ict principal cyber-security architect, ict architecture manager
Booz Allen Hamilton
Total years of experience :25 years, 3 Months
- Senior Lead Technologist at Booz Allen Hamilton (Abu Dhabi - UAE)
- Duties and responsibilities: lead and management of ICT Cyber-Security Architecture & Engineering Team, preparation and validation of projects technical design and solutions architecture; validation of HLD (High-Level Design), LLD (Low-Level Design), BoM/BoQ (Bill of Materials / Bill of Quantities); PMP (Project Management Plan) and presentation of activities and projects towards management and stakeholders; analysis and response to RFIs and RFPs, coordination and engagement of System Integrators, vendors and partners; programs and projects to support UAE, GCC and Singapore Government, Defence and Commercial clients
- Technology: *Undisclosed*
- Projects and activities managed: *Undisclosed*
- Duration: 04/2019-today
- Contract type: permanent employment
- Benefits: 20% performance bonus (3 months salary), housing & education allowance, health insurance (worldwide + US), life term insurance, annual flights; 4G SIM
- ICT Principal Cyber-Security Architect at Dark Matter LLC (Abu Dhabi - UAE)
- Duties and responsibilities: lead and technical management of ICT Architecture Team: 6 x Senior Architects (Systems, Virtualization, Network, Security, Storage & Data Protection, Application); analysis, approval and validation of Projects, Tasks and Study design and solutions architecture, IV level support for ICT infrastructure; projects to support UAE Government and Defence clients; preparation and validation of HLD (High-Level Design), LLD (Low-Level Design), BoM (Bill of Materials); PMP (Project Management Plan) and presentation of activities and projects towards management, operational teams and stakeholders
- Technology: Cisco Systems ASA+FTD / Juniper Networks SRX / Palo Alto Networks PA firewall, IDPS; Cisco Systems Nexus and Catalyst switches, ASR/ISR routers; Splunk Enterprise / HP Arcsight SIEM; Cisco Systems Ironport WSA/ESA, Cisco Systems WLC + Aironet 27xx series; Citrix Netscaler + F5 load-balancer; McAfee ePO/MOVE + Symantec EP/DLP antivirus; CDS + Guard Raytheon/Forcepoint; data-diode; Solarwinds NPM + NetBrain network availability and performance monitoring; Dell TPAM privileged access-control; VMware ESXi, VDI, NSX; Microsoft Windows Server, MS.AD, infrastructure services; Arbor Networks, Netscout; DellEMC VCE, VxRack, NetApp; ISO27000, NIST SP 800-53
- Projects and activities managed: *Undisclosed*
- Duration: 08/2016-04/2019
- Contract type: permanent employment
- Benefits: performance bonus (1 month salary), education allowance (50, 000AED/child) + health insurance (worldwide + US), life term insurance; laptop, phone + 4G SIM
• ICT Network Security Manager at ESA (European Space Agency)-ESOC (Darmstadt, DE)
• Duties and responsibilities: security communication engineer HSO-ONC, senior network security engineer, design and project management of network and security architecture; network security laboratory and test plant
• Technology: Cisco Systems ASA-5540, ASA-5520, Cisco Systems IPS, Cisco Systems ASA Botnet Traffic Filter; RSA Authentication Manager, Cisco Systems ACS; SIEM platforms (HP Arcsight, AccelOps); Alcatel-Lucent VitalQIP DNS; Hopf Elektronik + Meinberg NTP GPS time server
• Projects and activities managed: SIEM infrastructure for MOI-IT projects and missions, IPS for remote Ground Stations, unified access control for ESOC and remote Ground Stations, project Security Plan preparation and system hardening and security analysis; evolution of DNS and NTP infrastructure for the Satellite Mission Operations
• Duration: 2012-today
• Contract type: freelancing
• Benefits: laptop, remote access
• ICT Network Security Administrator at Max-Planck-Institut (Frankfurt am Main - DE)
• Duties and responsibilities: ICT network security administrator, design and network security management of network security infrastructure; network security laboratory and test plant
• Technology: Palo Alto Networks PA-4050 + PA-3020, Cisco Systems Catalyst 4500-X + 3850, Cisco Systems WLC + Aironet 27xx series + Microsoft CA + Microsoft NPS, Starface VoIP HW appliance + telephone
• Projects and activities managed: definition and optimization of firewall security policy, VPN (IPSec, Global Protect + HIP), networking infrastructure (access, distribution, core), 802.1x + Guest WLAN infrastructure, syslog, VMware ESX 5.5
• Duration: 2014-today
• Contract type: full-time employment
• Benefits: laptop
• 08/2010-02/2012: ICT Network Security Manager at ESA (European Space Agency)-ESRIN (Rome, IT); Vitrociset S.p.A.; duties and responsibilities: security manager EO, senior network security engineer, technical support and validation of network, security and application architecture design; EOP III level support and troubleshooting analysis activity, Italian and foreign ESA facilities and stations (GARR-IT, Interoute, OBS); technology: Check Point Nokia, Cisco Systems ASA-5580 (10G), Palo Alto Networks PA-50xx, snort IDS, scouting and analysis for new IPS infrastructure (McAfee, Fortigate, SourceFire, Cisco ASA), Imperva SecureSphere, Gauntlet Application Firewall, HIDS OSSec infrastructure (management + probe), SIEM (Splunk, Arcsight Logger), Cisco Systems router and switch, BlueCoat ProxySG+ProxyAV, squid, ESet Nod32 antivirus; projects and activities managed: EOP-G network security architecture and design support, operations manager; systems & device security plan and SDSR management, vulnerability management and assessment (BugTraq, network and application scan and penetration test), systems, networks and security audit, OS hardening, Check Point and Cisco Systems ASA-5580 firewall rulebase and configuration assessment, new IPS 10Gbps infrastructure (European datacenter), SIEM infrastructure; monitoring support: NOC platform, SolarWinds Orion, Cacti, MRTG, syslog, SNMP; contract type: freelancing; benefits: laptop + 3.5G mobile + internet key, restaurant vouchers
- ICT Senior Network & Security Architect at Gruppo Finmeccanica S.p.A. (Rome, IT), ElsagDatamat
- Duties and responsibilities: senior security engineer, networking and security infrastructure design, analysis and maintenance, RdG III level support and troubleshooting, Italian and foreign branch offices
- Technology: Check Point UTM-1 firewall, Astaro Security Linux/Gateway, Cisco Systems and 3Com router, switch and VPN concentrator, Radware network balancer, Juniper SSL Concentrator SA-2000, Cisco ASA 5510-5515, Elsag Amtec SAS 750 + CA1024 + CSSMan + Cryptocard+, Symantec Endpoint Security; ISO27000, NIST
- Projects and activities managed: Check Point firewall migration: R55 NG AI ? R62 NGX, firewall failover: clustering + load balancing, Astaro Security Linux ? Astaro Security Gateway upgrade, URL/WEB filtering WebSense V10000, antivirus, IPS: Stonegate vs. ISS, SSL VPN: Juniper SA-2000, DNS/DHCP Infoblox, network & security monitoring: NOC platform, Groundwork Nagios, MRTG, syslog, SNMP, SIM (Security Information Management): Netreport/Netforensics/ArcSight, new WAN architecture design, VPN IPSec upgrade, Polycom videoconference system architecture design
- Contract type: freelancing
- Benefits: BlackBerry + laptop + paid vacation + restaurant vouchers + health insurance + MBO
- ICT Security Manager at PosteItaliane S.p.A. (Rome, IT), Security & Safety/Sicurezza Logica
- Duties and responsibilities: senior security engineer, auditing and monitoring activities, perimeter and application security tasks and activities management towards internal divisions and external customers, interface between internal customers and top management (CEO, CIO, CSO), definition and creation of Security lab
- Technology: Check Point R62 firewall, router, switch and VPN concentrator Cisco Systems, network balancer, Symantec ESM (Enterprise Security Manager), antiphishing and fraud management
- Projects and activities managed: Accountability (acquisition, normalization, correlation of systems and application log), Poste Mobile, Fraud-Management
- Contract type: freelancing
- Benefits: car + BlackBerry + laptop + health insurance + MBO
- ICT Senior Network & Security Architect at Credit Suisse Group (Zurich, CH, onsite + remote), Information Technology & Network Service Infrastructure
- Duties and responsibilities: senior security engineer, network architecture design, perimeter and internal security towards holding, customers and international partners, relationship between customer and international management (London, New York, Singapore) and technical support at Security lab
- Technology: Check Point R61, Juniper Netscreen, Resilience, Crossbeam Systems firewall, IDS ISS SiteProtector infrastructure, Cisco Systems router, switch and VPN concentrator, network balancer
- Projects and activities managed: Check Point firewall migration and tuning, disaster recovery datacenter consolidation and migration, Security Lab management
- Contract type: freelancing
- Benefits: BlackBerry + laptop
- ICT Senior Network & Security Architect at PosteItaliane S.p.A. (Rome, IT), Chief Information Office ñ ICT Security,
- Duties and responsibilities: lead technical project under the direct supervision of the IT manager, report security aspects (information requests, analysis of network infrastructure, systems assessment), give procedural and technical solutions to implement security policies, IT tasks and security activities management towards internal divisions and external customers, security assessment and investigation, technical staff meetings with vendors and solution providers to evaluate new technical and marketing proposals, value-added technical market research and survey, product-scouting to discover and introduce new IT technologies, project technical documentation (technical specifications, feasibility study), technical meetings to plan project activities, methodology, costs and resources, manage the Security Lab,
- Technology: Check Point R54, R55, NGX firewalls, ISS SiteProtector and RealSecure IDS/IPS devices, Cisco routers, switches and VPN concentrators, Juniper Networks Secure Access SSL concentrator, NetForensics nFX OSP, Spirent Avalanche SmartBits (hw) and TrafficIQ (sw) traffic generator devices,
- Projects and activities managed: migration of Check Point Firewall-1/Provider-1 firewall infrastructure from R55 to R60, design and positioning of IPS (Intrusion Prevention System ñ ISS Proventia appliance on SiteProtector systems), SSL-Concentrator Juniper Networks SA-6000 and integration in the systems and application authentication architecture, Log Cross Correlation and Incident Handling (Netforensics nFX software), SmartCard (physical and logical access, timesheet), DMS and encryption (mechanisms and ciphering software on document management system FileNet P8),
- Contract type: freelancing,
- Benefits: car + BlackBerry + laptop
- IT Senior Security Engineer, project leader at Telecom Italia + Telecom Italia Mobile S.p.A. (Rome, IT),
- Duties and responsibilities: Sistemi Informativi Sicurezza e Frodi, technical account manager, Network Security, Security Team Support, administration and maintenance firewall Check Point FW-1, VPN-1 NIDS/HIDS, MS ISA Server (proxy and packet filtering), configuration and tuning of packet filtering and deep packet inspection technologies, routing, VPN, project study and tuning firewall and IDS (ISS, Cisco, SourceFire, snort linux technologies), network management, Risk Analysis and Vulnerability Assessment,
- Technology: Check Point FW-1 and VPN-1 4.1, FP2, FP3 firewall, Stonesoft Stonegate firewall, ISS Proventia and Sourcefire IDS, Network Analyzer devices: Agilent DNA MX and Niksun NetDetector,
- Projects and activities managed: CCSF Network Security Engineer, Check Point firewall migration and tuning, network security test lab,
- Contract type: freelancing,
- Benefits: GPRS mobile + laptop
- IT Systems&Network Engineer, backstopping support at B&S in Kosovo (KS) and Luxemburg (LU) for the EU funded Project managed by the EAR ìStrengthening the PISGís Institutional Capacity of Participation in the Stabilization Association Processî,
- Duties and responsibilities: security devices (firewall, IDS/IPS, antivirus, antispam), configuration management, security assessment, activities to include developing and documenting technical specifications, configurations and maintenance for the IP and MPLS network, maintain technical relationships with existing and potential new suppliers/customers ensuring maintenance and communication of product knowledge, work with third parties in the development of the network, technical support: acting as the 1st line point of escalation for technical support to the Operations/NOC teams and other company departments,
- Technology: Check Point FW-1 and VPN-1 4.1 firewall, Cisco Systems routing and switching devices,
- Contract type: freelancing
- Hardware Storage Expert at SOGEI S.p.A. (Rome, IT), Storage Group,
- Duties and responsibilities: backup/restore on IBM Aix Risc/6000 hosts, DAT/DLT libraries,
- Technology: IBM Aix, IBM DAT/DLT hardware libraries,
- Contract type: freelancing
- Systems Engineer at CO.G.I.T.O. S.r.l. (Bologna, IT) area (20 employees, 10 consultants),
- Duties and responsibilities: maintenance of 250 MS/unix/linux hosts, 1000 clients, 150 routers, study, development, creation and management of new customer plants, remote assistance WAN through Cisco Systems routers and linux firewalls (ipchains/iptables/MS Isa Server), VPN, LAN-WAN administrator, host maintainer, customer management, plants planner, III∞ level help.desk,
- Technology: Cisco Systems routing and switching devices, PIX firewall, linux and MS.Windows Server NT/2000 systems,
- Contract type: permanent employment
- Consultant - system & network administrator at IAL Emilia-Romagna (Bologna, IT)
- Duties and responsibilities: SW/HW/network support, network & system security, professional training,
- Technology: Check Point NG and 4.1 firewall administration, McAfee and TrendMicro central Antivirus software, X509 digital certificates and Intrusion Detection Systems, Active Directory, web+mail+db, linux (RH, SuSe, Debian),
- Contract type: freelancing
ict computer engineering attended IV year
high school diploma