Rudolf Eggelbusch
Datacenter Engineer, Network & Security Administrator
Experience
Datacenter Engineer, Network & Security Administrator
Internationaler Versicherungskonzern
Operation and further development of the network and security infrastructure.
Monitoring, analysis and remediation of network and security incidents.
Cross-department collaboration with other departments for operations and development, reporting.
Firewall vulnerability analysis.
Firewall rule activations.
Troubleshooting IP communication issues on network and firewall infrastructure.
Security-critical IT infrastructure, processing of personal data, compliance with legal regulations.
Products: Palo Alto Networks Firewalls, Cisco ACI, Checkpoint Firewalls, F5
Technologies: SDN, SDWAN, Cisco EPIC, Cisco ACI
F5 migration project as sub-project leader/consultant / Cybersecurity Consultant
Healthcare, content and datacenter provider for health insurance funds
Analysis of the current state of 500 virtual servers and development of various migration scenarios to the new F5 load balancer infrastructure.
Sizing calculations, utilization analysis. Reporting as sub-project leader.
Adjustment of WAF policies (Web Application Firewall).
Vulnerability analysis.
Firewall activations.
Troubleshooting IP communication issues on Palo Alto firewalls.
Products: F5 LTM VPR-B2250, F5 5200v, F5 R12600, Journeys tool, BIG-IP Application Security Manager (ASM), F5 Release V14 & V17, Palo Alto Networks Firewalls
Network and Security Administrator (firewall rules / VPN access)
Stadtwerke NRW
- Technical support and third-level support for LAN networks / firewall security / VPN access.
- Administration of VPN access.
- Setup, revision and verification of existing firewall rules.
- Management of LAN & security service providers.
Security Architect / Firewall-Auditor
Deutscher Glasfaser
Internal firewall auditor.
Overall review and evaluation of firewall rules to increase the security level of IT/ISP areas.
Recording all audit findings/events, proposing improvements with specialist departments.
Re-certification of existing firewall rule sets, establishment of re-certification and request processes in firewall administration/change requests.
Reporting on ISSUES and findings related to firewall rules during the audit.
Identifying solution approaches to prevent security threats.
Products: Fortinet Firewalls, Forti Manager, Forti Analyzer, Sophos Firewall, Palo Alto Networks Firewall, Shorewall Firewall
Sub-project leader / Security consultant - worldwide firewall rollout
Bayer/Arlanxeo
- Provision of a timely and technically suitable follow-up solution for plant and office firewall solutions and rollout for all ARLANXEO locations (based on Fortigate).
- Provider management.
- Technical Decision Papers.
- Roll-Out Plan.
- Review and adjustment of 150 existing firewall configurations.
- Re-certification of existing firewall rules.
- Creation of a master security policy for all firewalls.
- Project reporting.
Network/Security Consultant – Subproject Lead (VPN Access – LMS)
Bayer/Currenta
- Providing a timely and technical successor solution for: SiZe - UMTS-VPM LMS Access, SiZe - Remote Access Points for LMS.
- Pilot project "Specific VPN Access", solution design with technical service provider TCS.
- Provider control / service management of ITK/NetSit and TCS.
- Aruba wireless access points.
- Network expansions.
- LAN & WAN connections to campus and datacenter.
- Creating and reviewing FW/VPN security policies.
- Creating an IT process with Signavio.
Network Architect
Stadtwerke Duisburg NRW
Technical support for the Europe-wide tender "City Net" MPLS network 100 Gbit as one network.
Eliminating the SDN layer and merging all networks into one network based on MPLS.
Creating network diagrams / fiber route planning (path diversity) / verifying technical tender texts.
Reviewing bill of materials and evaluating vendor offers.
Advising on the use of MPLS and metro LAN technologies.
Attending vendor workshops and testing equipment for project use cases.
Developing and pilot testing a QoS concept for introduction in the WAN network.
Creating an L2 Virtual EtherLink template for future MPLS L2 services with QoS.
Building an L2 QoS pilot link in Duisburg city between two hospitals.
Planning GPON deployment (Huawei) for Internet access in the Duisburg "new development area".
Technical assessment / feasibility analysis.
Capacity planning (data multiplexing) per residential block, etc.
Workshop with Huawei – clarifying technical implementation and security issues.
Products: Huawei routers, GPON routers, Cisco routers, Cisco ACI.
Technologies: MPLS, LDP, BGP, metro LAN, Cisco ACI, VPWS, VRF, QoS, GPON, provider WAN solutions, MPLS L2 VLAN.
Security Consultant
Metro Hauptverwaltung
Analysis and approval of security policy rules for the Metro group worldwide.
Independently preparing and activating new security policies or commissioning an external security team, changes according to ITIL standard.
Products: Algosec Analyzer, Check Point 61000 Appliance, Check Point Smart Domain Manager R80, Check Point SmartLog R80.
Technologies: security access control / VPN remote access, web security application gateway / SSL application security gateway from Check Point.
Datacenter Engineer
AXA Versicherung
Migration of several hundred VPN connections from Check Point to Cisco ASA 5555.
Analysis of the current state, definition of updated security standards for VPN.
Planning and execution of migrations with external partners.
Products: Algosec Analyzer, Check Point 61000 Appliance, Check Point Smart Domain Manager R77-20, Check Point SmartDashboard R77-20, Check Point Virtual System Firewall VSX R76, Check Point SmartLog, Cisco ASA 5555 V9.4, F5 BIG-IP V12.1.2, Cisco Nexus 7000/5000, NetScout nGenius.
Technologies: SDN / Cisco EPIC, Cisco ACI VPN IKEv2.
IP Network Planner
Thyssenkrupp
WAN MPLS migration – 300 sites worldwide.
Collecting, consolidating, and analyzing operational and planning data as well as existing documentation.
Analyzing device configurations (switches, routers), matching them with existing documentation.
Reverse engineering undocumented physical and logical connections.
Identifying logical dependencies and possible hurdles for migration.
Planning and implementation (creating configuration guidelines, communication matrix, and routing tables).
Verifying, adjusting, and re-certifying firewall rules per telecommunication site.
Coordinating and overseeing implementation steps between operations departments and the MPLS provider.
Creating the specification document for the UNAT tool (User Acceptance Tool), successfully used for automated tests.
Technologies: TCP/IP, firewalling, routing, UNAT, ITIL changes.
Third Level Support / Network Designer
Evonik
Third Level Support / Network Design Services / Network Design Verification.
Network Designer: New secure worldwide OOB-Access Solution (All IP).
Design support for an international multi-provider MPLS network.
Replacement of the old Cisco switching network at European and ASEAN locations with Cisco 3650 switches; zero failure, zero downtime approach.
Products: Cisco ASR routers, Cisco 3650, FWSM, IDSM, CSE.
Technologies: mutual OSPF redistribution, BGPv4, BGPv4 route filters, BGPv4 communities, large-scale MPLS inter-VRF routing, advanced routing, IOS-XE, IOS-XR, IPv6 introduction & migration, IPv6 tunnels, IPv6 peering.
Project Engineer
HP
Migration of extensive firewall rules to new Check Point firewall systems.
Vulnerability scanning with freeware and commercial products.
Penetration testing according to BSI methods.
Products: Cisco ASA, Check Point HP-D2, HP-D8, VMware, Check Point R70 cluster, Check Point VSX, Multi-Domain Manager, HP ProCurve switches.
Technologies: security, firewalls, VPN, access, virtualization.
Security testing: Nmap, Nessus, Wireshark, HPing, John the Ripper, Egressor, BSI OSS Security Suite, BackTrack, Metasploit.
WAN Site Planner
Bayer
WAN migration/outsourcing to Verizon VzB.
Migration of more than 300 sites and 600 WAN links to a new global MPLS network.
Network management: Eramon.
Project Engineer
Deutsche-Bank / Postbank-Bank Zentrale
Expansion and update of the existing SIEM solution (ArcSight).
Steps for SOX compliance certification in security logging.
Products: ArcSight Logger, ESM, SmartConnector, Oracle Database 11g.
Technologies: SIEM, CEF, RBAC, Syslog, databases, Oracle RAC, LDAP.
Network Automation
Bayer
Development of an EXPECT TCL script to automatically monitor out-of-band management access for 200 sites (~1000 ports).
Using the script saves 4 minutes per test case, solution ROI is 2 months.
Products: Cisco switch and router portfolio, DSL/analog dial-up modems.
Technologies: TCL/EXPECT.
Security & Network Architecture
Daimler/Fujitsu
Design for 4 global datacenters.
Datacenter infrastructure for 200,000 users (applications: MS-Exchange, SharePoint, Lync).
Products: Cisco switch and router portfolio, Cisco ASA + IPS, Nexus 5000.
Network Mgmt: CA Spectrum, ManageNow.
Datacenter Relocation, Planning & Network Migration
ERGO
Planning and migration of ERGO datacenter networks to the new Düsseldorf data center.
Products: Cisco switch and router portfolio, 6500 VSS, Cisco 3750X cluster.
Network Mgmt: Command.
Technologies: MPLS, VRF, LDP, EIGRP, BGP, EtherChannel, HSRP, Spanning Tree (802.1w), LACP, QoS, VoIP.
Subproject Manager: "Project Gematik" / Implementation-Engineer / Test-Engineer / 3-Level-Support
T-Systems
Introduction of the health card in Germany: setup and testing of the L2TP/IPsec VPN remote access solution with PKI/smartcard authentication.
High-availability configuration for VPN and access network, security configuration of the security zone.
Assumed subproject management for "Secure Access Network".
Operation & Support (3-Level) shared datacenter infrastructure: execution of changes, resolution of incidents (routing/switching).
Conducted VPN/Security training.
Proof of Concept: datacenter relocation for a regional bank - review of the network design and verification of failover resilience.
Products: Cisco switch and router portfolio, Cisco FWSM, Cisco CSS, F5 load balancer.
Network Mgmt: Cacti, Nagios, MRTG, Peregrine ServiceCenter.
Technologies: MPLS, VRF, EIGRP, BGP, EtherChannel, tunnel interfaces, L2TP, HSRP, Spanning Tree, QoS, IPsec-HA, PKI, certificates, firewall contexts.
Security-Architect / Implementation-Engineer / 3-Level-Support
AXA Colonia
Design and testing of a Network Admission Control solution for 5000 remote users (Checkpoint Integrity / Cisco).
Design and testing of an Identity Access Management solution for remote users based on smartcard authentication (PKI/certificates) with dynamic access rules.
Security Process-Management: Creation of security documentation for Second-Level and Helpdesk.
Security Compliance-Management.
Products: Cisco ASA 5544, Checkpoint NGX R65, Checkpoint Integrity Server, Microsoft PKI/CA, ActivIdentity Smartcards, Cisco ACS, Microsoft IAS, Microsoft IIS.
Network Designer / Testlab Engineer
KDDI
Network redesign for the introduction of QoS on an MPLS-based network (Cisco).
Expansion of the POPs (Points of Presence) in Düsseldorf.
Addition of another Internet uplink for redundancy and Loadsharing over BGPv4.
Products: Cisco 7600, Catalyst 6500.
Network Mgmt: HP Openview.
Design/Implementation Engineer
Santander Bank
High-performance central firewall system based on Checkpoint/Nokia (VPN-1 NGX) and Cisco Catalyst 6500.
Development of a migration strategy to maintain 99.999% availability during the switch.
Creation of security rules considering VoIP and CTI applications.
Maximum data throughput of the security solution: 10 Gbit.
Products: Checkpoint/Nokia (IPxxx, VPN-1 NGX), Cisco Catalyst 6500.
Support and Design/Implementation Engineer
Vodafone
Support and Design/Implementation Engineer for 'ONE Network', Vodafone's international MPLS-VPN network.
Setup of VPN IPsec remote access connections.
Cisco management automation with the 'EXPECT' language.
Design of a VoIP toll bypass between international sites by linking the PBXs over MPLS (ROI < 6 months).
Products: Cisco ONS, GSR 12000, Cisco 7600, Catalyst 6500.
Implementation and Integration Engineer
Local service provider
Installation and integration of a new multiservice data and voice backbone based on MPLS.
Use of traffic engineering for load balancing and availability.
VPN services over MPLS-VPN and multiprotocol BGP.
Products: Cisco Catalyst 6500, Cisco 3800, Cisco 2800/800.
Security Consultant
Medium-sized pharmaceutical company
- Formulation of a security policy.
- Conducting internal security audits, including penetration testing and social engineering.
- Introduction of BSI basic protection standards and preparation of the network for certification according to BSI/ISO 17799 / ISO27001.
Security Integration Engineer
Clinic in Cologne
- Integration of a UTM (Universal Threat Management) solution for centralized scanning of network data for viruses, worms and email spam.
Security Concept Specialist
Mobilprovider
- Designing a concept to secure billing (user cost calculation) and improve the accuracy and availability of the billing process.
Security Specialist
Papierfabrik
- Setting up a highly available network-based virus scanner and intrusion prevention system for an international paper manufacturing company.
Technical Engineer / Sales Engineer
Fortinet
Consulting and technical support for ASIC-accelerated UTM (Universal Threat Management) systems.
Product improvement in collaboration with product management and engineering.
Products: FortiGate, FortiManager, FortiLog.
Security Consultant
Mobile-Provider
- Designing a concept for secure data exchange over the GRX (GPRS Roaming Exchange Network) of mobile network operators.
- GTP inspection, intrusion detection, and data encryption.
Security Project Engineer
Mobile-Provider
- High-performance central firewall project to protect the Gi interface between the provider's wireless network (UMTS/GPRS) and the Internet.
Security Architect
Mobile Network Operator
- Developed a concept including a POC (Proof of Concept) for a large-scale universal IPsec VPN to connect partner companies' extranets.
Consulting Engineer (Mobile Solution Team)
Cisco Systems
- Security Consulting in EMEA for leading mobile operators like Vodafone, O2, Orange and T-Mobile.
- Design of new security solutions specifically for mobile operators (GTP Inspection, URL filtering, Secure CMX).
- Pre- and post-sales support for account teams.
- Training the AM and SE community on security.
- Troubleshooting and project support for large security projects.
Infrastructure & Security Administrator
International Import/Export Agency
- New switch infrastructure, securing network segments and internet access with a central firewall.
- Administration of Windows 2000 servers and desktop PCs.
- Development and integration of a security concept for desktop PCs.
MySAP Contentnetworking & Security Project
RAG-Informatik
- MySAP content networking & security project based on a highly available Cisco CSS11500 cluster.
- Testing of components involved, POC, creation of a highly secure operation concept and implementation.
Security Consultant
Service Provider
Secure management in the central management network for a web server hosting farm.
Products: Cisco Catalyst 6500, IOS security features.
Internetworking Consultant
Cisco Systems
Network and security consulting in Europe for leading service providers and mobile network operators.
Security architect: assisted service providers in building secure solutions based on Cisco products.
Transferred know-how to the Cisco sales force as a member of the 'Virtual Security Team'.
Technologies: LAN switching, routing, MPLS, xDSL, security management.
Firewall Cluster Consultant
Bank in Poland
Secured the authentication servers with a high-availability firewall cluster.
Products: Checkpoint, Nokia.
BGP Routing Consultant
Service provider in Poland
- Proof of concept (POC) and setup of BGP4 routing in the service provider's backbone between Cisco routers and Nokia firewall routers.
Senior Network Consultant / Senior Technical Consultant
Nokia Internet Solutions Group
Security consultant for ISPs, channel partners, and enterprise clients in Europe.
Technical trainer for security and routing (BGP4) courses.
Designed high-availability firewall clusters to protect ISP server farms.
Products: IP440 firewall (IP330/650).
Network Engineer
ACI (Anixter)
WAN/LAN traffic analysis, planning, installation, and troubleshooting.
New network infrastructure for Renault Germany in Bonn based on Bay Networks.
New network infrastructure for Continental Reifen AG in Frankfurt based on Bay Networks and IBM.
Design and integration of a new backbone for Karmann Automobile based on ATM and Token Ring.
Products: IBM MSS 8210, 8260, 8274, 8271/72, Bay Networks.
Network Administrator / LAN/WAN Administrator
Keiper-Recaro
- Implemented a new LAN/WAN infrastructure for over 3000 employees worldwide.
- Supported and administered the WAN network.
Service Engineer / Acting Technical Manager
Equant / ITS
Set up and commissioned a data communication hosting data center in Düsseldorf.
Built and maintained a service provider POP in Düsseldorf for about 200 international company branches.
Planned and installed the IT infrastructure for United Airlines at Düsseldorf Airport.
Technologies: Frame Relay, X.25, X.28, HDLC, SDLC, TCP/IP.
Service Engineer
Fiedler Datentechnik
- Installed and repaired computer equipment from IBM, Compaq, Toshiba and others.
Computer Consultant
Schmitt-Computersysteme
- Provided computer consulting.
Summary
20 years of experience in IT working for top customers with focus in networking & security.
Proven ability to deliver high-class consulting as a permanent employee for top vendors like CISCO, FORTINET and NOKIA/CHECKPOINT on CCIE level.
Known for the ability to establishing effective customer relationships and fulfilling customer, reseller and vendor goals.
Expert for Networking and Security in one person for design, implementation and support
IDC Security conference Speaker
Skills
Security Conformance
- Iso 17799
- Bsi Baseline Protection
- Basel Ii
- Sox
Vulnerability Scanning / Penetration Testing
- Vulnerability Scanning With Freeware, Commercial Tools And Self-developed (Purpose-built) Script Tools
- Penetration Testing According To Bsi Procedures
- Security Testing With: Nmap, Nessus, Wireshark, Hping, John The Ripper, Egressor, Bsi Oss Security Suite, Backtrack, Metasploit
- Source Code Analysis
- Development Of Attack Methods
Application Security
- Analysis, Activation And Verification Of Vendor's Security And Data Protection Specifications For Effectiveness At The Application And Data Level (Order: Network Security / Os Security / Application Security)
- Review Areas: Rbac, Authentication, Encryption, Access Control, Dos Stability
Mobile-wireless
- Technologies: Gsm, Gprs, 3g, Umts, Gtp, Smsc, Ran, Billing Charging Mediation, Lawful Interception
- Products: Cisco Cmx, Itp
- Openwave: Basic Products Knowledge
Other Areas Of Knowledge
- Project Management: Ms-project, Sub-project Leader For It Projects
- Operating Systems: Sun Solaris V.8, Windows 2000/2003 Server, Xp
- Linux Distributions: Debian, Gentoo, Redhat
- Open Source Security Software: Iptables, Ethereal, Nmap, Snort, Nessus, Openvpn, Metasploit, Clamav, Spamassassin
- Programming: C, C++, Perl, Visualbasic, Java, Wmi-scripting
- Shell-scripting: Bash/csh
- Assembler Intel, Motorola 68k
- Database: Sql, Mysql, Ms Sql, Dbase, Clipper
- Www: Webserver: Apache, Iis
- Software: Excel, Power Point, Visio, Word, Access, Ms-project, Corel-draw, Adobe Photoshop, Blender-3d, Mindmanager
Languages
Education
Telekolleg II
Advanced technical college entrance qualification at evening school · Advanced technical college entrance qualification · Germany
Staedt. Gemeinschaftsgrundschule an der Helmholzstraße
Germany
Heinrich-Hertz-Kollegschule
Technical secondary school diploma · Electrical Engineering · Germany
Certifications & licenses
CISSP #115361
ISC^2
Checkpoint Certified Security Administrator-CCSA
CHECKPOINT
Checkpoint Certified Security Engineer-CCSE
CHECKPOINT
Cisco Certified Internetworking Professional Security-CCIP-SECURITY
CISCO SYSTEMS
Cisco Certified Network Associate-CCNA
CISCO SYSTEMS
Cisco Certified Security Professional-CCSP
CISCO SYSTEMS
CompTIA Security+ Professional
CompTIA
IBM Certified Solution Engineer Level II
IBM
LPI Linux Professional Level I
Linux Professional Institute
MCSA-Security
Microsoft
Similar Freelancers
Discover other experts with similar qualifications and experience
Senior Network Design and Engineer
Managing Director and Senior Consultant
IT-Security Manager
Project Manager for Network and Infrastructure Project Migration EU/US/MEX
Senior Network Security Consultant
Lead Project Manager
Senior System Engineer Network & Security
Fortinet FortiGate 7.4 Administrator
Life Cycle Infrastructure Network Analyst
Network Administrator
Project Manager & Portfolio Owner for Infrastructure (Automotive)
Acting Partner
Senior Network Security Consultant
Director IT Architecture & Infrastructure Management
Project Manager & Tender Manager
Freelance Data Protection Officer
System Engineer Network & Security
Server Migration Consultant
Infrastructure Design and Implementation
Ansible Automation, Windows Third Level Support
Senior Security Architect
LAN Planner
IT Consulting / IT Rebuild
Senior Consultant Database Administration and SQL
Network Administrator WAN & Data Center
Configuration Manager (Interim)
Cloud & IT Service Management with Azure & ServiceNow (freelance)
Cyber Security Expert
Network Architect
