Jeffrey J. Sicuranza
171 Willowood Dr.
Wantagh, N.Y. 11793
Professional technology consultant with a strong and diverse background in enterprise network
architecture, design, planning, upgrading, securing, implementation and troubleshooting with an extensive
understanding of application systems and their cohabitation requirements on enterprise networks.
Over twenty years of computer industry experience in the professional disciplines of Business &
Technology Consulting, Data Communications Engineering, Project Management, Systems Analysis and
Design, Programming, Compliance, Executive Management, Systems Engineering/Integration, Business
Analysis, Sales and Marketing. Background includes Enterprise Network Architecture design, planning,
implementation, and troubleshooting. Has demonstrated experience as a team leader and/or member
within all levels of management, including technical staff and clients. Extensive project management
experience in network and application based integration projects.
Skills and background:
Technical experience and knowledge encompasses many product areas and technologies, some
including are: enterprise network infrastructure and Internet/Intranet design, IBM, CISCO, ORACLE,
SAP, Microsoft, Novell, Frame-Relay, DPT/SRP, SONET, Gigabit Ethernet, Ethernet(all variants),
C/DWDM, UNIX/LINUX, TCP/IP, IPX, Token-Ring, FDDI, VLANs, Spanning Tree protocols(RST/MST
and legacy), VTP, MLS, VPNs, MPLS, IPSec, DS/OC technologies, Wireless 802.11a/b/g/n,
Wireline/Wireless Broadband, RF and Spectrum analysis, IPv6, Multicast, VoIP, VoWifi, H323, SIP, SIP
Soft phones, SIP servers, QoS, Data Encryption, SNMP, Routing protocols(EIGRP, RIP, BGP, OSPF)
network management solutions, SNMP, network and application performance modeling, protocol and
traffic analysis using protocol analyzers(sniffers) from Agilent, Network General to Wireshark plus data
and network security. SCADA systems running DNP v.3 over IP analysis and design. Vast, detailed and
applied experience with many legacy and current networking, server, workstation and application
technologies. Possess understanding of basic electrical and thermal engineering concepts plus circuit
analysis and design.
Enterprise network and distributed applications planning specialist who performs in-depth, hands-on
planning, engineering, implementation, upgrading and troubleshooting of enterprise level LAN/MAN/WAN
based networks. Responsible for providing network architecture and design recommendations plus
strategic planning of complex inter-networked WANs, LANs, MANs and wireless LAN/WANs. Experience
working with applications, servers and workstation systems with an emphasis on performance, scalability
and flexibility. Experience integrating Distributed Client/Server, ERP/CRM, Internet, Intranet, security,
and E-commerce solutions into existing networks. Provide strategic and tactical direction to IT executives
and directors with regards to applying technology to business requirements. Work closely with application
developers, business analysts and end user customers to ensure sound design and implementation of
new or expanding systems.
Jeffrey J. Sicuranza page 2
Business and Technical Analyst
•Provide management and technology industry consultation to corporate CEO, CIO and corporate legal
•Provide network analysis and design consulting services to a diverse clientele.
•Provide in-depth network and application troubleshooting services to a diverse clientele.
•Provide business and technical guidance to a diverse clientele.
•Apply structured disciplines that include design considerations for LANs, WANs, MANs Intranets and
•Perform in-depth structured analysis on all components of a LAN or WAN system to determine
considerations for designs and supply statistical data to enforce considerations that provide insightful
strategic or tactical direction.
•Provide application and network performance analysis for SLA compliance and determination.
•Analyze all types of networks from a technical and business perspective plus provide detailed results
that join business needs with technological feasibility.
•Analyze client business rational to assist client in making strategic and tactical decisions relating to their
ERP, CRM, B2B, E-commerce, Client/Server and legacy systems investment.
•Assist clients as a business and technical consultant by analyzing enterprise business or specific
business processes and technical attributes relative to the client’s overall plans.
•Perform in-depth technical research based on design factors; considerations and statistical data reared
from analysis to properly size and select products and services that meet the client's requirements.
•Supply recommendations and options for selection and sizing of all hardware, software and services.
•Provide economical cost of return(ROI) and residual asset value information on new or existing
technology assets deployed.
•Analyze right sizing plans and provide detailed recommendations that provide direction and scope to
•Provide ideas and plans to implement best practices to solving technical related issues.
•Provided guidance on how to continually utilize current network infrastructure assets to their fullest
•Provided high level and hands on Project Management services for over 200 IT projects utilizing skills
developed from experience and PMI methodologies.
•Managed several high visibility integration projects with budgets from 50k to 10 million.
•Successful completion of many right-sizing projects by providing strategic and specific direction for
migration of legacy based systems to Client/Server, ERP and E-commerce.
•Managed teams of consultants and engineers to obtain, qualify, manage and close system integration
projects for a major systems integrator.
•Provided technical direction and assistance to systems engineers and team members.
•Provided logistical project direction and outline project risk impact attributes on client systems.
•Built temporary teams of engineers and project managers for large scale outsourcing projects.
•Developed new and reviewed existing legal documents and Statements of Work pertaining to
Information Technology projects.
•Define and assign all staffing resources for large-scale integration projects.
•Created and/or reviewed all project budgets, plans and logistical information pertaining to IT projects.
•Coordinated resource information between many different corporate departmental layers to ensure
project objects and tasks are clearly communicated and assigned.
•Created process flow structure on all project life cycle based procedures.
•Submitted monthly and quarterly Profit and Loss(P&L) reports pertaining to projects and resources used.
•Managed up to 35 projects simultaneously in a six-month period for a major NYC financial institution.
•Created and developed job descriptions for staff augmentation.
•Conduct all business and technical interviews for staff additions.
•Solved many complex LAN/WAN/MAN issues related to operational, design or manufacturer oversight
Jeffrey J. Sicuranza page 3
that resulted in mitigated outage time and financial impact to the client.
•Designed and built numerous homogeneous and heterogeneous network infrastructures for clients over
the past 17years.
•Migration of routing protocols for several enterprises.
•Perform in-depth forensic protocol/traffic analysis against WEB based, ERP, two and three tier
Client/Server, proprietary, and Legacy applications.
•Conduct network security audits and traffic analisys.
•Apply network protocol or operating system tuning methods to infrastructure components to maximize
component’s lifecycle and to meet performance or SLA requirements.
•Developed application impact performance modeling application for a Fortune 500 client.
•Developed Network Operations Policies and Procedures with an emphasis on MAC, problem escalation
•Provide RDBMS consulting pertaining to network tuning, optimizing and development of different RBMS
•Provide impact analysis on deployment of ERP, E-commerce, B2B, and two/three tier Client/Server
systems on existing infrastructure.
•Authored many technical solution and White Papers.
•Designed Help Desk problem escalation process, procedures and policies.
•Developed Network Operations Center (NOC) process, procedures and policies.
•Developed Network Management strategies and policies.
•Implemented Network management systems for enterprise networks.
•Provide Year 2000 infrastructure and Client/Server consultation.
•Provide Disaster Recovery planning and testing assistance to clients.
•Developed Network and Information Security policies and procedures for Fortune 500 clients.
•Participated in many pre-production QA analysis and proof of concepts projects.
•Created technical training material and mentor network support personnel on general network problem
isolation, troubleshooting and protocol/traffic analysis.
•Created Wireless security audit reports for a variety of clients
•Participated in several Wireless protocol analyzer beta programs by providing operational feed back for
•Architect Wireless LAN/WAN solutions.
•Familiar with SCADA system analysis and upgrade over IP based networks.
•Provide consultation regarding Metro Ethernet technologies.
•Experience in basic electrical engineering circuit design and analysis
Jeffrey J. Sicuranza page 4
Employment Title/Role Date
Applied Methodologies Principal Consultant 5/08 – Present
Consolidated Edison Sr. Consultant 10/07 – 4/08
TAM/Redwood Toxicology Sr. Consultant 8/07 – 9/07
New York Life Sr. Consultant 11/06-12/06
Consolidated Edison Sr. Consultant 1/05 – 10/05
Applied Methodologies Principal Consultant 9/02 – 12/04
Netstream Sr. Consultant 5/02 – 8/02
Consolidated Edison Sr. Consultant 4/01- 4/02
Applied Methodologies Sr. Consultant 11/00 – 4/01
Tender Loving Care Sr. Consultant 10/00-11/00
New York Life Sr. Consultant 9/98 – 10/00
Canon USA Sr. Consultant 5/97 - 9/98
Philip Morris USA Technology Planning Advisor 1/97 – 4/97
MCI International Sr. Consultant 10/96--1/97
NAB Construction Sr. Consultant 9/96 –10/96
Chase Auto Finance Sr. Consultant 3/96 – 9/96
AT&T/Chase Bank Sr. Project Manager/Engineer 9/94 – 3/96
NETLAN Sr. Network Architect 1/94 – 8/94
ENTEX Information Systems Sr. Systems Consultant 4/91 –1/94
Various Technology Companies Systems Engineer 1984 – 1991
Education and Professional Certifications:
Education: Empire State College (S.U.N.Y.) Computer Science
• Cisco Certified Network Professional • Cisco Certified Design Professional
• Certified Wireless Network • ORACLE MASTER for Oracle 7 DBA
Professional (CWNP) CWNA and
• Certified Network Expert (CNX)
• ORACLE MASTER for Systems • NOVELL Certified NetWare Engineer
Analyst CASE (CNE)
• Pine Mountain Group Certified Network • Project Management Institute (PMI)
• Agilent Internet Advisor Protocol • Hewlett Packard Hubs, Bridges and
• Synoptics Lattisnet Network • IBM TOKEN RING and OS/2 LAN
Management System Server
• EICON X.25 Routers • Apple LAN Literacy
• Over 35 additional certificates relating to various IBM technologies
Jeffrey J. Sicuranza page 5
Recent Professional Achievements
Applied Methodologies, Inc.
• Developed an IT based alternate energy generation solution to assist data centers in
reducing their power consumption costs. Currently involved in the following processes:
patents, prototype development, business planning, market analysis and venture capitalist
• Construction Oversight Manager for communication room construction projects for new
electrical Transmission or Distribution Substations in the NYC area. Provided Project
Management services, Project Management mentoring to new PMs assigned to IT
substation projects and conducted communications room build out compliance oversight to
ensure that all communication rooms within a substation meet ConED’s and National
Electric Code technical and safety standards. Provide communication between the IT and
construction teams to ensure that all critical redundant optical voice and data networks are
operational prior to substation start up. Drafted and enforced several project and
compliance related processes.
TAM Corporation/Redwood Toxicology:
• Hired as the lead remote troubleshooting consultant for a medical screening company.
Worked with overseas developers, local network engineers and business management to
resolve an application upgrade transaction issue. The new application was experiencing
performance issues and timing out thus causing a backup in screening applications.
Work was conducted remotely to analyze packet traces of SQL transactions to determine
if the application or the network was the cause. Also, outlined potential points to upgrade
and tune for all components(servers, client PCs, middleware, routers, switches, medical
data acquisition equipment) involved in each screening transaction. Coordinated all
troubleshooting activities remotely to isolate and resolve the issue.
New York Life
• Conducted a Radio Frequency(RF) and general wireless security audit for the investment
division of New York Life. The audit covered RF leak point analysis, spectral analysis,
rouge workstation and access point identification, cell size analysis, packet encryption
and general 802.11 traffic/protocol analysis to determine the security issues present. A
detailed report was submitted which outlined all issues observed with recommendations.
• Created a Quality of Service(QoS)strategies White Paper to provide strategic
recommendations regarding QoS planning and implementation in the enterprise. This
document outlined the following areas regarding QoS for their enterprise: general
introduction to QoS concepts(DiffServ/IntServ) and internal QoS reference, strategic
recommendations regarding QoS planning and implementation, various device,
application and protocol matrixes to facilitate planning, audit results of Cisco based
network components to determine their QoS capabilities, QoS architecture design
considerations and principals, identification of candidate QoS applications, identified and
tested QoS tools to for DOS mitigation and security uses, outline several QoS models,
details of QoS solution based on the models, introduction to ConEd’s custom command
line and menu based QoS tool set, recommended deployment approaches, outline of
QoS management tools, outline of troubleshooting tools and methods plus include initial
lab result findings for pre-deployment planning. A custom IOS command line and menu
Jeffrey J. Sicuranza page 6
based QoS tool set to facilitate testing, deployment and support of QoS commands and
protocols for the network support staff was developed.
This document was an all encompassing, strategy, plan and “how to” guide to assist
ConEd in deploying and managing QoS across its enterprise network to support a call
center disaster recovery VoIP based system and upcoming enterprise wide VoIP and
• Was hired by ConEd’s legal department during last minute subsidiary sale negotiations
to provide industry based subject matter expert opinion, facts and research for ConEd
regarding Metro Ethernet, MPLS and MST technologies to help ConEd make a decision
regarding a multimillion dollar Metero Ethernet carrier subsidiary transaction. Conducted
research, held interviews and provided the legal representatives facts and testimonial
regarding Metro Ethernet business trends, technology and case studies. Attended
several high level meetings with CEOs, and legal representatives from all interested
parties to present and provide research findings and testimonial on such technologies
and industry trends. This information was critical to ConEd to render a decision and
direction in regards to a pending subsidiary sale transaction.
• Upgrade enterprise headquarters’ Catalyst 6500 based core backbone from Supervisor II
to Supervisor 720 modules and convert configuration from Hybrid to Native. My role was
project manager and engineer for entire project. This project was required to position the
enterprise core to utilize new fabric enabled SFP based line cards for additional port
density, enhance server farm support, provide IOS based feature consistency and
advance features such as QoS, security, MPLS, plus use of fabric enable modules and
advanced fabric switching modes for increased stability and throughput. Selected
hardware, upgraded fans, reviewed current and new line card power and firmware
revisions to ensure all modules worked together with the new supervisor and IOS
Manually converted backbone software configuration from Hybrid “set” command line
port based to IOS interface based and resolved cross core switch and various different
redundant access layer switch, Etherchannel, Trunk, Spanning-Tree Protocol, HSRP,
Vlan related negotiation and configuration issues resulting from different access layer
switch platforms with different versions connecting to a new IOS based core.. Identify all
cross core switch and router uplink EIGRP neighbor relationships and plan for expected
EIGRP neighbor, convergence and routing state changes during the phases of the
upgrade. All configurations were developed and tested on a similar core switch in a lab
and checked for accuracy before deployment. Pre and post upgrade state diagrams were
created to provide support staff easier planning and troubleshooting references.
A detailed migration and multi scenario roll-back procedure was drafted, rehearsed with
all support groups to ensure a transparent upgrade was completed successfully
according to schedules ratified by management.
This upgrade work entailed a physical migration of supervisor modules, some line card
restacking and minor cable changes independent of each core switch with no impact to
the business operation. A physical operational flip state from one supervisor model to the
other of each switch was used to mitigate impact to the network and user community.
A final disaster recovery test of both switches was also conducted to determine how the
IOS based Core will behave in the event of a switch failure. This test provided critical
information on the behavior of the core and for the network support staff to reference
regarding how network management, routing protocol, core switch and floor recovery
actually behave if a real issue arises.
• Provide support for enterprise wide DWDM optical MANs. Identify any issues with
Dynamic Packet Transport and 802.17 Resilient Packet Rings(RPR) and Spatial Reuse
Protocol(SRP). Identify SRP neighbor wrapping status and wrapping sequence to
Jeffrey J. Sicuranza page 7
support staff and test for Intelligent Protection Switching(IPS) tuning options. Implement
SRP advanced fail over protocol, Single Ring Recovery(SRR), to provide an extra level
of redundancy of the DPT ring in the event of a wrapped ring experiencing a second fiber
failure on any channel. Identify, troubleshoot and resolve Cisco 10720 DPT router
platform and IOS issues relating to SRP priority levels for QoS, NBAR, and SRR. Tested
failover speed and behavior of SRR using a 10720 lab and soft phone based Voice
traffic to determine voice quality impact of a double fiber ring failure. Tested EIGRP
Bidirectional Fail Over(BFD) to determine if feature is applicable for use on the DPT
routers and upgraded Catalyst core switches.
• Provide in-depth hands on consulting and mentoring to engineers responsible for the
upgrade of a major electric control Supervisory Control and Data Acquisition(SCADA)
network. Provide network upgrade architecture guidelines and migration approaches.
Outlined issues of simplifying the network from a static routed, with RIP and NAT Frame-
Relay based network experiencing stability and configuration management issues to a
simpler more secure, scalable and dynamic network using, HSRP, EIGRP and IPSec.
Also outlined the issues and approaches on how to migrate a live IP based SCADA
network from one architecture to another with no impact to the Electric Operations
control centers. Identify critical application issues and behavior relating to the timing
impact of electrical grid control and polling processing packets relying on Dynamic
Network Protocol functions running over TCP/IP. Identify several application level bugs
relating to the TCP stack handling of DNP on GE’s DMS 200 Master Terminal
Units(MTU) it’s Ethernet, TCP/IP stack and redundancy limitations and bugs and
corresponding Remote Terminal Units(RTU). Ensured the migration covered what
exactly is an application layer issue and what is a network layer issue and what issue
type causes what response so critical control center personnel know exactly what to
expect on the SCADA system if any of the network components between MTUs and
RTUs on the IP network fail.
Identify and document packet level decodes of the application and network’s use of DNP
3.0 protocol and TCP. Trained engineer on how to capture DNP packets and what to look
for when symptoms suggest an application issue. Suggested the use of DNP simulation
software for the SCADA lab so future DNP testing over an TCP/IP and Cisco based
network can be accomplished without the initial need for an expensive RTU, master
station and trained SCADA personnel to be present in the lab.
• Developed a low cost distributed protocol analysis solution to save the ConEd almost half
a million dollars that would have been spent on a commercial solution. This solution
consisted of shareware analyze software, Windows terminal server or VNC for remote
control and using existing company assets for the remote network connectivity pods.
Created a web based portal page so network support staff, via a browser can access any
remote analyzer anywhere in the enterprise. The analyzers had from one to multiple
10/100/1000 Ethernet adapters and were connected to multiple switches. The analyzers
were initially deployed in a pilot program to strategic locations in the enterprise. The use
of Ethereal and Packetyzer provided ConEd the tools to obtain detailed traces of
application issues, conduct basic VoIP RTP jitter analysis and monitor the network for
security issues. The saved trace files can also be uploaded to the company’s licensed
Sniffer applications. This pilot proved that the network support staff can have low cost,
easy to manage and scale distributed protocol analysis solution without spending
hundreds of thousands of dollars on a commercial system which would have had only
10% of its capabilities used.
• Provide day to day high level support of the network infrastructure and routing protocols.
Provide mentoring to staff members and guidance to new members.
Jeffrey J. Sicuranza page 8
• Provide industry trend consulting to management regarding the considering of utilizing
MPLS on their core enterprise backbone to cut costs for voice circuit switch trunking and
cross control center SCADA traffic flow through. I created an MPLS lab mimicking their
core backbone, but running MPLS, for the network support staff to utilize for further
research into the subject.
• Tested and evaluated Berkeley Varitronics Systems(BVS) Yellowjacket spectrum
analysis and wireless security tool.
Applied Methodologies, Inc.
Provide ongoing management consultation and technical support to a diverse set of
enterprise clientele in regards to network infrastructure changes, routing protocol issues,
Cisco IOS enhancements, network security, wireless LAN/WAN technologies and project
management. Some of the projects completed for clients are listed below. Clientele is listed
on company website.
• Piloted a Point to Point(PtP) Coarse Wave Division Multiplexing (CWDM) optical
solution for a case study on CWDM and 802.1w Rapid Spanning Tree protocol. This
solution entailed utilizing Cisco midrange catalyst switches, 1530nm CWDM Gbics and
40dBm tunable Variable Optical Attenuators(VOA). The study’s goal was to provide a
simple scalable way to use a single/dual strand of single mode fiber and scale the link’s
capabilities using less expensive CWDM technologies. The use of Rapid Spanning-
Tree(RST) and Multiple Spanning-Tree(MST) protocols to achieve improved link
resiliency was applied. An optical budget analysis was performed, integration and tuning
of the VOA to prevent laser burnout for the shorter distance, and the configuration of
802.1w/s was added to the Catalyst switches. By using the CWDM Gbic modules and
single mode fiber the solution is scaleable from an initial 1.2gbs 802.3z PtP campus link
to 8Gbs Ethernet or over 40Gbs using 8 to 16 lambdas with the addition of passive
OADMs and additional CWDM Gbics on existing or future switches. The case study
proved that for clients with existing single mode or dispersion shifted fiber in place,
longer, non amplified, PtP distances between buildings is achievable economically by
using a scalable solution utilizing any of the three optical bands S,C and L that can be
built with just a pair of CWDM modules and as apposed to a more expensive typical
WAN, Metro Ethernet or DWDM solution.
• Completed a Wireless ISP (WISP) venture research project. This project determined
whether it is feasible, economically and technically, to provide last mile internet and free
SIP based voice services to a selected demographic market in the NY region. The first
phase of this project was to conduct a technical proof of concept. This phase tested the
concept of basic WISP functionality, RF behavior, VoIP over wireless, security and
billing. This phase provided answers to the practical and economical use of current
commercial and consumer grade wireless technologies by conducting a set of proof of
concept tests. These tests were comprised of building out various single or multi cell
WISP sites and testing many types of applications, especially VoIP, over wireless
utilizing advancements in SIP based products.
Developed the project plans, wireless cell, application testing matrixes and roam criteria
for the project. Created the RF cell engineering/planning documentation, traffic
generation criteria for distribution system and the cells. Conducted physical and RF site
surveys of single omni and sector cells for roaming tests. Built a temporary and portable
mast system to host the appropriate antennas. Testing includes omni directional and
sector based high gain antennas from MaxRad and Hyperlink for cell coverage in a
residential area. 802.11b and g cells in separate and mixed configurations were tested.
Proxim and Asus access points were used for initial testing with possible others from
Cisco, Motorola, Trango, Meru, Aruba, YDI et. al. to follow. Testing of multiple call and
data services on the cell was conducted and monitored with wireless and wire line
Jeffrey J. Sicuranza page 9
protocol analyzers and network management tools. Distribution System comprised of
Cisco Catalyst switches utilizing QoS policies created for SIP traffic using Cisco’s NBAR
technology to classify traffic. DSCP and Assured/Expedited forwarding markings were
applied to SIP traffic.
Selection of SIP based products such as SJlabs, Xten, Skype and PcPhoneline
Soft phones on laptops and PDAs(thus turning the PDA into a WIFI phone). Interactive
Intelligence SIP server and Brekeke OnDo SIP servers were evaluated for proxy and
redirecting services. Testing of sending and receiving SIP based calls from the wireless
cell to POTS was conducted at various traffic levels on the cell and distribution system.
Skype and Freeworld Dialup services were also tested over the wireless cell. The results
of such testing was included into a report that shall outline the feasibility and behavioral
aspects of wireless last mile access as well as the mechanics of SIP based VoIP. This
report provided vital information for the follow on phases of the project and the overall
• Conducted wireless networking security audits for several NYC based clients. The
wireless security audits consisted of scanning for rogue or incorrectly configured access-
points, WEP vulnerabilities, radio frequency leakage issues and backdoor access into the
enterprises via wireless portals. The reports outlined the types of attacks to expect such
as War Drivers, WEP cracking, wireless sniffing, virus launching points, open access to
the internet via the enterprise and wireless jamming. The audits outlined all weaknesses
regarding the enterprise’s wireless infrastructure and its security vulnerabilities to the
internal wired infrastructure. Recommendations included reducing RF signal propagation,
SSID and Beacon management, VPN usage, WEP key rotation, Open and Shared Key
access point association and authentication methods. Protocols such as 802.1x and
802.11i, as well as infrastructure component features including MAC address and upper
layer packet filtering, centralized user and key authentication systems plus wireless
scanning and intrusion detection tools were also reviewed.
The audit’s recommendations also covered relevant wireless addendums to corporate
security policies in place. A variety of Wireless enumeration, RF analysis and protocol
analyzer tools were used. Some of the tools used to conduct the audits and
recommended to clients were as follows: Netstumbler, AirSnort, Wepcrack, Kismet,
Airmagnet, Packetyzer/RF Protect remote 802.11a/b/g sniffer, Linkferret 802.11b/g
sniffer, Nsspyglass, Airsnare and Boson’s Getpass, a Cisco router password cracker.
One of the audits helped secure a major NYC utility’s wireless network from becoming a
potential terrorist attack target.
• Designed and implemented a custom, low cost, highly functional, license free, 802.11b
based wireless Point to Point(PtP) solution. The solution provided network access and
basic Microsoft Netmeeting plus VoIP capabilities between a client’s two campus based
corporate headquarter office buildings that were almost a mile apart. The solution
consisted of custom made wireless routers using existing server hardware, Windows
2000 Server operating system with RAS, Orinoco 802.11b wireless radio adapters, off
the shelf and custom made directional Yagi and Andrews Parabolic antennas. The
solution provided up to 11mbs of secure bandwidth between the buildings for network
connectivity and back office application access plus the use of Microsoft Netmeeting and
VoIP between Cisco 2620s at each site with FXS interfaces and standard POTS
The wireless segment is router and not bridged based thus utilizing static routes and
minimizing inter building broadcast traffic. OSPF is also available for this solution when
future growth requires it.
The solution enabled help desk support personnel to stay connected at each building
without the cumulative toll costs. A full RF analysis that covered reviewing RF operational
theory, Fresnal Zone, LOS, free space LOS, diffraction, refraction, VSWR, EIRP, signal
strength and traffic analysis was conducted.
Antenna gain analysis and intentional radiator calculations were used to identify the most
efficient gain in dBm and dBi for antenna selection and transmission circuits, which used
LMR-400 cables and TNC N connectors.
Jeffrey J. Sicuranza page 10
The use of Orinoco and Cisco wireless radios and utilities plus Aerocomm’s SA3000
2.4Ghz Spectrum Analyzer and the Linkferret 802.11b protocol analyzer were used to
determine radio interference, signal strength and protocol/traffic efficiency. Basic QoS
services, such as QoS packet scheduler and RSVP are available for the VoIP traffic
when required. Windows Terminal Server and VNC were used for remote management
of the wireless routers. Digital Matrix’s AirSnare shareware Wireless IDS software was
installed on the wireless routers and configured for email notification of any rogue radio
This solution provided a lower cost and an immediate ROI compared to other solutions
from Cisco’s Aironet or Proxim’s Orinoco/Tsunami product lines which were also
considered for this project. The increased savings from not running fiber or using
telecomm T-1/T-3 links between the buildings were immediately realized. The solution
also provided an easy upgrade path from 802.11b to 802.11a or g technologies for
additional link segment bandwidth by just swapping the wireless radio cards out of the
Windows server based wireless routers and changing or adjusting the antennas.
• Participated in the beta programs for two 802.11 based wireless protocol analyzer
manufactures. Provided and applied my experience of over 12 years of protocol analysis
and protocol analyzer experience to product testing and functionality. I provided critical
functional feed back for Baseband Technologies Linkferret 802.11b protocol analyzer and
Network Chemistry’s Packetyzer/WSP100 remote 802.11b analyzer. I provided
operational and GUI feedback and suggestions, which have been implemented in
enhanced versions of the products. My input was based on extensive protocol analyzer
experience from NAI and Agilent and contributed to the ongoing enhancement of these
newer products. Some suggestions included enhanced upper layer protocol brief
displays, simpler packet filtering and traffic generation interfaces, RF signal
discrepancies, AP enumeration, WEP decoding, OUI decoding, host tables, protocol
colorization and ASCII packet searching and go to features. I also conducted in-depth
testing of the products to determine enterprise level functionality. Documented all results
and participated in product improvement sessions with developers. Identified improper
protocol operation with the TZSP protocol used by the WSP100 remote 802.11b sensor.
My early assistance with the Packetyzer/RF Protect beta program helped the product to
mature until it was re-licensed by Wildpackets as the new RFGrabber product. Currently
providing ongoing technical and marketing consultation to Baseband Technologies Link
Ferret 802.11b protocol analyzer.
• Developed an online Computer/Networking Science and Cisco certification rental lab for
remote users and clients to access as a general Computer Science research resource
that is accessible from office or home. The lab’s purpose is to provide the tools and
resources necessary to prepare for industry certifications like Cisco’s CCNA through
CCIE, MCSE, CISSP and RHCE or test a network/application change before committing
such changes on enterprise networks. The online lab can also be used for testing
network, application, protocol and security technologies such as IPSec, VOIP and QoS
or learning new networking, protocol, server and application technologies. The lab
provides the resources to help IT professionals in upgrading their skills or act as a test
bed for a solutions they may have been planning.
The lab provides a SCRATCH PAD environment for a student or professional to learn
new or sharpen existing skills. The online lab consisted of IBM servers, Cisco routers and
switches, CiscoSecure and CiscoWorks servers, Red Hat Linux and Microsoft Windows
servers, Linux routers and firewalls, several different brands of protocol analyzers for
remoter users to access and communication equipment such as CSU/DSUs. The lab
also contained several different network mediums from legacy(10base-T and Token-
Ring) to current(Gigabit Ethernet and CWDM) for testing and educational purposes.
Many different topologies were also implemented from mesh, loop, hub and spoke, point
to point, and hierarchal to match whatever scenarios the researcher required. Wireless
protocol analysis tools, development tools, an RFC library, protocol reference
applications and online networking and programming tutorials were also installed.
Jeffrey J. Sicuranza page 11
I Installed and tested all lab components, applications and tools plus created help menus
for user terminal server access. I configured Cisco PIX firewall filtering, security polices
and VPN PPTP tunnel access. I created the lab documentation manual and usage
policies and procedures for customers to use. A VPN kit with instructions on lab access
via, dial-up, cable, DSL or wireless, and a general web site outlining all of the lab’s
capabilities and instructions on how to access and use was also created. The lab is
accessed via telnet to a Digi terminal server, Windows Terminal Server and VNC for lab
server and protocol analyzer remote access. Calculated electrical rates of usage, cost
analysis and customer price stratification were performed. Developed pricing plans and
access scheduling policy. The online lab has been in operation since January of 2003
and has several enterprise based customers.
• Upgrade a residential cable Internet provider’s T-1 ISP access link to a T-3 for improved
access to UUNET. Installed and provisioned Eagle DL-3100 T-3 CSU/DSU and Cisco
3640 router with an HSSI interface plus ensure internet routes are passed from the ISP
via OSPF to head-end router. Test DHCP, default route propagation and traffic flows
from the cable operator’s switch and router infrastructure to the 3Com CMTS and
residential customers. Perform cutover of residential user traffic and resolve any
connectivity related issues. Completed upgrade with minimal impact to residential users.
Secure Cisco router access for the cable operator via access-lists and logging functions.
Provided tactical and strategic design, implementation and troubleshooting guidance in relation to
all Consolidated Edison networking technologies. Work with all levels of Consolidated Edison
staff, management and business subsidiaries in a technical, project, and management
consultation role with a heavy emphasis on planning, mentoring and hands-on implementation.
Some of my roles and achievements are as follows:
• Provide critical network support for all Gas, Steam and Electric Operations networks and
applications that support energy usage monitoring, billing and most importantly,
distribution to all of New York City and upstate counties. Resolve critical network demand
issues during times of peak energy loads during summer months. Troubleshoot all major
enterprise level issues such as SONET OC-3, sub-optimal routing paths, all modes of
Ethernet switching, Spanning-Tree, Trunking, Fast-Etherchannel, MLS, application
issues, Dense Mode multicasting problems, and any general major issue concerning
routers, switches, network performance, application response time and support for the
entire business enterprise and Electric/Gas operations networks. Provide “level three”
support for the enterprise network, which consists of 250 plus routers and 400 plus
switches. Mentor Jr. and Sr. engineers during troubleshooting exercises plus assist in
post mortem and root cause analysis documentation.
• Published an EIGRP migration white paper outlining the enterprise’s current illnesses in a
mixed RIP and EIGRP environment. Some of the white paper topics included are:
problems with mixing RIP and EIGRP improperly, sub optimal routing conditions, routing
architecture scalability, failure convergence, summarization and routing protocol
redistribution. The white paper also outlined the lost productivity to the enterprise with
these illnesses and the increased number of outages and recovery time required under
Jeffrey J. Sicuranza page 12
RIP. The white paper discussed two solutions to migrate the entire enterprise to EIGRP,
remove RIP and increase the overall stability of the enterprise routing infrastructure.
• Successfully completed the migration of the EIGRP routing protocol from RIP across the
entire enterprise of over 250 plus routers. I was tasked to plan and manage the entire
project as well as implement, train the engineering staff and document the results. The
project touched every aspect of the Consolidated Edison enterprise and was completed
successfully with no impact to critical 24/7 electric grid support network systems. Issues
covered during this migration entailed summarization, default route propagation,
removing unneeded or harmful legacy static routes, DUAL boundaries and potential SIA
points, convergence engineering, traffic flow manipulation to ensure all routes are
symmetrical, routing loop and black hole identification plus resolution, discontinuous
subnetting, improper redistribution, CEF IOS bugs and unequal cost load balancing.
Tuning on the SONET core with the use of Variance and Traffic share options where
applicable were also applied. The project was completed on time, within budget and
achieved the business objectives of stabilizing the routing infrastructure, reduce costs
associated to routing protocol inefficiencies and outages plus position the enterprise with
an advanced routing protocol for scalability and performance.
• Provided design, planning and implementation assistance for the relocation of the
Manhattan Electric Control Center network from its old location to the Consolidated
Edison Manhattan headquarters. This network supports all the critical applications that
control the entire Manhattan electric grid. The project was completed on time
successfully without disrupting the Manhattan electric grid operations and also provided
improved performance and fault tolerance of this critical network.
• Performed a cursory review of the enterprise network and outlined tactical and strategic
illnesses as well as provide recommendations. Some of the major and minor strategic
observations/recommendations outlined were as follows: Router/Switch Password
Authentication, configuration archiving, Voice/Video convergence, QOS, Cisco router
hardware platform and IOS stability, switch stability, unnecessary routing hops, IP
Unnumbered issues, PPP Multilink uses, physical loop design of substations and work
out locations, unnecessary traffic in network Core, bandwidth utilization on WAN links,
DWDM broadband considerations, IP addressing schema, IP Secondary addressing and
VLAN 1 usage, Loop-back interface usage, Terminal Server solution, Network
Management upgrade, T-1 Circuit Protocol Analysis, usage of Cisco Works, Network
Documentation, improper Multicasting Services, IOS version upgrade, Network Time
Protocol and Syslogging issues, switch VTP usage, VLAN aggregation, Spanning-Tree
tuning and legacy router command and options cleanup tasks. This review led to several
initiatives such as general router configuration clean up, correction of some of the items
listed above and the use of CiscoWorks to assist in the improvement of the reliability,
functionality and administration of the entire enterprise’s routers and switches.
• Created and conducted an in-depth network training curriculum for all Jr. and Sr.
engineers. This training covered forensic protocol and traffic analysis techniques,
advance application and protocol analysis, advance Cisco router and switch
troubleshooting, Ethernet and TCP/IP protocol analysis. The training also covered
advanced Sniffer usage including packet filters, triggers and offset pattern matches.
Advanced analysis techniques such as identifying common application issues, protocol
mechanics and relationship to application performance with a what, when, where and
how approach to properly identify and trace an application based issue were covered in
the curriculum. Created guidelines and templates for engineers to follow when analyzing
application related issues. Introduced Optimal Application Expert software to the
department to increase productivity once the engineers learned how to dissect an
application issue from protocols analysis by raw Sniffer trace review.
• A special EIGRP class was conducted to prepare the Network Systems staff to
effectively identify, isolate and resolve EIGRP based issues. The training successfully
increased the Network Systems department’s skill level, overall productivity and reduced
the average outage occurrence time within three months.
Jeffrey J. Sicuranza page 13
• Drafted department protocol analysis trace request policies and procedures for entire
enterprise to adhere too thus resulting in a streamlined manner for the Network Systems
department to handle multiple Sniffer trace requests. Participated in Core backbone
switch re-architecture and other major site backbone upgrade planning by provided
engineering and network architecture guidance. Documented a design considerations
based methodology to assist Sr. Planning Engineers in the critical thinking aspect of
• Troubleshoot and investigate Internet and Firewall access issues. Manage and tune
Internet routers and validate BGP and link performance usage levels. Uncovered DOS
attempts at the network egress points via forensics protocol analysis. Assist firewall and
security personnel in troubleshooting performance or hacking related issues. Assist and
provide planning and troubleshooting guidance for the IPSEC DSL based VPN rollout to
remote access users. Demonstrate common protocol exploits and outline steps to
identify such exploits.
• Implemented CiscoWorks and train staff in its use and administration. Used CiscoWorks
to resolve configuration archiving, Syslogging issues, enhanced switch management and
administration and use its NETConfig tool to add and remove IOS commands throughout
all enterprise routers. CiscoWorks was invaluable in the RIP removal process during the
EIGRP migration project. Demonstrated the productivity gains by using such a tool.
• Implemented and demonstrate the use of Cisco Secure ACS in the enterprise. Provided
management with infrastructure component access policies and procedures to ensure
proper administration, tracking, logging and accountability of access to all routers and
switches. Train staff on the use and administration of Cisco Secure.
• Provided guidance and planning for the migration of PIM Dense Mode multicasting to
PIM Sparse Mode. Resolved numerous multicasting and CGMP related issues resulting
from IOS bugs and poor multicast designs.
• Demonstrated VOIP technologies and trained staff in H323 protocol analysis, impact and
design for Voice and Video based networks. Outlined in cursory review document the
current QOS and infrastructure illnesses inhibiting the enterprise from embracing Voice
and Video technologies plus provided guidance to help position the enterprise network for
• Created department standard IOS planning and upgrading procedures for all enterprise
routers and switches.
• Developed a VOIP pilot for multiple branches to reduce operating costs. The VoIP
solution is Cisco based and consists of 26/3600 series routers utilizing H323 protocol
suite, RSVP, RTP, and RTCP protocols. Quality and Class of service options are being
tested and managed with Cisco Policy server 1.1. Research and testing into Directory
Enabled Networking(DEN) will proceed the pilot and requires a single directory to
administer bandwidth and access policy for each user. The directories considered are
Active Directory and LDAP v3.
• Implemented a streaming content development architecture utilizing multicasting
protocols such as PIM Dense and Sparse modes, RPF state and developing multicasting
trees to deliver variable sized audio and video presentations. Implemented Windows
2000 Media Server, Encoder and Player to encode, distribute and play content.
• Design, build, test and implement production LINUX firewalls for branch internet access.
Jeffrey J. Sicuranza page 14
These firewalls allow the branch offices to access local internet portals without utilizing
the corporate network. The access consisted of either broadband cable or DSL. The
firewall consisted of a Red Hat Linux stripped down kernel on legacy Intel based IBM
platform utilizing IPChains and Tripwire for access control and intrusion detection.
Remote logging and alert notification were also implemented and managed at the data
• Analyzed a proprietary based enterprise application for network and server performance
issues. This application supports over 1000 users with millions of transactions per day
and affects the organizations daily financial status. The application platform consisted of
Microsoft Windows NT 4.0 Terminal, Application and SQL 7 servers in the headquarters
with ‘Thin clients” located at remote offices nationally. Symptoms included slow
application response in all functions and high utilization on server components. The
analysis uncovered numerous server sizing issues and application scalability concerns.
Utilizing forensic protocol analysis, major application behavioral issues were uncovered.
Direct correlations to application illnesses to server performance degradation were
discovered and remedies defined. The analysis also covered the network infrastructure
and components, such as routers, switches and Frame-Relay PVCs to determine if the
network was a contributor in any manner to the application’s poor behavior. The
deliverable to the client was a detailed report outlining the illnesses, discoveries and
recommendations. The report contained tactical and strategic recommendations and was
presented to the organization’s CIO and CEO for review.
New York Life, Corporate Headquarters
• Provided high level, hands-on networking design, implementation and troubleshooting services
across a spectrum of technologies. Some of the activities are listed as follows:
• Assist engineering staff in the planning and implementation of several IT initiatives such as
corporate campus switching migration/upgrade, WDM Dark Fiber carrier class OC-3, 12 and 48
based MAN for Voice/Data consolidation and future application demands. E-commerce and B2B
integration network modeling, performance and traffic impact analysis for enterprise SAP/Oracle
based Client/Server applications including a global Oracle based business data warehouse
system and various B2B portals.
• Participate in enterprise development and migration to SAP ERP based system for 30,000
employees, external insurance agents, B2B access and an Oracle based data warehouse
system. Major role was to identify whether the current enterprise network infrastructure required
tactical and/or strategic changes to support these new applications. Assisted in providing the
infrastructure to support the many SAP and Oracle servers based on SUN server technologies.
Provided infrastructure options for redundant server links and UNIX fail-over utilizing Cisco
• Provided application impact performance analysis against the major SAP/Oracle application
functions to determine application SLA and impact. This exercise provided CID with the proper
information to set expectations with the end user business units. This analysis also identifies any
options that require tuning or changes to the application system or network to support.
• Identify and solve any performance related issues pertaining to the ERP and B2B application
integration. This was achieved through protocol and traffic analysis using tools from Optimal
Networks, Mercury Load runner and Agilent Advisor. Utilize modeling and impact analysis
methodologies to SAP LUW transactions to determine response time and bandwidth
requirements for LAN and WAN segments.
• Provide consultation on integration of SAP B2B components in the corporate DMZ and handle
design issues of options such as load balancing using Big IP F5 load balancers and multiple NT
based Internet transactions servers. Some of the issues involved traffic distribution, connection
persistence and consistency of WEB and SAP traffic utilizing Big IP’s F5 load balancing
Jeffrey J. Sicuranza page 15
• Completed roll out of 300+ router configuration upgrades to support a national Frame-Relay
network. Provide third (highest) level of support and administration for all major communications
and data components. This support encompasses 400+ Cisco routers, 300+ site national Frame-
Relay WAN, T-1, ISDN, 300+ Cisco Ethernet Switches, Gigabit Ethernet, ATM, Token-Ring and
FDDI topologies. Provide high-level LAN/WAN and application troubleshooting via forensic
protocol analysis and distributed Sniffers.
• Provided support of integration of ATM technology into the campus core network. This included
configuration and resolving issues with Cisco router ATM interfaces and Lightstream switches for
Classical IP over ATM and LANE.
• Assisted in the design and implementation of a SONET based T-3 between data centers.
Resolve T-3 provisioning issues by utilizing protocol analyzers to test and monitor the circuits.
Ensure that proper load balancing and routing metrics are applied to utilize the redundant T-3s
• Provided troubleshooting and design support to the campus core Gigabit and 100Mb switched
infrastructure that included 100+ switches, Gigabit EtherChannel, MSM and multiple VTP and
Spanning Tree domains. Participated in troubleshooting major Spanning Tree issues that resulted
in the removal of Token Ring switching and a re-design of the switched architecture to support
the migration from Token-Ring to Ethernet.
• Provide general tactical design and troubleshooting support to the campus core legacy router
based FDDI backbones that link over 70+ Token-ring segments. Some of the issues involved
Token-Ring MAC based problems, router IOS performance and bug related issues, FDDI
performance, EIGRP for IP and IPX operational and design. Provided operational and
administrative support for, Microsoft DNS/DHCP/WINS and SNA servers on an as needed basis.
Utilization of tools for network support included NetView 6000, CiscoWorks 2000, Resource
Manager Essentials, Cisco View, CWISI tools and Distributed Sniffer Systems.
• Provide design and troubleshooting support for a plethora of Cisco IOS options applied to the
LAN and WAN routers such as, GRE tunneling for IP/IPX, NAT, policy routing, queuing, route
summarization, route redistribution, traffic shaping, compression, HSRP and security access.
Support of many different network protocols such as: IPX and IP suites, EIGRP for IP and IPX,
BGP and AppleTalk.
• Provide connectivity design, implementation and troubleshooting of critical external vendor links.
Such links provide critical financial based transaction access to SIAC, Salomon, Bloomberg,
Bank of New York, FAS, BHC, Telerate, and NASDAQ.
• Solved several mission critical financial based applications issues. Some of these included the
Individual Policy Services for Annuities, Corporate Financial Division, and the Telephone Inquiry
• Provided design and troubleshooting services to NY Life Securities and Trading systems located
in the corporate campus and Kansas City offices. Troubleshoot network performance or trading
application based system issues.
• Provide design and troubleshooting support for a 300+ site Frame-Relay and back-up PRI based
WAN. WAN issues included: EIGRP bugs, traffic flows, tunneling, Frame-Relay provider issues,
Frame-Relay Traffic shaping, SNA, RSRB, custom application performance tuning such as the
DMS Imaging system and FileNET protocol handling. Identify problems concerning the local site
infrastructure, WAN links or site applications and servers.
• Assisted in the design and support of the corporate DMZ for E-commerce and fault tolerance.
This entailed the logical and physical infrastructure to support the mail and web servers and
placement of proxy/firewall servers for optimal performance. Work with Internet support teams to
resolve issues pertaining to ingress access utilizing proxy, LDAP and Entrust services. Support
for NY Life WEB-based Internet applications for customers and national agent population.
Handle issues involving egress corporate Internet access such as providing outbound routes and
resolving Internet access performance issues. Identify security issues and possible exploits
utilizing White Hat hacking tools.
Jeffrey J. Sicuranza page 16
• Participated in the corporate Internet access provisioning utilizing BGP for Internet access to
diverse ISP (UUNET and AT&T). This included configuration and sizing of the routers for BGP,
load balancing, redundancy, security, route summarization and IGP redistribution.
• Designed and implemented corporate router and switch infrastructure access security system
utilizing Cisco Secure and TACACS+ protocol. Cisco Secure was used to migrate from a
shareware script based TACACS server. Tested and configured all infrastructure components for
AAA support Developed infrastructure component access policies and procedures to ensure
proper administration, tracking, logging and accountability of access to critical infrastructure
components across all support organizations.
• Developed OSPF lab to test protocol operation and resiliency for possible EIGRP retirement.
Tested SPF convergence operation, DR overhead requirements, LSA functionality, adjacencies
state performance, route flapping for SPF impact, summarization, priority and path cost
• Implement IPv6 based router lab to test operating characteristics and performance attributes of
the protocol. This information was provided to CID as a strategic initiative to understanding the
feasibility of migration and co-existence of both IP versions.
• Evaluated Multicasting applications and H.323/SIP protocol operation utilizing Real Media server/
client and Microsoft Netmeeting over Cisco infrastructure components.
• Implemented IPSEC router lab to test the operating characteristics and performance issues
related to building secure VPN tunnels utilizing IP SEC. The utilization of pre-shared keys and the
Tunnel mode method was implemented. Recorded performance results based on IPSEC
ISAKMP connection negotiation, router processing overhead and SA policies and encryption
methods utilizing Crypto maps, AH, ESP, MD-5 and Triple DES.
Canon USA, Corporate Headquarters
• Report to Information Systems management as a strategic infrastructure and applications analysis
expert for their Year 2000 Client/Server integration project. This project dubbed “Project 21”
entailed deploying Oracle two-tier based custom wholesale and retail applications designed and
written with Oracle’s Designer/Developer 2000 to replace their Mainframe based system. Oracle
Financials was also deployed for the purchasing department. A custom written three tier-based
application was also deployed that utilizes Oracle on the back-end for wholesale and retail
functions. The Server platform is based on IBM’s SP multiprocessing AIX system running multiple
Oracle instances on six different 8-way nodes. This new system will be used by 2000 plus users
on the campus and worldwide. The project had an aggressive completion date of October 1997
when all users will no longer use their Legacy IDMS/2 based system and access corporate data
from the Oracle based system.
• Immediate role was to analyze all critical application traffic/protocol characteristics and model the
impact against the current infrastructure. Developed a traffic modeling application that provided
estimated response time and impact statistics on 10/100Mbs segments of the current infrastructure
and WAN. This model was used to develop a tactical architecture that entailed creating a
redundant FDDI Client/Server backbone with high- speed routers on the periphery to balance and
handle immense traffic loads from the campus LAN/WAN reliably and efficiently.
• The campus network was restructured using Cisco Catalyst switches for 10/100 segmentation of
office automation and mail traffic. A 100mbs Ethernet backbone was created for all File, DNS,
UNIX, Mail and Intranet servers. The design segregated the daily campus traffic from the
production Client/Server traffic enabling quick deployment of the new system without a complete
infrastructure overhaul as well as provide a simple understanding of the Client/Server traffic flow.
The project was completed on time with minimal impact to users and other corporate systems.
• Tuned Oracle applications for optimized network performance by protocol and SQL analysis.
Worked with developers to exploit Oracle Server and Oracle Forms tuning options to reduce
network traffic and provide efficient delivery of queried data. Results of tuning were applied to all
Oracle Forms based applications.
Jeffrey J. Sicuranza page 17
• Solve complex Oracle application and Server performance issues by protocol analysis to determine
if the network, database server, or the application code was the cause. Review trace findings and
point out application inefficiencies to developers for correction and tuning.
• Implemented and documented Sprint and Eagle Raptor based remote IP dial access solution for
the entire organization. Managed entire project, assisted in implementation, troubleshooting
developed the documentation to be added to Canon’s Intranet.
• Developed Canon’s first Network Security policies and procedures documentation. This document
covered areas such as computer room operations, password standards, support and escalation,
roles and responsibilities including breach of security drills.
• Authored Canon’s first Change Control Policies and Procedures document to be used by the entire
IT division for all levels of system operations. This document covered the basic Change Control
process and outlined procedures that must be followed when making a change to an IT
• Administer, troubleshoot and expand a 75 plus site router based national Frame-Relay and
international X.25 network that supports over 10,000 remote users for the new Client/Server
applications, office automation, manufacturing, marketing, finance, inventory and product
distribution systems. Provide support for routing protocol operation of IGRP, EIGRP, RIP and IPX
RIP/SAP management plus Apple-Talk, TCP/IP, and SNA. Solve complex LEC physical T-1 and
Frame-Relay issues. Perform BERT testing and determine carrier trouble locations. Troubleshoot
out-source VPN networks from IBM and AT&T. determine if the problem is network, carrier or
• Administer, troubleshoot and expand a multi-protocol campus network based on Layer II Cisco
Catalyst switches and collapsed switch and router backbones. Solve network throughput and
protocol issues. Troubleshoot and maintain switch and router hardware components.
• Restructure of legacy Token-Ring architecture and WAN-based remote Source Routed Bridged
network by simplifying traffic paths and spanning-tree configuration for SNA and AS/400 hosts.
Eliminate loops, removed Cisco IOS bugs and passive MAU equipment for managed
concentrators. Restructure traffic levels, faulty wiring and eliminate beacons and consistent ring
purges. The restructure provided Canon with a more consistent operating Token-Ring SNA
• Developed enterprise network management strategy for IT staff consideration. This strategy
covered all aspects of Canon’s Network and application resources. The strategy suggested an
element building block approach to achieve a heterogeneous system that can accommodate
changes in business and technology direction.
• Troubleshoot Novell NDS and Windows NT server and applications issues on an as needed basis.
Provide recommendations to management regarding performance optimization for applications and
server throughput. Evaluated CISCO PIX firewall and remote Internet access for mobile business
applications. Provided guidance regarding security policies, encryption, authentication and methods
• Managed the Data center relocation and consolidation project. This project entailed consolidating
two data centers. Led critical systems relocation planning and scheduling. Ensured infrastructure
requirements were accomplished prior to the move. The move was completed over a holiday
weekend with no impact to the business.
• Managed relocation of entire IT division to new facilities in a different campus building. Ensured
infrastructure and scheduling of move for personnel, help desk, and critical IT support equipment
was available for an aggressive three week schedule. The move was handled in three phases and
completed on time without impact or discontinuance of support to the entire business.
Philip Morris USA
• Directly reported to the director of Technology Planning and Research as a network technology
subject matter expert. Worked with business planning managers to determine business needs and
clarify requirements. Arbitrate business demands between IS and all domestic business units.
Provide designs and recommendations with business and technical rational to IS clients. Perform
Jeffrey J. Sicuranza page 18
research on emerging technologies. Counsel IS and its clients on tactical and strategic direction.
Review strategic plans for the business regarding the network infrastructure and application impact.
Provided expertise in the areas of LAN/WAN protocols, router switching architecture, risk analysis,
Client/Server technologies, ORACLE parallel servers, IBM SP Tower UNIX RISC servers on FDDI,
Frame-Relay and network security including firewall technologies.
• Authored MCI’s Policies and Procedures for the Network Operations Data Center. This document
set the IS Operations direction after an IS reorganization and prepared IS for future
Telecommunication merger opportunities. This document covered policies and procedures from
personnel to component management and security. Analyzed existing campus LAN, Intranet and
international OSPF based Cisco router WAN for improvements and security violations. Managed
and completed Novell file server migration deliverables on Data Center project. Resolved
LAN/WAN protocol problems. Provided support of 1000 node Token-Ring infrastructure. Provided
network architecture direction in terms of campus network infrastructure re-design. Supported
Intranet Windows NT server integration for DHCP and DNS and Intranet access across network
segments. Designed Data Center File Server management policy and recommend management
• Designed and implemented multiple site mesh Frame-Relay network for messaging and application
developers. Developed IP and IPX addressing schema for WAN topology. Configure and install all
CISCO routers. Manage Frame-Relay vendors and circuit translations.
Chase Auto Finance Bank
• Designed and implemented a complete ISDN backup network to provide simultaneous cut over
from Frame-Relay and Router failures. This enabled the bank to preserve the integrity of its
Imaging and NetWare 4.1x architecture at a reduced cost. Completed redesign of the company’s
1000 user Token Ring infrastructure to resolve Source Routing and Spanning Tree issues.
Designed and implemented Network Management system that manages all routers, bridges and
hubs. The system was based on SUN Solaris and HP OpenView.
• Completed Frame-Relay integration project for the bank to utilize Novell 4.1x NDS and support for
Imaging based applications over a WAN. This network is tied to the division's "bottom line" which is
based on the imaging transactions that are now supported over a WAN. Linked several regional
offices with CISCO routers and applied the proper tuning methods to reach optimal WAN
performance. During the lifecycle of this project, maintained roles of: Project Manager, WAN
engineer, LAN engineer and general technical consultant. This project was completed on time
during an aggressive implementation schedule of five weeks.
AT&T Solutions/Chase Bank
• Completed term as a Senior Consultant for AT&T on the Chase Bank outsourcing project.
Managed an average of 35 projects that are unique in technical complexity. Also performed
Jeffrey J. Sicuranza page 19
low/high level hands on protocol and traffic analysis, router support, implementation, and
application impact analysis and infrastructure re-design support. Provide technical consultation on
many SYBASE Client/Server based projects that require access to the corporate infrastructure.
• Perform traffic, protocol and application analysis for Client/Server application deployment in Chase.
This entails determining traffic and response times for SQL queries, infrastructure and component
impact. Determine which areas of the Client/Server system require tuning. Projects included Data
Warehouse consolidation, remote access to SYBASE SQL servers and SYBASE replication traffic
analysis from IBM Hosts.
• Provide AT&T and Chase project management, engineering and troubleshooting support. This
entails support of CISCO Routers, immense Token Ring and Ethernet environments, backbone and
WAN support. Performed an analysis and re-design of 1700 node remote campus architecture to
support evolving Client/Server applications by providing additional bandwidth capacity and
throughput. Research included options to collapse backbone architecture to either a router or
• The resulting analysis report identified the network and application illnesses pertaining to protocol
use, distribution and traffic baselines. The report also provided recommendations and plans on how
to rectify such issues.
• Managed and contracted AT&T GIS Network Architecture Consulting group on behalf of Chase to
perform a similar study for five major remote sites of the bank. Reviewed all reports for technical
issues and distributed to remote sites and engineering for review and implementation. The remote
analysis project required six months at a cost to AT&T of 500k. The project was completed on time
and the information gathered was critical for AT&T to provide proactive support of the bank's
network by reducing the discovery time required to engineer or troubleshoot each location.
• Reviewed and led a major water utility in Delaware in the development of right-sizing migration
plans to move their entire data processing system from a mainframe to a distributed Client/Server
system. Analyzed the business processes and the technical aspects of this plan. Created the
business review and provided recommendations for selection and sizing as well as direction for
migrating to a distributed Client/Server system. The deliverable was a detailed report with all of my
findings and recommendations in regard to their migration plan. This document's goal is to provide
specific direction for the client relating to their migration plans. All areas reviewed were analyzed
from a technical and business perspective to ensure each component has a sound business
rational and technical feasibility.
ENTEX Information Systems
• Closed a contract with IBM to be the main subcontractor to provide 300k in services and one million
in hardware to a major Japanese bank. Developed Statement of Work, Legal documents and
Jeffrey J. Sicuranza page 20
Project plans. Hired and managed group of out-source consultants to represent ENTEX and
perform the work. Managed group of seven different consultants for a period of two months. Project
completed ahead of schedule and ahead of budget/profit forecasts.
• Restructure of 1500 node multiprotocol and multiplatform local Internet for a major
pharmaceutical’s corporate headquarters in New York City. The restructure provided the client with
"any to any" connectivity to any resource, greater bandwidth, stable network management,
horizontal and vertical scaling options. This restructure was the result of recommendations from a
month long LAN/WAN analysis that analyzed every possible technical and business resource of the
company. The restructure was planned and performed over the weekend with no fallout and user
• Provide Pre and Post-sales support to 35 sales executives with respect to complex
communications and integration issues. Provide support to Systems Engineers when problems
arise during implementation of solutions. Perform billable consulting services to clients. Act as
quality control and project manager for all large-scale integration projects. Conduct research and
development in respect to communication and application based products. Write analysis papers
• Inspect and design all LAN, WAN schematics/proposals and develop technically "air tight" solutions
for the client in regard to their respective and future business and data processing goals. Manage
all large scale and national LAN/WAN integration projects. Recipient of many branch awards.
Jeffrey J. Sicuranza page 21
Product and Technology Experience:
Below is a list of just some of the technologies and products I have used throughout my career.
Server and desktop operating systems:
• Windows 2003 Server and Enterprise Server and server applications
• Windows 2000 Advanced Server, Server and 2000 professional
• Windows 2000 Server DNS, WINS, DHCP services and RAS services
• Windows 2000 Resource Kit
• Windows 2000 Media Server and player
• Windows 2000 Terminal Server
• Microsoft Windows XP Professional and all previous versions
• Microsoft Windows XP Tablet edition
• Microsoft Windows CE 2.0/3.0 and Mobile 5/6.0
• Microsoft Outlook 2002 and 2003
• RedHat LINUX Server 5.2, 6.2 through 7.2 Gnome and KDE environments
• Familiar with UNIX environment and file systems
• MS-DOS All versions
• IBM X series server’s IBM Director server management tool
Protocol Analyzers, wireline and wireless analysis tools:
• Agilent Advisor J2300 series protocol analyzer with all acquisition modules
• Agilent Advisor Software edition
• Agilent/Telegra Voice Quality Tester VQT
• Network Associates Sniffer (legacy DOS) Distributed and Sniffer Pro
• Polito Analyzer
• Network Chemistry Packetyzer
• LinkFerret 802.11b/g protocol analyzer
• Netwrok Chemistry Neutrino Distributed Wireless Sensor with Fusion Desktop
• Network Chemistry WSP100 802.11b remote analyzer
• Aerocomm SA3000 2.4Ghz Spectrum Analyzer
• Yellowjacket 802.11 spectrum anlyzer
• Microsoft Office 97 and 2000, 2003 and 2007 suite of applications
• Lotus suite of office automation and back office applications
• Experienced with hundreds of DOS/Windows and UNIX based tools, applications and utilities
• Experience in troubleshooting various custom applications encountered throughout career
• Visio 2000-2003 professional and enterprise versions
• Tardis 2000 NTP server
• AT&T Virtual Network Computing VNC server and client software
• Entrust, Cybercop, Mercury load runner Quick test for SAP R/3, Ganymede Chariot
• Hummingbird Exceed series of networking tools
• Nantech BGP traffic generator
• Pine Mountain Group Netanalyst toolkit
• A&Gs Net tools
• What’s up Gold suite
• Norton AntiVirus Corporate edition
• TFGen and UDP flood
• Netview Network management scanner
Jeffrey J. Sicuranza page 22
• Engage Packet Builder
• AP chat
• RZKFLOW for Netflow
VOIP products and tools
PcPhoneline POTS gateway and SIP phones
Cisco FXS and FXO interfaces and configuration
Cisco Call Manager Express
Interactive Intelligence SIP server
Brekeke OnDo SIP server
Free World Dialup(FWD) configurations
Security tools and utilities tested and used:
Foundstone Netscan tools Wsremote
Aptools John the ripper
Cygwin Keylogger Stealth
Boson GetPass Rootkit
• ORACLE Server 6.0, through 8i for UNIX on IBM SP2, Solaris platforms, Windows 2000 SQL*NET
version 1 and 2 with an in-depth understanding of TNS protocol. ORACLE Enterprise Manager
• Microsoft SQL Server 2000 basic installation and troubleshooting
• Microsoft SQL Server TDS protocol analysis
Jeffrey J. Sicuranza page 23
Programming languages/compilers/web development tools:
• C++ Object Oriented programming, ANSI C
• Microsoft Visual C version 6 and MSDN
• LIBNET packet building library.
• WINSOCK 2
• Microsoft FrontPage 2000, 2002 and 2003
Experience with the following networking products, protocols and technologies:
• CISCO product implementation, troubleshooting, research and design
• CISCO 2500 through 75xx series routers. All different models and interface
• Cisco Catalyst 6500 series switches 6503 up to 6513
• Supervisor 1a, II and supervisor 720
• Catalyst 3750 switches
• 2800, 3800, 3745 series of routes
• Cisco 10720 DPT routers
• Cisco ASA security appliances
• CISCO Catalyst 4000, 5000 and 5500 series switches
• Cisco Catalyst 3550 and 1900 and 2900 series switches
• Cisco Cluster Management Suite – CMS
• Cisco Internet Performance IPM
• Cisco CWDM Gbics and LANShack 40dBm VOA
• CISCO IOS 9.x through 15
• CISCO PIX Firewall with IOS version 6.0 – 6.3 and Pix Device Manager – PDM
• Cisco IOS Security Device Manager SDM
• CiscoWorks 2000, CiscoSecure ACS and CiscoView
• Cisco Aironet adapters and Access Points
• Operational experience with Concord E-health 5.1
• Proxim AP2000 and AP2500 Enterprise Access Point
• Asus WL-500g Access Point
• Putty SSH for SSH to Cisco routers and switches
• Ngenius Netsouct 1.4 server
• Netflow ver. 5 with RZKFLOW utility
• Teletronics 2.4Ghz bidirectional Amplifiers
• BVS Yellowjack 802.11 analyzer
• 2.4Ghz ISM and 5Ghz UNNI RF wave guide and spectrum theory
• 802.11b protocol analysis and 2.4Ghz spectrum analysis
• WiFi/802.11 DSSS, FHSS, CSMA/CA, DCF, PCF, RTS/CTS operation and analysis
• 802.11a/b wireless technology and adapters from Cisco and Oronico/Proxim
• HyperLink Yagi and Omnidirectional 2.4Ghz antennas
• MaxRad Sector and Yagi 2.4Ghz antennas
• Andrews Mag Grid Parabolic 2.4Ghz antennas
• EZNEC Antenna design software, basic directional 2.4Ghz cantenna development
• Very familiar with complete TCP/IP protocol stack, operation and behavior
• IP addressing planning and implementation and IP unnumbered
• Very familiar with routing protocol suites and operation of BGP, EIGRP, IGRP, RIPv1,
RIPv2, OSPF, IRDP, ODR, NHRP and ISIS
• POP, SMTP and IMAP protocol analysis for operation and security audits
• Tag switching and MPLS operation and analysis
• Very familiar with Cisco and standard bridging protocols 802.1d Spanning Tree BDDU,
Cisco enhanced Spanning Tree operations(MST, PVST, Root Guard) Source Routing,
RSRB, DLSW+, SRT, basic transparent and translation bridging
• 802.1w Rapid Spanning Tree and 802.1s Multiple Spanning Tree protocols
• Ethernet Switching technologies and protocols, VLANs, VTP, ISL, 802.1q, Trunks,
Etherchannels and SPAN, HSRP, VRRP, MLS and 802.1x port security.
Jeffrey J. Sicuranza page 24
• Utility protocols such as ARP, BOOTP, DNS, DHCP, FTP, TELNET, ICMP and X-
• Netbios and Netbeui protocol operation and tuning SAP analysis
• Tunneling and VPN protocols, GRE, STUN, VPDN, L2TP, PPTP, IPSEC AH/ESP and
Multilink PPP channels
• Very familiar with all IEEE 802.3 variants, physical media components and frame types
such as Ethernet II, SNAP, and Fast Ethernet 802.3u/x/z/ab/ac/ad/ae protocols and
• Ethernet standards 10Base-T/F, FOIRL, 100BaseT/F/X 1000Base-T/X/SX/LX
• Very familiar with many 802.x networking standards
• Very familiar with IEEE 802.5 Token-Ring protocol and operation
• Understanding of Data encryption and cryptography technologies, DES, RSA, MD4 and
5, IDEA, IPSEC, PGP, PEM, Kerberos, and KDS
• Basic IPv6 operation, addressing, protocol analysis and implementation
• Familiarity with X.25, DEC and LAT protocols
• Very familiar with Oracle’s SQL*NET and TNS Client/Server protocol as well as SQL
Server TDS protocol.
• In-depth understanding of IPX/SPX, RIP, SAP, NCP, NLSP, IPX EIGRP and NDS
protocol operation and troubleshooting
• In-depth understanding of 802.2 Logical Link Control (LLC) I, II primitives operation
• IPX/SPX level C programming
• RS232, HDLC, asynchronous Protocols, SDLC, PPP, LAPD, LAPF and Q921/931, SS7
• SNMP, RMON and ASN protocol operation and analysis
• Basic understanding of CWDM and DWDM planning for dispersion, optical budgets,
attenuators, laser amplifiers and spectrum band usage.
• SONET STS-1 and 3 protocols and operation
• In-depth experience with DDS, T-1/E-1, T-3, B8ZS, AMI, 4b/5b 8b6T, 8b/10b, CSMA/CD
and CA, Manchester with differential signaling protocols operation and troubleshooting.
BERT testing and CO leg tracing.
• Designed networks to utilize limited distance vector algorithm, DUAL based, hop and
path cost based routing protocols as well as link state protocols such as NLSP and
• In-depth experience with Frame-Relay protocol RFC 1490 operation, design and
• Multicasting protocols design implementation and operation, RPF, Dense and Sparse
Mode, PIM, IGMP, CGMP, IGMP snooping.
• In-depth experience with ISDN operation, design and troubleshooting.
• Class of Service/DSCP, Assured and Expedited Forwarding PHB, RSVP operation and
• IP TOS, IP precedent, 802.1p, QoS analysis and operation
• Internet protocols HTTP, SHTTP and SSL operation
• ANSI FDDI protocol operation, analysis and troubleshooting
• Voice over IP(VoIP) protocols H323, H225, H245, Q931, SIP, Codecs and gatekeepers.
• IBM X series of 1U/2U servers
• DataComm 52xx series managed CSU/DSUs
• Digital Link/Quick Eagle DL3100 T-3 CSU/DSU access multiplexer
• Audiovox and Toshbia Pocket PC PDAs
• Various CF and SDIO based memory and WIFI cards for Pocket PCs
• Fujitsu Table PC series
Jeffrey J. Sicuranza page 25
Legacy technologies, utilities, applications and tools:
• BAY Networks 2800, 3000 and 5000 series of concentrators.
• Cabletron MMAC and MMAC + series of concentrators and switches.
• ALANTEC/FORE Power HUB Ethernet switch
• Kalpana Ethernet Switch
• Token Ring: IBM, Pure Data, Thomas Conrad, SMC, IBM 8228 MAU and 8230
• Ethernet: All Intel, 3com, Bay, Cisco, Chipcom, Netgear, Linksys, and Dlink products
• FDDI: Cabletron and CISCO products
• ARCNET: Standard Micro Systems
• Bay Networks/Nortel ASN/BCN routers
• AT&T Paradyne CSU/DSU 31, 36 and 9120 series with compression
• Bay Networks Centellion 100 Token-Ring /ATM switches
• ADDTRAN ISU 128 ISDN CSU/DSU
• IDNX LWX Routers. Verilink Access 2000 series.
• IBM Remote bridges utilizing ARTIC boards and UDS CSU/DSU's.
• Wireless Microwave Ethernet technologies.
• IBM Bridge Program 2.1, 2.2 and IBM 8209 Bridge,
• 3Com link builder series of Routers Netbuilder I and II.
• ANSI FDDI protocol operation
• SunNet Manager and HP OpenView network management systems
• Familiar with IBM SNA, 3270 LU 6.2 design, analysis and troubleshooting.
• Practical hands on knowledge of ATM operation and MOPA, LANE protocols
• Netsuite LAN modeling software
• Intel Proshare Video Conferencing for LAN and ISDN
• Novell ManageWise
• Very strong LAN and WAN architecture design and troubleshooting disciplines
• Nine years of design and implementation experience with Frame Relay and ISDN
• NT 4.0 Server and Desktop
• Novell NetWare all versions to 5.1, SUN Solaris 2.3, 2.4
• IBM AIX, UNIX SVr4 some shell programming
• Familiar with UNIX environment and file systems
• OS/2 All versions, IBM PC LAN Pgm.,
• IBM LAN Network Manager 1.1, Apple Systems 6.06, 6.07, and 7.0 Apple Share III.
• SunNet Manager
• HP OpenView Network node manager
• Oracle NT and NetWare and OS/2. ORACLE Tools, ORACLE CASE Tools 5.0, Structured Query
Language (SQL) ANSI, ORACLE SQL*Plus and PL/SQL procedural SQL. Developer 2000,
Designer 2000 and ORACLE Financials.
• Lotus Notes and CC:MAIL for DOS and Windows, Attachmate and RUMBA terminal emulation
• BASIC, COBOL, Assembler, SQL, C, FORTRAN, MBP COBOL, MS-COBOL, MS-C, RM-COBOL,
MS-MACRO ASSEMBLER 5.1, MS-C, Quick C for Windows, ANSI SQL, SQL Forms, Power
Builder 3.0a, MS C++ version 4 and 5.
Jeffrey J. Sicuranza page 26
Stay abreast of current industry and scientific topics that may apply to a client's
technology investment. Some listed:
• Network security exploit/hacking analysis
• Enhancement in general networking and protocol development
• Grid, Clustering and pervasive computing
• Application development trends
• Internet/Intranet access design and implementation
• Client/Server and ERP,technology -- Oracle and SAP
• Web Services, Web 2.0, ASP, CRM, SOA applications
• Custom Workgroup/Workflow applications
• 10-100G Ethernet solutions
• Broadband technologies - Broadband over Power and Fiber to the Premise
• WiFi Wireless communications (802.11a/b/g/n)
• Latest advances in microprocessor technology
• Wireless Broadband MAN 802.16a/e(WIMAX) and LTE
• FAST and Gigabit Ethernet (802.3ab) and (802.3u and z)
• Server virtualization trends
• Cloud computing trends
• Unified Computing/Communications solutions
• Network management - SNMP III
• Network Security and Cryptography
• Layer 3 through 7 switching, CoS and Qos
• Advances in WAN, Routing and Switching technologies
• WDM technologies and products – DWDM - CWDM
• Energy and Data center efficiency technologies
• Operating system and file system enhancements
• Data storage, SAN, NAS, SCSI-IP and archiving enhancements.
• Smart Grid, SCADA systems and DNP protocol
References: Furnished upon request.