Engineer Security
Resume:
WEI XU
ab82rh@r.postjobfree.com US Citizen
CAREER OBJECTIVES
To obtain a position as an Chief/Principle Architect in delivering cutting-
edge solutions and IT modernizations with my 15-years unique experiences of
technology vision, business strategy, strong leadership, analytical
thinking, innovative solutions, and versatile in-depth hands-on skills for
high performance networks, virtual infrastructures, highly scalable
systems, security architectures, software development, application
implementation, system deployment, enterprise business, and process
integrations.
KEY AREAS OF REORGANIZED EXPERTISES
. Principle Architect - Designed thousands of networks at gov, military,
finance & cloud environment since 2006
. Subject Matter Expert - Created solutions for network, security, Cloud,
and software computing since 2002
. Entrepreneur - Founded one of the top 15 startups in the East Coast, by
RedHerring Communications in 2001
. Software Expert - Developed numerous application with Java, DotNet, XML,
Web, and database since 1994
. VPN Expert - Solely implemented the first commercial VPN (Gauntlet
products) in IT industry in 1994
. Firewall Kernel Expert - Developed the well-known and rated #1 Firewall
(Gauntlet FW) during 1994-1998
. TCP/IP Protocol Expert - Developed the third-generation transparency
firewall in 1994
. Professional Education - two M.S. of applied physics, electrical
engineering, and computer sciences
EXPERIENCE
08/2010 - Present, Chief Architect (KForce),
KForce, Inc. 12011 Sunset Hills Road, Suite 450, Reston, Virginia
20190
Responsible for defining network engineering solutions that meet the
infrastructure, software and functional requirements of the large and
mission critical application system of the financial services. Function
as Subject Matter Expert (SME) on the security and network architecture
for engineering solutions to meet on demands of preventive, corrective,
adaptive maintenance and modernization.
Highlights
- Define, design, conduct, and document the entire Disaster Recovery
Data Center within 6 months including network infrastructure (Nexus
7K/5K), virtual security (VSX/VIORION), and virtual storage
(VMAX/VNX/NetApp).
- Develop engineering artifacts to modernize data center networks,
especially the virtual DC concepts
- Coordinate technology solutions with stockholders of business,
architecture, security, and operations
- Establish and maintain strong professional relationships with
program staff; business owners; peers; and senior management and
functional support personnel.
- Help Verizon Terremark for complex Cloud design, engineering, and
customization.
09/2010 - 08/2011, Chief Architect,
US Department of Transportation, 1200 New Jersey Ave, SE Washington,
DC 20590, USA
ActioNet, Inc. 2600 Park Tower Drive, Suite 1000, Vienna VA 22180
Provide strategic visions, architecture design, and business case
formulations for developing infrastructure projects, DOT IT shared
service infrastructure featuring system virtual computing clouds, secure
networking infrastructure, virtual storage architecture, and control
management automation for supporting more than 12,000 employees plus 350+
agencies.
Highlights
- Modernized networks for IT Shared Service infrastructure with Cisco
Nexus, VMWare and, EMC products
- Designed scalable cloud computing systems for Exchange 10, Virtual
Desktops, SharePoint 10, and others
- Developed CMDB processes integrated with monitoring, auditing,
ticketing, and self-healing for remediation
- Standardize enterprise project frameworks supporting complex and
large-scale engineering projects
- Defined architecture for next-generation network infrastructure and
operation analysis models
- Helped Verizon Terremark for complex cloud design, engineering, and
customization.
4/2006-09/2010, Senior Network Architect
Electronic Systems, Northrop Grumman, 7040 Troy Hill, Elkridge, MD
21075, USA
04/2006-10/2008 contract through Advanced systems, Inc. 8280 Willow
Oaks Corporate Dr, Suite 725, Fairfax, Virginia 22031
10/2008 - 09/2010 contract through American Cyber Systems, Inc. 2400
Meadowbrook Parkway, Duluth, GA 30096
Worked as a network group leader with hands-on implementation of many key
network infrastructures, including architectural design, and engineering
life cycle activities for carrier-class networks with one dozen Network
Operation Centers (NOCs), hundreds of remote offices, thousands of
networking devices, security appliances, and applications from Cisco, MS
Windows, Motorola, Harris, HP, and the others.
Highlights
- Created advanced security: n-tier multi-zone Firewall defenses, DMVPN,
and adaptive virtual securities
- Designed, automated, staged, and implemented IP/MPLS VPNs with OSPF,
EIGRP, and BGP
- Implemented traffic engineering QoS for VoIP/IPT, video, and mission
critical apps with MPLS EoSDH
- Designed and Implemented multicast across IP/MPLS backbone for
satellite networks
- Solved numerous complex issues for network performances, security
reactions, and system stabilizations
- Developed Windows servers: Active Directory, Emails, DNS, DHCP, PKI
Certificate Servers, and more
- Integrated real-time network monitoring, trouble ticketing, traffic
analyzer, and security auditing
8/2005-4/2006, Chief Technology Officer
iCore Networks. 7900 Westpark Drive, McLean, VA 22102, USA
Created and led innovative technology solutions for VoIP and data
services using IP-converged virtual service network infrastructures over
MPLS with per-customer-based virtual segmentations for thousands of
subscribers.
Highlights
- NOC infrastructures of virtual segmentations with Cisco MPLS, router,
switch, FW, VPN, and IPS.
- VoIP hosting with PRI gateways and IP PBX gateways and VoIP survivable
solutions
- Automated VoIP billing system and report analysis
- Virtual adaptive hosting services for network Firewalls and performance
monitors
9/2004-8/2005, Senior System Architecture and Network Infrastructure
Engineer
Deloitte Consulting LLP, 1750 Tyson Blvd. McLean, Virginia 22102 USA
Provided professional services for OneNet infrastructure, quality
controls, and security architectures for Department of Homeland Security
(http://www.dhs.gov/dhspublic)
Highlights
- Networks: router, switch, VoIP, Wireless, full-mesh WAN, and network
access centers
- Security: Firewalls, IPS, virus, proxies, and access controls
- High-availability: data compression, packet shaping, bandwidth
optimization, and traffic acceleration
- Documents: privacy assessments, and Certification & Accreditation
Process
5/2003-8/2004, Senior Network Engineer
Intersections, Inc. 3901 Stonecroft Blvd, Chantilly, VA 20151, USA
Performed data-center reconstruction, migration and consolidation with
CISCO CCIE solutions for identity management services
Highlights
- CISCO high-availability service networks for multiple-path remote call
centers and B2B financial networks with cluster switches and WAN
concentrators (BGP, OSPF, EIGRP, and GLBP protocols)
- Advanced security with IOS Firewalls, VPN/IDS routers, PIX 515/525
Firewalls, IPS 4200 Sensors, CISCO Security ACS, and Wireless Access
Points
- Multi-path hosting center disaster recovery
- IT auditing and monitoring solutions: CISCOWorks, Solarwinds, BMC,
MRTG, Whatsup, and others
- Performance provisioning with F5 clusters, database servers, and fiber-
channel NetApp systems
1/2000-4/2003, Chief Technology Officer
Spontaneous Networks, Inc. 6903 Rockledge Dr. Bethesda, MD 20817, USA
Created innovative concepts, drove marketing strategies, and conducted
development activities for an open and non-intrusive product that would
allow network service infrastructures being defined, prototyped,
delivered, managed, switched, and transformed by clicking a mouse button.
"Spontaneous Networks, among the top 15 companies, represents one of the
strongest early stage start-ups in security infrastructure coming out of
the East Coast" by Anthony Perkins, Chairman & Editor in Chief,
RedHerring Communications, in 2001.
Highlights
- Network appliances on Intel's Network Processor with Linux kernel and
real-time embedded Lynx
- Virtual GigEthernet switching controllers for extremely high-
availability (HA) service infrastructures.
- Dynamic virtual Firewall policies, adaptive IDS, integrated with CISCO,
ISS, and NFR
- Heartbeat HA of N+1 failover and redundant architectures
- Domain service integration with virtualized authentications, integrated
with variety of authentication products (JCSI Kerberos, JAAS, RSA ACE
Server, SecureID, and LDAP/Active Directory).
- Java messaging, caching, Swing, and XML/XSL/DTD client-server
management services with Apache Tomcat, relational databases, object
cache, multi-administration privileges, and others.
1/1999-11/2000, Senior Information Security Consultant
Predictive Systems, Inc. Herndon, VA 20170, USA
Provided network security expert services to IT organizations solving
business challenges through the integration of secure technologies as
discrete services with comprehensive solutions.
* MCI WorldCom (UUNet), Fairfax, VA (2/1999)
Performed architecture design and tech demonstration of UUFax network
security with an add-on VPN security infrastructure eliminating
software engineering
* International Satellite Organization (INTELSAT), Washington, DC (4-
12/1999)
Architecture design and implementation of DMZ topology with CISCO
PIX/Checkpoint Firewalls, Outlook Web Access, and Exchange cluster-
servers, HTTP proxy, passive Internet access control, and Webtrends
Reporting. Intrusion detection system (IDS): ISS RealSecure, and
others.
* Life Technologies, Inc. Rockville, MD (1-2/2000)
Risk assessment and architecture design of Internet security for
"Pricing and Availability" with B2B services including Firewall, IDS,
AS400 DNA database, and DMZ network technologies
* Reqwired, Inc. North Bethesda, MD 20852, USA (8/1999-2/2000)
Mongered and Designed a complex architecture with Java/XML technologies
for the Continuing Education solutions for a variety of the
professional regulations such as Law, Real Estate, Healthcare, and
Accounting, (J2EE, XML, JDOM, JSP, Apache Tomcat, Jakarta, and MS SQL )
* MediaCenter Inc. Rockville, MD (10-11/2000)
Risk assessment and architecture design of the network security
infrastructure for broadband exchanges with headquarter networks, ZMD
networks, metropolitan NOC, and NMS networks.
* Level3 Communications, Inc. Silicon Valley, CA (4-6/2000)
Designed and implemented an automated SNMP methodology for managing
over 7,400 routers.
* MCI WorldCom (UUNet), Reston, VA (7-8/2000)
Development of automated processes to install hundreds of Interlock
firewalls by Solaris JumpStart.
* InfoAge Systems, Inc Rockville, MD (4/1999-4/2000)
IT training projects: Java Programmer, Professional Java Developer,
Enterprise JavaBeans, Java Certificates, Dynamic Web Publishing,
Networking Essentials, and Network Administration.
6/1994-1998, Senior Engineer
Trusted Information Systems, Rockville, MD, USA
Led by Marcus Ranum, developed the industry #1 well-kown Gauntlet
Firwall. awarded, in 1995-1998, the Top-score Firewall by Info Word, the
Top Performer by Data Communications, The Best Firewall by Networking
Computing, and other awards from Network World and PC magazine. Network
Associates acquired the Company at $350 million in 2/1998.
Highlights
- One of the two key individuals, developed the well-known Gauntlet
Internet Firewall and FWTK in 1994. (TCP/IP, C, C++, Firewall, Device
Drivers)
- Implemented an entire VPN product in 1994, known as the first
commercial VPN in this industry.
- Extended the proxy firewall into a transparent firewall in 1994.
(Kernels of Sun OS, Solaris, BSD, BSDI, AIX, and FreeBSD)
- Developed the entire Encryption Key Recovery of the IP stack in 1996.
- Conducted the VPN Vendor Workshops during 1995 - 1998.
12/1992-6/1994, Software Engineer
Ki Networks, Inc, Columbia, MD, USA
Developed SNMP network management products integrated with HP OpenView
and IBM NetView
Highlights
- Software engineering: C/C++, SNMP, DECnet, Solaris, HP UX, IBM AIX,
BSD, BSDI, and FreeBSD.
EDUCATION: Applied PHYSICS, ELECTRICAL, and COMPUTER engineering
11/1994 MS Electrical and Computer Engineering, University of
Massachusetts, Amherst, MA (GPA 3.7/4.0)
5/1987 MS Applied Physics, Tongji University, Shanghai, PRC
1/1982 BS Theoretical Physics, Ocean University of China, Qingdao, PRC
SAMPLES of Awards
. Spontaneous Networks - Founder, Chairman, and CTO
"Spontaneous Networks, among the top 15 companies, represents one of
the strongest early stage start-ups in security infrastructure coming
out of the East Coast" by Anthony Perkins, Chairman & Editor in Chief,
RedHerring Communications, November, 2001.
. Predictive Systems - IT Consulting Services
Outstanding performance -Quality Solutions, August 2000
Outstanding performance - INTELSA Secure Universal Internet Access,
March 1999
Outstanding performance - UUFAX VPN, March 1999
. Trusted information Systems - Gauntlet Firewall and VPN Products
Awards from Network World and PC magazine, 1997
TIS Outstanding - VPN Vendor Workshops, September 1997
Best Firewall by Networking Computing, 1996
Top Performer by Data Communications, 1995
Top-score Firewall by Info Word, 1995
TIS Outstanding - Gauntlet Firewall/VPN, December 1994:
Developed five patent applications
"Systems and Methods for Packet Distribution" (Wei Xu) - U.S. Patent No.
09/930,164, 8/16, 2001.
"Systems and Methods for Packet Sequencing" (Wei Xu) - U.S. Patent No.
09/930,471, 8/16, 2001.
"Systems and Methods for Packet Packeting Engine" (Wei Xu) - U.S. Patent
No. 09/930,272, 8/16, 2001.
"Systems and Methods for Service Addressing" (Wei Xu) - U.S. Patent No.
09/930,142, 8/16, 2001.
"Systems and Methods for Packet Director" (Wei Xu) - U.S. Patent No.
09/930,141, 8/16, 2001.
TECHNOLOGY SKILLS
* Cloud Virtualization: Cloud computing with VMWare, EMC, Cisco Nexus,
Checkpoint VSX, F5 VIPRION, VDI (VMWre View, and Citrix), virtual servers
(AIX, Linux, Solaris, and Windows), FCIP storage integration, MS/Linux
server cluster, Disaster Recovery, and high performance scalable networks.
* Networking Infrastructure: Cisco internetwork expertise, architecture
design, technology evaluation, solution creation, IT process automation,
high-availability (HA) networks, Nexus switches, redundancy routers, voice
over IP (VoIP), SRST, auditing and monitoring solutions (HP Openview,
Ciscoworks, Solarwinds, MRTG, FWAnalog, FireGen, What's up, and others.),
Tellabs 6340 EoDH, QoS (CISCO, Tellabs, and Packeteer), WAN multi-path high
availability and load balancing with BGP, OSPF, HSRP, EIGRP, GLBP, VRF,
GRE, MPLS, OER, vPC, OTV, FCoE, SLA, F5 Big-IP LTM/GTM on Viprion
2400/2100, and others.
* Security Architecture: risk assessment, virus, virtual firewall (CISCO
IOS & ASA Firewall, Checkpoint VSX, and others), intrusion detect system
(IDS: ISS RealSecure, IPS, ASA, Symantec, and others), penetration
methodology (ISS Internet Scanner, Sara, NMAP, Legion, KisMAC, Nessus, and
others), Virtual Private Networks (VPN and PKI), SecureID, RADIUS,
Kerberos, Active Directory and LDAP, SSL, SSH, Socks, disaster recovery,
security algorithms (PKI, AES, DES, 3DES, SHA1, MD5, RC4, RSA), ACS AAA,
NAT, and others
* Software Development: TCP/IP protocols, operation systems (Sun, Solaris,
HP, IBM, BSD/BSDI, Linux, AIX and embedded OS), kernel development, Network
Management Systems (NMS), embedded network processors, router/switch with
C, C++, C#, VB/shell/perl scripts, Java, EJBs, JDBC, Swing, XML/XSL/DTD,
Java Server Page, Apache Tomcat, TogetherJ, Rational Software & Unified
Modeling Language, MS ASP .NET, MS Office applications, ASP Web server, MS
Visual Studio, NetBeans, JDeveloper Studio, and others
* Windows Applications: Microsoft Solutions for Service Providers, Active
Directory, PKI Certificate Servers (CA), Exchange server 2010, SharePoint
2010, MS/Oracle/openSQL/mySQL database servers, Visual Studio 2008, MS
Office (C#/VB WPF development), SharePoint, and others
* Quality Assurance: Layer 2 protocol analysis for TDM, SONET/SDH, DSL,
Ethernet, Faber, Copper, layer 3-4 analysis for TCP/UDP/IP/IGMP/ICMP,
application analysis for latency, jitter, QoS, and VoIP MOS. Tools:
SmartBits, JDSU/Actema (FST2300, SmartClass, PVA-1000 VoIP Suite), IXIA
(lxChariot), WireShark, and etc.
Contact this candidate