Jason Hernandez


Network Architect / Engineer & Cybersecurity

Kirkland, WA

·       I help build companies by solving business problems.
·       Assess the issues, recommend solutions, and execute on the resolution(s).
·       “Jason is a builder of companies, quite adept at juggling many priorities while consistently exceeding expectations.” – Letter of recommendation.
·       Architecture, design, and hands-on deployment, of secure network infrastructure supporting growing global companies.
·       Information security from the perspective of business-driven risk management and IT services availability.
·       Flexibility and knowledge to tackle a wide spectrum of end-to-end problems that include; Networks, information security, systems, project management, application optimization, disaster preparedness, finance (budgets, cost models, bills of materials, etc.), facilities build-outs, and a lot more.
·       Leadership of teams creating end-to-end Information Technology (IT) solutions.

Certified Information Systems Security Professional (CISSP).
·       Information Systems Security Architecture Professional (ISSAP) Concentration.
·       Information Systems Security Management Professional (ISSMP) Concentration.
·       Palo Alto Networks Certified Network Security Engineer (PCNSE).

·       Advisory Board, Certificate in Cybersecurity, University of Washington Professional & Continuing Education.
·       Advisory Board, Computer Security and Network Technician program, Lake Washington Institute of Technology.
·       Senior Member, Information Systems Security Association (ISSA).
·       Member, Kirkland Community Emergency Response Team.
·       Amateur Radio License KB5VIN.

·       “Data-Driven Security at Tableau” – Speaker @ Tableau Conference 2016.
·       US Patent 6341304, “Data acquisition and distribution processing system”. Antonius Engbersen, Jason Hernandez. {IBM}
·       US Patent 6633539, “Device, method and article of manufacture for call setup pacing in connection-oriented networks”. Claude Basso, Philippe Damon, Jason J. Hernandez, Bernard Putois. {Cisco Technology, Inc.}
·       US Patent 7751435, “Call setup pacing in computer networks”. Claude Basso, Philippe Damon, Jason J. Hernandez, Bernard Putois. {Cisco Technology, Inc.}
·       “Proximity Activated Computer Console Lock” Richard Fogg, Jason Hernandez. IBM Technical Disclosure Bulletin, Vol. 35, No. 6, Nov. 1992.

·       BS in Electrical and Computer Engineering (ECEN), University of Colorado at Boulder.


Salesforce (Tableau Software) | Seattle WA | May 2011 – Present
Responsible for the global corporate network architecture and design. Owned the network deployment and operations for the first several years of my tenure. I joined Tableau in 2011 as the first network person in IT and immediately dove into office networks, server rooms, and the first corporate datacenter presence. Several back-to-back years of explosive growth took the company international. Additional responsibilities include; Technology selection, product selection, network security, network support, budget input, project planning & execution, documentation, mentoring of less experienced personnel, etc.

1.     Designed and deployed networks to match the rapid national and international corporate growth:
a.      2Q/2011: Approximately 250 employees, offices in Washington and California. Annual revenue of $62.4M.
b.     3Q2019: Salesforce acquired Tableau Software for $15.3B.
c.      YE2019: Approximately 4500 employees, 20 offices, and 4 datacenters, globally. Annual revenue well over $1B.
i.     580+ network devices (including 50+ Palo Alto Network firewalls) and 31,000+ network ports.
2.     Scalable global network:
a.      Balanced, cost-effective, and secure, LAN and WAN designs resulting in a performant and highly available network.
b.     Repeatable “cookie cutter” approach for faster deployments, simpler ongoing “care and feeding”, and enabling easy reuse/redeployment of equipment. All of which directly translate to cost savings.
c.      Network supports converged services including as IP Telephony (VoIP), IP Videoconferencing, building controls, and building security.
3.     Speaker @ Tableau Conference 2016: “Data-Driven Security at Tableau”.
4.     Emphasis on network security – Tempered by usability and employee productivity:
a.      PAN firewalls deployed globally for Internet access as well as for internal network segmentation at offices and datacenters.
b.     Global remote access VPN with PAN GlobalProtect including Geographic DNS (GeoDNS).
c.      Continuing hands-on work for enhancements and operations.
5.     Strong cooperative relationship with the Information Security Team. Security is “baked-in” – not an afterthought.
6.     Advisory for cloud network design and connectivity. (Amazon AWS, Microsoft Azure, and other service providers.

Intellectual Ventures (Quantum Intellectual Property Services) | Bellevue WA | 9/2006 – May 2011
Responsible for the network architecture, design, and up till mid-2010, day-to-day operations of the international corporate network spanning the US, Canada, Ireland, Australia, China, India, Japan, Singapore, and South Korea. I was the first hire in the Systems and Technology Group to address some pain points around network connectivity and reliability and to help IT with the company’s expansion. Intellectual Ventures was one building and ~140 people in Bellevue WA when I came on board. I led the effort to grow the network to support ~800 people around the globe. Additional responsibilities include; Technology selection, product selection, network security, Tier 4 support, budget input, project planning & execution, documentation, mentoring of less experienced personnel, etc.

1.     Delivering, evolving, and maintaining an international network spanning the globe and maintaining the service levels that the business demands.
2.     Heavily involved (architecture, design, implementation) with building out three corporate datacenters in collocation facilities in the US and Singapore.
3.     Using a range of technologies from high-speed point-to-point wireless to Metro Area Ethernet to MPLS to interconnect all the offices.
4.     Maintaining network security even while growing the network globally. This includes network architecture with provisions for network segmentation, Intrusion Prevention Systems (Tipping Point), and Next Generation Firewalls (Palo Alto Networks).
5.     Significant individual contributor into other areas of expertise including IT Security and Systems Architecture.
6.     Designed network-based Quality of Service (QoS) to support global Cisco Voice over IP telephony and Tandberg/Cisco Videoconferencing systems.
7.     Mentoring of other less-senior members of the team; This “spreads the knowledge” as well as helping the whole team perform at a higher level.
8.     Driving the architecture, training, assessments, and the planning for a late 2011 / early 2012 IPv6 deployment across the enterprise.

SunGard Higher Education Managed Services at Seattle University | Seattle WA | 5/2003 – 9/2006
Managed the Office of Information Technology team responsible the architecture, operations, and security of the Seattle University campus wired and wireless networks, Internet and site-to-site connectivity, IP security virtual private networks (IPSEC VPNs), approximately 80 core servers (Windows, Solaris, Linux, AIX), and the application services on those servers (email, file & print, administrative computing, etc.). Direct hands-on with network and firewall deployment, IT security, and daily operations. Additional responsibilities include schedules, budgets, project plans, documentation, etc.

1.     Stabilization, improvement, and upgrade of key services including campus network and server infrastructure.
2.     Architected and executed on the campus wide strategy for replacing obsolete network equipment and obsolete servers. Total project cost is ~$1,500,000.
3.     Researched and recommended a SAN. Team implemented a 13 terabyte 3PARdata S400 / Cisco MDS 9140 Storage Area Network.
4.     Multiple new buildings added to network – including one with a 700-meter 60Ghz RF wireless connection transporting Gigabit Ethernet.
5.     Created the network architecture for SunGard Higher Education Managed Services’ largest site as well as creating and executing on a network architecture at another smaller site.
6.     Team reduced the number of separate email systems down to one. Added the anti-SPAM and Anti-virus gateways to the email system.
7.     Completed rollout of both centralized desktop update/patch management and centralized antivirus management.
8.     Team deployed Cisco Clean Access (CCA) in order to require Microsoft Windows computers in the Residence Halls to be fully patched and have a current antivirus program running prior to enabling full network access. This solution “helps the users to help themselves” in bringing their machines up to date.

Returns Online, Inc. | Mercer Island WA | 10/2001 – 11/2002
·       Contract: 10/2001-1/2002, Full Time 1/2002-11/2002

Terabeam Networks | Seattle WA | 3/2000 – 9/2001

Advanced Radio Telecom (ART) | Bellevue WA | 5/1999 – 3/2000

IBM | Austin TX | 8/1990 – 5/1999
·       Network Architect | 1/1999 – 5/1999
·       Lead Network Architect & Engineer | 10/1993 – 12/1998
·       Customer Environment Test Engineer | 9/1992 – 10/1993
·       Network Engineer | 8/1990 – 9/1992

·       Cisco Live 2019 (and many prior years).
·       Palo Alto Networks Ignite 2019 (and many prior years).
·       Quarterly AGORA meetings.
·       Tableau Conference 2016.

·       Implemented TCP/IP networks with dark fiber, wavelengths, MPLS, converged services providers, Metro Area Ethernet, OC3 / OC12 ATM, 1/10/40/100 Gigabit Ethernet, Internet access, Virtual Private Networks (VPNs), Fibre Channel, Packet Over SONET, FDDI, Token Ring, and more.
·       Implemented Aryaka SD-WAN for a global network, including access from China.
·       Experienced in the implementation and use of fixed high-speed wireless links, both Radio (RF) and Free Space Optical (FSO).
·       Deployed networks ranging from 150 nodes to over 30,000 endpoints.

·       Routers: Cisco ASR1000 series, Cisco ISR 4400 / 3900 / 2900 ISR series.
·       Switches: Cisco Nexus 9600, 9300, 7000, 6000, 5500, 5000. Cisco Catalyst 9000 (9500/9400/9300), 6500, 4500, 3850, 3560/3750, 2960.
·       Firewalls: Palo Alto Networks Firewalls (PA-7050 – PA-220, VM-100), Cisco ASA firewalls, Cisco Firewall Services Module (FWSM).
·       Wireless: Cisco WLC 2400/5500 series, Bridgewave point-to-point.
·       Other: Cisco & Riverbed WAN accelerators, Cisco load balancers.
·       Tools: Wireshark, Fluke LANMeters, Microtest scanners, optical TDRs, PCs, etc.

·       Network Operating Systems: Cisco Nexus NX-OS, Cisco IOS XE, Cisco IOS, Cisco ASA OS, Cisco Meraki, PANOS.
·       Server Operating Systems: Microsoft Windows 2.0 thru Windows 10 and Windows Server 2012, Mac OS X 10.0–10.14, RedHat & Ubuntu Linux, VMware 6.7.
·       Network Management Systems: Zabbix, AccelOps, WhatsUpGold, Cacti, and MRTG.
·       Network Tools: NetBrain, Kiwi Cattools, Cisco Prime Infrastructure, and many others. Learning Ansible.
·       Productivity: Various productivity software packages including the Microsoft Office Suite (especially Visio), Google G Suite, LucidChart, etc.

·       Shell scripting.
·       Learning Python.


  • cisco
  • cybersecurity
  • firewalls
  • free space optics
  • information security
  • infosec
  • Network
  • network architecture
  • network engineering
  • Networking
  • palo alto networks
  • router
  • Wireless
  • Updated 3 years ago

To contact this candidate email jason@bigfastnet.com

Contact using webmail: Gmail / AOL / Yahoo / Outlook