Consultant employed by a leading Outsourced Service Provider, with 73 sites employing more than 16,200 people delivering services from 29 countries including Austria, Belgium, Canada, Chile, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Hungary, Italy, Latvia, Lithuania, Luxembourg, the Netherlands, Norway, the Philippines, Poland, Portugal, Romania, Serbia, Slovakia, Spain, Sweden, Switzerland, Tunisia, the UK and the USA. I was employed on a number of IT and Network Security projects that were specifically related to PCI DSS requirements 1, 4, 10 and 11. Responsible for producing the network designs and architectures, including IP and VLAN Engineering, and associated Requests for Proposals (RFPs) for PCI industry related information security technologies such as Access Control, Vulnerability Assessment, Anti-Virus, Firewalls, Identity Management, Security Event (Log) Management, Data Loss Prevention, Intrusion Detection, VPN, strong authentication (e.g. “2-factor”) systems, Encryption, URL and malicious mobile code Filtering. Lead responses to the Information and Network Security sections of the Requests For Proposal and participated in the evaluation of vendor proposals using detailed knowledge of TCP/IP routing, WAN technologies (MPLS, Frame Relay), common operating systems, in particular Windows workstations and servers and Active Directory, UNIX (Linux & Solaris) Database concepts, and high availability / failover and data backup systems. As part of my role I had to maintain close relations with the IT Infrastructure, Development, and Operations teams to define procedures for the security management, security requirements of all new operating systems, network components and applications, and access control principles. The PCI projects were part of a new Global Information Security Program based on ISO 17799 / 27000 and NIST 800 series recommendations

Consultant, with technical management and leadership responsibilities, employed to work on various projects for Nordea Bank via their outsourced IT Department. Worked closely with the Project Sponsor, Program Manager and the user community, being responsible to ensure delivery of various architectural proposals for solutions that would meet the customer requirements whilst being achievable within the budget, time and quality parameters proposed. Key skills included understanding of issues and challenges of project managing network and network security architecture projects, including IP and VLAN Engineering, with experience of full solution development life cycles from proposal to acceptance testing and roll-out

Project 1 – Provision of a Complete Infrastructure for a Capital Markets Consolidated Computing Centre
Responsible for a design and architecture team that provided a new infrastructure for Capital Markets inclusive of E-Commerce, Extranet, Internet Access – Remote Access, Test and Core services using layered security architectures involving Cisco Catalyst 6500 (using CSM/SSL Blades), 4500, and 3750 switches, 7206 routers , Nokia IP650 and 390 firewalls, Proxy Servers, LAN and WAN connectivity. Responsible for all IP addressing, VLAN and IP Subnet design, equipment specification and high/low level designs and architecture, including core, external and internal IP and VLAN Engineering.

Project 2 – Redesign and Implementation of a Common Internet Proxy Solution for Forty-Five Thousand Nordea Bank Internal Users
Responsible for the redesign and deployment of a solution to provide Internet Proxy Foundation and Network Services for 45,000 individual Nordea Bank employees including the provision of independent, secure and redundant MPLS VPN connections that were logically separated from the rest of the Nordea network traffic. Responsibilities extended to the integration of Security Control Services for the Solution including
• Anti-Spyware
• Anti-Phishing
• SSL Inspection
• IM/Chat
• Malicious Code Scanning

Responsible for the integration of the Security Control Services with the Bluecoat SG8100-C hardware platform and Director 510 management system and all related aspects of routing protocols, IP addressing, applications, equipment configurations, Firewall Changes, and connectivity including all IP and VLAN Engineering.


Project 3 – ASDW SwiftNet Redesign and Relocation
Responsible for the redesign of the SWIFT Alliance Access (SAA) system to provide a capability of handling messages sent/received across the SWIFTNet network between Nordea Bank and other SWIFT-enabled counterparts worldwide. Responsible for the collection and analysis of current SAA network data including routing protocols, IP addressing, applications, equipment configurations, IOS versions, and connectivity and using that data to redesign the network security of the architecture, including IP and VLAN Engineering, for SWIFTNet through the SWIFT Alliance Gateway (SAG) in compliance with the clients Network Security Architecture .The purpose of the new architecture was to handle mission critical SWIFT FIN traffic to and from Nordea Bank. The traffic included (but was not limited to) international Payments, trades, account information etc.

Consultant brought on as Lead Network and Network Security Architect to work on elements of the IBM/Nordea Bank joint venture consolidation program. I was responsible for the collection and analysis of current network data including routing protocols, IP addressing- including subnet, core, WAN,LAN and VLAN Engineering, applications, equipment configurations, IOS versions, and connectivity and using that data to redesign the network security aspects in compliance with the clients Network Security Architecture. The Network Security Architecture connectivity included Market Data –Reuters, and third party connectivity – Fidenta, OMX (Swedish Stock Exchange), Norwegian Netbank, IBM, Microsoft and others. This responsibility extended to the detailed design, implementation, and configuration of the network security elements. The project involved Network Silos in four (4) countries, Sweden, Norway, Finland and Denmark. The detailed design, implementation, and configuration also involved the associated core and access networks using equipment such as Cisco 3640, 7206, 2800, routers, Catalyst 3750, 4506,5505,6506, 6509 and 6513 switches with CSM and SSL Modules, CSS 11506s and Nokia IP 380, 1260, Sun Solaris Firewalls running Checkpoint NGX software and the connection of remote sites to the Consolidated Computer Centre (CCC) in Sweden via MPLS, leased line, and site to site Virtual Private Networks (VPNs) using IPSEC via Cisco VPN3030 concentrator, where necessary. On an individual Project basis I was specifically responsible for the specification, design, and deployment of an Internet Access – Remote Access Solution using SecGo equipment that had interfaces into Mobile IP, Active Directory, DHCP and other services for over 4,500 users. Responsible for the the redesign, security architecture including the authentication elements of the Norwegian Netbank (ANS-SAFE). I am also familiar and competent in baseline and detailed design, formulation of Security Policy Rule Bases, signature and protocol/event analysis. The main network protocols were OSPF and BGP.

Networks Consultant brought in mid-way through a number of projects for which I had technical responsibility. Project 1 was the complete redesign, migration strategy, and roll-out of a new multi-layered Wide and Local Area Network (WAN/LAN) architecture including IP and VLAN Engineering. The roll-out was at the ScottishPower Main Campus and up to 60 interconnected remote sites using Cisco CAT3500 and CAT4506 switches in the access network, connected by FastEthernet and Gigabit Ethernet to Cisco CAT6506/6513 switches (with second generation Switch Fabric Modules) in the distribution and core layers. Connectivity to the server farm was also redesigned and implemented. The internal IP addressing scheme and VLAN configuration were also completely revamped. The detailed design, implementation, and configuration also involved associated the core and access networks using equipment such Cisco 7500, 7602, 3745,3600, AS5300, and 2600 series with connectivity to UKPX, NETA, the Corporate WAN (via ATM, Frame Relay, Leased Line and ADSL), and the Internet via Nokia IP650 Firewalls running Checkpoint 4.1. Responsible for initiating Virtual Private Networks (VPNs) via V-One Smartgate Server (Application Level) and site-to-site via firewalls. Main IP routing protocol was OSPF, with some BGP (N-Power connection), IPX, DecNet and OSLan (Bridged). HSRP was used in both routers and switches for redundancy. The second project, in conjunction with project 1, was the design and development of an IP Telephony (IPT) Solution using (Voice over IP) , using Cisco Call Manager (version 3.3), for Call Admission Control and processing, user features, and upgrading router structures to IOS 12.2(10) for deployment with appropriate QoS, and LLQ . Cisco IP phones used were 7900 models. Responsible for Phone IP addressing plan, DHCP server plan, routing scalability. IP Subnet allocation for phones, Call Manager location, Gateway Location, choice of Voice Codecs (G.711 and G729a), PBX interconnectivity (WS-6608 card on 6500 series switches), Voice Mail systems and locations, site-to-site trunking. Initial system was trial system from four remote sites where Catalyst 4503 switches and Cisco 2600 routers were introduced as part of solution. VG248 gateways were also used as part of overall deployment.

The third project, also in conjunction with project 1, was a multicast system for Tibco, inclusive of IP/Naming scheme, and selection of protocols - CGMP, IGMP snooping and PIM Sparse-Mode.

The fourth project was the introduction of the Cisco Service Level Manager (SMS v2.0) to Cisco Works2000 using HP Openview, including upgrade of source routers to IOS version 12.1 for the purpose of validating the Wide Area Network connectivity provided by service providers and the associated Service Level Agreements (SLAs).

The fifth project was the introduction of a CiscoSecure Access Control System Server to provide AAA to the corporate data network routers, switches, et al. Responsible for the management of third parties - service providers, installers and other network engineers. This was implemented in conjunction with a Radius Server for dial-In access

The sixth project was a VSAT project using VPNs for Zone Emergency Action Centres for Power Systems Division

The seventh project was Long Range Ethernet (LRE) in conjunction with BT/Thus to replace 2.048 Mbits/s G.703 leased lines and 5Mbits/s ATM pvcs with 10/100 Mbits/s Ethernet/Fastethernet. This was to be used in conjunction with the IP Telephony project detailed above to increase bandwidth availability for the IP trunking elements of the overall solution.

The eighth project was the design, implementation and migration of some small to medium user sites from a legacy IBM Token Ring system to a switched Ethernet solution. Legacy Token Ring equipment was Nortel 5000NT and Nortel 3000SR. Replacement architecture was Cisco Catalyst 4507R and 4503 switches.The ninth project was the introduction of a Wake-on-Lan solution including Radian Servers.The tenth project was the design, integration and implementation of a Remote Access VPN solution using dual Cisco VPN 3060 concentrators.

The eleventh project was a Wireless LAN project using 802.11g for both a Power Station and a Data Centre. The Cisco client was used – not the Microsoft on and monitoring of the Air/RF interface was done via WLSE.

I also produced various Network Code of Practices (NCOP) inclusive of all network testing and acceptance, IT management and security functions in compliance with BS-7799-1, and all IP address network and sub-network structure incorporating OSPF areas. Main project orientated applications/services were Documentum, 4Projects, HHDC, Novell Print and File Services, Web Servers, Proxy Servers, Load Balancers and FTP Servers. Used various analytical tools during projects including Solarwinds, SNIFFERPRO and HP 37177C.

Network Consultant employed to analyse (prior to move to data centre) document, redesign (where necessary (inclusive of IP addressing and NAT) and implement the RWETrading including the core and access networks using equipment consisting of Cisco 3660, 2600, and 800 routers, Cat 3500XL, 2980G and 2900XL switches, and their associated Information Services. The analysis was also inclusive of all network acceptance and testing, IT management and security functions in compliance with BS-7799-1. Firewalls employed were Nokia IP 110 running Checkpoint 4.1, IP330 running Checkpoint NG, and PIX 515 running version 6.1. Responsible for determining Policy Rules, configuring firewalls, VLANs, and Checkpoint SecureClient for Virtual Private Networks (VPNs). Applications running over the network were Oracle, Windows 2000 Active Directory, DHCP, DNS, Internet Access via BT Openworld, Siebel, and Lodestar. Interconnections included UKPX, Transco, and Electra-Link. Other aspects were Sun Solaris, UNIX, Web Servers, Proxy Servers, Load Balancers and FTP Servers.Transmission technologies used were Leased Line, ATM, ADSL and Basic Rate ISDN. Routing used was a mixture of static routes, BGP, and OSPF.

Network Consultant brought in midway through an IBM (Switzerland) managed project (project started August 2001) following a company Carve-Out at Siemens AG. The project was a new joint venture between Siemens and Yazaki. As the networks consultant I was responsible for the complete redesign, migration strategy, and implementation of the new joint ventures core and access network architectures. These responsibilities included defining a new IP addressing scheme (employing Network Address Translation (NAT) where necessary).Responsible for the re-design and implementation of a new core and distribution layer network using the IP-VPN of a third party provider to replace legacy X.25, ISDN, and leased line network. The re-design involved the detailed WAN network specification including setting the Service Level Agreement parameters. The architecture defined was based on Multi-protocol Label Switching (MPLS). The network was scaled for over 1500 PCs distributed between remote sites in Western/Eastern Europe, South America, Asia and Dearborn (USA) and the new main Core network Points of Presence (PoP) in Koln, Paris and Regensburg. Responsible for re-designing, implementing and initially configuring (where necessary) network equipment at the IP-VPN edge consisting of Cisco 3640 routers. The distribution layer consisted of 2600 series routers, and 3500XL switches. In the access network the existing infrastructure was maintained but re-designed and implemented with more Cisco 2620, 2611, 1720, 803 series routers, and 2900XL switches to future-proof the network for possible Voice over IP development and implement VLAN connectivity. In some of the more isolated locations where no infrastructure existed Wireless Local Area Networks using the Aironet 350 were implemented. The access methodologies used were native IP leased line, Frame Relay, ATM, Dial Access, Internet Access, xDSL and ISDN back-up. As part of the network architects role responsible for defining and implementing the Network security policy in accordance with ISO-17799 including the integration and testing of existing and new business partners, ENX.com and general internet connectivity. Responsible for providing Remote Access via dial-in and ISDN, through the design, implementation and configuration of both perimeter and Firewall security - Checkpoint FW01 and Cisco PIX 515UR- Network Access Server (Cisco AS5200 was used) with Radius for AAA applications and an ACE Server for token Authentication. The perimeter routers and the firewalls ran complete IPSec inclusive of triple DES, and ISAKMP. Main network protocol was TCP/IP. Routing protocols were EIGRP and BGP. The new WAN/LAN was to provide the internetworking for the following applications/network operating systems; Microsoft Windows XP; replication of Active Directory, DNS, WINS, Virus definitions, Centralised Administration, Creation of accounts, Microsoft Internal Applications, Microsoft Exchange 2000, using X400 and SMTP Connector, and IMC for Exchange. The core business applications were AS400 - booking of datasets, development of CAD Data; Citrix - using the ICA protocol to develop data sheets for core business; SAP - used for booking all processes; and EDI - Electronic Data Interchange

Following the merger of ScottishPower/PacifiCorp employed as Network IT Consultant in ScottishPower Group IT department, Glasgow, with two tasks. Task 1 was to analyse the present network and IT resources including the strategic needs of all individual business units of the organisation. The analysis had to ensure the commercial and technical viewpoints of stakeholders was taken into account, examine and document the existing ScottishPower core and access networks consisting of over a thousand Cisco 7513, 7507, 4700, 2600, 800, and 700 routers, Cat 6500 and 5000 switches, and their associated Information Services. The analysis was also inclusive of all network, IT management and security functions in compliance with BS-7799-1. Used such tools as Cisco Works / HP OpenView, and verified the interfaces to the Thus (Scottish Telecom) SDH/DWDM/IGX/BPX network for high-level network views. Following the analysis Task 2 was to develop a new IT, network and security strategy, for the approval of senior management. This strategy had to include plans on the redesign and implementation of an IT network to replace leased line and switched services. These services were to be replaced with more Frame Relay/ATM in the WAN and the use of more Voice over IP and other H.323 multimedia services. The complete network security was reviewed and tested including the rationalisation of the Radius server, firewall (Nokia 440 and 650 running Checkpoint 4.1) deployment and the use of IPSec (AH, ESP, DES/3DES), the incorporation of more VPNs (VPN 3000 concentrator) where necessary, and the replacement of obsolete 3-Com equipment, Core-builder, in the LAN. Familiar with Ciscos SAFE and AVVID architectures. Routed protocols used were IP, IPX, and main routing was via OSPF and some DecNet.

Subject Matter Expert (SME) subcontracted from Nortel Networks to start up customers with responsibility for kick starting the successful engineering, migration and deployment of various LO-CAP, HI-CAP core and access network projects including CompleTel PDMX_EC,PDMX-EV, TN1c, TN1X, TN4XE, INM R5.0.4 (Responsible for Upgrade) with Trail Manager, Optera Connect DX and Optera LH R2.0.1 and data networks involving Cisco 7507,4500, 2600, 3600, and CAT 5000 switches, Juniper Networks routers M5, M10 and M40 with Nortel SDH/DWDM network for city networks in Paris, Lyon, Marseille Lille, Munich, Nurnberg, Frankfurt and Berlin. Familiar with all aspects of the successful deployment of city and long haul networks including design, factory and systems acceptance testing, stand-alone commissioning, network integration and successful handover to customer within tight timescales. Employed in NOC after successful deployment to give third level support.

I was employed by a leading Belgian GSM network provider as the Core and Access Network Architect. Responsible for the initial design, producing detailed technical and core and access network specifications, producing Request for Quotation (RFQ), evaluating supplier responses, factory and systems acceptance testing, stand-alone commissioning, and network integration of a new SDH network and access network using IP Telephony on the CATV local loop to provide IP access to any ISP, PSTN/ISDN and H.323 multimedia services. Designed associated DCN with Cisco 2500, 2600, and 3600 routers,and synchronisation components, with two aims:

a. Minimise the requirement for all Belgacom X.25, leased lines, ISDN between MSCs and BSCs and between BSCs.
b. Design enough capacity in Network for additional services ie IP, ATM etc.

I successfully deployed national core and regional networks consisting of Nortel TN1c, TN1X, TN4XE, TN16X, EC_1 R13 and INM R4. Main Protocol used was IP

During this period I was employed by new German national network provider as a Core and Access Network Consultant. Involved with the initial design, technical and network specification, producing Request for Quotation (RFQ), evaluating supplier responses, factory and systems acceptance testing, stand-alone commissioning, core and access network integration of a new SDH network for customers such as Mannesman. Familiar with Lucent LXC 16/1, LXC 4/1, ISM2000, Phamos management system, Bosch DRS 7500 and 13000 SDH radios in transport network, and later Bosch MSV5 MS1/4, Bosch PMP and Bosch (Ericsson) Minilink E radio systems in access network.