Technical Leader @ Cisco Systems, Inc - Internet of Things Group
Technical Leader @ Cisco IronPort Systems, LLC
No education info found.
A network security expert with over 20 years’ experience qualifying and supporting networking hardware and software products for borderless enterprise, mobility, and Internet of Things (IoT) network applications. Special emphasis on architecting and building complex solution networks that employ a defense-in-depth security strategy, with high availability (HA) and disaster recovery (DR) architectures. Lead black box security penetration
A network security expert with over 20 years’ experience qualifying and supporting networking hardware and software products for borderless enterprise, mobility, and Internet of Things (IoT) network applications. Special emphasis on architecting and building complex solution networks that employ a defense-in-depth security strategy, with high availability (HA) and disaster recovery (DR) architectures. Lead black box security penetration testing using Burp Suite, Metasploit Pro, Nmap, Nessus, and other third-party tools, along with application fuzz testing using Codenomicon and IBM AppScan Security. Advocate and practitioner of the secure software development life cycle (SDLC) framework.
A proactive doer and thinker with a commitment to product quality and security, customer success, versatile, adaptable, and a “wearer of many hats”. Thorough knowledge of the configuration and management of a broad range of Cisco’s routers, switches, firewalls and access points. Also, knowledgeable with mobile operating systems (OS), Apple iOS, Android OS/Android for Work, and Windows 10 Mobile and Desktop. Familiar with the configuration of Juniper Networks Netscreen firewall, and Pulse Secure Access Services. Expert knowledge of AAA protocols (RADIUS, TACACS+ and LDAP), Identity, Virtual Private Network (VPN) technologies, Public-Key Infrastructure (PKI), Simple Certificate Enrollment Protocol (SCEP), Windows networking components like Active Directory (AD), Certification Authority (CA), Network Device Enrollment Service (NDES), Network Policy Service (NPS), and Routing and Remote Access Service (RRAS).
Consistently recognized as a top 10% exceptional performer within his peer group, and the recipient of numerous performance, customer satisfaction and team player awards.
Cisco Certified Internetwork Expert (CCIE) - Service Provider #4586
Currently working on obtaining CISSP certification
Senior Solutions Architect @ * Architected, deployed and integrated the Public Key Infrastructure (PKI) with existing Windows domain network with Active Directory, Exchange, and SharePoint backend for MobileIron’s cloud, and on-premises enterprise network reference architectures. These networks are used by our systems and sales engineers for customer demonstrations by securely issuing X.509 certificates to iOS, Android and Windows mobile devices using Simple Certificate Enrollment Protocol (SCEP) used for certificate-based authentication.
* Architected and deployed the Virtual Private Network (VPN) gateway using MobileIron Sentry, Microsoft Windows Server 2008 & 2012 R2, Cisco Adaptive Security Appliance (ASA) and Pulse Secure Access Service. These servers terminate Windows Phone 8.1, Windows 10, Android OS, Apple iOS devices for their per-app, on-demand, always-on, auto-triggered, IPsec/IKEv2 and SSL VPN connections.
* Architected the Cisco Integrated Services Engine (ISE) for Network Access Control (NAC) integration with MobileIron Core.
* Integrated Appthority, Veracode, FireEye MTP and Lacoon app reputation services with Mobileiron Core.
* Developed and presented deep technical content on various topics like MobileIron Cloud, MobileIron Sentry, MobileIron AppConnect/AppTunnel/Tunnel, PKI, cryptography, TLS, SCEP and Microsoft, Entrust, OpenTrust and Symantec certification authorities.
* Publishing numerous technical white papers and how-to videos onto Salesforce.com for marketing, sales engineering and partner enablement.
* Developing reference architecture that can be applied to different MobileIron customer verticals and problem statements.
* Wrote blog entries on Three Dependencies for Secure Internet of Things Adoption published onto MobileIron’s web site.
* Writing blog entries for MobileIron’s ReThink: Security campaign. From March 2014 to Present (1 year 10 months) Technical Leader @ - Lead product security, vulnerability and penetration testing using Metasploit, BurpSuite, AppScan and Codenomicon Defensics for Cisco’s Connected Grid Routers (CGR1000 & CGR2000), Connected Grid Switch (CGS2000), Connected Grid Network Management System (CGNMS) and Connected Grid Device Manager (CGDM).
- Insure adherence to Cisco’s CSDL (Cisco Secure Development Lifecycle) guidelines and NERC-CIP/Cyber Security, NISTIR 7628 and FIPS 140-2/3 standards. Validated compliance with these guidelines and standards via software and physical security, and functional/feature testing. This included identifying various threat vectors at both the unit and network levels via Threat Modeling exercises.
- Overall ownership of product quality testing of the following security features: AAA/RADIUS/TACACS+, 802.1x/802.11i/EAP/Cisco TrustSec, IPsec/VPN/SSLVPN, PKI/ECC/RSA/X.509/SCEP/CRL/OCSP, CNG/AES Encryption/SHA2 Hash/OpenSSL/Windows Certification Authority, IPS/IDS, Anti-Counterfeit Technology (ACT2)/Secure Boot, Mesh Security/802.15.4/RPL, IPv4/IPv6/ACLs and ZBFW.
- Prepare and review feature and solution level test cases/test plans, update and submit software/hardware defects as necessary. Collaborate with software developers for effective resolution of defects.
- Active member of CSDL Security Advocate Technical Advisory Group. Presented at Cisco’s Security Conference (December) 2012. Attended RSA Conference and Black Hat 2013.
1) Lead architecture design of the Advanced Metering Infrastructure (AMI) Solutions Network which is a reference network design for all of Cisco’s Smart Grid electrical utility customers.
2) Developed and tested 900 Mhz wireless mesh network using 802.1x EAP-TLS for mutual authentication of smart meter supplicants, through our CGR1000 router (authenticator) and Microsoft Windows Network Policy Server as the RADIUS authentication server. From June 2010 to March 2014 (3 years 10 months) Technical Leader @ - Provide technical direction in the scoping, testing and qualification of new AsyncOS releases for the Web Security Appliance (WSA). This includes simultaneous releases, and coordination with the Security Management Appliance (SMA) team which can also manage the WSA.
- Lead, coordinate and qualify new AsyncOS releases for the Email Security Appliance (ESA); Infrastructure servers’ applications and Atlas server applications for Hosted Email Security (HES) service. This entailed working with the Network Operations team to apply these new releases onto the HES Data Centers located in Santa Clara, CA and Las Vegas, NV. This also included testing Data Center-level high availability and failover, and developing performance and capacity planning test plans.
- Assessing and triaging all product defects; following up with the various development teams (located in San Bruno, CA and Bangalore, India) until a fix is integrated and successful verification is achieved.
- Evaluating releases applied to various soaking mechanisms including Alpha and Dogfood appliances, and Friendlies customers. Provide first line technical support and remediation for any issues discovered.
- Recommend which release builds would be made available to Beta customers which includes the ASA firewall, ASDM, AnyConnect VPN client and WSA to be used in the AnyConnect Secure Mobility (ACSM) solution testing.
- Engage Beta customers to sufficiently test new features like ACSM, Application Visibility and Control (AVC); Sophos (new scanning engine); and Scan Safe, etc. From July 2009 to June 2010 (1 year) Technical Leader @ - Lead, scope and develop functional and solutions test plans that effectively and sufficiently exercise complex hardware and software features like SSL/Web, IPsec, Site-to-Site VPNs; PKI; Role-Based Access Control (RBAC); Authentication, Authorization, Accounting (AAA); TACACS+/RADIUS security protocols; Firewall and AAA Rules, NAT and Failover; L2 RACL/VACL/PACL; IBNS (NAC & 802.1X); and Intrusion Detection/Prevention Systems.
- Successfully lead and mentor different groups of QA engineers to implement new tools and procedures onto new features to increase detection of internally found defects (and decreasing customer found defects).
- Hardware support included the ASA/PIX/FWSM Firewalls, Integrated Services Routers and Catalyst core/Desktop switches and IPS sensors/modules.
- The subject matter expert for Cisco Security Manager (CSM) and Management Center for Firewalls (FWMC), and Cisco Secure Access Control Server (ACS) and provided BU technical escalation support for Enterprise customers like Wells Fargo Bank, JPMC, BBVA, Hewlett-Packard, IBM, Union Bank, AT&T, Ohio State University and Walt Disney Company that yielded positive resolutions for all customers.
- Acted as the liaison between cross-functional teams including development engineering and management (for hardware platforms and software), multiple QA teams, TMEs, PMs and the TAC.
- Developed the training collateral and presented New Product Introduction (NPI) training to the Wordwide TAC organization on the successful integration of CSM, CiscoWorks Common Services and ACS; troubleshooting common problems and the concepts of RBAC/AAA. This was executed on two different occasions during different product releases. From December 2006 to June 2009 (2 years 7 months) Software Engineer @ - Scope and develop functional and solutions test plans that effectively and sufficiently qualified complex hardware and software features.
- Technologies utilitzed include VLANs; 802.1x; LDAP; Windows Servers/Domains; Active Directory; WINS; DNS; DHCP; Certificates; AAA; RADIUS; TACACS+; RSA/One-Time Passwords; and EAP.
- Consistently acted as the product domain expert and BU technical support escalation point for Cisco’s Enterprise customers on products like Cisco Secure User Registration Tool (URT) and Cisco Secure Access Control Server (ACS).
- Provided on-hands escalation and technical support for critical accounts customers, the National University of Singapore (in Singapore) for Cisco Secure User Registration Tool (URT) and successfully resolved all their high priority initiatives. This resulted in their purchase of additional $2M worth of Cisco Catalyst core and access switches; and expedited their successful rollout of URT onto their university campuses and student dormitories.
- Integral member of the revival of Cisco Secure Access Control Server (ACS) after it was initially end-of-lifed, which resulted in restored customer confidence in the product. The first susequent release, version 2.5 was codenamed “Phoenix” required a technology transition from the previous QA team (in Irvine, CA) and development engineers located in the United Kingdom. The release was delivered on time with superior quality.
- Assisted in the successful resolution of a critical account status of Cisco Security Policy Manager (CSPM) at Bear, Stearns and Company which included mentoring and follow-up training of their application administrators. This enabled the customer to successfully implement and rollout CSPM until their migration to FWMC, keeping them a Cisco customer. From March 2000 to December 2006 (6 years 10 months) Customer Support Engineer @ - Provided high touch technical support for Cisco’s largest Enterprise customers; Resolved complex issues to a mutually agreed upon closure and achieving a high customer satisfaction rating.
- Team Leader for the Security and Applications team that supported the PIX and Centri Firewalls; Cisco Secure Access Control Server; AAA configuration on firewalls and routers; UniverCD ; Cisco Remote (DUN) and Cisco ISDN TA.
- Initiated “Chalk Talks” and technology training, and routinely mentored junior support engineers.
- One of the original authors of the Security CCIE track written examination. From May 1995 to February 2000 (4 years 10 months)
James Saturnio is skilled in: Cisco Certified Internetwork Expert #4586 (Service Provider/Security), Cisco Technologies, Network Security, Firewalls, Security, Data Center, VPN, Switches, Routers, Network Design, IPSec, DNS, DHCP, Integration, Networking
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension