Audit support of IAM (Identity Access Management) for over 65 from over 1600 banking applications based on various operating systems using TOGAF Enterprise Architecture Framework. Audit and reconciliations of IAM integrations with Microsoft Active Directory, Role Based Access Mgmt (RBAM) as well as IBM Mainframe z-OS banking applications using RACF-ID and MSA lists. Integrations of IAM correction automation from RSA Aveksa AFX (Access Fulfilment Express) and RSA-VIA Identity Governance and Lifecycle /certification process (IG&L) and PKI (Public Key Infrastructure) services. Take part in Internal and external auditing preparation of IAM for BMO and KPMG. Use of Splunk reporting and Pivot tools for IAM security policy violations investigations.
As Architect lead implementation and securing of VueForge platform services for machine-driven Big Data implementation, supporting ADSA (Advanced Database Systems and Applications) verification and Transitioning to autonomous vehicles, implementation and securing IOT infrastructure and Electric Grid Asset Management. Integration of COMPASS error correction services into safety and security services using combination of satellite positioning and wireless communications to provide signallers with greatly improved visibility into network problems. Implementation and securing advanced data analytics gather information from a range of sources to allow safe and efficient passage of multiple vehicles through a temporary block working area.
QP (Qatar Petroleum) is key critical infrastructure industries in Qatar. With volatile middle-east security situation in mind I was engaged as Security architect “via BPC Plus” to lead restructure the company wide network to follow “Purdue Model for Oil and Gas industry” and create blue print for company wide applications to follow ITILv3 and on TOGAF. In addition I was to creating security services catalogue of QP with “Defense-in-Depth and Defense-in-Breadth” for ICS multiple-vender environment. The solutions were completed for following services: MS-Active Directory, IAM (Role Base Access), PKI, Asset and acquisition, Inventory Mgmt. End Point and Data Leak Protection, Third Party Vendor Mgmt, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection Backup /Recovery, SLA Monitoring, Configuration Mgmt, Firewall, IPS and security policy Mgmt, Network and NOC Mgmt, Hiring, Personnel, Safety and Security Training Mgmt, Document Mgmt. Third Party Mgmt. Software License and Support Mgmt, SIEM /SOC, Triage Mgmt, Virtualization and cloud Resources Mgmt. Capacity Mgmt.
I was to provide infrastructure and security deployment “via Wipro” to lead the following projects:
ISP-Diversity and redundancy using BGP4 routing protocol.
I was engaged as ICS Security Specialist for securing DEWA Transmission, Distribution as well as Smart Grid programs integration. During my contract I design and lead delivery the following:
Restructure OT communication following (PURDUE Model for Electricity and Water industry) and hand on modification of routing, switching, SOA /Micro-Services and services orchestration.
Design and implement new OT Data Centre isolating Operation from Smart Grid and IT. Following SABSA, COBIT-5 and TOGAF strategy, planning and roadmap using best of breed technologies (VBlock), (UCS, VMware /EMC), Micro-Segmentation and Public Cloud, NOC, service monitoring with scalable Solarwinds EOC, and improved physical and cyber-security policies and update procedures for OT production services.
Operation security management activities included hands on for IAM (Active Directory), Role Based Access Mgmt (RBAM), Firewall /IPS Policy Review and Remediation Mgmt (Checkpoint, Cisco, Palo-Alto, Tofin, Virtual Appliance and Security Gateway). Audit Mgmt, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Hardening, Netflow, Avamar-Backup /Recovery and NSX.
Deploy Azure-Cloud for services within QA, R&D and Training Environment where live data is not used deploying Role-Based-Access-Controls (RBAC) and with need-to-know bases with Azure AD two factor access and cloud based Authentication, CASB, SAML 2.0, OAUTH 2.0, Azure IAM, Azure Security integration, Security audit (NERC-CIP, PCI-DSS, ISO27001/2, SOC2 Reports).
Design and hand on implement SOC (SP800.62v2), defining Use-Cases based on Prioritized Assessed Vulnerabilities, filter and correlated logs for SIEM (QRadar and Splunk) and Remediation using integrating SAP Ticketing handled via Emergency Response team using Integrated Dashboard, Services Orchestration feed from SIEM log file. Use of Splunk for Cyber Threat Hunting and reporting to prove security policy violations investigations. Cyber Security covered “Data in transit, Data at Rest and Data in memory”.
OT services integration with Smart Grid infrastructure security for Smart Meters, DG (Distributed Generation), DR (Demand Response), EV (Electric Vehicle), and DA (Distributed Automation) by creating scalable Active Directory, Role based IAM and PKI, base on UTD (Unified Threat Defence) above Substations as well as x30,000 pocket Substations. Smart Grid network used 801.15.4g (Zigbee /6lopan) RF-Mesh as well as WDM-PON, TWDM-PON, GPON and Huawei OSN9800, OSN1800 fibre to home technology.
Reporting to IBM as IT Systems and Infrastructure Architect to ADS project; my responsibility is to lead the Architect Network and Systems for the ADS (Advance Distribution Solution). Program implementation is based on ITIL, SOA /Micro-Services, Schneider Electric, General Electric, Telvent OASyS and ICCP (Inter-control Centre Communications Protocol IEC60870-6) and SCADA (supervisory control and data acquisition) concepts with maximum 2 seconds response time to events on Electrical Systems. The team consist of 60 IBM, Hydro-One, GE (General Electric) and Telvent personnel. As architect I support delivery of conceptual and logical design of network, security zone and “Management Services” required in services catalogues for ADS program based on ITIL SOA /Micro-Services. Key services are Microsoft Active Directory (IAM), MS Forefront Identity Manager, Role Based Access Mgmt (RBAM), HP SIEM (ArcSight), RSA, Radius, Citrix XenDesktop, Malware and End Point Protection, Update and Distribution, OS and Application Updated and Distribution, Backup /Recovery, Server Hardening, Services Orchestration Dashboards and Solar Winds management.
My responsibility as Team lead for Network Architect in TAQA is integrating acquired assets, network-infrastructure, and create support-mechanisms and unified services and turn them into unified global architecture following ITILv3 standard and design. My activities include following concepts: IP restructuring, VoIP global unification, creating Video-conferencing facilities, building network and services redundancy, delivering QoS (Quality of Service) to deliver Voice, Video and Data across acquired networks, implement CWDM (Corse Wavelength Division Multiplexers technology), build global Data Centre, Disaster Recovery using SAN /Brocade, FC, FCIP, FCoE, NetApp communication, NetApp Storage Management System, Nexus 10G, Server Virtualization, L3 Load Balancing using F5 BIG IP LTM /GTM (Local /Global Traffic Management), Riverbed 7500 accelerator, WebSense Global Security solution, MS Active directory, ole Based Access Mgmt (RBAM), Citrix NetScaler, Citrix XenApp, VM-Ware, ESXi, vSphere, vCenter, Citrix XenDesktop virtualizations, Firewall-Security-Zones, Firewall Policy Review and Remediation, Firewall Policy Audit and restructuring, End Point Protection, Global Service Design Delivery and Monitoring, IT Procedure definitions, Telepresence, Cisco Unified-Communication Service-Deployment - and unified Hierarchical Network Management, Monitoring using Solarwinds EOC etc.
(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) projects - Clients use Full-Mesh-MPLS-VPN or Hub/Spoke MPLS-VPN with Disaster Recovery and Managed Multi-Zone-Firewall Services.
I was acting as the Network Specialist for Cisco 124xx and 76xx Switches and Juniper based Routing /switching products. I helped to upgrade the connections of Hospitals to SSHA Core network Clients via newly developed MPLS-VPN infrastructure via VRF technology.
Securing the Ministry Network and Databases from misuse and terrorism is considered a vital role in this project. Acting as the Security Consultant for Juniper Based Network (Firewalls and IDPs) devices.
(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) (1) In BW-Management project I helped prevent Peer-to-Peer application use most of core network bandwidth and deployed 120 Cisco Deep Inspection Engine (SCE) and its associated 40 Collection Managers Servers (Sun Netra-240) control and manage Rogers Internet services usage at a cost of 30M $CAN. (2) In IPSec Extranet project I help to use Cisco IOS-FW, Authentication-Proxy and Inspection-Technology to provide safe and large scale Network-to-Network access for Vendors; enabling them to reaching deployed Servers in Rogers’s network for support purposes with minimal risk to Rogers using Gated-Access-Technology. (3) In HD VOD (High Definition – Video On Demand) project I have evaluated the upgrade path for re-architecture of Roger HD VOD Services using Multicast MPLS-VPN and PIM-SSM technologies with Sea Change and Tandberg VOD Server and Services. This enabled Rogers to deliver HD and VOD services later to its 3 million customers.
During contract I worked on three projects. (1) For Agriculture Canada HQ project (Canadian Government), I acted as the Infrastructure Architect where I completed planning and architecture of the new HQ network. As a result personnel from 12 sites of Agriculture Canada moved to HQ. (2) In School Board project I completed the deployment of core network using Cisco 6500 with integrated FW, IDS and NEM Modules. Over 200 schools and 30,000 users were connected to Ottawa School Board using the new system and could use Internet-Services. (3) In Statistics Canada Project I implemented a multi-Layer Multi-vendor firewall (PIX / Check-Point) network where it was essential protecting very sensitive data. This enables sensitive data to be protected from software weaknesses of single firewall vendor.
Colt Telecom is a very successful ISP in Germany (700 Million Euro of assets – 2002). I was contracted via Siemens to work within a team of 12 professionals to work on network core upgrade project implement MPLS using Juniper. This enabled Colt Telecom to provide DSL and Managed Firewall service to their customer across major cities of Europe at a very fast pace.
1984
BSc Honours? Degree in Elec. & Electronic Eng. Major in Telecom ? University of East London, UK
I am preparing for TOGAF, COBIT and SABSA architecture certification.
PROFILE
CISSP – ICS Security Architect /IT Architect
I have substantial experience in Security McAfee (ePO), SIEM products such as IBM Q-Radar, Splunk and ArcSight solutions. My knowledge in Network and cloud based Authentication, implementation and operation of CASB, SAML 2.0, OAUTH 2.0, Azure Cloud, Azure AD, MS-AD, IAM, MS-PKI, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Azure Security has enabled me to architect and implement ESB (Enterprise Services Bus) and associated Services Orchestration Dashboards for (Service Orientated Architecture /Micro-Services) Three Tiered Service (Application, Database, Web-interface) in very large scale and secure their tiers successfully. In addition I have hands-on experience in large-scale deployment of Endpoint Protection (Phone, Tablets, Notebooks), IPSec-VPN, Network /Security Architecture, IDS /IDP (Intrusion-Detection-System /Intrusion-Prevention-System), Web-Interface-Proxy and SAN multi-tier technologies in Private and Public Cloud implementing using VM-Ware in multi-Vendor, Multi-OS infrastructure.
Audit support of IAM (Identity Access Management) for over 65 from over 1600 banking applications based on various operating systems using TOGAF Enterprise Architecture Framework. Audit and reconciliations of IAM integrations with Microsoft Active Directory, Role Based Access Mgmt (RBAM) as well as IBM Mainframe z-OS banking applications using RACF-ID and MSA lists. Integrations of IAM correction automation from RSA Aveksa AFX (Access Fulfilment Express) and RSA-VIA Identity Governance and Lifecycle /certification process (IG&L) and PKI (Public Key Infrastructure) services. Take part in Internal and external auditing preparation of IAM for BMO and KPMG. Use of Splunk reporting and Pivot tools for IAM security policy violations investigations.
As Architect lead implementation and securing of VueForge platform services for machine-driven Big Data implementation, supporting ADSA (Advanced Database Systems and Applications) verification and Transitioning to autonomous vehicles, implementation and securing IOT infrastructure and Electric Grid Asset Management. Integration of COMPASS error correction services into safety and security services using combination of satellite positioning and wireless communications to provide signallers with greatly improved visibility into network problems. Implementation and securing advanced data analytics gather information from a range of sources to allow safe and efficient passage of multiple vehicles through a temporary block working area.
QP (Qatar Petroleum) is key critical infrastructure industries in Qatar. With volatile middle-east security situation in mind I was engaged as Security architect “via BPC Plus” to lead restructure the company wide network to follow “Purdue Model for Oil and Gas industry” and create blue print for company wide applications to follow ITILv3 and on TOGAF. In addition I was to creating security services catalogue of QP with “Defense-in-Depth and Defense-in-Breadth” for ICS multiple-vender environment. The solutions were completed for following services: MS-Active Directory, IAM (Role Base Access), PKI, Asset and acquisition, Inventory Mgmt. End Point and Data Leak Protection, Third Party Vendor Mgmt, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection Backup /Recovery, SLA Monitoring, Configuration Mgmt, Firewall, IPS and security policy Mgmt, Network and NOC Mgmt, Hiring, Personnel, Safety and Security Training Mgmt, Document Mgmt. Third Party Mgmt. Software License and Support Mgmt, SIEM /SOC, Triage Mgmt, Virtualization and cloud Resources Mgmt. Capacity Mgmt.
I was to provide infrastructure and security deployment “via Wipro” to lead the following projects:
ISP-Diversity and redundancy using BGP4 routing protocol.
I was engaged as ICS Security Specialist for securing DEWA Transmission, Distribution as well as Smart Grid programs integration. During my contract I design and lead delivery the following:
Restructure OT communication following (PURDUE Model for Electricity and Water industry) and hand on modification of routing, switching, SOA /Micro-Services and services orchestration.
Design and implement new OT Data Centre isolating Operation from Smart Grid and IT. Following SABSA, COBIT-5 and TOGAF strategy, planning and roadmap using best of breed technologies (VBlock), (UCS, VMware /EMC), Micro-Segmentation and Public Cloud, NOC, service monitoring with scalable Solarwinds EOC, and improved physical and cyber-security policies and update procedures for OT production services.
Operation security management activities included hands on for IAM (Active Directory), Role Based Access Mgmt (RBAM), Firewall /IPS Policy Review and Remediation Mgmt (Checkpoint, Cisco, Palo-Alto, Tofin, Virtual Appliance and Security Gateway). Audit Mgmt, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Hardening, Netflow, Avamar-Backup /Recovery and NSX.
Deploy Azure-Cloud for services within QA, R&D and Training Environment where live data is not used deploying Role-Based-Access-Controls (RBAC) and with need-to-know bases with Azure AD two factor access and cloud based Authentication, CASB, SAML 2.0, OAUTH 2.0, Azure IAM, Azure Security integration, Security audit (NERC-CIP, PCI-DSS, ISO27001/2, SOC2 Reports).
Design and hand on implement SOC (SP800.62v2), defining Use-Cases based on Prioritized Assessed Vulnerabilities, filter and correlated logs for SIEM (QRadar and Splunk) and Remediation using integrating SAP Ticketing handled via Emergency Response team using Integrated Dashboard, Services Orchestration feed from SIEM log file. Use of Splunk for Cyber Threat Hunting and reporting to prove security policy violations investigations. Cyber Security covered “Data in transit, Data at Rest and Data in memory”.
OT services integration with Smart Grid infrastructure security for Smart Meters, DG (Distributed Generation), DR (Demand Response), EV (Electric Vehicle), and DA (Distributed Automation) by creating scalable Active Directory, Role based IAM and PKI, base on UTD (Unified Threat Defence) above Substations as well as x30,000 pocket Substations. Smart Grid network used 801.15.4g (Zigbee /6lopan) RF-Mesh as well as WDM-PON, TWDM-PON, GPON and Huawei OSN9800, OSN1800 fibre to home technology.
Reporting to IBM as IT Systems and Infrastructure Architect to ADS project; my responsibility is to lead the Architect Network and Systems for the ADS (Advance Distribution Solution). Program implementation is based on ITIL, SOA /Micro-Services, Schneider Electric, General Electric, Telvent OASyS and ICCP (Inter-control Centre Communications Protocol IEC60870-6) and SCADA (supervisory control and data acquisition) concepts with maximum 2 seconds response time to events on Electrical Systems. The team consist of 60 IBM, Hydro-One, GE (General Electric) and Telvent personnel. As architect I support delivery of conceptual and logical design of network, security zone and “Management Services” required in services catalogues for ADS program based on ITIL SOA /Micro-Services. Key services are Microsoft Active Directory (IAM), MS Forefront Identity Manager, Role Based Access Mgmt (RBAM), HP SIEM (ArcSight), RSA, Radius, Citrix XenDesktop, Malware and End Point Protection, Update and Distribution, OS and Application Updated and Distribution, Backup /Recovery, Server Hardening, Services Orchestration Dashboards and Solar Winds management.
My responsibility as Team lead for Network Architect in TAQA is integrating acquired assets, network-infrastructure, and create support-mechanisms and unified services and turn them into unified global architecture following ITILv3 standard and design. My activities include following concepts: IP restructuring, VoIP global unification, creating Video-conferencing facilities, building network and services redundancy, delivering QoS (Quality of Service) to deliver Voice, Video and Data across acquired networks, implement CWDM (Corse Wavelength Division Multiplexers technology), build global Data Centre, Disaster Recovery using SAN /Brocade, FC, FCIP, FCoE, NetApp communication, NetApp Storage Management System, Nexus 10G, Server Virtualization, L3 Load Balancing using F5 BIG IP LTM /GTM (Local /Global Traffic Management), Riverbed 7500 accelerator, WebSense Global Security solution, MS Active directory, ole Based Access Mgmt (RBAM), Citrix NetScaler, Citrix XenApp, VM-Ware, ESXi, vSphere, vCenter, Citrix XenDesktop virtualizations, Firewall-Security-Zones, Firewall Policy Review and Remediation, Firewall Policy Audit and restructuring, End Point Protection, Global Service Design Delivery and Monitoring, IT Procedure definitions, Telepresence, Cisco Unified-Communication Service-Deployment - and unified Hierarchical Network Management, Monitoring using Solarwinds EOC etc.
(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) projects - Clients use Full-Mesh-MPLS-VPN or Hub/Spoke MPLS-VPN with Disaster Recovery and Managed Multi-Zone-Firewall Services.
I was acting as the Network Specialist for Cisco 124xx and 76xx Switches and Juniper based Routing /switching products. I helped to upgrade the connections of Hospitals to SSHA Core network Clients via newly developed MPLS-VPN infrastructure via VRF technology.
Securing the Ministry Network and Databases from misuse and terrorism is considered a vital role in this project. Acting as the Security Consultant for Juniper Based Network (Firewalls and IDPs) devices.
(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) (1) In BW-Management project I helped prevent Peer-to-Peer application use most of core network bandwidth and deployed 120 Cisco Deep Inspection Engine (SCE) and its associated 40 Collection Managers Servers (Sun Netra-240) control and manage Rogers Internet services usage at a cost of 30M $CAN. (2) In IPSec Extranet project I help to use Cisco IOS-FW, Authentication-Proxy and Inspection-Technology to provide safe and large scale Network-to-Network access for Vendors; enabling them to reaching deployed Servers in Rogers’s network for support purposes with minimal risk to Rogers using Gated-Access-Technology. (3) In HD VOD (High Definition – Video On Demand) project I have evaluated the upgrade path for re-architecture of Roger HD VOD Services using Multicast MPLS-VPN and PIM-SSM technologies with Sea Change and Tandberg VOD Server and Services. This enabled Rogers to deliver HD and VOD services later to its 3 million customers.
During contract I worked on three projects. (1) For Agriculture Canada HQ project (Canadian Government), I acted as the Infrastructure Architect where I completed planning and architecture of the new HQ network. As a result personnel from 12 sites of Agriculture Canada moved to HQ. (2) In School Board project I completed the deployment of core network using Cisco 6500 with integrated FW, IDS and NEM Modules. Over 200 schools and 30,000 users were connected to Ottawa School Board using the new system and could use Internet-Services. (3) In Statistics Canada Project I implemented a multi-Layer Multi-vendor firewall (PIX / Check-Point) network where it was essential protecting very sensitive data. This enables sensitive data to be protected from software weaknesses of single firewall vendor.
Colt Telecom is a very successful ISP in Germany (700 Million Euro of assets – 2002). I was contracted via Siemens to work within a team of 12 professionals to work on network core upgrade project implement MPLS using Juniper. This enabled Colt Telecom to provide DSL and Managed Firewall service to their customer across major cities of Europe at a very fast pace.
1984
BSc Honours? Degree in Elec. & Electronic Eng. Major in Telecom ? University of East London, UK
I am preparing for TOGAF, COBIT and SABSA architecture certification.
PROFILE
CISSP – ICS Security Architect /IT Architect
I have substantial experience in Security McAfee (ePO), SIEM products such as IBM Q-Radar, Splunk and ArcSight solutions. My knowledge in Network and cloud based Authentication, implementation and operation of CASB, SAML 2.0, OAUTH 2.0, Azure Cloud, Azure AD, MS-AD, IAM, MS-PKI, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Azure Security has enabled me to architect and implement ESB (Enterprise Services Bus) and associated Services Orchestration Dashboards for (Service Orientated Architecture /Micro-Services) Three Tiered Service (Application, Database, Web-interface) in very large scale and secure their tiers successfully. In addition I have hands-on experience in large-scale deployment of Endpoint Protection (Phone, Tablets, Notebooks), IPSec-VPN, Network /Security Architecture, IDS /IDP (Intrusion-Detection-System /Intrusion-Prevention-System), Web-Interface-Proxy and SAN multi-tier technologies in Private and Public Cloud implementing using VM-Ware in multi-Vendor, Multi-OS infrastructure.