Check Point is proud to name its CheckMates Member of the Month for November 2017. Please join our volley of applause for Vladimir Yakovlev
Vladimir has nearly 20 years of Check Point experience, which began at an institutional broker-dealer where he designed, engineered, and implemented several integrations of their security infrastructure. Currently, he works with EverSec Group, a Check Point VAR which he was previously a customer of.
One of my favorite tidbits from Vladimir’s past is his “cloning” of the Nokia IP440 to better learn and tinker with the product. Now, thanks to virtualization and the cloud, it is much easier to stand up test environments. This is how Vladimir is doing it today in addition to helping customers build out their own public and private cloud infrastructures.
On behalf of CheckMates, we thank Vladimir for sharing his valuable knowledge with us! We are eager to see the next one to learn from, share with, and inspire other members!
Vladimir, tell us a little about yourself & what you do
Formerly, a head of IT for the Institutional broker-dealer G. X. Clarke & Co. I’ve been responsible for design, engineering, and implementation of multiple iterations of their infrastructure for over 18 years.
Possibly, due to inherent ancestral expectations that “if things can go wrong, they would”, my designs are always optimized for redundancy, resiliency, and security.
As a result, the firm’s infrastructure remained one of the few operational in the Northeast during hurricanes Floyd, Irene and Sandy, Northeast blackout of 2003, as well as during the terrible events of September 11, 2001. In the last 15 years of operation, we had 15 minutes of unplanned downtime.
I had the privilege of tutoring and overseeing the final design projects of quite a few very talented interns from Stevens Institute of Technology, who have since graduated and are holding executive positions themselves.
Presently, I am a consultant with primary focus on security controls, POCs, optimization of policies and procedures for large financial institutions or design of the entire physical, virtual, cloud and hybrid infrastructures for SMBs, where Check Point is prominently featured.
For the past two years I have enjoyed fruitful collaboration with EverSec Group, a Check Point VAR that I have been a former customer of.
Tell us a little about your experience with Check Point
I have been introduced to Check Point in 1998 and was immediately captivated by an entire new world of information about information it let me see and control the flow of. It was not until I’ve cloned the Nokia IP440, built on commodity hardware, that allowed me to tinker with the product.
With the release of virtual appliances for VMware, the possibilities for building simulated environments and Proofs of Concepts became truly awesome and I am routinely doing this for my clients and my own experiments.
In 2016, I was a lead SE certifying Check Point 15000 and 23000 series of appliances for the Joint Interoperability Test Command of the Department of Defense. For anyone unfamiliar with the process, you pretty much must go over every single feature and capability, and demonstrate the product’s adherence to the strictest security requirements. Even for someone working with Check Point for over a decade, that was an eye-opening experience, as to the breadth of possibilities and the level of forethought that went into design and engineering of this product.
Since then, I’ve been helping companies with optimization of their architecture and policies, upgrades and deployments, ranging from simple clusters to sizable MDSM and VSX environments.
Now I am increasingly getting involved in cloud and hybrid projects requiring implementation of vSEC. Being fairly fluent in AWS, I am in the process of beefing up my Azure skills to expand my offerings and competency.
Do you have a unique deployment of a Check Point product?
I am not sure about this being unique, but have not seen it done elsewhere:
For one company on a budget, in order to provide redundancy for their single Management Server, I’ve implemented a virtual Gaia appliance with multiple interfaces. Each of the interfaces was assigned an IP from a network in each location. The routable loopback address was used for management.
I then had that address advertised via OSPF to the internal routing area via whatever interface was connected at the time. The VM was replicated to other sites and scheduled backups were copied there as well.
During primary sites’ failure, client could power-up the VM, restore latest backup, connect to the same IP and continue managing their gateways.
What do you use the CheckMates platform for?
To learn from people who are infinitely more knowledgeable about the product than I am or whose experiences I and my clients can benefit from. To share my findings and ideas and to engage in the intelligent discourse about solutions, approaches and designs.
What do you like to do for fun? (Hobbies)
I am an avid reader. To (loosely) quote George R.R. Martin: “A reader lives a thousand lives. The man who never reads lives only one.” I travel a lot, and am a life-long learner. Occasionally, I write articles on LinkedIn: https://www.linkedin.com/in/vladimiry/detail/recent-activity/posts/
If you could create any new technology right now, what would it be?
Decentralized, unbreakable and simple to use passwordless authentication.
Anything else you’d like to let other CheckMates members know about?
You are awesome! Either you are here to look for answers or to help others find them. Keep sharing with and helping those new to Check Point. I’ve met a lot of bright young people new to the field that are eager to learn; a few pointers from those with experience mean a world to them.
