Geoffrey F. Cameron, Jr.

  • Cloud and Legacy Security|Risk and Vulnerability Management|Cloud First Architecture
  • Atlanta, GA
  • Member Since Mar 18, 2023

Candidates About


Geoffrey F. Cameron, Jr.

Senior Security Consultant

Cloud and Legacy Security|Risk and Vulnerability Management|Cloud First Architecture

SUMMARY

Versatile and performance-oriented Senior Security Consultant with more than ten years’ experience in making extraordinary contributions in the fields of risk management, regulatory compliance, security architecture, operational security policies, and infrastructure design. Used the last eighteen years to deliver projected results consistently and successfully facilitated security adoption for clients from both the public and private sectors. As a subject matter expert, with a focus on Information and Cloud Security, I have successfully led clients through security assessments, migrations, or new deployments. Highly regarded for the ability to provide the most appropriate solution, which is always the result of thorough research, efficiently drive, and take away from previous projects. Acquired IT Security experience is extensive and will be of great value to the company that can recognize these attributes and the benefits of a properly designed security program. Most importantly, I’ve completed project for some of the most significant Fortune 1000 companies in the United States of America.

CORE COMPETENCIES

¨    Azure Cloud Architecture

¨    Azure App Service

¨    AWS IaaS, VPC, ELB, EC2

¨    AWS ESB, Elastic Beanstalk

¨    Web Application Firewall

¨    Enterprise Security Design

¨    Azure Key Vault

¨    Iaas, PaaS, SaaS

¨    Azure Container Service (AKS)

¨    Cloud Identity Management

¨    Cloud Security Controls

¨    Azure Virtual Machines

¨    PKI Infrastructure

¨    Windows Server 2008/2012/2017

¨    Cloud Security Architecture

¨    DevOps and DevSecOps

¨    Next-Generation Security

¨    Azure SQL Database

¨    Network Security Groups

¨    AWS Direct Connect

¨    Azure Express Route

PROFESSIONAL EXPERIENCE

DATA BLUE, LLC, Atlanta, GA

Nov 2017 – Current

PALO ALTO 5050 AND CISCO FIREPOWER 9300 CONSULTANT, Firewall Migration Project

Worked with a successful Cisco Partner to migrate Palo Alto 5050 firewalls to Cisco FirePOWER 9300 firewalls with throughput up to 1.2Tbps crushing the current slow Palo Alto 5050s. Responsible for the end to end design of the solution and then the migration of the policies, NAT settings, routing, logging, and VPN configuration.

Responsibilities include:

-          Configure the FirePOWER chassis in clustered and then after HA mode to meet the clients ever changing design requirements

-          Review the client’s Palo Alto configuration and map it to Cisco FirePOWER 9300 features

-          Use configuration text files and screen shots with eventual access into the Palo Alto firewall to map objects, firewall rules, and NAT configuration to the Cisco world

-          Migrate 40 NAT statements from Palo Alto NAT logic to Cisco NAT logic and documentation in spreadsheet including Static and Dynamic NAT with customer MAC addresses on some interfaces

-          Understand OSPF configuration and authentication settings to migrate routing over to the FirePOWER platform

-          Integrate FirePOWER with unsupported up and down stream switches so deep understanding of network concepts were required to driver project success

-          Enabled remote access VPNs with Cisco AnyConnect to allow IT staff to authentication with machine certificates and still permit them to complete cut overs and work remotely increasing moral

 

NORWIN TECHNOLOGIES, Danvers, MA

Jan 2017 – Oct 2017

CISCO ISE SECURITY ARCHITECT, BYOD and Identity Management

Lead efforts for various CDW and WWT clients as they integrate Cisco ISE within their environment. Additionally, mentored and guided team members and staff through the Cisco ISE implementation process using experience from a dozen previous deployments for enterprise clients. Well versed in overcoming the challenges faced when deploying Cisco ISE and experienced with the different authentication and authorization models within ISE 1.x and 2.x. Most recently completed Cisco ISE to ACS migrations and integration with PxGrid.

Responsibilities include:

-          Deploy Cisco ISE on Nexus 5000/7000 routers, Cisco switches, and Cisco ASA and FirePOWER firewalls

-          Deployed a cluster of Nexus 5000 switches in SSO mode for a Cisco VSPEC deployment

-          Intergrade Cisco ISE with Cisco FirePOWER to enable automated remediation

-          Perform all architecture and project planning functions associated with the four Cisco ISE projects I completed for CDW including implementation plans and Visio documentation

-          Complete Cisco ACS to Cisco ISE 2.2 migrations using automated and manual processes for an international port

-          Partnered with the largest health insurer in the USA to help them migrate their wired, wireless, and VPN Cisco ISE solution to version 2.2 and integrate PxGrid functionality with Cisco Lancope (Stealthwatch) and Cisco FirePOWER. The deployment included the use of load balancers and ISE policy service node groups.

-          Completed a wired ISE deployment for a medical devices company ensuring network segmentation and posture impacted the security classification of the device

-          Upgrade Cisco 6500-E, 3560, and 2960 switches to IOS software that is on the ISE compatibility matrix

-          Provide Day 1 and Day 2 support after 802.1x office cutovers, server migrations or upgrades

 

 

NIGEL FRANK INTERNATIONAL, NYC, NY

April 2017 – June 2017

LEAD CLOUD APPLICATION ARCHITECT, Cloud Application Migration

Served as the Project Manager and Azure Architect during the migration to PaaS and IaaS for an established non-profit training intuition. Also, focused on enhancements to the development, release, and QA process by integrating CI/CD best practices by taking advantage of the DevOps tools in Azure.

Activities included:

-          Lay the framework for the client to move to the micro-services architecture with the use of containers as the ends state by separating application functions and making use of APIs

-          Utilize Azure IaaS, PaaS, and containers (Kubernetes) to move a legacy application into the cloud first model

-          Map the legacy application components to the Azure cloud from a legacy hosting company

-          Interview all IT Staff to create a cloud migration readiness document and address any challenges in our migration plan

-          Use Azure App Service and the Azure SQL PaaS platform to host the new application

-          Successfully migrated application to POC environment using Azure Websites Migration Assistant and by addresses issues within the assessment report

-          Upgrade application to .NET 4.7 from .NET 4.0 to gain performance, security, and stability improvements

-          Configured Azure Autoscale and Application Insights to make data-driven decisions about scaling application demand during peak use times

-          Successfully tested application with 10,000 active users while maintaining response times within managements goals reducing page load times by 75%

-          Migrate code repository from SVN to Git to integrate with Visual Studio Team Services and Visual Studio Professional 2017

-          Migrate SQL Reporting Services to use Azure PaaS SQL service and well as Azure IaaS SQL virtual machines

-          Build CI pipeline to automate the deployment and testing of the myAVID application including unit testing, performance testing, and quality assurance

 

CONTEGIX HOSTING, Reading, PA

March 2017 – May 2017

AZURE AND AWS SECURITY ARCHITECT, Cloud Computing Security Standards

Created an architecture, operations, and security framework for extending the company’s professional services infrastructure to include cloud management on the AWS and Azure platforms. Develop a security strategy to address all the audit components within the Cloud Security Alliance (CSA) framework. Deliver cloud training to staff within two subsidiary IT companies post-merger with the goal of creating an innovative cloud first mentality.

Activities included:

-          Learned the ability balance strategic and tactical skills as I dedicated my time to Azure and AWS maturity

-          Knowledge in several of the following areas: infrastructure solutions (especially Microsoft), cloud technologies, networking, data center operations, platform migration, and enterprise directories

-          Experience implementing/architecting cloud-based Active Directory solutions for Azure and AWS

-          Understanding in cloud computing based services architecture, technical design and implementations including IaaS, PaaS, and SaaS.

-          Proficient in cloud computing based services architecture analysis and design

-          Focused on Azure VNET IaaS Architecture that can scale thousands of clients within using NAT

-          Develop the Azure assets tagging strategy for all Contegix current and future clients

-          Set up Cloudscape (RISC Networks) in client environments to prepare for a cost-effective cloud migration

-          Used Dome9 as a security group management tool for Azure and AWS

-          Configure AWS VPC Flow logs to integrate with enterprise SIEM

-          Enable AWS CloudTrail logs in all regions with encryption, logging, and versioning turned on all S3 buckets

-          Serve as the senior cloud architect/SME for high visibility cloud computing initiatives

-          Develop an enterprise cloud security plan by addressing logging, cloud access security broker, vulnerability management

-          Work with the network team to architecture Azure and AWS VPN, AWS Direct Connect, and Azure Express Route connections

-          Dive in AWS VPC design as it relates to managing AWS account and VPCs for hundreds of clients and using automation to produce configuration consistency and automation

Work with the sales team to deliver quotes for AWS application migration and interviewing clients technical staff and mapping dependencies

 

Q INTERACTIVE, Plantation, FL

 

Nov 2016 – Dec 2016

DDOS MITIGATION ARCHITECT, DDoS Mitigation, Internet Edge Hardening

Led the mitigation of on-ongoing DDoS attacks by analyzing server logs then implementing mitigation on premise and off premise. Identified infrastructure components that would become a bottleneck during a DDoS or offered inadequate security then created a 30, 60, and 90-day plan mollifies. Gained trust of IT management and staff buy mitigating an application DDoS attack on my first day and after that followed through on my plan to prevent or mitigate any future DDoS.

Responsibilities include:

-          Spearheaded Q Interactive’s initiatives to stop DDoS attacks on the application and network layers, led all related projects, and successfully stopped active attacks by using experience from two prior enterprise DDoS projects this year coupled with sixteen years of IT Security experience

-          Compare and contrast modern cloud and on-premise application, DDoS solutions from Cloudflare, AWS CloudFront, AWS Shield, Radware, and Akamai then implemented appropriate solution

-          Evaluate cloud or off premise network DDoS solutions from Arbor, AWS Shield, Level3, and Radware then implemented appropriate solution

-          Identified an on-premise data center network based DDoS solution from Arbor or Radware then implemented appropriate solution

-          Developed and deployed an out of band network VPN solution to increase availability of the management network during DDoS attacks

-          Enhanced edge router’s security by applying an ACL to mitigate common DDoS attack characteristics such as spoofed packets

 

CHEWY.COM, Dania Beach, FL

Aug 2016 – Nov 2016

SECURITY ARCHITECT, DDoS Mitigation, Internet Edge Redesign, PCI DSS Gap Assessment

Annihilated constant DDoS attacks by deploying a combination of application and network DDoS solutions on premise and off site, while configuring all edge devices sent logs to Splunk to help ensure immediate remediation and send logs to law enforcement. Also, I focused my attention on bringing the Cisco FirePOWER solution up to production standards and completed outstanding PCI DSS tasks in preparation for an audit.

Responsibilities include:

-          Formulated the architecture of the new Internet Edge, created hardening templates for the network team to deploy and devised a strategy to move onto Cisco ASR routers and FirePOWER Threat Defense or Check Point firewalls

-          Configured Nexus 5000 switches to integrate with Cisco ISE features for device control and 802.1x

-          Took intuitive to travel to the Equinox data center and implemented Chewy’s on-premise DDoS solution rather than waiting for professional services saving the client capital and stopping our problem sooner

-          Stopped volumetric application and network DDoS attacks from disrupting production traffic through use of on-premises and cloud solutions from Level3, Arbor, and AWS CloudFront

-          Conserved capital by preventing DDoS attacks over holiday weekend allowing executive IT management and staff to enjoy the needed time off, in effect increasing moral and cementing the effectiveness of the solution

-          Reconciled enterprise Cisco FirePOWER deployment by updating software on the sensors and the management server, tuning the various policies, and piloting unused features such as Cisco AMP for Networks, URL filtering, and application control

-          Optimized IPS signatures on the Cisco FirePOWER management center to reduce false positives by disabling unnecessary rules and using the threshold, suppression, and pass rules features

-          Enhanced the firewall rule request processes, for PCI DSS audit purposes, by suggesting a new input method that would streamline firewall requests between the DevOps and IT Security departments

-          Spearheaded the initiative of central logging by sending logs from all edge devices, firewalls, A/V software, FirePOWER sensors, and DDoS solution components to rapidly mitigate DDoS attacks

-          Introduced Cisco Security Manager to serve as the central configuration, monitoring, and software update repository for Cisco ASA firewalls within the data center, at fulfillment centers, and corporate offices which lead to the consolidation of firewall objects and reduction of redundant and shadowed rules

 

 

 

CLOUD TECHNOLOGY PARTNERS, Boston, MA

April 2016 – June 2016

CLOUD SECURITY ARCHITECT, Cloud Security Readiness, and Gap Assessment

Developed security controls for an Azure and AWS migration with the financial industry. Also, providing lessons learned from prior engagements to help clients achieve a smoother transition to cloud computing and automation. Covered all best practices per Cloud Security Alliance (CSA) guidelines, logged into AWS environment to validate findings and provided a report on gaps afterward.

Responsibilities include:

-          Add advanced security controls by applying experience gained from delivering similar large scope cloud security projects

-          Created a prioritized strategic architecture roadmap to bring cloud security objectives in line with overall business goals

-          Used the CSA cloud control matrix as a guide for client interviews and the CSA enterprise architecture as the guide for security controls within a SaaS, PaaS, or IaaS cloud infrastructure

-          Performed a gap assessment against Cloud Security Alliance (CSA) enterprise architecture standards by interviewing IT staff and verifying statements

-          Focused on next-generation IDS/IPS and firewall capabilities and malware behavioral solutions to cover network and host based threats

-          Maintained a high level of communication with external and internal stakeholders, so project deliverables and expectations were aligned

 

EPOCH UNIVERSAL, Irving, CA

Feb 2016 – Feb 2016

CISCO ISE CONSULTANT, Device Identity and AAA, Secure VPN Access

Worked with a government client during their pilot of Cisco ISE 2.0 and helped them achieve their AAA goals. All users and devices on the network required authentication, authorization, accounting, and posture which only Cisco ISE could provide. Network administrators also used Cisco ISE with TACACS+, so they were also audited. Finally, remote access VPN users fell into the ISE bucket, so all wired and VPN entry points led to ISE.

Responsibilities include:

-          Deploy ISE virtual appliances because of the reliable VMware infrastructure and to keep costs down vs. purchasing a physical appliance

-          Requested and imported the appropriate certificates for Cisco ISE EAP authentication and the administrative portal

-          Apply in-depth knowledge of 802.1x and end point authentication behavior and characteristics to enable strong client authentication successfully for wired devices

-          Showcase thorough understanding of authentication, authorization, accounting (AAA), posture, and profiler and how to tune each feature based on the client’s endpoint diversity and peak authentication load (authentications per second peak).

-          Stage and implemented configuration on Cisco switches and ASA firewalls including TACACS+ for the network administrators

-          Well versed in overcoming the challenges faced when deploying Cisco ISE and used experienced with the different authentication and authorization models within ISE 1.2, 1.3, 1.4, and 2.0 to implement the solution rapidly and meet the clients’ demand

CHART INDUSTRIES, INC, Garfield Heights, OH

Feb 2016 – April 2016

CISCO ISE CONSULTANT, Global Cisco FirePOWER Deployment

Participated in the design and implementation of Cisco FirePOWER on a global scale. Created unique policies per country that considered the diverse global IT Security reequipments based on location. Upgraded 50 Cisco ASA Firewalls with FirePOWER to version 5 including the FirePOWER manager. Tuned IPS signatures, AMP file control, DNS policies (blackholes), and Threat Intelligence to meet the client’s IT Security policy.

Responsibilities include:

-          Review the FirePOWER management server configuration and offer recommendations based on prior experience.

-          Created individual polices based on hardware requirements and regional locations.

-          Tuned false positives by using trust or allow rules, the threshold feature, suppression, fast-path rules, and pass rules.

-          Configured SSL Decryption on data center FirePOWER devices to inspect inbound SSL traffic.

-          Setup firewall to send syslog messages to Splunk to facilitate an incident response plan.

-          Tied FirePOWER to Active Directory to enable username and password in firewall logs, to better track down IT Security incidents

-          Worked with Check Point Smart Domain Manger, Smart Dashboard, SmartView Monitor, SmartView Tracker, and SmartUpdate to manage the environment.

 

                                                                                                                                                                              

TeleTech, Denver, CO

Nov 2015 – Feb 2016

FIREWALL MIGRATION CONSULTANT, Next-Gen Firewall, Next-Gen IPS, and Next-Gen Internet Edge

Participated in the design of an Internet edge solution that serves as the base of the design for the next 5 – 10 years including next generation firewalls, next-generation Intrusion Prevision Systems (IPS), and Cloud DDoS mitigation functionality supporting over 30,000 users and 61 lines of business (LOB). Worked with the client’s senior architects to design, review, implement, and document the solution for the Tier 1, 2, and 3 support staff. Finally, le