Christopher W Hull

LA PORTE, INDIANA | UNITED STATES
christopherwhull@hotmail.com | 219 613 3785
www.christopherwhull.com

Network Architecture & Engineering — F5 Subject Matter Expert

Executive Technical Summary

Senior Network Architect and F5 Subject Matter Expert with over 20 years of hands-on experience architecting, deploying, and operating enterprise-scale infrastructure in highly regulated environments (financial services, healthcare, manufacturing). Proven track record of leading large-scale technical transformations including platform migrations (Appliance → VIPRION → VELOS), automation adoption (Ansible/Terraform IaC), and zero-downtime security modernization initiatives. Direct CIO-level engagement in architectural decision-making, budget planning, and strategic technology roadmaps.

Architecture Scale: Managed environments supporting 10,000+ servers, 2,000+ virtual IPs across 35+ load balancer clusters, 8,000+ network devices globally, and 200+ international sites with downtime costs exceeding tens of thousands of dollars per minute.

Technical Leadership: Led cross-functional teams of 20+ engineers, established automation standards integrating multiple sources of truth (Infoblox DDI, Cisco ISE, SolarWinds, DHCP/DNS), pioneered AI-assisted development workflows for infrastructure code, and drove enterprise adoption of DevOps practices in traditionally change-averse environments.

Technical Competencies & Architecture Expertise

F5 Load Balancing & Application Delivery

• Platform Architecture: Complete lifecycle management from physical appliances through VIPRION chassis to VELOS modular architecture; designed and executed multi-generation migrations across 3 data centers with zero business impact
• Modules & Features: Expert-level implementation of LTM (Local Traffic Manager), GTM/DNS (Global Traffic Manager), ASM/Advanced WAF (Web Application Firewall), APM (Access Policy Manager with dynamic ACLs based on identity), AAM (Application Acceleration Manager)
• High Availability: Active-active and active-standby HA pair configurations, GTM-based GSLB (Global Server Load Balancing) with health monitoring, sub-second failover mechanisms, 99.99% uptime SLA achievement
• Automation & Orchestration: AS3 (Application Services 3) declarative configuration, Declarative Onboarding (DO), TMSH scripting for bulk operations, BIG-IQ centralized management for 35+ device clusters
• Custom Development: iRules development for complex traffic steering and content manipulation, iApps template creation for standardized application deployments, REST API integration for CI/CD pipelines
• Performance Optimization: SSL/TLS offload at scale, HTTP/2 and QUIC protocol support, RAM caching strategies, traffic compression, connection pooling, OneConnect profiles
• Migration Expertise: Cisco ACE → F5 conversion scripting and validation, Cisco 4700 → F5 migration planning, NetScaler interoperability and hybrid environments

Cisco Data Center & Campus Architecture

• ACI Fabric Design: Multi-tenant architecture (Tenants/VRFs/Bridge Domains/EPGs), contract-based microsegmentation, L3Out for external connectivity, EVPN/VXLAN overlay networks, Multi-Site Orchestrator for geographically distributed fabrics, Remote Leaf deployments
• Automation Interfaces: YANG data models, NETCONF/RESTCONF API integration with Ansible, ACI Cobra SDK for Python-based automation, Terraform ACI provider for infrastructure-as-code
• Nexus Platforms: Nexus 7000 (Fab1/Fab2 supervisors), Nexus 5000/6000, Nexus 2000 FEX, Nexus 9000 (ACI spine/leaf and standalone NX-OS), VDC (Virtual Device Context) segmentation
• Routing Protocols: iBGP/eBGP for security zone isolation and WAN connectivity, OSPF multi-area designs, EIGRP named mode, route filtering and policy-based routing, VRF-Lite and MPLS Layer 3 VPN
• Identity & Access: Cisco ISE (Identity Services Engine) 2.x through 3.x, 802.1X/MAB authentication, TrustSec/SGT tagging, pxGrid integration with firewalls and SIEM, profiling engines, TACACS+ device administration, EAP-TLS certificate-based authentication, PKI integration

Wireless Infrastructure

• Enterprise Deployments: End-to-end campus and branch wireless implementations; site surveys, RF planning/validation, coverage analysis, spectrum management
• Controller Platforms: Cisco WLC (Wireless LAN Controller) 5500/8500 series, Cisco Catalyst 9800, Aruba Controllers, Meraki cloud-managed, Mist AI-driven wireless
• Captive Portals: Guest and business network AUP sign-off workflows, client device qualification agents, integration with Beambox/Cisco/Aruba portal engines, SSO integration (wired and wireless clients)
• Integration: NAC integration with Cisco ISE, dynamic VLAN assignment, AAA/RADIUS backend, LWAP (Lightweight Access Point Protocol) tunneling

Security & Compliance Architecture

• Firewall Platforms: Cisco ASA (all models, multi-context mode), Checkpoint (SmartCenter, Quantum Maestro), Palo Alto NGFW, Juniper SRX, Cisco FWSM blade
• Policy Management: Tufin/SecureTrack policy orchestration, FireMon Policy Planner automation, entire lifecycle management (design, implementation, audit, decommission)
• Compliance Frameworks: PCI-DSS (Payment Card Industry Data Security Standard), HIPAA, DOE/DOD requirements, FedRAMP cloud security, NIST/ISO alignment
• TLS/Cipher Enforcement: Enterprise-wide TLS 1.0/1.1 elimination under federal mandate, cipher suite hardening, certificate lifecycle management, PKI infrastructure
• DMZ Architecture: Multi-tier DMZ segmentation, application-specific security zones, microsegmentation strategies, zero-trust network principles

Automation, DevOps & Infrastructure-as-Code

• Ansible: Playbook development for F5, Cisco ACI, ISE, and firewall automation; Ansible Tower/AWX for centralized orchestration; custom module development; dynamic inventory from multiple sources of truth
• Terraform: Provider usage for F5 (AS3/DO), Cisco ACI, Infoblox, cloud platforms (Azure); state management and remote backends; workspace strategies for environment separation
• CI/CD Integration: GitLab/GitHub Actions pipelines, automated linting (ansible-lint, tflint), validation testing, drift detection, automated rollback procedures
• Scripting: Python (network automation libraries: netmiko, NAPALM, paramiko), Perl, PowerShell, Bash; REST API consumption and development
• AI-Assisted Development: Pioneered use of Claude and GitHub Copilot for accelerated code generation; established validation and peer review workflows; developed policies for responsible AI use in infrastructure automation
• Multi-Source Truth Integration: Automated synchronization between Infoblox DDI, Cisco ISE identity stores, SolarWinds CMDB, DNS/DHCP systems, and network device configurations
• Version Control: Git workflows (feature branching, pull requests, code reviews), GitOps principles, infrastructure change management

VoIP & Unified Communications

• Platforms: Cisco Unified Communications Manager (CUCM) 2.x through 12.5, Webex Calling, Microsoft Teams (enterprise deployment), Avaya Communication Manager
• Gateway Integration: PSTN/POTS breakout, SIP trunking, MGCP and H.323 protocols, survivability and SRST
• QoS: End-to-end QoS design for voice and video, DSCP marking and trust boundaries, LLQ (Low Latency Queuing), call admission control
• Monitoring: NETSCOUT nGeniusOne for VoIP troubleshooting, Microsoft Teams Call Quality Dashboard, packet-level analysis with Wireshark

Monitoring, Observability & Analytics

• Network Performance Monitoring: NETSCOUT nGeniusOne/InfiniStream (2005-2023), SolarWinds Orion NPM, Nagios, Cacti, Zabbix
• Packet Capture: Gigamon network TAPs and aggregation (HD8, HD4, 2404, GigaVUE), SPAN/RSPAN configuration, Wireshark/tcpdump expert-level analysis
• Log Management: ELK Stack (Elasticsearch, Logstash, Kibana) for network device logs, syslog aggregation, custom dashboards for operations teams
• Application Performance: EMC Smarts for service impact analysis, F5 iHealth diagnostics, application flow mapping
• NetFlow/sFlow: Traffic analysis, bandwidth monitoring, anomaly detection, security threat identification

Enterprise Leadership & Operations

• Change Management: ITIL-aligned processes, change advisory board participation, risk assessment and mitigation strategies, rollback planning
• 24/7/365 Operations: On-call escalation as final technical authority during enterprise outages, incident command and crisis management, post-incident reviews
• Vendor Management: Direct engagement with Cisco, F5, Checkpoint, Microsoft TAC/Professional Services; contract negotiation and SOW development; escalation management for critical issues
• Team Development: Mentorship of junior to senior engineers, technical training program development, interview and hiring responsibilities, performance management
• Documentation: Architecture runbooks, design documents, as-built diagrams (Visio/Lucidchart), SOPs (Standard Operating Procedures), knowledge base articles
• Standards Development: Configuration baselines, naming conventions, NIST/ISO compliance frameworks, security policy templates, code review processes

Professional Experience

NETSCOUT & F5 SME / Consultant

• Product SME Consulting: Provide subject matter expertise to enterprise clients for NETSCOUT nGeniusOne and F5 BIG-IP platforms; conduct architecture reviews, capacity planning, and optimization recommendations
• Pre-Sales Engineering: Develop Statements of Work (SOW) and Bills of Materials (BOM) for client engagements; solution architecture and sizing; proof-of-concept design and validation
• Peer Supervision: Review and approve SOWs/BOMs created by consulting peers; ensure technical accuracy and alignment with client requirements and CDW capabilities

Sr. Network Engineer, F5 Subject Matter Expert

FedRAMP Hybrid Cloud Environment

• Multi-Vendor Platform Operations: Design, deployment, and operations for Cisco (wired/wireless/ISE), F5 (hardware and software), Checkpoint firewalls, Microsoft/Cloud DNS in FedRAMP-compliant environment
• Branch Office Deployments: Coordinated with client teams and vendors on branch builds integrating MPLS, DIA circuits, and cloud connectivity; standardized deployment templates and validation procedures
• F5 Journey Migrations: Executed F5 BIG-IP updates following journey methodology; hardware refreshes from legacy appliances to r-Series; software upgrades with comprehensive pre/post validation

Cloud-Native Automation

• API-Driven Infrastructure: Developed REST API integrations for cloud DNS provisioning, web server deployments, and F5 configuration management; implemented CI/CD pipelines for infrastructure changes
• AI-Assisted Development: Pioneered use of Claude (Anthropic) for generating outline code for Ansible playbooks, Python scripts, and C# applications; established validation workflows including linting, testing, and peer review before production deployment
• Multi-Source Truth Integration: Built automation bridging databases to Ansible, Python, Perl, and C# workflows; integrated DNS, DHCP, ISE identity data, SolarWinds CMDB, and live Cisco device APIs as authoritative sources

Compliance & Documentation

• Audit Readiness: Heavy focus on documentation for FedRAMP and internal audit requirements; maintained architecture diagrams, configuration baselines, and change records
• Firewall Policy Management: Conducted Checkpoint firewall policy audits; identified redundant/obsolete rules; documented security posture and recommended hardening measures

Sr. Network Engineer (Contractor)

• F5 & NetScaler Platform Engineering: Designated architect for load balancing platforms in large healthcare system; evaluated and recommended strategic direction for F5 vs. Citrix NetScaler footprint
• BIG-IQ Orchestration: Designed BIG-IQ management architecture for 20+ BIG-IP devices; automated device onboarding and configuration synchronization
• AppViewX Integration: Implemented AppViewX ADC+ for certificate lifecycle management and multi-vendor ADC orchestration; integrated with enterprise PKI and ServiceNow CMDB

Network Engineer, Transport Security Policy Engineering

FireMon Policy Automation

• Legacy Workflow Modernization: Analyzed legacy ticket-based firewall change process requiring manual site visits; designed and implemented automated workflow using FireMon Policy Planner, Python, Node.js, and JavaScript
• Technology Stack: Ubuntu Server, MySQL database for state management, ELK Stack (Elasticsearch, Logstash, Kibana) for logging and dashboarding; eliminated dozens of manual site visits per week
• Quantifiable Impact: Reduced firewall change processing time from hours/days to minutes; freed engineering resources for strategic projects; improved audit trail and compliance

Enterprise IaC Adoption

• Training Program Revision: Rewrote training curriculum to incorporate lightweight automation (Python scripting, basic Ansible); prepared enterprise for HashiCorp Terraform and Ansible Tower adoption
• Standards Development: Created coding standards, Git workflows, and CI/CD pipeline templates for network automation; established peer review process

Vendor Escalation Management

• TAC Liaison: Served as escalation point for Cisco, F5, Palo Alto, and Riverbed TAC interactions; ensured timely and effective resolution of critical issues affecting operations
• F5 BIG-IQ Expertise: Provided advanced troubleshooting for BIG-IQ management platform; designed backup/recovery procedures and high-availability configurations

Vice President – Network Applications Engineering, F5 Subject Matter Expert

F5 Platform Architecture & Evolution

• Multi-Generation Migrations: Architected and executed complete platform evolution: physical appliances (i5000/i7000) → VIPRION chassis (B2200/B4200 blades) → VELOS modular platform; zero-downtime cutovers for production traffic
• High Availability Design: Active-active HA pair configurations with sub-second failover; GTM-based GSLB for cross-data center resiliency; achieved 99.99% uptime SLA over 8-year period
• Module Deployments: LTM for application load balancing; GTM for global traffic management and disaster recovery; ASM/Advanced WAF for application security; APM with dynamic Layer 4/7 ACLs based on user identity (LDAP/AD integration); AAM for application acceleration
• Migration Automation: Developed AS3/DO templates and TMSH scripts for automated onboarding of 2,000+ virtual servers; reduced configuration time from hours to minutes; eliminated human error
• BIG-IQ Management: Deployed and operated BIG-IQ Centralized Management for 35+ device clusters; implemented automated discovery, configuration backup, and compliance reporting
• F5 Professional Services Coordination: Managed F5 PS engagements for hardware refreshes to r-Series and i-Series platforms; developed project plans, risk mitigation strategies, and acceptance test procedures

Network Automation & DevOps Transformation

• Automation Strategy Leadership: Led enterprise-wide development of automation standards integrating Ansible and Terraform; established coding standards, Git workflows, and CI/CD pipelines
• Cisco ACI Integration: Deep integration with Cisco ACI fabric via YANG data models and NETCONF/RESTCONF APIs; automated VLAN, EPG, and contract provisioning synchronized with F5 virtual server deployments
• Multi-Source Truth Architecture: Designed and implemented automation platform integrating multiple authoritative data sources:
  • Infoblox DDI for IP address management and DNS records
  • Cisco ISE for identity and device profiling data
  • BIG-IQ for F5 configuration state
  • Tufin for firewall policy orchestration (Checkpoint backends)
  • SolarWinds for CMDB and monitoring data
  • Cloud REST APIs (Azure, AWS) for hybrid deployments
• Ansible Tower Deployment: Implemented Ansible Tower for role-based access control, job scheduling, and credential management; integrated with LDAP/AD for SSO authentication
• Terraform Enterprise: Deployed Terraform Enterprise with remote state backends (Azure Blob Storage); implemented workspace strategies for dev/test/prod environment separation

VoIP & Unified Communications Architecture

• Multi-Platform Deployments: Architected VoIP systems spanning Cisco Unified Communications Manager (CUCM), Webex Calling, and Microsoft Teams; designed SIP trunk integration and PSTN gateway failover
• QoS & Performance: End-to-end QoS design for voice/video traffic; DSCP marking policies; LLQ configuration; diagnosed and resolved latency, jitter, and packet loss issues impacting call quality
• Cloud Integration: Integrated cloud-based services (Webex, Teams) with on-premise telephony to deliver conventional handset experience; designed split-tunnel VPN policies for remote workers
• Monitoring & Troubleshooting: Implemented NETSCOUT nGeniusOne for VoIP traffic analysis; deployed Microsoft Teams Call Quality Dashboard; packet-level troubleshooting with Wireshark for RTP/SIP flows
• Testing & Validation: Developed comprehensive test plans for new VoIP products integrating with legacy environment; conducted load testing and failover validation

Security Modernization & Routing Protocol Migration

• BGP-Only Architecture: Led strategic initiative to transition routing architecture from mixed OSPF/EIGRP to iBGP/eBGP-only design; supported security modernization project requiring strict zone isolation
• Routing Protocol Expertise: Designed BGP route filtering, AS-path manipulation, and community tagging strategies; implemented OSPF multi-area designs and EIGRP named mode configurations in earlier phases
• Checkpoint Firewall Deployment: Designed and deployed Checkpoint firewall clusters; integrated with Tufin for policy management and change workflow automation
• Infoblox DDI Platform: Architected Infoblox DNS, DHCP, and IPAM platform; developed REST API integrations for automated IP allocation and DNS record management
• Silver Peak WAN Optimization: Designed and deployed Silver Peak appliances for WAN acceleration; validated application performance improvements

Large-Scale Wi-Fi & Captive Portal Deployments

• Mist AI-Driven Wireless: Led deployment of Mist wireless platform with AI-driven RF optimization and location services; integrated with Cisco ISE for 802.1X authentication
• Captive Portal Development: Designed public and private captive portal workflows for guest access and business network AUP sign-off; developed backend automation for device qualification and sponsor approval
• Multi-Vendor Implementations: Deployed wireless solutions from Beambox, Cisco (WLC and Meraki), and Aruba; maintained consistent user experience across platforms
• SSO Integration: Integrated client-side and server-side single sign-on for seamless wired and wireless network access; SAML and RADIUS-based authentication flows

TLS/Cipher Policy Enforcement (Major Project)

• Federal Mandate Compliance: Led enterprise-wide TLS 1.0/1.1 elimination project under federal mandate with aggressive 6-month timeline; 2+ years of prior investigation and planning
• Application Impact Analysis: Conducted comprehensive inventory of applications using legacy TLS; collaborated with application teams to remediate or mitigate risks
• Cipher Suite Hardening: Enforced PCI-compliant cipher suites across all internet-facing services; eliminated weak ciphers (3DES, RC4) and deprecated protocols (SSLv3)
• Remediation Automation: Developed automated scanning and remediation tools; provided dashboards showing compliance status and risk exposure
• Certificate Management: Implemented enterprise PKI with automated certificate lifecycle management; integrated with F5 APM and Checkpoint firewalls for mutual TLS authentication

Office 365 Messaging DMZ Migration (Major Project, 2021)

• Project Challenge: Transition to Office 365 cloud-based messaging while maintaining on-premise security controls; project had numerous consultants with limited progress
• Architecture Design: Designed Messaging DMZ architecture following Microsoft and Northern Trust security models; hybrid Exchange deployment with mail flow routing
• Multi-Team Leadership: Provided single-point technical leadership coordinating teams with divergent approaches; resolved architectural conflicts and established unified implementation path
• Zero-Downtime Execution: Successfully transitioned to Messaging DMZ (May-Sept 2021) with zero business impact; 30,000+ mailboxes migrated with transparent user experience
• Risk Mitigation: "Protected the enterprise from Microsoft Consulting" by identifying and preventing risky recommendations; established guardrails and validation procedures

Operational Excellence & Team Leadership

• Change Management: Supervised complex change processes across Load Balancers, Firewalls, DNS (Infoblox), and Proxies (Riverbed, Zscaler); trained operations teams on coexistence in multi-vendor environment
• 24/7/365 Support: Final technical escalation point for enterprise outages; incident command during critical incidents; post-mortem facilitation and remediation tracking
• Team Management: Indirect management of 20+ engineers across multiple vendor teams; direct management of shifts and technical work assignments; mentored junior engineers to senior levels
• Technical Interviewing: Conducted technical interviews for infrastructure department hiring; assessed candidates across network, security, and automation domains
• Process Improvement: Active participant in review and rework of internal processes; championed automation adoption and DevOps culture transformation
• Business Engagement: Regular interaction with business units (non-IT) to explain technology improvements and align with enterprise goals; simplified business processes through proper IT management tool usage

Monitoring & Observability Platform

• ELK Stack Deployment: Deployed Elasticsearch, Logstash, and Kibana for network device log aggregation; designed proper network zoning and sizing for scale
• Azure Dashboards: Developed Azure and ELK dashboards for complex network monitoring; integrated with F5 iStats, Cisco ACI fabric health, and firewall logs
• Packet Monitoring: Led design of application definitions for packet-level monitoring across all lifecycle phases; integrated with NETSCOUT probes
• Performance Analysis: Packet-level troubleshooting with Wireshark for application performance issues; collaborated with development teams on optimization

DMZ Architecture & Application Consulting

• DMZ Design Projects: Architected new DMZs for specific application roles; delivered exquisite detail in implementation and design plans to operations teams; conducted hand-off training
• Day-to-Day Consulting: Advised application teams on DR (Disaster Recovery) and high availability design aligned with Northern Trust standards; provided strategic design guidance for hundreds of application deployments and reworks annually
• Standard Lexicon: Established enterprise-wide standard terminology for application layout descriptions; improved communication between architecture, operations, and application teams

Network Design and Deployment Engineer

• Greenfield DMVPN Design: From zero to production: architected dual-cloud DMVPN solution integrating new MPLS network with existing DIA and LTE technologies for redundant WAN connectivity
• Rapid Delivery: Completed architecture, design, and documentation in two weeks; provided turn-up support and troubleshooting before production cutover
• Technology Stack: Cisco ISR 4451-X and 4431 routers with DMVPN Phase 3, EIGRP named mode, IPsec encryption; Riverbed WAN optimization appliances

Designated Network Engineer

Global Service Provider Support

• International MPLS Network: Expert troubleshooting and process support for global service provider contract supporting 200+ sites across continents; downtime costs in tens of thousands of dollars per minute
• Multi-Vendor Coordination: Detailed oversight of provider relationships with AT&T, Tata Communications, and Verizon; escalation management and SLA enforcement
• Reporting & Analytics: Developed T-SQL scripts to integrate data from multiple monitoring products (SolarWinds, NetScout, Cisco) for CIO-suitable reports on uptime, performance, and top application usage

Monitoring Platform Consolidation

• SolarWinds Architecture: Built unified SolarWinds Orion platform (single database, multi-poller architecture) consolidating disparate monitoring systems; improved MTTR (Mean Time To Resolution) for incidents
• Documentation Integration: Integrated Visio diagrams and documentation into SolarWinds GUI; automated creation of network maps from discovery data
• Wireless Inventory: Developed inventory process for 2,700+ lightweight and standalone wireless access points; tracked serial numbers, locations, and configurations

Technology Migrations

• Cisco 4700 ACE → F5 Migration: Planned and scripted migration from Cisco ACE load balancers to F5 BIG-IP; developed conversion tools and validation procedures
• NETSCOUT Deployment: Implemented NETSCOUT probes, servers, and InfiniStream collectors for application performance monitoring; packet-level visibility into Citrix, web servers, database traffic
• Network Stack: Daily troubleshooting of LWAP controllers, Cisco 4700 load balancers, Nexus 7k/6k/5k/2k, ASR and classic routers; ASA firewalls of all sizes; VMware networking issues

Network Rebuild Architect

Data Center Architecture

• Nexus Design: Cisco Nexus 6001 core, Nexus 5548P distribution with Layer 3 daughter cards, Nexus 2000 Series FEX (Fabric Extenders) for access layer
• Routing & Switching: BGP for external connectivity, OSPF for internal routing, EIGRP for legacy integration; VRFs and VDCs for multi-tenancy; Layer 2 and Layer 3 redesign with VLAN reconciliation
• QoS Audit: Conducted comprehensive QoS audit and redesign; implemented DSCP marking, queuing, and policing policies

F5 & Security

• F5 Active/Active Design: Redesigned F5 architecture for active/active load balancing with GTM-based failover; eliminated single points of failure
• Dynamic Access Control: Achieved dynamic Layer 4 and Layer 7 ACLs on F5 APM based on user identity (LDAP lookups); eliminated static IP-based firewall rules
• Cisco ASA: Configured and hardened ASA firewalls; provided security architecture recommendations
• DMZ Isolation: Designed multi-tier DMZ architecture with strict segmentation; extensive documentation for audit compliance

Physical Infrastructure

• Rack & Stack: Rack organization, wire management, cabinet standardization to latest best practices; remediation of grounding and telco handoff issues
• Troubleshooting: Resolved legacy network issues (spanning-tree loops, routing blackholes) to enable clean transition to new architecture

Network Acceleration and Optimization Consultant

• WAN Acceleration: Responsible for Cisco WAAS (Wide Area Application Services) 5.1, Akamai CDN integration, and F5 application acceleration (iApps); supported 3 geographically distributed data centers
• Packet Inspection: Layer 3-7 packet analysis for application performance troubleshooting; used Gigamon infrastructure feeding multiple analysis tools (NETSCOUT, Wireshark, Riverbed Cascade)
• SDN Initiatives: Collaborated on Software Defined Networking projects; focused on F5 iControl API and Cisco next-generation platforms; developed migration scripts from Cisco ACE to F5 using iControl REST API
• Dynamic Access Control: Implemented F5 APM with dynamic Layer 4/7 ACLs based on user identity, IP address, and group membership (LDAP/database integration)

F5 SME & ASA Security Architect

F5 Subject Matter Expert

• SME Role: Go-to expert for all F5 design and operational questions requiring immediate answers; covered LTM, GTM, APM, AAM, and ASM modules
• Template Standardization: Developed standard templates fitting all designs into consistent review process; reduced configuration errors and deployment time
• High-Value VIPs: Command-line and GUI editing of active virtual servers for high-value websites with zero-downtime requirements; on-call for emergency changes
• iRules Development: Custom iRules authorship and peer review; complex traffic steering, content manipulation, and security policies

ASA Security Architecture

• Border & Interior Firewalls: Subject matter expert for Cisco ASA deployments protecting corporate information assets; border firewalls and internal zone segmentation
• Entire Lifecycle Management: Policy definition, design, deployment (GUI/CLI), ongoing monitoring, and decommission planning; heavily documented under change control
• Compliance Frameworks: Audited under DOE, DOD, HIPAA, and PCI regulatory frameworks; maintained compliance and passed audits
• Routing & VPN: OSPF routing on ASAs, B2B IPsec tunnel creation and management, remote access VPN with AnyConnect, integration with IDS/IPS systems
• Checkpoint Migration: Created and validated firewall rules converted from Checkpoint to Cisco ASA; tested with application teams before production cutover

Data Center Migration Projects

• Zurich/Farmers Insurance: Supported migration of insurance groups into Chicago Data Center with 4,800+ Nexus 7k/5k/2k switch ports; configuration changes on Nexus 7k/5k, routing/switching troubleshooting
• Multi-Vendor Environment: Worked with Cisco, Juniper (routers/switches/firewalls), Brocade (Ethernet switches and SAN), HP, and VMware virtual switching
• Network Edge: Configuration and operations for Juniper MX/M/T/E-series and Cisco ASR/12k routers on network edge; multi-client environment with many BGP routing instances (eBGP/iBGP) and OSPF

Earlier Career Highlights (1993-2011)

Video IP Engineering, Frontier/Verizon FiOS (2010-2011)

• Supported video head-end operations for 200k FiOS TV subscribers; multicast video distribution in HD/SD; Cisco 6500 fabric and CDS (Content Delivery System); SEACHANGE video-on-demand servers
• Managed full enterprise restart during Verizon-to-Frontier spinoff; 30% documentation, 30% architecture, 40% operations

General Electric Consumer & Industrial, Global IT (2005-2008)

• Global team member responsible for 8,000 Cisco devices, 2,000 circuits, and 30,000 end users across 3 x 100k sq ft data centers
• F5 design for GEAPPLIANCES.COM and GELIGHTING.COM global websites; LTM, GTM, and iRules development
• EMC Smarts deployment for network and application performance monitoring; custom dashboard development
• Led zero-downtime DHCP environment upgrade (Cisco CNR) servicing 15,000 devices and 250+ sites
• Acquisition integration projects: moved/consolidated sites from 5-person offices to 800-person call centers; on-site project management

On Site Computer Company LLC, Principal Architect (1997-2003)

• Cisco network architecture for SMB clients (up to 500 desktops, 20 locations); Cisco IOS and PIX firewalls
• Wireless MAN/WAN/LAN deployments (Wi-Fi, Proxim Tsunami) for municipal and corporate clients (up to 500 users)
• Web hosting provider operations: 50 websites on Microsoft IIS/Terminal Services/SQL/Exchange
• Principal architect and developer of web-based solutions: Access, ASP, VB .NET, PHP, IIS, MS SQL, MySQL, AS/400

Key Technical Projects

Office 365 Messaging DMZ Migration (Northern Trust, 2021)

• Challenge: Migrate 30,000+ mailboxes to Office 365 cloud while maintaining on-premise security controls; project stalled with numerous consultants producing limited results
• Approach: Designed hybrid Exchange/Office 365 architecture with Messaging DMZ; unified divergent team approaches; established clear technical path forward
• Technologies: Microsoft Exchange hybrid deployment, F5 LTM for mail flow load balancing, Checkpoint firewalls for DMZ security, Azure ExpressRoute for cloud connectivity
• Outcome: Zero-downtime migration completed May-Sept 2021; transparent user experience; eliminated risky Microsoft Consulting recommendations

TLS 1.0/1.1 Elimination (Northern Trust, 2019-2020)

• Challenge: Federal mandate requiring TLS 1.0/1.1 elimination in 6-month timeframe; 2+ years of investigation and application inventory completed prior
• Approach: Comprehensive application impact analysis; cipher suite hardening to PCI standards; automated scanning and remediation tools
• Technologies: F5 SSL/TLS profiles, Qualys SSL Labs scanning, custom Python scripts for configuration audits, PKI certificate management
• Outcome: Enterprise-wide compliance achieved on schedule; zero business impact; eliminated legacy weak ciphers (3DES, RC4, SSLv3)

Automation Platform Development (Northern Trust, 2018-2023)

• Challenge: Manual configuration processes error-prone and slow; lack of consistency across platforms; no integration between systems of record
• Approach: Developed enterprise automation standards using Ansible and Terraform; integrated multiple sources of truth (Infoblox, ISE, BIG-IQ, Tufin); established CI/CD pipelines
• Technologies: Ansible Tower, Terraform Enterprise, GitLab CI/CD, Python, YANG/NETCONF for Cisco ACI, F5 AS3/DO, REST APIs
• Outcome: Configuration time reduced from hours to minutes; human errors eliminated; drift detection and automated rollback; AI-assisted development adoption

Data Center Network Rebuild (Golden Rule/UHG, 2013-2014)

• Challenge: Aging infrastructure with high power/cooling costs; 300-host environment requiring modernization
• Approach: Architected Cisco Nexus solution (6001 core, 5548P distro, 2000 FEX) replacing larger 7k/5k/2k footprint
• Technologies: Nexus platform with VDCs/VRFs, F5 active/active load balancing, Cisco ASA firewalls, BGP/OSPF routing
• Outcome: Completed in under 60 days; significant space/power savings; no performance sacrifice for 3,000 users

Certifications

• Cisco Certifications: CCNP (Network Professional), CCDP (Design Professional), CCSP (Security Professional), CCSP (Sales Professional) - All currently obsolete
• F5 Certifications: F5 Certified Product Consultant (v9, v10), F5 Certified System Engineer (v9, v10, v11) - All currently obsolete
• Juniper: JNCIA Candidate (Junos OS)
• Microsoft: Microsoft Certified Engineer (1998), Microsoft Product Specialist - Windows 95, NT Workstation 4.0 (1999) - Obsolete
• Professional Development: Train the Trainer (Learning Tree International)
• Note: While many formal certifications have reached obsolescence, hands-on expertise remains current through continuous professional engagement with latest platform versions and technologies

Technical Toolset Summary

Network Platforms (Detailed Experience)

• F5 BIG-IP: All physical appliances (i-Series, r-Series), VIPRION chassis (B2200/B4200 blades), VELOS modular platform; LTM, GTM, ASM, APM, AAM modules; versions 9.x through 17.x
• Cisco Switches: Catalyst 2900/3560/3750/4500/6500 (CatIOS and IOS), Nexus 1000v/2000 FEX/4000/5000/6000/7000/9000 (NX-OS and ACI), VSS (Virtual Switching System)
• Cisco Routers: ISR 800/1800/2800/2900/3800/3900/4400/4500, ASR 1000/9000, Catalyst 4500-X/6500 MSFC, XR 12000 (IOS-XR with RPL), 7200/7300/7400/7600
• Cisco Data Center: ACI fabric (spine/leaf), Nexus platforms, VDC/VRF segmentation, EVPN/VXLAN overlays, Multi-Site Orchestrator
• Firewalls: Cisco PIX/ASA (all models, multi-context), Checkpoint (SmartCenter, Quantum Maestro), Palo Alto NGFW, Juniper SRX 100-5800, Cisco FWSM
• Wireless: Cisco WLC 5500/8500, Catalyst 9800, Cisco Meraki, Aruba Controllers, Mist AI-driven, LWAP 802.11a/b/g/n/ac/ax
• Identity: Cisco ISE 2.x/3.x, RADIUS/TACACS+, 802.1X/MAB, TrustSec/SGT, pxGrid, certificate-based auth

Automation & Scripting

• Configuration Management: Ansible (playbooks, roles, Tower/AWX), Terraform (multiple providers), Git/GitLab/GitHub
• Languages: Python (netmiko, NAPALM, requests, paramiko), Perl, PowerShell, Bash, VBScript, C#, VB.NET
• APIs: REST (F5, Cisco ACI, Infoblox, Checkpoint, Azure, AWS), NETCONF/RESTCONF (YANG models), SOAP
• Databases: MS SQL Server (T-SQL stored procedures), MySQL, PostgreSQL, Oracle

Monitoring & Analysis

• NPM: NETSCOUT nGeniusOne/InfiniStream (2005-2023), SolarWinds Orion NPM, Nagios, Cacti, Zabbix
• Packet Capture: Gigamon (HD8/HD4/2404), Wireshark/tcpdump (expert-level), SPAN/RSPAN
• Logging: ELK Stack (Elasticsearch, Logstash, Kibana), Splunk, syslog-ng
• APM: EMC Smarts, F5 iHealth, NetFlow/sFlow, application flow mapping

Cloud & Virtualization

• VMware: vSphere, vMotion, distributed switches, NSX-T
• Cloud Platforms: Azure (ExpressRoute, VNet, ARM templates), AWS (VPC, Transit Gateway)
• Containers: Docker, Kubernetes (basic operational knowledge)