Projectsat work

social

Company:

General Dynamics Mission Systems

Role:

Principal Solutions Architect at Defense Advanced Research Projects Agency (DARPA)

Timeframe:

May 2016 - Dec 2017

At the Defense Advanced Research Projects Agency (DARPA) under General Dynamics Mission Systems in Arlington, VA, I served as the Principal Solutions Architect from May 2016 to December 2017. My role involved orchestrating a comprehensive overhaul and modernization of network security and infrastructure systems both in the lab and production environments. Key initiatives included the design and implementation of Palo Alto Networks firewalls, Cisco Nexus switches, and a secure connectivity framework for endpoints. Additionally, I created secure, compliant templates for major operating systems and deployed advanced VMware NSX security technologies and Citrix-based virtual desktop infrastructure across multiple classified networks.

This extensive project also included the deployment of a range of security and management systems, such as the Cisco Identity Services Engine for robust network access control, Pivot3 hyper-converged infrastructure for enhanced storage and compute capabilities, and Microsoft System Center Configuration Manager for efficient system management. Advanced monitoring and security measures were put in place using tools like SolarWinds and Splunk Enterprise. To ensure high security and compliance, I implemented a two-tier Public Key Infrastructure system, the Department of Defense Assured Compliance Assessment Solution, and the Host-Based Security System. Regular updates and briefings were provided to senior government stakeholders, including the Department of Defense CIO and directors from the Air Force and Navy, ensuring transparency and alignment with strategic objectives.

Projects

Sort by Date:

Project Title:

Operation Digital Fortress: Reinventing DARPAs Cybersecurity Landscape

Timeframe:

May 2016 - Dec 2017

Description:

During my tenure as Principal Solutions Architect at the Defense Advanced Research Projects Agency (DARPA), under General Dynamics Mission Systems, I embarked on a transformative project that spanned various facets of IT security and infrastructure enhancement. The mission was clear: to revamp DARPA's digital backbone for heightened security and operational efficiency.

The first phase of this ambitious project involved a critical upgrade to the network and security infrastructure. I led the configuration and deployment of Palo Alto Networks PA-500 and PA-5220 firewalls, establishing robust Layer 3 communications between internal and external networks. To complement this, I devised tailored security policies, ensuring that DARPA's unique requirements were met. Additionally, the data center's network was bolstered with Cisco Nexus 5048 and 2048 switches, while a Cisco Nexus 3064 was set up in the lab for effective VLAN segregation and isolation, crafting a secure, streamlined environment.

Access and security management was another vital component. Here, I implemented the Cisco Identity Services Engine and ACS to enhance security through 802.1x port-based authentication. This bolstered security across both lab and production environments. Furthermore, I developed secure, compliant templates for Microsoft Windows Server 2012 R2, Windows 10 Enterprise, and Red Hat Enterprise Linux 6.9, all adhering to the rigorous DISA Security Technical Implementation Guides (STIGs).

Virtualization and storage solutions marked the next strategic area of focus. I deployed VMware vCenter 6.5 appliances along with VMware NSX in the production environment to secure interactions between endpoint devices and infrastructure servers, complemented by a virtual distributed switch architecture to optimize network flow. The integration of Pivot3 hyper-converged servers supported the compute and storage demands of the classified networks, highlighting our commitment to scalable and secure IT infrastructure.

The project also included comprehensive user and endpoint management through the establishment of an Active Directory infrastructure for centralized management of user accounts and systems. The deployment of System Center Configuration Manager 2012 facilitated efficient patch management and application installations. I ensured thorough monitoring and log management using SolarWinds and Splunk Enterprise, providing a holistic view of systems, networks, applications, and virtual infrastructure activities.

In the final stride towards comprehensive security, I deployed a two-tier Public Key Infrastructure and the Host-Based Security System (McAfee ePO) to secure endpoint devices and manage certificates across domain-joined systems. A proof of concept for data rights management was also conducted with vendors like PKWare, Ionic, and Microsoft AD-RMS to protect classified data from unauthorized breaches, showcasing proactive measures in cybersecurity.

This journey was not merely about technical implementation but also about forging a path in digital security that would set a benchmark for future endeavors in defense technology and operations management. Each step was meticulously planned and executed, ensuring DARPA's classified networks were not only protected but also primed for future challenges and innovations.

Julian Yates
Slide Image 0
Slide Image 1
Slide Image 2
Back to Portfolio

SEND A MESSAGE

Learn how and when you can deploy Julian’s services.