Add personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md

personal/resume/EVPN/VXLAN_FABRIC_ENGINEER.md

@@ -0,0 +1,227 @@
+JASON DAVIS | Lewisville, TX  |  (940) 340-9369  |  newton214@gmail.com | linkedin.com/in/jason-davis-27442118a
+
+PROFESSIONAL SUMMARY
+
+I’ve spent 15 years building, scaling, and defending the infrastructure that 
+powers Fortune 500 enterprises, hyperscale cloud, and financial institutions. 
+I started as a Unix systems engineer and specialised in networks, which means 
+I don’t just configure switches—I understand the entire stack, from kernel 
+tuning to BGP policy.
+
+At AWS GovCloud, I learned what breaks when you try to run VXLAN/EVPN at 
+hyperscale. I designed overlays for high‑compliance tenants, automated away 
+manual toil, and developed reference patterns that turned one‑off designs into 
+repeatable products. At Verizon, I led multi‑million dollar transformations 
+that migrated legacy data centers to modern fabrics and SD‑WAN. At Charter, 
+I debugged buffer drops on encrypted storage replication because I knew how 
+to trace a packet from the wire to the application.
+
+Earlier in my career, I spent two years at Kaiser Permanente deploying Cisco 
+ACI fabrics across multiple data centers, fixing Oracle Exadata OSPF issues 
+that had stalled a major vendor, and uncovering silent buffer drops on Data 
+Domain replication that were corrupting encrypted backups. At American 
+Residential Services, I architected and executed a 100+ site SD‑WAN migration 
+to Cisco Viptela and engineered a $15K out‑of‑band management solution from 
+repurposed eBay hardware—because good engineers don’t need big budgets to 
+deliver reliable operations.
+
+Today, I bring that same obsession with reliability, automation, and resourcefulness 
+to every fabric I touch. I hold a Fortinet NSE 4, an RHCSA, and a CCNP; I’m actively 
+finishing my NSE 5 and RHCE. I don’t need a job—I need a revolution worth 
+believing in. If you’re building the next generation of network infrastructure, 
+I want to help you build it right.
+
+CORE COMPETENCIES
+
+NETWORK FABRICS
+• VXLAN/EVPN (Cisco Nexus, Arista) – Spine‑Leaf, MP‑BGP EVPN (Type‑2/Type‑5)
+• Anycast Gateway / Symmetric IRB, L3VNI, Multi‑Tenant VRFs
+• Multicast, Head‑End Replication, EVPN Multi‑Site
+• Cisco ACI – fabric deployment, migration, policy model
+
+SECURITY & SD‑WAN
+• Fortinet Security Fabric (NSE 4) – FortiGate, FortiManager, FortiAnalyzer
+• Meraki SD‑WAN (TBX SME), Versa SD‑WAN, Cisco Viptela
+• Palo Alto, ASA, Juniper SRX, Zero Trust Architecture
+
+CLOUD & HYBRID
+• AWS (GovCloud, Direct Connect, Transit Gateway)
+• Hybrid Cloud Interconnect, VMware NSX‑T, Kubernetes Overlay (Cilium)
+• Equinix Fabric, Cloud On‑Ramps
+
+AUTOMATION & IaC
+• Python (Netmiko, NAPALM, Flask), Ansible (Cisco, NX‑OS, Fortinet)
+• Terraform (AWS, Equinix), YANG/NetConf, REST APIs
+• Git, CI/CD, Bash, Pre‑/Post‑Diff Validation, Tcl (NetApp LACP analysis)
+
+SYSTEMS FOUNDATION
+• Red Hat Enterprise Linux (RHCSA), RHCE (in progress)
+• Unix (AIX, Solaris), Kernel Tuning, Arch Linux (personal lab)
+• Storage networking – Data Domain, NetApp, Exadata
+
+MONITORING & OBSERVABILITY
+• gNMI/Telemetry, sFlow, Prometheus/Grafana
+• PRTG, SolarWinds, Splunk, NetFlow/IPFIX
+• Custom Python Anomaly Detection
+
+CERTIFICATIONS
+
+• Fortinet NSE 4 – Certified
+• Fortinet NSE 5 – In Progress (FortiManager, FortiAnalyzer)
+• Red Hat Certified System Administrator (RHCSA)
+• Red Hat Certified Engineer (RHCE) – In Progress (Ansible)
+• Cisco CCNP Enterprise & Data Center
+• AWS Certified Solutions Architect – Associate
+• Cisco DevNet Associate
+
+PROFESSIONAL EXPERIENCE
+
+TBX – Consulting Systems Engineer, SD‑WAN & Security SME
+May 2022 – Sept 2024
+Subject Matter Expert for Meraki SD‑WAN and Fortinet Security Fabric.
+• Architected FortiGate SD‑WAN, IPSec VPN, and security policies for enterprise 
+  clients; NSE 4 certified, NSE 5 in progress.
+• Designed Meraki MX/Z3 auto‑VPN topologies, traffic shaping, and application‑
+  aware routing for multi‑site deployments.
+• Developed Python/Ansible automation frameworks for zero‑touch provisioning 
+  and config validation, cutting deployment time by 30%.
+• Authored and delivered advanced workshops on Zero Trust, SD‑WAN security, 
+  and automation; trained partner SEs and customers.
+• Led POCs that directly influenced seven‑figure enterprise deals.
+
+AMAZON WEB SERVICES (GOVCLOUD) – Network Development Engineer
+Sept 2021 – May 2022
+Tier 3 escalation for critical networking incidents in a hyperscale, 
+multi‑tenant, high‑compliance environment.
+• Architected VXLAN/EVPN overlay solutions for GovCloud tenants – translated 
+  segmentation requirements into MP‑BGP EVPN address‑family configurations.
+• Built Python automation frameworks to model, validate, and deploy underlay/
+  overlay policies across thousands of devices; reduced provisioning time by 
+  40% and eliminated configuration drift.
+• Designed hybrid interconnect strategies using AWS Direct Connect and Transit 
+  Gateway, integrating on‑prem VXLAN fabrics with AWS VPCs via eBGP.
+• Deployed and troubleshot BGP control planes at hyperscale – route reflection, 
+  next‑hop reachability, RT/RD consistency across multi‑tenant partitions.
+• Developed SOPs and post‑mortem guidance; institutionalised “automation‑first” 
+  remediation patterns.
+
+VERIZON ENTERPRISE SOLUTIONS – Principal Network Architect
+Jan 2020 – Sept 2021
+Led enterprise‑scale fabric architecture and migration for Fortune 500 clients 
+in finance, healthcare, and retail.
+• Engineered VXLAN/EVPN data center fabric designs – L3VNI per tenant, anycast 
+  gateway addressing, consistent RD/RT schemas.
+• Led Avis migration from legacy Cisco MPLS to Versa SD‑WAN + Aruba edge; 
+  designed hybrid overlay interconnect with zero downtime.
+• Developed pre/post diff Bash scripts for configuration validation, reducing 
+  change‑related incidents by 35%.
+• Mentored solution architects on YANG, NetConf, Meraki API, and Python; 
+  shifted team from CLI‑first to API‑first mindset.
+• Spearheaded Walgreens nationwide WAN optimisation – integrated underlay BGP 
+  with overlay SD‑WAN controllers for application‑aware routing.
+
+CHARTER COMMUNICATIONS – Data Center Network Engineer
+Sept 2018 – Oct 2019
+Managed enterprise F5 LTM/GTM and A10 load balancing; implemented next‑gen 
+overlay networks.
+• Implemented EVPN/VXLAN overlay networks on Nexus 9K – multi‑tenant 
+  segmentation across national data centers.
+• Automated TACACS configuration with Bash scripts, eliminating manual errors 
+  and credential misconfigurations.
+• Identified critical buffer tail drops on Data Domain SSL replication 
+  (port 29000) using PRTG and packet capture; root cause was underlay MTU 
+  mismatch and oversubscription.
+• Coordinated cross‑team Video VPN deployment, aligning network, security, 
+  and Linux systems teams.
+
+ZIVARO – Senior Network Consultant
+Oct 2018 – Jan 2020
+• Designed and deployed VXLAN data center fabric for Denver Health using 
+  Cisco ACI with BGP EVPN underlay – HIPAA‑compliant micro‑segmentation and 
+  workload mobility.
+• Advocated Ansible over DNA Center for Simmons Foods automation; delivered 
+  Ansible playbooks, saving client $50K+ in proprietary licensing.
+• Implemented Layer 3 to the edge for CDPHE despite organisational resistance; 
+  architected migration plan that became team standard.
+• Key contributor to Cisco Gold Partner recertification – led technical 
+  deep‑dives on EVPN/VXLAN, ACI, and automation.
+
+ENTRUST (ZIVARO) – Cloud Network Engineer
+Jan 2020 – Present
+• Implemented PCI‑DSS‑compliant AWS network infrastructure – VPC segmentation, 
+  security groups/NACLs, Transit Gateway routing; passed QSA audit.
+• Built staging environment despite VP‑level opposition; validated Ansible ACL 
+  playbooks (cisco.ios) pre‑production, proving risk reduction and change 
+  accuracy.
+• Provided emergency architecture support for Illinois Credit Union VPN 
+  deployment – troubleshot IPsec tunnels and BGP peering to restore service.
+
+KAISER PERMANENTE – Senior Data Center Engineer
+May 2016 – Apr 2018
+Led data center network modernisation for one of the largest healthcare 
+organisations in the United States.
+• Deployed Cisco ACI fabric across multiple data centers – designed EPG 
+  contracts, bridge domains, and L3Outs; migrated legacy Nexus 7K/5K 
+  infrastructure to Nexus 9K with zero downtime.
+• Resolved critical OSPF routing issues on Oracle Exadata racks that had 
+  delayed a major vendor implementation; diagnosed misconfigured interface 
+  costs and summarisation, enabling the project to meet its deadline.
+• Identified and fixed buffer tail drops on Data Domain SSL‑encrypted 
+  replication traffic (port 29000) that were silently corrupting backups 
+  across the DR link. Used PRTG, SPAN sessions, and deep packet analysis to 
+  isolate MTU mismatch and egress queue depletion.
+• Enhanced HPNA (HP Network Automation) functionality by developing custom 
+  reporting and compliance scripts, improving operational visibility and 
+  reducing audit remediation time.
+• Collaborated with storage, database, and application teams to optimise 
+  network performance for Exadata, NetApp, and VCE Vblock platforms.
+
+AMERICAN RESIDENTIAL SERVICES – Senior Network Engineer
+Jan 2018 – Jan 2019
+Architected and executed a complete network transformation for a national 
+home services provider with 100+ locations.
+• Led end‑to‑end migration from legacy MPLS/hub‑spoke topology to Cisco 
+  Viptela SD‑WAN – designed transport‑side policies, application‑aware 
+  routing, and zero‑touch provisioning; executed site cutovers with zero 
+  business‑impacting incidents.
+• Standardised firewall configurations across Cisco ASA and Juniper SRX 
+  platforms, implementing consistent security policies and VPN templates.
+• Deployed Cisco Umbrella DNS filtering as a lightweight security layer 
+  across all sites, reducing malware callbacks by 60% within 30 days.
+• Engineered a cost‑effective out‑of‑band management and UPS solution using 
+  repurposed Cisco 2811 routers, cellular modems, and second‑hand APC units 
+  sourced from eBay – saved the company over $15,000 while providing 
+  resilient remote access during power outages.
+• Implemented RANCID for automated configuration backups and version control, 
+  establishing configuration audit trails for the first time.
+
+AT&T (TIAA‑CREF) – Lead Network Architect
+Jul 2010 – May 2016
+Led $100M+ network infrastructure refresh for a top‑tier financial institution.
+• End‑to‑end architecture and design – Nexus 9K, ASR9K, F5 BIG‑IP; delivered 
+  under budget and ahead of schedule.
+• Optimised mainframe OSPF routing (Area 51) – resolved route flapping and 
+  suboptimal path selection; required deep understanding of mainframe TCP/IP 
+  and traditional routing protocols.
+• Identified NetApp LACP RFC non‑compliance via custom Tcl script; vendor 
+  acknowledged defect and released firmware fix, preventing undetected link 
+  failure risk.
+• Created reference architectures and standardised configuration templates 
+  for blackhole routing, security policies, and high‑availability designs; 
+  adopted globally.
+
+DYNAMIC IMPACT MARKETING LLC – Principal & Technical Strategist
+Sept 2024 – Present
+• Founder consultancy applying infrastructure engineering to marketing tech.
+• Build automated data pipelines (Python) and technical audit frameworks.
+
+EDUCATION & MILITARY SERVICE
+
+United States Air Force – Senior Airman, Honorable Discharge
+
+CONTINUOUS LEARNING
+
+• SRv6, eBPF/Cilium, NVIDIA Spectrum, BlueField DPUs – self‑directed study
+• Arch Linux maintainer – kernel tuning, systemd, network namespaces
+• Fortinet NSE 5 (FortiManager, FortiAnalyzer) – In Progress
+• Red Hat RHCE (Ansible, system roles) – In Progress