Complex and redundant remote access designs (56k, ISDN, DSL, cablemodems), Strong authentication servers with token cards, Cisco Secure (NT / UNIX), Livingston and ASCEND RADIUS & TACACS+ servers (UNIX & NT), Security Dynamics ACE servers (UNIX), Axent token servers (NT);

Cisco Network route / Switch DESIGNs (HSRP, OSPF, EIGRP, Fast-ETH, Ether-Channel, FDDI, VLANs, dial-backup);

UnIX server installation, system hardening and administration (LINUX, Solaris, NT, HP-UX); ISC DNS (4.9x & 8.x); ISC DHCP (2.x), Sendmail (8.9.x); Implimentation, & Troubleshooting of TCP/IP (IPv4, IPv6, MulTicast), IPX/SPX, AppleTalk protocols; PPP, ML/PPP, MC/PPP, UNIX Shell / expect / C programming;

WWW SERVERS (IIS, Apache) & html creation, Stateful and Packet based firewalls, IPSEC VPNs, Samba / NFS servers, NETWORK MANAGEMENT;

Designed, implemented, and rolled out Kaiser's national remote access service. This large service consisted of (18) Cisco AS5300s with a total of (44) ISDN PRIs, redundant Security Dynamics ACE servers (Solaris), and quadruple redundant CiscoSecure servers (NT v4.x). Each POP site provided both 56K and 128k ISDN access as well as VPDN tunnels for transport of legacy network traffic over a IP-only infrastructure. In addition, each POP typically would use different routing protocols be it RIP, EIGRP, and OSPF. This project also required the direct communication and coordination of over (5) different ISDN carriers and the inherent problems there in. A parallel project used the above ACE servers with separate quadruple redundant CiscoSecure servers for TACACS+ to authenticate router users and authorize their individual router commands. All systems were fully documented for both RAS endusers and Kaiser engineering staff.

Designed and implemented a high speed ATM over ADSL remote access pilot for telecommuting Kaiser doctors. Hardware used was Cisco PIX firewalls, Cisco 7200 routers, and Alcatel ADSL modems. Performance requirements were 1.54Mb down / 384Kb up client ADSL connectivity backhauled to a centralized DS-3 ATM connection. Session security was implemented with a combination of Cisco PIX firewalls with fully redundant SecurID authentication servers running on Sun UltraSparc UNIX servers. Full interviews were conducted with all respective pilot users to determine what protocols, performance, and service levels were required.

I came in to CellularONE to help bail out CellularONE due to a poor RAS connectivity and accounting solution from a different consulting firm. Under extreme political and technical pressure, I completed the implementation of redundant CiscoSecure for Solaris authentication servers and both recommended and wrote the migration strategy for RAS authentication from the TACACS to RADIUS protocol. During this project, CellularONE's email server was attacked by a malicious email spammer. Working diligently with only one other CellularONE UNIX administrator, we built, secured, and migrated all email proxy and anti-spam services from dual Sun Sparc Classics to Sun Ultra5 workstations. I also coordinated the tracking of the spammer through the communications of other misconfigured email relay hosts, ISPs, and other NSP Internet backbone providers.

Took over complete administration and management responsibilities of Visa International’s global remote access and telecommuter solutions. Their RAS systems included analog connectivity via Microsoft NT RAS, DCA RLN RAS and ISDN connectivity via Shiva AccessSwitches. Both the analog and ISDN solutions authenticated against an enterprise Axent Defender DSS and Defender5000 token card systems. Additional RAS projects included the design, configuration, deployment of multi-user ATM-attached ADSL and Frame Relay telecommuter pilots and the configuration, testing, and documentation of a CheckPoint Firewall-1 SecuRemote VPN. Other tasks included project management of Pacific Bell Network Integrator (PBNI) ISDN deployment engineers and Year2000 RAS compliance certification.

Redesigned, implemented, and tested RSCO’s redundant Internet connection utilizing Cisco HSRP, point-to-point T1 and ISDN backup links. Other tasks included router deployment for IP and X.25 services, Catalyst 2828 switch deployment, support of an enterprise Microsoft Windows NT PDC/BDC domain model and support of an extensive Cisco Catalyst 5000 VLAN architecture with over 20 different VLANs.

Working with senior FHLB LAN designers, I audited their existing routed LAN infrastructure and developed a redundant central switched architecture with edge routers. After completion of the LAN design, we interviewed vendors such as Cisco and 3Com to evaluate their specific products that would meet our design criteria. The final design included over (8) VLANs with a pair of Cisco Catalyst 5500 switches with RSM blades running HSRP. In addition to the LAN switch/router design, I submitted a Remote Access Service design recommendation specifying 56Kb/s modem technology with Security Dynamic’s SecurID token authentication.

Encanto was about to roll out a nation-wide analog dial-on-demand WWW computer appliance product without considering various network usability, scalability, and performance issues. I evaluated their existing network designs and made immediate recommendations on how to make initial and long term design changes to provide better service for their customers in a scalable fashion while keeping costs low.

Upgraded a Sun UltraSparc1-167 from Solaris v2.5 to Solaris v2.6 and

secured the machine from various types of security / DoS attacks. Then, the server was loaded with GCC to compile Livingston Radius for centralized authentication of Shiva AccessSwitches and Cisco routers for centralized authentication and accounting. In addition, I built, initialized, and hardened the installation of Microsoft Windows NT v4.0 Server. This server was an ALR 200Mhz Quad CPU Pentium Pro server with a three disk RAID5 sub-system with an additional disk for hot spare recovery. With the server patched, tested and burned in and both DHCP and DNS server functionality was installed, configured, and tested.

Determined HMSA’s present and future application requirements for

remote access and both designed and deployed a multi-T1 RAS system.

This service supported 56Kb/s K56Flex modems, 64/128 Kb/s ISDN connections, and future support for VPNs via a pair of Shiva AccessSwitches and CheckPoint’s Firewall-1 product. Token security was implemented with a set of redundant Axent Defender token authentication servers with RADIUS authentication/authorization/accounting (AAA) servers running on a hardened version of Microsoft Windows NT v4.x. To complete the project, the RAS servers, authentication servers, and all support procedures were fully documented for HMSA staff.

Evaluated, designed, and implemented a multinode Remote Access system for Kaiser using the Shiva AccessSwitch product. System requirements were 33.6 / 56K analog modem and 2-B ISDN support over channelized T1 and PRI WAN connections. The system was also to use fully redundant SecurID authentication running on Sun UltraSparc UNIX workstations. I evaluated client & server products from vendors such as Ascend, Cisco, IBM, FlowPoint, Gandalf, Shiva, and US Robotics. As part of the implementation, I also built and configured, and secured both redundant Sun UltraSparc UNIX workstations. I wrote all installation documentation for endusers, brought up an NT v4.x server for DHCP addressing, Subnet Master browsing, and a Microsoft IIS v3 Intranet WWW server for end-user support documentation, SecurID clients, and various drivers. To proactively manage the RAS servers, I created custom script files to parse Shiva SYSLOG files and e-mail the administrators for all failed authentications and any other critical issues on a per-day basis. Other tasks included support of both Ethernet and TokenRing Cisco routers and Catalyst switches.

Aided an existing INS team at Cisco to tune an analog modem and ISDN T/A

testbed used to stress test Cisco’s new AccessStack product. This testbed consisted of several Linux (UNIX) servers with several high density serial cards connected to hundreds of USR Courier modems and Zyxel Omni128 ISDN T/As to simultaneously dial into the AccessStack, initiate PPP sessions, and create random amounts and types of data traffic. The Linux servers used Cyclades serial cards and Spellcaster PRI cards with a combination of Tcl, expect, and shell scripts to create the stress testing application suite.

Designed, implemented, and turned up E*trade’s brand new redundant Data center in Rancho Cordova. I coordinated, configured, and trouble shot roughly (8) Point-to-point DS1s, (2) Point-to-Point DS3, and several Switched 56K links all running different routing protocols to several different endpoints including other E*trade Data Centers, peering with other ISPs such as BBB and Spinet, and on-line providers such as CompuServe. I also wired, configured, and brought up (12) Cisco Catalyst 5000 switches with multiple VLANs, (8) Cisco 7513 routers running HSRP, (1) Digital FDDI GigiSwitch, and several Microsoft NT v4.x servers.

Designed and implemented the ISDN dial-in network (Gandalf Xpressway11 w/ BRI and PRI) access services for CSUC’s students, faculty, and staff. Initiated, designed, and developed the experimental 10Mb/s bi-directional cablemodem network (LanCity) for the greater Chico area. Helped in the design and implementation of a 512Kb/s spread spectrum (2.1Ghz CyLink) wireless LAN for the Chico Municipal Airport. Helped maintain and support (3) Telebit Netblazer STs, (2) Shiva LANRovers, and (1) Livingston PortMaster multi-protocol terminal servers using both Telebit and USR Courier modems. Helped with the deployment of a dozen Cisco (2501 and 4000) routers connected via Frame Relay as a jump point for ISDN connectivity (Gandalf XpressStack) to local K-12 school districts. Installed and maintained Cabletron Spectrum network management software running on a Silicon Graphics Indigo II.

Built and maintained the Economic Department’s Linux (UNIX) server [rocko.csuchico.edu] for students and faculty. Services included HTTP, E-mail (SMTP), news (NNTP), FTP, and NFS. I also maintained the Economic Department’s Novell 3.11 file / print server for the student computer labs. This Novell server remotely booted 30 computers and provided printer services for over 80 machines.

Maintained and supported several hundred productional computers including IBM PC, Macintosh, RS/6000, and VAX mini computers. Support responsibilities ranged from basic tech support and network connectivity issues to network topology design.

A fully licensed business in Chico that built IBM PC clones and provided both computer tutoring and business consulting. Since it’s inception, Trinity Designs has built over 100 PC clones, consulted with over 200 clients, and has consulted on the design of several medium sized LANs for local Chico businesses.

BS, Computer Engineering, California State University, Chico

Attended and completed training classes in: