John A. Kilpatrick
A challenging position in network or security engineering requiring skills in design, problem solving, and project management with a path for growth.
Network engineering professional with extensive architecture, design, implementation, and operational experience. Strong project management and organizational skills with the ability to combine technical requirements and business fundamentals. Seasoned troubleshooter and problem solver that works well under pressure.
Senior Network Engineer February 2010 - Present
- On-call support for critical Yahoo! production and corporate environments.
- Re-engineered and deployed wireless networks at the main Yahoo! corporate campus (5000+ users). Deployment was accomplished over a holiday weekend resulting in minimal user impact. Awarded "Intergalactic Infrastructure Champion Award" for this project.
- Architected wireless redundancy design to maximize uptime for wireless users and improve user experience.
- Technical lead for software upgrade projects requiring plan development, documentation, and support for other engineers.
- Built new core infrastructure in production environments.
- Built out multiple new offices including all LAN and WAN infrastructure and VPN connectivity.
- Audited network monitoring systems and remediated gaps in monitoring coverage to provide critical and timely alerts to operations personnel.
- Re-engineered SF Bay Area MAN to reduce costs and improve performance.
Metaweb Technologies, Inc.
Senior Network Engineer June 2006 - February 2010
- Responsible for all network services for 55-person startup.
- Architected and deployed prototype datacenter including Internet connectivity, MAN connectivity, load balancing, and core networking.
- Worked with ARIN and other registrars to secure needed resources (IP allocation, ASNs).
- Architected and deployed corporate network services including security components, remote access, and instant messaging in a multi-platform (Mac, Linux, Windows) environment.
- Created corporate Certificate Authority system for use of private X.509 certificates to allow secure access of network resources as well as secure user identification.
- Managed certificates from major Certificate Authorities to secure public-facing web services.
- Architected and deployed a monitoring system using OpenSource components (Cricket, SmokePing, etc.) to guarantee production uptime and allow for capacity planning.
- Provided expert networking experience to the software engineering teams to resolve application issues, including packet level analysis and creative deployment of load balancing and content switching features.
- Architected and deployed new wireless network including vendor selection (Aruba Networks), site survey, and deployment of back-end services for secure 802.1x authentication.
- Responsible for provisioning of new production datacenter including vendor and location selection, cabling, cabinets, network architecture, network hardware vendor selection, Internet connectivity and WAN/MAN connectivity provider selection, contract negotiation, and vendor management for all associated vendors.
- Managed relocation of production services from prototype datacenter to new production facility.
Senior Network Engineer November 2005 - June 2006
- Managed production customer-facing networks for major wireless carriers with .99999 uptime requirements.
- Deployed new production environment improving uptime and scalability.
- Deployed many cross-platform VPNs for both customer and company connectivity.
- Deployed Internet connectivity, from premise wiring to BGP routing with carriers.
- Troubleshot application related network issues via extensive analysis of packet captures.
- Led network integration efforts for Santa Cruz office (100+ users, 500+ hosts).
- Successfully performed networking changes for VeriSign production networks to conform to architectural standards.
Senior Network Engineer, Network Team Lead August 2003 - April 2004 (Contract), April 2004 - November 2005 (FTE)
- Managed global network of over 20 sites (US, Asia, CALA, EMEA, 1500+ users) connected together via both VPN and leased-circuit technologies. 24x7 on-call support for all network-related issues.
- Designed and implemented new LAN and Internet access infrastructure for 1000+ node office that allowed UTSI to exit early from a services agreement resulting in savings of over $150,000 per month. Total project time was two months. All routers, switches, firewalls, Internet and WAN circuits were replaced.
- Deployed networks for several remote international offices. Coordinated infrastructure build outs, Internet access installation and deployment of office network environments.
- Developed remote management strategies for branch offices allowing efficient utilization of existing IT personnel while improving customer service.
- Led project to redesign company VPN architecture. Process involved product evaluation, testing, budgeting, and implementation. Final design was fully interoperable with existing routing architecture while dramatically reducing bandwidth utilization.
- Performed multiple network integrations allowing newly acquired companies to quickly begin accessing corporate resources. Project sizes ranged from small 50 person offices to medium-sized 300 person facilities.
- Solicited bids, selected vendors, and supervised cabling install for new 120-seat facility. Also selected and purchased network equipment for new facility. Project was completed ahead of schedule and $12,000 under budget.
- Designed and deployed new firewall/security infrastructure (Checkpoint NG AI) to allow for centralized management, standardized policy implementations, and increased network security.
- Deployed network management tools for bandwidth monitoring (Cricket) and configuration archival (Rancid) to give better insight into the state of the network.
- Designed new global VPN and remote management standards to improve performance and security while allowing for centralized infrastructure management.
- Implemented WAN routing redesign according to corporate design documents. Coordinated implementation with sites in US and China.
Senior Network Engineer at Wind River Systems May 2003 - August 2003
- Participated in corporate security council and evaluated requested changes in security policy for potential impact. Made changes in firewall policies when required.
- Managed corporate headquarters LAN and WAN of over 60 sites worldwide and NetScreen-powered VPN of 120+ sites, including on-call duties.
- Developed and deployed a tool for the archiving of network device configurations allowing changes to be tracked over time and recovered if necessary.
- Performed WAN architecture audit and proposed changes to increase both reliability and performance.
- Managed vendors during outage situations to drive problem resolution and worked with vendors to minimize the possibility of reoccurrence.
- Deployed Cricket to track usage of router and switch interfaces allowing for accurate capacity planning.
Network Engineer April 2000 - September 2002
- Designed and built new networks for relocation of a co-located 2000+ server environment that delivered a 10x increase in capacity and a 100x increase in stability and reliability through the use of multiple BGP peering points, multiple ASNs, and the use of ACLs to simplify network security.
- Developed and deployed a corporate wireless networking solution that provided the necessary access control and data security while maintaining the advantages of wireless networking.
- Managed and maintained corporate LAN, WAN, Security, and network services for over 1000 employees including locations in the Americas, Europe, and Asia, resulting in minimized downtime of enterprise services.
- During tight maintenance windows performed maintenance on production networks at over 10 Internet Data Centers while reducing service interruptions.
- Designed and built new production data center networks (Routing, Switching, and Firewalls) including sites in Korea, Japan, and England.
- Performed review of Cisco maintenance contracts and developed a revised support model that realized a reduction of $750,000 per year in network support costs while improving support levels.
- Conducted an audit of all WAN and MAN circuits and designed a revised topology that resulted in a savings of over $20,000 a month while improving redundancy and maintaining performance.
- Created and implemented a 24x7 support structure for Network Operations that established SLAs and improved team response to network issues.
SGI August 1997 - March 2000
Network Analyst, Site I/S
- Deployed new campus backbone network architecture in the midst of campus downsizing that simplified campus routing while increasing flexibility and performance.
- In the face of tight move-in dates successfully gathered requirements and designed networks for new buildings resulting in the successful deployment of new network technologies that increased performance and capacity.
- Wrote tools using SNMP to catalog network hardware resulting in improved network upgrade planning.
- Member of a 24x7 support team that successfully maintained campus networks and minimized downtime.
Network Systems Administrator Team Lead, T-Rex Project
- Assumed duties as postmaster and domain administrator for the retained mti.sgi.com domain.
- Assisted in division of environment for MIPS spin-off while minimizing disruption to existing environment.
- Configured and maintained Challenge Raid system which increased project storage space by a factor of ten.
- During development cycles redesigned project networks realizing dramatic improvements in performance.
Network Systems Administrator, MIPS Division
- Maintained large mission critical Origin 2000 and Challenge Series server farm used for VLSI testing.
- Evaluated network administration tools to create network management system (SNMP, HPOV, XNI) that increased visibility into network bottlenecks.
- Administrated and troubleshot mission critical FlexLM license server.
- Planned and executed large-scale relocation plans minimizing downtime and user impact.
Bachelor of Science, Computer Science
University of California, Davis. March 1997
Languages:C/C++, Perl, UNIX scripting
Network Management Platforms:Cisco Works 2000, NetViz, HP Open View, MRTG, RRDB, Cricket , Zenoss
Firewalls and Security:Cisco ACL, Juniper ACL, Checkpoint Firewall-1 4.1/NG AI Solaris (Stonebeat) and Nokia IPSO, NetScreen, Cisco PIX, Cisco ASA/ASDM
VPN Platforms:Cisco IOS IPSEC, Cisco VPN 3000 series concentrators, Cisco PIX firewall 515 to 535 (6.3), Checkpoint VPN-1 for Nokia and Secure Platform (R54, R55) , Nortel Contivity, NetScreen 5GT to ISG 2000 (ScreenOS 5).
Networking Platforms:Cisco Catalyst 2900, 3900, 4000, 5000, and 6000 series switches, Cisco 1700, 2500, 2600, 3600, 3700, 7200, 7500, and 7600 routers, Juniper M series routers, Extreme Networks Summit and Black Diamond series switches, Foundry ServerIron load balancers, Cyclades console servers, Digi Etherlite console servers, iTouch/Xyplex console servers, Alteon AceDirector load balancers, Netscaler load balancers, Aruba Wireless access points and controllers.
Network Protocols:BGP, OSPF, EIGRP, STP (802.1d), 802.1q, 802.3ad, 802.11a, 802.11b, SNMP, HSRP, VRRP