UNIX
|
Enterprise
Systems & Security Architect
|
Cisco
|
|
Mark R. Le Vea
PO Box 68, Upperville, Va. 20185-0068
1.540.592.3210
email :
mlevea@nova.org
|
|
|
Skills Summary
Architect, Design & Build Secure, Fault Tolerant UNIX
& TCP/IP based systems 8 years
Design & Build of two-tiered ultra-secure firewall systems
with Intrusion Detection 8 years
Proactive security assessments: penetration tests, risk management,
business continuity, disaster recovery, threat models 8 years
Intrusion detection 7 years
Data Encryption, VPN, IP Networking - 12 years
Hands-on UNIX sys admin 17 years
DNS admin - 12 years
NIS (yp) & NIS+ -- 12 years
NFS 12 years installed hundreds of NFS servers
sendmail configurations
set up wuFTP, nntp, Netscape & Apache Web servers, proxy
servers, ldap servers
set up authenticated logins using CryptoCards & SecurID
Network Monitoring - 7 years using Sun NetManager, RMON, snoop,
sniffers, snort
installed & configured TIS Gauntlet 4.x - application proxy
firewall
installed & configured Sun SPF-100 - packet filter firewall
(stateful)
installed & configured CheckPoint Firewall I & Cisco
PIX
BGP, RIP & OSPF routing protocols 12 years
PSN, X.25 6 years
PKI - 4 years
E-Commerce - 3 years
Lead person for up to four people
Clearances:
DoD Secret - Aug 1989 Aug 1998 (inactive)
IRS MBI - Oct 1999
Treasury SBI July 2002 - National Security Questionnaire SF-86
August 2003 to October 2003 Enterprise Systems and Security
Architect / Engineer
American Red Cross Large humanitarian organization with multiple
chapters
Enterprise Systems and Security Architect / Engineer: Recruited
to provide a system and security assessment for Red Cross enterprise
applications and headquarters architecture. Reviewed multiple J2EE
based applications to include PeopleSoft, WebLogic, Java Messaging
System and the national infrastructure that binds the organization
together. Found numerous issues and made recommendations to bring
the Red Cross more in line with current security practices. Changes
to their enterprise IT architecture include mutli-layered firewall
system for Internet and Intranet application support, firewalling
off their 802.11 wireless access point and a much more stronger means
of authentication for those with access to critical data. The recommended
authentication system and method will also allow the Red Cross to
leverage the use of digital signatures in future business practices
saving time and money. Environment: J2EE, Unix, Oracle, LDAP.
Security evaluation finished, original contract fulfilled.
July 2002 to May 2003 Enterprise Systems and Security Architect
/ Engineer
U.S. Dept. of Treasury Large (200K users) PeopleSoft installation
with teething problems
Enterprise Systems and Security Architect / Engineer: Recruited to
provide system and security architecture and integration services
to the Department of the Treasury for their Human Resources automation
initiative on PeopleSoft. Assessed security and made extensive changes
to the original design. Designed and implemented Two-Tiered firewall
systems at our development and production sites to protect data critical
to National Security. System also eliminates air gap in
original design and securely transfers files between agencies using
VPNs and XML signed documents. Analyzed and reported major performance
problems within the Treasury network including LDAP servers. Made
recommendations to fix Treasury-wide network problems. Organized and
lead team to evaluate and eliminate LDAP performance issues. Challenged
groups expected traffic assumptions and caused a re-evaluation
saving $1.5M in hardware purchase. Concluded engineering & budgetary
analysis for Technical Refresh of the production site in Detroit,
Disaster Recovery site at Martinsburg, the Development site in DC
along with storage, security and network upgrades. Environment: J2EE,
Unix, Oracle, LDAP, high security.
Position eliminated due to Treasury divestiture and project moving
into maintenance mode.
January
2002 to April 2002 - Enterprise Systems and Security Architect
InfoZen, Washington, DC - Systems Integration service provider of
high traffic Websites employing sophisticated databases, authentication
and secure transactions.
Recruited to provide system and security architecture services
to the General Services Administration for the upgrade of the FirstGov.gov
information portal. Assessed current infrastructure, designed and
supervised the build-out of a new development laboratory. Architecture
design work included new multi-location data centers, security architecture,
network, firewalls and core Java architecture. Additional enhancements
included VPNs, data storage and backup, content management, customer
relationship management, disaster recovery, continuity of operations,
risk assessment, authentication and encryption, monitoring and audit
capabilities, intrusion detection, access controls, data and system
integrity.
Vacated position due to funding shortfall.
January 2001 to December 2001 Senior Systems Architect/Engineer
K12, Inc., McLean, VA - Provider of Internet based world-class curriculum
and instructional tools for home-schooled children at the kindergarten
through 12th grade levels.
Hired to design and build production & office networks and
to install all UNIX servers for Internet start-up. Installed a production
LAN comprised of a two-tiered redundant firewall system and UNIX servers
to support K12s On-Line Schooling System. Office LAN included
multiple VPNs for access to Financial ASPs and access from the office
to the production site. Designed two-tiered fully redundant firewall
and network system to isolate critical corporate databases and applications
from interactive Internet applications. Implemented a "honey
pot" to draw in hackers to log their activities. Established
a dedicated and centralized Syslog log server. Jump-started UNIX servers
with Solaris 8 and hardened all servers against intrusion.
o Design had no single point of failure.
o Successfully met all deadlines, completing projects 1.5 months ahead
of testing schedule.
o Resolved all launch issues within 30 days.
Vacated position due to downsizing.
May 2000 to November 2000 Senior Systems Engineer
UUNet Technologies, Ashburn, VA - Worlds largest Internet service
provider, currently WorldCom.
Recruited on a consulting basis to design a development laboratory
and test & integration laboratory in support of an existing
Production LAN while keeping Production online during its migration
to a new data center. Prepared logistics for the new data center migration.
Procured and deployed new Cisco Core Routers and switches. Advised
Architecture Group on consolidation of duplicate projects by forming
cross-departmental teams. Proposed Research Lab to test and evaluate
emerging technologies and thus maintain competitive edge. Assisted
application development groups in debugging complex multi-tiered Web
based applications.
o Successfully migrated and relocated 200 servers.
o Built Development & Test Integration laboratory.
Vacated position due to reduction in staff.
February 2000 to May 2000 Senior Systems Engineer
Freddie Mac, Reston, VA - Congressional-chartered mortgage lender
Recruited as a consultant to debug a newly completed firewall
system. Offered alternative methods of dealing with the security administration
overload from Tripwire. Installed prototype firewall system for future
project testing. Consolidated Web Trends servers and set up Rsync
through SSH and Perl scripts to bounce Web servers and create a new
log and strip image data from logs prior to processing. Isolated and
corrected a performance issue with the T-1 service from UUNet.
o Integrated firewall system and Freddie routers to increase reliability
and simplify problem diagnosis.
o Diagnosed improperly configured Sun server and made recommendations
to drastically improve performance.
Left when contract was completed successfully and on time.
October 1999 to January 2000 Senior Systems Engineer
IRS Martinsburg Computing Center, Martinsburg, WV - Computer and technology
arm for the Internal Revenue Service.
Recruited on a contractual basis to provide Y2K transition support.
Led research and testing of Intrusion Detection Systems for IRS at
the Martinsburg Center. Instrumental in developing policies and implementation
procedures for Intrusion Detection suite of programs. Established
and administered Sun E-10000.
Left when contract was completed successfully and on time.
September 1998 to October 1999 - Senior Systems Engineering Architect
Bell Atlantic Internet Center, Alexandria, VA - Internet center supporting
Bell Atlantic, currently Verizon.
Recruited to design and build two 100+ SUN server farms for the
Bell Atlantic Internet Center software development testing initiative
in support of internal and external Web, EDI and e-Commerce requirements.
Design included layouts of Development, Unit testing, and Pre-production
test environments. Designed floor layouts and host in rack placement
diagrams, calculated electrical, UPS & cooling loads and supplied
LAN wiring requirements. Debugged and maintained existing production
servers and networking equipment, performed software configuration
and advised software development. Jumpstarted all UNIX servers. Set
up firewalls.
o Successfully deployed $20 million project.
Left when contract was completed on time.
April 1998 to August 1998 Senior Systems Engineer/Architect
NASA Headquarters, Washington, DC
Contracted to advise the CIO of NASA Earth Sciences Enterprise.
Prototyped a Web based tool summarizing NASA expenditures for grants,
contracts and cooperative agreements to be used in the Congressional
lobbying process. Merged data and designed new front end to facilitate
use. Installed and debugged TotalNet server on SUN E-3000. Installed
and configured PGP public key server. Instrumental role in implementing
Boeing Information Base.
Left when contract was completed.
October 1994 to April 1998 Senior Systems Engineer/Architect
S.A.I.C. Inc., Center for Monitoring Research, Arlington, VA - Government
contractor.
Recruited for contract to design, install and maintain new heterogeneous
multi-protocol LAN. Consulted in the purchase of a 6-terabyte Mass
Storage System and RAID disk storage systems. Installed and maintained
two mass storage systems and a Veritas controlled Sparc Storage Array
disk farm. Designed and implemented an automated installation method
for new workstations. Redesigned entire network to incorporate an
Internet firewall system. Firewall system consisted of Application
Gateway (TIS Gauntlet) and Packet Filter (Sun SPF-100). Performance
tuned entire LAN while managing two junior UNIX administrators and
personally administering a 170 node Sun Microsystems/Macintosh LAN
during a budget crisis. Maintained Internet node, network hardware,
LAN operations, performed penetration tests and initiated Intrusion
Detection research.
Contract completed successfully and on time.
August 1989 to October 1994 - Site Manager/Senior Computer Systems
Engineer
Andrulis Research Corporation, Bethesda, MD - US Army Artificial Intelligence
Center (AIC), Pentagon.
Recruited for contract to provide future designs and directions
of operations. Coordinated multiple software and database development
groups in integration efforts. Advised and assisted task groups with
the Secretary of the Army, Deputy Under Secretary of the Army for
Operations Research (ODUSA-OR), Information Management Center (IMCEN),
Information Systems Command Pentagon and NATO on Open Systems and
other current Computing and Communications technologies. Managed networks
with SunNet Manager, Optivity and NetMetrix. Reviewed Security
Accreditation and updated Continuity of Operations Plan. Prepared
engineering drawings. Oversaw the maintenance of all Sun Microsystems,
Macintosh, DEC RISC and Alpha, HP-Apollo, Next and served as UNIX
system administrator. Provided anticipated requirements for hardware
and software needs based on cost/benefit analysis. Supervised four
engineers.
Left when contract was successfully completed.
March 1989 to August 1989 Independent Consultant
Paris Consultants, Paris, VA - Independent consulting firm.
Began consultancy in response to regional demand for Mechanical and
IT consulting services. Provided support to the Airlie Foundation
and Irish Air Group, Inc. on Mechanical Engineering and Design of
aircraft and computer applications.
Completed contract successfully and on time.
March 1985 to March 1989 - Quality Assurance Manager/Applications
Engineer
Xerox Corporation, Leesburg, VA - CAD development group.
Hired based on referral. Responsible for the Quality Assurance of
all software, system hardware, and peripherals. Improved interdepartmental
integration and departmental operations. Coordinated marketing, sales,
software engineering and customer support decisions. Created Customer
Service and Support Department. As UNIX system Administrator, coded
the Bourne, C and CIM shells. Designed and wrote software and configured
hardware for customer s. Automated CAD unit installations, wrote
parametric drawing software, debugged systems, and improved ergonomics.
Provided training to software application and hardware field engineers
and implemented engineering computer simulators.
Vacated position in the midst of extended product release cycles.
January 1981 to September 1984 Designer
Eastman Kodak, Rochester, NY - Major film and photographic equipment
manufacturer.
Recruited from college to design complicated injection molding mold
bases and cavities on Intergraph IGDS CAD system that interfaced with
robotics equipment. Wrote parametric and intelligent mold base drawing,
file manipulation and ergonomic improvement programs. Developed and
taught "Advanced User Training" course for Intergraph system.
Gained exposure to computer controlled machine tools, robots and computer
simulators.
Education AS Mechanical Engineering 1980 3.8 (out of
4.0) G.P.A. Niagara College, Sanborn, NY
Clearances
DoD Secret - Aug 1989 Aug 1998 (inactive)
IRS MBI - Oct 1999
Treasury SBI July 2002 - National Security Questionnaire SF-86
Technical Expertise
Hardware: Sun Microsystems, Macintosh, Cimlinc Inc., DEC, Xerox, IBM,
Mass Storage Systems, Cisco and other manufacturers firewalls
and routers, RF modems, FDDI concentrators, Alantec PowerHub, PSNs.
Operating Systems: UNIX; Solaris 2.X, SunOS 4.X, BSDI, AIX, A/UX,
Ultrix, HP/UX, Mach, Mac OS, OSX and Linux.
|