Karlo Abaga

Designed SCINet BGP network
Designed the IPv4 and IPv6 schemes for 90+ sites
Designed the traffic flow for outbound traffic
Designed Cisco SDWAN infrastructure for remote sites connection
Implement and configure 802.1X for end-user access
Implement network traffic engineering and network security zones
Implement network system hardening (STIG)
Implement , configure and maintain firewalls between ARS and SCINet
traffic engineer specific traffic flow based on the network needs
maintain network devices code versions

Participate in architecting the SCINet network infrastructure
Worked on IPv6 design for SCINet
Participated and provided solution for SCINet and ARS network issues
Configured and maintained Juniper MX480 and MX960 routers
Configured and maintained Juniper QFX5100 and EX4600 switches
Configured and maintained Juniper SRX1500 firewalls
Configured and maintained Brocade routers
Implemented SNMPv3, JFlow, and SFlow for management
Implemented IS-IS and BGP routing protocols
Implemented filter-based Forwarding (FBF) to traffic engineer specific networks
Assisted the USDA ARS NOC team with network configuration
Written several Python 3.x scripts to automate simple task such updating local accounts, VLANs, etc

Contributed to the VyOS certification program
Worked on customer/community network issues
Contributes to finding bugs and test the system

Provided on going management, mentoring and support for the team members
Implementing DISA STIG to network equipment
Configured AHRS Layer2 and Layer3 network
Configured and maintaining Juniper SRX1500 and SSG520 firewalls
Worked with NIPRNet and SIPRNet Cisco equipment

Built and architected NCCoE network infrastructure
Designed the network production and lab environment for IPv4 and IPv6
Configured and deployed IPv4 and IPv6 to production and lab networks
Configured and maintained Palo Alto Networks PA-3050, Juniper SRX650 and Juniper High-end SRX5400 firewalls
Configured active/passive cluster for firewall high-availability
Created firewall policies, custom services, OSPF, etc
Implemented policy based routing (PBR)
Deployed URL Filtering to filter to prevent users from accessing certain websites
Deployed network Anti-Virus, Vulnerability and Spyware to protect internal users from any malicious attacks
Configured and maintained Juniper QFX5100, EX4300, and EX3300 switches
Configured and maintained Juniper MX240
Configured and maintained PulseSecure MAG 4010 and 2600 appliances
Secure Access for VPN users – dynamic role based access control
Access Control for wireless network NAC – dynamic role based access control
Configured and maintained Aruba wireless infrastructure – Aruba7010
Created captive portal for quests access
802.1x authentication two form authentication for wireless users
Used packet analysis and port scanner software – Wireshark and Nmap – for network troubleshooting
Assisted cybersecurity scientists setting up their lab network equipments such as Cisco, Palo Alto, Juniper, PFSense, etc
Assisted ITC configuring the headquarter’s network equipment

Provided Break/Fix incident management support for network outages, move, add and change incidents
Investigate common vulnerability and exposures (CVE) prior to applying a fix to the production network
Upgraded and/or patched firmware for Cisco, Juniper, Palo Alto – routers, switches, and firewalls
Configured Cisco routers and switches
Configured Palo Alto PA-5050 and PA-5020 firewalls
Helped with migrating Cisco ASA configuration to Palo Alto firewalls
Configured Juniper routers
Maintained network device configuration and processes according to DoD policies and STIG requirements
Acted as team lead when the primary lead is out of office

Designed and optimized WNBC and Lerner Enterprises network
Created network drawing using Microsoft Visio
Maintained WLAN controller and APs firmware code
Maintained wireless network up and running for guests (43,000 fans), press, WNBC/Lerner employees, and 50+ remote sites
Deployed Juniper SSG and SRX series firewalls to remote sites, HQ, Washington Nationals’ ballpark
Configured route-based VPN
Configured security zones, source, destination and static NAT, static route, OSPF, security policies
Deployed Force10 and Dell N series switches to remote sites, HQ, and Washington Nationals’ ballpark.
Configure VLAN, RSTP, Inter-VLAN routing, and access-list rules
Configure stack switches setup
Terminated dry-pair for broadcasters for end-to-end connectivity

See Washington Nationas Baseball Club

Designed the placement of access points and/or sensors (WIDS) prior to site installation, using AirMagnet Planner software in order to predict the AP placement, based on customer’s requirements, prior to manual site survey or AP installations.
Performed wireless site surveys in preparation for installation of wireless network devices such as APs and WIDS/WIPS using AirMagnet PRO software with a Proxim Wireless card.
Performed wireless site survey baseline and vulnerability assessment for future site installation, through the use of passive/active scanning methodology.
Conducted post-site survey using AIrMagnet PRO to verify the RF coverage area and/or redesign current wireless network within the customer’s facility.
Verified RF channels propagating within the client’s facility to avoid RF interference, and locate RF interference and potential rogue APs using Fluke’s Spectrum Analyzer.
Compiled wireless site survey results and prepare BOM for documentation.
Wireless Deployment
Prepared, planned and designed WLAN network via onsite WLAN site survey visit, predictive survey or based on existing site survey documentation
Gathered necessary information to configure network devices such as Cisco switches, wireless LAN controllers and APs for deploying Enterprise wireless networks
Knowledge transfer with customers’ IT personnel
Wireless Network Test Pilot / Prototypes
Perform test and validation of wireless network between different vendors such as Cisco, Xirrus, and Motorola
Identify network interoperability issues between network devices and find a solution then document the network issues and solution procedure
Build a network that is similar to client’s network and test and verify network devices if operating as planned and meet the client’s requirements, and create SOP for reference and customer’s IT personnel
Knowledge transfer with designated customer personnel
Configured Cisco L2 / Multi-layer Switches
Configured L3 Etherchannel between ISR router and multi-layer switch to provide bandwidth and port redundancy
Configured L2 or L3 PAgP, Etherchannel between Cisco switches or LACP between multi-vendor switches to provide port throughput and redundancy between network switches
Configured switch security such as port-security to access switches, and DHCP snooping, DAI, trunk port security, AAA, PVLAN
High availability configuration such HSRP, VRRP, and GLBP to enable network resiliency to recover quickly for the fault to be transparent to end-users
Configured Motorola WLAN Devices
Configured Motorola RFS7000 WLAN controllers and AP7131 access points via CLI / GUI
Integrated Motorola AirDefense Service Platform (ADSP) v9 with AP7131 for wIDS / wIPS configuration and alarms notifications
Configured Cisco WLC 5508 and AP 2600, 3500, 3600 with WSSI and AC modules and outdoor 1530 series
Configured wireless indoor and outdoor mesh to provide connectivity to areas where pulling cable is impossible
Configured Enterprise certificate based authentication 802.1X EAP-TLS authentication via Cisco ISE and Windows 2008 R2 server
Applied 802.1X EAP-TLS to IOS devices such as iPads, and iPhones for small to medium size business’ BYOD

Served as a technical point of contact for WRAMC application troubleshooting.
Responded to electronic ticket and personnel request for technical support.
Provided phone support to end-users in the area of email, directories, standard Windows desktop application, and network connectivity issues.
Assisted users backing up their data using Credant2Go software for data confidentiality.
Recovery/Import older certificates for the new DoD CAC cards or refreshed users’ DoD CAC cards certificates