Profiles search

David Kennedy

Senior Cyber Security and Kubernetes Engineer
Newport News, VA, United States

Details

Experience: 25+ years experience as a systems administrator and 5+ years experience as an engineer. In charge of of the Cybersecurity team for our program and lead engineer for our Kubernetes environment. For security I have extensive knowledge of all the tools that DISA provides. I work with Tenable.sc, Nessus, DISA STIG, GPO's, and SCAP tools. Designed RKE2 environment with Rancher, Harbor, PostgreSQL, Keycloak, and Harbor. Very familiar with IronBank and using their images rather than OSS.

2022 : Present

Technica Corporation

Senior Cybersecurity and Kubernetes Engineer

Primary individual responsible for the security of the system infrastructure. Used Tenable, STIGs, SCAP Compliance Checker (SCC), and McAfee/Trellix to keep the system secure. Reduced overall vulnerabilities by over 99% within the first 6 months and was among the first to adopt the Navy’s Evaluate-STIG tool to check the entire network of Window assets. Monitored AF directives on both NIPR and SIPR and worked with local Information Systems Security Manager (ISSM). Helped build and secure an Amazon Web Services (AWS) Virtual Private Cloud (VPC) on Secret Internet Protocol Routing (SIPR) during COVID and manually built AOC Falconer servers that were successfully accessed and used by 12th AF during their red flag exercise.

2015 : 2022

Phantom Eagle, Inc

Senior Cybersecurity Systems Engineer

Responsible for software development, design, engineering, integration, documentation, and delivery of AOC warfighter software throughout the entire DoD. Currently managing a team of eight systems administrators, whom I task and delegate to ensure aggressive scheduling needs are met.

● Successfully built, designed, documented, and fielded the 10.1 RE11 AOC Weapons Systems baseline in one year. The first baseline system in 7 years to be pass testing and be distributed to all AOC sites throughout the DoD.

● Engineered and successfully fielded two core systems Periodic Maintenance Updates (PMU) to the current RE11 10.1 baseline AOC Weapons System.

● Engineered and designed new Microsoft Exchange infrastructure with a tightened DMZ perimeter posture, to include supporting the new SIPR PKI token architecture.

● Designed and documented new database implementation guide. Covers the configuration and security of all databases owned by the AOC WS 10.1 baseline.

● Designed unprecedented SQL architecture, providing 100% uptime for AOC critical components such as vSphere and Citrix services. The design is now currently being used by various DoD installations as the standard for database architecture and design.

● Implemented new Key Management Service (KMS) to activate operating systems and software without the need for commercial connectivity. Considerably reduces licensing costs at each site, and cuts down on Configuration Management (CM) overhead.

● Upgraded all supported servers to Windows 2008 without the loss of any functionality, while utilizing the new platform to secure the software environment with more ease and a more aggressive security posture.

● Virtualized over 95 percent of the legacy AOC systems. Dramatically reducing the hardware footprint, increasing the ease of administration, and reducing CM costs by removing most physical media needs.

2009 : 2013

Phantom Eagle, LLC

Lead Systems Administrator

Responsible for installing and testing software systems before being deployed and fielded to the warfighter. Support warfighter software experimentation for integration into the AOC weapons system software baseline. Document and maintain common system problems and solutions for future use in projects and test events.

● Lead systems administrator for Joint Expeditionary Force Experiment 2008 (JEFX-08). Managed over 20 other systems administrators from around the world over a 3 month period. Responsible for over 120 servers and up to 700 workstations. Implemented releasable environement by way of Active Directory OU and a physically separated Exchange server. Successfully implemented first ever Citrix integration with a mix of Theater Battle Management Core Systems (TBMCS) 1.1.3 and 1.1.4 software. Ported the TBMCS 1.1.3 client onto the Windows XP platform and integrated the workstation into the TBMCS Windows 2000 server infrastructure. Configured Common Internet File System (CIFS) and Internet SCSI (iSCSI) connections on multiple Network Appliance hardware sets. Part of first ever integration of Global Command and Control System I3 (GCCS-I3) integration into TBMCS 1.1.3.

● Assist other local systems administrators with day to day production and operations of the local infrastructure. Train other administrators on Active Directory maintenance, Solaris administration, and TBMCS 1.1.3 configurations. Ensure suites all have the latest and most up to date anti-virus information. Helping to maintain a local infrastructure that houses over 8 millions dollars in hardware, 900 servers, and over 500 workstations.

2003 : 2010

L-3 Communications

Senior Systems Administrator

609th Air Communications Squadron (ACC) – Shaw AFB, SC 1998 – 2003

Lead System Administrator

Primary Command and Control (C2) systems administrator for 9th Air Force, supporting operations stateside and United States interests overseas.

● Lead systems administrator for initial stand-up and operational capability of Combined Air Operations Center (CAOC) in Prince Sultan Air Base (PSAB), Saudi Arabia. Installed over 80 multi-platform servers and 500 workstations split up into 3 distinct networks to support multiple classification levels. Trained and supervised over 10 administrators on installation and configuration of every aspect of weapons system software. Due to extensive knowledge of configuration, was brought back as lead technician for the upgrade of TBMCS software and installation of a Network Attached Storage solution, allowing full replication of both UNIX and windows file systems to an alternate location for off-site storage and backups. Performance earned the 2000 Air Force Communications and Information Performer of the Year for the entire Air Force.

● Non-commissioned Officer in Charge (NCOIC) of command and control systems for Operation Desert Falcon, Al Udeid Air Base, Qatar. Designed and implemented 60 server/750 workstation configuration responsible for primary coalition military operations in Southwest Asia. Responsible for local Microsoft windows domain controller, exchange servers, and Netscape Directory Server utilizing NIS+ and LDAP services; accounting for administration of 850 user and email accounts

● Deployed to PSAB to assume the lead systems administrator role for the air-war phases of Operations’ Enduring Freedom and Iraqi Freedom. Ensuring zero system catastrophes and honing system skills while continuing to supervise and train up to 30 personnel on the weapons system installation, configuration, and maintenance. Earned the Air Force Bronze Star.

1998 : 2003

United States Air Force

Lead Systems Administrator
Company: Technica Corporation
Years of Experience: 24

Skills

Active Directory, Active Top Secret Security Clearance, Ansible, Assured Compliance Assessment Solution (ACAS), BMC Remedy, Complex Troubleshooting, CompTIA Security+, Computer Security, Configuration Management, Docker Products, DoD, Group Policy, Information Assurance, Integration, Internal Communications, Jabber, Kubernetes, Leadership Development, Managing Projects, McAfee, Microsoft Exchange, Microsoft SQL Server, NetApp, Project Management, Rancher Kubernetes Management, Red Hat Linux, SCCM, Security, Security+, Security Clearance, Software Documentation, Solaris, STIG, System Administration, System Architecture, System Center Configuration Manager (SCCM), Systems Engineering, TBMCS, Team Leadership, Testing, Troubleshooting, U.S. Department of Defense, Ubuntu, VMware, VMware ESX, Windows 7, Windows Server, WSUS

About

I'm a systems administrator and cyber security engineer with 25+ experience. Currently in charge of my Cybersecurity team while also maintaining and securing an RKE2 environment with Rancher for management and NeuVector for security and whitelisting apps. To avoid the chicken and the egg, I've create a separate Docker Swarm that runs a highly available PostgreSQL. Within the swarm runs a Harbor registry for project access, KeyCloak for OpenID Connect to Rancher and Harbor, along with Vault. Last but not least I did a hard air-gap of the Ubuntu main and universe repositories for updates, and I just do an rsync every 2 weeks to keep this entirely air-gapped solution alive and well fed.



So why does it look like I have two titles and could be using better apps? Well, when you build a system to completion and then apply all the lockdowns, what happens? It breaks. So I'm baking STIG's, CIS benchmarks, and using tools like Ansible or Terraform to secure the system AS it's being built. Security has always been bolted on in the past. I'd like to change that landscape. As for the apps, I'm currently tied to an on-prem vSphere running on Cisco Hyperflex. So I had to design this all without cloud access or apps. But everything hums along and the users have their own cluster to access and test apps.



I maintain my Certified Ethical Hacker and Security+ every 3 years. My AWS certs JUST expired, but I'll probably go and get those again. I'm currently working towards my Certified Kubernetes Administrator!



I'm a born leader and problem solver. Always looking to be challenged.



Specialties: NeuVector, Docker, KeyCloak with x509, Rancher, Kubernetes, RKE2, Harbor, PostgreSQL, Kube-VIP, Citrix ADC, MetalLB, Ansible, Ubuntu, VMware, Microsoft Endpoint Config Manager, Exchange, Microsoft SQL, ESXi, NetApp, Cisco UCS and Hyperflex, C2 Systems, Active Directory, PowerShell, WSUS, Trellix ESS products, Tenable.sc, Nessus.