Jenny

Network Engineer

Around Seven (7) years of experience in Network Engineering and Systems Administration.
Four (4) years of Hands on Experience in Ciscos Identity Service Engine - Network Access Control design,
deployment & implementation.
Four (4) years of Hands on Experience in Industry leading NAC Provider - ForeScout CounterAct Network
Access Control design, testing, deployment and implementation.
Six (6) years Hand on Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security
PEAP/WPA, and RADIUS Protocols.
Expertise in Cisco ACS, Cisco ISE RADIUS & TACACS 802.1x &AAA (Authentication, Authorization and
Accounting Protocols) Radius Configurations, Juniper Steel Belted Radius, and Radiator Radius.
Experience in Installing and Configuring RSA 2 Factor Authentication using RSA Authentication Manager 8.0/8/1,
token based Authentications, Risk Based Authentications (RBA) and On-Demand Authentications (ODA).
Hands on Experience in setting up, configuration, maintenance and support of RSA AM 8.0/8.1 Security Console,
Operations Console, Self Service Portal (SSP)and Help Desk Portals (HDAP)
Hands on Experience in Installation and configuration of VMware ESXi 4.2/5.1/5.5/6 Environments, VMware
VSphere, VMware Workstation 8, VMware view, Virtual Desktop Interface.
Over five (5) years of Hands on Experience in Installation and Configuration of Checkpoint Firewall UTM Series,
NGX Series Nokia Appliances and Virtual Checkpoint Firewalls.
Installations, Operations & Maintenance of Checkpoint firewall UTM and NG/X Series on distributed NT
environment and management of network security policies which includes access controls, Firewall Rule policies,
Application & URL Filtering.
Management of Checkpoint Firewall Clusters from Central Management (CMA) and Service Provider interfaces.
Hands on Experience in installation and configuration of NetOptics and Gigamon TAPs for traffic capture and
feeding into Network monitoring tools.
Hands on Experience with Cisco Prime Infrastructure v2.1/2.2/3.
Implementing Downloadable Extended Access Control-Lists using Cisco ISE and on Multi-Layer Switches.
Expertise in troubleshooting Network Connectivity issues in Local Area Networks (LAN) using Packet Capturing
Methods (Wireshark).
Hand on experience in configuring DNS and DHCP servers on Windows 2008/2012 Standard R2 Servers
Expert Hand-on-Experience in configuring 802.1x supplicant (Native Supplicant, Cisco AnyConnect Supplicant &
Secure W2 client supplicant) configuration on various End Client Devices-Windows, Apple Macintosh and Linux
platforms.

Technology Expertise:

Cisco Identity Service Engine (ISE), Network Admission Control (NAC) Solutions
Forescout CounterACT NAC Solutions
Cisco Access Control Server (ACS)
Cisco Wireless Solutions
Checkpoint Firewall and ASA Management
RADIUS & TACACS, 802.1x Solutions
RSA Authentication Manager 2 Factor Management Solutions
Virtualization Technologies with VMware ESXi and EMC Storage Technologies.

Routers &
Switches

Cisco Routers (3800, 2800, 2500, 2400 Series), Cisco Switches

(6500, 4500, 2960, 2950, 2924, 3700, 3500)

Firewalls & VPN

Checkpoint Firewall UTM Series and Cisco ASA5500 series

Operating Systems

Windows XP/Vista, Windows 7, Windows 2000/2003/2008 Servers, Windows

Storage Server 2003, Linux Operating Environments.

Cisco ISE
Devices

Cisco Identity Service Engine 3300s Appliances with software

release of 1.0.3/1.0.4_MR, Cisco Identity Service Engine on VMware
ESX 5.0 with software release of 1.0.3/1.0.4_MR,1.2.x

ForeScout
Counter act

CT/AS 1000/2000/4000s and CounterACT on VMware

Cisco ACS

Cisco ACS 4.2, Cisco ACS 5.0/5.3/5.4

RSA

Authentication Manager 8.0/8.1, Security Console, Operations

Console Self Service Portal (SSP), Help Desk Portal (HDAP)

AAA
Architecture

TACACS+, RADIUS

Protocols

Wireless
Equipment:

TCP/IP, EIGRP, OSPF, Dot1Q, STP, VLANS, VTP, DNS, DHCP, ARP, SNMP,
802.1x, EAP, PEAP, MSCHAPv2, EAP-GTC, EAP-TLS
Cisco Wireless LAN Controllers (WLC) 4400 Series (4402 & 4404)
5500 Series (5508), Cisco Aironet Wireless Access Points (1200
3500 Series), Cisco Prime Infrastructure 2.x/3.x
ESXi 5.5, VMware VSphere, VMware Workstation 8, VMware view.

VMware:
Applications:

MS Office 2003/2007- Word, Excel, Power Point, MS Outlook,

Outlook Express, Windows Live Mail, VNC PC Anywhere, Team
Viewer, LAN Guard Network Scanner.

Antivirus:

Kaspersky Server/Client stations, AVG, Norton 360, McAfee AV.

Client:EMC, Southborough, MA
Network Engineer
November2015 to Current
Responsibilities

Working as Network Engineer in planning and designing our Clients global network for Network Access Solution.

Maintenance of Forescout CounterACT NAC Solution across Wireless, SSL-VPN and Wired Networks.

Implementation of 802.1x Wired User Authentication using Juniper Steel Belted RADIUS Servers across two
Domains.

Designed & Deployed Cisco ISE 1.2/1.3/2.0 for Enterprise RADIUS Authentication with Active Directory, RSA
SecurID, Proxy Radius Services to Cisco ACS, Juniper Steel Belted Radius and Radiator Radius.

Configuration & Maintenance of Cisco ISE for Certificate based authentication for BYOD and Corporate Mobile
Device Authentication using Airwatch MDM.

Configured RSA SecurID authentication manager 8.x for Two Factor 8021x Authentication, On-Demand & Risk Based
Authentications.

Configuration, maintenance and support of RSA AM 8.0/8.1 Security Console, Operations Console, Self Service
Portal (SSP)and Help Desk Portals (HDAP).
Integrationof RSA AM 8.0/8.1 to Active Directory/LDAP, Token Management, Network Access Device Management,
Radius Service Management, RSA Agents Management.
Provided comprehensive guest access management for Cisco ISE administrators, sanctioned sponsor administrators
using BYOD & Guest Management Portal Configuration.

Endpoint compliance by providing comprehensive client provisioning measures and assessing the device posture for
all endpoints that access the network, including 802.1X environments.

Worked extensively on Cisco Catalyst Switch 6500s, 4500s, 3750 and Cisco ISE 3300 Appliances and
1.0.4/1.1/1.2/1.3/1.4 and 2.0 Cisco ISE on VMwares.

Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand
various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.

Hands on Experience in Installation and Configuration of Checkpoint Firewall UTM Series, NGX Series Nokia
Appliances and Virtual Checkpoint Firewallsand management of network security policies which includesFirewall
Rule policies, Application & URL Filtering.

Management of Checkpoint Firewall Clusters from Central Management (CMA) and Service Provider interfaces.

Configured Cisco ISE forDomain Integration and Active Directory Integration.

Configured and performed software upgrades on Cisco Wireless LAN Controllers 5508 for Wireless Network
Access Control integration with Cisco ISE.

Planning, designing and Configuration of variousPolicy Configurations, Profile Authorizations, End device
Profiling, User Identities, Cisco ISE and AD mapping with various attributes and levels of authorizations and
Network Access.

Configuration of Cisco IP phones (7900s, 6961s, 9900s) for device profiling and Cisco Call Manager phone
registration via Cisco ISE, Printer Profiling, Mobile device profiling etc.,

Worked Extensively on Access Control Policies consisting of VLAN switching through SNMP, Applying
downloadable ACLs through Cisco ISE, and Configuring Standard and Extended ACLs.

IP addressing and design schemas for a variety of IP Pools using DHCP scope or local IP pools for NAC Controls.

Design for Guest Network and Mobile Access Network for NAC Solution, comprising of an Anchor Wireless LAN
Controller solution in DMZs/Internet Gateways with ForeScout CounterAct NAC Appliances for NAC.

Involved in finalizing the design for Corporate Wireless Network Access for NAC Solution, comprising of ForeScout
CounterAct NAC Appliances in all WAN Consolidation Points, and Data Centers.

Worked extensively on Network Traffic SPANS and TAPS for monitoring Network traffic, and Virtual Firewall ACL
rules and policies in CounterAct NAC Appliances for Network Access Controls.

Worked extensively on device profiling, authentication and authorization mechanisms using AAA, RADIUS,
802.1X, Policy buildups for Posture Compliance Policies and Rules for Checking the devices coming
ontoNetwork, Remediation Process, Access and Controls, and Segmenting the Global Networks for NAC
Solutions for both Cisco and Forescout NAC Appliances.

Hands-on-Experience in configuring 802.1x supplicant (Native Supplicant, Cisco AnyConnect Supplicant &
Secure W2 client supplicant) configuration on various End Client Devices-Windows, Apple Macintosh and Linux
platforms.
802.1x Authentication for User Authentication and Machine Authentication with Microsoft Active Directory involving
multiple Domains and Active Directory with machine and user objects, and with different Organizational Units,
Active Directory group policy objects configuration and processing for 802 1x EAP(PEAP)-TLS Protocols for
installing certificates and configuring supplicants

Configured Wireless networks on WLC 5508 series Wireless LAN Controller and management using Cisco WCS,
NCS and Cisco Prime Infrastructure.

Configured and deployed Cisco Iron Ports Web Security Appliance 7.7/7.7/8.0 and WCCP proxy web
redirection on Cisco 6500 Switches.

Configured RSA SecurID authentication manager 8.x for Two Factor 8021x Authentication, On-Demand & Risk Based
Authentications.

Hands on Experience in configuring McAfee ePOLICY ORCHESTRA (ePO) and McAfee Suite.

Client: Cargill
February 2011 to August 2015
Network Engineer Consultant
Responsibilities

Performed as a Network Engineer in planning and designing Cargills major network refresh and redesign of their
global Wireless Networks.

Designing and configuration of Local Area Networks consisting of Cisco Catalyst Switches 4500s, 3750X, 3560X
Wired Switches, Wide Area Networks consisting of Cisco Routers, 3900s, 2951s, and Wireless LAN Networks
using controllers of Cisco 5508s with Cisco APs 3500s.

High-level Designing and Low Level Designing of Cisco (WLAN) Wireless Networks, NAC Network Design for
Global Network based in EMEA, NAR and APAC and coordination with global teams in delivering the proposed
solution successfully.

Installed and configured hardware for Wireless Deployment using Cisco Wireless LAN Controllers (WLCs) 5500
Series with software version 7.x/8.0 and Cisco Prime Infrastructure 2.x/3.x

ConfiguredWireless LAN Controller Interfaces, WLANs, RADIUS attributes, AAA Server configuration for wireless
network connections.

Configured Mobility groups for Anchor and Foreign Wireless LAN Controller Functionality for Layer 2 functionalist
using Ethernet over IP (EoIP) tunnel establishment over Layer 3 routing.

Configured and integrated ACS Server with Wireless LAN Controllers, Switches and Routers for TACACS+ Role
Bases Access (RBAC).

Provided support on Firewall configuration for policy rules on Checkpoint Firewalls.

Configured Cisco ACS 5.x for user authentication with External Database as Active Directory.

Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand
various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.

Documentation the entire deployment notes and policy sets.Conducted workshop training for end user
employeesand provided helpdesk training and facilitated the handoverof NAC Project to the Verizon managed
services provider.

Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand
various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.

Expert Hand-on-Experience in configuring 802.1x supplicant (Native Supplicant, Cisco AnyConnect Supplicant &
Secure W2 client supplicant) configuration on various End Client Devices-Windows, Apple Macintosh and Linux
platforms.
Cisco ISE forDomain Integration and Active Directory Integrationfor 8021x authentication for Ciscos Internal IT
Wireless Networks.
802.1x Authentication for User Authentication and Machine Authentication with Microsoft Active Directory involving
multiple Domains and Active Directory with machine and user objects, and with different Organizational Units,
Conducted and performed Radio Frequency (RF) Site survey for the deployment of wireless Network and
discovering the RF Coverage Areas, Checked for RF Interference and determined appropriate placement of
wireless device - LWAPs.

Troubleshoot issues related to Wireless Setup that includes RF issues like multipath distortion and hidden node
problems.

Performed various VLAN Assignments, Inter-VLAN Communication, dot1q trunking, ACLs, and SNMP settings.

Configured and executed Protocols like OSPF, BGP and EIGRP on Cisco Devices

Extensively utilized Microsofts Project 2007 (project plan) for Enterprise Project Management and InfoBloxfor
Network Management and IP address Management.

Extensively utilized Microsofts Visio 2007 for design analysis and project planning.

Active Directory group policy objects configuration and processing for 802 1x EAP(PEAP)-TLS Protocols for yha+
{{{{{{{{{{{{{{{{{{{{{installing certificates and configuring supplicants

Test functions of Customers NAC, to include Active Directory Single Sign-on authentication, posture checking
and remediation services per requirements gathered during the Design and Planning tasks.

Review Customer logs for policy violations and tune rules as appropriate.

Extensively utilized Microsofts Visio 2007 for designing and analysis and Project 2010 for task planning and
assignment. Microsofts Project 2007.

Employer: Go Secure TEC LLC, Dubai, UAE

July 2010 December 2010
Network Engineer
Responsibilities
High-level Designing and Low Level Designing of Cisco Wireless Network (WLAN) and NAC Network Design.

Provided advice and guidance to Network Management Team for implementing Cisco Wireless Project under
Data Security Laws and Regulations such as SOX (Sarbanes-Oxley Act) and the Peripheral Component
Interconnect/Payment Card Industry Data Security Standard (PCI DSS) Networks.

Configuration of Authentication and authorization mechanisms using AAA, RADIUS, 802.1X, Policy buildups for
Posture Compliance Policies.

Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand
various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.

Planned, Prepared, Designed and Implementation of Cisco NAC Appliances in the Network comprising of Access,
Distribution and Core Layers (All Cisco Catalyst Switches 4500s and 6500 Series)

802.1x Authentication for User Authentication and Machine Authentication with Microsoft Active Directory involving
multiple Domains and Active Directory with machine and user objects, and with different Organizational Units,
Active Directory group policy objects configuration and processing for 802 1x EAP(PEAP)-TLS Protocols for
installing certificates and configuring supplicants
Configured Wireless LAN Controller Interfaces, WLANs, RADIUS attributes, AAA Server configuration for
wireless network connections, SNMP Settings and SNMP Community setting for Trap controls.

Conducted and performed Radio Frequency (RF) Site survey for the deployment of wireless Network and
discovering the RF Coverage Areas, Checked for RF Interference and determined appropriate placement of
wireless devices including LWAPs and Cisco 7925G Wireless Phones.

Troubleshoot issues related to Wireless Setup that includes RF issues like multipath distortion and hidden node
problems.

Performed various VLAN Assignments, Inter-VLAN Communication, dot1q trunking, spanningtree portfast,
ACLs, and SNMP settings. Defined strings for SNMPv2C existence

Configured and executed Protocols like OSPF, BGP and EIGRP on Cisco Routers 7600s, 7200s, 2800s

Extensively utilized Microsofts Project 2007 (project plan).

Extensively utilized Microsofts Visio 2007 for design analysis and project planning.

Adroit, Bangalore, India,

June 2009 to Mar 2010
Computer Systems & Network Administrator
Responsibilities

Involved in designing, configuring, implementing, maintenance and troubleshooting issues relating to routers and
switches in LAN, WLAN and WAN.

Designed and deployed networks as per the companys requirement. Handled different tasks such as network
address assignment, assignment of routing protocols, etc.

Handling the network infrastructure LAN/WAN, migration & configuration of network client workstations. Addressing
performance bottlenecks & ensuring maximum network efficiency and uptime.

Planning designing, Installation, configuration and maintenance of 802.11a/b/gWireless Networks and Wireless
Access points.
Configured Wireless Control System 5.0 for Wireless Networks.
Installed and Configured Wireless LAN Controller 4402 and 1200s (LWAP) Cisco Access Point.
Configured Secured Authentication using LEAP/WEP and PEAP/WPA & WPA2.

Implemented, Monitored and troubleshoot the protocols EIGRP, OSPF and Static Routes.

Worked extensively on lab build for POC and pilot on migrating/upgrading Cisco ACS 5.x to for TACACS+ and
802.1x Authentication on Network Devices.

Experience in configuration of Cisco Wireless LAN Controllers and Wireless Security PEAP/WPA, LEAP/WEPand
various EAP over PEAP Protocols including EAP-TLS, EAP-TTLS, EAP-PEAP-MSCHAP, EAP GTC., etc.

Configuration and maintenance of Voice Processing Systems (VOIP) including PBXfor PanasonicKX-TVA-50 VPS
and KX-TDA 200 Console/GUI/connections for daily office usage.

Installation, Management and Maintenance of VPN Servers for Remote access, Site to Site VPN access and Dial
up VPN access.

Implemented traffic filters using Standard and Extended Access Control lists. Handled Route-map, Re-distribution
list & access-list configurations.
Access distribution and core layer switching architecture, created VLANS, Firewall Services Module (FWSM) and
STP configuration.
Addressing issues like routing problems, route announcements/advertisements, and security access issues.

Used tools Wireshark, Packet Sniffer and Microsoft Network Analyzer for monitoring Local Area Network
connections (LANs) and Wide Area Network Connections (WAN) for Network connection and failure issues.

Administrative responsibilities including the installations, additions, updates and changes to Microsoft Windows
2003 and Windows 2008 servers.

Planned Data Recovery, Drive/Disk Imaging and Backup process and procedures.

Maintained accurate network documentation for moves, adds, changes, and deletes. Properly documentation of
problem situations and resolutions.

Documented policies and procedures for resolving customer issues.

References available upon request