This document provides a summary of Stephen Henig's qualifications and experience. He has over 20 years of experience in networking, security, and infrastructure roles. His technical expertise includes Cisco, F5, Checkpoint, Juniper, and firewall configuration. He is certified as a CCNA, CISSP, JNCIA, and MCP. His experience includes roles at Solving Systems, Thomson Reuters, Just Repairs, AT&T, Quality Technology Services, and Ricoh Corporation.
Resume for Network Engineer, Network Security, IT Management L2 / L3
Stephen Henig
1. Stephen Henig
43 Lake Avenue, Staten Island, NY 30303
1467 Holly Bank Circle, Dunwoody, GA 30338
StephenHenig@Hotmail.com
718-536-0153
Summary:
• Troubleshooting of firewalls safely, (Cisco ASA, CP), and VPN tunneling with IPSEC or SSL.
• Infrastructure ingress and egress points; firewall, switch, and VLAN management (Dot1Q).
• Bandwidth utilization and connection testing with Wireshark, TCPDUMP, and SNMP tools.
• F5 LTM load balancing expertise, and data center design architecture proficiency.
• DNS troubleshooting with UNIX CLI, Linux, or Windows based utilities (nslookup, NMAP).
• Experience in configuration of esoteric applications/protocols for IT Security.
• Designing TCP/IP networks with Visio and documentation of security policies (Remedy, AOTS).
• Experience with of IPSec and SSL VPNs, terminated on various endpoints (CP FW-1, ASA, F5).
Technical Platforms:
• Primary: Cisco routers and switches; F5 Big-IP LTM; Cisco PIX/ASA and Checkpoint Firewalls;
IPSec and SSL VPNs; OSPF, EIGRP, and BGP routing protocols; SNMP monitoring; Frame-
Relay, ATM, MPLS; and trouble tracking with Ethereal/Wireshark sniffers.
• Secondary: Juniper SRX firewalls, UNIX/Linux admin, Solaris, Windows 2003/2008 Servers,
DNS, VMware Server and Virtual Center Infrastructure.
CERTIFICATIONS:
• CCNA [Cisco Certified Network Associate] (5 times)
• CISSP [Certified Information Systems Security Professional]
• JNCIA [Juniper Networks Certified Internetwork Associate]
• Microsoft Certified Professional (MCP)
EXPERIENCE:
02/14-07/16
Solving Systems
Network Engineer New York NY/Atlanta, GA
• Network design and architecture implementation, with guaranteed security, from hardware
installation through firewall rulebase recommendations, and Visio design/documentation.
• F5 support and administration with LTM 11.5 configuration utility or the TMSH CLI.
• F5 LTM 11.x installation inclusive with members, nodes, pools, and configsync.
• IP support for larger subnetting project (heavy CIDR use) with / notation used for supernetting.
• F5 LTM 10.x updating attack signatures through UCS files, and editing of iRules with TCL.
• DNS resolution and troubleshooting route caches at work stations and network equipment.
• Linux support, SNMP monitoring (Solarwinds), and analysis of WAN links from workstations.
• Internet domain name service (DNS) connectivity and name cache testing for various locations.
• Configuration of Etherchannels and additions of ports to VLAN configuration.
• Orion Solarwinds Network Performance Monitor and results assured SNMP alerting.
• Network Instruments Observer or HP OpenView for notification of aberrant traffic behavior.
• Setting alarm thresholds locally and monitoring of connections across the WAN (QoS status).
• Security administration with the F5 LTM v. 11.3 software platform (ASM exposure).
• Checkpoint Firewall R75.40 monitoring and rulebase configuration with Smartdashboard.
• PCI data security standards auditing for easy compliance with government standards.
• Monitoring of BMC Remedy for your new customer communications (remote via IPSec VPN).
2. • Troubleshooting (Visio) infrastructure with Wireshark, TCPDUMP, and other sniffer tools.
07/13-10/13
Thomson Reuters
Infrastructure Support Analyst (Contract) New York, NY
• Data Center move support verifying server pool connectivity for globally accessible services.
• Server building with focus on ticker financials, X file structure, and financial software.
• Monitoring of Thomson ONE workstations, data recording, and Remedy trouble ticket
monitoring, DNS troubleshooting, and remediation of gapping in ticker reception.
01/11-6/13
Just Repairs
Network Infrastructure Engineer Atlanta, GA/New York, NY
• F5 (LTM) troubleshooting of server pools, IPSec or SSL profiles, end point load balancing, point-
to-point connectivity, and IPSec certificate offloading.
• F5 LTM traffic monitoring, logging, farm load balancing, auditing, and accounting/reporting.
• F5 V. 10.x TMOS updates, iRule creation, and administration via CLI or GUI.
• Running of F5 LTM 10.x qkview, and configuration files transferred for F5 Engineering support.
• Provided information to the engaged parties addressing compliance standards, management
reports, and other KPIs.
• Use of Solarwinds IP monitor for a visual display of port usage and to regulate IP address usage.
• Assisted the Process Owners in identifying and prioritizing process improvements.
• Facilitated Senior Management meetings for Major RFC reviews and/or endorsements
• Formulated test plans for “Proof of Concepts”; created Visio designs and architecture.
• VLAN configuration and coordination with disparate stake-holder groups for project controls.
• Troubleshooting of IPSEC/SSL VPNs, terminated on Checkpoint Firewall-1 or Cisco ASA.
• Troubleshooting switches, routers, and servers in the data center, with EIGRP dynamic routing,
remediation of SIA errors, VLANs, F5 member speed/duplex verification, and OSPF routing.
• Design and configuration of data center hardware, including VMware Player, application per-
VLAN configuration, subnetting, and server placement.
• Monitoring of cryptographic applications, URL filtering, alerting, Syslogs, and logging.
• Cisco ASA firewall administration ASDM utility, and NAT of secure application servers.
• Cisco PIX rule cleanup, verifying ACL usage, replacing hardware with ASA 5505/5510 firewalls.
• Cisco 2600/2800, and 7200 router configuration including static and OSPF dynamic routing.
• Layer VLAN connectivity for LAN running Cisco 6500 IOS platform switches.
• Configuration of esoteric security applications for IT Security (AAA, SSL, PKI, RADIUS,
TACACS+, EAP, EAP-Fast, PEAP, LEAP, CHAP, MS-CHAP) and authentication.
• Troubleshooting and isolation of connectivity issues and application communication, working
across load-balanced server pools (F5) with disparate back-end servers on isolated subnets.
• UNIX system administration, including various CLI tools, and file manipulation (cat, vi, grep,
passwd, kill, mv, mkdir, rmdir, chmod).
• Prepared DLP policies, managed workflows, performed remediation of vulnerabilities reported or
projected, and running of reports and administration from the management console.
• Checkpoint Firewall-1 R70/R75.40 enforcement point installation (Secureplatform (SPLAT)).
• Checkpoint Firewall-1 R65 user administration, and site-to-multi-site SSL VPN configuration.
• Configuration of routers with OSPF router IDs and associated configuration (single area,
occasionally with virtual links), interface IPs, and port/VLAN assignments.
06/10-08/10 (unexpected hospitalization, Northside Hospital, do to auto accident at this time)
AT&T
Network Engineer (Contract) Oakton, VA
3. • F-5 Big-IP LTM load balancer configuration with emphasis on WAN traffic control and balance.
• Maintained LTM (F5 Local Traffic Manager) for load-balancing multiple server pools.
• Verification of firewall rules, and administration of Checkpoint Firewall-1, and the AOTS.
• Maintained a LAN/WAN Data Center Infrastructure supporting MPLS connectivity and
SNMP.
12/09 – 03/10
Quality Technology Services
Senior WAN Engineer (Contract) Suwannee, GA
• Data center connectivity with Cisco 6500 switches (Sup720) and 7600-S series routers (RSP720),
and configuration of BGP attributes for WAN connectivity (routing with EIGRP or OSPF).
• UNIX (SunOS/Solaris) administration and troubleshooting for end-users across the enterprise.
• Multi-homed BGP inbound and outbound policy configuration including route-maps, as-path
access-lists, filter-lists, as path prepending, and associated troubleshooting.
• Backbone network redesign planning, documentation, ISP selection and screening for
MPLS/VPLS solution replacement supporting VoIP and jumbo frames with burst capability.
• Firewall administration (Cisco ASA, and NetScreen) for managed services).
01/09 – 11/09
AT&T
IP Security and Network Engineer (Contract) Oakton, VA
• Cisco (6513, 7609) and Juniper (M320) router configuration including load-balancing, route-
maps, ACLs, OSPF single area configurations, call-flow troubleshooting, and BGP routing.
• Data center connectivity and end-to-end troubleshooting of server and workstations.
• Installation of VMware ESX server software and configuration of VLAN infrastructure.
• Cisco IOS scripting, VPN fast re-route operations, and change management documentation.
• Firewall ruleset changes to permit communication through ISP, direct connect, or VPN (AVPN).
• Cisco ASA 5500 firewall administration for site-to-site VPN customers (multiple contexts).
• Cisco CSS 11000 administration for [HTTP] web portal load-balancing operations.
02/08 – 11/08
ConsumerSource Interactive (Rentpath)
Network Engineer (Contract) Norcross, GA
• Data center redesign of including Cisco 6509 and 2960 switches, F5 Big-IP LTM load balancers,
Checkpoint R65 Firewalls (Nokia IPSO), VLANs with VTP, and load-balanced ISP connectivity.
• F5 Big-IP LTM 3400 and 1500 load balancer design and configuration including upgrades to
TMOS version 9.4, nodes, members, virtual servers and server pools, NAT, SNATs, and iRules.
• Cisco PIX 6.35 configuration including access-lists and multiple site-to-site VPNs.
• Repair WAN communications, firewall holes, and break-fix for trouble tickets.
• Checkpoint Connectra R62CM SSL VPN with embedded Native applications and RADIUS.
• Cisco 6506 CatOS L2 configuration (VLANs, Etherchannel) and troubleshooting; replacement of
Supervisor card and power supplies, and upgrade to Native IOS.
• Network troubleshooting and traffic optimization with tools such as TCPdump, Sniffers
(Ethereal/Wireshark), Cacti (SNMP), and Kiwi Syslog Daemon (firewall logging).
02/07 – 02/08
RedPrairie Corporation (now JDA)
Senior Infrastructure Engineer purchased
• Designed two new data centers with 99.999% uptime, dual Cisco 6509s (Sup 720), HSRP/VRRP,
OSPF routing with Virtual Links, F5 Big-IP Server Farms, and ASA 5500 series Firewalls.
4. • Design and installation of Load Balancing solution with F5 BIG-IP Local Traffic Management
(LTM), with Web and Application Servers, iRules for code enhancement, and SSL offloading.
• Maintenance of legacy data centers with F5 1500 Load Balancers (130 server farms), and HSRP.
• Responsible for Radware Linkproof ISP Global Load Balancer design and administration.
• Site-to-Site VPN connectivity provided with Cisco PIX (6.3) and ASA (7.2) firewalls using the
CLI or ASDM, in Active/Passive failover mode with NAT and/or PAT, IPSec.
• Troubleshooting of various Cisco switches and routers (1800, 2800, 2960, 3750, 4509, 6509).
• VMware ESX Server installations and administration with VirtualCenter Client 3.x.
• F5 BIG-IP 3400 OS upgrades, setup of VIP listeners (virtual servers), virtual forwarding servers,
profile optimization, traffic analysis with TCPDUMP, and training of system administrators.
11/06 – 02/07
Cingular Wireless
NSD Implementation Engineer (Contract) defunct
• F5 LTM Load Balancer configuration exports and network design planning with Visio.
• Routing protocol configuration including BGP peering sessions and OSPF troubleshooting.
03/05 – 07/06
Solving Systems
Network Engineer (Contract) defunct
• Cisco 3845, 4510, 6509, 7500, 7600; Juniper J2300, M-series, EIGRP, OSPF, BGP.
• Cisco PIX and ASA (Adaptive Security Appliance) VPN configuration with IPSec encryption
(3DES, MD5, SHA) using command-line (PIX) and/or ASDM client.
• Checkpoint firewall-1 v4.1 administration and conversion to Watchguard Firebox SSL gateway.
• T1-T3 circuit and BERT testing, DSLAM configuration, and liaison with ILEC and IXC carriers
for local ISP.
12/03 – 01/05
Ricoh Corporation
Network Security Engineer West Caldwell, NJ
• UNIX (Solaris and Linux) support including general file maintenance and networking support.
• Check Point Firewall NGAI configuration, NAT, DMZ, and monitoring with Smartview Tracker.
• SNMP/RMON probe monitoring and management with HP Openview, SolarWinds and MRTG.
• VPN configuration using Cisco 3000 Concentrator, SSL certificates and/or IPsec VPNs.
• Troubleshooting T-1 lines, various routers, ISDN PRI racks, D-4 channel banks, and CSU/DSUs.
• Configuration of Cisco routers (IOS 11/12.x), access servers, and Catalyst switches with HSRP.
• AAA, SSL/IPsec VPN, PKI, RADIUS, TACACS+, EAP, PEAP, CHAP, MS-CHAP.
• Cisco PIX Firewall configuration (PIX v.4.x); VPNs, DMZ, rules, access lists and failover.
• SNMP agents between RDC’s of BellSouth’s OSI Platform (BOSIP) with HP Openview.
• Cisco 3845, 4510, 6509, 7500, 7600; Juniper J2300, M-series, EIGRP, OSPF, BGP.
• AAA, SSL/IPsec VPN, PKI, RADIUS, TACACS+, EAP, EAP-Fast, PEAP, CHAP, MS-CHAP),
authentication, Cisco 7609 and Juniper M320 configuration with line and/or PIC card installation.
• T1-T3 BERT testing, DSLAM configuration, and liaison with ILEC and IXC carriers (for
ISP).
5. EDUCATION:
• Naval Aviation Technical Training Center, Memphis, TN
(NATTC-AS Equivalent)
Navigational Computer Systems, AM/FM Radios, and Electronics
• College (1988-1990):
Chaminade University, Aeia, Hi
Computer Science major
• ACTS (BellSouth Training-1991-1994)
Interexchange Carrier Technologies (IXC), T-carrier analysis, ATM, and frame-relay
• Wave Technologies (1992):
Windows NT 4.0 Server Administration
• ACREW Network Security 2008 (CISSP)
6. EDUCATION:
• Naval Aviation Technical Training Center, Memphis, TN
(NATTC-AS Equivalent)
Navigational Computer Systems, AM/FM Radios, and Electronics
• College (1988-1990):
Chaminade University, Aeia, Hi
Computer Science major
• ACTS (BellSouth Training-1991-1994)
Interexchange Carrier Technologies (IXC), T-carrier analysis, ATM, and frame-relay
• Wave Technologies (1992):
Windows NT 4.0 Server Administration
• ACREW Network Security 2008 (CISSP)