Resume

AWS Global VPN Project Designed and implemented a scalable/redundant global Client VPN solution in Amazon Web Services. Setup DNS geo-location routing nearest VPN endpoint using Cloudflare and Amazon Route 53.

AWS EC2/VPC Security Improvement Project Identified, scoped out, and corrected a multitude of challenges related to EC2/VPC security groups, OS/application-level configuration, user access policies (identity-based policies) and service access policy (resource-based policies) concerns.

AWS IAM to AWS SSO Transition Project Consolidated 400+ AWS IAM (AWS Identtity and Access Management) policies (across 30 different AWS accounts), roles and groups into AWS SSO (AWS Single Sign-On) inlcuding groups (and Permission Sets) synchronized from Active Directory and leveraging Okta push-groups and Attribute-based access control (ABAC)

AWS Account Management Project Integrated cloud networks with internal "local" network using AWS IPAM, Site to Site VPN and Transit Gateway, utilizing advanced VPC/Transit Gateway routing.

AWS Secure Access Project Integrated Global VPN and Corporate Network solution with development environments eliminating the need to access critical/production servers using their public IPs, no longer relying on security group whitelisting

Documented AWS account "landscape" (30+ individual accounts across 3 organizational tiers) their function, management team, business owners, and network/IP ranges. Identified numerous cost-saving strategies, network management tactics, security concerns and formulated user account management process (IAM/SSO)

Created internal DNS alias/proxy service to provide minimum-level SSL compliance across all servers (cloud and on-prem)

Created AWS VPC on-boarding (network) and EC2/VPC security best practices guide as it relates to the existing corporate/global network

Troubleshooted end-user (customer) IOT device connectivity challenges with internal firmware and software development teams

Integrated numerous cloud applications into Okta SSO (single sign-on) including: AWS Single Sign-On and AWS IAM (Federation), Active Directory (to/from), Atlassian Access (and related apps- Jira/Confluence/Bitbucket), Google Workspace/G Suite

Mentored development teams understanding the technologies used (full-stack) on the website (Node.js) and e-commerce platform (Magento)

On-boarded, mentored and supported development teams (~ 50 remote consultants worldwide) on various full-stack projects ranging from web-frontend [CloudFront/EC2/Elastic Beanstalk/Github/Pipelines], e-commerce [RDS/EC2], analytics/data engineering teams (RDS/RedShift/data-warehouse [RedShift], data-analysis streams [Kinesis/Firehose]),

Headquarters relocation: architected, setup redundant networking solution in new headquarters (3 floors, 15 managed switches and ~30 access points) using Fortinet technologies: FortiGate, FortiSWitch, FortiAP

Enabled WPA2-Enterprise encryption, authentication using RADIUS and Active Directory

Enabled Client VPN authentication, authentication using LDAP and Active Directory

Enabled multicast print functionality to allow Secure AirPrint (and other zero-conf/UPnP technologies) in an office environment from the Client VPN as well as

Isolated internal WAN traffic depending on their exposure risk to outsiders (i.e. conference rooms and ports )

Documentation – end user (IT “Knowledge Base”/”high-level”) and IT internal (low-level) using Atlassian Confluence and LucidCharts/CloudInsights and diagramed in detail all cloud and physical (on-prem) networks

Primary system administrator of Microsoft Azure cloud/Windows 2016 servers – including Active Directory, SQL Server, and Remote Desktop Services (terminal services)

Setup multiple VPCs using Amazon Web Servers (AWS) – multiple EC2 compute resources and S3 buckets

Architected virtual machine and shared storage (SAN) storage solution in remote Datacenter using technologies from VMware, Nimble storage, HP/Aruba switches and Fortinet/FortiGate

Assisted with the migration from Google Apps and Dropbox to Microsoft Office 365

Expanded core IT network services to remote locations; datacenter in Roseville, CA; warehouse in South San Francisco, CA

Rackspace to Office 365 migration - migrated approx. 250 mailboxes from Rackspace Exchange to Office 365

Vmware datacenter migration - migrated approx. 50 finance (Microsoft GreatPlains, Cognos BI) servers from Burbank datacenter to Atlanta datacenter utilizing VMware ESX Server

Office network equipment migration/standardization - standardization of network equipment (Sonicwall/Brocade) in all Offices (migrated from Cisco ASA/Catalyst) - maintaining VLANs, routing and redundant WAN

File server migration - Migrated from NetApp filer to Nimble storage array, setup for VMware using NFS & ISCSI

Headquarters relocation - Assisted team moving al IT equipment to new HQ, including phones, network devices, servers

Administration of Windows 2003 and 2008 servers - including print, Active Directory (DNS/DHCP/WINS/LDAP)

Architected, tested, and deployed a worldwide video conferencing solution using Cisco (Tandberg) TelePresence devices as well as Cisco TelePresence Management Systems (TMS, VCS, MCU including Cisco Jabber/Movi software client (SIP)

Assisted team with the creation, management, termination of Windows user accounts and Exchange mailboxes

Replaced helpdesk system (TrackIt) with a more scalable solution based on ITIL-model with incident, problem, change management, service level agreement (Service-Now), identify/create business rules, and create workflows

Built and managed engineering environments (Matlab, Cadence, SolidWorks), including deployment of Linux workstations (RedHat, using KickStart)

Maintained several license servers using FlexLM for engineering applications - Cadence, SolidWorks. Matlab, Oracad, Mentor Graphics (PADS)

Assisted infrastructure team with the migration of physical devices to VM (VMware) for engineers (RedHat Linux) as well as production servers (Anti-Virus, Active Directory, Print)

Maintained, updated software install packages for members of helpdesk team, prepared packages for SCCM deployment

Monitored ticketing system (TrackIt, Service-Now) for new tickets and work-items, update existing incidents, operated within service level agreements (SLAs) to ensure high end-user satisfaction

Purchased, deployed numerous printers (HP, Sharp, Okidata) and setup LDAP, SMTP for document processing, troubleshooting problems, monitored printer/toner status using SNMP

Built, tested and deployed production update server for all client/server machines using Windows Server Update Services

Maintained home-grown internal applications developed in ASP.net using Internet Information Services and Windows Server 2003

Managed end user licenses for Microsoft products (Office, Project, Visio, Visual Studio, MSDN), Adobe products (Creative Suite, Photoshop, Illustrator, InDesign), Matlab, Creo (Pro Engineer)

Built laptops, desktops, workstations and servers production, test environments and new employees following strict build processes

Defined strict build processes for end user client machines

Purchased all IT equipment - worked with vendors to obtain quotes (CDW, Zones, Insight, Dell, PacketFusion, Intervision), with asset management

Assisted in troubleshooting production issues with other members of IT (Linux, Network, Storage Administrators)

Documented new and existing processes for Standard Operating Procedure (updated yearly)

Created Oracle 10g accounts for new employees

Provided desktop and laptop (hardware) and software support for the Santa Clara office (300 employees)

Maintained up-to-date images for desktop and laptop deployment using Symantec Ghost and SysPrep.

Lead IT training sessions for newly hired employees (every week)

Participated in 24/7 on call support rotation with the rest of the IT team

Provided weekly reports of account creations, and terminations for business requirements (Sarbanes Oxley).

Setup laptops and desktops for newly hired employees based on business requirements (Engineering, Software/Firmware Developers, etc)

Designed from scratch a component database written in PHP using MySQL with authentication and integration into Active Directory using LDAP

Assisted the IT team with a headquarters relocation which included the backup of all desktop machines using SyncBack and FTP