Julian Yates

    3165
    Julian Yates
    Principal Solutions Architect
    (205) 928-3705
    Woodbridge, VA
    Skills
    Authentication Systems
    Change and Configuration Management
    Cloud Service Providers
    Data Rights Management
    Enterprise Log Management
    Enterprise Monitoring
    Firewalls
    Hyper-Converged Infrastructure Systems
    Network Virtualization Platforms
    Operating Systems
    Routers
    Security Information and Event Management
    SSL VPN Solutions

    Innovative, strategic senior solutions architect, offering comprehensive experience in network, systems, and virtualization design and engineering. 

    Highly analytical professional, equipped with exceptional ability to interact with high-performance teams, resolve complex IT and business issues, and implement best practice methodologies.

    Effective negotiator and consultant; capable of building solid relationships with key executives, technical companies, and vendors.

    Highly commended as an accomplished subject matter expert, with consistent project delivery success and process improvement achievement; recognized for integrating business capabilities and development background in leading companies and government organizations.

    Currently hold an active TOP SECRET (TS)/Sensitive Compartmented Information (SCI) security clearance.

    Professional Experience
    Principal Solutions Architect; Director of Information Technology
    Iron Fist CorporationJuly 2019 – Present
    • Architected and implemented a hybrid corporate enterprise network primarily hosted in Amazon Web Services (AWS) GovCloud with an on-premise infrastructure for a government contracting company.
    • Created a single virtual private cloud (VPC) with several subnet boundaries that established:
      • A wide area network used for external connectivity
      • A demilitarized zone (DMZ) used for secure access to applications externally
      • Authentication, authorization, and accounting (AAA) systems used for the identity and access management systems (IdAM)
      • Security systems which includes centralized logging, monitoring, and vulnerability access scanning
      • And a network for all member servers that provide services to users and systems
    • Deployed a single Palo Alto Networks VM-300 firewall in FIPS-CC mode using Amazon Elastic Compute Cloud (EC2) Amazon Machine Image (AMI); used to provide web content filtering, intrusion prevention, threat prevention; and
    • Site-to-site virtual private networking (VPN) connectivity leveraging an IPSec tunnel between the GovCloud and on-premise headquarter site
      • Network segregation between subnet boundaries
      • Visibility of traffic flow between all subnet boundaries
    • Architected and deployed two Active Directory Domain Services leveraging Microsoft Windows Server 2016 Data Center edition within each site; Created the organization unit structure and created the group policies for users, servers, and workstations; Enabled FIPS for all domain-joined systems
    • Designed and implemented a two-tier Public Key Infrastructure (PKI) within AWS GovCloud to provide non-person-entity (NPE) certificates to all domain-joined systems and issue Yubico YubiKey (PIV/smart card) tokens to users and administrators
    • Deployed Tenable Nessus Professional used to provide vulnerability and audit reports to assist in reducing and mitigating security vulnerabilities
    • Architected and deployed Splunk Enterprise solution used to provide centralized logging of all servers, network devices, appliances, and endpoints
    • Architected and deployed single sign-on (SSO) solution within AWS GovCloud leveraging Microsoft Windows Server 2016 with Active Directory Federated Services (ADFS)
    • Migrated 30 users’ mailboxes and data from current email solution to Office 365
    • Deployed three Cisco Catalyst 3850 48 port power over ethernet (PoE) switches in a stack to provide layer 2 connectivity for a Dell PowerEdge R440 server, two network attached storage appliances, 5 Cisco Aironet 2800 series access points, 30 Cisco PoE VoIP phones, network printers, and users’ workstations
    • Setup and deployed Azure Active Directory (AD) Sync within AWS GovCloud to connect to Office 365 for account synchronization that uses certificate-based authentication externally and Windows Integrated authentication internally
    • Architected and deploy Palo Alto Networks PA-850 firewall in FIPS-CC mode with matching configuration to the VM-300 firewall deployed in AWS GovCloud
    • Architected and implemented a single Hyper-V virtual server running Windows Server 2016 Data Center edition using a Dell PowerEdge R440 server to host domain services, network policy server, DHCP server, and a print server
    • Architected and implemented Microsoft’s Network Policy Server running on Windows Server 2016 Data Center edition configured to provide 802.1x port-based Network Access Control and MAC Authentication Bypass (MAB); authorized wired and wireless endpoints are able to connect to the main network while unauthorized devices are able to access the Guest network
    Senior Solutions Architect; Operations Manager
    Navstar, IncDecember 2018 – December 2019
    • Managed Integrated Master Schedule consisting of five highly visual projects and on-going operation and maintenance tasks consisting of Physical to Virtual and Virtual to Virtual migration, 2008 to 2016 Migration, SAN Refresh, Oracle RAC migration, Linux Automation, Network Upgrades, and application support
    • Briefed senior government management weekly on project status, risks, or issues that arises week to week 
    • Architected and designed the network modernization to implement additional security controls, increase network visibility, reduce the network management complexities, and reduce hardware, software, and licensing costs; leveraging Palo Alto Networks PA 5280 and PA-5220 firewalls, Cisco Nexus 5K, and Cisco Nexus 2K fabric extenders
    • Architected and designed new Microsoft Active Directory solution leveraging Microsoft Server 2016 that would support the agencies mission for rapid application software lifecycle deployment through the development, testing, integration, pre-production and production enclaves; and ensure each environment-maintained configuration consistency and security within each of the enclaves
    • Conducted audit of production Active Directory, Group Policies, Users to ensure compliance and security baseline consisting of a Microsoft Windows 2008 R2 domain and forest level
    • Conducted audit of production virtual infrastructure consisting of VMware and Nutanix Hyper-converged infrastructure
    • Managed 16 resources split into six teams of Windows (three), Linux (three), Network (two), Security (four), Database (two), and Storage (one)
    Senior Solutions Architect
    Apex SystemsSeptember 2018 – December 2018
    • Designed and implemented Palo Alto Networks PA-5260 firewalls on a classified network in an active-passive high availability configuration; for four sites located nationally and internationally within a three-week period
    • Leveraged Palo Alto Networks Panorama virtual appliance on a classified network to enable rapid deployment of eight Palo Alto Networks PA-5260 firewalls; ensuring standardization of devices, networks, and security policy configurations
    • Designed and implemented four Cisco ASR1001 routers to act as a perimeter device providing external connectivity to the classified networks
    • Established a mesh site to site IPSec VPN tunnel between the four sites to enable local servers and users to communicate
    • Implemented Border Gateway Protocol (BGP) routing protocol between the Cisco ASR1001 perimeter router and Palo Alto firewall to provide dynamic routing of external IP address space
    • Implemented Open Shortest Path First (OSPF) routing protocol between Palo Alto firewall and Dell S6010-ON distribution switches to provide dynamic routing of internal IP address space; also leveraged OSPF to route traffic through the IPSec VPN tunnel between the four sites
    Senior Solutions Architect
    General Dynamics Mission SystemsMay 2016 – December 2017
    • Designed and implemented a Palo Alto Networks PA-500 firewall in the lab to provide Layer 3 network communications between internal and external networks
    • Designed and implemented two Palo Alto Networks PA-5220 firewalls in production to provide Layer 3 network communications between internal and external networks
    • Designed and implemented the firewall security policies for both the lab and production
    • Designed and implemented two Cisco Nexus 5048 and two Cisco Nexus 2048 switches in production to provide the data center switching infrastructure
    • Designed and implemented ten Cisco Catalyst 3650 access switches in production to provide connectivity for end point devices to include laptops and thin clients 
    • Designed and implemented a Cisco Nexus 3064 switch in the DARPA Lab to provide layer 2 VLAN segregation and isolation between the management, storage, and three classified Windows-based networks
    • Designed and implemented Cisco Identity Services Engine (ISE) and ACS to provide 802.1x port-based authentication within the Lab and in production on the end-point VLANs
    • Created a Microsoft Windows Server 2012 R2 Datacenter template with the DISA STIGs applied
    • Created a Microsoft Windows 10 Enterprise template with the DISA STIGs applied
    • Create a Red Hat Enterprise Linux 6.9 template with the DISA STIGs applied
    • Designed and implemented VMware vCenter 6.5 appliance within the lab and in production
    • Deployed VMware NSX enterprise in the production network to provide additional security between the end point devices and the infrastructure servers
    • Designed and implemented virtual distributed switch (vDS) in production along with the port groups based on established VLANs
    • Designed and implemented a virtual desktop infrastructure (VDI) solution in the lab and production consisting of Citrix XenDesktop 7.13
    • Designed and implemented Pivot3 hyper-converged servers within the lab and production to provide compute and storage resources for the classified network(s)
    • Designed and implemented an Active Directory infrastructure within the Lab and production to provide centralized management of user accounts and systems
    • Designed and implemented System Center Configuration Manager (SCCM) 2012 within the Lab and production to provide patch management and application push installations
    • Designed and implemented SolarWinds monitoring within the lab and production to provide monitoring of systems, networks, applications, and the virtualization infrastructure
    • Designed and implemented a two-tier Public Key Infrastructure (PKI) to provide non-person-entity (NPE) certificates to all domain-joined systems and issue Yubico YubiKey (PIV/smart card) tokens to users and administrators within the lab and production environments
    • Conducted a proof of concept (POC) for data rights management within the Lab to protect classified data from intentionally or accidentally spilling; Vendors include PKWare, Ionic, and Microsoft AD Rights Management (AD-RMS) 
    • Designed and implemented Splunk Enterprise within the lab and production to provide centralized logging of all end point, network, and system devices
    • Designed and implemented the Department of Defense Assured Compliance Assessment Solution (ACAS) tool
    • Designed and implemented Host Based Security System (HBSS) (McAfee e-Policy Orchestrator (ePO)) within the lab and production to provide endpoint protection to all end-point and system devices
    • Created and maintained project schedule consisting of several phases and briefed the government and management weekly on project status
    • Briefed and demonstrated new classified network design to the Department of Defense CIO, Deputy CIO, SAP CIO; and the SAP CIO and SAPCO directors from the Air Force and Navy
    Professional Development
    Associate in Arts in Information Technology
    Strayer University2018