TECHNICAL KNOWLEDGE
PROFESSIONAL EXPERIENCE
Cogeco
Senior Cybersecurity Specialist 09/2022 – Present
·Fully supported an NSX environment encompassing three datacenter, each with three distinct environments, including T0 routing, T1 FW, DFW, VPN
·Build over 250 IPSec VPNs with Panorama/Palo Alto, mainly with Azure and AWS along with 3000 C2S Global Protect
·Identified risk magnitudes within network zones and developed plans for micro segmentation
·Troubleshot network connectivity issues using packet capture analysis
·Performed root cause analysis for network delays by examining each segment along the path
·Conducted a thorough analysis of network flow by examining packet capture sequences, errors, and retransmissions
·Identified the root cause by analyzing data paths and authentication errors with Active Directory and Cisco ISE
·Troubleshoot network access by network components and network path analysis through SPLUNK and Sentinel
·Designed and delivered Kubernetes security assessments and compliance with Prisma Cloud
·Provided security requirements for more various SaaS, PaaS and IaaS platforms
·Deployed Defender/Twistlock using TwistCLI and configured agentless scanning of cloud workload
·Supported load balancer optimization and troubleshooting of F5, and ALB
·Implemented and troubleshoot client to site and site to site IPSec VPNs
·Troubleshoot access issues by investigating SIEM
TD Bank
Sr. IT Security Architect 03/2020 - 09/2021
·Advised cybersecurity policies along with risk assessment for virtual infrastructure migration of about 4500 VMs by analyzing 300 existing Panorama, Prisma, and NSX policies and Device42 raw data transferring them to Azure and IBM cloud platforms with a 90% success rate
·Delivered SIEM/SOAR log correlation and anomaly detection analysis for the entire network
·Designed and delivered segmentation by tagging vNet/VPC based on defined criteria
·Delivered security policy and firewall rules accreditation for performance improvements
·Reviewed and recommended cybersecurity policies for various applications, systems on-prem and on-cloud including IAM, TLS, Pentest, and compliance
·Developed over 30 security architecture design patterns for cross-domain IAM, cloud API, cloud to -on-prem access
·Delivered gap analysis for current security patterns and updated strategy
·Delivered PoC for various platforms Zero-trust Architecture, micro-segmentation
·Conducted risk assessment for public cloud migration decision support system
·Azure and IBM cloud network security components and design (NSG, ASG, WAF)
SOCAN
Sr. Senior Security and Infrastructure Analyst 06/2019 - 03/2020
·Provided cybersecurity architectural recommendations for cybersecurity controls around cloud applications using CASB
·Designed and delivered IAM federated identity deploying SAML for various components
·Redesigned SSLV to take two paths in an Active/Active manner to double the capacity
·Designed vRLI/vRNI SIEM (Collectors, Managers) for advanced traffic analysis
·Completely architected SSL Visibility solution and components including Packet Broker, IPS, IDS, DLP, Malware Protection
·Developed RFP and vendor selection criteria for ZTA platform
·Designed universal policy roll-out for FortiGate UTMs and Palo Alto firewalls
·Developed complete disaster recovery and business continuity plan (BCDR)
·Participated and helped data governance policy development for target maturity level Delivered PKI design, for both internal and public use (CA, RSA)
·Participated and helped data governance policy development for target maturity level Delivered PKI design, for both internal and public use (CA, RSA)
·Performed analysis and recovery from a real ransomware based on which the policy developed
RBC Bank
Sr. Security Architect 06/2019 - 03/2020
·Successfully led migration for SSL Visibility project for 15 locations
·Redesigned SSLV to take two paths in an Active/Active manner to double the capacity Completely
·Completely managed and implemented SSL Visibility service chain including Packet Broker, IPS, IDS, MPS and DLP (Symantec, Cisco FP, Niagara PB, FireEye, Bluecoat)
·Delivered rule design, policy staging, hardware refreshes, upgrades, of more than 500 firewalls in heterogeneous environment including Palo Altos, FTDs and FortiGates
·Supervised and rule design for over 300 Check Point firewall domain appliances (R70)
·Standardized routing and policy scheme for firewalls including IDS/IPS, Web URL Filtering
Milano Innova System (MIS)
Network Security Engineer 12/2011 - 12/2018
·Developed Disaster Recovery and Business Impact Analysis for backbone data centers
·Completely managed the payment applications throughout the cybersecurity SDLC lifecycle including SAST, DAST, code reviews, regression testing, unit testing
·Designed and implemented worldwide security policy on Palo Alto firewall clusters
·achieved PCI with guidance and external pen-test results for a payment processor having 500K merchants and 400 TPS
·Integrated Open ID Connect and OAuth federated identity for public applications
·Engineered a massive transaction environment for multi-path Palo Alto firewall and inspection clustering with F5 SSL visibility including RSA design and delivery
·Developed ransomware readiness policy, playbook and runbook emphasizing on best practices, decision tree and importance of offline backup
·Prepared migration plan from heterogeneous security border firewalls to Cisco ASA-FTD series firewalls – 4 months of on-site support
·Fully migrated from Cisco ACS to Cisco ISE with Active Directory integration
·Designed, managed and delivered optimized resources on multiple locations SSL VPN for infrastructure to serve 25,000 desktops over 1,200 locations
·Troubleshoot and fully optimized resources and applied policies with multiple desktops templates to minimize resource allocation duration for a changing environment
·Built and designed 3 levels (HQ, Main, Branch and Kiosk) of baselines security configuration policy for Palo Alto firewalls
·Developed rule base and thread management optimization plan for Palo Alto/Juniper firewalls for over 2 years
·Designed proxy solution for SSL visibility and offloading with bluecoat for both forward and reverse along with WAF capability
·Monitored and supervised Check Point and Palo Alto firewalls and in SOC for more than 3 years in 2 European banks with over 3,000 branches worldwide
·Implemented a wide variety of monitoring SOC tools for more than 5 years using Cisco Prime, Panorama, Juniper NMS, Smart-1, SolarWinds and Manage Engine along with Zenoss and Nagios both in the banking industry and payment providers
·Supervised the implementation of Kaspersky anti-malware for 10,000 devices with centralized Windows patch management and policy distribution for recurring updates, scans, possible threads report etc.
·Managed and script-automated the QRadar and Splunk for minimum false positives and high protection policy match and appropriate actions
·Built multi-layer and multi-context Check Point and Juniper in transparent mode for 3-layer protection at the core along with the Cisco ASA module on the core switch chassis
·Fully generated PCI-DSS compliance for switching and routing environment, including port security, management VLAN and SSH, STP guard, dot1x, Authentication, SNMPv3, Routing protocols authentication
·Implemented Blue Coat devices as a complementary device to Cisco ASA at branches to apply URL/cat Filtering w/wo SSL
·Prepared WAN design and migration from IGRP to OSPF for 12000 nodes using Cisco 7600 at core and 39xx, 29xx, 19xx at branches
·Fully prepared the WBS and over tasks for managing the DC project to meet the milestones and successful completion along with optimized resource allocation
·Fully configured as per instructions networks, including DNS Servers, Clients, DHCP, Active Directory, Cluster
·Implemented vSphere 5.5 to 6.5 infrastructure (ESX, vCenter, vConverter, etc.) with 40 hosts in each data center and disaster recovery site for low-latency storage synchronization
·Implemented vSphere 5.5 to 6.5 infrastructure (ESX, vCenter, vConverter, etc.) with 40 hosts in each data center and disaster recovery site for low-latency storage synchronization
·Backed up virtual infrastructure for bank datacenter using VEEAM and set up, install and configured SRM and replica of VMs on the other hosts
·Security rule base design, conflict resolution and optimization for almost 1200 firewalls in a mixed environment including Juniper, Check Point, ASA, FortiGate
·Provided high-profile consultancy and RFP developer for bank with 2500 branches
·Managed a VoIP design plan for 5 banks in size made up of over 4000 locations and 70 call processing sites
Canadian Advanced Information Technology (CAIT)
IT Infrastructure Manager 12/2005 - 12/2011
·Consultant, Supervisor for more than 10 countrywide governmental and banks of variant sites ranging from 2,000 to 10,000 (VoIP, MPLS, Infrastructure, DC, etc.)
·Managed the Architectural, Mechanical and Network Components of TIA-942 tier-3 for the second-largest Bank in the Middle East Region
·Designed and deployed VDI for over 5000 client environments
·Designed a comprehensive self-defense network and application environment for an organization with 3000 locations countrywide
·Designed and implemented Core and WAN block for the second largest bank in the private sector having over 1000 Branches
·Successfully managed a 40$ billion high-critical IT project including DC, network infrastructure
·Successfully integrated the Enterprise Management Infrastructure for a 700 Branch Bank with 99.999% availability and DRP
Hedayat Hooshmand Qarn (HHQ)
IT Infrastructure Manager 11/2004 - 12/2005
·Designed, planned and implemented a 40-point dynamic multipoint VPN for military
·Troubleshoot data center connectivity for a country-wide network consisting of 6513, 3120 complex VSS network environment
·Delivered 240 hours of advanced management courses (CW, SCCM, SCOM)
·Proposed a fully secure video-on-demand and personal TV for 5000-user country-wide
·Developed 3 RFPs for purchase, design and implementation of WAN, LAN, Datacenter for 505 Buildings (STORG-Ministry of Taxation over 1Billion dollars)
·Developed a standard pattern for LAN design for very large-scale buildings according to best practices of well-known vendors and in accordance to BS7799
·Developed and implemented a test program in which Huawei, Cisco, ZTE and Siemens equipment were compared under different circumstances
·Developed an ISMS-x security lab for type approval of equipment from different vendors (worth 2Million dollars)
·Designed and implemented a wireless VPLS solution with L2-VPN to connect 100 points country-wide
·Delivered consulting services for designing a test pattern and supervised the conformance and compliance testing of NGN network equipment from 4 different vendors (ITRC-Iran Telecommunication Research Centre)
HSC Hospital for Sick Kids
System Analyst - Server Support 08/2002 - 10/2004
·Planned, implemented and fully tested a High Availability plan using Microsoft SQL and IBM SAN cluster systems with IBM SAN for mission-critical hospital applications
·Provided no Single Point of Failure for backbone services and devices through redundancy from servers to switches and routers
·Load balanced web application servers using Nortel technology
·Gained 99.999% in server response in load distribution analysis and services tune-up
·Successfully implemented a no-failure in backup through clustering
RYERSON University
Microsoft Trainer, Official Cisco and CheckPoint Trainer 04/2001 - 10/2004
·Taught over 500 trainees networking and Internet Security courses
·Outstanding Trainer for Cisco CCNA, CCNP, CCSP
·Prepared the class and lab material for network security courses
·Official Security Trainer for Check Point CCSA, CCSE, CCSE+ and CISSP
EDUCATION
CISSP
Toronto Canada
Google Professional Cloud Security Engineer
Toronto Canada
VMware Certified Professional (VCP)
Toronto Canada
Fortinet NSE4, and NSE5
Toronto Canada
Bachelor of Science in Industrial Engineering (Systems Analysis)
Iran University of Science and Technology 1988-1992
Also certified:
MCT, MCSE, CCNP, CCIE, CCSP
Highlights
Highly experienced in designing networks and managing cybersecurity incidents, including root cause analysis, escalations, post-mortem reviews, lessons learned, and classification. Led teams of up to 12 experts, efficiently distributing workloads and ensuring smooth handovers during shifts. Proficient in troubleshooting and problem isolation using firewalls, VPNs, SD-WAN, IDS/IPS, taps, EDR, and SIEM. Skilled in identifying knowledge gaps and delivering targeted training to address them.
Security
Firewalls (Palo Alto, ASA, FirePower FTD, FortiGate, GCP, AWS, Azure NSG), DFW (NSX), CNI, VPNs, IDS/IPS, IAM, PAM, ITSEC, SKIP, IPCOMP, ISAKMP, CA PKI, AAA Servers: RADIUS, TACACS+, Kerberos, RSA, SIEM, SDLC, IAM, OAuth, SAML, LDAP, Active Directory, OKTA, Taps (Niagara)
Virtualization /Cloud
vSphere, ESX, ESXi, SRM, Hyper-V, SDN, VMWare NSX, vSAN, DFW, CNI, Private and Public Clouds Platforms (GCP, AWS, Azure), Containers, VMware Cloud Director, OpenShift, OpenStack
Networks
IP, IPSec VPN, SSL VPN, SD-WAN, SDN, NSX, Cisco ACI, Kubernetes, Micro Segmentation, nano Segmentation
Frameworks and Compliance
NIST CSF and 800 series, ISO 27000, PCI-DSS, SWIFT, HIPAA, GDPR, CCCS, TOGAF, SABSA, SSDLC
Tools
Mend, AppScan, SonarQube, Qualys, Tenable, Prisma, TwistLock
Applications
Wireshark, Qualys, SonarQube, ISG, SCOM, SCCM, Remedy, HP OpenView, eHealth, Spectrum, Manage Engine, ServiceNow, ClearPass, Ivanti Service Desk, ExtraHop, Wireshark
Software and Automation
Agile, Waterfall, DevSecOps, Scrum, DevOps, Kubernetes, Git, Microservices, Ansible, JSON, REST API, Power CLI, Power Shell, Azure CLI, Terraform