Summary of strengths: • 10+ working experience in network and security field in finance industry. Experience in: • Routers: Cisco 2800, 2911(15.2), 3845(12.4), 3945(15.0), 7609(12.2), ASR1013(15.2) • Switches: Cisco Catalyst 6500(12.2.33), 4507(12.2), 4948(12.2), 3750(12.2), Nexus 7010(5.0/6.1), 5548(5.0), 2000 • Security: Cisco ASA 5510(8.2), 5515(9.1), 5525(7.0/8.3/8.4), Cisco SNS 3415(1.2); Juniper SRX1400(12.1), SSG 550; Fortinet 1500D(5.0); Cisco IPS 4125/4250, Cisco ISE(1.1/1.2), NAC; • IAM: Cisco ACS 3.3/4.0/5.2, NAC Framework, ISE(1.2); Microsoft AD; • Load balance(Content Switching): F5 Load Balancer 3600 (v9,v10.2.4), LVS • Content Security: WAF/Modsecurity, HIDS/OSSEC, OSSIM(4.0,5.0) • Insight knowledge in • Routing: OSPF, EIGRP, HSRP/VRRP, PIM; IGMP; • Switching: STP, RST, VLAN, VTP, DTP, Port-channel, VPC, VSS, FabricPath, OTV; • Applications: DNS, DHCP, HTTP, FTP, SMTP; VoIP(SIP/H.323/SCCP), QoS, Content Filtering and Content switching; Load balancing; • Security: Firewalls(UTM, NGFW), IPSec, SSL, VPN, EAP/802.1x, Radius, Crypto/Encryption, Application Security, SIEM, PKI/CA, WAF, XSS, SQL Injection, OWASP, ISO27001, PCI-DSS, NISP SP; Nmap, SQLMap, Burp, AppScan, OpenVAS, Nessus, Metasploit/Kali; • Load balance: L4/L7 switching; HA • Experience in Linux, HP Unix and Windows(AD/LDAP), VMWare, Cisco Call Manager Express(VoIP); • Familiar with script language: Python and Shell(Awk/Sed), and RegEX; CISSP #320432 CCIE RS #20725

Senior Network Security Analyst @ From November 2015 to Present (2 months) Network and Security Engineer @ • Designed and implemented Information security methodologies and Technologies. • Maintained information security vulnerability and threat management • Designed, implemented, and maintained company production and office network. Skill used: • ISO27001, WAF/Modsecurity, OSSEC(HIDS), OSSIM(SIEM), Zabbix, ELK(Elasticsearch, logstash, Kibana) • Linux (CentOS, Kali), Windows Server 2012, ESXi, Nginx, Tomcat, MySQL • Burp Suite, OpenVAS, Nmap, SQLmap, NetSparker, OWASP, Wireshark, TCPDUMP, Shell Script • Fortinet Firewalls, Cisco ASA, Cisco Switches • SSL(VPN, HTTPS), OSPF, LACP, RST, HSRP, Syslog, SNMP, DNS, DHCP etc. From January 2015 to September 2015 (9 months) Toronto, Canada AreaSenior Network and Security Engineer @ • Designed, implemented network and security infrastructure in SSE. • Designed and implemented Internet-faced business and trading processing platform. • (HTTPS and SSL VPN) • Designed and maintained ISO27001 ISMS (Project manager); maintained ISO20000 as coordinator. • Designed and maintained the information security baselines. • Provide Tier-2 Network and security support (NOC) Skill used • ISO27001, ISO20000, PRINCE2(PMP) • WAF/Modsecurity, OSSEC, ClamAV, Nessus, Burp, Nginx, Apache, Tomcat, MySQL,Nagios • Cisco Switches (Nexus 5000/2000, Catalyst6500, 4948), IPS, Firewalls(ASA, Juniper SRX), NetScout, IXIA • HTTP/HTTPS, SSL VPN, IPSec VPN, OSPF, HSRP From June 2012 to July 2014 (2 years 2 months) Network Security engineer @ • Designed, implemented, and maintained the SSE next generation trading networks.(with 60+ switches, 10+ routers and 20+ firewalls), Maintained and managed network devices in trading system including Routers/switches, Firewalls (PIX/ASA/FWSM) and DWDM system. • Designed and implemented the NAC(Network Admission Control) and Cisco ISE in SSE • Updated and upgraded the trading network devices and trading hosts smoothly and successfully( 50+switches, 36+ HPUX hosts, 300+ cables, DWDM, and firewalls). • Installed, setup and maintained trading communication hosts, maintained and managed the communication hosts’ emergency recovery plan, scripts, and operation • Designed, proposed and tested the layer 3 network architecture for the New Generation Trading System in SSE. Designed, tuned and tested network performance including OSPF, RST, PIM, HSRP etc. • Led internal forensic investigation on insider sensitive data leaks and system audit. • Renovated a new method to improve the fault recovery performance for trading hosts from 5 minutes to 10 seconds. . • Excellence Award for “Continuous Degree Study” in 2009 Skill used. • Routers(Cisco 2900/3900, 12000, 7206, ASR1000), Switches(Catalyst 6500, 4500, 4948, 3750,2950, and Nexus 5000, 2000), Firewalls(Cisco PIX/ASA/FWSM, Juniper, Checkpoint), IDS(4125), WLC 4400, AP(1010,1250), DWDM(Cisco 15454), HP ArcSight(SIEM), Cisco NAC Framework, ISE, ACS, Cisco Call Manager Express(VoIP) • 802.1x, EAP/EoU, Radius, HSRP, OSPF, EIGRP, RST, Multicast(PIM, IGMP), IPSec, SSL, AAA, QoS, MPLS VPN, NAT, Netflow, Syslog, SNMP, EAP, WAP2/WAP, AES etc. • Nkisun, Wireshark/TSHARK, TCPDUMP, TCPDUMP, FTP, Telnet, Rlogin, DNS, DHCP • HPUX, Linux, Windows, HP OVO, IR Prognosis, Shell(Awk/Sed) • ISO20000/ITSM From September 2002 to August 2010 (8 years) Network and System Admin @ The main responsibility is to maintain the whole R&D environment. • Setup and maintain HPUX systems based R&D environment. • Install, maintain, and support the application environment, etc • Responsible for Sablime system (version control and build system) • Maintain local network devices. • Setup and maintain local Email/DNS/NIS/Web servers Skill used • HPUX, Linux, Windows • Perl, Shell (awk/sed) • DNS(Bind), Email(Sendmail), Apache Web Server, NIS, NFS From April 2000 to August 2002 (2 years 5 months) Shenzhen, Guangdong, China

Master's degree, Information Security Institute (Information Security Technology Track) @ The Johns Hopkins University From 2010 to 2012 Master's degree, Computer Engineering @ Shanghai University From 1997 to 2000 Bachelor's degree, Computer Communication @ Nanjing University of Posts and Telecommunications From 1993 to 1997 XiaoMing(Frank) Li is skilled in: Computer Security, CISSP, EIGRP, RIP, OSPF, Security, Network Architecture, HPUX, Shell Scripting, Network Security, Firewalls, VPN, Networking, TCP/IP, Switches