SlideShare a Scribd company logo

CV-ROB

Download as DOC, PDF
Robert Beardon
Robert Beardon
1 of 8
Robert Beardon Mob 07869 728100 Resident London Email: rbeardon@yahoo.com Professional Profile 20 year record of deploying wireless backend systems, supporting mission critical networks, configuring firewalls and optimising performance. Financial, NHS and Pharmaceuticals industry experience supporting the network, security, wireless and desktop/server. Worked in England, Ireland, Northern Ireland, France, Netherlands, Poland, Czech Republic, Germany, Denmark, Spain, Mexico, Singapore, China and Saudi Arabia. Areas of Expertise: Network Support/design – supporting 10,000 network devices and over 100,000 networked nodes. Also mission critical, high availability networks and financial/health systems. Wireless support/design – deployment, support and optimisation. Security Support/design – Checkpoint/ASA/SRX640 firewall configuration, security policies, vulnerabilities, NAC, DOT1x via Cisco ISE, IAS, ACS Professional Experience 06/2014-Present North East London Foundation Trust Senior Network/Security/Wireless Engineer • Designed and implemented an ISE deployment for secure wireless access. The current wireless was not secure as the Trust had not employed machine authentication, thus had failed an internal audit. My remit was to ensure that only trusted devices could access the corporate network. Currently, only managed devices are able to access the network via ISE with a backend LDAP lookup. The wireless user base incorporates over 3000 devices across 140 sites. • Trust wide wireless across 140 sites with 8510 controllers and 5500 guest anchor controllers. Over 1000 3502 series access points were deployed. Guest wireless was integrated to a third party proxy solution called WIFIspark. All access points and wireless controllers were configured out of the box. Capwap traffic for guest traffic into a secure DMZ with internet breakout to a dedicated firewall and separate internet pipe. Flexconnect for all remote based wireless to ensure optimal routing. All APS configured as radius clients on remote sites. • Wireless migration from Aruba with Alcatel controllers to Cisco wireless. The Trust had wireless hot spots on a different platform. Was able to successfully migrate services over to the floodlit Cisco platform with no loss of service. As stated, the new solution is secure from an audit point as well. • Configured all new SVIS, OSPF routing, vlans and switch configuration for the new wireless solution. • All firewall policies, nat and nonat configured for the new wireless to ensure connectivity on the dedicated internet and N3 application firewalls. • 4th line troubleshooting. Fixed an issue that had persisted for 9 months whereby a £1,000,000 Meganexus online
video recording and viewing web based application was not working. With wireshark and through analysis of the firewall and routing behaviour, was able to optimise how the traffic was handled. Secondly, through wireshark and netstat, was able to demonstrate to the Meganexus developers that the issue was how the application was handled by windows 7 in conjunction with IE ( sockets resetting were treated as new sessions rather than as a continuation of an existing state which was the behaviour of Win XP/Firefox/Chrome) and this was fixed. • Remote VPN troubleshooting: the Trust had deployed an anyconnect VPN solution that was working intermittently. Using packet tracer I was able to detect a routing loop injected by one of the Trust’s redistribution prefix lists and get this fixed. • Helpdesk/Support restructuring and route cause analysis. During my tenure I was asked to assist with getting the call volume manageable after the Trust had upgraded from Win XP to Win7. This necessitated restructuring the helpdesk model. On my recommendation the Trust empowered 1st and 2nd line team leaders. Dedicated third line was established and a knowledge base was set up. Secondly, templates were produced detailing information to be established before a call was escalated. As a result of my suggestions the Trust also brought in a Customer Liaison Officer who was tasked with analysing statistics to highlight problem sites who could then be prioritised. This data also led to deep route cause analysis whereby repeat calls could be investigated, disparate issues could be linked and the underlying problem fixed. An initiative was also begun to automate basic call generating functions: password reset portal, account creation request, hardware procurement. Calls dropped by 25% and the backlog is now manageable. 08/2012-5/2014 Henderson Global Investors Senior Network/Security Engineer • Deployed wireless to all European, American and Asian offices using 5500 series controllers for a fully redundant architecture across the three continents. Solution was fully integrated to Cisco ISE and used eap-tls. We also deployed an internal wifi system for BYOD with a fully self-serving portal. Visitor wifi was set up with a portal ticketing system across all sites. Guest wireless DHCP, DNS and basic filtering was provided by a Linux Bubba box which I set up. • Deployed DOT1X against Cisco ISE backend to all European, American and Asian offices. Part of the rollout was to audit every switch port and to ensure that dot1x, dynamic ARP inspect, DHCP snooping, port security was enforced globally. Also audited all trunk links to ensure
that native vlan security was enforced to prevent VLAN hopping. • Designed and installed Checkpoint firewalls to all new offices in North America. • Maintained all management platforms: Checkpoint Smartdashboard, Smartevent, Smartview Tracker. ASDM for ASA. Cisco Prime and a legacy Ciscoworks system. ACS for TACACS. WHATSAPP Gold for text alerting and monitoring specific devices. PRTG for bandwidth monitoring. • Troubleshooting: in depth diagnosis and fault finding which necessitated the use of a wide range of tools: tracker, tcpdump, wireshark, netstat, packet tracer. Very often networks had to perform in depth analysis to show the problem post any application upgrade which was not actually a network issue but we could identify it and fix it with our deep packet inspection tools. • Configured all security policies on the existing 12000 series Checkpoint firewalls at each of the hub sites in London, Singapore and Chicago. We also deployed 1100 series Checkpoint at all new smaller offices. ASA configuration for specific VPN requirements and also for internal intra VRF communications. • Conducted security audits and was responsible for fixing all audit points. One project necessitated turning off all the implied rules on live Checkpoint firewalls (deployed before my tenure) and ensuring that all market data VPNS were unaffected. • Configuring, maintaining and troubleshooting network issues: 6500 series VSS Catalyst core, 3500 series remote site Catalysts, 2800 series routers, dedicated market data VPNS complete with VRF configuration, OSPF networks with EIGRP via GRE VPN’s with third party market data providers. • Routing support: OSPF with policy based routing on our edge checkpoint firewalls and edge routers. All new sites were integrated into our OSPF design. • Load balancing/Wan Optimisation support: configured, upgraded and supported a full Cisco WAAS deployment complete with customised application policy sets. Maintained and configured the BIG IP load balancing solution that handled all web server and trading platforms. • DMZ design: created dedicated test beds for external penetration testing which necessitated redesigning the DMZ structure and making structural changes to the live firewalls. • Arcsight was rolled out. Responsible for integrating the logging with Checkpoint via OPSEC, collating all switch logs and ASA via integration with Prime and syslog to the arcsight collector. Secured the remote cloud based monitoring and information forwarding via a VPN. • LAB creation: reviewed the Henderson Lab structure and
completely isolated it with the exception of management ports and prevented all security violations i.e. vlan sprawl, bridging violations. Also set up remote access to the test bed Exchange servers as part of a migration to Message Labs. • Market data support: Bloomberg, reuters, all web based trading applications supported. Bloomberg is especially sensitive to latency so in depth analysis and bandwidth optimisation was necessitated to get this to work in many foreign offices. Networks were also heavily involved with all upgrades for the obvious routing/firewall implications, though very often were heavily involved in the post upgrade troubleshooting. • Basic video support. Mostly firewall support for the VCS gateway, but also general conference troubleshooting. Basic Call Manager support. 11/2011-7/2012 North East London Foundation Trust 3rd Line Infrastructure Specialist • Audit of the Trust’s ASA firewalls configuration. All erroneous entries removed and existing rule sets simplified and optimised. • Complete network audit of the Trust’s routing protocols. Currently OSPF and EIGRP redistribution. Submitted a design for a future migration to OSPF complete with stub networks to eliminate multicast traffic over the WAN. • Security vulnerability review. Surveyed the configurations of all network equipment and submitted a plan to eliminate telnet, implement SSH, Dot1x authentication for all machines both wired and wireless, unused ports to be shut and placed in a layer two vlan with no gateway, IAS/AD management for network administration account authentication and logging of all access attempts/configuration changes. • Wireless health check. Poor user experience in key wards led to a complete audit using Airmagnet and identified 802.11G saturation. Fixing the channels and migrating some areas to 802.11A fixed the immediate issues. • Rolled out portfast, BPDUguard, UDLD on all upinks. Audited the STP and optimised it so that the core switches were load balancing the vlans across the redundant links. • Removed all non-existent vlans and pruned all trunk links to reflect the actual traffic. • 3rd Line support tickets encompassing network issues, high profile desktop issues, database connectivity with ODBC errors and profile issues. 06/2011-10/2011 National Commercial Bank, Jeddah, Saudi Arabia 3rd Line Infrastructure Specialist
• Lead engineer for a data centre migration. This entailed troubleshooting all issues resulting from moving data from spoke sites to the data centre and also looking at third line issues with the dynamic VPNS, loss of access to critical resources and auditing existing traffic patterns. • Secured all of the vlans and ports utilising port security, shutting down unused ports and configuring honeypot vlans on the Cisco Catalyst 6509 and 4507 models. • Firewall configuration for 11 corporate sites: programmed the Juniper SRX640 with rule sets to secure the sites. • Audited all applications in use via syslog, Cisco WAAS and ethereal to document applications and all processes. • Documented all traffic flows for the business. • Complete audit of all known issues in the corporate sites and branch offices: Active Directory replication, DNS, Anti-virus and Exchange. • Hardened the Juniper SRX640 to ensure compliancy with PCI standards. Audited the ASA and Pix firewalls and rewrote the security policies. • Secured the wireless networks which used Aruba Wireless Controllers. Enforced machine authentication for DOT1x • Troubleshooting all network/security related issues: Juniper SRX640, Catalyst 6509, Catalyst 4507 and Cisco wireless LAN controllers. 02/2010-06/2011 NAPP Pharmaceuticals 3rd Line Infrastructure Specialist • Full network and security support for the core campus and associate offices: optimised STP, rewrote all the access- lists, rolled out radius and configured IAS, implemented best practices for layer 2 and 3, hardened the routers, VPNS and switches across the sites, maintained the wireless networks both lightweight/autonomous, including an upgrade of the WCS and the WLCs. • Supported and configured: Catalyst 6509, C3750-X, C3750, C2960, C2950, Cisco ASA, Cisco Wireless Lan Controller, Riverbed Steelhead Appliances, Cisco 1812, Cisco 2820, Airmagnet and Cisco Call Manager. • Supported and implemented site migrations in Spain, Denmark and London, complete with wireless designs. • Network monitoring: Solarwinds, Kiwitools, Ethereal. Evaluated Solarwinds for them and set up RPTG in order to monitor all of the existing SAN farms. • Assisted with a data centre migration to Switzerland which entailed liaising with IBM and Massergy for an MPLS solution complete with V Block. • Troubleshot long term issues with the wireless networks in the European offices which entailed a complete audit of all network configuration and then subsequent corrections: vlan creation, adding vlans to trunks, configuring switchports to support subinterfaces on the router, DHCP
scopes, encryption hardening,Nat scopes and access control list permissions. • Supporting ESX hosts. Using the VMWARE console to Vmotion servers and correct issues with vlan tagging. • Deployed Polycom Video Conferencing, desktop video conferencing software and the dedicated Polycom gateway security solution. Also managed Cisco Phones using Cisco Call Manager. 07/2007-01/2010 Northgate Intelligent Solutions ( Security clearance needed) 3rd Line Network Support/ Design Consultant/Team Leader • Full network and security support for 1200 sites across Northern Ireland and England encompassing over 6,000 2950, 3508, 2960 and 3550 series switches, 900 1812 series routers, 3000 1231AG Wireless Access Points, 900 IAS servers, 2 PIX firewalls, 1 Netscreen Juniper firewall, 2 Ciscoworks servers and 3 ACS servers. • IP migrations planned, implemented and checked. 50 sites were migrated to a new range to facilitate contiguous IP ranges. Designed their DR site. • Network standardisation project: IOS refresh, NTP, VTP, syslog, radius and STP variables all pushed out via Ciscoworks. • Rolled out dot1x/NAC to 900 sites complete with IAS policy edits. • Firewall administration and cleansing. Models used: Cisco Pix and Juniper Netscreen. Took the existing ACLs and reduced from 14,500 lines to 1,800. • Third party device evaluation using NESSUS vulnerability scanning software and ethereal. 01/2007-06/2007 Goodmayes Hospital 3rd Line Support/Deputy IT Manager • 3rd line network support and acted as deputy head during the incumbent’s paternity leave. 10/2006-11/2006 Springfield University Hospital Network Engineer • 3rd line network and security support for the core and all associated sites. 7/2006 – 9/2006 Monster Network Engineer • Daily support and break fix whilst the lead engineer was on leave. 4/2006 – 7/2006 Royal Bank of Scotland Network Designer/Implementation Engineer • Implemented Cisco best practices for layer 2 and 3 configuration on all core devices and associate sites. This entailed rewriting hybrid configs to full IOS compatibility. 8/2005 – 3/2006 NATIONAL HEALTH SERVICE
Network Engineer • Complete third line support and assessing vendors for the NPFIT rollout. 5/2005 – 8/2005 SERCO SOLUTIONS Network Engineer • General break fix support. 3/2003 – 5/2005 ABBEY FINANCIAL MARKETS Trade Floor Support Engineer • Supported the traders: Bloomberg, Reuters and general support. 1/2003 – 2/2003 NEWHAM PCT Network Engineer • Re-designed the network to migrate 12 sites, with over 1000 users, from a shared bridged network into their own subnets. 6/2002 - 1/2003 CATER-ALLEN Trade Floor Support Engineer • Supported traders during a site migration. 2/2001 –6/2002 CISCO/MICRONET Network Engineer • General network support with bespoke training for network engineers. 6/1999 –1/2001 MARCONI Senior Network Engineer • Troubleshooting and monitoring a large production network Technical Skills: NETWORKING Routing: OSPF, EIGRP, distribution lists, filters, access control lists. Service Provider Networking: Basic MPLS, strong VPN, Frame Relay, IP Services: DNS, DHCP, HSRP VRRP GLBP, NTP, SNMP, FTP, IPv4, IP design summarization etc. Switching: IOS/CATOS/NAXOS switch configuration and operation, Defining common workgroups, Vlan management and security, Spanning Tree design and optimisation, Fault tolerant routing, Dot1x, Etherchannel, trunking. Security Protocols: IKE, IPSEC, MD5, SHA, DES, 3DES, AH, ESP, SSL, Radius, Tacacs+, DOT1x, NAC, SNAC , NTLM, Kerberos Routing Products: Cisco 800, 1600, 1800, 2500, 2600, 2800, 3800, 7200, 7600 Nexus Switches: 5548 series Catalyst Switches: 1900, 2900, 3550, 3560, 3750, 4500, 6500 Security Products: Cisco ISE, Checkpoint R60, R65, R70 and R75 (SPLAT, IPSO and GAIA), ASA, IPS, PIX, VPN Concentrator, AAA, Juniper SRX640, Juniper Netscreen, Fortigate, Imperva SecureSphere ,Cisco Access Control Server, Microsoft IAS, Microsoft Network Policy Server, Nessus, basic Checkpoint IPS, hands on admin with Netscaler and Citrix Access Gateway. Wireless: Cisco Wireless Lan Controller 8500, 5500, Aruba Wireless Lan Controller, Autonomous wireless access points: 1131AG, 1231AG, Wireless Controller Server, Airmagnet, InSSIDer, VOIP: Basic Cisco Call Manager, deployed 7900 series Cisco IP phone, Polycom Video Conferencing deployment of units and the secured gateway as well as the client conferencing desktop software, all switch voice vlan configuration. Wan Optimisation: Riverbed Steelhead Appliance, Cisco WAAS. Internet hardware: Smartcache, ISA server, Bluecoat Proxy.
Monitoring Platforms: Cisco Prime, WCS, Ciscoworks, Solarwinds, Nagios, PRTG, Mutiny, HP Openview, Netscout, Netblox, syslog, basic Arcight ( monitoring and setup via OPSEC on Checkpoint) Load Balancers: Big IP Microsoft/Server/Desktop/Market data/NHS Good all round knowledge of Server Administration using Microsoft Technologies, Windows Server 2003, Windows 2000 Server, Windows XP Professional and Windows Vista. Active Directory Administration, Network Security Design and Implementation. Exchange 2000/2003/07 user and mailbox management. Hardware & software configuration, fault finding as well as Patch and Printer Management. Application Support including all Office Suites, Veritas Backup 10, Wireshark, Airmagnet. Have installed and supported Reuters, Bloomberg, Global One, Wall Street Systems, Swift, Cedcom, Euroclear, Morgan Stanley and bespoke financial packages. Experience supporting and rolling out the NPfit software suite including RIO and Choose and Book. Certifications Cisco Certified Network Associate CCNA Cisco Certified Network Professional CCNP Cisco Certified Systems Instructor CCSI Microsoft Certified Systems Engineer NT4 Microsoft Certified Systems Trainer MCT Leisure Activities and Pursuits Weightlifting and reading, especially the Eastern Front in WW2. Language Skills Conversational French and German. I can also get by in Spanish and Arabic.

Recommended

Stephen Henig
Stephen HenigStephen Henig
Stephen HenigStephen Henig
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
CCIE Service Provider
CCIE Service ProviderCCIE Service Provider
CCIE Service ProviderCisco Canada
 
Mudher alattar resume
Mudher alattar resumeMudher alattar resume
Mudher alattar resumeMudher Al-Attar
 
Resume
ResumeResume
ResumeAbhijit Das
 
CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1Chaing Ravuth
 
PMResume
PMResumePMResume
PMResumePablo Marques
 
Updated Resume
Updated Resume Updated Resume
Updated Resume Daud (Dave) Amini
 

Recommended

Stephen Henig
Stephen HenigStephen Henig
Stephen HenigStephen Henig
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
CCIE Service Provider
CCIE Service ProviderCCIE Service Provider
CCIE Service ProviderCisco Canada
 
Mudher alattar resume
Mudher alattar resumeMudher alattar resume
Mudher alattar resumeMudher Al-Attar
 
Resume
ResumeResume
ResumeAbhijit Das
 
CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1CCNA3 Verson6 Chapter1
CCNA3 Verson6 Chapter1Chaing Ravuth
 
PMResume
PMResumePMResume
PMResumePablo Marques
 
Updated Resume
Updated Resume Updated Resume
Updated Resume Daud (Dave) Amini
 
Federick Glenn Resume -2
Federick Glenn Resume -2Federick Glenn Resume -2
Federick Glenn Resume -2Frederick Glenn
 
Resume Of Ifthekharul Islam_2016_V1.5
Resume Of Ifthekharul Islam_2016_V1.5Resume Of Ifthekharul Islam_2016_V1.5
Resume Of Ifthekharul Islam_2016_V1.5Ifthekharul Islam
 
Cover
CoverCover
CoverDarren Powles
 
Resume mohammed ahmed awad (1)
Resume mohammed ahmed awad (1)Resume mohammed ahmed awad (1)
Resume mohammed ahmed awad (1)Mohammed Abdelwahed
 
Chanh Ackerman
Chanh AckermanChanh Ackerman
Chanh AckermanJohn Ackerman
 
Exploration_Routing_Chapter_7
Exploration_Routing_Chapter_7Exploration_Routing_Chapter_7
Exploration_Routing_Chapter_7dinuk123
 
Haseeb Resume LATEST
Haseeb Resume LATESTHaseeb Resume LATEST
Haseeb Resume LATESTAbdul Haseeb
 
Giri - Resume 6+exp
Giri - Resume 6+expGiri - Resume 6+exp
Giri - Resume 6+expGiridharan Sriramulu
 
nana.owusu resume 3
nana.owusu resume 3nana.owusu resume 3
nana.owusu resume 3Nana Owusu
 
ASHISH SENGAR.doc
ASHISH SENGAR.docASHISH SENGAR.doc
ASHISH SENGAR.docAshish Sengar
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
G. Iliev
G. Iliev G. Iliev
G. Iliev Galin Iliev
 
Chapter 2
Chapter 2Chapter 2
Chapter 2ali raza
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8Chaing Ravuth
 
CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcrosssteve shaw-cross
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekSavvius, Inc
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
Acmx study guide
Acmx study guideAcmx study guide
Acmx study guideAruba, a Hewlett Packard Enterprise company
 
Techcv 4 3 2010 2003london
Techcv 4 3 2010 2003londonTechcv 4 3 2010 2003london
Techcv 4 3 2010 2003londonnmeadows
 
Mandu CV Net DOD_ 08 2016 doc
Mandu CV Net DOD_ 08 2016 doc Mandu CV Net DOD_ 08 2016 doc
Mandu CV Net DOD_ 08 2016 doc Marcel Mandu
 

More Related Content

What's hot

Federick Glenn Resume -2
Federick Glenn Resume -2Federick Glenn Resume -2
Federick Glenn Resume -2Frederick Glenn
 
Resume Of Ifthekharul Islam_2016_V1.5
Resume Of Ifthekharul Islam_2016_V1.5Resume Of Ifthekharul Islam_2016_V1.5
Resume Of Ifthekharul Islam_2016_V1.5Ifthekharul Islam
 
Exploration_Routing_Chapter_7
Exploration_Routing_Chapter_7Exploration_Routing_Chapter_7
Exploration_Routing_Chapter_7dinuk123
 
Haseeb Resume LATEST
Haseeb Resume LATESTHaseeb Resume LATEST
Haseeb Resume LATESTAbdul Haseeb
 
nana.owusu resume 3
nana.owusu resume 3nana.owusu resume 3
nana.owusu resume 3Nana Owusu
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRCisco Canada
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8Chaing Ravuth
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco Canada
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekSavvius, Inc
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 

What's hot (20)

Federick Glenn Resume -2
Federick Glenn Resume -2Federick Glenn Resume -2
Federick Glenn Resume -2
 
Resume Of Ifthekharul Islam_2016_V1.5
Resume Of Ifthekharul Islam_2016_V1.5Resume Of Ifthekharul Islam_2016_V1.5
Resume Of Ifthekharul Islam_2016_V1.5
 
Cover
CoverCover
Cover
 
Resume mohammed ahmed awad (1)
Resume mohammed ahmed awad (1)Resume mohammed ahmed awad (1)
Resume mohammed ahmed awad (1)
 
Chanh Ackerman
Chanh AckermanChanh Ackerman
Chanh Ackerman
 
Exploration_Routing_Chapter_7
Exploration_Routing_Chapter_7Exploration_Routing_Chapter_7
Exploration_Routing_Chapter_7
 
Haseeb Resume LATEST
Haseeb Resume LATESTHaseeb Resume LATEST
Haseeb Resume LATEST
 
Giri - Resume 6+exp
Giri - Resume 6+expGiri - Resume 6+exp
Giri - Resume 6+exp
 
nana.owusu resume 3
nana.owusu resume 3nana.owusu resume 3
nana.owusu resume 3
 
ASHISH SENGAR.doc
ASHISH SENGAR.docASHISH SENGAR.doc
ASHISH SENGAR.doc
 
Network Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XRNetwork Function Virtualization (NFV) using IOS-XR
Network Function Virtualization (NFV) using IOS-XR
 
G. Iliev
G. Iliev G. Iliev
G. Iliev
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8CCNA4 Verson6 Chapter8
CCNA4 Verson6 Chapter8
 
CV Steve Shawcross
CV Steve ShawcrossCV Steve Shawcross
CV Steve Shawcross
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
 
Hands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and ServicesHands-on Experience with IPv6 Routing and Services
Hands-on Experience with IPv6 Routing and Services
 
Network Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with OmnipeekNetwork Analysis Tips & Tricks with Omnipeek
Network Analysis Tips & Tricks with Omnipeek
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 
Acmx study guide
Acmx study guideAcmx study guide
Acmx study guide
 

Similar to CV-ROB

Techcv 4 3 2010 2003london
Techcv 4 3 2010 2003londonTechcv 4 3 2010 2003london
Techcv 4 3 2010 2003londonnmeadows
 
Mandu CV Net DOD_ 08 2016 doc
Mandu CV Net DOD_ 08 2016 doc Mandu CV Net DOD_ 08 2016 doc
Mandu CV Net DOD_ 08 2016 doc Marcel Mandu
 
Resume for James McGarity
Resume for James McGarityResume for James McGarity
Resume for James McGarityJames McGarity
 
Erik Franzen Linkedin Resume
Erik Franzen Linkedin ResumeErik Franzen Linkedin Resume
Erik Franzen Linkedin ResumeErik Franzen
 
ResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfGregory Edwards
 
Senior network security engineer
Senior network security engineerSenior network security engineer
Senior network security engineerDWARAGANATH VJ
 
Ahmed_Noreldeen_Resume 5
Ahmed_Noreldeen_Resume 5Ahmed_Noreldeen_Resume 5
Ahmed_Noreldeen_Resume 5Ahmed NorEldeen
 
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016Ahmed Morsy
 
Gage Fogleman's Resume
Gage Fogleman's ResumeGage Fogleman's Resume
Gage Fogleman's ResumeGage Fogleman
 
Network Engineer - Resume
Network Engineer - ResumeNetwork Engineer - Resume
Network Engineer - ResumeAssan Samba
 
Network Engineer - Resume
Network Engineer - ResumeNetwork Engineer - Resume
Network Engineer - ResumeAssan Samba
 
Mohammad Shaltaf Cv
Mohammad Shaltaf CvMohammad Shaltaf Cv
Mohammad Shaltaf Cvm_altriif
 

Similar to CV-ROB (20)

Techcv 4 3 2010 2003london
Techcv 4 3 2010 2003londonTechcv 4 3 2010 2003london
Techcv 4 3 2010 2003london
 
Mandu CV Net DOD_ 08 2016 doc
Mandu CV Net DOD_ 08 2016 doc Mandu CV Net DOD_ 08 2016 doc
Mandu CV Net DOD_ 08 2016 doc
 
Resume for James McGarity
Resume for James McGarityResume for James McGarity
Resume for James McGarity
 
updated cvmn
updated cvmnupdated cvmn
updated cvmn
 
Erik Franzen Linkedin Resume
Erik Franzen Linkedin ResumeErik Franzen Linkedin Resume
Erik Franzen Linkedin Resume
 
Mohammed alshahrani cv 2016
Mohammed alshahrani cv 2016Mohammed alshahrani cv 2016
Mohammed alshahrani cv 2016
 
ResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdf
 
Resume
ResumeResume
Resume
 
Carl Resume
Carl ResumeCarl Resume
Carl Resume
 
Senior network security engineer
Senior network security engineerSenior network security engineer
Senior network security engineer
 
Ahmed_Noreldeen_Resume 5
Ahmed_Noreldeen_Resume 5Ahmed_Noreldeen_Resume 5
Ahmed_Noreldeen_Resume 5
 
Swaminathan_Resume_May2015
Swaminathan_Resume_May2015Swaminathan_Resume_May2015
Swaminathan_Resume_May2015
 
Manjesh cv
Manjesh cvManjesh cv
Manjesh cv
 
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
AHMED+MORSY+ABD+EL+BAKI+v1.1+updated+2016
 
Gage Fogleman's Resume
Gage Fogleman's ResumeGage Fogleman's Resume
Gage Fogleman's Resume
 
RESUME
RESUMERESUME
RESUME
 
Network Engineer - Resume
Network Engineer - ResumeNetwork Engineer - Resume
Network Engineer - Resume
 
Network Engineer - Resume
Network Engineer - ResumeNetwork Engineer - Resume
Network Engineer - Resume
 
Mohammad Shaltaf Cv
Mohammad Shaltaf CvMohammad Shaltaf Cv
Mohammad Shaltaf Cv
 
MOSTAFA AHMED KHATTAB-
MOSTAFA AHMED KHATTAB-MOSTAFA AHMED KHATTAB-
MOSTAFA AHMED KHATTAB-
 

CV-ROB

  • 1. Robert Beardon Mob 07869 728100 Resident London Email: rbeardon@yahoo.com Professional Profile 20 year record of deploying wireless backend systems, supporting mission critical networks, configuring firewalls and optimising performance. Financial, NHS and Pharmaceuticals industry experience supporting the network, security, wireless and desktop/server. Worked in England, Ireland, Northern Ireland, France, Netherlands, Poland, Czech Republic, Germany, Denmark, Spain, Mexico, Singapore, China and Saudi Arabia. Areas of Expertise: Network Support/design – supporting 10,000 network devices and over 100,000 networked nodes. Also mission critical, high availability networks and financial/health systems. Wireless support/design – deployment, support and optimisation. Security Support/design – Checkpoint/ASA/SRX640 firewall configuration, security policies, vulnerabilities, NAC, DOT1x via Cisco ISE, IAS, ACS Professional Experience 06/2014-Present North East London Foundation Trust Senior Network/Security/Wireless Engineer • Designed and implemented an ISE deployment for secure wireless access. The current wireless was not secure as the Trust had not employed machine authentication, thus had failed an internal audit. My remit was to ensure that only trusted devices could access the corporate network. Currently, only managed devices are able to access the network via ISE with a backend LDAP lookup. The wireless user base incorporates over 3000 devices across 140 sites. • Trust wide wireless across 140 sites with 8510 controllers and 5500 guest anchor controllers. Over 1000 3502 series access points were deployed. Guest wireless was integrated to a third party proxy solution called WIFIspark. All access points and wireless controllers were configured out of the box. Capwap traffic for guest traffic into a secure DMZ with internet breakout to a dedicated firewall and separate internet pipe. Flexconnect for all remote based wireless to ensure optimal routing. All APS configured as radius clients on remote sites. • Wireless migration from Aruba with Alcatel controllers to Cisco wireless. The Trust had wireless hot spots on a different platform. Was able to successfully migrate services over to the floodlit Cisco platform with no loss of service. As stated, the new solution is secure from an audit point as well. • Configured all new SVIS, OSPF routing, vlans and switch configuration for the new wireless solution. • All firewall policies, nat and nonat configured for the new wireless to ensure connectivity on the dedicated internet and N3 application firewalls. • 4th line troubleshooting. Fixed an issue that had persisted for 9 months whereby a £1,000,000 Meganexus online
  • 2. video recording and viewing web based application was not working. With wireshark and through analysis of the firewall and routing behaviour, was able to optimise how the traffic was handled. Secondly, through wireshark and netstat, was able to demonstrate to the Meganexus developers that the issue was how the application was handled by windows 7 in conjunction with IE ( sockets resetting were treated as new sessions rather than as a continuation of an existing state which was the behaviour of Win XP/Firefox/Chrome) and this was fixed. • Remote VPN troubleshooting: the Trust had deployed an anyconnect VPN solution that was working intermittently. Using packet tracer I was able to detect a routing loop injected by one of the Trust’s redistribution prefix lists and get this fixed. • Helpdesk/Support restructuring and route cause analysis. During my tenure I was asked to assist with getting the call volume manageable after the Trust had upgraded from Win XP to Win7. This necessitated restructuring the helpdesk model. On my recommendation the Trust empowered 1st and 2nd line team leaders. Dedicated third line was established and a knowledge base was set up. Secondly, templates were produced detailing information to be established before a call was escalated. As a result of my suggestions the Trust also brought in a Customer Liaison Officer who was tasked with analysing statistics to highlight problem sites who could then be prioritised. This data also led to deep route cause analysis whereby repeat calls could be investigated, disparate issues could be linked and the underlying problem fixed. An initiative was also begun to automate basic call generating functions: password reset portal, account creation request, hardware procurement. Calls dropped by 25% and the backlog is now manageable. 08/2012-5/2014 Henderson Global Investors Senior Network/Security Engineer • Deployed wireless to all European, American and Asian offices using 5500 series controllers for a fully redundant architecture across the three continents. Solution was fully integrated to Cisco ISE and used eap-tls. We also deployed an internal wifi system for BYOD with a fully self-serving portal. Visitor wifi was set up with a portal ticketing system across all sites. Guest wireless DHCP, DNS and basic filtering was provided by a Linux Bubba box which I set up. • Deployed DOT1X against Cisco ISE backend to all European, American and Asian offices. Part of the rollout was to audit every switch port and to ensure that dot1x, dynamic ARP inspect, DHCP snooping, port security was enforced globally. Also audited all trunk links to ensure
  • 3. that native vlan security was enforced to prevent VLAN hopping. • Designed and installed Checkpoint firewalls to all new offices in North America. • Maintained all management platforms: Checkpoint Smartdashboard, Smartevent, Smartview Tracker. ASDM for ASA. Cisco Prime and a legacy Ciscoworks system. ACS for TACACS. WHATSAPP Gold for text alerting and monitoring specific devices. PRTG for bandwidth monitoring. • Troubleshooting: in depth diagnosis and fault finding which necessitated the use of a wide range of tools: tracker, tcpdump, wireshark, netstat, packet tracer. Very often networks had to perform in depth analysis to show the problem post any application upgrade which was not actually a network issue but we could identify it and fix it with our deep packet inspection tools. • Configured all security policies on the existing 12000 series Checkpoint firewalls at each of the hub sites in London, Singapore and Chicago. We also deployed 1100 series Checkpoint at all new smaller offices. ASA configuration for specific VPN requirements and also for internal intra VRF communications. • Conducted security audits and was responsible for fixing all audit points. One project necessitated turning off all the implied rules on live Checkpoint firewalls (deployed before my tenure) and ensuring that all market data VPNS were unaffected. • Configuring, maintaining and troubleshooting network issues: 6500 series VSS Catalyst core, 3500 series remote site Catalysts, 2800 series routers, dedicated market data VPNS complete with VRF configuration, OSPF networks with EIGRP via GRE VPN’s with third party market data providers. • Routing support: OSPF with policy based routing on our edge checkpoint firewalls and edge routers. All new sites were integrated into our OSPF design. • Load balancing/Wan Optimisation support: configured, upgraded and supported a full Cisco WAAS deployment complete with customised application policy sets. Maintained and configured the BIG IP load balancing solution that handled all web server and trading platforms. • DMZ design: created dedicated test beds for external penetration testing which necessitated redesigning the DMZ structure and making structural changes to the live firewalls. • Arcsight was rolled out. Responsible for integrating the logging with Checkpoint via OPSEC, collating all switch logs and ASA via integration with Prime and syslog to the arcsight collector. Secured the remote cloud based monitoring and information forwarding via a VPN. • LAB creation: reviewed the Henderson Lab structure and
  • 4. completely isolated it with the exception of management ports and prevented all security violations i.e. vlan sprawl, bridging violations. Also set up remote access to the test bed Exchange servers as part of a migration to Message Labs. • Market data support: Bloomberg, reuters, all web based trading applications supported. Bloomberg is especially sensitive to latency so in depth analysis and bandwidth optimisation was necessitated to get this to work in many foreign offices. Networks were also heavily involved with all upgrades for the obvious routing/firewall implications, though very often were heavily involved in the post upgrade troubleshooting. • Basic video support. Mostly firewall support for the VCS gateway, but also general conference troubleshooting. Basic Call Manager support. 11/2011-7/2012 North East London Foundation Trust 3rd Line Infrastructure Specialist • Audit of the Trust’s ASA firewalls configuration. All erroneous entries removed and existing rule sets simplified and optimised. • Complete network audit of the Trust’s routing protocols. Currently OSPF and EIGRP redistribution. Submitted a design for a future migration to OSPF complete with stub networks to eliminate multicast traffic over the WAN. • Security vulnerability review. Surveyed the configurations of all network equipment and submitted a plan to eliminate telnet, implement SSH, Dot1x authentication for all machines both wired and wireless, unused ports to be shut and placed in a layer two vlan with no gateway, IAS/AD management for network administration account authentication and logging of all access attempts/configuration changes. • Wireless health check. Poor user experience in key wards led to a complete audit using Airmagnet and identified 802.11G saturation. Fixing the channels and migrating some areas to 802.11A fixed the immediate issues. • Rolled out portfast, BPDUguard, UDLD on all upinks. Audited the STP and optimised it so that the core switches were load balancing the vlans across the redundant links. • Removed all non-existent vlans and pruned all trunk links to reflect the actual traffic. • 3rd Line support tickets encompassing network issues, high profile desktop issues, database connectivity with ODBC errors and profile issues. 06/2011-10/2011 National Commercial Bank, Jeddah, Saudi Arabia 3rd Line Infrastructure Specialist
  • 5. • Lead engineer for a data centre migration. This entailed troubleshooting all issues resulting from moving data from spoke sites to the data centre and also looking at third line issues with the dynamic VPNS, loss of access to critical resources and auditing existing traffic patterns. • Secured all of the vlans and ports utilising port security, shutting down unused ports and configuring honeypot vlans on the Cisco Catalyst 6509 and 4507 models. • Firewall configuration for 11 corporate sites: programmed the Juniper SRX640 with rule sets to secure the sites. • Audited all applications in use via syslog, Cisco WAAS and ethereal to document applications and all processes. • Documented all traffic flows for the business. • Complete audit of all known issues in the corporate sites and branch offices: Active Directory replication, DNS, Anti-virus and Exchange. • Hardened the Juniper SRX640 to ensure compliancy with PCI standards. Audited the ASA and Pix firewalls and rewrote the security policies. • Secured the wireless networks which used Aruba Wireless Controllers. Enforced machine authentication for DOT1x • Troubleshooting all network/security related issues: Juniper SRX640, Catalyst 6509, Catalyst 4507 and Cisco wireless LAN controllers. 02/2010-06/2011 NAPP Pharmaceuticals 3rd Line Infrastructure Specialist • Full network and security support for the core campus and associate offices: optimised STP, rewrote all the access- lists, rolled out radius and configured IAS, implemented best practices for layer 2 and 3, hardened the routers, VPNS and switches across the sites, maintained the wireless networks both lightweight/autonomous, including an upgrade of the WCS and the WLCs. • Supported and configured: Catalyst 6509, C3750-X, C3750, C2960, C2950, Cisco ASA, Cisco Wireless Lan Controller, Riverbed Steelhead Appliances, Cisco 1812, Cisco 2820, Airmagnet and Cisco Call Manager. • Supported and implemented site migrations in Spain, Denmark and London, complete with wireless designs. • Network monitoring: Solarwinds, Kiwitools, Ethereal. Evaluated Solarwinds for them and set up RPTG in order to monitor all of the existing SAN farms. • Assisted with a data centre migration to Switzerland which entailed liaising with IBM and Massergy for an MPLS solution complete with V Block. • Troubleshot long term issues with the wireless networks in the European offices which entailed a complete audit of all network configuration and then subsequent corrections: vlan creation, adding vlans to trunks, configuring switchports to support subinterfaces on the router, DHCP
  • 6. scopes, encryption hardening,Nat scopes and access control list permissions. • Supporting ESX hosts. Using the VMWARE console to Vmotion servers and correct issues with vlan tagging. • Deployed Polycom Video Conferencing, desktop video conferencing software and the dedicated Polycom gateway security solution. Also managed Cisco Phones using Cisco Call Manager. 07/2007-01/2010 Northgate Intelligent Solutions ( Security clearance needed) 3rd Line Network Support/ Design Consultant/Team Leader • Full network and security support for 1200 sites across Northern Ireland and England encompassing over 6,000 2950, 3508, 2960 and 3550 series switches, 900 1812 series routers, 3000 1231AG Wireless Access Points, 900 IAS servers, 2 PIX firewalls, 1 Netscreen Juniper firewall, 2 Ciscoworks servers and 3 ACS servers. • IP migrations planned, implemented and checked. 50 sites were migrated to a new range to facilitate contiguous IP ranges. Designed their DR site. • Network standardisation project: IOS refresh, NTP, VTP, syslog, radius and STP variables all pushed out via Ciscoworks. • Rolled out dot1x/NAC to 900 sites complete with IAS policy edits. • Firewall administration and cleansing. Models used: Cisco Pix and Juniper Netscreen. Took the existing ACLs and reduced from 14,500 lines to 1,800. • Third party device evaluation using NESSUS vulnerability scanning software and ethereal. 01/2007-06/2007 Goodmayes Hospital 3rd Line Support/Deputy IT Manager • 3rd line network support and acted as deputy head during the incumbent’s paternity leave. 10/2006-11/2006 Springfield University Hospital Network Engineer • 3rd line network and security support for the core and all associated sites. 7/2006 – 9/2006 Monster Network Engineer • Daily support and break fix whilst the lead engineer was on leave. 4/2006 – 7/2006 Royal Bank of Scotland Network Designer/Implementation Engineer • Implemented Cisco best practices for layer 2 and 3 configuration on all core devices and associate sites. This entailed rewriting hybrid configs to full IOS compatibility. 8/2005 – 3/2006 NATIONAL HEALTH SERVICE
  • 7. Network Engineer • Complete third line support and assessing vendors for the NPFIT rollout. 5/2005 – 8/2005 SERCO SOLUTIONS Network Engineer • General break fix support. 3/2003 – 5/2005 ABBEY FINANCIAL MARKETS Trade Floor Support Engineer • Supported the traders: Bloomberg, Reuters and general support. 1/2003 – 2/2003 NEWHAM PCT Network Engineer • Re-designed the network to migrate 12 sites, with over 1000 users, from a shared bridged network into their own subnets. 6/2002 - 1/2003 CATER-ALLEN Trade Floor Support Engineer • Supported traders during a site migration. 2/2001 –6/2002 CISCO/MICRONET Network Engineer • General network support with bespoke training for network engineers. 6/1999 –1/2001 MARCONI Senior Network Engineer • Troubleshooting and monitoring a large production network Technical Skills: NETWORKING Routing: OSPF, EIGRP, distribution lists, filters, access control lists. Service Provider Networking: Basic MPLS, strong VPN, Frame Relay, IP Services: DNS, DHCP, HSRP VRRP GLBP, NTP, SNMP, FTP, IPv4, IP design summarization etc. Switching: IOS/CATOS/NAXOS switch configuration and operation, Defining common workgroups, Vlan management and security, Spanning Tree design and optimisation, Fault tolerant routing, Dot1x, Etherchannel, trunking. Security Protocols: IKE, IPSEC, MD5, SHA, DES, 3DES, AH, ESP, SSL, Radius, Tacacs+, DOT1x, NAC, SNAC , NTLM, Kerberos Routing Products: Cisco 800, 1600, 1800, 2500, 2600, 2800, 3800, 7200, 7600 Nexus Switches: 5548 series Catalyst Switches: 1900, 2900, 3550, 3560, 3750, 4500, 6500 Security Products: Cisco ISE, Checkpoint R60, R65, R70 and R75 (SPLAT, IPSO and GAIA), ASA, IPS, PIX, VPN Concentrator, AAA, Juniper SRX640, Juniper Netscreen, Fortigate, Imperva SecureSphere ,Cisco Access Control Server, Microsoft IAS, Microsoft Network Policy Server, Nessus, basic Checkpoint IPS, hands on admin with Netscaler and Citrix Access Gateway. Wireless: Cisco Wireless Lan Controller 8500, 5500, Aruba Wireless Lan Controller, Autonomous wireless access points: 1131AG, 1231AG, Wireless Controller Server, Airmagnet, InSSIDer, VOIP: Basic Cisco Call Manager, deployed 7900 series Cisco IP phone, Polycom Video Conferencing deployment of units and the secured gateway as well as the client conferencing desktop software, all switch voice vlan configuration. Wan Optimisation: Riverbed Steelhead Appliance, Cisco WAAS. Internet hardware: Smartcache, ISA server, Bluecoat Proxy.
  • 8. Monitoring Platforms: Cisco Prime, WCS, Ciscoworks, Solarwinds, Nagios, PRTG, Mutiny, HP Openview, Netscout, Netblox, syslog, basic Arcight ( monitoring and setup via OPSEC on Checkpoint) Load Balancers: Big IP Microsoft/Server/Desktop/Market data/NHS Good all round knowledge of Server Administration using Microsoft Technologies, Windows Server 2003, Windows 2000 Server, Windows XP Professional and Windows Vista. Active Directory Administration, Network Security Design and Implementation. Exchange 2000/2003/07 user and mailbox management. Hardware & software configuration, fault finding as well as Patch and Printer Management. Application Support including all Office Suites, Veritas Backup 10, Wireshark, Airmagnet. Have installed and supported Reuters, Bloomberg, Global One, Wall Street Systems, Swift, Cedcom, Euroclear, Morgan Stanley and bespoke financial packages. Experience supporting and rolling out the NPfit software suite including RIO and Choose and Book. Certifications Cisco Certified Network Associate CCNA Cisco Certified Network Professional CCNP Cisco Certified Systems Instructor CCSI Microsoft Certified Systems Engineer NT4 Microsoft Certified Systems Trainer MCT Leisure Activities and Pursuits Weightlifting and reading, especially the Eastern Front in WW2. Language Skills Conversational French and German. I can also get by in Spanish and Arabic.