Relevant Skills and Experiences
|
Programming
|
C/C++, Perl, Shell, SQL (PL/SQL), Python,
Javascript/Ajax, Java, Tcl/Tk, Various Assemblies
|
OS
|
"Unix":
BSD (Net, Free, Open),
Linux (Redhat, Debian, CentOS, others),
Mac OS/X,
Solaris, AIX,
Cisco IOS, JunOS, Arista EOS, ScreenOS,
Foundry IronWare,
Windows 3.11-10,
numerous legacy unix variants,
Virtual Machines using Xen, KVM, Parallels and VMWare and bhyve
|
Networking
|
IPSec, ACLs, policy-based routing,
IPv4/IPv6, 802.1x, 802.1q vlans,
BGP, PPPoE/PPP, OSPF, SMTP/Mail,
WWW/HTTP/HTTPS/Certificate Authority,
Wi-Fi (802.11abg, 802.1x, WEP),
DNS, NFS, NTP, POP, IMAP, Radius,
VoIP (H.323, SIP, MGCP, SCCP, RTP)
TACACS, bootp, tftp, dhcp, jumpstart,
rsync, other standard unix services
|
Database
|
Postgresql, Oracle, MySQL, Sybase,
MS SQL Server, perl DBI/DBD, ODBC, Erwin,
QDesigner, E-R Diagram Generation, Data
Schema Mangement/Migrations
|
Security and Compliance
|
Kerberos v5, SSH, SSL/x509 Certificates,
ACME/letsencrypt,
OAuth/Oauth2, Firewalls,
s/key, PGP,
logging/log analysis, raw packet analysis,
security/compliance audits
(SOX, PCI, Financial, GDPR)
|
Misc
|
kubernetes, puppet, graphite,
TCP/UDP programming, Network protocol design,
Technical training/mentoring, HA
System Architecture, Netcool, OpenView,
Git/SVN/RCS/CVS/Mercurial/Montone, Unicode/UTF-8/16/32
|
|
Work Experience
|
AppNexus/Xandr, acquired by
Microsoft Advertising (once part of AT&T/WarnerMedia)
Principal Systems Architect, Technology Delivery Platform
Senior Manager, DevOps & Core Systems Infrastructure
|
2010 - Present
Teleworker
|
This needs to be filled in. It will be great and talk a lot about how I worked on low level infrastuructre to make the network and servers work in datacenters and private/public cloud around the world. Watch this space.
Vonage Network
Senior Manager, Systems Architecture
Senior Systems Architect/Individual Contributor
|
2005 - 2010
Teleworker
|
Senior Manager of, and technical member for system
architecture group made up of jack-of-all-trade senior
individual contributors for a premiere VoIP telephone
provider. Focused
on scalable network and server platform, extensive automation,
internet services (mail, dns, ntp, etc). Responsible for
end-to-end design, server deployment policies and general
unix expertise.
-
Architect, designer, and developer for
internal centralized account management
and systems automation system based in
Oracle, SystemDB (open sourced as
JazzHands):
- Feeds account authorization
/ authentication information to bi-directional
targets, including Customer Care applications,
Active Directory/Microsoft LDAP, Ticketing
systems (RT), MIT Kerberos, Unix/Linux native
authorization, TACACS, RADIUS, Alladin token/VPN
and Oracle HRIS systems.
- Captures all
system/network device information for cataloging
and tracing system and network and circuit
infrastructure (layer1/2/3 connections), for use
in OpenNMS, Netcool, MRTG, monitoring/alerting for
the Network Operations Center (NOC).
- Captures remote power control, console, and
rack elevations (physical location) for 10000+
devices (servers, switches, routers, voice gateways,
etc).
- Prior to
implementation all accounts were managed disparately
and there was no auditing, accountability or
automation for accounts. Afterwards all servers,
network devices, physical badge access and most
web-based servers were managed centrally and tied
to an employee's HR record.
-
Designed/Implemented Web front end to SystemDB ("STAB")
in perl/mod_perl with heavy use of javascript/ajax 2.0
for massive performance advantages
-
Wrote numerous system and network polling/login/etc scripts for
discovery and analysis for database population, spanning
fifteen geographic locations.
- Designed and implemented process for migrating corporate
source from CVS to SVN.
- Served as oracle DBA for centralized user, device and logging
database system, deployed under
corporate DB guidelines, including three server managed
standby setup distributed across multiple geographic locations
in a managed standby setup.
- Designed and wrote database schema (ddl) and data (dml)
migration scripts to handle quarterly revisions to
corporate database schema to accommodate new tools
and features.
- Designed development oracle database environment, including
process to refresh from production, scrambling sensitive data,
and sync users/passwords/roles between server.
- Served as Firewall Administrator for extensive (30+) NetScreen
Firewall deployment with heavy use of ipv4 tunnels between
fifteen geographic locations.
- Third tier support for systems, network and things that defy
categorization
- Moved corporate headquarters including three data centers
of approximately 2000 largely undocumented devices and
infrastructure for 1500 employees to a new facility with
minimal disruption as new building was under construction.
Move had a very demanding, Herculean deadline requiring
services to be migrated between multiple geographically
distinct facilities with minimal downtime/disruption
- Leads team responsible for deploying all unix-based hardware
(primarily Sun, HP and IBM), working with groups to ensure
requirements were met. Specified and Streamlined server
deployment process to establish clear expectations and
responsibilities.
- Leads team of of 8 Engineers, responsible for typical management
tasks including personnel issues, project management, managing
relationships with other groups, salary adjustments and
performance reviews.
- Active member of leadership management team for
Operations-half of technology in company -- responsible for
short term and long term strategy, budget, employee relations/
morale strategy, etc, in addition to contributions as
technology architect.
Consultant for various other companies for short term
projects as a remote teleworker as well as on-site.
Projects vary from architecture design, solution
implementation to systems management. Also serves as a
mechanism to keep skills up and implement things that may
not have a paying customer but are nonetheless interesting.
-
Designed and developed (using mod_perl) web site that
serves UTF-8 content in both Czech and English for small
town bakery in the Czech Republic
-
Maintain heterogenous home environment
(NetBSD/amd64, OpenSolaris, NetBSD/sparc64, Linux,
Windows+Windows Server with Active Directory, OS/X)
with mail/web/otherwise services for personal Internet
domains. MIT Kerberos v5 implementation
including common authentication mechanism across windows and unix
systems. Configured Certificate authority for SSL/IMAP
and Apache/SSL web server.
-
Maintain ipsec-encrypted tunneled network between Virginia,
Czech Republic, Texas and New Jersey using BGP to handle
failover when intermediate links break
-
Established and maintained private domain, including multi-view
DNS (for NAT support) and e-mail configuration.
-
Member of core development team of AMANDA, the
Advanced Maryland Automatic Network Disk Archiver,
http://www.amanda.org/,
an open source network backup system.
-
Member of the core development team of JazzHands,
https://github.com/JazzHandsCMDB/jazzhands, an open source
CMDB/user/device management system.
-
Designed and implemented system replication technique
for replicating and installing production systems in
development.
-
Researched many and recommended one network management
platform for IP-based gaming company deployed in diverse
locations.
-
Installed and configured AMANDA network backup software
for enterprise-wide backups on system with tape robot.
-
System installation, configuration, and debugging for
company with remotely deployed systems.
-
Designed and implemented Faxback service for retrieval of
stockholder proxy evaluation. (under Microsoft Windows 3.1)
-
Designed and implemented check scan system that scanned
check image, performed OCR, and parsed data on check.
Incorporated archival of check information and check
image. (under Microsoft Windows 3.1)
Wayport, Inc
Senior Systems Architect
|
2001 - 2005
Teleworker
|
Lead Systems Architect for startup ISP providing high
speed wired/wireless Internet access in hotels,
airports, restaurants and other places business travelers
frequent. Focused on scaling existing
architecture and preparing for new equipment via
automated configuration management, monitoring, and
database representation. Responsible for end-to-end
design and programming of software, primarily in C and
perl.
-
Designed, implemented (in C) and documented
heavily threaded network element pollers for
uptime (ping) and service availability of SNMP,
DNS, SMTP, HTTP, HTTPS, Radius, of over 40,000
network devices at over 10,000 locations, also
using SNMPv3 context proxying for devices in 1918
space behind Internet facing routers.
-
Designed and implemented database backend for
monitoring system in both postgresql and oracle,
using a perl loading system to present real-time
network status, historical, statistical and SLA
reporting, including integration with corporate
trouble ticket system (by opening and maintaining
tickets and flagging chronic outages).
-
Lead designer and implementor of new oracle
network database design representing all
layer1/2/3 nodes on network and their
connections in data centers, HUBs and on
customer premesis to further automate and
manage network elements and services.
Remains backwards compatible with existing
Wayport schema through oracle views and triggers.
-
Organized and executed data center move of over
100 servers, routers, and corporate and VPN firewalls
averaging less than one minute of outage per
service.
-
Temporarily managed group of 8 IT/Network Engineers
after existing manager left company, including
personnel issues, project management, managing
relationships with other groups, salary
adjustments and performance reviews.
-
Wrote C plug-in modules for postgresql and
java modules for oracle to add sql-accessible
functionality.
-
Designed and wrote net-snmp plug-in module in
C for use in monitoring dhcp address pools and
leases to allow for network operations staff to
pro-actively address ip availability problems.
-
Designed, implemented (in C) mail filtering
software to prevent guest users from using
Wayport systems to relay spam. Implemented as
both on-property SMTP proxy and sendmail milter
on customer mail relay system.
-
Served as backup administrator for Cisco VoIP
system, including call queuing and voicemail
services.
-
Implemented Sun's flash system installation
into existing install procedures, eventually
integrating Sun's wan boot system for loading
Solaris 9 without NFS.
-
Designed, implemented and documented centralized
user account management system for Solaris,
Debian Linux, FreeBSD, windows XP, samba and
router access via TACACS back ended with oracle.
-
Ported Wayport's service from Debian Slink
to Sparc/Solaris 8+Tasman Networks router
integrating a complex system written in C,
shell, perl, tcl, and using numerous network
protocols.
-
Designed, implemented and documented
firewall/packet filter abstraction creating
standard interface to ipfw/iptables/ipf and
Tasman packet filter (SNMP) implementations.
-
Designed, implemented and documented system
providing automatic DNS zone generation from
Wayport database, SNMP polling network devices
and flat file configurations resulting in
elimination of hand-maintained data, human error
and time consuming manual updates.
-
Developed and implemented standard Operating
System environment (Vendor OS+COTS products+
open source software) and installation
procedures for Solaris 8 and 9 used across
corporate environment including deployment at
Corporate HQ as well as on customer premises.
-
Designed, implemented and documented generic
abstraction layer to generate native Solaris,
Debian and FreeBSD application packages from the
same source code for easy management (addition/
removal/verification of install/etc).
-
Reviewed Contracts and Proposals for Wayport
between both vendors and Wayport and customers
and Wayport.
-
Implemented Kerberos Authentication in Oracle.
-
Wayport liaison to WiFi Alliance
including participation in technical WISPr
committee, Public Access subcommittee, and
attendance at quarterly meetings.
UUNET Technologies,
an MCI company
Manager, Systems and Network Architecture, March 1998 - January 2001
Senior Systems Engineer, December 1996 - March 1998
|
1998-2001
Ashburn and Fairfax, VA
|
Lead Systems Architect and Manager/Mentor of 10 person
team inside Server Operations department focusing on
strategic direction for underlying Operating Systems
and assorted add ons (such as Kerberos, and Embedded
Services (mail/news/dns/radius). We focused primarily
on design and programming of the "next generation" and
new software/features for the Server Operations groups
across US, Europe and Asia Pacific. Provided a standard,
reproducible OS and open source software load. Provided
advice and counsel on unix-based systems issues to rest
of server operations and IT, as well as engineering
development groups.
-
Developed scalable Solaris 8 infrastructure for global
implementation in worldwide Operating Companies.
It is based around System V packages and
a web centric install, combined with jumpstart.
-
Worked with Sun to design nfs-less secure system loading
process (later called "wanboot") including being first
customer ever to present technological plans to Solaris OS
Steering Committee.
-
Work with vendors (Sun Microsystems, Micromuse,
Lucent) to set direction for products (Solaris, Netcool,
various network management products).
-
Designed and implemented computing environment for
European Operations facility in Amsterdam, Netherlands.
-
Work with Regional Operating Company system
administration teams (Europe, Asia Pacific), as well as
in-country operating companies throughout Europe.
-
Implemented flat file access control mechanism for secure,
authenticated, world wide management of file-based
corporate data.
-
Migrated systems from legacy "flat file" system to
database-based system.
-
Led Change Management group, including developing
procedures and coordinated process to ensure
peer-review, lowest-impact scheduling, and provide
approval.
-
Led team to develop Windows NT & 2000 infrastructure with
Citrix Metaphrame support (v1.6-1.7).
-
Hired personnel, performed performance reviews,
balanced company needs -vs- employee needs
(in-policy/out-of-policy salary adjustments, etc).
-
Supervise bringing applications to production from
development; led team to manage process; serve as
liaison to development groups.
-
Configuration and maintenance of internal Cisco routers
and Fore ATM switched providing corporate communications,
including packet filter access lists for corporate entry
point.
-
General unix/systems expert for providing advice on
variety of unix issues.
-
Developed standardized Solaris 2.5.1 & 2.6
infrastructure, installation, and update procedures for
deployment on approximately 1000 systems deployed in
over 40 sites globally.
-
Performed maintenance scheduled and coordinated with
company-wide Change Management Group.
-
Moved company from "small/startup" to "scalable" systems
architecture.
-
Modify Solaris source code as interim step to fix bugs
prior to sun releasing a patch (supplying source code
patches to sun).
-
Inherited legacy software; ported/migrated to newer
computing environments.
-
Worked with in-company developers to bring third party
and locally written software into production. Managed
entire "to production" process for global
network management and statistics collection systems.
-
Implemented "production system guidelines" to quantify
requirements for developers.
-
Coordinated split of company wide unix support from
one group to two groups in two corporate hierarchies.
(internally -vs- externally focused groups).
-
Implement 7x24x365 automated backup solution to replace
manual system.
-
Designed and Operated MIT Kerberos v5 infrastructure,
including geographical diversity and migration from
Kerberos v4 infrastructure.
-
Coordinated and managed impact of major server moves
from legacy data center to larger data center facility,
eliminating down time wherever possible.
-
Assumed ownership of account management software.
-
Responsible for reliable operation of Network Appliance
NFS filers.
-
Second-tier escalation for internal server and network
issues (24x7x365).
Systems programmer and network/system administrator
for unix systems focused on support of University
researchers, both strategic and tactical for general
systems administration and integration of new
architectures and operating system into existing
infrastructure.
-
Managed 400 node TCP/IP Ethernet, ATM and FDDI network
consisting of SunOS4, Solaris2, Digital Unix, Ultrix,
AIX, Irix BSD/OS, Windows NT/95, Macintosh systems;
monitored and troubleshot network load.
-
Installed vendor OS, unbundled, and third party products
on unix systems; built and maintained open source software
including X11R5-6.1, sendmail, BIND, xntp, s/key,
ssh; maintained significant body of locally written
software, and installed local hacks in vendor operating
systems.
-
Designed and supervised merger of two separate 100 and
300 node, 200 and 1000 user TCP/IP Unix networks into
a single consolidated environment, resulting in
continued individuality, centralized administration more
efficient network management.
-
Redesigned and implemented e-mail routing and user
account software resulting in the the successful
coexistence of several Internet domains, with the
capability to easily add more.
-
Designed environment and installation procedure for
Solaris 2.5 and Digital Unix 4.0 workstations resulting
in an identical environment across all workstations of
the same type and a consistent environment with other
Unix Operating Systems already in place.
-
Designed/Implemented Database Application to manage
equipment inventory, for UMIACS and other campus
departments written in C, Tk/TCL, Postgres95, and perl.
-
Integrated AFS client into 5 major unix OS platforms.
-
Installed and configured sendmail and administered other
Internet services including DNS, NFS, NTP, WWW, Usenet
News, PPP dial-in service.
-
Maintained site security by identifying and addressing
potential security vulnerabilities and tracking
security-related Internet resources (mailing lists,
newsgroups, web sites). Responded to compromises by
determining method of break-in, in order to close
security holes through locally written fixes and
vendor patches. Worked with CERT and other Internet
administrators to help re-secure compromised remote
sites.
-
Installed, configured and maintained Web servers
servers (Apache, CERN, NCSA) and web hierarchy,
including space for user home pages. Wrote and
maintained web pages and cgi scripts.
-
Reconfigured and maintained multiple Usenet news servers
for exchanging news with outside sites, and for on-site
news reading.
-
Specified and recommended workstation configurations,
network hardware, storage, printers, and software for
grant proposals, faculty and general purchases.
-
Performed routine system administration tasks including
backups and file restores, account installation and
deletion, workstation installation, and operating system
upgrades.
-
Provided technical support for users, answered questions
and troubleshot problems.
|