I am a Network Engineer working for USDA ARS SCINet and I get to work with Juniper network devices and some free and open-source software (FOSS). I participated in the new network architecture for the what we call it SCINet version 2.0. I usually spend most of my time fixing what the other engineers had done.I worked/participated in the VyOS certification program back in 2019. In my spare time, I am working on my Red Hat RHSCA and AWS Solution Architech certification. If life permits, I may be able to get these certs; otherwise, I'll get the smarts, but not get certified. I like to learn new things. Oh! before I forget, I run a homelab and may post about it from time to time.This page is work in progress. I will get back to this page when I get a chance.
Skills
Cisco route, switch and wireless
Juniper Networks route, switch and firewall
Palo Alto firewalls
Pulse Secure VPN
VyOS router/firewall
Proficient in Microsoft Visio and Draw.io for creating network diagrams
Working knowledge of Linux administration for Debian and CentOS based system
Working knowledge of Docker and LXC containers
Promox VE KVM and working knowledge of VMWare ESXi
Working knowledge of Python3 for automating the simple tasks
Designed SCINet BGP network
Designed the IPv4 and IPv6 schemes for 90+ sites
Designed the traffic flow for outbound traffic
Designed Cisco SDWAN infrastructure for remote sites connection
Implement and configure 802.1X for end-user access
Implement network traffic engineering and network security zones
Implement network system hardening (STIG)
Implement , configure and maintain firewalls between ARS and SCINet
traffic engineer specific traffic flow based on the network needs
maintain network devices code versions
Participate in architecting the SCINet network infrastructure
Worked on IPv6 design for SCINet
Participated and provided solution for SCINet and ARS network issues
Configured and maintained Juniper MX480 and MX960 routers
Configured and maintained Juniper QFX5100 and EX4600 switches
Configured and maintained Juniper SRX1500 firewalls
Configured and maintained Brocade routers
Implemented SNMPv3, JFlow, and SFlow for management
Implemented IS-IS and BGP routing protocols
Implemented filter-based Forwarding (FBF) to traffic engineer specific networks
Assisted the USDA ARS NOC team with network configuration
Written several Python 3.x scripts to automate simple task such updating local accounts, VLANs, etc
Network Engineer
Sentrium | VyOS
2019.04.19 - 2020.01.21 (9 mos)
Contributed to the VyOS certification program
Worked on customer/community network issues
Contributes to finding bugs and test the system
Lead Network Engineer
Tier1Technologies | DXC | Army Human Resources System (AHRS)
(
Herndon, VA
)
2018.04.02 - 2018.06.15 (2 mos)
Provided on going management, mentoring and support for the team members
Implementing DISA STIG to network equipment
Configured AHRS Layer2 and Layer3 network
Configured and maintaining Juniper SRX1500 and SSG520 firewalls
Worked with NIPRNet and SIPRNet Cisco equipment
Senior Network Engineer | Network Architect
IT Coalition | National Cybersecurity Center of Exellence (NCCoE)
(
Rockville, MD
)
2015.11.30 - 2018.04.10 (2 yrs, 4 mos)
Built and architected NCCoE network infrastructure
Designed the network production and lab environment for IPv4 and IPv6
Configured and deployed IPv4 and IPv6 to production and lab networks
Configured and maintained Palo Alto Networks PA-3050, Juniper SRX650 and Juniper High-end SRX5400 firewalls
Configured active/passive cluster for firewall high-availability
Created firewall policies, custom services, OSPF, etc
Implemented policy based routing (PBR)
Deployed URL Filtering to filter to prevent users from accessing certain websites
Deployed network Anti-Virus, Vulnerability and Spyware to protect internal users from any malicious attacks
Configured and maintained Juniper QFX5100, EX4300, and EX3300 switches
Configured and maintained Juniper MX240
Configured and maintained PulseSecure MAG 4010 and 2600 appliances
Secure Access for VPN users – dynamic role based access control
Access Control for wireless network NAC – dynamic role based access control
Configured and maintained Aruba wireless infrastructure – Aruba7010
Created captive portal for quests access
802.1x authentication two form authentication for wireless users
Used packet analysis and port scanner software – Wireshark and Nmap – for network troubleshooting
Assisted cybersecurity scientists setting up their lab network equipments such as Cisco, Palo Alto, Juniper, PFSense, etc
Assisted ITC configuring the headquarter’s network equipment
Tier III Senior Network Engineer
Digital Management, Inc (DMI)
(
Ft. Meade, MD
)
2015.08.03 - 2015.11.25 (3 mos)
Provided Break/Fix incident management support for network outages, move, add and change incidents
Investigate common vulnerability and exposures (CVE) prior to applying a fix to the production network
Upgraded and/or patched firmware for Cisco, Juniper, Palo Alto – routers, switches, and firewalls
Configured Cisco routers and switches
Configured Palo Alto PA-5050 and PA-5020 firewalls
Helped with migrating Cisco ASA configuration to Palo Alto firewalls
Configured Juniper routers
Maintained network device configuration and processes according to DoD policies and STIG requirements
Acted as team lead when the primary lead is out of office
Senior Network Engineer
Washington Nationals Baseball Club (WNBC)
(
Washington, DC
)
2014.06.23 - 2015.07.31 (1 yr, 1 mo)
Designed and optimized WNBC and Lerner Enterprises network
Created network drawing using Microsoft Visio
Maintained WLAN controller and APs firmware code
Maintained wireless network up and running for guests (43,000 fans), press, WNBC/Lerner employees, and 50+ remote sites
Deployed Juniper SSG and SRX series firewalls to remote sites, HQ, Washington Nationals’ ballpark
Configured route-based VPN
Configured security zones, source, destination and static NAT, static route, OSPF, security policies
Deployed Force10 and Dell N series switches to remote sites, HQ, and Washington Nationals’ ballpark.
Configure VLAN, RSTP, Inter-VLAN routing, and access-list rules
Configure stack switches setup
Terminated dry-pair for broadcasters for end-to-end connectivity
Designed the placement of access points and/or sensors (WIDS) prior to site installation, using AirMagnet Planner software in order to predict the AP placement, based on customer’s requirements, prior to manual site survey or AP installations.
Performed wireless site surveys in preparation for installation of wireless network devices such as APs and WIDS/WIPS using AirMagnet PRO software with a Proxim Wireless card.
Performed wireless site survey baseline and vulnerability assessment for future site installation, through the use of passive/active scanning methodology.
Conducted post-site survey using AIrMagnet PRO to verify the RF coverage area and/or redesign current wireless network within the customer’s facility.
Verified RF channels propagating within the client’s facility to avoid RF interference, and locate RF interference and potential rogue APs using Fluke’s Spectrum Analyzer.
Compiled wireless site survey results and prepare BOM for documentation.
Wireless Deployment
Prepared, planned and designed WLAN network via onsite WLAN site survey visit, predictive survey or based on existing site survey documentation
Gathered necessary information to configure network devices such as Cisco switches, wireless LAN controllers and APs for deploying Enterprise wireless networks
Knowledge transfer with customers’ IT personnel
Wireless Network Test Pilot / Prototypes
Perform test and validation of wireless network between different vendors such as Cisco, Xirrus, and Motorola
Identify network interoperability issues between network devices and find a solution then document the network issues and solution procedure
Build a network that is similar to client’s network and test and verify network devices if operating as planned and meet the client’s requirements, and create SOP for reference and customer’s IT personnel
Knowledge transfer with designated customer personnel
Configured Cisco L2 / Multi-layer Switches
Configured L3 Etherchannel between ISR router and multi-layer switch to provide bandwidth and port redundancy
Configured L2 or L3 PAgP, Etherchannel between Cisco switches or LACP between multi-vendor switches to provide port throughput and redundancy between network switches
Configured switch security such as port-security to access switches, and DHCP snooping, DAI, trunk port security, AAA, PVLAN
High availability configuration such HSRP, VRRP, and GLBP to enable network resiliency to recover quickly for the fault to be transparent to end-users
Configured Motorola WLAN Devices
Configured Motorola RFS7000 WLAN controllers and AP7131 access points via CLI / GUI
Integrated Motorola AirDefense Service Platform (ADSP) v9 with AP7131 for wIDS / wIPS configuration and alarms notifications
Configured Cisco WLC 5508 and AP 2600, 3500, 3600 with WSSI and AC modules and outdoor 1530 series
Configured wireless indoor and outdoor mesh to provide connectivity to areas where pulling cable is impossible
Configured Enterprise certificate based authentication 802.1X EAP-TLS authentication via Cisco ISE and Windows 2008 R2 server
Applied 802.1X EAP-TLS to IOS devices such as iPads, and iPhones for small to medium size business’ BYOD
Served as a technical point of contact for WRAMC application troubleshooting.
Responded to electronic ticket and personnel request for technical support.
Provided phone support to end-users in the area of email, directories, standard Windows desktop application, and network connectivity issues.
Assisted users backing up their data using Credant2Go software for data confidentiality.
Recovery/Import older certificates for the new DoD CAC cards or refreshed users’ DoD CAC cards certificates
The JNCIP-ENT credential validates an understanding of enterprise routing and switching technologies and related platform configuration and troubleshooting skills. A certification holder at this level has demonstrated advanced knowledge of the Junos OS.
Cisco Certified Network Professional Routing and Switching (CCNP)
Cisco
2014 - 2023
This certification validates the skills required of professional-level network engineers, support engineers, systems engineers or network technicians to plan, implement, verify and troubleshoot local and wide-area enterprise networks and work collaboratively with specialists on advanced security, voice, wireless and video solutions.
Juniper Network Certified Internet Specialist Security (JNCIS-SEC)