• Weiterbildung im Bereich KI-gestützter Security Automation: Aufbau von RAG-Pipelines, Agentic AI Workflows und LLM-Integration für Security Operations
• Entwicklung eines AI-Security-Portfolios mit 20+ Anwendungen: Automated Compliance Auditing, AI-driven Firewall Policy Optimization, Threat Detection Dashboards

• Planung, Ausbau und Betrieb hochverfügbarer Netzwerkinfrastrukturen zur Gewährleistung des unterbrechungsfreien Betriebs von Rechenzentren im PCI-Kreditkartenumfeld sowie PCI-Audit
•  Firewall-Migration von Check Point zu Palo Alto sowie Implementierung und Administration von F5 Load Balancern zur Optimierung der Netzwerk-Performance und Ausfallsicherheit
• Administration von Check Point-, Forcepoint- und Cisco Firepower Firewalls, Routern und Switches sowie Cisco ACI
• Verwaltung und Härtung von Azure-Netzwerksicherheit: NSGs, Azure Firewall Rules, VNet-Segmentierung und Zugriffskontrolle in hybrider Cloud-Umgebung
• Anpassung und Optimierung von Firewall- und Sicherheitssystemen durch maßgeschneidertes Customizing zur Einhaltung höchster Sicherheitsstandards
• Proaktives Monitoring der Netzwerksicherheit mittels Splunk SIEM und Azure Monitor zur Erkennung und Minimierung der Auswirkungen von Angriffen

• Multi-Cloud-Konnektivität: Design und Implementierung von Azure ExpressRoute-Verbindungen mit BGPOptimierung
• Azure-Netzwerksicherheit: Konfiguration und Verwaltung von Azure NSGs, Netzwerksegmentierung und Zugriffskontrolle in hybriden Cloud-Umgebungen
• VPN-Architektur: Bereitstellung route-basierter und Policy-basierter VPN-Lösungen in Multi-VRF-Umgebungen
• Kundenbetreuung: Leitung technischer Kickoffs und PoC-Implementierungen für Unternehmenskunden
• Migrationsleitung: Durchführung nahtloser Rechenzentrumsmigrationen ohne Ausfallzeiten

• Beratung und Review der High-Level- und Low-Level-Network-Security-Architekturen für Palo Alto und Fortinet (NGFW) Firewalls in Azure (Azure Firewall, NSGs, VNet-Peering, Azure Private Endpoints)
• Analyse der Firewall-Systemlandschaft sowie Design, Implementierung und Migration zu Cortex XDR und XSOAR (Security Orchestration & Automation)
• Konfiguration und Verwaltung von Azure Network Security Groups (NSGs), Application Security Groups (ASGs) und Azure Firewall Policies zur Durchsetzung von Zero-Trust-Netzwerksegmentierung
• Troubleshooting bei Network Security Service Requests oder Incidents und Implementierung von Maßnahmen, Firewall-Bereinigung der weltweiten Firewall Rule Base
• Auswertung und Analyse mittels Microsoft Sentinel SIEM zur Bedrohungserkennung und Incident Response
• Projektbezogene Beratung der Projektteams bei der sicheren Implementierung von Netzwerkänderungen & Security-Vorgaben und Implementierung der IT-Cloud-Security-Governance-Richtlinien

•  Betrieb und Incident Management im KRITIS-Umfeld (Multimandantenumgebung): Azure Security (NSGs, Azure Firewall, Azure Policy, Azure Monitor), Palo Alto & Fortinet Firewalls, F5 Networks und Cisco Routing und Switching
• Migration von Palo Alto Firewalls und F5 Load Balancern unter Verwendung des OT-Netzwerktrennungsmodells in Azure-Hybrid-Infrastruktur
• Verwaltung von Azure-Sicherheitsregeln, NSGs, Azure Firewall Policies und F5 LTM, Palo Alto Firewalls & Panorama und Cortex XDR
• Konfiguration von Azure ExpressRoute und VNet-Peering zur sicheren Anbindung von On-Premises-Rechenzentren an Azure-Cloud-Umgebungen
• Entwurf eines operativen Übergabeleitfadens und Unterstützung in anderen Bereichen des Netzwerkdesigns
• Migration von F5 Networks Load Balancern und Einrichtung der F5 WAF-Funktionalität
• Implementierung und Wartung von BGP-Routen, Optimierung der Netzwerkleistung durch Analyse von BGP-Routingtabellen und -Metriken einschließlich Policy Based Routing (PBR)

• Upgrade der Palo Alto Netzwerk-Firewalls von Softwareversion 8 auf 10, Bearbeitung der Tickets
• Koordination der Migrationen mit verschiedenen Teams und Drittanbietern

• Check Point GAIA und Tufin, tägliche Tickets und Verbesserung der Firewall-Policy
• Planung und Koordination des Upgrades einer alten Check Point VPN-Firewall, Firewall-Bereinigung
• Installation, Konfiguration, Inbetriebnahme, Administration und Überwachung der IT-Sicherheitsinfrastruktur unter Berücksichtigung aktueller Sicherheitsaspekte.

• Check Point GAIA, Tufin und RSA Archer, IT-Sicherheitsrisikomanagement, Firewall-Bereinigung
• Verbesserung der IPS/IDS-Infrastruktur durch Migration neuer Firewalls
• Sicherheit und Compliance des Unternehmens-Firewall-Bestands gemäß OT-/IT-Anforderungen (Multimandantenumgebung), Ermittlung der technischen und geschäftlichen Auswirkungen
• Identifizierung und Bewertung komplexer Geschäfts- und Technologierisiken, Kontrollen zur Risikominderung und damit verbundener Möglichkeiten für Kontrollverbesserungen.
• Schwachstellenbewertung, Prüfung der Sicherheitskonfiguration, Prüfung der Firewall-Regelbasis

• Industrie 4.0-Sicherheit, Evaluierung und Dokumentation einer VPN-Firewall-Lösung zur Erlangung der ISO 27001-Konformität
• Aufbau und Betrieb des zentralen Firewall-Managementservers in Microsoft Azure: Provisionierung von Azure VMs, VNets, Subnets, NSGs, Azure Storage und Azure Backup zur Verwaltung von über 900 VPN-Firewalls weltweit
• Implementierung einer Hochverfügbarkeitslösung in Azure mittels Availability Sets, Azure Load Balancer und automatisiertem Failover für unterbrechungsfreien Betrieb
• Konfiguration von Azure Site-to-Site VPN und ExpressRoute zur sicheren Anbindung der Remote-Standorte an den Azure-gehosteten Managementserver
• Überwachung und Troubleshooting der Azure-Infrastruktur mittels Azure Monitor, Log Analytics und Network Watcher
• VPN-Firewall-Entwicklungen für Remote Engine Management, Migrationen, Neuinstallationen und Fehlerbehebung
• Aktualisierungen der Informationssicherheitsrichtlinien gemäß ISO 27001 und industriespezifischen ICS/OT-Anforderungen

• Bereinigungsprojekt der Cisco ASA-Firewall, Optimierung der Regelbasis, Entfernung ungenutzter Regeln aus einem weltweiten Firewall-Bestand ? Firewall-Bereinigung
• Upgrade der Cisco ASA-Firewalls auf Cisco Firepower-Firewalls
• Installation eines ESXi-Servers zur Bereitstellung einer Zscaler-VZEN-Proxy-Lösung.
• Implementierung einer Zugriffskontrollrichtlinie zur Optimierung der Netzwerkzugriffskontrollen für einen groß angelegten CyberArk-Einsatz.
• Aktualisierungen der Informationssicherheitsrichtlinien-Dokumentation für Kunden

• Installation, Konfiguration, Inbetriebnahme, Administration und Überwachung der IT-Sicherheitsinfrastruktur unter Berücksichtigung aktueller Sicherheitsaspekte.
• Ausarbeitung und Durchführung von Migrationen von Altsystemen auf neue Geräte von Check Point- und Cisco ASA-Firewalls und F5 Load Balancer, einschließlich der Erstellung und Aktualisierung von Unternehmensdokumentationen.
• Durchführung von Konfigurationsarbeiten zur Optimierung und Aufrechterhaltung der Verfügbarkeit der Firewalls

External Connections Dokumentation

• Project manager for urgent replacement of 20 Palo Alto firewalls
• Coordinated, and managed all aspects of the projects. Oversaw delivery of firewalls, coordinated with onsite staff to get the devices racked and stacked
• Configuration of Palo Alto firewalls, synchronized downtimes for migration worldwide out of business hours

• Data Centre consolation, Technologies: Checkpoint VSX, Cisco Nexus, BlueCoat Proxy
• Self-sufficiently project managed medium and large-scale projects that align towards service and departmental goals
• Coordinated, and managed all aspects of the projects, investigated internal process and obeyed to them. Oversaw the direction, development, and implementation of Allianz projects
• Coordination of 3rd party Vendors, Cloud providers, managed escalations, tracked progress and reported to customers, maintained the line of communication to avoid misunderstandings and proactively addressed issues
• Client project requirements gathering, liaison with customers as a project manager to translate the requirements into designs

F5 LTM, GTM & ASM

• On site as resident engineer for the Customer Amadeus
• Migration from Cisco to Palo Alto networks firewalls
• Implementation additional VSYS on production firewalls, Dynamic blocking list, URL Filtering + Reporting, Panorama Templates stacks, User Based policies, Zone protection profiles and Wildfire implementation
• Network troubleshooting and operations support, Network and configuration analysis
• Acting as customer technical liaison for Palo Alto Networks support and development teams
• Deployment guidance to ensure that implementation is consistent with design specifications
• Weekly updates on work in progress and current issues, if required

• Trustwave, UTM’s, SIEM, Cisco Firewalls and Switching, Cyberark Enterprise Password Vault
• PCI-DSS audit. Scope of work, liaison of Pen test with Trustwave. Communication with all teams to maintain PCI compliance
• Projects: PCI-DSS SSL migration, lead the project to replace all certificates which supported SSL, allocated resources. Trustwave UTM Firewall audit for PCI audit
• Guided as sole Security resource on various other projects, BAU for non PCI related security concerns

• Cisco ASA firewalls with IPS, Checkpoint Firewalls with IPS, Threat Prevention, Antibot & Mobile Access, F5 LTM, Cisco Nexus routing and switching, Cisco Identity Services Engine, Qualys
• Planned projects: F5 code update and GTM integration - HLD and LLD, Cisco IPS migration to Sourcefire IPS –HLD & LLD,
• Completed Projects: IPS tuning and review, Firewall audit and improvement
• Daily BAU task and implementation of changes and support

• Palo Alto Network Firewalls using Global Protect with client certificates, Juniper Junos OS SRX firewalls and EX Switches using OSPF routing, Cisco Switches, F5 LTM Load Balancers used as SAML service provider and F5 APM LTM network access
• Rollout of the Cabinet Office IT into the cloud. Consulting within Cloud deployments of network and security devices and service
• Network and Security audit to comply with PSN Code of Connection (Public Services Network) and ISO 27k audit of the entire enterprise network
• Consultancy for risk assessment and establishment of Information Security and Business Continuity plan
• Documentation of an Incident response plan to protect the government data and improved general network security
• Lead architect on several service migration projects, including the design and implementation of the 3rd party access through F5 LTM used as single sign on and reverse proxy
• Acted as 3rd line to investigate network and security issues

• Palo Alto Network Firewalls, HP switches, F5 load balancers.
• Firewall audit and improvement. Added DOS protection profile and SSL decryption policy
• Server and Desktop Endpoint protection evaluation, Vendor shortlisting, Budget, Stakeholder approvals, Resource management and technical oversight of the project
• Cisco PIX to ASA firewall upgrade
• Critical Incident management document and ISO 27k audit

• Response to the GOP Sony hack, consulted on security issues for the Palo Alto firewalls.
• Vulnerability assessment, Security configuration Audit, Firewall rule-base audit.
• Deployment of a Decryption Profile and Custom URL Category protection. Configuration of Security Profile Groups and adding Application awareness to the security rule-base on the Palo Alto Networks firewalls.

• Build of a new active-active cloud based data centre for the South West Grid for Learning
• Low Level Designs of the following technologies: Internal Checkpoint VSX firewalls including IPS, F5 LTM and GTM load balancers, TippingPoint NGFW including IPS
• Creation of Network Diagrams and review of High and Low Level Designs from other domains
• Configuration of devices and configuration of firewall policies and IPS rules

• Migration from a legacy HP TippingPoint NIPS managed by HP TippingPoint security management system
• Completed High Level and Low Level Design
• Configuration of devices and IPS rules, Stakeholder and team handover including mentoring of the team

• Technologies: IBM Security Network Intrusion Prevention System, McAfee Network Security Platform, Checkpoint VSX and Palo Alto Network Firewalls, Cisco Nexus Switches, Citrix NetScaler Load Balancers
• Architected, scoped and budgeted an enterprise £1M+ Network and Host Intrusion Prevention refresh project including an audit of the existing Network and HIDS solution
• Provided architectural guidance to stakeholders and independently managed and coordinated the approved project to align towards service and departmental goals and consulted within other overlapping projects as like the Malware & DDOS projects
• Collaborated with business units to identify company assets and conducted a technical risk evaluation of hardware, software, installed systems and networks to classify data and systems Host Intrusion Prevention protection
• Designed and developed a proof-of-concept for the new IPS solution which will send system and intrusion logs to the Security Incident Event Management (SIEM)
• Created several strategy documents to sell stakeholders the value and benefits of the Intrusion Prevention solution which included a design option pack - a mix between different Vendor and Open source NIPS/HIPS, a rough order of magnitude (ROM) estimate of the different NIPS and HIPS combinations and a High Level Design of the chosen solution
• Worked closely with project managers, system owners, and stakeholders to avoid redundancy, minimize expenditures, and improve overall strategies within organization and performed design reviews across the company

• Technologies: Checkpoint VSX managed by Provider1, Palo Alto Network and Juniper firewalls, F5 BIG-IP LTM
• Independently managed and coordinated approved medium and large scale projects that align towards service and departmental goals
• Acted as design and architect authority and provided high level IT Security briefing to management
• Lead, coordinated, and managed all aspects of Security implementation, managed design sessions within areas of specialization. Oversaw the direction, development, and implementation of Security solutions, participated in design of new Network Security and strategies.
• Client project requirements gathering, liaison with customers and project managers to translate the requirements into design documents.
• Review of High Level Design documents for each project. Carried out security assessments and provided recommendations. Ensured that IP connectivity, topology, design and security settings are in line with customer security policy
• Working with formal Change Control. Design and review of configuration changes for secured environments
• Design and implementation of VPN’s and User AnyConnect setup’s on Cisco ASA 5550 firewalls
• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Liaised with company's Operations team for prompt rectification of any problems or emergencies.

• Technologies: Checkpoint managed by Provider1, Blue Coat Proxy and McAfee Web gateway, F5 BIG-IP (LTM)
• Design and integration of network and security solutions on a project basis in the Network Services and Production Security team
• Implementation of BAU security appliance changes, including OSPF and BGP route redistribution, policy based routing
• Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load balancers in a high availability environment.
• Carried out day to day support activities of the enterprise network and the data centre sign and integration of network and security solutions on a project basis in the Network Services and Production Security team
• Provided guidance and support to the enterprise; acted as single point of contact for Security Incidents and related issues.

• Technologies: Check Point NGX r54 – r70 running on Splat with VSX, SecureXL, ClusterXL, managed by Provider-1, Juniper and Cisco PIX and ASA firewalls on different platforms and F5 BIG-IP (LTM)
• Executed proof of concept tactical plans. Consulted end-users, clients, or business owners to define business requirements for complex systems and infrastructure development.
• Recommended and executed modifications to System, Network & System infrastructure in order to improve efficiency, reliability, and performance.
• Designed and configured Cisco networking devices, on different platforms with VRF routing topologies, added Ace modules and CSS Load Balancers
• F5 BIG-IP Local Traffic Manager (LTM) project design guidance, change coordination and implementation
• Assigned to several projects as the sole network and firewall resource to deliver projects in time which included large projects with up to 450 data flows, medium and small project requests
• Peer reviewed, advised and signed off network and firewall data flows for project related High Level designs
• Writing change templates which bound to global naming standards and network security standards, peer review of team member’s changes
• Implementation of Network and Firewall, Provider 1 Global policy implementation and management
• Adhering to a strict change management process as changes are made on financial high critical firewalls
• Analysed data traffic patterns within the network infrastructure, proactively identified symptoms and instabilities in a timely and accurate manner
• Build of new firewalls in a physical and virtual environment, OAT testing of newly commissioned firewalls member of the Network and Security delivery team designing projects in an large Enterprise environment
• Developed and executed test plans to check infrastructure and systems technical performance. Report on findings and make recommendations for improvement.

• Architected and coordinated the migration of 150 VPN’s from a Cisco ASA firewall to a Juniper Firewall, including the creation of a VPN policy procedure document, a detailed Juniper VPN deployment guide, 3rd Party VPN request form and ensuring that a suitable support process exists for the new VPN’s
• Creation of a “Future Mode of Operations” data centre documentation, a firewall operability - change and maintenance guide and security device policy and naming standards guide, updated all existing documentation
• Network stream lead of the “Datacentre migration project” - project, risk and issue management, ensuring that projects are efficient and delivered on time
• Involved in the architecture discussions and agreements for the shaping of the new data centre environment, including the approval of High Level Designs, review of firewall changes and approval as a CAB member, supported the Network and Security Architect within daily duties
• Juniper Firewall security policy review to ensure that insecure or unnecessary firewall rules are removed and a general policy improvement (firewall rule base clean-up)

• Employed as Security Designer within the Network and Security design team, to design and deploy new security infrastructures, ensuring a timely and quality delivery of platforms which meets current standards which included the migration of 280 Checkpoint Firewalls to Juniper Firewalls, a worldwide enterprise Websense with Blue Coat ProxySG integration and an enterprise Tipping Point 10GB IPS solution
• Responsible for the design of new firewall deployments for the worldwide offices of the Enterprise client, end to end IPSEC and GRE VPN’s
• Performing vendor assessments and technical proof of concepts to help the Enterprise client to select fit-for-purpose solution(s), engaged with the technical part of the documentation for the “Request for proposals” and “Statement of Requirements”, Created technical definitions at a detailed level of the architecture and design
• Analysed business needs and requirements in terms of technical solutions, defining the technical requirements, integration issues and dependencies, identifying the architectures best suited to client needs
• Liaised with product vendors, technical specialists, colleagues and other information sources to define product sets capable of fulfilling the client requirements
• Developed detailed implementation plans to accommodate network growth, security, and enhancements by maximizing functionality of network security equipment
• Drafting functional requirement descriptions, carrying out feasibility studies and liaising with external security specialists

• Designing, implementing, maintaining and supporting internal networks in an E-Commerce environment
• Troubleshooting routing and firewall issues, followed by technical design meetings and workshops
• Overseeing the upgrade and deployment of new Crossbeam &, Nokia Firewall clusters, new Toplayer IPS clusters, Sourcefire IDS running RNA and RUA, RSA Secure ID clusters, Blue Coat ProxySG and F5 Firepass clusters, migration of the company wide Firewall estate from Checkpoint on Crossbeam appliances to Juniper 5400 running Virtual Systems (VSYS), creating accurate documentation
• Implementing several internal and 3rd party VPN’s on Checkpoint, Juniper and Cisco ASA firewalls
• Analysing and implementing firewall changes, developing firewall polices including removal of unused objects and policies and creating change documentation including documentation of firewall rules
• Sole F5 BIG-IP Local Traffic Manager (LTM) change implementer – mentored other team colleagues
• Managing and implementing changes within strict timescales and controls whilst maintaining live services at all times, responding rapidly on high priority incidents during on call rota
• Proactively involved in quality resolution of complex technical issues, responding with an appropriate sense of urgency to problems escalated; coordinated with the appropriate departments to determine positive solutions that increased end user satisfaction
• Carrying out daily housekeeping tasks – firewall requests, proxy management, system checks, IPS management, log checks, appliances maintenance, ensuring that system patches are applied
• Monitoring of all security devices including Firewall and Intrusion Detection Systems

Upgrading existing security systems to appropriate current hardware and Software levels

• Provided proactive 2nd Level technical security application support in English and German
• Manage/Configure/Troubleshooting Check Point VPN-1 NG(X) Firewalls, Splat, Crossbeam Firewalls, Nokia Firewalls, F5 BIG-IP LTM, F5 BIG-IP GTM, F5 BIG-IP ASM, FirePass, Bluecoat, AAA, Sourcefire IDS/IPS and ISS.
• Adhering to escalation and call management processes and procedures
• Attended training courses covering products and technologies
• Network protocol analysing, troubleshooting with log files, basic Linux administration