Cyber Security Consultant
Toronto Hydro Corporation
Total years of experience :19 years, 1 Months
Handled numerous Cybersecurity Operations and consulting projects/activities across leading technologies and frameworks for securing Critical Infrastructure. This includes:
Cisco Next Generation Firewall/IPS implementations, Advanced Malware protections using Cisco AMP, FireEye Web MPS (NX), Email Gateway evaluations ( Cisco, Forti Mail and Proofpoint ), Data Loss Prevention Implementations, Threat Intelligence Platform evaluations and implementations, ICS/OT anomaly detection using claroty CTD, McAfee ecosystems implementations for perimeter security stack including Intrushield NGIPS/IDS & NTBA, Fortinet Security Fabric and Internal Segmentation Firewalls, DNS Security Services using Infoblox, Infrastructure Security Implementation using Cisco IOS Security Features (Cisco IPSEC VPNs, Snort ), NGIPS implementations using ScreenOS/JUNOS SRX Firewalls, McAfee ePO for endpoint security Implementation and optimization of Citrix NetScaler ADC and NetScaler Gateway and WAF, Cisco AnyConnect and NetMotion Mobility clients for remote access VPNs, Implementation of Cisco Clean Access (NAC) & 802.1x, Vulnerability Management using Tenable Nessus, Rapid7 Nexpose, Gigamon/GigaSmart SSL proxy, Bluecoat ProxySG Web Security, and Riverbed WAN Accelerators etc.
Information Security Governance Implementations experiences based on ISO/IEC 27001:2005 framework for a Bank in Middle East across the IT Department during Year 2007.
Handled critical network Security consultation & implementation projects for financial institutions - including designing & implementing security architecture for Campus & Corp networks based on a layered defense model, designing secure perimeter with advanced threat controls, Web application & Mobile application Infrastructure design, Datacenter Security with Secured multi-tenancy, Endpoint Security Management, Vulnerability Management and configurations compliances framework etc.
Designed and Implemented security controls including PaloAlto Firewalls PA3020, FortiGate 1000D, Cisco ASA 5525X- with IPS, Firepower FTD4120, Juniper SRX 650 with Chassis Clusters, F5 LTM, Cisco FWSM, Citrix Netscaler MPX-5500/VPX & Sourcefire 3D Sensors with Fire Sight Defense Center .
Managed numerous network infrastructure projects including Routing & Switching redesign, Datacenter architectures, secured Virtualized Multi-tenancy using Catalyst 6500/ASA-SM gears, large campus and lnternet facing Infrastructure based on various Cisco Routing and Switching components etc.
Designated as Chief Manager, I was managing a team of 5 members providing L2 & L3 Support for Network/Security operations. I also had indirect reporting of Security operation Center during this period. Have executed numerous projects and initiatives around DataCenter and Security Perimeter design/implementations using layered architecture, ISO/IEC 27001:2005 implementations and Certifications, Routing & Campus LAN design & implementations, Fortinet Firewalls, VDOMs and Fortinet Fabric, Cisco AnyConnect, Bluecoat SSL proxy, Juniper SRX NG Firewall/IDS, Cisco Sourcefire 3D Sensor (7120) with Firepower management console, IBM QRADAR SIEM, Citrix NetScaler MPX/VPX with AppFirewall, FireEye Web MPS and EX for combating advanced persistent threats, Web Sense proxy service etc.
• Implementations of Cisco ASA 5516-X Firewalls with Sourcefire Services using NGFW, IPS, AVC and AMP services
• BGP, VRF-Lite, IPSEC and UTM implementations for remote branches - Over 70 Locations( Juniper ISG/SRX )
• Firewall Migration for Netscreen SSG to Juniper SRX-650 for the Secured Perimeter
• Implementation of Group Encrypted Transport VPN (GDOI ) setup for MPLS Cloud with High-Availability measures
• Web Application Security Implementation for Mobile & E-Enabled Services using Citrix WAF, Netscaler ADC, SSL Offloading and Accelerations, Fortigate IPS & NG Firewalls, Juniper IPS/IDP, Netflow Aggregations and SIEM using IBM QRADAR
• Layer-2 Security Implementations across the Campus Network using 802.1x, Private VLANs, CoPP, iACLs, DHCP Snooping, Port Security, DAI, IP Source Guard, MKA Security and Cisco TrustSec etc.
• Rollout of Wan Optimization Project using Steelhead Riverbed across 100 locations
• MPLS VPN Implementations for branches using BGP, OSPF, DMVPN/GET VPN ( 70+ sites )
• Implementation of Identity Based Network Services - Cisco ACS and 802.1x based port based authentications
• IPv6 Implementations ( Piolet Project ) for web portals
• Vulnerability Management and Configuration Compliance Project - Using Tenable Security Center & Rapid7 Nexpose
Cisco Certified Internet Expert (CCIE) - LAB exam cleared during Year 2009 ( Security Track)
BSC-IT program with 6 Semesters
3 Year Polytechnic Diploma in Computer Engineering
PRE-DEGREE COURSE (10+2 Equivalent)