Bank contract (AWS Security / Network Landing Zone)o Updated Terraform modules for AWS network functions.o Created/Documented Terraform import procedure. Then utilized it to add AWS objects into IAC w/o requiring a destroy/recreate.

DHS contract (AWS Security / Network Landing Zone)o Created and updated Terraform modules for AWS network functions.o Created/Documented Terraform import procedure. Then utilized it to add AWS objects into IAC w/o requiring a destroy/recreate.o Utilized terraform state and import function to clean up inconsistencies in IAC.o Updated Terragrunt input values which were used with Terraform modules to build new VPCs.

DHS contract (AWS Security / Network Landing Zone)o Built "new tenant" baseline terraform scripts and implemented for customers.o Designed/Automated/Implemented TIC 3.0 internet solution.o Imported Transit Gateway into terraform and wrote repeatable modules.o Created new Centralized VPC Endpoint & Route53 / DNS architectures. Wrote and implemented Terraform code for these.o Created new terraform code for a baseline VPC including subnets, route tables, VPC endpoints, TGW… Show more DHS contract (AWS Security / Network Landing Zone)o Built "new tenant" baseline terraform scripts and implemented for customers.o Designed/Automated/Implemented TIC 3.0 internet solution.o Imported Transit Gateway into terraform and wrote repeatable modules.o Created new Centralized VPC Endpoint & Route53 / DNS architectures. Wrote and implemented Terraform code for these.o Created new terraform code for a baseline VPC including subnets, route tables, VPC endpoints, TGW attachment, VPC flow logs etc.o Completed ATP & ATO connection to connect the cloud to onsite network & services.o Fixed a network problem plaguing a program for 3+ years.o Directed other Cloud / Network staff.o Completed a trade study on CDN & Reverse Proxy services. Show less

Bank contract (AWS Security / Network Landing Zone)o AWS Network Firewall Proof of Concept - Tested, reviewed, and presented recommendations to management.o Palo Alto Firewall and AWS Gateway Load Balancer design and implementation.o Wrote terraform code for Palo Alto and other AWS Network and Security implementations.o Responsible for pre-screen and interviews of all Apex candidates for the Cloud/Network group in this contract.

Air Force contract (AWS Landing Zone)o Web Application Firewall (WAF) migration from v1 to v2. WAFv1 rules were migrated to a completely new terraform code structure. I added rate-limiting (DOS protection), and Kinesis Firehose to Cross-Account S3 logging. Two python/lambda scripts were written as separate utilities. The first one automatically updates the WAF ipset with Elastic Load Balancer (ELB) ip addresses and other exceptions. This script was used in rate limiting… Show more Air Force contract (AWS Landing Zone)o Web Application Firewall (WAF) migration from v1 to v2. WAFv1 rules were migrated to a completely new terraform code structure. I added rate-limiting (DOS protection), and Kinesis Firehose to Cross-Account S3 logging. Two python/lambda scripts were written as separate utilities. The first one automatically updates the WAF ipset with Elastic Load Balancer (ELB) ip addresses and other exceptions. This script was used in rate limiting rules (since the ELB’sNAT everything behind them). The second one auto attaches all ELB's and API gateways to the WAF. Upon WAFv2 project completion, I coordinated AWS training and wrote / presented WAF security exception training (using terraform) for the security group.o Worked within an automated CI/CD system that runs pipelines and calls other scripts. Approved 350+ / Submitted 1000+ Merge Requests (Changes to Terraform, Python, Bash, Gitlab CI, and Ansible).o Wrote Python scripts for security compliance in all AWS accounts:o Identifies, alerts, and emails – EC2’s that are about to be retiredo Identifies, alerts, and removes – IAM users with unused passwords and/or access keyso Identifies, alerts, and removes – Unused security groupso Informational alerts – EC2’s per Availability Zoneo Wrote terraform scripts for the above Python scripts to run in Lambda Show less

Air Force contract (AWS Landing Zone)Customer facing experience:o Created cloud architectures for customer environments, documented their design, obtained approval, and then built them using Infrastructure as Code (IaC).o Helped my customers migrate applications from on-prem and other clouds to AWS.o Supported my customers on new technology requests and break/fix items.o Proposed infrastructure changes to customer leadership and engineering teams.Internal VI2E Cloud… Show more Air Force contract (AWS Landing Zone)Customer facing experience:o Created cloud architectures for customer environments, documented their design, obtained approval, and then built them using Infrastructure as Code (IaC).o Helped my customers migrate applications from on-prem and other clouds to AWS.o Supported my customers on new technology requests and break/fix items.o Proposed infrastructure changes to customer leadership and engineering teams.Internal VI2E Cloud experience (AWS Commercial, Govcloud, SC2S, and C2S):o Wrote terraform code for cloud network infrastructure (PrivateLink, Transit Gateway, Cisco CSR1000v, WAF/ALB, VPN, NACL and VPC peering).o Wrote terraform code for other AWS items (EC2, S3, RDS, Lambda, Cloudwatch, IAM).o Modified AWS CloudFormation/Bash infrastructure scripts to fix various bugs.o Initiator of the Architecture Review Board (Proposed, wrote process, and implemented).o Created Architecture for a program wide Route53 and Network Security implementation.o Created high level and detail design documentation for various cloud changes.o Wrote technical documentation for cloud instructions and break/fix items.o Mentored junior staff on how things work in the cloud -vs- traditional environments.o I am the go-to resource for any high-visibility technical item (both design & break/fix).Agile / SAFe experience:o Daily scrums, 3-week sprints, and 3-month program increments.o Created PowerPoints and presented demo’s to internal teams and management.o Atlassian experience (JIRA, Bitbucket, Confluence, Nexus).Awards:o Received a customer award for my work migrating a large environment to VI2E Govcloud in a short timeframe (mid 2020).o Received a company-wide employee of the month award (late 2019). Show less

Raytheon Devcloud team (AWS Landing Zone)o MPLS VPNv4 design to allow secure connectivity between tenants.o Created innovative capability that allowed multicast to work in the cloud.o Network HA design utilizing BGP and BFD to trigger AWS route table changes.o AWS IAM policies to force billing tags on EC2 instances.o Initiated weekly standards and design meetings for the team.Air Force contract (AWS Landing Zone)Designed, built, and automated a complex public… Show more Raytheon Devcloud team (AWS Landing Zone)o MPLS VPNv4 design to allow secure connectivity between tenants.o Created innovative capability that allowed multicast to work in the cloud.o Network HA design utilizing BGP and BFD to trigger AWS route table changes.o AWS IAM policies to force billing tags on EC2 instances.o Initiated weekly standards and design meetings for the team.Air Force contract (AWS Landing Zone)Designed, built, and automated a complex public cloud (AWS) environment. This included overlay of 30+ VPC’s to tie them all together and then back to an unclass development network at Raytheon.o Created & Implemented DMVPN hub & spoke design that can scale up to 100 VPC’s.o Cisco CSR 1000v implementation that included frequent create and teardown activities with license management from a smart-license pool at cisco.com.o Created Terraform automation scripts to build an entire VPC (network, security, and multiple servers) in 3-5 minutes.Army / Air Force contracts (On-premise network) – Supported their unclassified and classified private networks. This role has primarily been network engineering but has crossed over into server and sys engineer roles as needed. This has included the following major accomplishments:o Core switch upgrade, conversion to TOR (Top of Rack) access switch design.o Built a new caching proxy (squid) to replace a Linux host which previously was performing NAT directly to a single corporate proxy.o Installed Windows NPS (RADIUS) services and converted all network devices from local authentication to Active Directory authentication.o Received 11 spot awards and 1 achievement award in the 6 months working on this contract.Section Managero Managed 7-15 reports from a matrix perspective.o Created and conducted a “Performance Improvement Plan” (PIP) for 1 direct report.o Wrote and conducted Mid-year and Year-end reviews. Show less

o Led the Datacenter site Core upgrade from Catalyst 6500E to Nexus 7K.o Led the Datacenter site Server Distribution upgrade from Catalyst 6500E to Nexus 5.5K & Nexus 2K FEX. This was then repeated at two other Datacenter sites.o Led the Datacenter site User Distribution upgrade from Catalyst 6500 to Catalyst 6500E VSS.o Led the Datacenter site Access Layer upgrade from individual switches to 3850 stacked platform.o Led the Datacenter site Collapsed Core separation into Core… Show more o Led the Datacenter site Core upgrade from Catalyst 6500E to Nexus 7K.o Led the Datacenter site Server Distribution upgrade from Catalyst 6500E to Nexus 5.5K & Nexus 2K FEX. This was then repeated at two other Datacenter sites.o Led the Datacenter site User Distribution upgrade from Catalyst 6500 to Catalyst 6500E VSS.o Led the Datacenter site Access Layer upgrade from individual switches to 3850 stacked platform.o Led the Datacenter site Collapsed Core separation into Core (6500E), Server Distribution (6500E), and Firewall Distribution (4948E). This was then repeated at two other Datacenter sites.o Completed eight Remote site Collapsed Core upgrades. This included a hardware refresh using Cisco 6500 & 4500 switches and adding redundant uplinks to Access layers switches.o Initiated and Led project to implement link redundancy, NIC teaming, and VLAN tagging for bladecenter and standalone VMWare environments.o Initiated and led weekly Network Standards meetings to discuss, agree upon and document future standards / hardware platforms. Created initial network naming standard.o Worked with vendors to get better pricing for Internet (100 Mbps), International (8 Mbps), and Datacenter to Datacenter (1 Gbps) circuits.o Initiated and led Backbone WAN circuit upgrade from DS3 to 1g Ethernet. This also included hardware refresh from 7200VXR to ASR platform.o Led and managed Wells Fargo / Wachovia Merger Project Team for the Secure Connectivity group. This included the installation of initial firewalls between companies, and then directing a group of eight engineers that completed 800+ firewall requests until the firewalls between companies could be removed.o Co-Led major firewall platform change / hardware refresh project. The scope was the migration of 650 Cisco PIX firewall pairs to Checkpoint UTM-1 and Power-1 appliances. Show less