Grant Batterson

Quick Story When I was young my obsession with technology started with video games, my desire to play the latest games further my understanding of the technology. I didn’t have access to the latest technology when I was young so it was always second hand or older standards. Repairing technology came along with the territory as well as learning to utilize software. However my first encounter with complex malware was an interesting experience. I encountered some malware that modified the network settings on my family’s PC. I was pretty young at the time around 6 years old. My father got his company’s IT guy to do him a favor and repair the computer. He saw I was keenly interested so he explained how he was using ICMP to test network connectivity. Realizing that I could use the ping command to talk to any computer on the internet blew my mind and really opened the door for my future with technology.

About Me Basically a technology enthusiast is a pretty accurate description of me. We didn’t get the latest technology when I was young so maintaining, upgrading, and fixing technology and software was something I learned how to do really quickly. I eventually opened a hardware repair business where I would inspect and repair mother boards for laptops and gaming consoles. Anything from repairing the Ball Grid Array to simply replacing or cleaning components. I really became interested in Cyber Security when I was at college and competed in the Cyber Defense competition event. At the end of my second year in college I was offered an internship in IT which then evolved into 6 years of experience in the field. We primarily worked with small to medium sized businesses. However I slowly learned that this scale just wasn’t enough to satisfy me, I am constantly looking for new challenges to test my skills against.

Quick Examples Here are just a few examples of the skills and experiences I have acquired.

• Office 365, Bititan Cloud Migrations, Azure AD Connect
• Webroot, Bitdefender, TrendMicro, NAble, Automate, Carbon Black, TPM Encryption
• ESXi and VMs, Microsoft Servers, Domains, Exchange, Group Policy, Windows, Linux
• Veeam, Datto, Backupify, Ahsay, Dell App Assure
• Dell Sonicwall, Ubiquiti and Unifi, Cisco IOS, VLANs, P2P Connections, IPSEC and SSL VPNs, Open Mesh APs
• Disaster Recovery

If you want some more information feel free to contact me, my email address is listed at the bottom of the webpage.

Medium Sized Business Network Example Here is an example of a medium sized business network that I created slowly over time and had to maintain. The client slowly expanded and bought other businesses as well as opened new locations. I had to create a network that was easily expandable but I also had to work with the conditions that were provided to me. For example you will notice Site E has a rather peculiar configuration, I will explain that in detail below. Please to click to enlarge the images.

Broad Network Diagram

Site A is the original location of the company. Site B is the second largest location. These two networks are be far the majority of the company. The networks are linked using IPSEC site to site VPNs across the WAN. A P2P connection exists between Site B and C since they were originally one company and require a lot of bandwidth to be available between those two sites. A P2P connection exists from Site A to Site E because Site E is a small branch office it only required a direct link to Site A. Other sites can communicate with Site E by routing through Site A.

Site A

Site A is the original client, this was their first network before expanding. They have a fiber WAN connection as well as a DOCSIS based backup WAN connection. They connect directly to Site E a small side branch using a dedicated P2P connection. The other site connections are from IPSEC site to site VPN tunnels coming over the WAN. The Sonicwall passes a trunk connection down to the 48 port switch. This trunk connection allows the Data, IP Phone, and Guest Network VLAN’s to be passed to the firewall. A second 48 port switch is connected to the first using an SFP+ connection. The network is Unifi based and is controlled by a cloud key. They have various Unifi AP’s which pass out an internal and guest WiFi networks (Guest VLAN). They have two hypervisors that run an array of virtual machines. This location has the primary IP phone server and Domain Controller. The other locations have secondary units that connect to these units for IP phone related information and windows domain related tasks.

Site B

Site B is the second largest site, they built a new building, which included a new challenge an intelligent physical security system that I had to incorporate into the network. I had to isolate this security system from the rest of the network using a VLAN. This network also has P2P connection that connects it to its sister Site C. These sites required a direct connection because they send a lot of data between these two locations that needed dedicated bandwidth. It connects to the other sites using IPSEC site to site VPNs. The Sonicwall passes a trunk connection down to the 48 port switch. This trunk connection allows the Data, IP Phone, and Guest Network VLAN’s to be passed to the firewall. A second 48 port switch is connected to the first using an SFP+ connection. The network is Unifi based and is controlled by a cloud key. They have various Unifi AP’s which pass out an internal and guest WiFi networks (Guest VLAN). They have one hypervisor that runs a few virtual machines, secondary phone server, physical security system, and a secondary DC.

Site C

Site C is connected directly to Site B using a P2P connection while being connected to the other sites via IPSEC VPNs. This network was rather simplified, since they had the P2P connection, they did not require servers onsite. The Sonicwall simply passes down a trunk to the switch containing Data, IP Phone, and Guest network VLANs. They have various Unifi AP’s which pass out an internal and guest WiFi networks (Guest VLAN). All the Unifi configurations are controlled by Site B’s cloud key.

Site D

Site D is their furthest remote site. Since it was so far away we placed a physical server at this location to take some load off the VPN connections. It uses only IPSEC VPN tunnels to communicate with the other locations. The Sonicwall passes a trunk connection to the switch passing Data, IP Phone, and Guest network VLANs. They have a hypervisor onsite that has primarily a secondary phone server and secondary DC. They have various Unifi AP’s which pass out an internal and guest WiFi networks (Guest VLAN).

Site E

Site E is the strangest part I had to configure. This was their newest location, however it was on a tight budget. They originally provisioned a direct P2P connection connecting it to Site A the primary location. All of the other sites had to route through Site A to communicate with Site E. Similar network design trunk port passing information down to switch. However where it gets interesting is the guest network. We ran into bandwidth issues with routing guest network traffic over the P2P connection. So they eventually purchased a cheap WAN connection. I then had to isolate the guest network but allow it to route out over the WAN connection for internet access. It always felt like a strange network to me but it was strictly what the customer wanted, so I had no choice but to make it happen.

Download Resume Click button to download a copy of my resume.

• Download Resume

Contact Me Feel free to contact me.