Mark Le Vea

Enterprise Systems & Security Architect

Mark R. Le Vea

PO Box 68, Upperville, Va. 20185-0068

email :


Skills Summary
• Architect, Design & Build Secure, Fault Tolerant UNIX & TCP/IP based systems – 8 years
• Design & Build of two-tiered ultra-secure firewall systems with Intrusion Detection – 8 years
• Proactive security assessments: penetration tests, risk management, business continuity, disaster recovery, threat models – 8 years
• Intrusion detection – 7 years
• Data Encryption, VPN, IP Networking - 12 years
• Hands-on UNIX sys admin – 17 years
• DNS admin - 12 years
• NIS (yp) & NIS+ -- 12 years
• NFS – 12 years – installed hundreds of NFS servers
• sendmail configurations
• set up wuFTP, nntp, Netscape & Apache Web servers, proxy servers, ldap servers
• set up authenticated logins using CryptoCards & SecurID
• Network Monitoring - 7 years using Sun NetManager, RMON, snoop, sniffers, snort
• installed & configured TIS Gauntlet 4.x - application proxy firewall
• installed & configured Sun SPF-100 - packet filter firewall (stateful)
• installed & configured CheckPoint Firewall I & Cisco PIX
• BGP, RIP & OSPF routing protocols – 12 years
• PSN, X.25 – 6 years
• PKI - 4 years
• E-Commerce - 3 years
• Lead person for up to four people

DoD Secret - Aug 1989 – Aug 1998 (inactive)
IRS MBI - Oct 1999
Treasury SBI – July 2002 - National Security Questionnaire SF-86

August 2003 to October 2003– Enterprise Systems and Security Architect / Engineer
American Red Cross – Large humanitarian organization with multiple chapters

Enterprise Systems and Security Architect / Engineer: Recruited to provide a system and security assessment for Red Cross enterprise applications and headquarters architecture. Reviewed multiple J2EE based applications to include PeopleSoft, WebLogic, Java Messaging System and the national infrastructure that binds the organization together. Found numerous issues and made recommendations to bring the Red Cross more in line with current security practices. Changes to their enterprise IT architecture include mutli-layered firewall system for Internet and Intranet application support, firewalling off their 802.11 wireless access point and a much more stronger means of authentication for those with access to critical data. The recommended authentication system and method will also allow the Red Cross to leverage the use of digital signatures in future business practices saving time and money. Environment: J2EE, Unix, Oracle, LDAP.

Security evaluation finished, original contract fulfilled.

July 2002 to May 2003– Enterprise Systems and Security Architect / Engineer
U.S. Dept. of Treasury – Large (200K users) PeopleSoft installation with teething problems

Enterprise Systems and Security Architect / Engineer: Recruited to provide system and security architecture and integration services to the Department of the Treasury for their Human Resources automation initiative on PeopleSoft. Assessed security and made extensive changes to the original design. Designed and implemented Two-Tiered firewall systems at our development and production sites to protect data critical to National Security. System also eliminates “air gap” in original design and securely transfers files between agencies using VPNs and XML signed documents. Analyzed and reported major performance problems within the Treasury network including LDAP servers. Made recommendations to fix Treasury-wide network problems. Organized and lead team to evaluate and eliminate LDAP performance issues. Challenged group’s expected traffic assumptions and caused a re-evaluation saving $1.5M in hardware purchase. Concluded engineering & budgetary analysis for Technical Refresh of the production site in Detroit, Disaster Recovery site at Martinsburg, the Development site in DC along with storage, security and network upgrades. Environment: J2EE, Unix, Oracle, LDAP, high security.

Position eliminated due to Treasury divestiture and project moving into maintenance mode.

January 2002 to April 2002 - Enterprise Systems and Security Architect
InfoZen, Washington, DC - Systems Integration service provider of high traffic Websites employing sophisticated databases, authentication and secure transactions.

Recruited to provide system and security architecture services to the General Services Administration for the upgrade of the information portal. Assessed current infrastructure, designed and supervised the build-out of a new development laboratory. Architecture design work included new multi-location data centers, security architecture, network, firewalls and core Java architecture. Additional enhancements included VPNs, data storage and backup, content management, customer relationship management, disaster recovery, continuity of operations, risk assessment, authentication and encryption, monitoring and audit capabilities, intrusion detection, access controls, data and system integrity.

Vacated position due to funding shortfall.

January 2001 to December 2001 – Senior Systems Architect/Engineer
K12, Inc., McLean, VA - Provider of Internet based world-class curriculum and instructional tools for home-schooled children at the kindergarten through 12th grade levels.

Hired to design and build production & office networks and to install all UNIX servers for Internet start-up. Installed a production LAN comprised of a two-tiered redundant firewall system and UNIX servers to support K12’s On-Line Schooling System. Office LAN included multiple VPNs for access to Financial ASPs and access from the office to the production site. Designed two-tiered fully redundant firewall and network system to isolate critical corporate databases and applications from interactive Internet applications. Implemented a "honey pot" to draw in hackers to log their activities. Established a dedicated and centralized Syslog log server. Jump-started UNIX servers with Solaris 8 and hardened all servers against intrusion.
o Design had no single point of failure.
o Successfully met all deadlines, completing projects 1.5 months ahead of testing schedule.
o Resolved all launch issues within 30 days.

Vacated position due to downsizing.

May 2000 to November 2000 – Senior Systems Engineer
UUNet Technologies, Ashburn, VA - World’s largest Internet service provider, currently WorldCom.

Recruited on a consulting basis to design a development laboratory and test & integration laboratory in support of an existing Production LAN while keeping Production online during its migration to a new data center. Prepared logistics for the new data center migration. Procured and deployed new Cisco Core Routers and switches. Advised Architecture Group on consolidation of duplicate projects by forming cross-departmental teams. Proposed Research Lab to test and evaluate emerging technologies and thus maintain competitive edge. Assisted application development groups in debugging complex multi-tiered Web based applications.
o Successfully migrated and relocated 200 servers.
o Built Development & Test Integration laboratory.

Vacated position due to reduction in staff.

February 2000 to May 2000 – Senior Systems Engineer
Freddie Mac, Reston, VA - Congressional-chartered mortgage lender

Recruited as a consultant to debug a newly completed firewall system. Offered alternative methods of dealing with the security administration overload from Tripwire. Installed prototype firewall system for future project testing. Consolidated Web Trends servers and set up Rsync through SSH and Perl scripts to bounce Web servers and create a new log and strip image data from logs prior to processing. Isolated and corrected a performance issue with the T-1 service from UUNet.
o Integrated firewall system and Freddie routers to increase reliability and simplify problem diagnosis.
o Diagnosed improperly configured Sun server and made recommendations to drastically improve performance.

Left when contract was completed successfully and on time.

October 1999 to January 2000 – Senior Systems Engineer
IRS Martinsburg Computing Center, Martinsburg, WV - Computer and technology arm for the Internal Revenue Service.

Recruited on a contractual basis to provide Y2K transition support. Led research and testing of Intrusion Detection Systems for IRS at the Martinsburg Center. Instrumental in developing policies and implementation procedures for Intrusion Detection suite of programs. Established and administered Sun E-10000.

Left when contract was completed successfully and on time.

September 1998 to October 1999 - Senior Systems Engineering Architect
Bell Atlantic Internet Center, Alexandria, VA - Internet center supporting Bell Atlantic, currently Verizon.

Recruited to design and build two 100+ SUN server farms for the Bell Atlantic Internet Center software development testing initiative in support of internal and external Web, EDI and e-Commerce requirements. Design included layouts of Development, Unit testing, and Pre-production test environments. Designed floor layouts and host in rack placement diagrams, calculated electrical, UPS & cooling loads and supplied LAN wiring requirements. Debugged and maintained existing production servers and networking equipment, performed software configuration and advised software development. Jumpstarted all UNIX servers. Set up firewalls.
o Successfully deployed $20 million project.

Left when contract was completed on time.

April 1998 to August 1998 – Senior Systems Engineer/Architect
NASA Headquarters, Washington, DC

Contracted to advise the CIO of NASA Earth Sciences Enterprise. Prototyped a Web based tool summarizing NASA expenditures for grants, contracts and cooperative agreements to be used in the Congressional lobbying process. Merged data and designed new front end to facilitate use. Installed and debugged TotalNet server on SUN E-3000. Installed and configured PGP public key server. Instrumental role in implementing Boeing Information Base.

Left when contract was completed.

October 1994 to April 1998 – Senior Systems Engineer/Architect
S.A.I.C. Inc., Center for Monitoring Research, Arlington, VA - Government contractor.

Recruited for contract to design, install and maintain new heterogeneous multi-protocol LAN. Consulted in the purchase of a 6-terabyte Mass Storage System and RAID disk storage systems. Installed and maintained two mass storage systems and a Veritas controlled Sparc Storage Array disk farm. Designed and implemented an automated installation method for new workstations. Redesigned entire network to incorporate an Internet firewall system. Firewall system consisted of Application Gateway (TIS Gauntlet) and Packet Filter (Sun SPF-100). Performance tuned entire LAN while managing two junior UNIX administrators and personally administering a 170 node Sun Microsystems/Macintosh LAN during a budget crisis. Maintained Internet node, network hardware, LAN operations, performed penetration tests and initiated Intrusion Detection research.

Contract completed successfully and on time.

August 1989 to October 1994 - Site Manager/Senior Computer Systems Engineer
Andrulis Research Corporation, Bethesda, MD - US Army Artificial Intelligence Center (AIC), Pentagon.

Recruited for contract to provide future designs and directions of operations. Coordinated multiple software and database development groups in integration efforts. Advised and assisted task groups with the Secretary of the Army, Deputy Under Secretary of the Army for Operations Research (ODUSA-OR), Information Management Center (IMCEN), Information Systems Command Pentagon and NATO on Open Systems and other current Computing and Communications technologies. Managed networks with SunNet Manager, Optivity and NetMetrix.
Reviewed Security Accreditation and updated Continuity of Operations Plan. Prepared engineering drawings. Oversaw the maintenance of all Sun Microsystems, Macintosh, DEC RISC and Alpha, HP-Apollo, Next and served as UNIX system administrator. Provided anticipated requirements for hardware and software needs based on cost/benefit analysis. Supervised four engineers.

Left when contract was successfully completed.

March 1989 to August 1989 – Independent Consultant
Paris Consultants, Paris, VA - Independent consulting firm.

Began consultancy in response to regional demand for Mechanical and IT consulting services. Provided support to the Airlie Foundation and Irish Air Group, Inc. on Mechanical Engineering and Design of aircraft and computer applications.

Completed contract successfully and on time.

March 1985 to March 1989 - Quality Assurance Manager/Applications Engineer
Xerox Corporation, Leesburg, VA - CAD development group.

Hired based on referral. Responsible for the Quality Assurance of all software, system hardware, and peripherals. Improved interdepartmental integration and departmental operations. Coordinated marketing, sales, software engineering and customer support decisions. Created Customer Service and Support Department. As UNIX system Administrator, coded the Bourne, C and CIM shells. Designed and wrote software and configured hardware for customer s. Automated CAD unit installations, wrote parametric drawing software, debugged systems, and improved ergonomics. Provided training to software application and hardware field engineers and implemented engineering computer simulators.

Vacated position in the midst of extended product release cycles.

January 1981 to September 1984 – Designer
Eastman Kodak, Rochester, NY - Major film and photographic equipment manufacturer.

Recruited from college to design complicated injection molding mold bases and cavities on Intergraph IGDS CAD system that interfaced with robotics equipment. Wrote parametric and intelligent mold base drawing, file manipulation and ergonomic improvement programs. Developed and taught "Advanced User Training" course for Intergraph system. Gained exposure to computer controlled machine tools, robots and computer simulators.

Education – AS Mechanical Engineering 1980 3.8 (out of 4.0) G.P.A. Niagara College, Sanborn, NY


DoD Secret - Aug 1989 – Aug 1998 (inactive)
IRS MBI - Oct 1999
Treasury SBI – July 2002 - National Security Questionnaire SF-86

Technical Expertise

Hardware: Sun Microsystems, Macintosh, Cimlinc Inc., DEC, Xerox, IBM, Mass Storage Systems, Cisco and other manufacturers’ firewalls and routers, RF modems, FDDI concentrators, Alantec PowerHub, PSNs.

Operating Systems: UNIX; Solaris 2.X, SunOS 4.X, BSDI, AIX, A/UX, Ultrix, HP/UX, Mach, Mac OS, OSX and Linux.



by Shelley Reid Lute ~ WebEssentials~

Copyright © 1998-2001 ~ revised November 28, 2000