider and installer for customer premise equipment (CPE) used to terminate dedicated links to these service providers. In addition, spent extensive time deploying customer premise equipment for dedicated private-line, frame-relay, ATM, and SMDS circuits, coordinating and turning up these services and building private wide-area networks and virtual private networks.  I designed and deployed multiple medium and large-scale enterprise local-area networks with routed VLANs, as well as routed WANs, bridged wireless links, wireless LANs, and voice/data integration using TDM, VoFR and VoIP technologies, and remote access solutions for several mid-sized financial institutions. I also deployed various network/networked applications on both Linux and Windows NT platforms at customer locations.

Highlights:

• Project management for circuit turn-up coordination with various telecom vendors
• Managed and developed customer and vendor relations
• Advanced configuration of Cisco routers for ATM, DS1 and DS3 private-line, and Frame-Relay services
• Design and implementation of numerous routed wide-area networks
• Design and implementation of numerous switched local-area networks
• Included in the Cisco beta-test team for router-based Voice over Frame-Relay and Voice over IP
• Designed and implemented outsourced network management product
• Designed, deployed and maintained local and wide-area networks for several mid-sized retail banking customers
• Designed and deployed Internet perimeter security solutions using firewalls and other packet-filtration devices for various customers
• Designed and deployed remote-access solutions using both dialup and IP-VPN, as well as supporting authentication-systems using RADIUS

Infonet Communications Inc. was a small Internet Service Provider located in Central California. Responsible for the design and development of their IP network and multiple Internet services such as SMTP/POP mail, Domain-Name System (DNS), NNTP News service, and web-server maintenance.  Built a regional service-provider network using ATM/DS-3 links between several core and regional distribution sites, developed a remote-access platform for customers to use, and built several systems dedicated to various Internet services using the Linux operating system. Coordinated the delivery of services to all dedicated customers, including circuit delivery and CPE configuration and deployment. Participated in network planning and related issues such as IP allocations from the InterNIC (pre-ARIN) and to customers (SWIP).  Also participated, as a potential customer, in initial planning meetings and discussions revolving the development of the Pacific Bell Network Access Point, (NAP) in Northern California.

Highlights:

• Built and managed a small team of network engineers and operations personnel
• Managed and maintained relationships with key telecom vendors
• Designed and deployed and managed a regional public IP network infrastructure handling both dial-up and dedicated customers
• Learned fundamentals of routing protocols, IP/IPX routing, Ethernet, Arcnet, and other technologies
• Built and maintained public peering and routing policies utilizing BGP at several network access points

Comtech was a small computer shop that specialized in Novell servers and PCs. Served as consultant/technician responsible for PC repair/upgrades. Also spent time on a wiring crew. Before moving to Infonet, attained Novell CNA and spent time deploying Novell Netware servers, MS/Windows clients, and Windows NT servers.

Highlights:

• Learned basics of computer architecture, assembled custom (white-box) computers and servers
• Serviced numerous customer LANs
• Learned basics of network wiring installation
• Worked with Novell and Windows Network Operating Systems

Professional Training:

• Introduction to Cisco Router Configuration – 10/96
• 3Com ATM Products Installation/Configuration – 11/96
• Cisco Internet Design – 12/96
• Advanced Cisco Router Configuration – 01/97
• Installation and Maintenance of Cisco Routers – 05/97
• Cisco Internetwork Troubleshooting – 02/97
• Cisco SNA Configuration for Multiprotocol Administrators – 06/97
• Cisco Sales Expert Training – 02/98
• Cisco Security & Management Reseller Training – 03/98
• Cisco Switching University – 09/98
• Cisco Call Manager Training v3.0 – 12/00
• Juniper Networks MPLS Traffic Engineering – 01/01
• Juniper Networks Troubleshooting with JUNOS – 01/01
• Juniper Networks JUNOS Routing Policy – 01/01
• Juniper Networks Architecture & Configuration – 01/01
• Extreme Networks Switch Training 04/01
• RadWare WSD/Linkproof/Fireproof 02/02
• NBG Nokia/Checkpoint Bootcamp 08/03
• Symantec Enterprise Protection 201 03/06
• SANSFire 2007 – SANS MGMT-414 07/07
• Foundstone Ultimate Web Hacking – 12/07

Professional Affiliations:

• Institute of Electrical and Electronic Engineers, Inc. (IEEE)
• International Information Systems Security Certification Consortium (ISC2)
• Charlotte Cisco Users Group (CCUG)