Section Head Network Security & Telecom
Confidential
مجموع سنوات الخبرة :23 years, 0 أشهر
• Plans and executes all activities related to design, installation, commissioning and operation of the company's computer/data networks.
• Designing and implementing expansion and upgrade solutions of the company infrastructure to meet the business objectives.
• Assures the security of the company data assets, and implementing appropriate controls in relation to logical access of the network infrastructure
• Managing Network & Telecom Infrastructure including Data Center, Head office Network and Business Network in Plant including processing and non-processing business units and interface management for SCADA industrial network including Secure IT and OT interface, Secure Multi SCADA vendor environment, OT network visibility, Secure OT infrastructure against wide variety of attack vectors, Securing and patching Control System Workstations, Comply to Security regulations and standards.
• Deployment of IT solutions such as; Implementation & segregation of Networks in HQ, Implementation of Switching based on Cisco 6509 Switches, Data Center Switching using N7K and N9K, Implementation of APT solution, Implementation of Network Admission Control system, Implementation WAN / App acceleration solution for quality of services. Implementation of DCI, Implementation of satellite communication services (VSAT) solution based on I-Direct solution. Enhancement of collaboration & VC system. Implementation of VA system.
• Managing team of professionals for execution of tasks and make sure on time completion of tasks both operational and Projects.
• Assessment of existing Network Infrastructure including Data Center, Head office Network and branches network (62 Site offices)
• Identified gaps and proposed new solution as per need
• Finalize scope, network architecture and formulate HLD, LLD and NIP
• Supervise implementation according to design and ensure smooth migration to new Data Center as per Scope, which includes; established Access layer using Cisco switching technologies, formalized Data Center farm using Cisco Data Center Switching solution based on Nexus 5K and established secure layer around Cores.
• Formalized branch network across entire infrastructure for standardization
Technology & Cloud Computing company based at L.A USA
• Supervise the Installation & configuration of Cisco Core routers and switches including ASR1004, catalyst 6500, Nexus 7K switches, ASA5585 and 5520 firewalls single and multi context mode.
• Installation & configuration of VMware using Windows and Linux based OS using UCS and EMC infrastructure
• Design, Installation & integration of DCNM, HCM, CUOM, LMS, ZENOSS, Infovista, Vcenter, Vcloud for cloud services, Virtual Desktop, ECS management and operations.
• Design & Configuration of routing protocols and WAN technologies, OSPF, BGP, MPLS for multi-tenant Data Center
• Integration & implementation of SaaS, AaaS, PaaS, IaaS in cloud environment.
Project Tasks:
•As a consultant and Key member of IT team, involved in design & implementation of new Tier 4 Data Center of CBL with collaboration of World Bank and technology vendors.
•Design & Implemented new IP addressing for CBL enterprise network includes LAN and WAN infrastructure
•Design Migration plan of business users to new network with zero downtime and implemented successfully.
•Audit old network infrastructure with respect to design, methodology, configuration, backup, security, redundancy and risk factors.
•Identified Risk to network infrastructure and mitigate those risks in modern infrastructure.
•Implementation of log review and monitoring system.
•Implementation of Kaspersky Business Space Security AV for CBL enterprise network; provides protection against viruses, malwares, Anti-phishing, anti-theft protection, anti-hacking, and centralized management.
Technical Task (Network):
•Configuration & Implementation of Cisco Catalyst 6500 switches
•Configuration & implementation of Cisco 3750 & 3560 Access switches
•Configuration & Implementation of Cisco ASA 5500 firewalls
•Implemented secure connectivity of branches, commercial banks Head quarters & other entities directly or indirectly involved with business.
•Configuration & implemented of RADIUS and TACACS for centralized management of devices
•Implemented Syslog to maintain audit and trail framework separately for systems and network infrastructure
•Configuration & implemented Infoblox appliances for DNS, DHCP and IP management
•Implemented Ironport proxies for internet access
•Configuration & implementation of Data Acceleration device for optimal through put of business applications
•Implementation of NMS based on CA products includes Spectrum, e-health & nimsoft to monitor network, servers, services, Virtualization, Databases & applications
•Implementation of Host bases intrusion deduction/ protection to avoid any threats to network infrastructure
• Maintaining ISO 17799 norms and Authorization Matrix (including remote access), and perform regular application audits against it
• Ensuring new systems and applications are given an owner and assist asset owners in asset classification
• Engaging external parties for internal and external intrusion tests to the organization’s networks and telephony environments, and conducting vulnerability tests
• Ensuring training and awareness for employees
• Monitoring and reviewing of any IT security risks associated with service providers and vendors
• Developing and monitoring of internal IT security metrics (KRIs)
• Reviewing event logs, virus logs, audit logs and exception reports on a regular basis
• Ensuring alerts / incidents have been followed up, and solutions put into place
• Technical security risk assessments for all new systems / upgrades and projects
• Documenting, maintaining and testing IT Disaster Recovery Plan and Business Continuity Plan
• Administering and maintaining of company’s network infrastructure
• Configuring and auditing network infrastructure on a daily basis
• Administering and maintaining of company’s firewall infrastructure including IPS and related technologies
• Administrating and maintaining of Domain Controller
• Maintaining and upkeeping of policies and procedures
• Providing technical assistance as and when required
• Regular reviews of staff internet access and review of firewall rules
• Implementation of Enterprise Security solution based on Symantec product to Aazawiya Oil refinery.
The solution consists of Symantec Endpoint Protection along with Symantec Mail Security for MS Exchange, Brightmail Gateway (Symantech Brightmial 8300 series Appliance) and Symantec SIM.
• Conducted IT GAP analysis and Network audit for Aazawiya Oil Refinery. Designed Disaster Recovery Site for Aazawiya Oil and optimize Network as per the business application requirements of downstream Oil Company.
Key Responsibilities:
Major accomplishment at my current position is Revamp of Enterprise-wide IP Network and VPN deployment as per Basel II and ISMS standards. My work life at Askari is as follows:
• Liaise and attend meetings with other department functions necessary to perform duties and aid business and organizational development
• Up gradation of SWIFT system.
• Centralized management & monitoring of ATM’s countrywide
• Implementation of CA Network Management System (NMS) for enterprise network
Networks & System Security
• Security analysis, vulnerability assessments, risk analysis, and IT policy review in compliance with IT Security Policy, Audit Reports & State Bank by laws.
• Design and configure Firewalls, IDS, IPS, VPN Concentrator, and maintaining Systems level monitoring & security.
• Involved in Disaster Recovery Plans (DRPs), outline First Response and Remediation Plans.
• Design and implemented a secure network of 200 Branches with Regional offices and HQ.
• Working with end-users to provide assistance for network operation and developing a network security environment.
• Analyzed and Evaluated intra domain networks for vulnerabilities, closely working with software vendors to develop manageable and secured IP architecture.
• Implemented mitigation techniques against threats to modern network infrastructure, includes L2, L3 common network attacks, Worms, Viruses and Trojan horse attacks.
• Designed and implemented zone base firewalls and implemented VPN for both remote staff and branches.
• Introduced the secure Network & System management and reporting by implementing AAA & Cisco Works.
• Implemented Identity management with Cisco Secure Advance Control Server (ACS) & TACACS.
• Re-designing enterprise Network (WAN & LAN) including communication links and designing & deploying network model for branch network.
Key Responsibilities:
• Excellent experience in NOC operations including Shift management, Fault handling, troubleshooting, Network testing, Commissioning of POPs.
• Ensure project-specific installation and configuration of IT resources such as DSLAM’s, Core Routers, ATM Switches & Servers.
• Work in coordination with line manager (Manager Operations) to define network and network services
• Provide coordination among different branch offices for country wide projects specifically pertaining to customer (Countrywide)
• Provide guidance and act as technical reference for the NOC administration team for the implementation of tasks and duties assigned to NOC.
• Coordination with other departments and determining model setup for business expansion and provisioning of DSL services in new area.
• Design, configure and maintain core DSL/ISP network along with team.
• Maintained and configure BRAS for DSL broadband operation.
• Responsible for the Installation, configuration for the DSLAM’s in Metro area.
• Configured Lucent and Paradyne ATM DSLAM’s.
• Configured Dynamic routing protocol, OSPF, EIGRP, BGP etc.
• Management of IP addresses and subnet used for PPPOE (static and dynamic) consumer customers and subnet pools assigned to corporate users. Also coordinate with APNIC for maintaining route objects
Key Responsibilities:
• Installed, configured and managed the Dialup setup with Cisco using AS5200 and AS5300 Access servers and Lucent using MAX TNT.
• Configured layer 2 and layer 3 devices
• Monitored PRI setup, DXX, DPLC & IPLC and negotiates with OMC, NMS and ITI in case of service outage /troubleshooting
• Installation of HDSL and DXX circuits at the collocation centers for corporate customers and business expansion.
• Managed the RADIO Link between different clients using PCOM and WIMAN radio modems.
• Configured the setup I-direct, DVB setups and customer end.
• Configure access lists & route maps on the router for security and policy base routing.
• Installed, configured and monitoring squid based internet proxy servers.
• Configured and maintained DNS, Sendmail, NMS and RADIUS.
GICSP
Cisco Certified Internetwork Expert (CCIE-DC) Cisco Certified Security Professional (CCSP) Cisco certified Network Professional (CCNP) Cisco Information Security Specialist (CISS) Cisco IOS security Specialist Cisco Firewall Specialist Cisco IPS Specialist INFOSEC (4011 & 4013 Standard) Cisco Certified Network Associate (CCNA)
JNCIA-ER JNCIS-ER JNCIS-FWV
Microsoft Certified Professional Microsoft Certified Engineer + Internet Microsoft Certified System Engineer
BSc