top of page

Hello my name is Keith Clark and I am currently residing in Clemmons, North Carolina. It has been a great adventure getting here and am looking to explore Information Technology opportunities either within the area or remote.  See below for some of what I do and if I can help your business please reach out. Thanks

Dedicated Senior Network and Systems Engineer with 20+ years of experience in designing, implementing, and maintaining complex IT infrastructures. Proficient in optimizing network performance, ensuring system security, and providing strategic technical solutions to meet organizational objectives. Skilled in troubleshooting intricate issues and delivering high-quality support. Adept at staying abreast of emerging technologies to drive innovation and streamline operations. Committed to fostering collaboration and delivering exceptional results in dynamic environments.

Key Skills:

Network Design & Architecture

Systems Administration

Security Implementation

Project Management

Virtualization Technologies (VMware, Hyper-V)

Network Monitoring & Optimization

Disaster Recovery Planning

Team Leadership & Collaboration

Professional Experience:

Sr. Network Engineer:                                               Aero Technology Group              Buffalo, NY                       MAR 2017- Present

 

Key Projects and Achievements

Network

  • Perform Cisco ASA 5505 headend\tail site migration to Firepower threat defense system 7.2 \ISE-PIC for local pharmacy, establish redundant WAN along with all aspects of firewall management NAT\ACL|URL filtering\Malware\IPS policy’s explicitly defined ingress\egress zone-based access control rules heavily regulating only allowed stateful port\protocols and next generation application layer rulesets where CAB approved.

  • Implement remote user Cisco AnyConnect security card-based start before login 2FA VPN.

  • Configure various VPN clients to support user base VPN access, Windows Native or others OpenVPN etc.

  • Create and establish multi-site Mech VPN, Split tunnel, hairpin crypto maps.

  • logical and physical Visio network drawings overview documents created & updated annually to show infrastructure changes and evolvement of business.

  • Perform network assessments for various industries including town municipalities, manufacturing, non for profit and many others.

  • Create secure area security card restricted hidden WIFI.

  • Migrate Nortel Avaya switch stacks including VLANs over to HP 4-member access layer stacks and implementation of HP Aruba cores with Virtual switch framework.

  • Create VLAN’s to support production, trunks, LAG to Core, re-cable MDF for new stacks and removal of Nortel stack etc.

  • Unifi platform configuration including controller setup and settings push to USG security appliances, switching and AP’s, Site to Site IPSEC, Remote VPN users, Secure gateway port forwarding etc.

  • Secure and establish Wi-Fi bridge when needed to expand company infrastructure over physical boundaries.

  • Deployment and configuration of any firewall\switching necessary for the customer.

 

Systems

  • NIST 800-171\CMMC 2.0 compliance technical remediation lead (artifactual representation for element remediation\ built and configured Jira to house compliance framework along with customized production and enclave ticket system for change management\evidentiary representation of compliance maturity) secure enclave for CUI, policy & procedures for controls. Establish system security plan & POAM relating to the inadequacies discovered within gap analysis.  

  • Support local RF (radio-based ISP) network failures to restore connectivity, primarily brocade switch replacement into the OSPF topology.

  • Replaced domain elevated user accounts (local & domain admins) with interactive restricted security card access only.

  • Establish BitLocker with pin, smart card 2FA restricted company owned laptops for remote users, disable ability to store domain cached credentials.

  • Design and configure secure VLAN defined enclave to house compliance required CUI and establish RBAC security groups-based NTFS folder level access.

  • Install, manage & configure certificate authority for smart card support. Configure enrollment templates to support smart card usage and enrollment stations.

  • Establish Isolated VLAN management station to prevent sensitive systems from being accessed from other domain systems.

  • Configure Kali Linux with OpenVAS vulnerability scanner and ethically attack internal systems for vulnerability exploits and with notification to the business create change ticket to log the exploit and approval to patch.

  • Establish Microsoft security baselines targeting OS builds using WMI filters many aspects of GPO usage \Printer\Drive mappings, windows firewall, WIFI restriction, BitLocker protector certificate-based network unlock & GPO to establish system BitLocker parameters with PIN, force encryption of removeable drives.

  • Configure and establish RDS server and locking down with GPO for standard user access.

  • Manage Digium Asterix phone system and feature/functions/SIP registration of site SNOM phones along with some basic IVR programming.

  • Office 365 migration from a recovered information store of failed in-house Exchange server.

  • 2012/2016/2019/2022 server Build’s, AD, DNS, DHCP, NTFS, CA, NPS, WDS

  • Iosafe NAS & HP SAN storage management LUNs with CHAP based ISCSI targets enabled for windows server backup and secure enclave CUI storage.

  • Recover business from ransomware by rebuilding domain, migration of profiles, re-establishment of server roles, remote access and data recovery using offsite backup.

  • Support variety of local business Industries and related application support. Examples: dentistry, veterinary, accounting, attorney Firms, wholesale, manufacturing, nonprofit etc.

  • Trace out and label patch panel cable runs, manage all aspects of end user environment, desktop replacement, application support, anything needed by customers.

  • Disk cloning mechanical to SSD or NVME

  • Hyper-V installation & Configuration, replication partner/Live migration tasks, Physical to Virtual conversions.

  • Support\Configure MSP related offerings such as Datto & Syncro RMM\Webroot\TitanHQ\Cisco umbrella etc.

 

Network Engineer:                                     TEKsystems Contract Delaware North                Buffalo, NY                       JUL 2015- FEB2017

Key Projects and Achievements:

Network

  • Responsible for running 10GB fiber from access to core, ethernet cabling within datacenter.

  • Configure cisco 2900X series edge switch stacking & and configuration of edge ASA 5510 & 5520 Firepower firewalls in new data center location.

  • Configure Corporate MPLS HSRP, Corporate internet facing GLBP. Create MPLS access-list in support of Field to Corp POS and local field VLAN traffic governance.

  • Configure Antonymous\Stacked 2960X model switches for production. CLI configuration of all layer2 production requirements AAA, VTY Line, SSH, STP, SNMP, VLAN, TACACS, VTP, Hardening. Where necessary Image switch, Firewall members to latest known IOS image

  • Configure layer 3 6513E core switch LACP fibred 10GB member port channels for edge switch, VRTX blade support. Create Core VLAN ACL for segmentation of guest wireless, security VLAN’s pertaining to cameras, AV.

  • Configure ASA 5505 5510 5516 5520 5525 autonomously or context, high availability pairs for production. Configure Firewall rules for site and headquarters for PCI compliance in credit card processing. Develop standard rules to support field to headquarter communications or field to field, local to local.

  • Provide troubleshooting through Core VRF, EIGRP redistribution to MPLS BGP environment.

  • Lead Yosemite National Park network decommission by managing boots on the ground and timing of operations for geographically dispersed Hughes hosted satellite & MPLS locations
    Configure Cradle point VLANs for remote site 4G access IPSC L2L VPN tunnel back to headquarters and ensure source base routing in place for clean room access.

  • Configure Antonymous Cisco Aironet or cloud-based Meraki access points.

  • Manage Cisco switching, ASA Firewall build or existing configurations pertaining to Admin, DMZ, POS VLAN’s

  • Creating AAA device groups for clean room ACS or Admin ACS and performing troubleshooting any replication issues pertaining to AD or account specific group mapping, shell profiles.

  • Remote decommission of subsidiaries removing security related information from wireless, switching, firewalls and leaving in place a workable network for transition team.

  • Support of PON by reviewing OLT forwarding tables or Alarms with ability to locate and repair bad ONT’s.

  • SNMP Community V1 V2 removal and SNMP V3 implementation across all subsidiaries network devices 2000+

 

Systems

  • Assist in move of Data Center including design of rack enclosure elevation, rack mounting switching, Firewalls, Routers, Servers

  • Create rack elevation, cable map, network standards, Visio diagram, Firewall rules documentation for Data center and field locations. Work within PCI compliance objectives pertaining to POS compliance.

  • Performed inline upgrade to Cisco Prime 3.1 including backing up to NFS remote repository. Configure device collection of field and headquarters network devices using SNMP V3. Configure virtual domain delegation for field personnel by exporting attributes into ACS.

 

Network Analyst:                                        HSBC     Buffalo, NY                                     NOV 2011- JUN-2015

Key Projects and Achievements:

Network

  • Work with Canadian based Allstream in troubleshooting the businesses MPLS topology.

  • Manage day to day aspects of branch office local or international Cisco routers and switches.

  • Troubleshoot OSPF topology issues and report on findings.

 

Systems

  • Work performed in the Network operations control center consisted of analyzing and providing technical support for data and voice communications network during overnight shifts.

  • Work within ticketing environment correcting issues or expediting issues to appropriate personnel.

  • Trace out end device related issues through port channel to switch endpoint.

  • Work within F5 to redirect failover traffic for application teams to isolate application side issues before placing back in production.

  • Assist ATM technicians whenever necessary.

 

Network Engineer Consultant:                 Inspired IT          Buffalo, NY                      MAR 2011-JUL 2011

Key Projects and Achievements:

Network

  • Install & configure various firewalls, Wi-Fi & Lan network topologies in support of remote or local topologies.

 

Systems

  • Performed unassisted domain migration from 2003 Server to SBS 2011 including new server build out, RAID, moving data, NTFS, Accounting software, Office 2010, Exchange 2010 with SSL, AD redesign, group policy build out, network scan location, Cisco ASA 5505 configuration including client VPN access authentication using Radius, Wireless WPA enterprise to radius configuration applied etc.

  • WSUS configured for updates to desktop systems along with pushing out necessary packages such as group policy extensions etc.

  • Work with existing implementation of XenCenter for management of virtual guest systems housed on cybernetic SAN.

  • Performed redesign of back up jobs for many different versions of Backup Exec

  • Performed off hour’s upgrade of mission critical service CEO Application for client.

  • Initiative-taking approach for any client systems including AD redesign, GPO review, along with verifying basic services such as DNS configured properly with scavenging etc.

  • Provide support for family practice Medent application and re-configure spirometer client systems by porting data to central location and accessing with MS access ODBC driver.

  • Perform all types of application support, end user related issues, desktop system related problems and overall troubleshooting for any type of problem that may come up in a day.

  • Installed and configured SCCM 2007 along with deployment of applications to desktop systems.

  • Configure and move GFI mail archive database to new SQL server instance.

 

 

Network Engineer:                                     The PCA Group                Buffalo, NY                             SEPT 2008-OCT 2010

Key Projects and Achievements:

Network

  • Install & configure Cisco ASA 5510 Firewall to support 10 disparate organizations for their own Lan network access & internet. Cisco Access points configured with WLC presenting each organization with their Uniquely identifies hidden SSID’s. Buildout of sub-interface & switch VLAN assignments along with NAT, ACL, Objects etc.

  • Configure various firewalls such as watchguard\SonicWALL\Linksys\Pfsense\CiscoASA and applicable rules governing traffic in and out of organization etc.

  • Configure various VLAN subnets with appropriate subnet CIDR to support necessary hosts, device counts.

  • Efficiently troubleshoot internet or network outages and timely restore.

 

Systems

  • Desktop Authority installation, configuration, and deployment to desktop systems.

  • Manage Citrix XenApp essentials advanced mode implementation overhaul project from beginning to completion including configuring remote locations with branch office VPN configured watchguard firewalls. Project also entailed old domain to new domain, email migration.

  • Blackberry 4-5.0 server Installation, configuration, and support of wireless sync blackberry phones along with desktop software sync or configuring for Outlook Web Access.

  • Assist in moving externally hosted email to internal Linux red hat Zimbra solution along with configuration of outlook clients with secure pop access to Zimbra mailboxes.

  • Work with vendors to install and support applications including that of ACT, AST, Secure AP, Medical Dictation, UPS Shipping configurations, multi-function copier\scanner scan to file\email configurations etc.

  • Exchange 2007 transition for 50+ exchange 2003 user mailboxes with ability to perform operations within power shell.

  • Completed overhaul of client desktop\server systems during production hours which included replacement of Nitix Linux based server responsible for network & file services. Replaced failing Nitix server with SBS 2008 64bit along with recreating security groups\NTFS permissions\user accounts\Home Directories\active directory design\ group policy creation for desktop lockdown.

  • Successfully moved email from externally hosted pop provider to internal Exchange 2007 and configured outlook clients.  Purchased and installed on behalf of client UCC SSl certificate for supporting exchange auto configuration.

  • Install\support\configure Citrix XenApp farm with standard SSL certificate for secure gateway configuration. Customize Citrix polices for remote access\printer support along with published applications etc.

  • Acronis True Image server\workstation installation and configuration for client servers\workstations and scheduling backup jobs.

  • Installation and configuration of all Microsoft desktop operating systems and applications.

  • Introduced and implemented remote offsite backup solution used for disaster recovery.

  • Installation and configuration of Barracuda spam 300 series, Web Blocker appliances

  • Virtualized production Exchange 2003 server, SBS 2003 Server using VMware server.

  • Recover from server Raid failures by replacing drives and reestablishing redundancy or expansion of array using Acronis Disk Director to gain additional free space.

  • Resolved DOS based application communication issues with CNC machine by placing port on appropriate VLAN.


Sr. Systems Engineer:                                 Ievolve, Inc                      Amherst NY                        DEC 2006-AUG 2008

Key Projects and Achievements:

Network

  • Cisco Wireless 1130AG configuration and security

  • WatchGuard firewall-based branch office IPSEC VPN

  • Configuration of autonomous Cisco Aironet access points & WIFI extenders

  • Configuration of various switching Net gear, HP.

  • SonicWALL firewall multi-site deployment

  • Various cabling related jobs running Cat5 into MDF or IDF locations, wall jack punch down.

 

Systems

  • Build Citrix farm and replace 25+ existing custom pcs with HP\WYSE thin clients to connect with Citrix Server 4.0.

  • Migrate on premise server systems to data center colocation.

  • Upgrade Citrix 4 farm to XenApp by adding additional farm member and configuration of applications on to new member. Convert existing Dell\IBM\HP end user systems to access Citrix \local printer mappings only.  Configure sound policies to support remote office headset use for online training.

  • Blackberry Enterprise installation & Configuration for blackberry phones.

  • WSUS Installation\Configuration\Deployments

  • Configure various antivirus platforms including Etrust, Symantec endpoint, Bitdefender, avg.

  • Configure various vendor specific plotters, multifunction copiers, label & user printers & scanners.

  • Provide support for municipalities systems & application within associated departments such as highway department, assessors, Town court, police headquarters, Town Clerks office,

  • Exchange 2003 to Exchange 2007 migration and configuration of connectors, SSL, mailbox management end device outlook management.

  • Configure multiple backup systems local & remote.

  • Domain buildout from workgroup, migrating end user profiles and settings & overall re-establishment to domain resources.

  • Symantec ghost installation and configuration for sysprep image-based deployments.

 

Erie Community College
Associate of Applied Science

bottom of page