Principle Engineer Network and Security : May 2022 – Current

Senior Network Engineer : May 2016 – May 2022

Vesta Corporation

F5 – LTM, WAF and GTM

• LTM (Local Traffic Manager): Configured virtual servers, pools, nodes, and SSL profiles. Implemented TLS 1.3, refining SSL client profiles to strengthen encryption and maintain compliance.
• WAF (Web Application Firewall): Designed and tuned F5 ASM policies to secure edge application traffic, adjusting rulesets for HTTP parameters, headers, and payloads to minimize false positives. Integrated Splunk for real-time logging and built automated Splunk alerts to enhance visibility into threats and policy performance.
• GTM (Global Traffic Manager): Managed Wide IPs and Pools to dynamically route DNS traffic based on geography, availability, and business logic, providing high availability across global environments.

CLOUDFLARE – DNS, WAF and Continuous Script Monitoring

• DNS: Configured and optimized A, CNAME, and TXT records across multiple zones to enable seamless domain routing, email validation, and service integration.
• Web Application Firewall (WAF): Orchestrated WAF deployment by proxying A and CNAME records, initially leveraging the Cloudflare Managed Ruleset in logging mode to analyze traffic and refine false positives. Designed custom rules to bypass specific policies and ignore known health checks, then transitioned select domains to blocking mode to mitigate malicious traffic.
• Continuous Script Monitoring (Page Shield): Implemented Page Shield to ensure PCI DSS 4.0.1 compliance (controls 6.4.3 and 11.6.1) through continuous script monitoring and integrity checks. Enabled real-time alerting and collaborated with peers to integrate Cloudflare’s API with PowerShell for automated reporting and enhanced visibility across all zones.

VPN – Check Point SASE VPN, Ivanti Connect Secure, Cisco IPSec and Tailscale

• Check Point SASE VPN (Perimeter 81): Deployed and optimized a remote access solution with role-based access controls integrated with Azure Entra ID groups. Configured SAML integration via Azure Identity Provider (IdP) for multi-factor authentication (MFA), enabling split-tunneling for secure SaaS access and enforcing device posture checks for compliance.
• Ivanti Connect Secure (ICS): Designed and managed remote access VPN with SAML integration via Azure IdP for MFA and LDAP for group-based access. Configured multiple VPN profiles to support diverse access needs, implementing split-tunneling for SaaS applications and device posture checks to ensure endpoint security.
• Cisco IPSec: Managed site-to-site IPSec VPN tunnels for Vesta’s partner connectivity, leading migration to IKEv2 tunnels to enhance security. Implemented GRE over IPSec with BGP to ensure reliable connectivity across data centers, offices, and cloud environments.
• Tailscale: Led proof of concept and deployment of a remote access VPN solution, configuring Subnet Routers to proxy traffic and eliminate client installation on infrastructure devices. Set up Tailscale Apps to tunnel traffic to specific FQDNs, enabling secure, whitelisted connectivity.

FIREWALLS – Check Point, Cisco, pfSense and Palo Alto

• Check Point: Configured and optimized firewall rules and NATs daily through Security Management Server (SMS), ensuring network security. Analyzed logs for blocked traffic and applied gateway updates to maintain compliance and enhance protection.
• Cisco: Managed Cisco ASAs to support site-to-site IPSec VPN tunnels with partners, leveraging CLI and ASDM for configuration and troubleshooting. Implemented updates to ensure security.
• pfSense: Assisted with proof of concept for pfSense firewall implementation, configuring firewall rules, SSL certificates, LDAP authentication for management, and remote logging to Splunk to establish secure and scalable setups.
• Palo Alto: Deployed firewall rules and NATs daily via Panorama, streamlining network security operations and ensuring consistent policy enforcement across environments.

CLOUD – Azure and AWS

• Azure: Implemented Enterprise Apps in Entra ID, enabling seamless SAML integration with third-party applications using Azure IdP. Configured VNETs, Peerings, Resource Groups, Subnets, Route Tables, ExpressRoute and Private DNS Zones. Managed redundant ExpressRoute connections between on-premises data centers and Azure. Collaborated with the team to deploy virtual Check Point Gateways, Azure Firewalls and Azure load balancers to build stable and secure cloud environments.
• AWS: Some experience with VPCs, Direct Connect and Route 53. 

PCI – Network Segmentation, Semi-Annual Audits, and Firewall Reviews

• Network Segmentation: Security-focused mindset to ensure proper network segmentation between protected environments to ensure PII and PAN data is secure.
• Semi-Annual PCI Audits: Contributed to PCI audits by engaging in auditor interviews, articulating environment configurations, and providing evidence to demonstrate compliance.
• Firewall Reviews: Led semi-annual firewall reviews, validating rules to align with company policies and maintain effective network segmentation for compliance.

GENERAL NETWORK – Cisco Routers and Switches, Network Uptime and Unifi

• Cisco Routers and Switches: Configured and optimized Cisco routers and switches, ensuring robust network performance and seamless connectivity across enterprise environments.
• Network Uptime: Maintained 24/7 network availability across four data centers, two cloud environments, three offices, and multiple partner connections, leveraging redundant MPLS circuits with BGP, private circuits, site-to-site VPNs, remote access VPNs, and cloud direct connections.
• UniFi: Deployed and managed UniFi Network and Protect software to oversee office wireless and surveillance systems, ensuring secure and reliable operations.

Senior Network Engineer : Dec 2011 – May 2016

Data Intensity, LLC

• Configured VRF networks for managed and hosted customers for their Oracle environments
• Created and managed site-to-site VPN tunnels for managed and hosted customers
• Managed F5 load balancers for internal and DMZ URLs
• Responsible for keeping all corporate and customer SSL certificates up-to-date
• Responsible for all redundant ISP connections to multiple data centers using BGP and OSPF

Network Engineer/Infrastructure Specialist III : Jun 2011 – Nov 2011

Salt Lake Community College

• Supervised Infrastructure Team (network and telecommunications teams)
• Responsible for entire campus WAN, LAN, and WLAN network connectivity
• Maintained SLCC’s 9 campus data and voice networks
• Maintained disaster recovery site
• Configured and installed VPC on Nexus 5020 pair with 4 2148 fabric extenders
• Led hiring process for second Infrastructure Specialist III position
• (same duties as mentioned below in Infrastructure Specialist II position)

Network Engineer/Infrastructure Specialist II : Nov 2006 – Jun 2011

Salt Lake Community College

• Administered both Cisco IPSec and Juniper SSL VPN solutions
• Administered F5 load balancers and Citrix NetScalers
• Administered campus WLAN using Cisco WCS, WiSMs, and CAPWAP
• Managed network monitoring using Nagios, Cacti, and SNMP
• Managed trouble-ticket queue to make sure all issues are getting resolved
• Assisted with SLCC data network core upgrade to Cisco 6500’s and VSS
• Assisted with Cisco UCM, UCCX, and Unity configuration and installation
• Assisted with Cisco UCM administration
• Assisted with IP phone adds, moves, and changes
• Worked with campus facilities to migrate all HVAC devices to networked solution
• Gained experience with punch blocks, tone tracers, and cabling
• Acquired limited experience with VMware and Cisco integration
• Assisted with Conference of Information Technology (CIT) 2008 network setup
• Led hiring process for new Infrastructure Specialist II position multiple times

Cisco Network Consultant : Jun 2006 – Nov 2006

Convergys

• Built and maintained enterprise level virtual private networks (VPN)
• Troubleshot and resolved customers’ secure network issues

IT Help Desk Personnel : Oct 2005 – Jun 2006

Ogden City – #3 Digital City (75,000-124,999 population category)

• Resolved customer computer and technical issues in timely manner
• Maintained city’s end-user computer systems

Assistant Manager : Feb 2002 – Dec 2003

Western Wats Research Center

• Managed research call center
• Coordinated teams of 3-20 employees
• Performed research studies via phone