BLA, University of Massachusetts Lowell (Magna Cum Laude)
Total Page:16
File Type:pdf, Size:1020Kb
Nathan S. McNulty Windham, NH 03087 [email protected]
Active DoD Clearance: SECRET BLA, University of Massachusetts Lowell (Magna Cum Laude)
Network+ Certified Security+ Certified WORK HISTORY
Self Employed, Windham NH September 2013 - Present Active Directory Server Engineer (SubContract) As an independent contractor, subcontracting for a large banking corporation, I have filled the role of Active Directory Engineer in the Active Directory Application Integration group. In this role, I am serving as a general liaison between application owners in the business and the Active Directory Engineering group, managing and supporting AD integration solutions that would deliver Kerberos, Lightweight Directory Addressing Protocol (LDAP), and Global Catalog search services from Active Directory. While in this role, our group has been called upon to vet over 3,000 suspected Active Directory integrated applications, using protocol analyzers to pinpoint traffic types based upon port information, and to move integrated applications away from retiring Windows 2003 servers where hardcoded entries existed. This would entail using WideIP (alias) solutions when possible, providing and documenting suitable Windows 2008 Domain Controllers for hardcoded applications when necessary. These cases were often LDAP or GC searches using Secure Sockets Layers (SSL) which were not fully supported across all domains, and in cases where applications were not Windows 2008 compatible. Finally, as an AD Engineer in the AD Application Integration team, I have acted as a resource to educate the application owner population, document our processes, and maintain accurate records of AD dependencies throughout the environment for reference during future projects. This has entailed crafting and refining multiple communications for widest distribution (these would undergo vetting and approval prior to deployment, of course)
Fresenius Medical Care, Lexington MA December 2012 – September 2013 Active Directory Server Engineer (Contract) As an Active Directory Engineer with Fresenius Medical Care, North America, I was the lead technical resource on a number of projects, and acted in a supporting role in others. These included a Sites and Services redesign project, wherein I used ManageEngine's AD Audit application and Powershell scripts to create searchable databases of enterprise login information. Using this data, I was able to find unmanaged IP ranges and bring them into Sites and Services, pointing downstream clients to local Domain Controllers rather than randomly authenticating against servers sometimes on different continents. This greatly reduced unnecessary traffic replicating over WAN links and drastically cut down login times for remote clients. I was also a main resource on a project to redesign legacy login scripts which had become stale and unmanaged through the course of multiple mergers and acquisitions. To achieve desired results, I used Powershell scripts to create a database of all login script contents which was used to ascertain aggregate and duplicate mappings which were then reconciled and consolidated into newer login scripts. I acted as a secondary resource on a Group Policy consolidation project, again necessitated by multiple mergers and acquisitions over a short period of time. GPOs with redundant purposes and settings were streamlined and collapsed into core sets and redeployed to downstream clients. Responding to a lack of SSL redundancy across the enterprise, I was the lead AD Engineer working with the Network Security group in generating new SSL certificates, which I then deployed to all Active Directory Domain Controllers in the company. This was primarily to enable internal LDAP over SSL being served at the domain level to our internal users as well as B2B partners. During my time at Fresenius, I also was called upon to deploy QA environments for our developer base. These were near exact replicas of 5 Active Directory Domains residing in 2 forests, using Windows 2008 R2 servers but operating at a 2003 Forest Functional level to mirror our production environment. I also participated in an ongoing AD consolidation project, one that had been underway for over a year before I started and is still taking place today. I leveraged past experience with enterprise consolidations and engaged Dell/Quest Services to shape proposals for management that were ultimately not utilized. I have been told by former coworkers that these proposals are now under consideration, since the user-driven process in place for 3 years is not generating favorable results. Finally, I generated documentation for all of the above projects, as well as Active Directory maintenance documentation where gaps were discovered.
John Hancock - (Division of Manulife), Boston MA May 2012 – October 2012 Active Directory/Server Operations Engineer (contract) Server Operations:
During this assignment with John Hancock, I was involved in supporting day to day Windows server operations and project work as John Hancock moved towards an outsourced IT solution This included upgrading and configuring C-Class chassis hardware (On Board Administrators, Flex Connect SAN modules, and Flex-Connect/Flex-10 Virtual Connect Ethernet modules), building new ESX 5 hosts, migrating Virtual Machines into the new ESX 5 environment, and performing various custodial initiatives from server/chassis, server and ILO firmware upgrades, to Active Directory accounts maintenance, and administration of outfacing DMZ servers.
Other day to day operations entailed Active Directory group management, server permissioning, deployment of new physical and virtual Windows 2003/2008 servers, and decommissioning of obsolete ones. I also supported application development and support teams, coordinated support from network, SAN and backup teams, and provided datacenter support for other infrastructure groups such as the Thin Client, Core Services, Voice, and Client Services teams.
Project work included ESX upgrade initiative, refitting existing servers with newer, 10GB NICs and upgrading them to ESX 5. Host and cluster management encompassed creation of new ESX clusters, modification of existing ESX clusters, and decommissioning of vacated ESX clusters as well as extensive VM migration across clusters, and host customization. Individual host modifications have been precipitated by advances in the HP virtual connect and Flex-connect technologies, as well as enhancements to virtualized networking being introduced by VMWare and Cisco.
I was also integral in spearheading hardware troubleshooting and remediation during a datacenter shutdown, coordinating and providing support for over 550 physical servers that were powered down for 12-plus hours. I was primarily responsible for detecting and remediating hardware failures after the power was restored to our datacenter, and for ensuring that servers are restored to regular operations in the proper sequence in respect to system interdependencies (all servers upon Domain Controllers and DNS servers for domain authentication, ESX hosts to restore VM availability, power up of SQL databases prior to dependent applications, etc.) A major part of this event was inventory of all firmware levels of all components in the c-Class chassis farm (blades, ILOs, chassis modules listed above) and validating all chassis’ as they came on line. As expected, a number of modules needed to be reseated and power to the chassis’ cycled to properly bring the c-Class 7000s properly back on line. The diligence of my team in this portion of the power-up helped ensure a smooth return to production operations at the conclusion of the event.
United States Army, Kabul Afghanistan February 2011-April 2012 Information Management Program Manager/COMSEC Sergeant, 26th Infantry Division Deployed to Afghanistan (see Military Experience, below) Computer Science Corporation, Tewksbury MA April 2010- February 2011 Active Directory/Windows Systems Administrator (Raytheon Contract) As an outsourced resource at Raytheon, I acted as the primary Windows System Administrator for a 60- system mixed environment (Unix and Windows, 50/50), proprietary collaborative application portal. As such, I was responsible for maintaining and supporting the complex hardened Windows application environment, consisting of a suite of Citrix, Sharepoint, SQL ,and proprietary application servers . Using customized IPSec rules applied selectively to the servers, based upon application function and/or system interdependencies, the systems were hardened and sat inside an out-facing DMZ. I was also required to conduct an in-depth discovery process during this assignment to backfill previously non- existent documentation for the environment, to include IP schemas, customized application settings, FSMO roles as applicable, and an extensive array of granular IPSec filters and rules.
John Hancock - (Division of Manulife), Boston MA October 2009 - April 2010 Active Directory/Server Operations Engineer (contract) In my second assignment with John Hancock, I assisted with day to day Windows Server operations and spearheaded a Datacenter Remediation project prompted by faulty climate control equipment corroding server hardware. Duties specific to the remediation project included installing Hewlett Packard C-Class Blade chassis', installing and configuring DL360, DL380, DL580 servers, and BL460 blade servers(including Integrated Lights Out - ILO), configuring pass-through and Virtual Connect ethernet modules in the chassis, and provisioning new servers or migrating existing servers to the new server hardware. Migrations and provisioning were facilitated using pre-built server images which I created for each operating system (Windows 2003 Standard and Enterprise, 32 and 64 bit versions) and hardware platform necessary, deployed using HP Rapid Deployment Software 6.9, Build 430(Developped by Altiris). Incidental to the data center remediation was a large scale Virtual to Virtual/vmotion migration, as the original ESX servers had become corroded. Using the vSphere client v.4.0 to connect to the new vSphere 4.0 environment, VMs were imported and customized as necessary, including detaching and renaming data drives using the Linux interface, as well as reconfiguring memory and CPU settings as needs warranted. Patched IP cutover steps were employed to ensure that the new servers were up to date with all Microsoft and HP software at the time of deployment, and that the switching of hosts was as seamless as possible. Once this was complete, migrated servers were handed over to the appropriate business units for validation and reentry into production.
Mercury Computing Chelmsford MA August 2009 - October 2009 Active Directory Engineer (Contract) During this 2 month position, I filled in for an Active Directory/Exchange Administrator out on Short Term Disability. My daily duties included accounts maintenance, Exchange and Active Directory trouble ticket resolution, data restores, and an ongoing AD and Exchange cleanup project. John Hancock - (Division of Manulife), Boston MA Jan 2008 - April 2009 Active Directory Migration Engineer (Contract) During my first assignment at John Hancock since the late 1990s, I served as part of a three-man AD migration Team, spearheading the migration of user, computer and server accounts from NT domains into the corporate Active Directory. This was accomplished by creating a rigid pipeline with Microsoft and Quest engineers into which Active Directory and NT user and computer accounts were fed for batched migrations. The accounts would be identified based upon strategic planning against the consolidating domains, prioritized through input from business managers and liasons, and migrated into the target Active Directory domain. Once identified, the accounts were broken into batches for migration, at which point our team would send out a series of communications advertising the approaching migration, and then I would load these accounts into the Quest Domain Migration Wizard interface, which would physically move the accounts from the source domain(s) into the target domain off hours, and the Quest Resource Update Manager which would attempt to automatically rebuild desktop profiles on target clients. Each day, during business hours, my team would then assist the Desktop Support team with any back-end issues related to migrations. Since the Desktop Support team saw the highest volume of labor-intensive work following migrations, our schedule was dictated by their capacity to keep pace with that volume. 6 Domains were consolidated into one during this project, with approximately 6,000 user accounts migrated, close to 10,000 computer accounts migrated or pruned from the environment as stale. We utilized the Active Directory Cleanup Wizard to merge duplicate accounts as necessary. Also encompassed in the project had been the creation of a VMware lab, with VMs of the Quest Migration server, NT PDC, AD root server, AD child PDC, and an NT4 file server which required Physical to Virtual (P2V) conversion, virtualizing the WINS and DNS environment, and using ntdsutil to seize all FSMO roles in the production bubble. We then utilized the ADSI Resource kit, the Active Directory Migration Tool(ADMT), and Microsoft scripts to map out legacy SID history for remediation. We also used MS script solutions to identify and remove stale computer and server accounts as part of the NT4 domain collapse process. Finally, I was a liaison with different business units to assess their needs prior to migration, and to address concerns such as migrating legacy applications without impacting business, staggering key employee migrations to ensure continuity of operations, and delivering application support from other groups when necessary. This usually entailed initial discovery meetings, and sometimes a round or two of scheduling meetings, involving corporate or external application support personnel as necessary. This project - which had failed in as many as 8 previous iterations - was scheduled to complete 6 months ahead of schedule with a net savings of $293,000 under budget at the time of my activation with the National Guard, and my portion was 99% completed(since reached 100% in my absence). Throughout the project, I had also been performing Active Directory maintenance tasks, removing secondary and shared accounts where I had found them, rearranging Organizational Units to meet the changing needs of the business, supporting the Exchange 2003 environment, and assessing the Windows name resolution schema, offering my advice for remediation based upon Microsoft best practices. I also abridged the corporate GAL for accuracy as needed during migration operations.
Positions held prior to 2006 Network Administrator, Joslin Diabetes Center, Boston, MA (October 2005 - May 2006)
Windows Server Administrator, Edison Mission Marketing And Trading, Boston MA (September 2001-October 2005)
Windows Server Administrator, Artel Video, Marlboro MA (March 2001-September 2001) Windows Network Administrator, Digital Island, Medford MA (October 2000-March 2001) Windows Network Administrator, Partners Healthcare, Charlestown MA (August 1999 -October 2000)
EDUCATION AND TRAINING Bachelor’s Degree, Liberal Arts (History/English dual concentration), Magna Cum Laude, University of Massachusetts Lowell Currently enrolled, Masters of Science in Information Technology, University of Massachusetts Lowell Network+ Certified, CompTIA Security+ Certified, CompTIA Certified EnCase, Level 1 Data Fornesics Certified Network Administrator, Computer Learning Center, Somerville MA
MILITARY EXPERIENCE 255A - Information Services Technician/Warrant Officer Candidate, 151 Information Operations Field Support Team, Framingham MA (April 2014 – Present) In the IO FST, I am called upon to be prepared to respond to computer and network attacks on assets deemed critical by the Massachusetts National Guard command. To remain prepared for this mission, we are trained in computer intrusion detection technologies, data forensics, and general computer and network security techniques – often utilizing industry standard curriculums such as CISSP, and CEH(Certified Ethical Hacking) – and data forensics during our drills and annual training. Senior Automation NCO Sergeant First Class, E-7, HHC 26th MEB(Yankee Division), Reading MA, (December 2010 – April 2014) Deployments Information Management Program Manager/COMSEC Sergeant, 26th Infantry Division (Yankee Brigade), United States Army, Kabul Afghanistan (February 2011-April 2012) During a 14 month deployment – 9 months in country – I served as an automation Non-Commissioned Officer on the G6 section, which supported the Kabul Base Cluster Commander in all communication matters in theeater. This entailed handling and issuing of communication encryption, maintaining awareness and compliance of proper communications protocol amongst the other staff sections, maintaining and issuing electronic inventory to subordinate units, and advising the G6 Officer In Charge (OIC) as needed to support the Commander’s needs. I also managed the Information Manager Officer program, which trained and embedded communications support assets within all the other staff sections. Military Police Squad Leader, KFOR 8/HHC 101 EN FWD, Kosovo, Serbia (May 2006 - December 2007)
As a Squad Leader of 8 Military Policemen in Kosovo, I was responsible for the safety, training, accountability, and mission execution of my men. Our daily missions generally consisted of Presence Patrols of the sector, interfacing with the local population, ensuring stability in the sector, and garnering intel to bring back to our commander to gauge the general state of the region(at the time, Kosovo was not yet an independent nation). I did extensive research on the history of this region to prepare me for these missions, and as such was able to direct our efforts (successfully) to where I felt areas of greatest political unrest were likely. We would also be called upon to conduct escort missions for American elements and participated in joint operations with NATO partners from Sweden, Finland, Ireland, Germany, Latvia, and Great Britain.
Recent training: Advanced Leaders Course, Regimental Non-Commissioned Officer Academy (Signal Corps), Fort Gordon GA(October 2012 – December 2012) Finished first in class of 19 25B Staff Sergeants, completing the course with an academic average of 99.8% Course curriculum included; -Basic troop leading instruction (platoon and company level) -Windows 2008 Server Administration -AD integrated DNS, AD Directory Services -File Server Resource Management -Distributed File Services -Quota Management -File Screening Management -Dynamic Host Protocol configuration -Remote Routing Access Services (RRAS) -Windows Powershell -Sharepoint 2010 design and administration -Intrusion detection technologies (Snort, Wireshark) -TCP/IP networking/basic Cisco administration
Currently engaged in CISSP training