Summary
Overview
Work History
Education
Certification
Timeline
Generic

James Welch

Fort Myers,FL

Summary

Network Security Engineer with 13+ years' experience supporting enterprise networks to include Department of Defense, Healthcare companies, and Manufacturers.

Overview

15
15
years of professional experience
1
1
Certification

Work History

CTO/Solution Engineer

GainSide LLC
Fort Myers, FL
11.2023 - 01.2025
  • Educated and worked with the sales team as a pre-sales engineer, informing customer decision makers of complex IT and security solutions in human terms
  • Researched and selected Microsoft and ESET EDR systems to protect end users, and weighing which solution might be better for different customers
  • Implemented Proofpoint Essentials email protection for several clients to include managing MX, DMARC, SPF and DKIM records
  • Installed and supported Cisco Umbrella for clients to support DNS/Web Filtering, and managing the applications that were allowed, along with SSL Decryption
  • Installing new software remotely using Microsoft Intune for Windows and MACs
  • Setting up and managing Addigy for MAC customers, to include custom installs for Cisco Umbrella, ESET and managing of OS updates
  • Acted as the Technical Project manager for all onboarding projects, while working with our onboarding team to help smooth the transition from other MSP/MSSP companies
  • Managed relationships of 3rd party vendors, and worked with CFO for all legal and billing matters

Information Security Engineer

Zenith Insurance Company
Sarasota, FL
05.2022 - 01.2023
  • Auditing, managing Palo Alto NGFW (PA-3250, and lower models) to add new rules for internal requests, while also managing VPN setup
  • Implemented stricter policies for Palo Alto VPN access, and auditing setups to meet NIST Standards
  • Rolled out new Palo Alto Global Protect software thru VPN connection pushes, to eliminate vulnerabilities and to allow new functionality
  • Migrated our Certificate Authority (PKI) servers from Server 2012r2 to Server 2019
  • Managing the creation, and revocation of internal certificates
  • Took over management of Zenith's out-of-band solution (OpenGear) to improve availability during ISP outage, while also hardening the devices for best practice
  • Resolving alerts from Microsoft Defender, and building out Security Monitoring alerts and responding to issues using Panorama, Nagios, Microsoft, and Sentinel One products

Sr. Network Engineer

GHG Corporation (Contract for USAP)
McMurdo, Antarctica
01.2021 - 10.2021
  • I took the opportunity to cross off a major bucket list item and went to Antarctica to support the United States Antarctic Program (USAP) at McMurdo Base as the onsite Sr
  • Network Engineer
  • In this role, I supported and maintained the base infrastructure for all network and security-related equipment in an extremely remote environment with limited assistance from teammates in the US
  • Assisted in the telecom management and troubleshooting of Satellite infrastructure for our primary WAN at McMurdo
  • Managed the Cisco Routers, Switches, Wireless LAN Controllers, to include updating Port-Channel configurations for better throughput and validating based fiber connection
  • Managing Palo Alto Firewalls (PA-5250), to include researching updates before applying new patches
  • Setting up new rules and filtering based on Geolocation, URL Categories, Applications including time based filtering to allow non-critical applications for after hours that were limited to specific times and days of the week
  • Updating Cisco WLC setup for better optimization, and validating routing during normal and failover events
  • Recommended and implemented stricter rules for the onsite PA-5250 Palo Alto firewalls, while managing new requests thru change management procedures
  • Implemented RIES Transport switches and integrated them into the McMurdo network, putting the project several weeks ahead of schedule

Senior Security Engineer

Healthgrades
Denver, CO
03.2018 - 01.2021
  • Improved the company's security posture by implementing more advanced policies and rules on the Cisco ESA (Email Security Appliance) to include the use of custom content filters, and policies using external threat feeds to help block unwanted Spam and Malicious URLs/Attachments
  • Design and operations of Cisco ASA firewalls and Cisco Firepower IPS (Intrusion Protection Systems) to ensure the latest updates and policies were implemented, including enabling/disabling individual SNORT rules
  • Assisted in HITRUST audit by documenting and working with DevOps to provide proper documentation for auditors
  • Healthgrades was awarded HITRUST for our CRM product
  • Assisted the Network team in validating designs and issues affecting business operations to ensure security and best practices were implemented
  • Rolled out Duo MFA with SSO for 23 applications to include Outlook and VPN, while also providing education and training to users on best practices while enforcing Security Policies
  • Audited 11 AWS environments for Network ACLs and Security Groups and worked with stakeholders to limit risks based on security posture and best practices
  • Assisted in the education of best practices for email concerning phishing, spam, and how to effectively reduce spam for the end user
  • Monitored and managed Palo Alto, Fortigate firewall and Imperva WAF after acquisitions
  • Responded to Security Incidents as part of our CSIRT
  • Built and rolled out Cisco ISE with a successful VPN policy using Okta SSO, and Cisco AnyConnect

Network Engineer

Ball Corporation (Contract)
Broomfield, CO
05.2017 - 03.2018
  • Supported a global network with over 100 sites with 3 different MPLS Clouds with routing redistribution using BGP, OSPF, Route Maps, and static routes
  • Set up Cisco 2504 WLC controllers using best practices, mitigating wireless vulnerabilities (KRACK), and troubleshooting end users' connections
  • Created NetSH scripts to push out new DHCP scopes to help automate GUI processes using Microsoft DHCP/DNS plugins
  • Used Cisco Prime automation tools to create templates for changes to AAA, SNMP, and OS codes to expedite processes and help standardization
  • Troubleshoot client authentication issues using Cisco ISE 1.4

Network Engineer

MarkWest Energy Partners (Contract)
Denver, CO
11.2016 - 05.2017
  • Coordinated and implemented a network-wide refresh project of switches and routers at remote facilities
  • Completed infrastructure refresh project 2 months ahead of schedule
  • Validated audits and notated discrepancies while working through phases of the refresh project to account for all of the gear

Network Engineer

TRIZETTO (Contract to Hire)
Englewood, CO
05.2015 - 11.2016
  • I was the Network liaison to our security team and implemented all firewall and routing changes to implement web filtering of user traffic
  • Implemented iBGP project to provide High Availability to meet customers to meet SLA requirements
  • Ordering and coordinating new circuits for Corporate and Hosting MPLS Clouds as well as internet circuits with Service Providers to include test and turn up and QOS profiles
  • Implemented firewall and F5 Load balancer policy changes for customer projects and requests
  • Researched and fixed issues related to various Cisco platforms including Nexus 7k/5k/2k, 6500/4500/3850 switches, ASR, ISR routers, and 5585 ASA using CLI, ASDM, Splunk, SolarWinds, and NetBrain
  • Working with a team of 8 to support 3 data centers, 70+ customer-hosted sites, and over 300 VPN-only connections that tie into various in-house hosted Healthcare programs
  • Working with Customer and Service Delivery leads to isolate and resolve outstanding issues on high-visibility projects
  • Lead Engineer on a new customer build-out that is the largest in company history, by documenting and mapping out issues to keep multiple groups aware of how the traffic is traversing the environments

Network Engineer

AECOM (contract to 561st NOC)
Colorado Springs, CO
11.2013 - 05.2015
  • Implemented a project to fix over 6000 DISA STIG violations using SolarWinds automation and change control processes
  • Managed Cisco ACE (Application Control Engine) load balancer
  • Actively monitored SolarWinds to diagnose equipment before hardware failures occurred which allowed USAF operations to continue
  • Assisted Jr
  • Engineers on routing, switching, and best practices for both USAF active duty and civilian contractors
  • While also documenting procedures to allow for knowledge transfers
  • Supported and worked on the USAF NIPR/SIPR networks with a wide array of Cisco equipment including Nexus 7k/5k's and 1000V virtual switches, Cisco ACE, Cisco ASA's, and other Cisco IOS devices

Network Engineer

Harris Corporation (contract)
Key West, FL
04.2010 - 10.2013
  • I supported 80+ facilities for the Navy Marine Corps Intranet (NMCI) network throughout the Florida Keys, Southeast Florida, and Puerto Rico using a wide range of both wired and wireless solutions
  • Implemented circuit migrations of T1, multiple T1, and OC-3 circuits while working with the Defense Information Systems Agency
  • Troubleshoot and resolve Layer 1, 2, and 3 issues dealing with copper, fiber, ether-channel, 802.1x, OSPF, and BGP
  • Updated, troubleshooted, and replaced Cisco 6500/4500/3500/2900/2600/1800/800 series switches and routers
  • Installed and updated Sup 720 supervisor modules, fan upgrades, and power upgrades for 6500 and 4500 series switches
  • Created and submitted Engineering Implementation Plans to install new/ upgraded equipment on the network while preventing additional downtime during maintenance
  • Updated and resolved issues with the BelAir Networks wireless bridges and Fortress FC-X encryption devices by troubleshooting and engaging vendors where necessary
  • 24/7 on-call from the NOC for both NIPR and SIPR networks and updating the NOC's personnel with a resolution of the issues

Education

Bachelor's Degree -

University of Toledo
08.2002

Certification

  • ISC2 - CCSP Certified Cloud Security Professional
  • Cisco Certified Network Professional – CCNP R&S 2013-2019 (expired)
  • Cisco Certified Network Associate – CCNA R&S, 2004 - 2019 (expired)
  • ITIL Foundations
  • CompTIA A+, Network +, & Security +

Timeline

CTO/Solution Engineer

GainSide LLC
11.2023 - 01.2025

Information Security Engineer

Zenith Insurance Company
05.2022 - 01.2023

Sr. Network Engineer

GHG Corporation (Contract for USAP)
01.2021 - 10.2021

Senior Security Engineer

Healthgrades
03.2018 - 01.2021

Network Engineer

Ball Corporation (Contract)
05.2017 - 03.2018

Network Engineer

MarkWest Energy Partners (Contract)
11.2016 - 05.2017

Network Engineer

TRIZETTO (Contract to Hire)
05.2015 - 11.2016

Network Engineer

AECOM (contract to 561st NOC)
11.2013 - 05.2015

Network Engineer

Harris Corporation (contract)
04.2010 - 10.2013

Bachelor's Degree -

University of Toledo
James Welch