You will get an IT professional with over 18 years of professional and progressive technical experience in design, implementation, monitoring, troubleshooting, escalation support/ticket resolution and supporting various enterprise technologies which includes proficiency in security, firewalls, routing, routing protocols, switching, wireless, server and virtualization technologies
Security/Firewalls Technologies - Kali Linux, Metasploit, Brupsuite, Cisco IPS/IDS, Fortigate 9300F IPS/IDS, Splunk Siem, Symantec DLP, ForeScout NAC, FortiNac, iBoss DNS/DLP/Proxy Security, Crowdstrike EDR, Qualys, Fortinet/Fortigate 6300F, 60E 60F, 60D, ExtraHop, Cisco 9300, ASA 5500 series firewalls, Cisco SDWAN solution, Cisco Security Manager Suite, Cisco ISE, Cisco ASA firewall, Checkpoint Firewall, Sonic Firewall, Juniper SRX series, Palo Alto, AAA - TACACS+/RADIUS, SSH, VPN, SSL/IPSec, Internet Key Exchange Policy, Port Security, MAC Address Filtering, pfsence, Sophos UTM.
Routing/Switching Technologies - Cisco Routers ASRs/ISRs, Cisco Catalyst/Nexus switch, Cisco Meraki MS120, MS125, Juniper, Citrix, and H3C Routers & Switches, WAN, LAN, TCP/IP, Cisco IOS, STP, BPDU, CDP, ACL, NAT, PAT, OSPF, EIGRP, BGP, MPLS, VTP, SNMP, SMTP, TCP, Static Routing, VLAN Trunking, Multicast routing, HSRP, SVI, CEF, Portfast, VSS, VPCs.
Wireless Technologies - Cisco WLC, IEEE 802.1x & 802.11, WLAN, WAP, AP, SSID, LWAPP, MGCP, RSTP, SCCP, STP, Quality of Service (QoS), PoE.
Monitoring/Data Center Technologies - Wireshark, Cacti, Nagios, Solarwinds, Ethereal, Orion, Remedy, F5 Big-IP LB (GTM/LTM), Citrix Netscaler, Cisco AnyConnect, Cisco Prime, Meraki Cloud-Based, SNMPv2, PTP, SFTP.
Server and Other Technologies – Microsoft Server 2016/2012/2008, Exchange, Active Directory, Ubuntu, FTP, Telnet, HTTP(S), SMTP, RDP, DNS, DHCP, VMWare, Altaro Disaster Recovery.
• Implement an IPSec Site-to-Site VPN between the Cisco ASA5505 at small office location and Cisco 1841 ISR with a security IOS image at the main office. Implemented VPNs for IKE Policy using DES and SHA for encryption and authentication, access-lists to define VPN traffic, transform set using esp-des esp-sha-hmac to traffic protection, crypto-map to configured elements to a peer, and application of the crypto map to appropriate interface or VPN endpoint.
• Implemented of Zone-Based Policy Firewall on the Cisco 1841 ISR for three zones, applying class-maps as traffic crosses a zone-pair, policy maps to apply action to the class-maps’ traffic, zone-pairs, and application of policy to zone pairs.
• Implement a Clientless SSL VPN (WebVPN) to allow users to establish a secure, remote-access VPN tunnel to the Cisco ASA 5505 using a web browser. Prepare the Cisco ASA with necessary configurations to self-signed certificate generation. Generate a general purpose RSA key-pair for certificate authority identification, configure certificate authority trustpoint for the WebVPN using self-enrollment, and configure CA trustpoint interface association.
• Utilized Cisco ASA 5505 Modular Policy Frame-Work to configure and manage layer 3/4 interface service policies, apply inspection and connection limits to services, apply inspection and QoS policing to HTTP traffic. Configure HTTP inspection policy to block restricted sites and file downloads.
Routing & Nexus & Catalyst Switching
• Implemented VLAN Trunking Protocol to reduce administrative overhead and to control VLANs and VXLANs using NX-OS to ensure virtual and flexible subnets that extend further across the network than previous generation of switches.
• Implemented port-profiles in NX-OS for multiple ports and port-types to reduce errors and improve readability.
• Enabled encryption of system passwords and privileged administration to prevent unauthorized IOS user access.
• Implemented secure access and EXEC command interpreter interval to the console and vty ports.
• Created and managed Local VLANs based on department function, and configure ports with static VLAN assignment, static 802.1Q trunks, and dynamic ISL trunking using PAgP for layer 2 forwarding. Utilized VLAN Spanning-Tree in conjunction with PVST+ for compatibility between Cisco and Juniper switches and for root bridge assignment.
• Implemented frame-relay point-to-point and multipoint WAN links between sites to establish connectivity between four sites. Established frame-relay point-to-point connections between three sites to create full mesh network. Implemented hub and spoke network between three sites with the main office as the hub for redundant connections.
• Implemented EIGRP routing for point-to-point and Non Broadcast Multi-Access networks. Prevented neighbor adjacencies forming and sending/receiving routing updates on unnecessary interfaces. Implemented EIGRP MD5 between sites to prevent unauthorized insertion of routes into the domain. Implemented manual EIGRP route summarization to reduce demand on CPU resources
Wireless Network Implementation
Computer Systems Engineering