CISSP – ISC2 Certified Information Systems Security Professional.
CCNA – Cisco Certified Network Associate.
CCNA+Security – Cisco Certified Network Associate, Security Specialisation.
CCNP – Cisco Certified Network Professional ( Routing & Switching ).
CISS – Cisco IOS Security Specialist ( Cisco have since retired this cert ).
CFSS – Cisco Firewall Security Specialist ( Cisco have since retired this cert ).
CADE – A10 Networks Certified Application Delivery Engineer. Application & server load balancing, performance, high-availability.
ACWA – Aerohive Certified Wireless Administrator.
JNCIA-Junos – Juniper Networks Certified Associate. Junos associate certification.
JNCIS-Sec – Juniper Networks Certified Specialist. Security Specialist, SRX platforms.
JNCIP-Sec – Juniper Networks Certified Professional. Security Professional, SRX platforms.
A list of what I’m currently studying:
- Still thinking about a Cisco CCIE R&S, is it worth the effort in NZ?
- Juniper JNCIS-Ent, JNCIP-Ent – Enterprise Routing and Switching with Junos
- DevOps, Orchestration, & SDN – particularly Docker and OpenvSwitch
The following is a list of recent works and projects that I have been involved with. Most recent ones are at the top.
Data centre switching and routing fabric using Cisco Nexus 9000-series switches. Migrating a large financial services company from the classic core-distribution architecture to a spine and leaf architecture.
- Cisco Nexus 9000 series switches
- Cisco DCNM switch management
- Cisco VXLAN BGP EVPN overlays
- Large data centre network migrations
A Proof-of-Concept project implementing security services within Amazon AWS. Interesting challenges working with Cloud Infrastructure Security, and quite different from on-premises and the usual data-centre security.
- Amazon AWS Security services
- AlienVault USM Anywhere in AWS
- Trend Micro Deep Discovery in AWS
- AWS Config configuration management
- Intrusion Detection/Prevention ( IDS/IDP ), and Data Loss Prevention ( DLP ) within AWS
Migration of data centre resources from one DC to another. A client is migrating from their in-house VMWare-based infrastructure to a private cloud infrastructure. Plenty of network architecture work around the load balancers and security.
- Data centre interconnects
- F5 Big-IP load balancers : LTM, APM modules
- Routing, switching
- Virtual machine migrations
Ubiquiti WiFi network setup (at home). Two access points and a Unifi controller running full-time. Ubiquiti’s WiFi solution for small enterprises and domestic power-users is really quite nice to use after being used to deploying Aerohives – a lot cheaper too.
- Ubiquiti WiFi access points
- Ubiquiti Unifi controller running in a Docker container
Linux/AWS DevOps. Consulting work to a medium-sized enterprise working on supporting development and deployment of cloud-based infrastructures. Lots of templating and getting to grips with rapid deployment and infrastructure scaling with Amazon AWS.
Completed the Amazon AWS Technical Architect training course.
- Amazon AWS : EC2, ELB, S3, RDS, …
- Lots of Linux system engineering
- Orchestration tools: ansible, puppet, terraform
- Git version control
- SELinux policy development
Enterprise Routing : implementing connectivity to dual service providers using BGP and distributing into an OSPF core. We used Juniper EX switches as both WAN edge (BGP) and as core (OSPF). Layer-2 core switching including converged FC/FCoE & 10G ethernet all done with Cisco Nexus 5548P & 2248 FEX.
- Cisco Nexus 5548 switches & 2248 Fabric extenders
- Juniper EX3300 multi-layer switches
- JunOS advanced routing (BGP and OSPF)
- BGP to OSPF route redistribution
- High-availability and fast routing protocol convergence, utilising BFD
- Network design & lab modelling reduces disruption during implementation
IPv6 – lab work, training, research & development into IPv6 implementations and migrations. Mostly using SixXS tunnels into lab environment.
- IPv6 routing : OSPF, BGP, etc
- Complex VPNs : dual-stack IPv4 and IPv6 over dual VPNs using OSPF/OSPFv3
- IPv6 security policy implementation on Juniper SRX and Cisco IOS
- IPv6 into Cisco ASA firewalls
- IPv6 on Linux (dual stack)
Bluecat IPAM / DNS / DHCP. I completed a week of training to support a client doing a big Bluecat implementation. Very interesting and a powerful solution from Bluecat.
- Bluecat Networks
- IP Address Management (IPAM)
- DNS – there’s always something new to learn here
- DHCP – you might think you know it, but again there has been advences in DHCP over the last few years
Cisco ASA firewall implementation. Including Cisco AnyConnect remote access VPN for staff access to the enterprise network.
- Cisco ASA Firewall
- Cisco AnyConnect remote-access VPNs
A10 Networks AX Series load balancers (training and lab work). This builds on past experience with F5 load balancers. A10 networks are bringing some very good new products to the market.
- Online and Cloud service delivery
- Service scalability and performance management
- High Availability
Multiple installations of Juniper SSG series firewalls for small and medium businesses. Including areas such as firewall policy development and implementation, site-to-site VPN, remote access (dial-up) VPNs for roaming remote access.
- Juniper SSG firewall installation and support
- Juniper ScreenOS installation, upgrades, support
- Firewall policy development
- Site-to-site IPSec VPNs
- Roaming client dial-up IPSec VPNs
- Shrew IPSec VPN client
Network upgrade for a complex enterprise LAN/WAN environment with redundant WAN links to remote offices. This involved migrating an enterprise network with routing performed by low-end Cisco routers to one performed by new Juniper SRX router/firewalls.
- Juniper SRX firewall/routers installation and support
- JUNOS installation, upgrades
- JUNOS Enterprise Routing – OSPF
- Juniper SRX VPNs : site-site IPSec, Dynamic VNP
- Cisco IOS – JUNOS integration
- Telecom OneOffice (L3 MPLS) integration
Advanced Unix/Linux C programming. A short stint developing Unix system software written in C.
- Unix/Linux system programming
- Shared memory structures, semaphore locking
- Messaging, queuing
- Unix process control
- Networking interfaces : sockets, TLI
Network and Security systems design for a major telecoms company.
- Advanced & complex telco network design
- Data centre strategies
- Security requirements specification & implementation
- Cisco, Netscreen, F5 technologies
Network strategy and design for large enterprise. Covered such items as re-architecting the core network, implementing Intrusion Prevention Systems (IPS) and developing a stratagy for network architecture in an expanding enterprise.
- Core network architectures for multi-gigabit switching
- Service Oriented Architecture strategies
- Tipping Point Intrusion Prevention Systems
- Cisco 6509 switches
- WAN acceleration products (such as Riverbed and F5)
- VOIP architectures
Two articles for SysAdmin magazine written and submitted for publishing. The first on using OpenSSL and GPG for encrypting backups (published March 2007), and the second on using PasTmon for measuring application performanceby passively monitoring network traffic (published July 2007).
- UNIX/Linux backup & recovery
- OpenSSL, GPG
- Encryption and key management
Network design in an ISP environment, remodelling a classical 3-Tier network architecture into an architecture modelled on Sun’s SDN (Service Delivery Network) model. Extensive analysis of existing application connectivity and network architectures.
- Switching, routing, firewalls
- Sun Service Delivery Network (SDN) architecture
- Analysis of application data flows and network requirements for applications
Testing of an GSM SMS router for mobile messaging systems.
- Telsis SMS Router equipment
- SMSC’s & SMPP protocol testing
- Perl::SMPP library
Installation of a Cisco MDS 9216 Fabric Switch
- SAN topologies, VSAN switching
Presented a paper at the Bright*Star 2006 Security Summit Conference in Auckland. Topic covered was “Incident Response Best Practices”
- Incident response procedures & practices
- Cisco switching
- Cisco routing
- … and the rest of the CCNA syllabus!
Network design work for large ISP/Telco. Plenty of switching, routing, firewall design and troubleshooting.
- Cisco switching
- Cisco routing
- Checkpoint firewalls
- Cisco FWSM firewalls
- Microsoft Word advanced
- Microsoft Visio network diagrams
Implementation of a system to replicate a Linux OS image throughout a cluster of 50 servers taking part in a computing cluster for Bioinformatics. By using SystemImager and a system for autonomous network booting, a system for automatically installing and updating the OS on many systems was implemented.
- ISC DHCP server
- SysLinux, PXELinux installation & build environments
- SuSE Linux 9.3 Professional
Implementation of a file and print server for a small company, including migration from a legacy Windows NT server for approx 25 users. Linux server installation and lots of Samba work, including a seamless migration from a Windows server to a Linux server for all file and print services.
- SuSE Linux 9.2 Professional
- Samba v3
- CUPS printing system
- AVG anti-virus for Windows workstations (update server for Linux)
- Amanda backup and recovery
- mkcdrec “bare metal” recovery
- Postfix MTA
- Nagios service monitoring
- NTOP network monitoring
Diagnosis of VPN issues between Windows XP PPTP VPN clients and Windows 2003 Server. DSL routers at each end ( Netgear and Linksys ). Lots of packet capturing and analysis.
- Windows 2003 server VPN services (PPTP)
- Netgear DG834G ADSL router & wireless access point
- Ethereal packet capture and analysis
HP-UX Recovery Exercise. A trial recovery of a midrange HP9000 server running HP-UX.
- HP-UX Ignite system recovery
AIX Recovery Exercise. A trial recovery of a low-end IBM RS/6000 AIX based server.
- IBM AIX v5.1
- AIX mksysb backup/recovery system
Network design for WiFi access portal. Design of network infrastructure and security model for the servers which service a public-access WiFi network.
- Cisco routing/switching
- Cisco FWSM firewalls
- Advanced network security modelling
Linux server automated build and configuration control system for IBM blade servers running RedHat Enterprise Linux v3. Using a combination of the RedHat Kickstart building tool, and CFEngine – a tool for maintaining system configurations for large numbers of servers.
- RedHat Kickstart
- RedHat Enterprise Linux v3
Migration of multiple VLANs from a haphazard array of small Cisco switches to a single ( stack ) of three 3750 switches.
- Cisco IOS switching
- Cisco 3750 stackable switches
Migration of a laboratory information system to Linux. The system code consists of approx 90,000 lines of C which implements a transactions-processing and communications environment to support application programs written in Cobol and connecting to Oracle. Originally designed to run on SVR4 ( and variants such as AIX, SCO Unix, etc ), the system was ported to run on Linux systems.
- Linux C programming
- Linux TCP/IP interface programming
- Microfocus Cobol
- Oracle Pro*Cobol
- Oracle RDBMS