Jeffdetailed06.doc.doc

707
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
707
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Jeffdetailed06.doc.doc

  1. 1. Jeffrey J. Sicuranza 171 Willowood Dr. Wantagh, N.Y. 11793 516-796-9607 JeffSconsultant@amilabs.com Summary Professional technology consultant with a strong and diverse background in enterprise network architecture, design, planning, upgrading, securing, implementation and troubleshooting with an extensive understanding of application systems and their cohabitation requirements on enterprise networks. Over twenty years of computer industry experience in the professional disciplines of Business & Technology Consulting, Data Communications Engineering, Project Management, Systems Analysis and Design, Programming, Compliance, Executive Management, Systems Engineering/Integration, Business Analysis, Sales and Marketing. Background includes Enterprise Network Architecture design, planning, implementation, and troubleshooting. Has demonstrated experience as a team leader and/or member within all levels of management, including technical staff and clients. Extensive project management experience in network and application based integration projects. Skills and background: Technical experience and knowledge encompasses many product areas and technologies, some including are: enterprise network infrastructure and Internet/Intranet design, IBM, CISCO, ORACLE, SAP, Microsoft, Novell, Frame-Relay, DPT/SRP, SONET, Gigabit Ethernet, Ethernet(all variants), C/DWDM, UNIX/LINUX, TCP/IP, IPX, Token-Ring, FDDI, VLANs, Spanning Tree protocols(RST/MST and legacy), VTP, MLS, VPNs, MPLS, IPSec, DS/OC technologies, Wireless 802.11a/b/g/n, Wireline/Wireless Broadband, RF and Spectrum analysis, IPv6, Multicast, VoIP, VoWifi, H323, SIP, SIP Soft phones, SIP servers, QoS, Data Encryption, SNMP, Routing protocols(EIGRP, RIP, BGP, OSPF) network management solutions, SNMP, network and application performance modeling, protocol and traffic analysis using protocol analyzers(sniffers) from Agilent, Network General to Wireshark plus data and network security. SCADA systems running DNP v.3 over IP analysis and design. Vast, detailed and applied experience with many legacy and current networking, server, workstation and application technologies. Possess understanding of basic electrical and thermal engineering concepts plus circuit analysis and design. Experience: Enterprise network and distributed applications planning specialist who performs in-depth, hands-on planning, engineering, implementation, upgrading and troubleshooting of enterprise level LAN/MAN/WAN based networks. Responsible for providing network architecture and design recommendations plus strategic planning of complex inter-networked WANs, LANs, MANs and wireless LAN/WANs. Experience working with applications, servers and workstation systems with an emphasis on performance, scalability and flexibility. Experience integrating Distributed Client/Server, ERP/CRM, Internet, Intranet, security, and E-commerce solutions into existing networks. Provide strategic and tactical direction to IT executives and directors with regards to applying technology to business requirements. Work closely with application developers, business analysts and end user customers to ensure sound design and implementation of new or expanding systems.
  2. 2. Jeffrey J. Sicuranza page 2 Functional Experience: Business and Technical Analyst •Provide management and technology industry consultation to corporate CEO, CIO and corporate legal representatives. •Provide network analysis and design consulting services to a diverse clientele. •Provide in-depth network and application troubleshooting services to a diverse clientele. •Provide business and technical guidance to a diverse clientele. •Apply structured disciplines that include design considerations for LANs, WANs, MANs Intranets and Internet access. •Perform in-depth structured analysis on all components of a LAN or WAN system to determine considerations for designs and supply statistical data to enforce considerations that provide insightful strategic or tactical direction. •Provide application and network performance analysis for SLA compliance and determination. •Analyze all types of networks from a technical and business perspective plus provide detailed results that join business needs with technological feasibility. •Analyze client business rational to assist client in making strategic and tactical decisions relating to their ERP, CRM, B2B, E-commerce, Client/Server and legacy systems investment. •Assist clients as a business and technical consultant by analyzing enterprise business or specific business processes and technical attributes relative to the client’s overall plans. •Perform in-depth technical research based on design factors; considerations and statistical data reared from analysis to properly size and select products and services that meet the client's requirements. •Supply recommendations and options for selection and sizing of all hardware, software and services. •Provide economical cost of return(ROI) and residual asset value information on new or existing technology assets deployed. •Analyze right sizing plans and provide detailed recommendations that provide direction and scope to clients. •Provide ideas and plans to implement best practices to solving technical related issues. •Provided guidance on how to continually utilize current network infrastructure assets to their fullest lifecycle. Project Management •Provided high level and hands on Project Management services for over 200 IT projects utilizing skills developed from experience and PMI methodologies. •Managed several high visibility integration projects with budgets from 50k to 10 million. •Successful completion of many right-sizing projects by providing strategic and specific direction for migration of legacy based systems to Client/Server, ERP and E-commerce. •Managed teams of consultants and engineers to obtain, qualify, manage and close system integration projects for a major systems integrator. •Provided technical direction and assistance to systems engineers and team members. •Provided logistical project direction and outline project risk impact attributes on client systems. •Built temporary teams of engineers and project managers for large scale outsourcing projects. •Developed new and reviewed existing legal documents and Statements of Work pertaining to Information Technology projects. •Define and assign all staffing resources for large-scale integration projects. •Created and/or reviewed all project budgets, plans and logistical information pertaining to IT projects. •Coordinated resource information between many different corporate departmental layers to ensure project objects and tasks are clearly communicated and assigned. •Created process flow structure on all project life cycle based procedures. •Submitted monthly and quarterly Profit and Loss(P&L) reports pertaining to projects and resources used. •Managed up to 35 projects simultaneously in a six-month period for a major NYC financial institution. •Created and developed job descriptions for staff augmentation. •Conduct all business and technical interviews for staff additions. General Technical •Solved many complex LAN/WAN/MAN issues related to operational, design or manufacturer oversight
  3. 3. Jeffrey J. Sicuranza page 3 that resulted in mitigated outage time and financial impact to the client. •Designed and built numerous homogeneous and heterogeneous network infrastructures for clients over the past 17years. •Migration of routing protocols for several enterprises. •Perform in-depth forensic protocol/traffic analysis against WEB based, ERP, two and three tier Client/Server, proprietary, and Legacy applications. •Conduct network security audits and traffic analisys. •Apply network protocol or operating system tuning methods to infrastructure components to maximize component’s lifecycle and to meet performance or SLA requirements. •Developed application impact performance modeling application for a Fortune 500 client. •Developed Network Operations Policies and Procedures with an emphasis on MAC, problem escalation and reporting. •Provide RDBMS consulting pertaining to network tuning, optimizing and development of different RBMS platforms. •Provide impact analysis on deployment of ERP, E-commerce, B2B, and two/three tier Client/Server systems on existing infrastructure. •Authored many technical solution and White Papers. •Designed Help Desk problem escalation process, procedures and policies. •Developed Network Operations Center (NOC) process, procedures and policies. •Developed Network Management strategies and policies. •Implemented Network management systems for enterprise networks. •Provide Year 2000 infrastructure and Client/Server consultation. •Provide Disaster Recovery planning and testing assistance to clients. •Developed Network and Information Security policies and procedures for Fortune 500 clients. •Participated in many pre-production QA analysis and proof of concepts projects. •Created technical training material and mentor network support personnel on general network problem isolation, troubleshooting and protocol/traffic analysis. •Created Wireless security audit reports for a variety of clients •Participated in several Wireless protocol analyzer beta programs by providing operational feed back for product improvement. •Architect Wireless LAN/WAN solutions. •Familiar with SCADA system analysis and upgrade over IP based networks. •Provide consultation regarding Metro Ethernet technologies. •Experience in basic electrical engineering circuit design and analysis Employment history:
  4. 4. Jeffrey J. Sicuranza page 4 Employment Title/Role Date Applied Methodologies Principal Consultant 5/08 – Present Consolidated Edison Sr. Consultant 10/07 – 4/08 TAM/Redwood Toxicology Sr. Consultant 8/07 – 9/07 New York Life Sr. Consultant 11/06-12/06 Consolidated Edison Sr. Consultant 1/05 – 10/05 Applied Methodologies Principal Consultant 9/02 – 12/04 Netstream Sr. Consultant 5/02 – 8/02 Consolidated Edison Sr. Consultant 4/01- 4/02 Applied Methodologies Sr. Consultant 11/00 – 4/01 Tender Loving Care Sr. Consultant 10/00-11/00 New York Life Sr. Consultant 9/98 – 10/00 Canon USA Sr. Consultant 5/97 - 9/98 Philip Morris USA Technology Planning Advisor 1/97 – 4/97 MCI International Sr. Consultant 10/96--1/97 NAB Construction Sr. Consultant 9/96 –10/96 Chase Auto Finance Sr. Consultant 3/96 – 9/96 AT&T/Chase Bank Sr. Project Manager/Engineer 9/94 – 3/96 NETLAN Sr. Network Architect 1/94 – 8/94 ENTEX Information Systems Sr. Systems Consultant 4/91 –1/94 Various Technology Companies Systems Engineer 1984 – 1991 Education and Professional Certifications: Education: Empire State College (S.U.N.Y.) Computer Science Industry Certifications: • Cisco Certified Network Professional • Cisco Certified Design Professional (CCNP) (CCDP) • Certified Wireless Network • ORACLE MASTER for Oracle 7 DBA Professional (CWNP) CWNA and CWAP • Certified Network Expert (CNX) • ORACLE MASTER for Systems • NOVELL Certified NetWare Engineer Analyst CASE (CNE) • Pine Mountain Group Certified Network • Project Management Institute (PMI) Analyst Member • Agilent Internet Advisor Protocol • Hewlett Packard Hubs, Bridges and Analyzer Routers • Synoptics Lattisnet Network • IBM TOKEN RING and OS/2 LAN Management System Server • EICON X.25 Routers • Apple LAN Literacy • Over 35 additional certificates relating to various IBM technologies
  5. 5. Jeffrey J. Sicuranza page 5 Recent Professional Achievements Applied Methodologies, Inc. • Developed an IT based alternate energy generation solution to assist data centers in reducing their power consumption costs. Currently involved in the following processes: patents, prototype development, business planning, market analysis and venture capitalist interviews. Consolidated Edison: • Construction Oversight Manager for communication room construction projects for new electrical Transmission or Distribution Substations in the NYC area. Provided Project Management services, Project Management mentoring to new PMs assigned to IT substation projects and conducted communications room build out compliance oversight to ensure that all communication rooms within a substation meet ConED’s and National Electric Code technical and safety standards. Provide communication between the IT and construction teams to ensure that all critical redundant optical voice and data networks are operational prior to substation start up. Drafted and enforced several project and compliance related processes. TAM Corporation/Redwood Toxicology: • Hired as the lead remote troubleshooting consultant for a medical screening company. Worked with overseas developers, local network engineers and business management to resolve an application upgrade transaction issue. The new application was experiencing performance issues and timing out thus causing a backup in screening applications. Work was conducted remotely to analyze packet traces of SQL transactions to determine if the application or the network was the cause. Also, outlined potential points to upgrade and tune for all components(servers, client PCs, middleware, routers, switches, medical data acquisition equipment) involved in each screening transaction. Coordinated all troubleshooting activities remotely to isolate and resolve the issue. New York Life • Conducted a Radio Frequency(RF) and general wireless security audit for the investment division of New York Life. The audit covered RF leak point analysis, spectral analysis, rouge workstation and access point identification, cell size analysis, packet encryption and general 802.11 traffic/protocol analysis to determine the security issues present. A detailed report was submitted which outlined all issues observed with recommendations. Consolidated Edison • Created a Quality of Service(QoS)strategies White Paper to provide strategic recommendations regarding QoS planning and implementation in the enterprise. This document outlined the following areas regarding QoS for their enterprise: general introduction to QoS concepts(DiffServ/IntServ) and internal QoS reference, strategic recommendations regarding QoS planning and implementation, various device, application and protocol matrixes to facilitate planning, audit results of Cisco based network components to determine their QoS capabilities, QoS architecture design considerations and principals, identification of candidate QoS applications, identified and tested QoS tools to for DOS mitigation and security uses, outline several QoS models, details of QoS solution based on the models, introduction to ConEd’s custom command line and menu based QoS tool set, recommended deployment approaches, outline of QoS management tools, outline of troubleshooting tools and methods plus include initial lab result findings for pre-deployment planning. A custom IOS command line and menu
  6. 6. Jeffrey J. Sicuranza page 6 based QoS tool set to facilitate testing, deployment and support of QoS commands and protocols for the network support staff was developed. This document was an all encompassing, strategy, plan and “how to” guide to assist ConEd in deploying and managing QoS across its enterprise network to support a call center disaster recovery VoIP based system and upcoming enterprise wide VoIP and Video deployments. • Was hired by ConEd’s legal department during last minute subsidiary sale negotiations to provide industry based subject matter expert opinion, facts and research for ConEd regarding Metro Ethernet, MPLS and MST technologies to help ConEd make a decision regarding a multimillion dollar Metero Ethernet carrier subsidiary transaction. Conducted research, held interviews and provided the legal representatives facts and testimonial regarding Metro Ethernet business trends, technology and case studies. Attended several high level meetings with CEOs, and legal representatives from all interested parties to present and provide research findings and testimonial on such technologies and industry trends. This information was critical to ConEd to render a decision and direction in regards to a pending subsidiary sale transaction. • Upgrade enterprise headquarters’ Catalyst 6500 based core backbone from Supervisor II to Supervisor 720 modules and convert configuration from Hybrid to Native. My role was project manager and engineer for entire project. This project was required to position the enterprise core to utilize new fabric enabled SFP based line cards for additional port density, enhance server farm support, provide IOS based feature consistency and advance features such as QoS, security, MPLS, plus use of fabric enable modules and advanced fabric switching modes for increased stability and throughput. Selected hardware, upgraded fans, reviewed current and new line card power and firmware revisions to ensure all modules worked together with the new supervisor and IOS combination. Manually converted backbone software configuration from Hybrid “set” command line port based to IOS interface based and resolved cross core switch and various different redundant access layer switch, Etherchannel, Trunk, Spanning-Tree Protocol, HSRP, Vlan related negotiation and configuration issues resulting from different access layer switch platforms with different versions connecting to a new IOS based core.. Identify all cross core switch and router uplink EIGRP neighbor relationships and plan for expected EIGRP neighbor, convergence and routing state changes during the phases of the upgrade. All configurations were developed and tested on a similar core switch in a lab and checked for accuracy before deployment. Pre and post upgrade state diagrams were created to provide support staff easier planning and troubleshooting references. A detailed migration and multi scenario roll-back procedure was drafted, rehearsed with all support groups to ensure a transparent upgrade was completed successfully according to schedules ratified by management. This upgrade work entailed a physical migration of supervisor modules, some line card restacking and minor cable changes independent of each core switch with no impact to the business operation. A physical operational flip state from one supervisor model to the other of each switch was used to mitigate impact to the network and user community. A final disaster recovery test of both switches was also conducted to determine how the IOS based Core will behave in the event of a switch failure. This test provided critical information on the behavior of the core and for the network support staff to reference regarding how network management, routing protocol, core switch and floor recovery actually behave if a real issue arises. • Provide support for enterprise wide DWDM optical MANs. Identify any issues with Dynamic Packet Transport and 802.17 Resilient Packet Rings(RPR) and Spatial Reuse Protocol(SRP). Identify SRP neighbor wrapping status and wrapping sequence to
  7. 7. Jeffrey J. Sicuranza page 7 support staff and test for Intelligent Protection Switching(IPS) tuning options. Implement SRP advanced fail over protocol, Single Ring Recovery(SRR), to provide an extra level of redundancy of the DPT ring in the event of a wrapped ring experiencing a second fiber failure on any channel. Identify, troubleshoot and resolve Cisco 10720 DPT router platform and IOS issues relating to SRP priority levels for QoS, NBAR, and SRR. Tested failover speed and behavior of SRR using a 10720 lab and soft phone based Voice traffic to determine voice quality impact of a double fiber ring failure. Tested EIGRP Bidirectional Fail Over(BFD) to determine if feature is applicable for use on the DPT routers and upgraded Catalyst core switches. • Provide in-depth hands on consulting and mentoring to engineers responsible for the upgrade of a major electric control Supervisory Control and Data Acquisition(SCADA) network. Provide network upgrade architecture guidelines and migration approaches. Outlined issues of simplifying the network from a static routed, with RIP and NAT Frame- Relay based network experiencing stability and configuration management issues to a simpler more secure, scalable and dynamic network using, HSRP, EIGRP and IPSec. Also outlined the issues and approaches on how to migrate a live IP based SCADA network from one architecture to another with no impact to the Electric Operations control centers. Identify critical application issues and behavior relating to the timing impact of electrical grid control and polling processing packets relying on Dynamic Network Protocol functions running over TCP/IP. Identify several application level bugs relating to the TCP stack handling of DNP on GE’s DMS 200 Master Terminal Units(MTU) it’s Ethernet, TCP/IP stack and redundancy limitations and bugs and corresponding Remote Terminal Units(RTU). Ensured the migration covered what exactly is an application layer issue and what is a network layer issue and what issue type causes what response so critical control center personnel know exactly what to expect on the SCADA system if any of the network components between MTUs and RTUs on the IP network fail. Identify and document packet level decodes of the application and network’s use of DNP 3.0 protocol and TCP. Trained engineer on how to capture DNP packets and what to look for when symptoms suggest an application issue. Suggested the use of DNP simulation software for the SCADA lab so future DNP testing over an TCP/IP and Cisco based network can be accomplished without the initial need for an expensive RTU, master station and trained SCADA personnel to be present in the lab. • Developed a low cost distributed protocol analysis solution to save the ConEd almost half a million dollars that would have been spent on a commercial solution. This solution consisted of shareware analyze software, Windows terminal server or VNC for remote control and using existing company assets for the remote network connectivity pods. Created a web based portal page so network support staff, via a browser can access any remote analyzer anywhere in the enterprise. The analyzers had from one to multiple 10/100/1000 Ethernet adapters and were connected to multiple switches. The analyzers were initially deployed in a pilot program to strategic locations in the enterprise. The use of Ethereal and Packetyzer provided ConEd the tools to obtain detailed traces of application issues, conduct basic VoIP RTP jitter analysis and monitor the network for security issues. The saved trace files can also be uploaded to the company’s licensed Sniffer applications. This pilot proved that the network support staff can have low cost, easy to manage and scale distributed protocol analysis solution without spending hundreds of thousands of dollars on a commercial system which would have had only 10% of its capabilities used. • Provide day to day high level support of the network infrastructure and routing protocols. Provide mentoring to staff members and guidance to new members.
  8. 8. Jeffrey J. Sicuranza page 8 • Provide industry trend consulting to management regarding the considering of utilizing MPLS on their core enterprise backbone to cut costs for voice circuit switch trunking and cross control center SCADA traffic flow through. I created an MPLS lab mimicking their core backbone, but running MPLS, for the network support staff to utilize for further research into the subject. • Tested and evaluated Berkeley Varitronics Systems(BVS) Yellowjacket spectrum analysis and wireless security tool. Applied Methodologies, Inc. Provide ongoing management consultation and technical support to a diverse set of enterprise clientele in regards to network infrastructure changes, routing protocol issues, Cisco IOS enhancements, network security, wireless LAN/WAN technologies and project management. Some of the projects completed for clients are listed below. Clientele is listed on company website. • Piloted a Point to Point(PtP) Coarse Wave Division Multiplexing (CWDM) optical solution for a case study on CWDM and 802.1w Rapid Spanning Tree protocol. This solution entailed utilizing Cisco midrange catalyst switches, 1530nm CWDM Gbics and 40dBm tunable Variable Optical Attenuators(VOA). The study’s goal was to provide a simple scalable way to use a single/dual strand of single mode fiber and scale the link’s capabilities using less expensive CWDM technologies. The use of Rapid Spanning- Tree(RST) and Multiple Spanning-Tree(MST) protocols to achieve improved link resiliency was applied. An optical budget analysis was performed, integration and tuning of the VOA to prevent laser burnout for the shorter distance, and the configuration of 802.1w/s was added to the Catalyst switches. By using the CWDM Gbic modules and single mode fiber the solution is scaleable from an initial 1.2gbs 802.3z PtP campus link to 8Gbs Ethernet or over 40Gbs using 8 to 16 lambdas with the addition of passive OADMs and additional CWDM Gbics on existing or future switches. The case study proved that for clients with existing single mode or dispersion shifted fiber in place, longer, non amplified, PtP distances between buildings is achievable economically by using a scalable solution utilizing any of the three optical bands S,C and L that can be built with just a pair of CWDM modules and as apposed to a more expensive typical WAN, Metro Ethernet or DWDM solution. • Completed a Wireless ISP (WISP) venture research project. This project determined whether it is feasible, economically and technically, to provide last mile internet and free SIP based voice services to a selected demographic market in the NY region. The first phase of this project was to conduct a technical proof of concept. This phase tested the concept of basic WISP functionality, RF behavior, VoIP over wireless, security and billing. This phase provided answers to the practical and economical use of current commercial and consumer grade wireless technologies by conducting a set of proof of concept tests. These tests were comprised of building out various single or multi cell WISP sites and testing many types of applications, especially VoIP, over wireless utilizing advancements in SIP based products. Developed the project plans, wireless cell, application testing matrixes and roam criteria for the project. Created the RF cell engineering/planning documentation, traffic generation criteria for distribution system and the cells. Conducted physical and RF site surveys of single omni and sector cells for roaming tests. Built a temporary and portable mast system to host the appropriate antennas. Testing includes omni directional and sector based high gain antennas from MaxRad and Hyperlink for cell coverage in a residential area. 802.11b and g cells in separate and mixed configurations were tested. Proxim and Asus access points were used for initial testing with possible others from Cisco, Motorola, Trango, Meru, Aruba, YDI et. al. to follow. Testing of multiple call and data services on the cell was conducted and monitored with wireless and wire line
  9. 9. Jeffrey J. Sicuranza page 9 protocol analyzers and network management tools. Distribution System comprised of Cisco Catalyst switches utilizing QoS policies created for SIP traffic using Cisco’s NBAR technology to classify traffic. DSCP and Assured/Expedited forwarding markings were applied to SIP traffic. Selection of SIP based products such as SJlabs, Xten, Skype and PcPhoneline Soft phones on laptops and PDAs(thus turning the PDA into a WIFI phone). Interactive Intelligence SIP server and Brekeke OnDo SIP servers were evaluated for proxy and redirecting services. Testing of sending and receiving SIP based calls from the wireless cell to POTS was conducted at various traffic levels on the cell and distribution system. Skype and Freeworld Dialup services were also tested over the wireless cell. The results of such testing was included into a report that shall outline the feasibility and behavioral aspects of wireless last mile access as well as the mechanics of SIP based VoIP. This report provided vital information for the follow on phases of the project and the overall business plan. • Conducted wireless networking security audits for several NYC based clients. The wireless security audits consisted of scanning for rogue or incorrectly configured access- points, WEP vulnerabilities, radio frequency leakage issues and backdoor access into the enterprises via wireless portals. The reports outlined the types of attacks to expect such as War Drivers, WEP cracking, wireless sniffing, virus launching points, open access to the internet via the enterprise and wireless jamming. The audits outlined all weaknesses regarding the enterprise’s wireless infrastructure and its security vulnerabilities to the internal wired infrastructure. Recommendations included reducing RF signal propagation, SSID and Beacon management, VPN usage, WEP key rotation, Open and Shared Key access point association and authentication methods. Protocols such as 802.1x and 802.11i, as well as infrastructure component features including MAC address and upper layer packet filtering, centralized user and key authentication systems plus wireless scanning and intrusion detection tools were also reviewed. The audit’s recommendations also covered relevant wireless addendums to corporate security policies in place. A variety of Wireless enumeration, RF analysis and protocol analyzer tools were used. Some of the tools used to conduct the audits and recommended to clients were as follows: Netstumbler, AirSnort, Wepcrack, Kismet, Airmagnet, Packetyzer/RF Protect remote 802.11a/b/g sniffer, Linkferret 802.11b/g sniffer, Nsspyglass, Airsnare and Boson’s Getpass, a Cisco router password cracker. One of the audits helped secure a major NYC utility’s wireless network from becoming a potential terrorist attack target. • Designed and implemented a custom, low cost, highly functional, license free, 802.11b based wireless Point to Point(PtP) solution. The solution provided network access and basic Microsoft Netmeeting plus VoIP capabilities between a client’s two campus based corporate headquarter office buildings that were almost a mile apart. The solution consisted of custom made wireless routers using existing server hardware, Windows 2000 Server operating system with RAS, Orinoco 802.11b wireless radio adapters, off the shelf and custom made directional Yagi and Andrews Parabolic antennas. The solution provided up to 11mbs of secure bandwidth between the buildings for network connectivity and back office application access plus the use of Microsoft Netmeeting and VoIP between Cisco 2620s at each site with FXS interfaces and standard POTS handsets. The wireless segment is router and not bridged based thus utilizing static routes and minimizing inter building broadcast traffic. OSPF is also available for this solution when future growth requires it. The solution enabled help desk support personnel to stay connected at each building without the cumulative toll costs. A full RF analysis that covered reviewing RF operational theory, Fresnal Zone, LOS, free space LOS, diffraction, refraction, VSWR, EIRP, signal strength and traffic analysis was conducted. Antenna gain analysis and intentional radiator calculations were used to identify the most efficient gain in dBm and dBi for antenna selection and transmission circuits, which used LMR-400 cables and TNC N connectors.
  10. 10. Jeffrey J. Sicuranza page 10 The use of Orinoco and Cisco wireless radios and utilities plus Aerocomm’s SA3000 2.4Ghz Spectrum Analyzer and the Linkferret 802.11b protocol analyzer were used to determine radio interference, signal strength and protocol/traffic efficiency. Basic QoS services, such as QoS packet scheduler and RSVP are available for the VoIP traffic when required. Windows Terminal Server and VNC were used for remote management of the wireless routers. Digital Matrix’s AirSnare shareware Wireless IDS software was installed on the wireless routers and configured for email notification of any rogue radio access activity. This solution provided a lower cost and an immediate ROI compared to other solutions from Cisco’s Aironet or Proxim’s Orinoco/Tsunami product lines which were also considered for this project. The increased savings from not running fiber or using telecomm T-1/T-3 links between the buildings were immediately realized. The solution also provided an easy upgrade path from 802.11b to 802.11a or g technologies for additional link segment bandwidth by just swapping the wireless radio cards out of the Windows server based wireless routers and changing or adjusting the antennas. • Participated in the beta programs for two 802.11 based wireless protocol analyzer manufactures. Provided and applied my experience of over 12 years of protocol analysis and protocol analyzer experience to product testing and functionality. I provided critical functional feed back for Baseband Technologies Linkferret 802.11b protocol analyzer and Network Chemistry’s Packetyzer/WSP100 remote 802.11b analyzer. I provided operational and GUI feedback and suggestions, which have been implemented in enhanced versions of the products. My input was based on extensive protocol analyzer experience from NAI and Agilent and contributed to the ongoing enhancement of these newer products. Some suggestions included enhanced upper layer protocol brief displays, simpler packet filtering and traffic generation interfaces, RF signal discrepancies, AP enumeration, WEP decoding, OUI decoding, host tables, protocol colorization and ASCII packet searching and go to features. I also conducted in-depth testing of the products to determine enterprise level functionality. Documented all results and participated in product improvement sessions with developers. Identified improper protocol operation with the TZSP protocol used by the WSP100 remote 802.11b sensor. My early assistance with the Packetyzer/RF Protect beta program helped the product to mature until it was re-licensed by Wildpackets as the new RFGrabber product. Currently providing ongoing technical and marketing consultation to Baseband Technologies Link Ferret 802.11b protocol analyzer. • Developed an online Computer/Networking Science and Cisco certification rental lab for remote users and clients to access as a general Computer Science research resource that is accessible from office or home. The lab’s purpose is to provide the tools and resources necessary to prepare for industry certifications like Cisco’s CCNA through CCIE, MCSE, CISSP and RHCE or test a network/application change before committing such changes on enterprise networks. The online lab can also be used for testing network, application, protocol and security technologies such as IPSec, VOIP and QoS or learning new networking, protocol, server and application technologies. The lab provides the resources to help IT professionals in upgrading their skills or act as a test bed for a solutions they may have been planning. The lab provides a SCRATCH PAD environment for a student or professional to learn new or sharpen existing skills. The online lab consisted of IBM servers, Cisco routers and switches, CiscoSecure and CiscoWorks servers, Red Hat Linux and Microsoft Windows servers, Linux routers and firewalls, several different brands of protocol analyzers for remoter users to access and communication equipment such as CSU/DSUs. The lab also contained several different network mediums from legacy(10base-T and Token- Ring) to current(Gigabit Ethernet and CWDM) for testing and educational purposes. Many different topologies were also implemented from mesh, loop, hub and spoke, point to point, and hierarchal to match whatever scenarios the researcher required. Wireless protocol analysis tools, development tools, an RFC library, protocol reference applications and online networking and programming tutorials were also installed.
  11. 11. Jeffrey J. Sicuranza page 11 I Installed and tested all lab components, applications and tools plus created help menus for user terminal server access. I configured Cisco PIX firewall filtering, security polices and VPN PPTP tunnel access. I created the lab documentation manual and usage policies and procedures for customers to use. A VPN kit with instructions on lab access via, dial-up, cable, DSL or wireless, and a general web site outlining all of the lab’s capabilities and instructions on how to access and use was also created. The lab is accessed via telnet to a Digi terminal server, Windows Terminal Server and VNC for lab server and protocol analyzer remote access. Calculated electrical rates of usage, cost analysis and customer price stratification were performed. Developed pricing plans and access scheduling policy. The online lab has been in operation since January of 2003 and has several enterprise based customers. Netstream • Upgrade a residential cable Internet provider’s T-1 ISP access link to a T-3 for improved access to UUNET. Installed and provisioned Eagle DL-3100 T-3 CSU/DSU and Cisco 3640 router with an HSSI interface plus ensure internet routes are passed from the ISP via OSPF to head-end router. Test DHCP, default route propagation and traffic flows from the cable operator’s switch and router infrastructure to the 3Com CMTS and residential customers. Perform cutover of residential user traffic and resolve any connectivity related issues. Completed upgrade with minimal impact to residential users. Secure Cisco router access for the cable operator via access-lists and logging functions. Consolidated Edison Provided tactical and strategic design, implementation and troubleshooting guidance in relation to all Consolidated Edison networking technologies. Work with all levels of Consolidated Edison staff, management and business subsidiaries in a technical, project, and management consultation role with a heavy emphasis on planning, mentoring and hands-on implementation. Some of my roles and achievements are as follows: • Provide critical network support for all Gas, Steam and Electric Operations networks and applications that support energy usage monitoring, billing and most importantly, distribution to all of New York City and upstate counties. Resolve critical network demand issues during times of peak energy loads during summer months. Troubleshoot all major enterprise level issues such as SONET OC-3, sub-optimal routing paths, all modes of Ethernet switching, Spanning-Tree, Trunking, Fast-Etherchannel, MLS, application issues, Dense Mode multicasting problems, and any general major issue concerning routers, switches, network performance, application response time and support for the entire business enterprise and Electric/Gas operations networks. Provide “level three” support for the enterprise network, which consists of 250 plus routers and 400 plus switches. Mentor Jr. and Sr. engineers during troubleshooting exercises plus assist in post mortem and root cause analysis documentation. • Published an EIGRP migration white paper outlining the enterprise’s current illnesses in a mixed RIP and EIGRP environment. Some of the white paper topics included are: problems with mixing RIP and EIGRP improperly, sub optimal routing conditions, routing architecture scalability, failure convergence, summarization and routing protocol redistribution. The white paper also outlined the lost productivity to the enterprise with these illnesses and the increased number of outages and recovery time required under
  12. 12. Jeffrey J. Sicuranza page 12 RIP. The white paper discussed two solutions to migrate the entire enterprise to EIGRP, remove RIP and increase the overall stability of the enterprise routing infrastructure. • Successfully completed the migration of the EIGRP routing protocol from RIP across the entire enterprise of over 250 plus routers. I was tasked to plan and manage the entire project as well as implement, train the engineering staff and document the results. The project touched every aspect of the Consolidated Edison enterprise and was completed successfully with no impact to critical 24/7 electric grid support network systems. Issues covered during this migration entailed summarization, default route propagation, removing unneeded or harmful legacy static routes, DUAL boundaries and potential SIA points, convergence engineering, traffic flow manipulation to ensure all routes are symmetrical, routing loop and black hole identification plus resolution, discontinuous subnetting, improper redistribution, CEF IOS bugs and unequal cost load balancing. Tuning on the SONET core with the use of Variance and Traffic share options where applicable were also applied. The project was completed on time, within budget and achieved the business objectives of stabilizing the routing infrastructure, reduce costs associated to routing protocol inefficiencies and outages plus position the enterprise with an advanced routing protocol for scalability and performance. • Provided design, planning and implementation assistance for the relocation of the Manhattan Electric Control Center network from its old location to the Consolidated Edison Manhattan headquarters. This network supports all the critical applications that control the entire Manhattan electric grid. The project was completed on time successfully without disrupting the Manhattan electric grid operations and also provided improved performance and fault tolerance of this critical network. • Performed a cursory review of the enterprise network and outlined tactical and strategic illnesses as well as provide recommendations. Some of the major and minor strategic observations/recommendations outlined were as follows: Router/Switch Password Authentication, configuration archiving, Voice/Video convergence, QOS, Cisco router hardware platform and IOS stability, switch stability, unnecessary routing hops, IP Unnumbered issues, PPP Multilink uses, physical loop design of substations and work out locations, unnecessary traffic in network Core, bandwidth utilization on WAN links, DWDM broadband considerations, IP addressing schema, IP Secondary addressing and VLAN 1 usage, Loop-back interface usage, Terminal Server solution, Network Management upgrade, T-1 Circuit Protocol Analysis, usage of Cisco Works, Network Documentation, improper Multicasting Services, IOS version upgrade, Network Time Protocol and Syslogging issues, switch VTP usage, VLAN aggregation, Spanning-Tree tuning and legacy router command and options cleanup tasks. This review led to several initiatives such as general router configuration clean up, correction of some of the items listed above and the use of CiscoWorks to assist in the improvement of the reliability, functionality and administration of the entire enterprise’s routers and switches. • Created and conducted an in-depth network training curriculum for all Jr. and Sr. engineers. This training covered forensic protocol and traffic analysis techniques, advance application and protocol analysis, advance Cisco router and switch troubleshooting, Ethernet and TCP/IP protocol analysis. The training also covered advanced Sniffer usage including packet filters, triggers and offset pattern matches. Advanced analysis techniques such as identifying common application issues, protocol mechanics and relationship to application performance with a what, when, where and how approach to properly identify and trace an application based issue were covered in the curriculum. Created guidelines and templates for engineers to follow when analyzing application related issues. Introduced Optimal Application Expert software to the department to increase productivity once the engineers learned how to dissect an application issue from protocols analysis by raw Sniffer trace review. • A special EIGRP class was conducted to prepare the Network Systems staff to effectively identify, isolate and resolve EIGRP based issues. The training successfully increased the Network Systems department’s skill level, overall productivity and reduced the average outage occurrence time within three months.
  13. 13. Jeffrey J. Sicuranza page 13 • Drafted department protocol analysis trace request policies and procedures for entire enterprise to adhere too thus resulting in a streamlined manner for the Network Systems department to handle multiple Sniffer trace requests. Participated in Core backbone switch re-architecture and other major site backbone upgrade planning by provided engineering and network architecture guidance. Documented a design considerations based methodology to assist Sr. Planning Engineers in the critical thinking aspect of network engineering. • Troubleshoot and investigate Internet and Firewall access issues. Manage and tune Internet routers and validate BGP and link performance usage levels. Uncovered DOS attempts at the network egress points via forensics protocol analysis. Assist firewall and security personnel in troubleshooting performance or hacking related issues. Assist and provide planning and troubleshooting guidance for the IPSEC DSL based VPN rollout to remote access users. Demonstrate common protocol exploits and outline steps to identify such exploits. • Implemented CiscoWorks and train staff in its use and administration. Used CiscoWorks to resolve configuration archiving, Syslogging issues, enhanced switch management and administration and use its NETConfig tool to add and remove IOS commands throughout all enterprise routers. CiscoWorks was invaluable in the RIP removal process during the EIGRP migration project. Demonstrated the productivity gains by using such a tool. • Implemented and demonstrate the use of Cisco Secure ACS in the enterprise. Provided management with infrastructure component access policies and procedures to ensure proper administration, tracking, logging and accountability of access to all routers and switches. Train staff on the use and administration of Cisco Secure. • Provided guidance and planning for the migration of PIM Dense Mode multicasting to PIM Sparse Mode. Resolved numerous multicasting and CGMP related issues resulting from IOS bugs and poor multicast designs. • Demonstrated VOIP technologies and trained staff in H323 protocol analysis, impact and design for Voice and Video based networks. Outlined in cursory review document the current QOS and infrastructure illnesses inhibiting the enterprise from embracing Voice and Video technologies plus provided guidance to help position the enterprise network for converged technologies. • Created department standard IOS planning and upgrading procedures for all enterprise routers and switches. Applied Methodologies • Developed a VOIP pilot for multiple branches to reduce operating costs. The VoIP solution is Cisco based and consists of 26/3600 series routers utilizing H323 protocol suite, RSVP, RTP, and RTCP protocols. Quality and Class of service options are being tested and managed with Cisco Policy server 1.1. Research and testing into Directory Enabled Networking(DEN) will proceed the pilot and requires a single directory to administer bandwidth and access policy for each user. The directories considered are Active Directory and LDAP v3. • Implemented a streaming content development architecture utilizing multicasting protocols such as PIM Dense and Sparse modes, RPF state and developing multicasting trees to deliver variable sized audio and video presentations. Implemented Windows 2000 Media Server, Encoder and Player to encode, distribute and play content. • Design, build, test and implement production LINUX firewalls for branch internet access.
  14. 14. Jeffrey J. Sicuranza page 14 These firewalls allow the branch offices to access local internet portals without utilizing the corporate network. The access consisted of either broadband cable or DSL. The firewall consisted of a Red Hat Linux stripped down kernel on legacy Intel based IBM platform utilizing IPChains and Tripwire for access control and intrusion detection. Remote logging and alert notification were also implemented and managed at the data center. TLC/Staffbuilders • Analyzed a proprietary based enterprise application for network and server performance issues. This application supports over 1000 users with millions of transactions per day and affects the organizations daily financial status. The application platform consisted of Microsoft Windows NT 4.0 Terminal, Application and SQL 7 servers in the headquarters with ‘Thin clients” located at remote offices nationally. Symptoms included slow application response in all functions and high utilization on server components. The analysis uncovered numerous server sizing issues and application scalability concerns. Utilizing forensic protocol analysis, major application behavioral issues were uncovered. Direct correlations to application illnesses to server performance degradation were discovered and remedies defined. The analysis also covered the network infrastructure and components, such as routers, switches and Frame-Relay PVCs to determine if the network was a contributor in any manner to the application’s poor behavior. The deliverable to the client was a detailed report outlining the illnesses, discoveries and recommendations. The report contained tactical and strategic recommendations and was presented to the organization’s CIO and CEO for review. New York Life, Corporate Headquarters • Provided high level, hands-on networking design, implementation and troubleshooting services across a spectrum of technologies. Some of the activities are listed as follows: • Assist engineering staff in the planning and implementation of several IT initiatives such as corporate campus switching migration/upgrade, WDM Dark Fiber carrier class OC-3, 12 and 48 based MAN for Voice/Data consolidation and future application demands. E-commerce and B2B integration network modeling, performance and traffic impact analysis for enterprise SAP/Oracle based Client/Server applications including a global Oracle based business data warehouse system and various B2B portals. • Participate in enterprise development and migration to SAP ERP based system for 30,000 employees, external insurance agents, B2B access and an Oracle based data warehouse system. Major role was to identify whether the current enterprise network infrastructure required tactical and/or strategic changes to support these new applications. Assisted in providing the infrastructure to support the many SAP and Oracle servers based on SUN server technologies. Provided infrastructure options for redundant server links and UNIX fail-over utilizing Cisco Catalyst switches. • Provided application impact performance analysis against the major SAP/Oracle application functions to determine application SLA and impact. This exercise provided CID with the proper information to set expectations with the end user business units. This analysis also identifies any options that require tuning or changes to the application system or network to support. • Identify and solve any performance related issues pertaining to the ERP and B2B application integration. This was achieved through protocol and traffic analysis using tools from Optimal Networks, Mercury Load runner and Agilent Advisor. Utilize modeling and impact analysis methodologies to SAP LUW transactions to determine response time and bandwidth requirements for LAN and WAN segments. • Provide consultation on integration of SAP B2B components in the corporate DMZ and handle design issues of options such as load balancing using Big IP F5 load balancers and multiple NT based Internet transactions servers. Some of the issues involved traffic distribution, connection persistence and consistency of WEB and SAP traffic utilizing Big IP’s F5 load balancing products.
  15. 15. Jeffrey J. Sicuranza page 15 • Completed roll out of 300+ router configuration upgrades to support a national Frame-Relay network. Provide third (highest) level of support and administration for all major communications and data components. This support encompasses 400+ Cisco routers, 300+ site national Frame- Relay WAN, T-1, ISDN, 300+ Cisco Ethernet Switches, Gigabit Ethernet, ATM, Token-Ring and FDDI topologies. Provide high-level LAN/WAN and application troubleshooting via forensic protocol analysis and distributed Sniffers. • Provided support of integration of ATM technology into the campus core network. This included configuration and resolving issues with Cisco router ATM interfaces and Lightstream switches for Classical IP over ATM and LANE. • Assisted in the design and implementation of a SONET based T-3 between data centers. Resolve T-3 provisioning issues by utilizing protocol analyzers to test and monitor the circuits. Ensure that proper load balancing and routing metrics are applied to utilize the redundant T-3s properly. • Provided troubleshooting and design support to the campus core Gigabit and 100Mb switched infrastructure that included 100+ switches, Gigabit EtherChannel, MSM and multiple VTP and Spanning Tree domains. Participated in troubleshooting major Spanning Tree issues that resulted in the removal of Token Ring switching and a re-design of the switched architecture to support the migration from Token-Ring to Ethernet. • Provide general tactical design and troubleshooting support to the campus core legacy router based FDDI backbones that link over 70+ Token-ring segments. Some of the issues involved Token-Ring MAC based problems, router IOS performance and bug related issues, FDDI performance, EIGRP for IP and IPX operational and design. Provided operational and administrative support for, Microsoft DNS/DHCP/WINS and SNA servers on an as needed basis. Utilization of tools for network support included NetView 6000, CiscoWorks 2000, Resource Manager Essentials, Cisco View, CWISI tools and Distributed Sniffer Systems. • Provide design and troubleshooting support for a plethora of Cisco IOS options applied to the LAN and WAN routers such as, GRE tunneling for IP/IPX, NAT, policy routing, queuing, route summarization, route redistribution, traffic shaping, compression, HSRP and security access. Support of many different network protocols such as: IPX and IP suites, EIGRP for IP and IPX, BGP and AppleTalk. • Provide connectivity design, implementation and troubleshooting of critical external vendor links. Such links provide critical financial based transaction access to SIAC, Salomon, Bloomberg, Bank of New York, FAS, BHC, Telerate, and NASDAQ. • Solved several mission critical financial based applications issues. Some of these included the Individual Policy Services for Annuities, Corporate Financial Division, and the Telephone Inquiry Response system. • Provided design and troubleshooting services to NY Life Securities and Trading systems located in the corporate campus and Kansas City offices. Troubleshoot network performance or trading application based system issues. • Provide design and troubleshooting support for a 300+ site Frame-Relay and back-up PRI based WAN. WAN issues included: EIGRP bugs, traffic flows, tunneling, Frame-Relay provider issues, Frame-Relay Traffic shaping, SNA, RSRB, custom application performance tuning such as the DMS Imaging system and FileNET protocol handling. Identify problems concerning the local site infrastructure, WAN links or site applications and servers. • Assisted in the design and support of the corporate DMZ for E-commerce and fault tolerance. This entailed the logical and physical infrastructure to support the mail and web servers and placement of proxy/firewall servers for optimal performance. Work with Internet support teams to resolve issues pertaining to ingress access utilizing proxy, LDAP and Entrust services. Support for NY Life WEB-based Internet applications for customers and national agent population. Handle issues involving egress corporate Internet access such as providing outbound routes and resolving Internet access performance issues. Identify security issues and possible exploits utilizing White Hat hacking tools.
  16. 16. Jeffrey J. Sicuranza page 16 • Participated in the corporate Internet access provisioning utilizing BGP for Internet access to diverse ISP (UUNET and AT&T). This included configuration and sizing of the routers for BGP, load balancing, redundancy, security, route summarization and IGP redistribution. • Designed and implemented corporate router and switch infrastructure access security system utilizing Cisco Secure and TACACS+ protocol. Cisco Secure was used to migrate from a shareware script based TACACS server. Tested and configured all infrastructure components for AAA support Developed infrastructure component access policies and procedures to ensure proper administration, tracking, logging and accountability of access to critical infrastructure components across all support organizations. • Developed OSPF lab to test protocol operation and resiliency for possible EIGRP retirement. Tested SPF convergence operation, DR overhead requirements, LSA functionality, adjacencies state performance, route flapping for SPF impact, summarization, priority and path cost manipulation. • Implement IPv6 based router lab to test operating characteristics and performance attributes of the protocol. This information was provided to CID as a strategic initiative to understanding the feasibility of migration and co-existence of both IP versions. • Evaluated Multicasting applications and H.323/SIP protocol operation utilizing Real Media server/ client and Microsoft Netmeeting over Cisco infrastructure components. • Implemented IPSEC router lab to test the operating characteristics and performance issues related to building secure VPN tunnels utilizing IP SEC. The utilization of pre-shared keys and the Tunnel mode method was implemented. Recorded performance results based on IPSEC ISAKMP connection negotiation, router processing overhead and SA policies and encryption methods utilizing Crypto maps, AH, ESP, MD-5 and Triple DES. Canon USA, Corporate Headquarters • Report to Information Systems management as a strategic infrastructure and applications analysis expert for their Year 2000 Client/Server integration project. This project dubbed “Project 21” entailed deploying Oracle two-tier based custom wholesale and retail applications designed and written with Oracle’s Designer/Developer 2000 to replace their Mainframe based system. Oracle Financials was also deployed for the purchasing department. A custom written three tier-based application was also deployed that utilizes Oracle on the back-end for wholesale and retail functions. The Server platform is based on IBM’s SP multiprocessing AIX system running multiple Oracle instances on six different 8-way nodes. This new system will be used by 2000 plus users on the campus and worldwide. The project had an aggressive completion date of October 1997 when all users will no longer use their Legacy IDMS/2 based system and access corporate data from the Oracle based system. • Immediate role was to analyze all critical application traffic/protocol characteristics and model the impact against the current infrastructure. Developed a traffic modeling application that provided estimated response time and impact statistics on 10/100Mbs segments of the current infrastructure and WAN. This model was used to develop a tactical architecture that entailed creating a redundant FDDI Client/Server backbone with high- speed routers on the periphery to balance and handle immense traffic loads from the campus LAN/WAN reliably and efficiently. • The campus network was restructured using Cisco Catalyst switches for 10/100 segmentation of office automation and mail traffic. A 100mbs Ethernet backbone was created for all File, DNS, UNIX, Mail and Intranet servers. The design segregated the daily campus traffic from the production Client/Server traffic enabling quick deployment of the new system without a complete infrastructure overhaul as well as provide a simple understanding of the Client/Server traffic flow. The project was completed on time with minimal impact to users and other corporate systems. • Tuned Oracle applications for optimized network performance by protocol and SQL analysis. Worked with developers to exploit Oracle Server and Oracle Forms tuning options to reduce network traffic and provide efficient delivery of queried data. Results of tuning were applied to all Oracle Forms based applications.
  17. 17. Jeffrey J. Sicuranza page 17 • Solve complex Oracle application and Server performance issues by protocol analysis to determine if the network, database server, or the application code was the cause. Review trace findings and point out application inefficiencies to developers for correction and tuning. • Implemented and documented Sprint and Eagle Raptor based remote IP dial access solution for the entire organization. Managed entire project, assisted in implementation, troubleshooting developed the documentation to be added to Canon’s Intranet. • Developed Canon’s first Network Security policies and procedures documentation. This document covered areas such as computer room operations, password standards, support and escalation, roles and responsibilities including breach of security drills. • Authored Canon’s first Change Control Policies and Procedures document to be used by the entire IT division for all levels of system operations. This document covered the basic Change Control process and outlined procedures that must be followed when making a change to an IT infrastructure resource. • Administer, troubleshoot and expand a 75 plus site router based national Frame-Relay and international X.25 network that supports over 10,000 remote users for the new Client/Server applications, office automation, manufacturing, marketing, finance, inventory and product distribution systems. Provide support for routing protocol operation of IGRP, EIGRP, RIP and IPX RIP/SAP management plus Apple-Talk, TCP/IP, and SNA. Solve complex LEC physical T-1 and Frame-Relay issues. Perform BERT testing and determine carrier trouble locations. Troubleshoot out-source VPN networks from IBM and AT&T. determine if the problem is network, carrier or application based. • Administer, troubleshoot and expand a multi-protocol campus network based on Layer II Cisco Catalyst switches and collapsed switch and router backbones. Solve network throughput and protocol issues. Troubleshoot and maintain switch and router hardware components. • Restructure of legacy Token-Ring architecture and WAN-based remote Source Routed Bridged network by simplifying traffic paths and spanning-tree configuration for SNA and AS/400 hosts. Eliminate loops, removed Cisco IOS bugs and passive MAU equipment for managed concentrators. Restructure traffic levels, faulty wiring and eliminate beacons and consistent ring purges. The restructure provided Canon with a more consistent operating Token-Ring SNA backbone. • Developed enterprise network management strategy for IT staff consideration. This strategy covered all aspects of Canon’s Network and application resources. The strategy suggested an element building block approach to achieve a heterogeneous system that can accommodate changes in business and technology direction. • Troubleshoot Novell NDS and Windows NT server and applications issues on an as needed basis. Provide recommendations to management regarding performance optimization for applications and server throughput. Evaluated CISCO PIX firewall and remote Internet access for mobile business applications. Provided guidance regarding security policies, encryption, authentication and methods of access. • Managed the Data center relocation and consolidation project. This project entailed consolidating two data centers. Led critical systems relocation planning and scheduling. Ensured infrastructure requirements were accomplished prior to the move. The move was completed over a holiday weekend with no impact to the business. • Managed relocation of entire IT division to new facilities in a different campus building. Ensured infrastructure and scheduling of move for personnel, help desk, and critical IT support equipment was available for an aggressive three week schedule. The move was handled in three phases and completed on time without impact or discontinuance of support to the entire business. Philip Morris USA • Directly reported to the director of Technology Planning and Research as a network technology subject matter expert. Worked with business planning managers to determine business needs and clarify requirements. Arbitrate business demands between IS and all domestic business units. Provide designs and recommendations with business and technical rational to IS clients. Perform
  18. 18. Jeffrey J. Sicuranza page 18 research on emerging technologies. Counsel IS and its clients on tactical and strategic direction. Review strategic plans for the business regarding the network infrastructure and application impact. Provided expertise in the areas of LAN/WAN protocols, router switching architecture, risk analysis, Client/Server technologies, ORACLE parallel servers, IBM SP Tower UNIX RISC servers on FDDI, Frame-Relay and network security including firewall technologies. MCI International • Authored MCI’s Policies and Procedures for the Network Operations Data Center. This document set the IS Operations direction after an IS reorganization and prepared IS for future Telecommunication merger opportunities. This document covered policies and procedures from personnel to component management and security. Analyzed existing campus LAN, Intranet and international OSPF based Cisco router WAN for improvements and security violations. Managed and completed Novell file server migration deliverables on Data Center project. Resolved LAN/WAN protocol problems. Provided support of 1000 node Token-Ring infrastructure. Provided network architecture direction in terms of campus network infrastructure re-design. Supported Intranet Windows NT server integration for DHCP and DNS and Intranet access across network segments. Designed Data Center File Server management policy and recommend management tools. NAB Construction • Designed and implemented multiple site mesh Frame-Relay network for messaging and application developers. Developed IP and IPX addressing schema for WAN topology. Configure and install all CISCO routers. Manage Frame-Relay vendors and circuit translations. Chase Auto Finance Bank • Designed and implemented a complete ISDN backup network to provide simultaneous cut over from Frame-Relay and Router failures. This enabled the bank to preserve the integrity of its Imaging and NetWare 4.1x architecture at a reduced cost. Completed redesign of the company’s 1000 user Token Ring infrastructure to resolve Source Routing and Spanning Tree issues. Designed and implemented Network Management system that manages all routers, bridges and hubs. The system was based on SUN Solaris and HP OpenView. • Completed Frame-Relay integration project for the bank to utilize Novell 4.1x NDS and support for Imaging based applications over a WAN. This network is tied to the division's "bottom line" which is based on the imaging transactions that are now supported over a WAN. Linked several regional offices with CISCO routers and applied the proper tuning methods to reach optimal WAN performance. During the lifecycle of this project, maintained roles of: Project Manager, WAN engineer, LAN engineer and general technical consultant. This project was completed on time during an aggressive implementation schedule of five weeks. AT&T Solutions/Chase Bank • Completed term as a Senior Consultant for AT&T on the Chase Bank outsourcing project. Managed an average of 35 projects that are unique in technical complexity. Also performed
  19. 19. Jeffrey J. Sicuranza page 19 low/high level hands on protocol and traffic analysis, router support, implementation, and application impact analysis and infrastructure re-design support. Provide technical consultation on many SYBASE Client/Server based projects that require access to the corporate infrastructure. • Perform traffic, protocol and application analysis for Client/Server application deployment in Chase. This entails determining traffic and response times for SQL queries, infrastructure and component impact. Determine which areas of the Client/Server system require tuning. Projects included Data Warehouse consolidation, remote access to SYBASE SQL servers and SYBASE replication traffic analysis from IBM Hosts. • Provide AT&T and Chase project management, engineering and troubleshooting support. This entails support of CISCO Routers, immense Token Ring and Ethernet environments, backbone and WAN support. Performed an analysis and re-design of 1700 node remote campus architecture to support evolving Client/Server applications by providing additional bandwidth capacity and throughput. Research included options to collapse backbone architecture to either a router or switching technology. • The resulting analysis report identified the network and application illnesses pertaining to protocol use, distribution and traffic baselines. The report also provided recommendations and plans on how to rectify such issues. • Managed and contracted AT&T GIS Network Architecture Consulting group on behalf of Chase to perform a similar study for five major remote sites of the bank. Reviewed all reports for technical issues and distributed to remote sites and engineering for review and implementation. The remote analysis project required six months at a cost to AT&T of 500k. The project was completed on time and the information gathered was critical for AT&T to provide proactive support of the bank's network by reducing the discovery time required to engineer or troubleshoot each location. NETLAN • Reviewed and led a major water utility in Delaware in the development of right-sizing migration plans to move their entire data processing system from a mainframe to a distributed Client/Server system. Analyzed the business processes and the technical aspects of this plan. Created the business review and provided recommendations for selection and sizing as well as direction for migrating to a distributed Client/Server system. The deliverable was a detailed report with all of my findings and recommendations in regard to their migration plan. This document's goal is to provide specific direction for the client relating to their migration plans. All areas reviewed were analyzed from a technical and business perspective to ensure each component has a sound business rational and technical feasibility. ENTEX Information Systems • Closed a contract with IBM to be the main subcontractor to provide 300k in services and one million in hardware to a major Japanese bank. Developed Statement of Work, Legal documents and
  20. 20. Jeffrey J. Sicuranza page 20 Project plans. Hired and managed group of out-source consultants to represent ENTEX and perform the work. Managed group of seven different consultants for a period of two months. Project completed ahead of schedule and ahead of budget/profit forecasts. • Restructure of 1500 node multiprotocol and multiplatform local Internet for a major pharmaceutical’s corporate headquarters in New York City. The restructure provided the client with "any to any" connectivity to any resource, greater bandwidth, stable network management, horizontal and vertical scaling options. This restructure was the result of recommendations from a month long LAN/WAN analysis that analyzed every possible technical and business resource of the company. The restructure was planned and performed over the weekend with no fallout and user client issues. • Provide Pre and Post-sales support to 35 sales executives with respect to complex communications and integration issues. Provide support to Systems Engineers when problems arise during implementation of solutions. Perform billable consulting services to clients. Act as quality control and project manager for all large-scale integration projects. Conduct research and development in respect to communication and application based products. Write analysis papers for clients. • Inspect and design all LAN, WAN schematics/proposals and develop technically "air tight" solutions for the client in regard to their respective and future business and data processing goals. Manage all large scale and national LAN/WAN integration projects. Recipient of many branch awards.
  21. 21. Jeffrey J. Sicuranza page 21 Product and Technology Experience: Below is a list of just some of the technologies and products I have used throughout my career. Server and desktop operating systems: • Windows 2003 Server and Enterprise Server and server applications • Windows 2000 Advanced Server, Server and 2000 professional • Windows 2000 Server DNS, WINS, DHCP services and RAS services • Windows 2000 Resource Kit • Windows 2000 Media Server and player • Windows 2000 Terminal Server • Microsoft Windows XP Professional and all previous versions • Microsoft Windows XP Tablet edition • Microsoft Windows CE 2.0/3.0 and Mobile 5/6.0 • Microsoft Outlook 2002 and 2003 • RedHat LINUX Server 5.2, 6.2 through 7.2 Gnome and KDE environments • Familiar with UNIX environment and file systems • MS-DOS All versions • IBM X series server’s IBM Director server management tool Protocol Analyzers, wireline and wireless analysis tools: • Agilent Advisor J2300 series protocol analyzer with all acquisition modules • Agilent Advisor Software edition • Agilent/Telegra Voice Quality Tester VQT • Network Associates Sniffer (legacy DOS) Distributed and Sniffer Pro • Etherpeek • Ethereal • TCPDUMP • Polito Analyzer • Network Chemistry Packetyzer • LinkFerret 802.11b/g protocol analyzer • Netwrok Chemistry Neutrino Distributed Wireless Sensor with Fusion Desktop • Network Chemistry WSP100 802.11b remote analyzer • Aerocomm SA3000 2.4Ghz Spectrum Analyzer • Yellowjacket 802.11 spectrum anlyzer Application/communications software: • Microsoft Office 97 and 2000, 2003 and 2007 suite of applications • Lotus suite of office automation and back office applications • Experienced with hundreds of DOS/Windows and UNIX based tools, applications and utilities • Experience in troubleshooting various custom applications encountered throughout career • Visio 2000-2003 professional and enterprise versions • Tardis 2000 NTP server • AT&T Virtual Network Computing VNC server and client software • Entrust, Cybercop, Mercury load runner Quick test for SAP R/3, Ganymede Chariot • Hummingbird Exceed series of networking tools • Nantech BGP traffic generator • Pine Mountain Group Netanalyst toolkit • A&Gs Net tools • What’s up Gold suite • Norton AntiVirus Corporate edition • TFGen and UDP flood • Netview Network management scanner • Look@Lan
  22. 22. Jeffrey J. Sicuranza page 22 • IPScan • TCPView • Engage Packet Builder • AP chat • AirSnare • RZKFLOW for Netflow VOIP products and tools Skype softphone SJLABS softphone Xten Softphone PcPhoneline POTS gateway and SIP phones Gphone softphone Cisco Softphone Cisco FXS and FXO interfaces and configuration Cisco Call Manager Express Interactive Intelligence SIP server Brekeke OnDo SIP server Free World Dialup(FWD) configurations Security tools and utilities tested and used: Nmap Fscan Netstumbler NetCat AirSnare NBTscan TripWire Winifo SamSpade Enum WepCrack SNMPutil Foundstone Netscan tools Wsremote Wfetch Auditpol GetAcct Pwdump2 Aptools John the ripper Cygwin Keylogger Stealth Boson GetPass Rootkit Snscan Winzapper SuperScan Unicodeloader SID2USR Whisker USR2SID Relational Databases: • ORACLE Server 6.0, through 8i for UNIX on IBM SP2, Solaris platforms, Windows 2000 SQL*NET version 1 and 2 with an in-depth understanding of TNS protocol. ORACLE Enterprise Manager 1.2.2 • Microsoft SQL Server 2000 basic installation and troubleshooting • Microsoft SQL Server TDS protocol analysis
  23. 23. Jeffrey J. Sicuranza page 23 Programming languages/compilers/web development tools: • C++ Object Oriented programming, ANSI C • Microsoft Visual C version 6 and MSDN • LIBNET packet building library. • WINSOCK 2 • Microsoft FrontPage 2000, 2002 and 2003 Experience with the following networking products, protocols and technologies: • CISCO product implementation, troubleshooting, research and design • CISCO 2500 through 75xx series routers. All different models and interface configurations • Cisco Catalyst 6500 series switches 6503 up to 6513 • Supervisor 1a, II and supervisor 720 • Catalyst 3750 switches • 2800, 3800, 3745 series of routes • Cisco 10720 DPT routers • Cisco ASA security appliances • CISCO Catalyst 4000, 5000 and 5500 series switches • Cisco Catalyst 3550 and 1900 and 2900 series switches • Cisco Cluster Management Suite – CMS • Cisco Internet Performance IPM • Cisco CWDM Gbics and LANShack 40dBm VOA • CISCO IOS 9.x through 15 • CISCO PIX Firewall with IOS version 6.0 – 6.3 and Pix Device Manager – PDM • Cisco IOS Security Device Manager SDM • CiscoWorks 2000, CiscoSecure ACS and CiscoView • Cisco Aironet adapters and Access Points • Operational experience with Concord E-health 5.1 • Proxim AP2000 and AP2500 Enterprise Access Point • Asus WL-500g Access Point • Putty SSH for SSH to Cisco routers and switches • Ngenius Netsouct 1.4 server • Netflow ver. 5 with RZKFLOW utility • Teletronics 2.4Ghz bidirectional Amplifiers • BVS Yellowjack 802.11 analyzer • 2.4Ghz ISM and 5Ghz UNNI RF wave guide and spectrum theory • 802.11b protocol analysis and 2.4Ghz spectrum analysis • WiFi/802.11 DSSS, FHSS, CSMA/CA, DCF, PCF, RTS/CTS operation and analysis • 802.11a/b wireless technology and adapters from Cisco and Oronico/Proxim • HyperLink Yagi and Omnidirectional 2.4Ghz antennas • MaxRad Sector and Yagi 2.4Ghz antennas • Andrews Mag Grid Parabolic 2.4Ghz antennas • EZNEC Antenna design software, basic directional 2.4Ghz cantenna development • Very familiar with complete TCP/IP protocol stack, operation and behavior • IP addressing planning and implementation and IP unnumbered • Very familiar with routing protocol suites and operation of BGP, EIGRP, IGRP, RIPv1, RIPv2, OSPF, IRDP, ODR, NHRP and ISIS • POP, SMTP and IMAP protocol analysis for operation and security audits • Tag switching and MPLS operation and analysis • Very familiar with Cisco and standard bridging protocols 802.1d Spanning Tree BDDU, Cisco enhanced Spanning Tree operations(MST, PVST, Root Guard) Source Routing, RSRB, DLSW+, SRT, basic transparent and translation bridging • 802.1w Rapid Spanning Tree and 802.1s Multiple Spanning Tree protocols • Ethernet Switching technologies and protocols, VLANs, VTP, ISL, 802.1q, Trunks, Etherchannels and SPAN, HSRP, VRRP, MLS and 802.1x port security.
  24. 24. Jeffrey J. Sicuranza page 24 • Utility protocols such as ARP, BOOTP, DNS, DHCP, FTP, TELNET, ICMP and X- windows • Netbios and Netbeui protocol operation and tuning SAP analysis • Tunneling and VPN protocols, GRE, STUN, VPDN, L2TP, PPTP, IPSEC AH/ESP and Multilink PPP channels • Very familiar with all IEEE 802.3 variants, physical media components and frame types such as Ethernet II, SNAP, and Fast Ethernet 802.3u/x/z/ab/ac/ad/ae protocols and operation • Ethernet standards 10Base-T/F, FOIRL, 100BaseT/F/X 1000Base-T/X/SX/LX • Very familiar with many 802.x networking standards • Very familiar with IEEE 802.5 Token-Ring protocol and operation • Understanding of Data encryption and cryptography technologies, DES, RSA, MD4 and 5, IDEA, IPSEC, PGP, PEM, Kerberos, and KDS • Basic IPv6 operation, addressing, protocol analysis and implementation • Familiarity with X.25, DEC and LAT protocols • Very familiar with Oracle’s SQL*NET and TNS Client/Server protocol as well as SQL Server TDS protocol. • In-depth understanding of IPX/SPX, RIP, SAP, NCP, NLSP, IPX EIGRP and NDS protocol operation and troubleshooting • In-depth understanding of 802.2 Logical Link Control (LLC) I, II primitives operation • IPX/SPX level C programming • RS232, HDLC, asynchronous Protocols, SDLC, PPP, LAPD, LAPF and Q921/931, SS7 signaling protocols, • SNMP, RMON and ASN protocol operation and analysis • Basic understanding of CWDM and DWDM planning for dispersion, optical budgets, attenuators, laser amplifiers and spectrum band usage. • SONET STS-1 and 3 protocols and operation • In-depth experience with DDS, T-1/E-1, T-3, B8ZS, AMI, 4b/5b 8b6T, 8b/10b, CSMA/CD and CA, Manchester with differential signaling protocols operation and troubleshooting. BERT testing and CO leg tracing. • Designed networks to utilize limited distance vector algorithm, DUAL based, hop and path cost based routing protocols as well as link state protocols such as NLSP and OSPF. • In-depth experience with Frame-Relay protocol RFC 1490 operation, design and troubleshooting. • Multicasting protocols design implementation and operation, RPF, Dense and Sparse Mode, PIM, IGMP, CGMP, IGMP snooping. • In-depth experience with ISDN operation, design and troubleshooting. • Class of Service/DSCP, Assured and Expedited Forwarding PHB, RSVP operation and protocols • IP TOS, IP precedent, 802.1p, QoS analysis and operation • Internet protocols HTTP, SHTTP and SSL operation • ANSI FDDI protocol operation, analysis and troubleshooting • Voice over IP(VoIP) protocols H323, H225, H245, Q931, SIP, Codecs and gatekeepers. • IBM X series of 1U/2U servers • DataComm 52xx series managed CSU/DSUs • Digital Link/Quick Eagle DL3100 T-3 CSU/DSU access multiplexer • Audiovox and Toshbia Pocket PC PDAs • Various CF and SDIO based memory and WIFI cards for Pocket PCs • Fujitsu Table PC series
  25. 25. Jeffrey J. Sicuranza page 25 Legacy technologies, utilities, applications and tools: • BAY Networks 2800, 3000 and 5000 series of concentrators. • Cabletron MMAC and MMAC + series of concentrators and switches. • ALANTEC/FORE Power HUB Ethernet switch • Kalpana Ethernet Switch • Token Ring: IBM, Pure Data, Thomas Conrad, SMC, IBM 8228 MAU and 8230 CAU/LAM • Ethernet: All Intel, 3com, Bay, Cisco, Chipcom, Netgear, Linksys, and Dlink products • FDDI: Cabletron and CISCO products • ARCNET: Standard Micro Systems • Bay Networks/Nortel ASN/BCN routers • AT&T Paradyne CSU/DSU 31, 36 and 9120 series with compression • Bay Networks Centellion 100 Token-Ring /ATM switches • ADDTRAN ISU 128 ISDN CSU/DSU • IDNX LWX Routers. Verilink Access 2000 series. • IBM Remote bridges utilizing ARTIC boards and UDS CSU/DSU's. • Wireless Microwave Ethernet technologies. • IBM Bridge Program 2.1, 2.2 and IBM 8209 Bridge, • 3Com link builder series of Routers Netbuilder I and II. • ANSI FDDI protocol operation • SunNet Manager and HP OpenView network management systems • Familiar with IBM SNA, 3270 LU 6.2 design, analysis and troubleshooting. • Practical hands on knowledge of ATM operation and MOPA, LANE protocols • Netsuite LAN modeling software • Intel Proshare Video Conferencing for LAN and ISDN • Novell ManageWise • Very strong LAN and WAN architecture design and troubleshooting disciplines • Nine years of design and implementation experience with Frame Relay and ISDN • NT 4.0 Server and Desktop • Novell NetWare all versions to 5.1, SUN Solaris 2.3, 2.4 • IBM AIX, UNIX SVr4 some shell programming • Familiar with UNIX environment and file systems • OS/2 All versions, IBM PC LAN Pgm., • IBM LAN Network Manager 1.1, Apple Systems 6.06, 6.07, and 7.0 Apple Share III. • SunNet Manager • HP OpenView Network node manager • Oracle NT and NetWare and OS/2. ORACLE Tools, ORACLE CASE Tools 5.0, Structured Query Language (SQL) ANSI, ORACLE SQL*Plus and PL/SQL procedural SQL. Developer 2000, Designer 2000 and ORACLE Financials. • Lotus Notes and CC:MAIL for DOS and Windows, Attachmate and RUMBA terminal emulation software. • BASIC, COBOL, Assembler, SQL, C, FORTRAN, MBP COBOL, MS-COBOL, MS-C, RM-COBOL, MS-MACRO ASSEMBLER 5.1, MS-C, Quick C for Windows, ANSI SQL, SQL Forms, Power Builder 3.0a, MS C++ version 4 and 5.
  26. 26. Jeffrey J. Sicuranza page 26 Stay abreast of current industry and scientific topics that may apply to a client's technology investment. Some listed: • Network security exploit/hacking analysis • Enhancement in general networking and protocol development • Grid, Clustering and pervasive computing • Application development trends • Internet/Intranet access design and implementation • Client/Server and ERP,technology -- Oracle and SAP • Web Services, Web 2.0, ASP, CRM, SOA applications • Custom Workgroup/Workflow applications • 10-100G Ethernet solutions • Broadband technologies - Broadband over Power and Fiber to the Premise • WiFi Wireless communications (802.11a/b/g/n) • Latest advances in microprocessor technology • Wireless Broadband MAN 802.16a/e(WIMAX) and LTE • FAST and Gigabit Ethernet (802.3ab) and (802.3u and z) • Server virtualization trends • Cloud computing trends • Unified Computing/Communications solutions • Network management - SNMP III • Network Security and Cryptography • Layer 3 through 7 switching, CoS and Qos • Advances in WAN, Routing and Switching technologies • WDM technologies and products – DWDM - CWDM • Energy and Data center efficiency technologies • Operating system and file system enhancements • Data storage, SAN, NAS, SCSI-IP and archiving enhancements. • Smart Grid, SCADA systems and DNP protocol References: Furnished upon request.

×