NMCI Command and Control COI
Developed solution baseline for deployment of a command and control architecture to support the implementation of the Naval Maritime Operations Centers (MOC) on NMCI. Worked with the customer extensively to develop a comprehensive set of requirements. Developed a security construct to ensure both the MOC and NMCI remain secure. Specific requirements needed a deployment of a second connection for redundancy and diversity which introduced unique security issues. The baseline was then tailored for each unique deployment as physical constructs at each base needed certain modifications.
NMCI Boundary 1 Firewall Upgrade
Refreshed the main boundary one instances to newer technologies which allowed the enterprise to reduce hardware footprint from 16 firewalls down to 4 firewalls per instance. The firewalls process approximately 4TB of data daily.
NMCI Application Layer Firewall project
Lead engineers on the RFI to select a new firewall for the enterprise. Developed the requirements, testing procedures, conducted the testing and developed the recommendations for the selection of the firewalls to be used within the enterprise.
NMCI Network Access Control (NAC)
Developed the solution to introduce network access control within NMCI. Worked extensively with the vendor to ensure that the product would align to the Government Security Technical Implementation Guides (government security requirements). Solution consisted of an agentless deployment that needed to move the computers to multiple VLANs depending on the configurations of the machines.
NMCI Load Balancer
Developed hardware load balancing solution to ensure multiple hardware firewalls could be supported transparently. Load balancing was required for take actions on multiple conditions, such as application type, IP address (destination and/or source), network load.
NMCI IPS solution
Engineered a solution for the protection of critical infrastructure. Worked with vendor to ensure product was developed in accordance with Government STIGs, multiple product updates were necessary. Implemented solution to protect the DMZ, boundary 1 – 3, and server farms. Solution was developed to ensure that it was modular enough to support future initiatives.
NMCI HBSS Integration
Government selected McAfee ePO system for host based protection (Host IPS, firewall, asset manager, and central reporting/management). Led the integration effort to ensure large deployment of solution. Extensive communication/consulting with vendor to ensure proper deployment within the large enterprise. Currently NMCI is one of the largest deployments of the product.
NMCI VPN Enterprise Routing
Served as the technical lead in updating the enterprise VPN mesh to allow for dynamic routing. Solution consists of updating the routing infrastructure across the enterprise, updating the software on the VPN, and updating devices to share routes. Solution allows for Dynamic failover capabilities across the enterprise.
NMCI Classified RAS
Acted as Information Assurance technical lead.
Responsible for IA component architecture and engineering documents.
Router Security Policy
Responsible for authoring Outer and Inner Router Security Policies to include best practices, and ACL policy.
Boundary One and Two Firewall Ruleset
Maintained Enterprise Rulesets.
Responsible for developing rules and processing customer defined requirements.
Solaris and Linux Hardening
Responsible for authoring Enterprise Solaris and Linux Hardening Scripts
NCIS Community of Interest and DMZ
Acted as project technical authority.
Responsible for solution requirements, network and IA design.
Responsible for SSL VPN development
Boundary 3 Enterprise COIs
Responsible for IA component architecture and engineering documents.
Responsible for Risk Assessments.
NMCI Account Auditing
Acted as Information Assurance technical lead.
Responsible for implementation planning and government reporting
NMCI Naval Network Identity VPN Solution
Responsible for authoring Extranet VPN engineering documentation.
Secure Web Access Boundary
Responsible for developing engineering documents to support NMCI Outlook Web Access, and all other SSL inbound services
Enterprise VPN upgrade
Responsible for engineering upgrade documents for over 380 remote sites
MARCIRT/NAVCIRT IDS Data Feeds
Authored engineering documents to support NMCI IDS data feeds to NAVCIRT and MARCIRT
Outer Device Network Management/Inner Device Network Management
Responsible for IA component architecture and engineering documents.
NMCI COMNAVSPECWAR VPN solution
Responsible for VPN architecture to facilitate customer NIPRNET transport
Netscreen Global Pro Management
Responsible for driving feature requests with the vendor to support PKI initiatives and custom NMCI scalability requirements
EDS Order to Cash System
Responsible for IA component architecture and engineering documents for VPN tunnels to prime customer.
HP/EDS Voice over IP (VoIP) Trunking Project
Responsible for engineering upgrade documents to support EDS VoIP project.
Very Small Site Design (VSSD) Solution
Authored IA architecture and engineering documents to support VSSD design and implementation.
VCNO Desktop Firewall Project
Responsible for IA component architecture and engineering documents.
IA Consolidated Event DataBase
Responsible for pilot implementation and solution testing.
SupportSoft HelpDesk Application
Responsible for consulting with Vendors on SupportSoft IA requirements
Red Team Reviews
IA voting member of an architectural review board for new business proposals
Application Layer Proxy Firewalls
Subject matter expert for all current and new solutions utilizing application layer proxying firewalls. This includes engineering a variety of boundary architectures including options for high availability, DMZ’s, VPN’s, SSL, routing, load balancing, enterprise management, application delivery and inspection, etc.
Load Balancing and Application Delivery
Subject matter expert for all current and new solutions requiring load balancing and application delivery. This includes firewall and server/client load balancing, high availability, enterprise management, complex delivery solutions utilizing NAT/PAT, various hardware platforms.
Certification and Accreditation
In-depth C&A; for solution architecture, policy, and devices. This includes vulnerability assessments and penetration testing, mapping to DoD policy requirements/STIGs, implementation and test plans, network and system testing.
Network and System Testing
Involved in Network and System testing and vendor selection including RFP’s, equipment evaluation and configuration, IP and load testing, application testing, etc.