SUMMARY

I have worked as a Network Security Engineer more than 14 years.

Main Technical Skills:

Fortinet Products including FortiGate, FortiWeb, FortiAnalyzer, FortiManager, FortiMail, FortiNAC, FortiClient, FortiSIEM, FortiSandbox, FortiSwitch, FortiDB, FortiAuthenticator / Training NSE4, NSE5, NSE6, NSE7 / OWASP, Extreme Wireless Cloud and Access point / XIQ AP, Firewall Engineering, TCP/IP, Cisco Switching and Routing, Threat Analysis, Honeypot deployment.

Additional Technical Skills:

Cisco Switching, Routing / F5 LTM / Firewall, UTM and NGFW like as Sophos, Palo Alto, Cisco ASA, FMC and FTD, Kerio, pfSense, Juniper / DLP solution / Anti-Virus / LAN, WAN, WLAN, VLAN, AAA and 802.1X Authentication, SOC, NOC, Centralized Management solution, Extreme Cloud, Cisco Meraki, Microsoft Azur, Amazone AWS.

Entry Technical Skills:

FortiEDR, FortiXDR / FortiADC / ZTNA / Microsoft Windows Services including WSUS, Active Directory, Domain Controller, DNS, DHCP, IIS, Exchange, Cisco ACI, Cisco ISE, NSX, Virtualization, Linux, PLSQL, SQL, JSON, HTML, XML, CSS, Network Cabling, Server and Storage, Technical L1/L2/L3 support

Non-Technical Skills:

Project Management, Network Administration, Team Leader, Reporting and Documentation, Business development, Sales and Pre-Sales, Client support, Professional Service Consultant, Presentation, Solution Providing, LOM and RFP, Technical Content Production, Communication, Free Thinking, Problem Solving, Troubleshooting, Fast learning, High Adaptivity, Multi-Tasking.

Fortinet Experiences:

FORTIGATE (More than 200 projects)

• Integrating FortiGate with third-party solution like as Cisco switches, routers, Blades, firewalls, Juniper switches, firewalls, Mikrotik devices, HP&Dell switches, Palo Alto firewalls, Sophos firewalls, Kerio firewalls, F5 LTM, pfSense, Microsoft, VMware, Cyberoam.
• Deploying 802.1x by integration of FortiGate, FortiNAC and Cisco switches.
• Physical and Virtual appliance installation, Configure, Tune up, Maintenance, Troubleshoot from small branch model series up to enterprise model like as Datacenter series.
• Network and Security Features including SD-WAN ( WLLB in old versions ) / Load balancing / Routing ( Static and Dynamic ) / PBR / Multicast Policy / Tunnels / Transparent(TP) and NAT opmode / SNAT-DNAT-VIP / VPN ( site-to-site & client-to-side ) / DHCP ( relay & server ) / Device detection / Traffic shaping / User Authentication ( local & remote server ) / Certification / VDOM / HA ( Clustering A-A, A-P mode ) / IPS / DOS / ACL / Application Control / DLP ( File and Video Filter ) / Web Filtering / DNS Filtering / Antivirus / Email Filtering (Anti-Spam) / WAF / SSL inspection / Local and Remote Log Server / Report.
• FortiOS 4.x, 5.x, 6.x and 7.x Web GUI, Cli FortiOS family

FORTIWEB (More than 50 projects)

• Physical installation, Configure, tune up, Maintenance, Troubleshoot from small branch model such as 400 series up to enterprise model like as 3000 series.
• Network and Security Features including Routing / Port Aggregation / PBR / Revers Proxy-Transparent(TP)-Offline opmode / Full NAT ? Gateway mode for servers / User Authentication / Certification / SSL Offloading / ADOM / HA ( Clustering A-A A-P mode ) / Machine Learning ( Auto Learn in old version ) / Tuning Signatures including SQL injection, XSS ? Cross site Scripting - Trojan ? Generic Attack ? Known exploit ? Information Disclosure / Tuning HTTP protocol constraint / Bot Mitigation/ API protection / URL Rewriting / X-Forwarder ? X-Header / Regular Expression / DOS protection / IP protection / Custom Policy / Input Validation / Web-Anti Defacement / SSL inspection / Local and Remote Log Server / Report / Machine Learning.
• FortiWeb 5.x, 6.x and 7.x Web UI and Cli including Config, Diag, Exe and like these which are used to Tshoot. 

FORTIANALYZER (More than 100 projects)

• Physical and Virtual appliance installation, Configure, tune up, Maintenance, Troubleshoot from small model such as 200 series up to 1000 series.
• Network configuration includes Routing, DNS, Remote Log Forwarding, ADOM (independent administrative domain), Log retention, Raid storage, Hard Disk replacement, Remote alert server.
• Device registration / Integration with FortiGate, FortiWeb, FortiMail, other devices such as Cisco and Juniper as a syslog.
• Log collection / FortiView / Event Handler / SOC / Playbook / Report (pre-defined and customized including char builder, dataset and SQL table).
• Work as a Log & Report Analyzer and use it in Forensics and Risk Management.

FORTIMAIL (More than 20 projects)

• Physical installation, Configure, tune up, Maintenance, Troubleshoot including devices like as 400 and 1000 series.
• Gateway, Server and Transparent opmode.
• Network configuration including Routing, DNS, Mail Settings, Maintenance, Config and Mail data remote backup, Remote Storage as a NAS, Remote Authentication Servers Verification, IP policy, Access Control Policy, Recipient policy.
• Security feature including Session profile, Anti-Spam, Anti-Virus, Content inspection, URL Filtering, Disarm & Reconstruction, Greylist, Bayesian, DLP, Encryption, SPF, DKIM, DMARK
• Log, Report and Tshoot by mail queue, history log and quarantine?s folders.
• HA clustering A-P, A-A (config-only in old versions)

FORTIMANAGER (More than 30 projects)

• Physical and Virtual appliance installation, Configure, tune up, Maintenance, Troubleshoot with small size such as 200.
• Network configuration includes Routing, DNS, Remote Log Forwarding, Log Analyzer Feature, ADOM (independent administrative domain), Log retention, Raid storage, Hard Disk replacement, Remote alert server, Workspace and Workflow mode.
• Device registration / Integration with FortiGate.
• Policy package Deployment, Provision profile, Remote Cli Configuration, FortiGuard and Licensing, Upgrade Firmware.
• Log collection / FortiView / Event Handler / SOC / Playbook / Report (pre-defined and customized including char builder, dataset and SQL table).

Other FORTINET Product (Per case Project)

• FortiNAC
• FortiSIEM
• FortiDB
• FortiSandbox
• FortiClient
• FortiEMS
• FortiSwitch
• FortiAuthenticator
• FortiIsolator

Other Firewall Experiences:

CYBEROAM and SOPHOS (More than 50 Projects)

• Configure and troubleshoot (UTM) Security Features including IDS/IPS systems / DOS/ Application Control / Web Filtering / Antivirus/ Email Filtering / WAF.
• HA/Cluster Configuration and Tune up in the Active-Active and Active-Passive mode.
• Configure and troubleshoot accounting feature such as Surfing Quota and Data Transfer based on Local Users / User Authentication mode integrated by AD server Groups.
• Configure and Troubleshooting of Static Route/ Policy Route / Load Balance / VLANs / SD-WAN.
• DNAT / SNAT / Virtual Hosts.
• Report & Analyze Security Logs.

JUNIPER (Less than 10 Projects)

• Physical installation, Configure, Maintenance, Troubleshoot SRX and SSG series like as 240, 650, 1500 and 4100.
• Some Features including Static Routing / Port Aggregation-Trunk-Access / VRF / VPN Tunnels / SNAT-DNAT-Proxy ARP-Static NAT-MIP / DHCP (relay & server) / User Authentication (local & remote server) / HA (A-A A-P mode) / IPS / Remote Log Server.
• Zone base and Interface base configuration / Global base configuration / Mostly Cli base configuration. 

CISCO ASA (5 project)

• Maintenance and Troubleshoot ASA 5510.
• Some Features including Static Routing / Port Aggregation-Trunk-Access / Virtual Context / SNAT-DNAT / Remote Log Server / FTD / FMC.
• Zone base and Interface base configuration / Global base Policy. 

Switch and Router Experiences:

CISCO

• Physical installation, Configure, tune up, Maintenance, troubleshoot and range of Cisco Switches such as a Catalyst series 2960,3750,3850,6500, Nexus, Meraki series, Routers like as a ISR series 1800,2800 and ASR 1001.
• Some solutions including EtherChannel / VRRP - HSRP - VSS - VPC / Physical and Virtual Stack / Vlan and Segmentation / Interface Vlan / Port Security/ STP/ RSTP / VTP / ACL / Routing / L3 and L2 ARP cache / Mac table / Trunk / Access / AAA / 802.1x / Inter Vlan Routing / PBR.

Anti-Virus Experiences:

KASPERSKY and ESET (More than 100 times)

• Install, configure and troubleshoot ESET Remote Administrator (ERA) 5.x / Kaspersky Security Centre (KSC) 8.x & 10.x.
• Configure and tune up Task and Policy for clients.
• Configure and tune up Anti-Virus features including Firewall/ Application Control/ Device Control/ Web Control/ Vulnerability Scan/ Patch Management.
• Analyze Security Logs.

DLP (Data Loss/Leak Prevention) Experiences:

IP-GUARD (20 projects)

• Install, configure and troubleshoot IP-Guard DLP solution.
• Configure and tune up Policies including 14 modules such as App, Web, Email controller based on requests of organization to control clients.
• Read & Analyze Security Logs to create Digital Fingerprint to find Vulnerabilities and Violations to enhance End-Point security.

Other Experiences:

• Network and Security Management up to 10 staff.
• Machine Learning, OWASP top 10.
• Documentation with general software like Visio, Microsoft Office for presentation, network plan (L2/L3/Physical/Logical).
• Creating and Writing General, Security, Statistic and Analytic Reports based on the organization?s requirements by the Logging tools like as a FortiAnalyzer or syslog servers.
• Research and develop new security products and solutions such as SOAR, SIEM, SOC, NOC, detecting new Malwares.
• Providing advice on a wide range of information systems issues and security solutions on the Edge, Internal or Endpoint in network.
• Design and Plan strategy, policy, management, security and service delivery for organization.
• Install and Configure Cisco solutions such as switches and routers in the LAN and WAN area.
• Install and Configure Microsoft solutions such as Windows server, SQL server, Active Directory, Domain Controller and some like these.
• Installation, Configuration and Maintenance VMware Esxi 5.x, 6.x, vCenter, vMotion, DRS, Clustering and like this.
• Familiar with some programming C++, C# .net, SQL, Regular Expression, some OS Windows, Linux, Ubuntu, some services including IIS, RDP, DNS, DHCP, Mail etc.
• Familiar with some products as a theoretical including FortiSOAR, FortiADC, FortiWAN, FortiNAC, FortiAuthenticator, Palo Alto, Penetration test tools.

Training Experience

FORTINET NSE4,5,6,7 ? More than 3000 Hours

• Including FortiGate, FortiWeb, FortiMail, FortiAnalyzer, FortiManager, FortiDB, FortiSIEM, FortiSandbox.

ESET/Kaspersky Anti-Virus ? More than 200 Hours

• Install, Deployment and Tuning anti-virus on network (Server and Client side)
• Tuning security features and signatures including Av, App Filter, Firewall, heuristic, ?

Cyberoam and Sophos Firewall ? More than 500 Hours

• Definition of old firewalls, UTM and NGFW (Next Generation Firewall)
• Designing Network Layers based on Firewall (Edge, Core, Access)
• Firewall communications with Switches, Routers, Servers (physical and virtual like as an ESXi), LDAP.
• Installation and configuration network features such as routing, interfaces (Vlan-Trunk, Access, Aggregate port, Bridge), PBR, Load balancing, Zone, User Accounting, Log & Report, SNAT, DNAT.
• Tuning security Profiles including AV, IPS/IDS, APP Controls, Web Filtering, Anti-Spam, WAF, DLP, SSL inspection.

DLP ? More than 100 Hours

• DLP (Data Loss/Leakage Prevention) solution and modules
• Implementation and configuration IP-Guard DLP
• Deploy Best Practice based on organization policies.