CISSP IT ICS IOT Security/ Enterprise/ Network Architect TRA, implementation Azure Cloud NIST ISO 2700x SIEM Trelix TOGAF IAM RBAM CISCO QRadar FW WAF
Aktualisiert am 02.12.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 01.10.2024
Verfügbar zu: 100%
davon vor Ort: 100%
Security Architect, Enterprise Architect, Cloud
Critical Infrastructure, Electricity, Water, Rail, Airport, Oil, Gas
CISSP, NIST, 27001, 27002, TOGAF, UML
Directory Services
IAM (Identity Access Management), RBAM (Bole Based Access Management)
PII (Personal Identity Information)
SOC (Security Operation Centre) Design, Implementation and Operation
DR (Disaster Recovery), Service Management, Redundancy, Backup /Recovery
Defense-in-Depth and Defense-in-Breadth
Firewall, IPS/IDS and security policy Management
NERC CIP002-009v3 /v5
SCADA, IEC62443
PURDUE Model for Electricity, Water, Oil, Gas, Transport industry
CISSP, SABSA, COBIT-5 and TOGAF
Firewall, Checkpoint, Cisco, Juniper, Palo-Alto, Tofin
Network, OSPF, BGP4, MPLS-VPN, IPsec-VPN, Multicast Network, PIM-SSM, QOS, VoIP, Video
Experience in Manufacturing Banking Airline Airport Transport Oil /Gas, Electricity/Water

Einsatzorte

Einsatzorte

Frankfurt am Main (+200km) Köln (+200km)
Deutschland, Schweiz, Österreich
Rate ?125 /Std
möglich

Projekte

Projekte

5 Monate
2019-08 - 2019-12

Audit support

Enterprise Architect
Enterprise Architect

Audit support of IAM (Identity Access Management) for over 65 from over 1600 banking applications based on various operating systems using TOGAF Enterprise Architecture Framework. Audit and reconciliations of IAM integrations with Microsoft Active Directory, Role Based Access Mgmt (RBAM) as well as IBM Mainframe z-OS banking applications using RACF-ID and MSA lists. Integrations of IAM correction automation from RSA Aveksa AFX (Access Fulfilment Express) and RSA-VIA Identity Governance and Lifecycle /certification process (IG&L) and PKI (Public Key Infrastructure) services. Take part in Internal and external auditing preparation of IAM for BMO and KPMG. Use of Splunk reporting and Pivot tools for IAM security policy violations investigations.

BMO (Bank of Montreal) IAM contract via Cognizant ? Toronto
1 Jahr 1 Monat
2018-06 - 2019-06

implementation and securing of VueForge platform services

ICS Security Architect / IT Architect
ICS Security Architect / IT Architect

As Architect lead implementation and securing of VueForge platform services for machine-driven Big Data implementation, supporting ADSA (Advanced Database Systems and Applications) verification and Transitioning to autonomous vehicles, implementation and securing IOT infrastructure and Electric Grid Asset Management. Integration of COMPASS error correction services into safety and security services using combination of satellite positioning and wireless communications to provide signallers with greatly improved visibility into network problems. Implementation and securing advanced data analytics gather information from a range of sources to allow safe and efficient passage of multiple vehicles through a temporary block working area.

British Railways contract via Aricent ? London ? United Kingdom
5 Monate
2017-09 - 2018-01

Software License and Support Mgmt

ICS Security Architect
ICS Security Architect

QP (Qatar Petroleum) is key critical infrastructure industries in Qatar. With volatile middle-east security situation in mind I was engaged as Security architect “via BPC Plus” to lead restructure the company wide network to follow “Purdue Model for Oil and Gas industry” and create blue print for company wide applications to follow ITILv3 and on TOGAF. In addition I was to creating security services catalogue of QP with “Defense-in-Depth and Defense-in-Breadth” for ICS multiple-vender environment. The solutions were completed for following services: MS-Active Directory, IAM (Role Base Access), PKI, Asset and acquisition, Inventory Mgmt. End Point and Data Leak Protection, Third Party Vendor Mgmt, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection Backup /Recovery, SLA Monitoring, Configuration Mgmt, Firewall, IPS and security policy Mgmt, Network and NOC Mgmt, Hiring, Personnel, Safety and Security Training Mgmt, Document Mgmt. Third Party Mgmt. Software License and Support Mgmt, SIEM /SOC, Triage Mgmt, Virtualization and cloud Resources Mgmt. Capacity Mgmt.

QP (Qatar Petarolem) via BPC Plus ? Doha ? Qatar
4 Monate
2016-10 - 2017-01

provide infrastructure and security deployment

Systems Security Architect
Systems Security Architect

I was to provide infrastructure and security deployment “via Wipro” to lead the following projects:

  • Implement Passenger Analytics, estimation passenger throughput their duel-time within defined boundaries using Cisco Prime /MSE /WLC solution with WIFI and Bluetooth beacons.
  • Expansion on existing Baggage Handling System (BHS) using Vunderlande products. The solution use SCADA managed belt, Fire /Safety Mgmt, to deliver baggage from Check-in desks to storage and planes through security-scanners with very high degree of accuracy, safety and security. 
  • ISP-Diversity and redundancy using BGP4 routing protocol.

GTAA (Greater Toronto Airport Authority) Contract via Wipro ? Toronto
2 Jahre 8 Monate
2013-11 - 2016-06

securing Transmission

Security Architect
Security Architect

I was engaged as ICS Security Specialist for securing DEWA Transmission, Distribution as well as Smart Grid programs integration. During my contract I design and lead delivery the following:

  • Updating security policy to for OT /SCADA/ ICS, SCADA technologies for over 400 HV (100-400KV) and 6000 MV (33KV) Substations based on ISO27001/2, IEC62443, ISA 99, NISTIR 7628v4, SP800-53, 800-82, 800-83, NERC CIP002-009v3 /v5 frameworks.
  • Restructure OT communication following (PURDUE Model for Electricity and Water industry) and hand on modification of routing, switching, SOA /Micro-Services and services orchestration.

  • Design and implement new OT Data Centre isolating Operation from Smart Grid and IT. Following SABSA, COBIT-5 and TOGAF strategy, planning and roadmap using best of breed technologies (VBlock), (UCS, VMware /EMC), Micro-Segmentation and Public Cloud, NOC, service monitoring with scalable Solarwinds EOC, and improved physical and cyber-security policies and update procedures for OT production services.

  • Operation security management activities included hands on for IAM (Active Directory), Role Based Access Mgmt (RBAM), Firewall /IPS Policy Review and Remediation Mgmt (Checkpoint, Cisco, Palo-Alto, Tofin, Virtual Appliance and Security Gateway). Audit Mgmt, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Hardening, Netflow, Avamar-Backup /Recovery and NSX.

  • Deploy Azure-Cloud for services within QA, R&D and Training Environment where live data is not used deploying Role-Based-Access-Controls (RBAC) and with need-to-know bases with Azure AD two factor access and cloud based Authentication, CASB, SAML 2.0, OAUTH 2.0, Azure IAM, Azure Security integration, Security audit (NERC-CIP, PCI-DSS, ISO27001/2, SOC2 Reports).

  • Design and hand on implement SOC (SP800.62v2), defining Use-Cases based on Prioritized Assessed Vulnerabilities, filter and correlated logs for SIEM (QRadar and Splunk) and Remediation using integrating SAP Ticketing handled via Emergency Response team using Integrated Dashboard, Services Orchestration feed from SIEM log file. Use of Splunk for Cyber Threat Hunting and reporting to prove security policy violations investigations. Cyber Security covered “Data in transit, Data at Rest and Data in memory”.

  • OT services integration with Smart Grid infrastructure security for Smart Meters, DG (Distributed Generation), DR (Demand Response), EV (Electric Vehicle), and DA (Distributed Automation) by creating scalable Active Directory, Role based IAM and PKI, base on UTD (Unified Threat Defence) above Substations as well as x30,000 pocket Substations. Smart Grid network used 801.15.4g (Zigbee /6lopan) RF-Mesh as well as WDM-PON, TWDM-PON, GPON and Huawei OSN9800, OSN1800 fibre to home technology.

DEWA (Dubai Water and Electricity Authority) ? Dubai ? UAE
8 Monate
2012-11 - 2013-06

consultation and planning multi-year business transformation program

Smart Grid IT Systems Architect
Smart Grid IT Systems Architect
  • I was acting as Smart Grid IT Architect in Central Office (Ontario Project) as well as acting as a member of CoC team for Siemens Smart Grid development in Fredericton. I was leading and responsible for consultation and planning multi-year business transformation program for Siemens smart grid clients.
  • This included smart grid complete IT/OT/Infrastructure /Security Architecture restructuring using Siemens structured architecture framework. Estimating client’s transformation requirements using Capability Maturity Model Integration (CMMI). Deliver all planning phases and services using Siemens Smart-Grid Products for IT /OT / Security Architecture based on NERC CIP002-009 as well as pricing Business-Transformation-Program for multiple years.
  • Delivering Siemens Smart Grid transformation framework via which client goes through Smart Grid 360 degree capability maturity model consulting program that includes “Orientation” and “Destination” consulting studies via which clients of progress for IT/OT/Infrastructure is agreed upon. From above studies Gap-Analysis and maturity model diagram is created that compare with “as-it” with desired level of maturity. The final “Routing” study phase identifies Siemens relevant Smart-Grid Products customization based on NERC CIP002-009 client requirement and a Business-Transformation-Program is created and priced.
Siemens Canada - Toronto - Canada
1 Jahr 2 Monate
2011-08 - 2012-09

Reporting to IBM as IT Systems

IT Systems and Infrastructure Architect
IT Systems and Infrastructure Architect

Reporting to IBM as IT Systems and Infrastructure Architect to ADS project; my responsibility is to lead the Architect Network and Systems for the ADS (Advance Distribution Solution). Program implementation is based on ITIL, SOA /Micro-Services, Schneider Electric, General Electric, Telvent OASyS and ICCP (Inter-control Centre Communications Protocol IEC60870-6) and SCADA (supervisory control and data acquisition) concepts with maximum 2 seconds response time to events on Electrical Systems. The team consist of 60 IBM, Hydro-One, GE (General Electric) and Telvent personnel. As architect I support delivery of conceptual and logical design of network, security zone and “Management Services” required in services catalogues for ADS program based on ITIL SOA /Micro-Services. Key services are Microsoft Active Directory (IAM), MS Forefront Identity Manager, Role Based Access Mgmt (RBAM), HP SIEM (ArcSight), RSA, Radius, Citrix XenDesktop, Malware and End Point Protection, Update and Distribution, OS and Application Updated and Distribution, Backup /Recovery,  Server Hardening, Services Orchestration Dashboards and Solar Winds management.

Hydro One (Ontario Power Company) /IBM Canada - Toronto - Canada
2 Jahre 6 Monate
2008-09 - 2011-02

integrating acquired assets

Network Architect
Network Architect

My responsibility as Team lead for Network Architect in TAQA is integrating acquired assets, network-infrastructure, and create support-mechanisms and unified services and turn them into unified global architecture following ITILv3 standard and design. My activities include following concepts: IP restructuring, VoIP global unification, creating Video-conferencing facilities, building network and services redundancy, delivering QoS (Quality of Service) to deliver Voice, Video and Data across acquired networks, implement CWDM (Corse Wavelength Division Multiplexers technology), build global Data Centre, Disaster Recovery using SAN /Brocade, FC, FCIP, FCoE, NetApp communication, NetApp Storage Management System, Nexus 10G, Server Virtualization, L3 Load Balancing using F5 BIG IP LTM /GTM (Local /Global Traffic Management), Riverbed 7500 accelerator, WebSense Global Security solution, MS Active directory, ole Based Access Mgmt (RBAM), Citrix NetScaler, Citrix XenApp, VM-Ware, ESXi, vSphere, vCenter, Citrix XenDesktop virtualizations, Firewall-Security-Zones, Firewall Policy Review and Remediation, Firewall Policy Audit and restructuring, End Point Protection, Global Service Design Delivery and Monitoring, IT Procedure definitions, Telepresence, Cisco Unified-Communication Service-Deployment - and unified Hierarchical Network Management, Monitoring using Solarwinds EOC etc.

TAQA (Abu Dhabi National Energy Company) - Amsterdam - Netherlands
6 Monate
2007-12 - 2008-05

Full-Mesh-MPLS-VPN

Global MPLS - Network Design Engineer
Global MPLS - Network Design Engineer

(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) projects - Clients use Full-Mesh-MPLS-VPN or Hub/Spoke MPLS-VPN with Disaster Recovery and Managed Multi-Zone-Firewall Services.

O2 Business Services - MPLS-VPN (Serv. Provider) - Munich ? Germany
7 Monate
2007-01 - 2007-07

upgrade the connections of Hospitals

Network Specialist ? Cisco
Network Specialist ? Cisco

I was acting as the Network Specialist for Cisco 124xx and 76xx Switches and Juniper based Routing /switching products. I helped to upgrade the connections of Hospitals to SSHA Core network Clients via newly developed MPLS-VPN infrastructure via VRF technology.

Smart Systems for Health Agency (SSHA) MPLS-VPN - Toronto - Canada
8 Monate
2006-03 - 2006-10

Securing the Ministry Network

Security Consultant
Security Consultant

Securing the Ministry Network and Databases from misuse and terrorism is considered a vital role in this project. Acting as the Security Consultant for Juniper Based Network (Firewalls and IDPs) devices.

Ministry of Interior Security Project - Riyadh - Saudi Arabia
1 Jahr 2 Monate
2005-02 - 2006-03

BW-Management project

Network Architect
Network Architect

(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4)  (1) In BW-Management project I helped prevent Peer-to-Peer application use most of core network bandwidth and deployed 120 Cisco Deep Inspection Engine (SCE) and its associated 40 Collection Managers Servers (Sun Netra-240) control and manage Rogers Internet services usage at a cost of 30M $CAN. (2) In IPSec Extranet project I help to use Cisco IOS-FW, Authentication-Proxy and Inspection-Technology to provide safe and large scale Network-to-Network access for Vendors; enabling them to reaching deployed Servers in Rogers’s network for support purposes with minimal risk to Rogers using Gated-Access-Technology. (3) In HD VOD (High Definition – Video On Demand) project I have evaluated the upgrade path for re-architecture of Roger HD VOD Services using Multicast MPLS-VPN and PIM-SSM technologies with Sea Change and Tandberg VOD Server and Services. This enabled Rogers to deliver HD and VOD services later to its 3 million customers.  

Rogers Cable ? Multiple Projects ? Canada
1 Jahr 2 Monate
2003-10 - 2004-11

planning and architecture of the new HQ network

Network Specialist
Network Specialist

During contract I worked on three projects. (1) For Agriculture Canada HQ project (Canadian Government), I acted as the Infrastructure Architect where I completed planning and architecture of the new HQ network. As a result personnel from 12 sites of Agriculture Canada moved to HQ. (2) In School Board project I completed the deployment of core network using Cisco 6500 with integrated FW, IDS and NEM Modules.  Over 200 schools and 30,000 users were connected to Ottawa School Board using the new system and could use Internet-Services. (3) In Statistics Canada Project I implemented a multi-Layer Multi-vendor firewall (PIX / Check-Point) network where it was essential protecting very sensitive data. This enables sensitive data to be protected from software weaknesses of single firewall vendor.

IBM Global Services ? Multiple Government Contracts - Canada
1 Jahr 1 Monat
2002-01 - 2003-01

network core upgrade project

Systems Specialist ? IP Core
Systems Specialist ? IP Core

Colt Telecom is a very successful ISP in Germany (700 Million Euro of assets – 2002). I was contracted via Siemens to work within a team of 12 professionals to work on network core upgrade project implement MPLS using Juniper. This enabled Colt Telecom to provide DSL and Managed Firewall service to their customer across major cities of Europe at a very fast pace.

Colt Telecom ? Frankfurt ? Germany
10 Monate
2001-03 - 2001-12

Network Management

Network Specialist
Network Specialist
Commerzbank of Germany ? Frankfurt ? Germany

Aus- und Weiterbildung

Aus- und Weiterbildung

1984

BSc Honours? Degree in Elec. & Electronic Eng. Major in Telecom ? University of East London, UK

I am preparing for TOGAF, COBIT and SABSA architecture certification.

  • Security ISC2: CISSP
  • Cisco: CCNP, CSE, IPCC, GSR, 72xx, 65xx, 36xx, 28xx, 18xx, Nexus 9K, 7K, 5K and 2K, SCE2020, ASA5240, ASA558x,
  • Juniper: JNCIA-FWV, JNCIS-FWV, ERX1440, T320, NetScreen 5400, ISG2000 and IDP
  • Checkpoint: CCSA

Kompetenzen

Kompetenzen

Top-Skills

Security Architect, Enterprise Architect, Cloud Critical Infrastructure, Electricity, Water, Rail, Airport, Oil, Gas CISSP, NIST, 27001, 27002, TOGAF, UML Directory Services IAM (Identity Access Management), RBAM (Bole Based Access Management) PII (Personal Identity Information) SOC (Security Operation Centre) Design, Implementation and Operation DR (Disaster Recovery), Service Management, Redundancy, Backup /Recovery Defense-in-Depth and Defense-in-Breadth Firewall, IPS/IDS and security policy Management NERC CIP002-009v3 /v5 SCADA, IEC62443 PURDUE Model for Electricity, Water, Oil, Gas, Transport industry CISSP, SABSA, COBIT-5 and TOGAF Firewall, Checkpoint, Cisco, Juniper, Palo-Alto, Tofin Network, OSPF, BGP4, MPLS-VPN, IPsec-VPN, Multicast Network, PIM-SSM, QOS, VoIP, Video Experience in Manufacturing Banking Airline Airport Transport Oil /Gas, Electricity/Water

Produkte / Standards / Erfahrungen / Methoden

PROFILE

CISSP – ICS Security Architect /IT Architect

  • I am CISSP certified IT /ICS Application Security Architect with experience in the architecture, design, implementation, testing and support of mission-critical systems TOGAF), Strategy Planning and Roadmap.
  • I have substantial experience in Security McAfee (ePO), SIEM products such as IBM Q-Radar, Splunk and ArcSight solutions. My knowledge in Network and cloud based Authentication, implementation and operation of CASB, SAML 2.0, OAUTH 2.0, Azure Cloud, Azure AD, MS-AD, IAM, MS-PKI, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Azure Security has enabled me to architect and implement ESB (Enterprise Services Bus) and associated Services Orchestration Dashboards for (Service Orientated Architecture /Micro-Services) Three Tiered Service (Application, Database, Web-interface) in very large scale and secure their tiers successfully. In addition I have hands-on experience in large-scale deployment of Endpoint Protection (Phone, Tablets, Notebooks), IPSec-VPN, Network /Security Architecture, IDS /IDP (Intrusion-Detection-System /Intrusion-Prevention-System), Web-Interface-Proxy and SAN multi-tier technologies in Private and Public Cloud implementing using VM-Ware in multi-Vendor, Multi-OS infrastructure.

Einsatzorte

Einsatzorte

Frankfurt am Main (+200km) Köln (+200km)
Deutschland, Schweiz, Österreich
Rate ?125 /Std
möglich

Projekte

Projekte

5 Monate
2019-08 - 2019-12

Audit support

Enterprise Architect
Enterprise Architect

Audit support of IAM (Identity Access Management) for over 65 from over 1600 banking applications based on various operating systems using TOGAF Enterprise Architecture Framework. Audit and reconciliations of IAM integrations with Microsoft Active Directory, Role Based Access Mgmt (RBAM) as well as IBM Mainframe z-OS banking applications using RACF-ID and MSA lists. Integrations of IAM correction automation from RSA Aveksa AFX (Access Fulfilment Express) and RSA-VIA Identity Governance and Lifecycle /certification process (IG&L) and PKI (Public Key Infrastructure) services. Take part in Internal and external auditing preparation of IAM for BMO and KPMG. Use of Splunk reporting and Pivot tools for IAM security policy violations investigations.

BMO (Bank of Montreal) IAM contract via Cognizant ? Toronto
1 Jahr 1 Monat
2018-06 - 2019-06

implementation and securing of VueForge platform services

ICS Security Architect / IT Architect
ICS Security Architect / IT Architect

As Architect lead implementation and securing of VueForge platform services for machine-driven Big Data implementation, supporting ADSA (Advanced Database Systems and Applications) verification and Transitioning to autonomous vehicles, implementation and securing IOT infrastructure and Electric Grid Asset Management. Integration of COMPASS error correction services into safety and security services using combination of satellite positioning and wireless communications to provide signallers with greatly improved visibility into network problems. Implementation and securing advanced data analytics gather information from a range of sources to allow safe and efficient passage of multiple vehicles through a temporary block working area.

British Railways contract via Aricent ? London ? United Kingdom
5 Monate
2017-09 - 2018-01

Software License and Support Mgmt

ICS Security Architect
ICS Security Architect

QP (Qatar Petroleum) is key critical infrastructure industries in Qatar. With volatile middle-east security situation in mind I was engaged as Security architect “via BPC Plus” to lead restructure the company wide network to follow “Purdue Model for Oil and Gas industry” and create blue print for company wide applications to follow ITILv3 and on TOGAF. In addition I was to creating security services catalogue of QP with “Defense-in-Depth and Defense-in-Breadth” for ICS multiple-vender environment. The solutions were completed for following services: MS-Active Directory, IAM (Role Base Access), PKI, Asset and acquisition, Inventory Mgmt. End Point and Data Leak Protection, Third Party Vendor Mgmt, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection Backup /Recovery, SLA Monitoring, Configuration Mgmt, Firewall, IPS and security policy Mgmt, Network and NOC Mgmt, Hiring, Personnel, Safety and Security Training Mgmt, Document Mgmt. Third Party Mgmt. Software License and Support Mgmt, SIEM /SOC, Triage Mgmt, Virtualization and cloud Resources Mgmt. Capacity Mgmt.

QP (Qatar Petarolem) via BPC Plus ? Doha ? Qatar
4 Monate
2016-10 - 2017-01

provide infrastructure and security deployment

Systems Security Architect
Systems Security Architect

I was to provide infrastructure and security deployment “via Wipro” to lead the following projects:

  • Implement Passenger Analytics, estimation passenger throughput their duel-time within defined boundaries using Cisco Prime /MSE /WLC solution with WIFI and Bluetooth beacons.
  • Expansion on existing Baggage Handling System (BHS) using Vunderlande products. The solution use SCADA managed belt, Fire /Safety Mgmt, to deliver baggage from Check-in desks to storage and planes through security-scanners with very high degree of accuracy, safety and security. 
  • ISP-Diversity and redundancy using BGP4 routing protocol.

GTAA (Greater Toronto Airport Authority) Contract via Wipro ? Toronto
2 Jahre 8 Monate
2013-11 - 2016-06

securing Transmission

Security Architect
Security Architect

I was engaged as ICS Security Specialist for securing DEWA Transmission, Distribution as well as Smart Grid programs integration. During my contract I design and lead delivery the following:

  • Updating security policy to for OT /SCADA/ ICS, SCADA technologies for over 400 HV (100-400KV) and 6000 MV (33KV) Substations based on ISO27001/2, IEC62443, ISA 99, NISTIR 7628v4, SP800-53, 800-82, 800-83, NERC CIP002-009v3 /v5 frameworks.
  • Restructure OT communication following (PURDUE Model for Electricity and Water industry) and hand on modification of routing, switching, SOA /Micro-Services and services orchestration.

  • Design and implement new OT Data Centre isolating Operation from Smart Grid and IT. Following SABSA, COBIT-5 and TOGAF strategy, planning and roadmap using best of breed technologies (VBlock), (UCS, VMware /EMC), Micro-Segmentation and Public Cloud, NOC, service monitoring with scalable Solarwinds EOC, and improved physical and cyber-security policies and update procedures for OT production services.

  • Operation security management activities included hands on for IAM (Active Directory), Role Based Access Mgmt (RBAM), Firewall /IPS Policy Review and Remediation Mgmt (Checkpoint, Cisco, Palo-Alto, Tofin, Virtual Appliance and Security Gateway). Audit Mgmt, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Hardening, Netflow, Avamar-Backup /Recovery and NSX.

  • Deploy Azure-Cloud for services within QA, R&D and Training Environment where live data is not used deploying Role-Based-Access-Controls (RBAC) and with need-to-know bases with Azure AD two factor access and cloud based Authentication, CASB, SAML 2.0, OAUTH 2.0, Azure IAM, Azure Security integration, Security audit (NERC-CIP, PCI-DSS, ISO27001/2, SOC2 Reports).

  • Design and hand on implement SOC (SP800.62v2), defining Use-Cases based on Prioritized Assessed Vulnerabilities, filter and correlated logs for SIEM (QRadar and Splunk) and Remediation using integrating SAP Ticketing handled via Emergency Response team using Integrated Dashboard, Services Orchestration feed from SIEM log file. Use of Splunk for Cyber Threat Hunting and reporting to prove security policy violations investigations. Cyber Security covered “Data in transit, Data at Rest and Data in memory”.

  • OT services integration with Smart Grid infrastructure security for Smart Meters, DG (Distributed Generation), DR (Demand Response), EV (Electric Vehicle), and DA (Distributed Automation) by creating scalable Active Directory, Role based IAM and PKI, base on UTD (Unified Threat Defence) above Substations as well as x30,000 pocket Substations. Smart Grid network used 801.15.4g (Zigbee /6lopan) RF-Mesh as well as WDM-PON, TWDM-PON, GPON and Huawei OSN9800, OSN1800 fibre to home technology.

DEWA (Dubai Water and Electricity Authority) ? Dubai ? UAE
8 Monate
2012-11 - 2013-06

consultation and planning multi-year business transformation program

Smart Grid IT Systems Architect
Smart Grid IT Systems Architect
  • I was acting as Smart Grid IT Architect in Central Office (Ontario Project) as well as acting as a member of CoC team for Siemens Smart Grid development in Fredericton. I was leading and responsible for consultation and planning multi-year business transformation program for Siemens smart grid clients.
  • This included smart grid complete IT/OT/Infrastructure /Security Architecture restructuring using Siemens structured architecture framework. Estimating client’s transformation requirements using Capability Maturity Model Integration (CMMI). Deliver all planning phases and services using Siemens Smart-Grid Products for IT /OT / Security Architecture based on NERC CIP002-009 as well as pricing Business-Transformation-Program for multiple years.
  • Delivering Siemens Smart Grid transformation framework via which client goes through Smart Grid 360 degree capability maturity model consulting program that includes “Orientation” and “Destination” consulting studies via which clients of progress for IT/OT/Infrastructure is agreed upon. From above studies Gap-Analysis and maturity model diagram is created that compare with “as-it” with desired level of maturity. The final “Routing” study phase identifies Siemens relevant Smart-Grid Products customization based on NERC CIP002-009 client requirement and a Business-Transformation-Program is created and priced.
Siemens Canada - Toronto - Canada
1 Jahr 2 Monate
2011-08 - 2012-09

Reporting to IBM as IT Systems

IT Systems and Infrastructure Architect
IT Systems and Infrastructure Architect

Reporting to IBM as IT Systems and Infrastructure Architect to ADS project; my responsibility is to lead the Architect Network and Systems for the ADS (Advance Distribution Solution). Program implementation is based on ITIL, SOA /Micro-Services, Schneider Electric, General Electric, Telvent OASyS and ICCP (Inter-control Centre Communications Protocol IEC60870-6) and SCADA (supervisory control and data acquisition) concepts with maximum 2 seconds response time to events on Electrical Systems. The team consist of 60 IBM, Hydro-One, GE (General Electric) and Telvent personnel. As architect I support delivery of conceptual and logical design of network, security zone and “Management Services” required in services catalogues for ADS program based on ITIL SOA /Micro-Services. Key services are Microsoft Active Directory (IAM), MS Forefront Identity Manager, Role Based Access Mgmt (RBAM), HP SIEM (ArcSight), RSA, Radius, Citrix XenDesktop, Malware and End Point Protection, Update and Distribution, OS and Application Updated and Distribution, Backup /Recovery,  Server Hardening, Services Orchestration Dashboards and Solar Winds management.

Hydro One (Ontario Power Company) /IBM Canada - Toronto - Canada
2 Jahre 6 Monate
2008-09 - 2011-02

integrating acquired assets

Network Architect
Network Architect

My responsibility as Team lead for Network Architect in TAQA is integrating acquired assets, network-infrastructure, and create support-mechanisms and unified services and turn them into unified global architecture following ITILv3 standard and design. My activities include following concepts: IP restructuring, VoIP global unification, creating Video-conferencing facilities, building network and services redundancy, delivering QoS (Quality of Service) to deliver Voice, Video and Data across acquired networks, implement CWDM (Corse Wavelength Division Multiplexers technology), build global Data Centre, Disaster Recovery using SAN /Brocade, FC, FCIP, FCoE, NetApp communication, NetApp Storage Management System, Nexus 10G, Server Virtualization, L3 Load Balancing using F5 BIG IP LTM /GTM (Local /Global Traffic Management), Riverbed 7500 accelerator, WebSense Global Security solution, MS Active directory, ole Based Access Mgmt (RBAM), Citrix NetScaler, Citrix XenApp, VM-Ware, ESXi, vSphere, vCenter, Citrix XenDesktop virtualizations, Firewall-Security-Zones, Firewall Policy Review and Remediation, Firewall Policy Audit and restructuring, End Point Protection, Global Service Design Delivery and Monitoring, IT Procedure definitions, Telepresence, Cisco Unified-Communication Service-Deployment - and unified Hierarchical Network Management, Monitoring using Solarwinds EOC etc.

TAQA (Abu Dhabi National Energy Company) - Amsterdam - Netherlands
6 Monate
2007-12 - 2008-05

Full-Mesh-MPLS-VPN

Global MPLS - Network Design Engineer
Global MPLS - Network Design Engineer

(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) projects - Clients use Full-Mesh-MPLS-VPN or Hub/Spoke MPLS-VPN with Disaster Recovery and Managed Multi-Zone-Firewall Services.

O2 Business Services - MPLS-VPN (Serv. Provider) - Munich ? Germany
7 Monate
2007-01 - 2007-07

upgrade the connections of Hospitals

Network Specialist ? Cisco
Network Specialist ? Cisco

I was acting as the Network Specialist for Cisco 124xx and 76xx Switches and Juniper based Routing /switching products. I helped to upgrade the connections of Hospitals to SSHA Core network Clients via newly developed MPLS-VPN infrastructure via VRF technology.

Smart Systems for Health Agency (SSHA) MPLS-VPN - Toronto - Canada
8 Monate
2006-03 - 2006-10

Securing the Ministry Network

Security Consultant
Security Consultant

Securing the Ministry Network and Databases from misuse and terrorism is considered a vital role in this project. Acting as the Security Consultant for Juniper Based Network (Firewalls and IDPs) devices.

Ministry of Interior Security Project - Riyadh - Saudi Arabia
1 Jahr 2 Monate
2005-02 - 2006-03

BW-Management project

Network Architect
Network Architect

(LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4)  (1) In BW-Management project I helped prevent Peer-to-Peer application use most of core network bandwidth and deployed 120 Cisco Deep Inspection Engine (SCE) and its associated 40 Collection Managers Servers (Sun Netra-240) control and manage Rogers Internet services usage at a cost of 30M $CAN. (2) In IPSec Extranet project I help to use Cisco IOS-FW, Authentication-Proxy and Inspection-Technology to provide safe and large scale Network-to-Network access for Vendors; enabling them to reaching deployed Servers in Rogers’s network for support purposes with minimal risk to Rogers using Gated-Access-Technology. (3) In HD VOD (High Definition – Video On Demand) project I have evaluated the upgrade path for re-architecture of Roger HD VOD Services using Multicast MPLS-VPN and PIM-SSM technologies with Sea Change and Tandberg VOD Server and Services. This enabled Rogers to deliver HD and VOD services later to its 3 million customers.  

Rogers Cable ? Multiple Projects ? Canada
1 Jahr 2 Monate
2003-10 - 2004-11

planning and architecture of the new HQ network

Network Specialist
Network Specialist

During contract I worked on three projects. (1) For Agriculture Canada HQ project (Canadian Government), I acted as the Infrastructure Architect where I completed planning and architecture of the new HQ network. As a result personnel from 12 sites of Agriculture Canada moved to HQ. (2) In School Board project I completed the deployment of core network using Cisco 6500 with integrated FW, IDS and NEM Modules.  Over 200 schools and 30,000 users were connected to Ottawa School Board using the new system and could use Internet-Services. (3) In Statistics Canada Project I implemented a multi-Layer Multi-vendor firewall (PIX / Check-Point) network where it was essential protecting very sensitive data. This enables sensitive data to be protected from software weaknesses of single firewall vendor.

IBM Global Services ? Multiple Government Contracts - Canada
1 Jahr 1 Monat
2002-01 - 2003-01

network core upgrade project

Systems Specialist ? IP Core
Systems Specialist ? IP Core

Colt Telecom is a very successful ISP in Germany (700 Million Euro of assets – 2002). I was contracted via Siemens to work within a team of 12 professionals to work on network core upgrade project implement MPLS using Juniper. This enabled Colt Telecom to provide DSL and Managed Firewall service to their customer across major cities of Europe at a very fast pace.

Colt Telecom ? Frankfurt ? Germany
10 Monate
2001-03 - 2001-12

Network Management

Network Specialist
Network Specialist
Commerzbank of Germany ? Frankfurt ? Germany

Aus- und Weiterbildung

Aus- und Weiterbildung

1984

BSc Honours? Degree in Elec. & Electronic Eng. Major in Telecom ? University of East London, UK

I am preparing for TOGAF, COBIT and SABSA architecture certification.

  • Security ISC2: CISSP
  • Cisco: CCNP, CSE, IPCC, GSR, 72xx, 65xx, 36xx, 28xx, 18xx, Nexus 9K, 7K, 5K and 2K, SCE2020, ASA5240, ASA558x,
  • Juniper: JNCIA-FWV, JNCIS-FWV, ERX1440, T320, NetScreen 5400, ISG2000 and IDP
  • Checkpoint: CCSA

Kompetenzen

Kompetenzen

Top-Skills

Security Architect, Enterprise Architect, Cloud Critical Infrastructure, Electricity, Water, Rail, Airport, Oil, Gas CISSP, NIST, 27001, 27002, TOGAF, UML Directory Services IAM (Identity Access Management), RBAM (Bole Based Access Management) PII (Personal Identity Information) SOC (Security Operation Centre) Design, Implementation and Operation DR (Disaster Recovery), Service Management, Redundancy, Backup /Recovery Defense-in-Depth and Defense-in-Breadth Firewall, IPS/IDS and security policy Management NERC CIP002-009v3 /v5 SCADA, IEC62443 PURDUE Model for Electricity, Water, Oil, Gas, Transport industry CISSP, SABSA, COBIT-5 and TOGAF Firewall, Checkpoint, Cisco, Juniper, Palo-Alto, Tofin Network, OSPF, BGP4, MPLS-VPN, IPsec-VPN, Multicast Network, PIM-SSM, QOS, VoIP, Video Experience in Manufacturing Banking Airline Airport Transport Oil /Gas, Electricity/Water

Produkte / Standards / Erfahrungen / Methoden

PROFILE

CISSP – ICS Security Architect /IT Architect

  • I am CISSP certified IT /ICS Application Security Architect with experience in the architecture, design, implementation, testing and support of mission-critical systems TOGAF), Strategy Planning and Roadmap.
  • I have substantial experience in Security McAfee (ePO), SIEM products such as IBM Q-Radar, Splunk and ArcSight solutions. My knowledge in Network and cloud based Authentication, implementation and operation of CASB, SAML 2.0, OAUTH 2.0, Azure Cloud, Azure AD, MS-AD, IAM, MS-PKI, End Point Protection, Third Party Vendor Mgmt, Data Leak Protection, Vulnerability and Patch Mgmt, Privacy and Personal Identity Information (PII) protection, Azure Security has enabled me to architect and implement ESB (Enterprise Services Bus) and associated Services Orchestration Dashboards for (Service Orientated Architecture /Micro-Services) Three Tiered Service (Application, Database, Web-interface) in very large scale and secure their tiers successfully. In addition I have hands-on experience in large-scale deployment of Endpoint Protection (Phone, Tablets, Notebooks), IPSec-VPN, Network /Security Architecture, IDS /IDP (Intrusion-Detection-System /Intrusion-Prevention-System), Web-Interface-Proxy and SAN multi-tier technologies in Private and Public Cloud implementing using VM-Ware in multi-Vendor, Multi-OS infrastructure.

Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.