|
|
ostatnia modyfikacja:
Strona w sieci od 2003-04-22
Arkadiusz Majer
Chronological Resume
2020/09/01 till now:
Service Delivery Manager in Security/Firewalls area + Senior Security Engineer, Assa Abloy (Kraków)
|
|
Roles:
- (primary) Service Delivery Manager in Security/Firewalls area
- (secondary) Senior Security Engineer (3rd line/top line) for firewall-related subjects
Responsibilities:
- Security-related projects/services/solutions.
- Focusing on firewalls (Palo Alto Next-Gen firewalls: physical and virtual, on-prem/private cloud/public cloud; Checkpoint & Cisco firewalls: on-prem), but also coordinating projects around security services/firewalls.
- Communication between divisions/towers around above subjects.
- Communication with vendors, escalations.
- Supporting PMs with technical knowledge.
|
2019/12/01 - 2020/08/31:
Consulting Engineer - Security, Cisco (Kraków), CX Advanced Services / through Wipro (aka 'contractor')
|
|
Security domain in Customer Delivery
- Cisco FirePower NextGen Firewall / FirePower Threat Defense (FTD)
- Cisco Identity Services Engine (ISE)
plus some very basic exposition on SD-Access and DNA Controller
|
2018/08/01 - 2019/11/30:
Sen. Security Engineer, Aon (Kraków), dept. Network and End-Point Security
|
|
CyberSecurity division.
Implementing changes and resolving issues related to security domain.
Domain made of both physical devices (owned) and virtual instances (cloud services: AWS, Azure). Key vendors/devices being used:
- VMware vSphere
- Palo Alto (7k series HW), PA VMs in cloud services, working with VMware NSX, plus Panorama for management/log collection
- Cisco ASA
- F5 (Viprion for VMs, also some other F5 devices like F5 3900) for GTM and LTM (physical devices and virtual instances)
- BlueCoat (now Symantec)
- McAfee (IDS)
- Juniper MX480, Juniper QFX (10k series, 5k series), Cisco Nexus 9k, Cisco MDS
Some technologies being used:
- MPLS (L3VPN over MPLS), MP-BGP, LDP, IS-IS, EVPN (rfc7209, rfc7432, rfc8365) - also with EVPN over VXLAN encapsulation, BGP-LU (label unicast). Overlay + underlay approach, spine&leafs
|
2014/09/01 - 2018/07/31:
2016/01/01 - 2018/07/31: Network Engineer II (aka NetEng), AKAMAI formerly Prolexic (Kraków, PL), dept. Networks-Network Infrastructure
|
|
Top level of escalation/support for Security Operations Center teams. Implementing changes, investigating complex issues, involving network carriers&hardware vendors. Managing&building scrubbing centers
|
2014/09/01 - 2015/12/31: Network Engineer (aka NetOps), dept. Security Operations Center (SOC)
|
|
Working for SOC team in Akamai/Prolexic. Managing&monitoring network infrastructure and network devices in Akamai/Prolexic scrubbing centers, used for mitigating DDoS attacks. Coping with network issues and incidents, solving network problems, supporting SOC team in some mitigation issues.
Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission critical Internet facing infrastructures for global enterprises and government agencies within minutes. Six of the world's ten largest banks and the leading companies in e-Commerce, payment processing, travel/hospitality, gaming and other at risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first 'in the cloud' DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia.
|
Exams:
2013/01/02 - 2014/08/30:
Senior Network Security Engineer, Alcatel-Lucent (Bydgoszcz, PL), dept. TS&FE/MSO
|
|
Security-related tasks
2013-01-01 till 2014-05-31 in BASE (KPN Group Belgium) project (GSM operator in Belgium) then for some short period for Surfline Ghana and Vodafone Qatar projects (Fortinet, Bluecoat, F5, developing fresh brand new network in Surfline and maintaining existing network in VFQ)
In general: implementing changes and coping with incidents involving devices/vendors like:
- Juniper (ISG firewalls & NSM; changes+incidents)
- Fortinet (FortiGate, FortiCarrier, FortiAnalyzer, FortiManager; changes+incidents)
- BlueCoat (ProxySG, BlueCoat Director; changes+incidents)
- F5 (load balancers, Enterprise Manager; changes+incidents)
- IronPort (SMTP relays, basic management)
- Infoblox (DNS, occasionally)
- Huawei switches (occasionally)
- Cisco routers (minor actions: incidents)
Implementing changes, resolving network issues, upgrading software, taking part in development of new features and services.
BASE project has been taken over by Tech Mahindra, for 6+ weeks I was staying in Hinjewadi/Pune, India, providing trainings and knowledge transfer to Tech Mahindra engineers (security team).
|
Trainings:
2012/06/18 - 2012/12/31
Network Engineer, ATOS Origin (Bydgoszcz, PL), dept. NS&CS UK
|
|
Assigned to team responsible for UK projects (managing customers’ networks of UK group). Working with Cisco devices (routers, switches-also with FWSM/ASA/LB modules, load-balancers), Checkpoint firewalls, network analysing devices (NetScout).
|
Exams:
2004/12/01 - 2011/09/30
Senior Network Architect in Telekomunikacja Polska S.A., Pion Sieci i Platform Usługowych Grupy TP (Warszawa, PL)
Tasks&responsibilities:
|
|
Since January 2005: Responsible for capacity planning of TP POLPAK core network, especially in terms of deploying ADSL services (Neostrada, InternetDSL, wholesale DSL) and also corporate services (Metro Ethernet, MPLS interconnections). Access to core TP POLPAK network (based on Juniper routers).
January 2007 – September 2007:
Management of TP Corporate Core (router management, capacity planning)
Since August 2007 (primary task):
I become a part of EQUANT IPVPN team (EQUANT IPVPN - old name of Orange Business Services /OBS/, before rebranding) responsible for business VPN services (VPNs based on IP/MPLS) with strict cooperation with OBS engineers in other countries (mainly in home of OBS - France). I was responsible for PE/RR/P engineering rules, evolution of VPN services (capacity planning, core/edge development, core services development, edge /customer/ services development like BusinessEverywhere). Developing IPSec services (IPSec terminated on Cisco 7200 boxes) for mobile users for access to their VPNs from Internet cloud. Developing NAT/FW rules on Juniper boxes (Junipers used as PE/FW/Internet Gateways). Creating engineering rules for NNI interconnections (RF 4364, back-to-back VRFs) between Telekomunikacja Polska S.A. (TP S.A.) and its partners (Telefonica from Spain, T-Systems from Germany).
Since December 2009 taking part in project for core merging (merging of two separate backbones- IP/MPLS backbone for domestic services, like home xDSL users/Neostrada users, and dedicated IP/MPLS backbone for IPVPN business services). This project is running now in TP S.A. - my part was to prepare engineering base for merging, several scenarios for merging. And, the last stage of this project during my employment- some financial analysis of this project. Everything with very strict cooperation with OBS. This project is very unique on international scale- many telecoms would like to do such thing for cost cutting.
Since July 2007 (secondary task):
Maintaining laboratory with main equipment of TP S.A. core network (Juniper m160, m40e, m10i; Cisco GSR, ESR, 650x, 760x and many others; Nortel Passport 100k, 20k; Nortel Optera Metro - for DWDM ring). Creating and providing environment for software/hardware/configuration/availability/performance tests, for internal TP SA needs. Also providing hardware/software environment for certification purposes. Deploying CACTI for lab monitoring (on FreeBSD + MySQL + Apache + PHP). Deploying remote access with IPSec to lab.
|
Trainings:
2003/09/01 - 2012/09/30 also as freelancer (running own business)
Support&Network projects for various clients
|
|
I got “NAT0-Secret” clearance (it was a must to be a contractor in an Exchange+X.400 project for NATO). Certificate valid through 2008/12/11
securing networks, implementing FW and IDS systems (FreeBSD and Windows platforms) (primary Snort+ ACID/BASE+ MySQL+ apache+ php+ barnyard on FreeBSD platform, also on MS Windows)
|
2002/07/01 – 2003/08/31:
LAN/WAN Administrator in ROSSMANN SDP Sp. z o.o. (Łódź, PL)
Responsible for:
|
|
- Configuring network devices. Responsibility for network security. Monitoring local network, administrating firewalls, maintaining antivirus servers structure (Symantec AV Corp. Edition, plus ca 150 workstations-clients).
- Administration Windows NT-based network. Administrating MS SQL 2000, Oracle 8.0.5, MS Exchange 5.5, print and file servers, RAS-servers. Responsibility for tape back-ups (using Veritas BackupExec 9.0 with tape library).
- Maintaining secure communications to Internet and more than a hundred shops in Poland, via Frame-Relay and ISDN links. Installation/configuration/maintenance of linux/FreeBSD-based servers (firewalls, proxy, www, dns). Implementing IDS system (Snort/MySQL/ACID/apache), on FreeBSD platform.
- Helpdesk services.
|
Trainings:
2001/10/01 – 2002/06/30: As freelancer
Network projects for various companies
|
|
- Designing and implementing networks for companies like Euronet, Pol-Pager, Prochem S.A., “Administracja Domów Komunalnych”, Orix etc.
- Implementing FreeBSD-based servers with intranet services, like www, proxy, news, IRC, FTP, for internal users of Raiffeisen Bank Polska S.A.
- Reorganizing and securing Raiffeisen Bank network.
- Developing project for VoIP and BGP for internal Telecomm Systems Sp. z o.o. purposes.
- Network security audit in Rossmann SDP - Łódź
|
2000/04/01 - 2001/09/30:
WAN Administrator in TP Internet Sp. z o.o. (Warszawa, PL)
Responsible for:
|
|
- Configuring and maintaining Cisco network devices.
- Monitoring and administration of TPI network (based on Fast/GigaEthernet, ATM and Frame-Relay).
|
Trainings:
Exam:
Personal accomplishments:
|
|
- Building tremendous network infrastructure in TP Internet, based on Cisco hardware (routers 75xx, switches 65xx, PIX Firewalls 520, LocalDirectors 430, NetRangers). All TPI services depends on this network: www.portal.pl, mail.idea.net.pl, www.tpsa.pl, www.signet.pl, Quake server, one of the biggest news servers in Poland - news.tpi.pl, "Konta dla Szkół", hosting of servers and services for TPI customers.
- Developing network for real-time TV transmissions during first BigBrother edition, with implementation of RealAudio streaming.
- Implementation of CiscoWorks 2000 and Resource Manager Essentials for network monitoring, on Sun Solaris 7 with HP OpenView. Installation of AAA system (Cisco ACS and Livingstone RADIUS), to control access to network devices and to enable remote access for TPI administrators.
- Rebuilding WAN network to connect TPI partners and customers.
- Supervising and securing network (introducing Cisco NetSonar for scanning vulnerabilities and Cisco NetRanger as an IDS). Taking parts in security audits. Implementation of security policies.
- Co-operation with Signet during implementation of PKI system.
- Rebuilding and enhancing hardware and network structure for efficiency, quality and functionality.
|
1999/10/01 - 2000/03/31:
LAN Administrator in UNiSYS Corp. Polska Sp. z o.o. (Warszawa, PL)
Responsible for:
|
|
- Administrating NT servers and office LAN.
- Implementing security policy based on ENSI security audit.
- Securing, monitoring and maintaining LAN to ensure the highest security level because of personal information database of Norwich Union
|
Personal accomplishments:
|
|
- Mastered MS Exchange which was used as a data workflow system in office.
- Tested various juke-box systems for data archivization.
|
1998/04/01 - 1999/09/30:
LAN/WAN Administrator in TECHMEX S.A. (Bielsko-Biała, PL)
Responsible for:
|
|
- Maintenance on Microsoft, Novell and SCO Unix systems.
- Administration of Alcatel 4220/Alcatel 4400 PABXs.
- LAN/WAN administration, based on Cisco devices (routers, switches, firewalls).
|
Trainings:
Exam:
Personal accomplishments:
|
|
- Perfectly mastered LAN/WAN environment.
- Migration from Alcatel 4220 to Alcatel 4400 PABX. Full implementation of A4400, with installation of Voice Mail system, Interactive Voice Response system, and voice call management.
- Establishing connection between Techmex headquarters (Warszawa and Bielsko-Biała) based on Frame-Relay protocol and Cisco routers.
- Launched Citrix MetaFrame on Windows NT 4.0 TerminalServer Edition to ensure remote access and transactional operations from stations in Warszawa HQ, to SQL database installed on Digital Alpha 7300.
- Taking parts in implementation of MRP2 system-GPS DyNAMICS 5.0 based on MS SQL v6.5.
- Introduced Techmex Web server based on MS IIS v4.0 (a migration from web server based on SCO Unix and Apache).
- Completely rebuild existing cable infrastructure to ensure structuralism and Cat-5 standards.
- Rebuild LAN topology and structure to guarantee the highest possible security level (via installing and implementing Cisco PIX Firewall, creating DMZ for public-accessible servers, upgrading and enhancing active network devices).
- Interesting hardware configurations for different promotions, customer trainings and shows (for instance, configuring ISDN connection between Cisco routers and Alcatel PABX working as a ISDN switch to test various ISDN protocols).
|
1997/08/01 - 1998/01/15:
PC Hardware Technician in ComarLand S.C. (Jastrzębie Zdrój, PL)
Responsible for:
|
|
- Installation/configuration/repairing PC hardware.
- Installation of operation systems and applications.
|
Personal accomplishments:
|
|
- In-depth knowledge of PC hardware.
- Familiarity with MS Windows 95/98/NT4.0.
- LAN/WAN basics.
|
Additional skils:
Intermediate shell (bash) scripting, coding in python, using jinja templating environment. Basic perl
Languages
English: full professional proficiency
German: basic
Polish: native
Education
1997-1999Interrupted individual studies at Silesian Technical University, Gliwice.
1994-1997Silesian University, Sosnowiec. B.A., Computer Science
Technical interests
Securing IP networks. Creating and implementing firewall systems. Integration of heterogeneous network systems with telco communication systems (like PABXs). Designing, implementing and troubleshooting TCP/IP networks.
TCP/IP data flow analysing, monitoring, bandwidth management, access-control.
Hobbies
mountains (trekking and climbing), sailing, extreme sports, baroque music, s/f literature, dogs (training)
|
|