Curriculum Vitae
My Happy SVG

Konstantin Hristov

Objective

    Challenging tasks as part of a dynamic team with focus on:

  • Network security, Network Architecture and Design

  • Vulnerability management and risk assessment

  • Network defense policies

  • Cryptography, Zero knowledge proof ( SRP , J-PAKE )

  • Routing & Switching, ( BGP, OSPF, IS-IS ), IAM / PAM

Personal data

Age:

43

Citizenship:

German

Work Experience

May' 25 -

Consultant - Infosys Ltd Endcustomer: Siemens AG Bad Homburg , Germany

  • Solution Design

  • Identity & Access Management – NAC - Cisco ISE

  • Enterprise Network Control - Cisco DNA Center - DNAC

May' 22 - Apr'25

Consultant - Infosys Ltd Endcustomer: Daimler AG , Mercedes-Benz Group AG , Daimler Truck AG , Bad Homburg , Germany

  • Last level technical approval instance for all network changes

  • Running CAB ( Change Advisory Board )

  • Interviewing - New Hire

  • Identity & Access Management – NAC - Cisco ISE

  • Leading Operations, CyberSec and Firewall Teams

  • Zero Trust

Jan’22 - Apr'22

Consultant - GULP Consulting Services GmbH Endcustomer: DB Systel GmbH , Bad Homburg , Germany

  • Solution design - NAC Segmentation Concept based Cisco ISE, PKI

  • SSO, 802.1x, SAML, Kerberos, Radius, IPv6

Apr'21 - Sep’21

Consultant - FGN GmbH Endcustomer: Media Broadcast GmbH , Bad Homburg , Germany

  • Satellite Media Player based on Java, OpenJDK, VLCJ, JavaFX, H264, H265, Spring framework

  • Full HD audio and video streams based on multicast over UDP

  • Testing Full-HD audio and video streams over Satellite

Sep'19 - Dec’21

Consultant - FGN GmbH Endcustomer: DB Netz AG , BBIP Netz Project , Bad Homburg , Germany

  • BBIP Netz Project

  • Anible, MPLS / VPLS, Traffic generation, IPv6 - BBIP Netz

  • Huawei, Cisco

  • Network architecture

  • Penetration testing, vulnerability scan

Sep'20 - Sep’20

Consultant - FGN GmbH Endcustomer: Pfalzkom GmbH , Bad Homburg , Germany

  • Datacenter – Cloud – Nutanix – Hyper Converged Solutions, SD-WAN

  • CheckMK integration

Oct’19 -

Freelance - Bad Homburg , Germany

  • PKI, Zero trust, Zero knowledge proof

  • Identity Management, SSO, 802.1x, Oauth2, SAML, Kerberos, Radius, IPv6

  • Cisco ISE, Extreme NAC, Keycloak

  • Webassembly

Jun’14 - Oct’19

Sr. Escalation Engineer - Extreme Networks (Enterasys, Avaya, Brocade) , Frankfurt am Main , Germany

  • Troubleshooting network problems at all levels

  • Engineering interface for advanced network designs, hardware and software debugging

  • Screening job candidates. Core team member/BSG reviews

  • Participate in new product design

  • Protocol implementation validation ( 802.1x, Kerberos, Oauth2, RADIUS, VRRP, HSRP, CARP, OSPF, IS-IS )

  • Software protocol implementations ( Java, C++ ), problem recreations

  • Deciphering network traces and protocol operations

  • Trainer - security policies enforcements ( ISP / Government )

  • Validation of network security designs and configurations

  • Spring Framework, Spring Security, Hibernate, RabbitMQ

  • Advanced VPN architecture and product development

Jul’11 - Mai’14

Product Support Engineer Level 3 - Eneterasys Secure Networks , Frankfurt am Main , Germany

  • Providing solution for routing, switches and NAC cases that Level 1 and Level 2 team could not solve.

  • Presentation for new and advanced network technologies ( Routing, Switching, MPLS, VPLS, VxLan )

  • Database troubleshooting and management ( postgresql, mysql )

  • Discover, reproduce and debugging bugs for ( EXOS, EOS, NAC, EMC - Netsight )

Jan’08 - Jun’11

Hub Engineer - Hughes Network Systems , Griesheim , Germany

  • VSAT satellite network, managing aspects of the network such as: latency, jitter, packet loss, routing, delay, switching, monitoring, troubleshooting

  • Software developer for infrastructure management project written in C# in .Net 4. with: Web Services, Shared Libraries, External C++ library, Database, Data Binding, MVC, Silverlight, GIT

  • Managed Windows 2003/2007, RedHat, SuSe servers

  • Configure and monitor network build with Cisco L2/L3 siwtches/routers

  • Proxy and VPN management

  • Writing custom monitoring software

  • Backup procedures and disaster recovery

  • Procedures for physical installation of a new hardware

  • Customer Level 3 support

  • Customized spam and virus mail monitoring system

Sep’06 - Apr’07

Intern - Modulus Video Inc (acquired by Motorola ) , Sunnyvale , USA

  • Perl programming

  • Linux multimedia streaming systems

Mar’06 - Aug’06

Intern - IBM Lab , Böblingen , Germany

  • Linux programming on Perl, C, XML for IBM Z Series

  • SuSe - Yast software development

  • Channel bonding and load balancing test for the Linux kernel, SuSE and RedHat distributions

  • Web programming

Dec’03 - Aug’04

Assistant - ANDEC Ltd. , Moscow , Russia

  • Security Threats classification and translation according to securityfocus.com, secunia.com, frsirt.com, bugtrack.ru

Education

Mar’05 - Jul’07

Master's Degree in "Wirtschaftsinformatik" - Business Information Management

Faculty of Informatics, Hochschule Reutlingen , Reutlingen , Germany

Skills

Platforms:

Extreme (Architect), Enterasys (Architect), Brocade, Avaya, Cisco (CCNP)

Design:

OOD/OOP, UML

Languages:

Java / C++ / C#

Tools:

CDT, STS, Microsoft Visual Studio, Git, GCC , Clang, Emscipten

OS:

RHEL, Debian, Windows 2X

Frameworks:

JDK, Spring, Thymeleaf, Hibernate, Botan, Boost, .NET

Protocols:

TCP/IP, 802.1x (rev. IEEE 2004), IGMP, Bootp, DNS, TLS, BGP, IS-IS, OSFP, VPLS, MPLS, SNMP, LDAP, SSH, FTP, IPSec, TLS, WSS, IMAP, SMTP, Stomp, AMQP

Algorithms:

Asymetrical ( DH, Elgamal, DSA, RSA, EC, SRP ), Symetrical ( 3DES, AES, GOST )

Networking:

L2, L3, LAN, WAN, SD-WAN, WLAN

Languages

Bulgarian:

native

German:

fluent

Russian:

fluent

English:

fluent

Involved with

TOPICS RELATED TO

  • Certificates, crypto (DH, DSA, Elgamal, RSA, EC), X.509, PKCS#7, PKCS#10, PKCS12

  • Java and Spring Security

  • C++

  • Webassmbly

  • Blockchain

  • BGP, OSPF, IS-IS

  • DNSSEC, DNS

  • mail security and spam

  • IEC 62443

IDENTITY & ACESS MANAGEMENT - IAM

  • NAC Architecture and Design

  • Cisco ISE (Profiling, Posture, Endpoint Compliance, BYOD, Segmentation, MDM, TrustSec)

  • Extreme NAC

  • Keyklock, Red Hat IdM

  • Okta

  • Cyberark

  • PKI

PROTOCOLS

  • TLS

  • Radius, Tacacs

  • LDAP, SMB, OAuth 2.0, SAML

  • Kerberos, NTLM

  • IEEE 802.1x, EAP

  • Zero knowledge proof ( SRP, J-PAKE )

ZERO TRUST

  • Netscope

  • Zscaler

  • Palo Alto

  • Extreme Network and others.

Contact

email:

Please decode the below Base64 string. Example use www.base64decode.org. Delete all white-spaces!

a29uc3RhbnRpbkBocmlzdG92Lm9yZwo=

For confidentiality, integrity, authenticity, non-repudiation make sure to match below fingerprint. Keyserver

5B98 5A9D 6F00 8ED6 5DAC C540 EB17 BC1F 6E07 FE7E

LinkedIn:

ping me on LinkedIn

© 2019 hristov.org