Todd M. Kover

36051 Birch Hollow Lane
Purcellville, VA 20132
+1-540-668-7602
todd@kover.com
https://www.omniscient.com/~kovert/

Summary
System and Network Architect, Leader and occasional manager with over twenty five years of experience designing and implementing (programming) software to automatically manage large, heterogeneous, enterprise environments of mixed network devices and unix-derived/windows/mac computer systems.
Relevant Skills and Experiences
Programming C/C++, Perl, Shell, SQL (PL/SQL), Python, Javascript/Ajax, Java, Tcl/Tk, Various Assemblies
OS "Unix": BSD (Net, Free, Open), Linux (Redhat, Debian, CentOS, others), Mac OS/X, Solaris, AIX, Cisco IOS, JunOS, Arista EOS, ScreenOS, Foundry IronWare, Windows 3.11-10, numerous legacy unix variants, Virtual Machines using Xen, KVM, Parallels and VMWare and bhyve
Networking IPSec, ACLs, policy-based routing, IPv4/IPv6, 802.1x, 802.1q vlans, BGP, PPPoE/PPP, OSPF, SMTP/Mail, WWW/HTTP/HTTPS/Certificate Authority, Wi-Fi (802.11abg, 802.1x, WEP), DNS, NFS, NTP, POP, IMAP, Radius, VoIP (H.323, SIP, MGCP, SCCP, RTP) TACACS, bootp, tftp, dhcp, jumpstart, rsync, other standard unix services
Database Postgresql, Oracle, MySQL, Sybase, MS SQL Server, perl DBI/DBD, ODBC, Erwin, QDesigner, E-R Diagram Generation, Data Schema Mangement/Migrations
Security and Compliance
Kerberos v5, SSH, SSL/x509 Certificates, ACME/letsencrypt, OAuth/Oauth2, Firewalls, s/key, PGP, logging/log analysis, raw packet analysis, security/compliance audits (SOX, PCI, Financial, GDPR)
Misc kubernetes, puppet, graphite, TCP/UDP programming, Network protocol design, Technical training/mentoring, HA System Architecture, Netcool, OpenView, Git/SVN/RCS/CVS/Mercurial/Montone, Unicode/UTF-8/16/32
Work Experience
AppNexus/Xandr, acquired by Microsoft Advertising (once part of AT&T/WarnerMedia)
Principal Systems Architect, Technology Delivery Platform
Senior Manager, DevOps & Core Systems Infrastructure
2010 - Present
Teleworker

This needs to be filled in. It will be great and talk a lot about how I worked on low level infrastuructre to make the network and servers work in datacenters and private/public cloud around the world. Watch this space.

Vonage Network
Senior Manager, Systems Architecture
Senior Systems Architect/Individual Contributor
2005 - 2010
Teleworker

Senior Manager of, and technical member for system architecture group made up of jack-of-all-trade senior individual contributors for a premiere VoIP telephone provider. Focused on scalable network and server platform, extensive automation, internet services (mail, dns, ntp, etc). Responsible for end-to-end design, server deployment policies and general unix expertise.

  • Architect, designer, and developer for internal centralized account management and systems automation system based in Oracle, SystemDB (open sourced as JazzHands):
    • Feeds account authorization / authentication information to bi-directional targets, including Customer Care applications, Active Directory/Microsoft LDAP, Ticketing systems (RT), MIT Kerberos, Unix/Linux native authorization, TACACS, RADIUS, Alladin token/VPN and Oracle HRIS systems.
    • Captures all system/network device information for cataloging and tracing system and network and circuit infrastructure (layer1/2/3 connections), for use in OpenNMS, Netcool, MRTG, monitoring/alerting for the Network Operations Center (NOC).
    • Captures remote power control, console, and rack elevations (physical location) for 10000+ devices (servers, switches, routers, voice gateways, etc).
    • Prior to implementation all accounts were managed disparately and there was no auditing, accountability or automation for accounts. Afterwards all servers, network devices, physical badge access and most web-based servers were managed centrally and tied to an employee's HR record.
  • Designed/Implemented Web front end to SystemDB ("STAB") in perl/mod_perl with heavy use of javascript/ajax 2.0 for massive performance advantages
  • Wrote numerous system and network polling/login/etc scripts for discovery and analysis for database population, spanning fifteen geographic locations.
  • Designed and implemented process for migrating corporate source from CVS to SVN.
  • Served as oracle DBA for centralized user, device and logging database system, deployed under corporate DB guidelines, including three server managed standby setup distributed across multiple geographic locations in a managed standby setup.
  • Designed and wrote database schema (ddl) and data (dml) migration scripts to handle quarterly revisions to corporate database schema to accommodate new tools and features.
  • Designed development oracle database environment, including process to refresh from production, scrambling sensitive data, and sync users/passwords/roles between server.
  • Served as Firewall Administrator for extensive (30+) NetScreen Firewall deployment with heavy use of ipv4 tunnels between fifteen geographic locations.
  • Third tier support for systems, network and things that defy categorization
  • Moved corporate headquarters including three data centers of approximately 2000 largely undocumented devices and infrastructure for 1500 employees to a new facility with minimal disruption as new building was under construction. Move had a very demanding, Herculean deadline requiring services to be migrated between multiple geographically distinct facilities with minimal downtime/disruption
  • Leads team responsible for deploying all unix-based hardware (primarily Sun, HP and IBM), working with groups to ensure requirements were met. Specified and Streamlined server deployment process to establish clear expectations and responsibilities.
  • Leads team of of 8 Engineers, responsible for typical management tasks including personnel issues, project management, managing relationships with other groups, salary adjustments and performance reviews.
  • Active member of leadership management team for Operations-half of technology in company -- responsible for short term and long term strategy, budget, employee relations/ morale strategy, etc, in addition to contributions as technology architect.
Omniscient Technologies
Consultant to Various clients and Self Motivated Projects
1991 - Present
Various Locations
Consultant for various other companies for short term projects as a remote teleworker as well as on-site. Projects vary from architecture design, solution implementation to systems management. Also serves as a mechanism to keep skills up and implement things that may not have a paying customer but are nonetheless interesting.
  • Designed and developed (using mod_perl) web site that serves UTF-8 content in both Czech and English for small town bakery in the Czech Republic
  • Maintain heterogenous home environment (NetBSD/amd64, OpenSolaris, NetBSD/sparc64, Linux, Windows+Windows Server with Active Directory, OS/X) with mail/web/otherwise services for personal Internet domains. MIT Kerberos v5 implementation including common authentication mechanism across windows and unix systems. Configured Certificate authority for SSL/IMAP and Apache/SSL web server.
  • Maintain ipsec-encrypted tunneled network between Virginia, Czech Republic, Texas and New Jersey using BGP to handle failover when intermediate links break
  • Established and maintained private domain, including multi-view DNS (for NAT support) and e-mail configuration.
  • Member of core development team of AMANDA, the Advanced Maryland Automatic Network Disk Archiver, http://www.amanda.org/, an open source network backup system.
  • Member of the core development team of JazzHands, https://github.com/JazzHandsCMDB/jazzhands, an open source CMDB/user/device management system.
  • Designed and implemented system replication technique for replicating and installing production systems in development.
  • Researched many and recommended one network management platform for IP-based gaming company deployed in diverse locations.
  • Installed and configured AMANDA network backup software for enterprise-wide backups on system with tape robot.
  • System installation, configuration, and debugging for company with remotely deployed systems.
  • Designed and implemented Faxback service for retrieval of stockholder proxy evaluation. (under Microsoft Windows 3.1)
  • Designed and implemented check scan system that scanned check image, performed OCR, and parsed data on check. Incorporated archival of check information and check image. (under Microsoft Windows 3.1)
Wayport, Inc
Senior Systems Architect
2001 - 2005
Teleworker

Lead Systems Architect for startup ISP providing high speed wired/wireless Internet access in hotels, airports, restaurants and other places business travelers frequent. Focused on scaling existing architecture and preparing for new equipment via automated configuration management, monitoring, and database representation. Responsible for end-to-end design and programming of software, primarily in C and perl.

  • Designed, implemented (in C) and documented heavily threaded network element pollers for uptime (ping) and service availability of SNMP, DNS, SMTP, HTTP, HTTPS, Radius, of over 40,000 network devices at over 10,000 locations, also using SNMPv3 context proxying for devices in 1918 space behind Internet facing routers.
  • Designed and implemented database backend for monitoring system in both postgresql and oracle, using a perl loading system to present real-time network status, historical, statistical and SLA reporting, including integration with corporate trouble ticket system (by opening and maintaining tickets and flagging chronic outages).
  • Lead designer and implementor of new oracle network database design representing all layer1/2/3 nodes on network and their connections in data centers, HUBs and on customer premesis to further automate and manage network elements and services. Remains backwards compatible with existing Wayport schema through oracle views and triggers.
  • Organized and executed data center move of over 100 servers, routers, and corporate and VPN firewalls averaging less than one minute of outage per service.
  • Temporarily managed group of 8 IT/Network Engineers after existing manager left company, including personnel issues, project management, managing relationships with other groups, salary adjustments and performance reviews.
  • Wrote C plug-in modules for postgresql and java modules for oracle to add sql-accessible functionality.
  • Designed and wrote net-snmp plug-in module in C for use in monitoring dhcp address pools and leases to allow for network operations staff to pro-actively address ip availability problems.
  • Designed, implemented (in C) mail filtering software to prevent guest users from using Wayport systems to relay spam. Implemented as both on-property SMTP proxy and sendmail milter on customer mail relay system.
  • Served as backup administrator for Cisco VoIP system, including call queuing and voicemail services.
  • Implemented Sun's flash system installation into existing install procedures, eventually integrating Sun's wan boot system for loading Solaris 9 without NFS.
  • Designed, implemented and documented centralized user account management system for Solaris, Debian Linux, FreeBSD, windows XP, samba and router access via TACACS back ended with oracle.
  • Ported Wayport's service from Debian Slink to Sparc/Solaris 8+Tasman Networks router integrating a complex system written in C, shell, perl, tcl, and using numerous network protocols.
  • Designed, implemented and documented firewall/packet filter abstraction creating standard interface to ipfw/iptables/ipf and Tasman packet filter (SNMP) implementations.
  • Designed, implemented and documented system providing automatic DNS zone generation from Wayport database, SNMP polling network devices and flat file configurations resulting in elimination of hand-maintained data, human error and time consuming manual updates.
  • Developed and implemented standard Operating System environment (Vendor OS+COTS products+ open source software) and installation procedures for Solaris 8 and 9 used across corporate environment including deployment at Corporate HQ as well as on customer premises.
  • Designed, implemented and documented generic abstraction layer to generate native Solaris, Debian and FreeBSD application packages from the same source code for easy management (addition/ removal/verification of install/etc).
  • Reviewed Contracts and Proposals for Wayport between both vendors and Wayport and customers and Wayport.
  • Implemented Kerberos Authentication in Oracle.
  • Wayport liaison to WiFi Alliance including participation in technical WISPr committee, Public Access subcommittee, and attendance at quarterly meetings.

UUNET Technologies, an MCI company
Manager, Systems and Network Architecture, March 1998 - January 2001
Senior Systems Engineer, December 1996 - March 1998
1998-2001
Ashburn and Fairfax, VA

Lead Systems Architect and Manager/Mentor of 10 person team inside Server Operations department focusing on strategic direction for underlying Operating Systems and assorted add ons (such as Kerberos, and Embedded Services (mail/news/dns/radius). We focused primarily on design and programming of the "next generation" and new software/features for the Server Operations groups across US, Europe and Asia Pacific. Provided a standard, reproducible OS and open source software load. Provided advice and counsel on unix-based systems issues to rest of server operations and IT, as well as engineering development groups.

  • Developed scalable Solaris 8 infrastructure for global implementation in worldwide Operating Companies. It is based around System V packages and a web centric install, combined with jumpstart.
  • Worked with Sun to design nfs-less secure system loading process (later called "wanboot") including being first customer ever to present technological plans to Solaris OS Steering Committee.
  • Work with vendors (Sun Microsystems, Micromuse, Lucent) to set direction for products (Solaris, Netcool, various network management products).
  • Designed and implemented computing environment for European Operations facility in Amsterdam, Netherlands.
  • Work with Regional Operating Company system administration teams (Europe, Asia Pacific), as well as in-country operating companies throughout Europe.
  • Implemented flat file access control mechanism for secure, authenticated, world wide management of file-based corporate data.
  • Migrated systems from legacy "flat file" system to database-based system.
  • Led Change Management group, including developing procedures and coordinated process to ensure peer-review, lowest-impact scheduling, and provide approval.
  • Led team to develop Windows NT & 2000 infrastructure with Citrix Metaphrame support (v1.6-1.7).
  • Hired personnel, performed performance reviews, balanced company needs -vs- employee needs (in-policy/out-of-policy salary adjustments, etc).
  • Supervise bringing applications to production from development; led team to manage process; serve as liaison to development groups.
  • Configuration and maintenance of internal Cisco routers and Fore ATM switched providing corporate communications, including packet filter access lists for corporate entry point.
  • General unix/systems expert for providing advice on variety of unix issues.
  • Developed standardized Solaris 2.5.1 & 2.6 infrastructure, installation, and update procedures for deployment on approximately 1000 systems deployed in over 40 sites globally.
  • Performed maintenance scheduled and coordinated with company-wide Change Management Group.
  • Moved company from "small/startup" to "scalable" systems architecture.
  • Modify Solaris source code as interim step to fix bugs prior to sun releasing a patch (supplying source code patches to sun).
  • Inherited legacy software; ported/migrated to newer computing environments.
  • Worked with in-company developers to bring third party and locally written software into production. Managed entire "to production" process for global network management and statistics collection systems.
  • Implemented "production system guidelines" to quantify requirements for developers.
  • Coordinated split of company wide unix support from one group to two groups in two corporate hierarchies. (internally -vs- externally focused groups).
  • Implement 7x24x365 automated backup solution to replace manual system.
  • Designed and Operated MIT Kerberos v5 infrastructure, including geographical diversity and migration from Kerberos v4 infrastructure.
  • Coordinated and managed impact of major server moves from legacy data center to larger data center facility, eliminating down time wherever possible.
  • Assumed ownership of account management software.
  • Responsible for reliable operation of Network Appliance NFS filers.
  • Second-tier escalation for internal server and network issues (24x7x365).
University of Maryland at College Park
UM Institute for Advanced Computer Studies (UMIACS) and CS Dept

Computer Engineer
1992-1995 (student)
1995-1997 (full time)
College Park, MD

Systems programmer and network/system administrator for unix systems focused on support of University researchers, both strategic and tactical for general systems administration and integration of new architectures and operating system into existing infrastructure.

  • Managed 400 node TCP/IP Ethernet, ATM and FDDI network consisting of SunOS4, Solaris2, Digital Unix, Ultrix, AIX, Irix BSD/OS, Windows NT/95, Macintosh systems; monitored and troubleshot network load.
  • Installed vendor OS, unbundled, and third party products on unix systems; built and maintained open source software including X11R5-6.1, sendmail, BIND, xntp, s/key, ssh; maintained significant body of locally written software, and installed local hacks in vendor operating systems.
  • Designed and supervised merger of two separate 100 and 300 node, 200 and 1000 user TCP/IP Unix networks into a single consolidated environment, resulting in continued individuality, centralized administration more efficient network management.
  • Redesigned and implemented e-mail routing and user account software resulting in the the successful coexistence of several Internet domains, with the capability to easily add more.
  • Designed environment and installation procedure for Solaris 2.5 and Digital Unix 4.0 workstations resulting in an identical environment across all workstations of the same type and a consistent environment with other Unix Operating Systems already in place.
  • Designed/Implemented Database Application to manage equipment inventory, for UMIACS and other campus departments written in C, Tk/TCL, Postgres95, and perl.
  • Integrated AFS client into 5 major unix OS platforms.
  • Installed and configured sendmail and administered other Internet services including DNS, NFS, NTP, WWW, Usenet News, PPP dial-in service.
  • Maintained site security by identifying and addressing potential security vulnerabilities and tracking security-related Internet resources (mailing lists, newsgroups, web sites). Responded to compromises by determining method of break-in, in order to close security holes through locally written fixes and vendor patches. Worked with CERT and other Internet administrators to help re-secure compromised remote sites.
  • Installed, configured and maintained Web servers servers (Apache, CERN, NCSA) and web hierarchy, including space for user home pages. Wrote and maintained web pages and cgi scripts.
  • Reconfigured and maintained multiple Usenet news servers for exchanging news with outside sites, and for on-site news reading.
  • Specified and recommended workstation configurations, network hardware, storage, printers, and software for grant proposals, faculty and general purchases.
  • Performed routine system administration tasks including backups and file restores, account installation and deletion, workstation installation, and operating system upgrades.
  • Provided technical support for users, answered questions and troubleshot problems.
Education
Bachelor of Science in Computer Science, University of Maryland College Park, June 1995
References References available upon request.
Original available from https://www.omniscient.com/~kovert/resume/