Christopher W Hull
LA PORTE, INDIANA | UNITED STATES
christopherwhull@hotmail.com | 219 613 3785
www.christopherwhull.com
Network Architecture & Engineering — F5 Subject Matter Expert
Executive Technical Summary
Senior Network Architect and F5 Subject Matter Expert with over 20 years of hands-on experience architecting, deploying, and operating enterprise-scale infrastructure in highly regulated environments (financial services, healthcare, manufacturing). Proven track record of leading large-scale technical transformations including platform migrations (Appliance → VIPRION → VELOS), automation adoption (Ansible/Terraform IaC), and zero-downtime security modernization initiatives. Direct CIO-level engagement in architectural decision-making, budget planning, and strategic technology roadmaps.
Architecture Scale: Managed environments supporting 10,000+ servers, 2,000+ virtual IPs across 35+ load balancer clusters, 8,000+ network devices globally, and 200+ international sites with downtime costs exceeding tens of thousands of dollars per minute.
Technical Leadership: Led cross-functional teams of 20+ engineers, established automation standards integrating multiple sources of truth (Infoblox DDI, Cisco ISE, SolarWinds, DHCP/DNS), pioneered AI-assisted development workflows for infrastructure code, and drove enterprise adoption of DevOps practices in traditionally change-averse environments.
Technical Competencies & Architecture Expertise
F5 Load Balancing & Application Delivery
- Platform Architecture: Complete lifecycle management from physical appliances through VIPRION chassis to VELOS modular architecture; designed and executed multi-generation migrations across 3 data centers with zero business impact
- Modules & Features: Expert-level implementation of LTM (Local Traffic Manager), GTM/DNS (Global Traffic Manager), ASM/Advanced WAF (Web Application Firewall), APM (Access Policy Manager with dynamic ACLs based on identity), AAM (Application Acceleration Manager)
- High Availability: Active-active and active-standby HA pair configurations, GTM-based GSLB (Global Server Load Balancing) with health monitoring, sub-second failover mechanisms, 99.99% uptime SLA achievement
- Automation & Orchestration: AS3 (Application Services 3) declarative configuration, Declarative Onboarding (DO), TMSH scripting for bulk operations, BIG-IQ centralized management for 35+ device clusters
- Custom Development: iRules development for complex traffic steering and content manipulation, iApps template creation for standardized application deployments, REST API integration for CI/CD pipelines
- Performance Optimization: SSL/TLS offload at scale, HTTP/2 and QUIC protocol support, RAM caching strategies, traffic compression, connection pooling, OneConnect profiles
- Migration Expertise: Cisco ACE → F5 conversion scripting and validation, Cisco 4700 → F5 migration planning, NetScaler interoperability and hybrid environments
Cisco Data Center & Campus Architecture
- ACI Fabric Design: Multi-tenant architecture (Tenants/VRFs/Bridge Domains/EPGs), contract-based microsegmentation, L3Out for external connectivity, EVPN/VXLAN overlay networks, Multi-Site Orchestrator for geographically distributed fabrics, Remote Leaf deployments
- Automation Interfaces: YANG data models, NETCONF/RESTCONF API integration with Ansible, ACI Cobra SDK for Python-based automation, Terraform ACI provider for infrastructure-as-code
- Nexus Platforms: Nexus 7000 (Fab1/Fab2 supervisors), Nexus 5000/6000, Nexus 2000 FEX, Nexus 9000 (ACI spine/leaf and standalone NX-OS), VDC (Virtual Device Context) segmentation
- Routing Protocols: iBGP/eBGP for security zone isolation and WAN connectivity, OSPF multi-area designs, EIGRP named mode, route filtering and policy-based routing, VRF-Lite and MPLS Layer 3 VPN
- Identity & Access: Cisco ISE (Identity Services Engine) 2.x through 3.x, 802.1X/MAB authentication, TrustSec/SGT tagging, pxGrid integration with firewalls and SIEM, profiling engines, TACACS+ device administration, EAP-TLS certificate-based authentication, PKI integration
Wireless Infrastructure
- Enterprise Deployments: End-to-end campus and branch wireless implementations; site surveys, RF planning/validation, coverage analysis, spectrum management
- Controller Platforms: Cisco WLC (Wireless LAN Controller) 5500/8500 series, Cisco Catalyst 9800, Aruba Controllers, Meraki cloud-managed, Mist AI-driven wireless
- Captive Portals: Guest and business network AUP sign-off workflows, client device qualification agents, integration with Beambox/Cisco/Aruba portal engines, SSO integration (wired and wireless clients)
- Integration: NAC integration with Cisco ISE, dynamic VLAN assignment, AAA/RADIUS backend, LWAP (Lightweight Access Point Protocol) tunneling
Security & Compliance Architecture
- Firewall Platforms: Cisco ASA (all models, multi-context mode), Checkpoint (SmartCenter, Quantum Maestro), Palo Alto NGFW, Juniper SRX, Cisco FWSM blade
- Policy Management: Tufin/SecureTrack policy orchestration, FireMon Policy Planner automation, entire lifecycle management (design, implementation, audit, decommission)
- Compliance Frameworks: PCI-DSS (Payment Card Industry Data Security Standard), HIPAA, DOE/DOD requirements, FedRAMP cloud security, NIST/ISO alignment
- TLS/Cipher Enforcement: Enterprise-wide TLS 1.0/1.1 elimination under federal mandate, cipher suite hardening, certificate lifecycle management, PKI infrastructure
- DMZ Architecture: Multi-tier DMZ segmentation, application-specific security zones, microsegmentation strategies, zero-trust network principles
Automation, DevOps & Infrastructure-as-Code
- Ansible: Playbook development for F5, Cisco ACI, ISE, and firewall automation; Ansible Tower/AWX for centralized orchestration; custom module development; dynamic inventory from multiple sources of truth
- Terraform: Provider usage for F5 (AS3/DO), Cisco ACI, Infoblox, cloud platforms (Azure); state management and remote backends; workspace strategies for environment separation
- CI/CD Integration: GitLab/GitHub Actions pipelines, automated linting (ansible-lint, tflint), validation testing, drift detection, automated rollback procedures
- Scripting: Python (network automation libraries: netmiko, NAPALM, paramiko), Perl, PowerShell, Bash; REST API consumption and development
- AI-Assisted Development: Pioneered use of Claude and GitHub Copilot for accelerated code generation; established validation and peer review workflows; developed policies for responsible AI use in infrastructure automation
- Multi-Source Truth Integration: Automated synchronization between Infoblox DDI, Cisco ISE identity stores, SolarWinds CMDB, DNS/DHCP systems, and network device configurations
- Version Control: Git workflows (feature branching, pull requests, code reviews), GitOps principles, infrastructure change management
VoIP & Unified Communications
- Platforms: Cisco Unified Communications Manager (CUCM) 2.x through 12.5, Webex Calling, Microsoft Teams (enterprise deployment), Avaya Communication Manager
- Gateway Integration: PSTN/POTS breakout, SIP trunking, MGCP and H.323 protocols, survivability and SRST
- QoS: End-to-end QoS design for voice and video, DSCP marking and trust boundaries, LLQ (Low Latency Queuing), call admission control
- Monitoring: NETSCOUT nGeniusOne for VoIP troubleshooting, Microsoft Teams Call Quality Dashboard, packet-level analysis with Wireshark
Monitoring, Observability & Analytics
- Network Performance Monitoring: NETSCOUT nGeniusOne/InfiniStream (2005-2023), SolarWinds Orion NPM, Nagios, Cacti, Zabbix
- Packet Capture: Gigamon network TAPs and aggregation (HD8, HD4, 2404, GigaVUE), SPAN/RSPAN configuration, Wireshark/tcpdump expert-level analysis
- Log Management: ELK Stack (Elasticsearch, Logstash, Kibana) for network device logs, syslog aggregation, custom dashboards for operations teams
- Application Performance: EMC Smarts for service impact analysis, F5 iHealth diagnostics, application flow mapping
- NetFlow/sFlow: Traffic analysis, bandwidth monitoring, anomaly detection, security threat identification
Enterprise Leadership & Operations
- Change Management: ITIL-aligned processes, change advisory board participation, risk assessment and mitigation strategies, rollback planning
- 24/7/365 Operations: On-call escalation as final technical authority during enterprise outages, incident command and crisis management, post-incident reviews
- Vendor Management: Direct engagement with Cisco, F5, Checkpoint, Microsoft TAC/Professional Services; contract negotiation and SOW development; escalation management for critical issues
- Team Development: Mentorship of junior to senior engineers, technical training program development, interview and hiring responsibilities, performance management
- Documentation: Architecture runbooks, design documents, as-built diagrams (Visio/Lucidchart), SOPs (Standard Operating Procedures), knowledge base articles
- Standards Development: Configuration baselines, naming conventions, NIST/ISO compliance frameworks, security policy templates, code review processes
Professional Experience
NETSCOUT & F5 SME / Consultant
CDW Enterprise Consulting | Aug 2025 – Current
- Product SME Consulting: Provide subject matter expertise to enterprise clients for NETSCOUT nGeniusOne and F5 BIG-IP platforms; conduct architecture reviews, capacity planning, and optimization recommendations
- Pre-Sales Engineering: Develop Statements of Work (SOW) and Bills of Materials (BOM) for client engagements; solution architecture and sizing; proof-of-concept design and validation
- Peer Supervision: Review and approve SOWs/BOMs created by consulting peers; ensure technical accuracy and alignment with client requirements and CDW capabilities
Sr. Network Engineer, F5 Subject Matter Expert
Rolls-Royce North America / British Telecom Federal (via Insight Global) | July 2024 – March 2025
FedRAMP Hybrid Cloud Environment
- Multi-Vendor Platform Operations: Design, deployment, and operations for Cisco (wired/wireless/ISE), F5 (hardware and software), Checkpoint firewalls, Microsoft/Cloud DNS in FedRAMP-compliant environment
- Branch Office Deployments: Coordinated with client teams and vendors on branch builds integrating MPLS, DIA circuits, and cloud connectivity; standardized deployment templates and validation procedures
- F5 Journey Migrations: Executed F5 BIG-IP updates following journey methodology; hardware refreshes from legacy appliances to r-Series; software upgrades with comprehensive pre/post validation
Cloud-Native Automation
- API-Driven Infrastructure: Developed REST API integrations for cloud DNS provisioning, web server deployments, and F5 configuration management; implemented CI/CD pipelines for infrastructure changes
- AI-Assisted Development: Pioneered use of Claude (Anthropic) for generating outline code for Ansible playbooks, Python scripts, and C# applications; established validation workflows including linting, testing, and peer review before production deployment
- Multi-Source Truth Integration: Built automation bridging databases to Ansible, Python, Perl, and C# workflows; integrated DNS, DHCP, ISE identity data, SolarWinds CMDB, and live Cisco device APIs as authoritative sources
Compliance & Documentation
- Audit Readiness: Heavy focus on documentation for FedRAMP and internal audit requirements; maintained architecture diagrams, configuration baselines, and change records
- Firewall Policy Management: Conducted Checkpoint firewall policy audits; identified redundant/obsolete rules; documented security posture and recommended hardening measures
Sr. Network Engineer (Contractor)
Advocate Aurora Health (via HireTalent) | June 2024 – July 2024
- F5 & NetScaler Platform Engineering: Designated architect for load balancing platforms in large healthcare system; evaluated and recommended strategic direction for F5 vs. Citrix NetScaler footprint
- BIG-IQ Orchestration: Designed BIG-IQ management architecture for 20+ BIG-IP devices; automated device onboarding and configuration synchronization
- AppViewX Integration: Implemented AppViewX ADC+ for certificate lifecycle management and multi-vendor ADC orchestration; integrated with enterprise PKI and ServiceNow CMDB
Network Engineer, Transport Security Policy Engineering
H3Technologies / Verizon (Contractor) | Sept 2023 – Jan 2024
FireMon Policy Automation
- Legacy Workflow Modernization: Analyzed legacy ticket-based firewall change process requiring manual site visits; designed and implemented automated workflow using FireMon Policy Planner, Python, Node.js, and JavaScript
- Technology Stack: Ubuntu Server, MySQL database for state management, ELK Stack (Elasticsearch, Logstash, Kibana) for logging and dashboarding; eliminated dozens of manual site visits per week
- Quantifiable Impact: Reduced firewall change processing time from hours/days to minutes; freed engineering resources for strategic projects; improved audit trail and compliance
Enterprise IaC Adoption
- Training Program Revision: Rewrote training curriculum to incorporate lightweight automation (Python scripting, basic Ansible); prepared enterprise for HashiCorp Terraform and Ansible Tower adoption
- Standards Development: Created coding standards, Git workflows, and CI/CD pipeline templates for network automation; established peer review process
Vendor Escalation Management
- TAC Liaison: Served as escalation point for Cisco, F5, Palo Alto, and Riverbed TAC interactions; ensured timely and effective resolution of critical issues affecting operations
- F5 BIG-IQ Expertise: Provided advanced troubleshooting for BIG-IQ management platform; designed backup/recovery procedures and high-availability configurations
Vice President – Network Applications Engineering, F5 Subject Matter Expert
The Northern Trust | April 2015 – Aug 2023
Environment Scale: Large financial institution with 10,000+ servers, 2,000+ virtual IPs (WIDEIPs), 35+ F5 load balancer clusters across 3 geographically distributed data centers. Direct CIO-level engagement on architecture and funding decisions for DMZ and internal network zones.
F5 Platform Architecture & Evolution
- Multi-Generation Migrations: Architected and executed complete platform evolution: physical appliances (i5000/i7000) → VIPRION chassis (B2200/B4200 blades) → VELOS modular platform; zero-downtime cutovers for production traffic
- High Availability Design: Active-active HA pair configurations with sub-second failover; GTM-based GSLB for cross-data center resiliency; achieved 99.99% uptime SLA over 8-year period
- Module Deployments: LTM for application load balancing; GTM for global traffic management and disaster recovery; ASM/Advanced WAF for application security; APM with dynamic Layer 4/7 ACLs based on user identity (LDAP/AD integration); AAM for application acceleration
- Migration Automation: Developed AS3/DO templates and TMSH scripts for automated onboarding of 2,000+ virtual servers; reduced configuration time from hours to minutes; eliminated human error
- BIG-IQ Management: Deployed and operated BIG-IQ Centralized Management for 35+ device clusters; implemented automated discovery, configuration backup, and compliance reporting
- F5 Professional Services Coordination: Managed F5 PS engagements for hardware refreshes to r-Series and i-Series platforms; developed project plans, risk mitigation strategies, and acceptance test procedures
Network Automation & DevOps Transformation
- Automation Strategy Leadership: Led enterprise-wide development of automation standards integrating Ansible and Terraform; established coding standards, Git workflows, and CI/CD pipelines
- Cisco ACI Integration: Deep integration with Cisco ACI fabric via YANG data models and NETCONF/RESTCONF APIs; automated VLAN, EPG, and contract provisioning synchronized with F5 virtual server deployments
- Multi-Source Truth Architecture: Designed and implemented automation platform integrating multiple authoritative data sources:
• Infoblox DDI for IP address management and DNS records
• Cisco ISE for identity and device profiling data
• BIG-IQ for F5 configuration state
• Tufin for firewall policy orchestration (Checkpoint backends)
• SolarWinds for CMDB and monitoring data
• Cloud REST APIs (Azure, AWS) for hybrid deployments
- Ansible Tower Deployment: Implemented Ansible Tower for role-based access control, job scheduling, and credential management; integrated with LDAP/AD for SSO authentication
- Terraform Enterprise: Deployed Terraform Enterprise with remote state backends (Azure Blob Storage); implemented workspace strategies for dev/test/prod environment separation
VoIP & Unified Communications Architecture
- Multi-Platform Deployments: Architected VoIP systems spanning Cisco Unified Communications Manager (CUCM), Webex Calling, and Microsoft Teams; designed SIP trunk integration and PSTN gateway failover
- QoS & Performance: End-to-end QoS design for voice/video traffic; DSCP marking policies; LLQ configuration; diagnosed and resolved latency, jitter, and packet loss issues impacting call quality
- Cloud Integration: Integrated cloud-based services (Webex, Teams) with on-premise telephony to deliver conventional handset experience; designed split-tunnel VPN policies for remote workers
- Monitoring & Troubleshooting: Implemented NETSCOUT nGeniusOne for VoIP traffic analysis; deployed Microsoft Teams Call Quality Dashboard; packet-level troubleshooting with Wireshark for RTP/SIP flows
- Testing & Validation: Developed comprehensive test plans for new VoIP products integrating with legacy environment; conducted load testing and failover validation
Security Modernization & Routing Protocol Migration
- BGP-Only Architecture: Led strategic initiative to transition routing architecture from mixed OSPF/EIGRP to iBGP/eBGP-only design; supported security modernization project requiring strict zone isolation
- Routing Protocol Expertise: Designed BGP route filtering, AS-path manipulation, and community tagging strategies; implemented OSPF multi-area designs and EIGRP named mode configurations in earlier phases
- Checkpoint Firewall Deployment: Designed and deployed Checkpoint firewall clusters; integrated with Tufin for policy management and change workflow automation
- Infoblox DDI Platform: Architected Infoblox DNS, DHCP, and IPAM platform; developed REST API integrations for automated IP allocation and DNS record management
- Silver Peak WAN Optimization: Designed and deployed Silver Peak appliances for WAN acceleration; validated application performance improvements
Large-Scale Wi-Fi & Captive Portal Deployments
- Mist AI-Driven Wireless: Led deployment of Mist wireless platform with AI-driven RF optimization and location services; integrated with Cisco ISE for 802.1X authentication
- Captive Portal Development: Designed public and private captive portal workflows for guest access and business network AUP sign-off; developed backend automation for device qualification and sponsor approval
- Multi-Vendor Implementations: Deployed wireless solutions from Beambox, Cisco (WLC and Meraki), and Aruba; maintained consistent user experience across platforms
- SSO Integration: Integrated client-side and server-side single sign-on for seamless wired and wireless network access; SAML and RADIUS-based authentication flows
TLS/Cipher Policy Enforcement (Major Project)
- Federal Mandate Compliance: Led enterprise-wide TLS 1.0/1.1 elimination project under federal mandate with aggressive 6-month timeline; 2+ years of prior investigation and planning
- Application Impact Analysis: Conducted comprehensive inventory of applications using legacy TLS; collaborated with application teams to remediate or mitigate risks
- Cipher Suite Hardening: Enforced PCI-compliant cipher suites across all internet-facing services; eliminated weak ciphers (3DES, RC4) and deprecated protocols (SSLv3)
- Remediation Automation: Developed automated scanning and remediation tools; provided dashboards showing compliance status and risk exposure
- Certificate Management: Implemented enterprise PKI with automated certificate lifecycle management; integrated with F5 APM and Checkpoint firewalls for mutual TLS authentication
Office 365 Messaging DMZ Migration (Major Project, 2021)
- Project Challenge: Transition to Office 365 cloud-based messaging while maintaining on-premise security controls; project had numerous consultants with limited progress
- Architecture Design: Designed Messaging DMZ architecture following Microsoft and Northern Trust security models; hybrid Exchange deployment with mail flow routing
- Multi-Team Leadership: Provided single-point technical leadership coordinating teams with divergent approaches; resolved architectural conflicts and established unified implementation path
- Zero-Downtime Execution: Successfully transitioned to Messaging DMZ (May-Sept 2021) with zero business impact; 30,000+ mailboxes migrated with transparent user experience
- Risk Mitigation: "Protected the enterprise from Microsoft Consulting" by identifying and preventing risky recommendations; established guardrails and validation procedures
Operational Excellence & Team Leadership
- Change Management: Supervised complex change processes across Load Balancers, Firewalls, DNS (Infoblox), and Proxies (Riverbed, Zscaler); trained operations teams on coexistence in multi-vendor environment
- 24/7/365 Support: Final technical escalation point for enterprise outages; incident command during critical incidents; post-mortem facilitation and remediation tracking
- Team Management: Indirect management of 20+ engineers across multiple vendor teams; direct management of shifts and technical work assignments; mentored junior engineers to senior levels
- Technical Interviewing: Conducted technical interviews for infrastructure department hiring; assessed candidates across network, security, and automation domains
- Process Improvement: Active participant in review and rework of internal processes; championed automation adoption and DevOps culture transformation
- Business Engagement: Regular interaction with business units (non-IT) to explain technology improvements and align with enterprise goals; simplified business processes through proper IT management tool usage
Monitoring & Observability Platform
- ELK Stack Deployment: Deployed Elasticsearch, Logstash, and Kibana for network device log aggregation; designed proper network zoning and sizing for scale
- Azure Dashboards: Developed Azure and ELK dashboards for complex network monitoring; integrated with F5 iStats, Cisco ACI fabric health, and firewall logs
- Packet Monitoring: Led design of application definitions for packet-level monitoring across all lifecycle phases; integrated with NETSCOUT probes
- Performance Analysis: Packet-level troubleshooting with Wireshark for application performance issues; collaborated with development teams on optimization
DMZ Architecture & Application Consulting
- DMZ Design Projects: Architected new DMZs for specific application roles; delivered exquisite detail in implementation and design plans to operations teams; conducted hand-off training
- Day-to-Day Consulting: Advised application teams on DR (Disaster Recovery) and high availability design aligned with Northern Trust standards; provided strategic design guidance for hundreds of application deployments and reworks annually
- Standard Lexicon: Established enterprise-wide standard terminology for application layout descriptions; improved communication between architecture, operations, and application teams
Network Design and Deployment Engineer
77energy / Chesapeake Energy (via WWT/ABT Consulting) | March 2015 – April 2015
- Greenfield DMVPN Design: From zero to production: architected dual-cloud DMVPN solution integrating new MPLS network with existing DIA and LTE technologies for redundant WAN connectivity
- Rapid Delivery: Completed architecture, design, and documentation in two weeks; provided turn-up support and troubleshooting before production cutover
- Technology Stack: Cisco ISR 4451-X and 4431 routers with DMVPN Phase 3, EIGRP named mode, IPsec encryption; Riverbed WAN optimization appliances
Designated Network Engineer
Whirlpool / IBM (via Alliance of Professionals & Consultants) | May 2014 – Feb 2015
Global Service Provider Support
- International MPLS Network: Expert troubleshooting and process support for global service provider contract supporting 200+ sites across continents; downtime costs in tens of thousands of dollars per minute
- Multi-Vendor Coordination: Detailed oversight of provider relationships with AT&T, Tata Communications, and Verizon; escalation management and SLA enforcement
- Reporting & Analytics: Developed T-SQL scripts to integrate data from multiple monitoring products (SolarWinds, NetScout, Cisco) for CIO-suitable reports on uptime, performance, and top application usage
Monitoring Platform Consolidation
- SolarWinds Architecture: Built unified SolarWinds Orion platform (single database, multi-poller architecture) consolidating disparate monitoring systems; improved MTTR (Mean Time To Resolution) for incidents
- Documentation Integration: Integrated Visio diagrams and documentation into SolarWinds GUI; automated creation of network maps from discovery data
- Wireless Inventory: Developed inventory process for 2,700+ lightweight and standalone wireless access points; tracked serial numbers, locations, and configurations
Technology Migrations
- Cisco 4700 ACE → F5 Migration: Planned and scripted migration from Cisco ACE load balancers to F5 BIG-IP; developed conversion tools and validation procedures
- NETSCOUT Deployment: Implemented NETSCOUT probes, servers, and InfiniStream collectors for application performance monitoring; packet-level visibility into Citrix, web servers, database traffic
- Network Stack: Daily troubleshooting of LWAP controllers, Cisco 4700 load balancers, Nexus 7k/6k/5k/2k, ASR and classic routers; ASA firewalls of all sizes; VMware networking issues
Network Rebuild Architect
United Health / Golden Rule Insurance (via Experis Consulting) | Aug 2013 – March 2014
Project Achievement: Architected, designed, configured, and delivered complete 300-host data center rebuild in under 60 days from equipment delivery to production hand-off. Achieved considerable space and power savings versus Cisco 7k/5k/2k solution without performance sacrifice for 3,000-user environment.
Data Center Architecture
- Nexus Design: Cisco Nexus 6001 core, Nexus 5548P distribution with Layer 3 daughter cards, Nexus 2000 Series FEX (Fabric Extenders) for access layer
- Routing & Switching: BGP for external connectivity, OSPF for internal routing, EIGRP for legacy integration; VRFs and VDCs for multi-tenancy; Layer 2 and Layer 3 redesign with VLAN reconciliation
- QoS Audit: Conducted comprehensive QoS audit and redesign; implemented DSCP marking, queuing, and policing policies
F5 & Security
- F5 Active/Active Design: Redesigned F5 architecture for active/active load balancing with GTM-based failover; eliminated single points of failure
- Dynamic Access Control: Achieved dynamic Layer 4 and Layer 7 ACLs on F5 APM based on user identity (LDAP lookups); eliminated static IP-based firewall rules
- Cisco ASA: Configured and hardened ASA firewalls; provided security architecture recommendations
- DMZ Isolation: Designed multi-tier DMZ architecture with strict segmentation; extensive documentation for audit compliance
Physical Infrastructure
- Rack & Stack: Rack organization, wire management, cabinet standardization to latest best practices; remediation of grounding and telco handoff issues
- Troubleshooting: Resolved legacy network issues (spanning-tree loops, routing blackholes) to enable clean transition to new architecture
Network Acceleration and Optimization Consultant
State Farm Headquarters, Bloomington IL (via GDH Consulting) | July 2013 – Aug 2013
- WAN Acceleration: Responsible for Cisco WAAS (Wide Area Application Services) 5.1, Akamai CDN integration, and F5 application acceleration (iApps); supported 3 geographically distributed data centers
- Packet Inspection: Layer 3-7 packet analysis for application performance troubleshooting; used Gigamon infrastructure feeding multiple analysis tools (NETSCOUT, Wireshark, Riverbed Cascade)
- SDN Initiatives: Collaborated on Software Defined Networking projects; focused on F5 iControl API and Cisco next-generation platforms; developed migration scripts from Cisco ACE to F5 using iControl REST API
- Dynamic Access Control: Implemented F5 APM with dynamic Layer 4/7 ACLs based on user identity, IP address, and group membership (LDAP/database integration)
F5 SME & ASA Security Architect
Chicago Network Services / Computer Science Corp. (via Sapphire/Randstad) | June 2011 – May 2013
F5 Subject Matter Expert
- SME Role: Go-to expert for all F5 design and operational questions requiring immediate answers; covered LTM, GTM, APM, AAM, and ASM modules
- Template Standardization: Developed standard templates fitting all designs into consistent review process; reduced configuration errors and deployment time
- High-Value VIPs: Command-line and GUI editing of active virtual servers for high-value websites with zero-downtime requirements; on-call for emergency changes
- iRules Development: Custom iRules authorship and peer review; complex traffic steering, content manipulation, and security policies
ASA Security Architecture
- Border & Interior Firewalls: Subject matter expert for Cisco ASA deployments protecting corporate information assets; border firewalls and internal zone segmentation
- Entire Lifecycle Management: Policy definition, design, deployment (GUI/CLI), ongoing monitoring, and decommission planning; heavily documented under change control
- Compliance Frameworks: Audited under DOE, DOD, HIPAA, and PCI regulatory frameworks; maintained compliance and passed audits
- Routing & VPN: OSPF routing on ASAs, B2B IPsec tunnel creation and management, remote access VPN with AnyConnect, integration with IDS/IPS systems
- Checkpoint Migration: Created and validated firewall rules converted from Checkpoint to Cisco ASA; tested with application teams before production cutover
Data Center Migration Projects
- Zurich/Farmers Insurance: Supported migration of insurance groups into Chicago Data Center with 4,800+ Nexus 7k/5k/2k switch ports; configuration changes on Nexus 7k/5k, routing/switching troubleshooting
- Multi-Vendor Environment: Worked with Cisco, Juniper (routers/switches/firewalls), Brocade (Ethernet switches and SAN), HP, and VMware virtual switching
- Network Edge: Configuration and operations for Juniper MX/M/T/E-series and Cisco ASR/12k routers on network edge; multi-client environment with many BGP routing instances (eBGP/iBGP) and OSPF
Earlier Career Highlights (1993-2011)
Video IP Engineering, Frontier/Verizon FiOS (2010-2011)
- Supported video head-end operations for 200k FiOS TV subscribers; multicast video distribution in HD/SD; Cisco 6500 fabric and CDS (Content Delivery System); SEACHANGE video-on-demand servers
- Managed full enterprise restart during Verizon-to-Frontier spinoff; 30% documentation, 30% architecture, 40% operations
General Electric Consumer & Industrial, Global IT (2005-2008)
- Global team member responsible for 8,000 Cisco devices, 2,000 circuits, and 30,000 end users across 3 x 100k sq ft data centers
- F5 design for GEAPPLIANCES.COM and GELIGHTING.COM global websites; LTM, GTM, and iRules development
- EMC Smarts deployment for network and application performance monitoring; custom dashboard development
- Led zero-downtime DHCP environment upgrade (Cisco CNR) servicing 15,000 devices and 250+ sites
- Acquisition integration projects: moved/consolidated sites from 5-person offices to 800-person call centers; on-site project management
On Site Computer Company LLC, Principal Architect (1997-2003)
- Cisco network architecture for SMB clients (up to 500 desktops, 20 locations); Cisco IOS and PIX firewalls
- Wireless MAN/WAN/LAN deployments (Wi-Fi, Proxim Tsunami) for municipal and corporate clients (up to 500 users)
- Web hosting provider operations: 50 websites on Microsoft IIS/Terminal Services/SQL/Exchange
- Principal architect and developer of web-based solutions: Access, ASP, VB .NET, PHP, IIS, MS SQL, MySQL, AS/400
Key Technical Projects
Office 365 Messaging DMZ Migration (Northern Trust, 2021)
- Challenge: Migrate 30,000+ mailboxes to Office 365 cloud while maintaining on-premise security controls; project stalled with numerous consultants producing limited results
- Approach: Designed hybrid Exchange/Office 365 architecture with Messaging DMZ; unified divergent team approaches; established clear technical path forward
- Technologies: Microsoft Exchange hybrid deployment, F5 LTM for mail flow load balancing, Checkpoint firewalls for DMZ security, Azure ExpressRoute for cloud connectivity
- Outcome: Zero-downtime migration completed May-Sept 2021; transparent user experience; eliminated risky Microsoft Consulting recommendations
TLS 1.0/1.1 Elimination (Northern Trust, 2019-2020)
- Challenge: Federal mandate requiring TLS 1.0/1.1 elimination in 6-month timeframe; 2+ years of investigation and application inventory completed prior
- Approach: Comprehensive application impact analysis; cipher suite hardening to PCI standards; automated scanning and remediation tools
- Technologies: F5 SSL/TLS profiles, Qualys SSL Labs scanning, custom Python scripts for configuration audits, PKI certificate management
- Outcome: Enterprise-wide compliance achieved on schedule; zero business impact; eliminated legacy weak ciphers (3DES, RC4, SSLv3)
Automation Platform Development (Northern Trust, 2018-2023)
- Challenge: Manual configuration processes error-prone and slow; lack of consistency across platforms; no integration between systems of record
- Approach: Developed enterprise automation standards using Ansible and Terraform; integrated multiple sources of truth (Infoblox, ISE, BIG-IQ, Tufin); established CI/CD pipelines
- Technologies: Ansible Tower, Terraform Enterprise, GitLab CI/CD, Python, YANG/NETCONF for Cisco ACI, F5 AS3/DO, REST APIs
- Outcome: Configuration time reduced from hours to minutes; human errors eliminated; drift detection and automated rollback; AI-assisted development adoption
Data Center Network Rebuild (Golden Rule/UHG, 2013-2014)
- Challenge: Aging infrastructure with high power/cooling costs; 300-host environment requiring modernization
- Approach: Architected Cisco Nexus solution (6001 core, 5548P distro, 2000 FEX) replacing larger 7k/5k/2k footprint
- Technologies: Nexus platform with VDCs/VRFs, F5 active/active load balancing, Cisco ASA firewalls, BGP/OSPF routing
- Outcome: Completed in under 60 days; significant space/power savings; no performance sacrifice for 3,000 users
Certifications
- Cisco Certifications: CCNP (Network Professional), CCDP (Design Professional), CCSP (Security Professional), CCSP (Sales Professional) - All currently obsolete
- F5 Certifications: F5 Certified Product Consultant (v9, v10), F5 Certified System Engineer (v9, v10, v11) - All currently obsolete
- Juniper: JNCIA Candidate (Junos OS)
- Microsoft: Microsoft Certified Engineer (1998), Microsoft Product Specialist - Windows 95, NT Workstation 4.0 (1999) - Obsolete
- Professional Development: Train the Trainer (Learning Tree International)
- Note: While many formal certifications have reached obsolescence, hands-on expertise remains current through continuous professional engagement with latest platform versions and technologies
Technical Toolset Summary
Network Platforms (Detailed Experience)
- F5 BIG-IP: All physical appliances (i-Series, r-Series), VIPRION chassis (B2200/B4200 blades), VELOS modular platform; LTM, GTM, ASM, APM, AAM modules; versions 9.x through 17.x
- Cisco Switches: Catalyst 2900/3560/3750/4500/6500 (CatIOS and IOS), Nexus 1000v/2000 FEX/4000/5000/6000/7000/9000 (NX-OS and ACI), VSS (Virtual Switching System)
- Cisco Routers: ISR 800/1800/2800/2900/3800/3900/4400/4500, ASR 1000/9000, Catalyst 4500-X/6500 MSFC, XR 12000 (IOS-XR with RPL), 7200/7300/7400/7600
- Cisco Data Center: ACI fabric (spine/leaf), Nexus platforms, VDC/VRF segmentation, EVPN/VXLAN overlays, Multi-Site Orchestrator
- Firewalls: Cisco PIX/ASA (all models, multi-context), Checkpoint (SmartCenter, Quantum Maestro), Palo Alto NGFW, Juniper SRX 100-5800, Cisco FWSM
- Wireless: Cisco WLC 5500/8500, Catalyst 9800, Cisco Meraki, Aruba Controllers, Mist AI-driven, LWAP 802.11a/b/g/n/ac/ax
- Identity: Cisco ISE 2.x/3.x, RADIUS/TACACS+, 802.1X/MAB, TrustSec/SGT, pxGrid, certificate-based auth
Automation & Scripting
- Configuration Management: Ansible (playbooks, roles, Tower/AWX), Terraform (multiple providers), Git/GitLab/GitHub
- Languages: Python (netmiko, NAPALM, requests, paramiko), Perl, PowerShell, Bash, VBScript, C#, VB.NET
- APIs: REST (F5, Cisco ACI, Infoblox, Checkpoint, Azure, AWS), NETCONF/RESTCONF (YANG models), SOAP
- Databases: MS SQL Server (T-SQL stored procedures), MySQL, PostgreSQL, Oracle
Monitoring & Analysis
- NPM: NETSCOUT nGeniusOne/InfiniStream (2005-2023), SolarWinds Orion NPM, Nagios, Cacti, Zabbix
- Packet Capture: Gigamon (HD8/HD4/2404), Wireshark/tcpdump (expert-level), SPAN/RSPAN
- Logging: ELK Stack (Elasticsearch, Logstash, Kibana), Splunk, syslog-ng
- APM: EMC Smarts, F5 iHealth, NetFlow/sFlow, application flow mapping
Cloud & Virtualization
- VMware: vSphere, vMotion, distributed switches, NSX-T
- Cloud Platforms: Azure (ExpressRoute, VNet, ARM templates), AWS (VPC, Transit Gateway)
- Containers: Docker, Kubernetes (basic operational knowledge)