MONTASIR AZAD
Location: Gilbert, AZ Contact: 408-***-**** Email: adb1ql@r.postjobfree.com
ROLES
Chief Security Architect
InfoSec Engineering Lead
Principal Security Architect
Principal Engineer
Project coordinator
Network Engineer
Network Consultant
Team Leader
CERTIFICATIONS
CCNA
CCNP
INDUSTRY APPLICATION
Utility Company
Hospitality Industry
Financial Institute
Education System
Mining Corporation
Super Store
Mobile Phone Company
Medical Institutes
EDUCATION
Bachelor of Science in Electrical Engineering (Minnesota State University)
Master of Science in Electrical Engineering (University of Texas - Pan American)
LEADERSHIP
Engineering team lead
Senior Lead Engineer
Project coordinator
Project Manager
SUMMARY
Information Security professional with 15 years of experience in Security architecture and design, implementation, support, monitoring and troubleshooting, assessment and framework audit, policies and procedures defining, implementation and validation. Have hands-on experience managing security tools and devices. Experience working with globally-dispersed teams with diverse backgrounds. Also have experience in team and project management and lead.
SKILLS INVENTORY
Leadership: InfoSec Engineering team lead at Choice Hotels, Lead engineer for OpenSky engineering team engagement and client relations, Project manager for OpenSky in Charles Schwab DLP implementation, Lead engineer for IBM RPOS migration project for Circuit City, Project coordinator for 3S Networking.
Cloud Technologies: AWS EC2 Security Groups and policies configuration, Azure Security Center, Application and VPN Gateway and Threat protection configuration.
Security Devices: Qualys, Nessus, Tripwire/nCircle Vulnerability Management, Cisco FMC IDS/IPS management (SourceFire Defence Center), Cisco IDS/IPS 8000 Series (3D8130 & 3D8140) Sensors, McAfee IntruShield NSS 3000 (Network Security Sensor IPS/Firewall), Cisco ASA 5500 Series (5505, 5512, 5545, 5555 & 5585), CheckPoint R75 Firewall, Firemon Firewall Compliance Management, F5 ASM WAFs, Gigamon Visibility Appliance GigaVUE-HC1, Cisco ISE & Secure Network Server (SNS 3615), Symantec Vontu & McAfee ePO DLP, Cisco IronPort ESA (Email Security Appliance) & WSA (Web Security Appliance), BlueCoat ProxySG, Netscaler and F5 LTM Load Balancers
Security Tools: QIP & InfoBlox IP management, SolarWind and Splunk monitor, IxExplorer, Network Observer, CSM, IDM, SDM and Cisco Works for Cisco device monitoring, Akamai, SNORT, WireShark, Nmap, Norton Ghost, Antivirus, Antispyware
Security Standards and Controls: PCI DSS 3.2.1, ISO 27000, NIST, COBIT, FFIEC, CIS Benchmark
Network Devices: Cisco Nexus 7010, 5010/5020, 2148, Cisco Router 871, 1600, 1700, 2600, 3200, 3400, 6400 & 7200 Series, ASR 1004, Cisco Switch 1900, 2950, 3750, 4500, 6500 series, Symbol Switch 3000 & 5100, DataCom 3000 Multi-Link Aggregator, WTI Power Management and consol, Cisco AIRONET 1210, 1310 and 1410
Network Tools: Flow Control for DataCom aggregator, Motorola MSP (Mobile Security Platform)
Other Tools: IBM Remedy, My Services ServiceNow, GCARS and USD Change Management/Control and Ticketing System, HP Open view and Service manager, Visio Design
CHRONOLOGICAL SUMMARY OF EXPERIENCE
Client : Power Company
Location : Rosemead, CA
Duration : August 2019 - Present
Project : GRID Security Implementation
Responsibilities
Design and prepare architectural and test document for new tool implementation, which includes: ThreatConnect (TC), Palo Alto vWire Firewalls, Imperva WAF, ForeScount/CounterAct NAC, IXIA Out of Band packet broker, UDP Director, FireMon, Attivo Deception Technology, ForcePoint Proxy, Tanium End-Point Security and Response and Tenable vulnerability scanner
Create process and procedure for GRID network and security implementation
Setup controls and compliances for GRID network
Establish security standards
Prepare technical documents and presentations for executives
Client : Health Intrustry
Location : Roseville, CA
Duration : March 2019 – October 2019
Project : Security Environment Assessment and Architecture
Responsibilities
Assess Sutter Health security environment
Identify security gaps and recommend improvements
Architect environment for different security tools; which includes FireMon, BlueCoat, Symantec DLP, Tripwire, Stealthwatch, Rapid 7 and PCI
Prepare architectural document
Provide baseline, industry standards and best practices
Prepare process and procedure documents
Establish security standards for new environments
Set up controls and compliance zones for PCI-DSS, HIPPA and ISO-27000 in FireMon; and automate the reporting for non-compliant.
Client : Insurance Company
Location : Phoenix, AZ
Duration : Oct 2017 – Nov 2017
Project : Nessus Scanner Architecture & Deployment
Responsibilities
Provide architectural design for internal Nessus scanner implementation
Identify the scope of the implementation, coverage and licenses required
Configure scanners for vulnerability, credential and agent scanning for end devices
Create and implement test plan
Configure scanner manager
Schedule and run initial scan and generate report
Based on the output data from the report, reconfigure reporting
Client : Natural Cosmetic Product Company
Location : Scottsdale, AZ
Duration : Aug 2017 – Sept 2017
Project : FirePower Implementation
Responsibilities
Provide architectural design for Firepower and FMC implementation
Provide architectural design for Cisco 3850 to migrate from Cisco 4507
Create implementation and migration plan
Configure Cisco 3850 as core in a stack
Configure Cisco 2960 as edge in a stack
Configure Firepower 2110, 2130 and FMC 100
Migration of core switch from 4507 to 3850
Migration of policies from existing ASA 5500-X to Firepower 2110 and 2130
Client : Health Research Institute
Location : Houston, TX (Remote Work)
Duration : Jul 2017 – Aug 2017
Project : SolarWinds Redesign and Architecture
Responsibilities
Assessment of BMC existing network for network/security components, application/ database server components, and storage components
Ran in-depth discovery and analysis of the network
Designed the SolarWinds network to cover 2 campuses of BMC
Provided architectural document of the design
Provided report on the necessary modules, features, implementation & configuration methods, cost benefits, 5-year forecasting and recommendations,
Responsibilities
Assist in leading the InfoSec team in the design and implementation of security solutions to ensure the appropriate guidelines, policies and procedures are in place to adequately address threats and vulnerabilities
Partners with various technology and business teams to serve as a security expert and trusted advisor in providing security designs, requirements, risk monitoring and mitigation guidance in alignment with industry best practices and regulatory requirements
Serve as an assessor of networks and systems to identify, report on, and provide guidance in the remediation of the security gaps
Respond to InfoSec threats, ensuring that Choice information assets remain secure
Perform incident response activities as necessary
Manage and perform product evaluations, recommends and implements products/ services for InfoSec that support strategic operational needs and security requirements
Trains other team members on new security solutions and transitions ownership upon successful implementation.
Assess the environment on an on-going basis to ensure that it remains compliant with external regulations and Choice Hotels InfoSec policies and standards
Assists Director with security strategy development and risk prioritization
Client : Health Intrustry
Location : Pittsfield, MA
Duration : March 2017 – July 2017
Project : PCI and ISE Network Segment Design and Firewall Migration
Responsibilities
Design and configure Cisco ISE segment to work as a RADIUS authentication
Design test environment for ISE segment to work with SSID, wired and Active Directory servers
Design PCI segment of the network
Configure switches and routers for the PCI network segment
Test the network in dev environment
Implement policies
Firewall policy audit for FortiNet pair to ASA pair migration
Migrate policies
Configure test traffic routing to test the new ASA pair
Implement ASA pair to replace Fortinet
Client : Health Intrustry
Location : San Antonio, TX
Duration : August 2016 – March, 2017
Project : Network Redesign and Security Implementation
Responsibilities
Network assessment and recommendation
Redesigned the whole network based on the recommendation
Redesigned VLAN schema, IP Schema and standardized naming convention
Configured Netgear M5300, GS752TP, GS718, Fortigate 500D, Firebox M300 and UniFi AP pro
Configured VPN tunnels for various locations and Azure cloud communication
Setup cloud environments and migration of physical/VM servers to cloud
Create and implement Azure cloud firewall policies
Audit and recreate existing on-prem firewall policies.
Installed and configured AllWorx phone systems and phone system manages
Installed and configured Wireless controllers and coverages
Installed and configured network monitoring tool (SolarWind)
Provided price comparison and functionality overview on various networking tools and products required for the network
Configured windows based radius server for authentication
Provided deliverable documents, regarding design, plan, configuration and troubleshooting methodologies, which included Visio diagrams, excel spreadsheet with inventories, word documents explaining processes and procedures and power point presentations.
Client : Law Firm
Location : Detroit, MI
Duration : July 2016 – August 2016
Project : Data Center Migration
Responsibilities
Developed overall planning and architecture for data center migration
Worked with the STTAS and BDO infrastructure team to identify the key components for network and security migration
Provided detail security mapping to implement at the net location
Helped understand the detailed requirements for the migration
Provided deliverable documents, regarding design, plan, configuration and troubleshooting methodologies.
Client : Health Industry
Location : Pittsfield, MA
Duration : January 2016 – July 2016
Project : Network Malicious Attack Detection
Responsibilities
Identify network wide devices that are part of this attack
Identify medical equipment and isolate them
Recommend a plan to remediate current attack and block from any future incidents like that
Recommend new VLAN and firewall schema
Client : Financial Organization
Location : Phoenix, AZ
Duration : December 2015 – January 2016
Project : Risk and Compliance Remediation
Responsibilities
Developed mapping of different federal security standards to compare the compatibility and compliance of financial institutions security setup
Identify potential remediation solutions and present them to Schwab management following the NIST, FFIEC, COBIT and ISO standard for cyber security
Develop Project Charter Document
Gather technical and business requirements
Conduct interviews with key stake holders
Review and analyze the current environment based on industry best practices
Manage the coordination of related project objectives
Manage communications as required
Perform knowledge transfer to Schwab management and staff
Client : School Systems
Location : Phoenix, AZ
Duration : December 2015 – December 2015
Project : Network and Security Implementation Review
Responsibilities
Verification of network implementation of 5 Diocese of Phoenix Catholic Schools
Review network documentation
GAP analysis on layer 1 through layer 3 implementations on network and security infrastructure
Wireless and wired network evaluation
Provide recommendation based on the GAP analysis.
Client : Financial Organization
Location : Phoenix, AZ
Duration : September 2015 – November 2015
Project : Risk and Compliance Remediation
Responsibilities
Developed mapping of different federal security standards to compare the compatibility and compliance of financial institutions security setup
Identify potential remediation solutions and present them to Schwab management following the NIST, FFIEC, COBIT and ISO standard for cyber security
Develop Project Charter Document
Gather technical and business requirements
Conduct interviews with key stake holders
Review and analyze the current environment based on industry best practices
Manage the coordination of related project objectives
Manage communications as required
Perform knowledge transfer to Schwab management and staff
Client : Financial Organization
Location : Scottsdale, AZ
Duration : February 2015 – August 2015
Project : Vulnerability Management Audit and Risk Assessment
Responsibilities
Risk assessment analysis for network security team
Identifying internal and external subnet/IP and VLAN schema
Audit Tripwire/nCircle IP 360 scanners for internal and Qualys external scanners to make sure it complies with the company network coverage policy
Estimation of total internal and external network scanning coverage and identify the subnet loop-holes and issues
Complete GAP analysis of the network
Prepare process documentation for scanner policy implementation and annual vulnerability assessment audit
Audit asset repository for PayPal to make sure that those comply with the company asset policy requirement
Preparing PayPal standard audit compliance
Gather evidences
Client : Financial Organization
Location : Phoenix, AZ
Duration : January 2014 – February 2015
Project : Internal Audit and Risk Assessment
Responsibilities
Risk assessment analysis for network security team
Identifying internal firewall policies for compliance
Identifying external firewall policies and vendor connections for compliance
Preparing Schwab standard audit compliance
Gather evidences
Preparing process documents
Setup internal and external annual review for the policies and connections to make sure they have proper attestation every year
Client : Insurance Company
Location : Portland, OR
Duration : November 2014 – December 2014
Project : Internal Audit and Risk Assessment
Responsibilities
Risk assessment analysis for the internal HealthSparq/Combia network
Identify administrative, technical, physical and compliance risks in regards to data handling and storage
Identify key issues
Advised on remediation and proposed plans to on how to do that
Client : Financial Organization
Location : Phoenix, AZ
Duration : August 2014 – November 2014
Project : Web DLP Implementation
Responsibilities
Project Management and Project Planning
Stakeholder liaison and weekly project status update
Implementation of Vontu Web DLP
Redesigning the current architecture
Project timeline allocation
Resource allocation
Budget fixing
Go Live documentation.
Weekly management reporting on progress.
Client : Financial Organization
Location : Phoenix, AZ
Duration : February 2013 – August 2014
Project : BlueCoat to IronPort Migration
Responsibilities
Audit and assessment of current BlueCoat proxy setup and configuration
Consolidation of the current BlueCoat proxy
Train Schwab employees on Cisco IronPort proxy, setup, configuration, maintenance and troubleshooting
Network audit for Cisco IronPort proxy
Prepared Bill of Materials (BOM) and Purchase Order (PO) for IronPort
Rack, stack and setup of IronPort WSA and Managers
Configuration, testing and implementation
Policies and rule-set migration from BlueCoat to IronPort
Client : Computer Hardware Manufacturer
Location : Roy, UT
Duration : November 2012 – January 2013
Project : EMC-JV Migration Project
Responsibilities
Install and configuration of Cisco IronPort web (Async OS 7.1 for web - WSA) and email (Async OS 7.1 for Email - ESA C170) security appliance
Install and configuration of Virtual RSA DLP Network ICAP Servers (on Virtual Red Hat Linux 5)
Install and configuration of Virtual RSA DLP Enterprise Manager (on Virtual Windows Server 2008 R2 64-bit)
Install and configuration of Virtual RSA DLP Network Controller (on Virtual Red Hat Linux 5)
Install and configuration of Virtual RSA DLP Ace Server (on Virtual Windows Server 2008 R2 64-bit)
Install, configuration and test of RSA SecureID Web Agent on IIS Server (on Virtual Windows Server 2008 R2 64-bit)
Install and configuration of Virtual Checkpoint R75.141 Management and Log Server (Secure Platform on Virtual Red Hat Linux 5)
Install and configuration of Virtual SourceFire Defense Center for IPS and IDS management (on Virtual Red Hat Linux 5)
Install and configuration of McAfee Active Virus Scan Enterprise (VSE8.8) DAT Server and ePolicy Orchestrator 4.6.0 (on Virtual Windows Server 2008 R2 64-bit)
Install and configuration of Nessus 5.0 Network Scanner (on Virtual Red Hat Linux 5)
Install and configuration of Virtual Splunk 5.0 App for Enterprise Security (on Virtual Red Hat Linux 5) and Forwarding Agent on all the above virtual machines.
Client : Mining Company
Location : Phoenix, AZ
Duration : May 2012 – November 2012
Project : Network Remediation and SolaWind Implementation
Responsibilities
Remediation of Freeport's global network
Redesign mine site and corporate network to meet the company standards
Standardization of naming convention, configuration, routing, IP schema and VLAN assignments
Upgrade device hardware, software and firmware based on the remediation need
Implementation of SolarWind servers
Configuration of SolarWind servers for monitoring, device discovery, push out configuration, and troubleshooting
Client : Educational Institute
Location : Phoenix, AZ
Duration : Aug 2010 – May 2012
Project : Elwood Data Center Migration and New Las Vegas Data Center Project
Responsibilities
Manage Network Engineering team as a lead
Coordinate project planning, designing, testing, implementation and verification.
Layer 1-2 and 3 (network portion) design and architecture of Las Vegas Data Center
Layer 1-2 and 3 (network portion) design and architecture of Riverpoint 2 Data Center
Layer 1-2 and 3 (network portion) design and architecture of Riverpoint Dev 1.0 Data Center
Prepared Visio for layer1/2 and 3 of the networks of all the data center designs
Provided detailed drawing of different segment of the networks
Prepared cut-sheet of inter-device connectivity
Prepared rack elevation of the data centers
Assigned host names, IP and subnet schemes, VLANs of the devices
10G fiber, 1G fiber and copper port assignment of Cisco Nexus 7010, 5020, 2148, ASR 1004, ASA 5580 and Cisco 6509 devices
Defined OSPF routing protocol on the core devices (7010 and 6509)
Defined static and dynamic routing on access routers
IP management and DNS validation using Alcatel-Lucent QIP
Coordinating architecture and planning of the network migration for Elwoood migration project (Migration of the network gears, servers and application)
Helping coordination of the developers on the network engineering side of P2V and V2V migration
Client : Financial Organization
Location : Fort Pierce, Florida
Duration : Jul 2010 – Aug 2010
Project : Riverside/TD Bank Network Discovery Project
Responsibilities
Total network discovery of Riverside Bank network gears, servers, workstations and printers
Using Solar Winds network tool to map switch ports of the network gears
Prepared VISIO diagram of the total network after discovery
Created a master spreadsheet along with the categorized device inventory
Finalized word report for the client with findings, problems and concerns, and future recommendations
Provided an online presentation of the final report.
Client : Data Center Provider
Location : Piscataway, New Jersey
Duration : Jun 2010 – Jul 2010
Project : Eclipsys Data Center Expansion Project
Responsibilities
Project initiation and design establishment of the Eclipsys new data center expansion project
Design and architect the management network for the data center
Configuration of Cisco Nexus 7010 management core switch
Configuration of Cisco 2960 as data aggregator
Nexus 5020 standard configuration for fiber patch run
1GB fiber and copper cabling for Nexus 7010, 5020 and Cisco 2960
Documentation (including detailed VISIO, inter-connectivity cut-sheet, and word version report) of the management network.
Client : Mining Company
Location : Elko, NV
Duration : Nov 2009 – June 2010
Project : Newmont Remediation Project/Network maintenance
Responsibilities
Managing and leading network team for Nevada Network.
Infrastructure design for new mine sites
Standardization of the Newmont Nevada network.
Redesigning IP scheme for the whole Newmont Nevada network
Standardizing naming conventions for the Newmont Nevada network
Design and troubleshooting microwave link networks
New configuration and design for devices (routers/switches) in the mine site
Configuration of AAA, TACACS and maintaining user accounts in ACS servers
Monitoring whole Nevada network for outages and issues.
Troubleshooting Switches and routers, and wireless networks
Configuring wireless access points and implementation.
Fiber connections, DS3 and T1 set up.
Avaya VoIP phone configuration and troubleshooting
USD and GCARS ticketing system
Monitor network gears using Cisco works, Cisco Network Assistant and Solarwinds monitoring system
Using VISIO to design and maintain network infrastructure diagrams.
Client : Financial Organization
Location : Ashburn, VA
Duration : Feb 2009 – Nov 2009
Project : OCX Migration Project
Responsibilities
Develop and manage IT vulnerability management model for VISA, which includes determining the scope, identifying various sources, remediation and plan
Implementation of rules and signatures for McAfee IntruShield IDS/IPS sensors and firewalls
Configuration and physical implementation of DataCom Multi-Link Aggregator
WTI Remote Management Console and Power Management Console configuration and implementation
nCircle Remote Monitoring System implementation and configuration
Configuring vulnerability management tool, such as nCircle IP360, the sensors and managers
Physical connectivity testing and troubleshooting
Upgrade devices to comply with the current rules and signature sets.
Using VISIO to design and maintain network infrastructure diagrams.
Client : Retail Organization
Location : Richmond, VA
Duration : May 2007 - Feb 2009
Project : RPOS Migration Project for Circuit City
Responsibilities
IBM Technical lead for Circuit Citys RPOS Migration project, leading a team of 6
Data migration from windows 2003 servers to ISG (In store Gateway) servers (Linux based)
Testing the functionality of Linux based POS (Point of Sale) systems
Work with the VMWare support group in backing up store local data from ISG Servers and Windows Server 2003 based servers.
VLAN and VTP Setup.
Using Cisco works, and occasionally IDM (IDS management) and SDM (security device management) for monitoring security issues and configuration
Configuration and Implementation of STP/OSPF in MPLS routers
Technical Troubleshooting RIP and frame relay protocols in the small office network of Circuit City GO (Grand Opening) stores.
Configured Cisco Wireless Access Points (WAP) and wireless network
Configuration of AAA and TACACS
Using Motorola MSP (Mobile Security Platform) to configure and troubleshoot mobile PDAs
Performed Physical network infrastructure implementations using wiring installation, hardware setup and testing.
Configuration, deployment and layer 1 wiring of Cisco products and technologies
Cisco 2950 and Symbol ES3000 and ES5000 switch configuration
Symbol CB3000 handheld scanners, SurePOS (Point of sale System - POS), DigiPOS (Point of sale System - POS), DCP and magellan terminal setup.
Network printer and server setup and support.
Troubleshooting support for enterprise networks utilizing Cisco routing and switching, firewall configuration building and testing(Cisco PIX and checkpoint).
Remote Desktop Assistance to RPOS and Legacy network
Maintenance and troubleshooting ISG (In Store Gateway UNIX) and Legacy (Windows NT) server
Monitoring overall network setup and configuration for Circuit City store all over USA
Used HP Open View and IBM Service Center to track of and troubleshoot of opened tickets
Monitor network gears using Cisco works and Network Observer monitoring system
Using VISIO to design and maintain network infrastructure diagrams.
Using netscout for network performance monitoring.
Client : Telecommunication Company
Location : New York City, NY
Duration : July 2006 - May 2007
Project : Eastern Regional Data Migration Project
Responsibilities
Technical coordinator for 3S network team and Cingular Wireless
Coordinated a team of 16 engineers, managed their schedule, assign tasks for deployment, plan testing requirement and processes, report daily progress, update and results to Cingular project lead
Network survey for pre-design network estimation.
Cisco network design for small to mid size offices
Configured Cisco Connectivity Adapters.
Performed Physical network infrastructure implementations using wiring installation, hardware setup and testing.
Configuration of the network for OSPF protocol
Implementation of IDS and PIX firewalls.
Troubleshooting support for enterprise networks utilizing Cisco routing and switching, firewall configuration building and testing (PIX).
Testing the network for security and other vulnerability.
Finally have the network up and running.
Coordinate with other team members and also the system administrator regarding the specification of the design.
Client : Telecommunication Company
Location : Houston, TX
Duration : June 2003 - Aug 2004
Project : Implementation of Broadband Internet Products for SBC
Responsibilities
Configured Cisco Connectivity Adapters.
Performed Physical network infrastructure implementations using wiring installation, hardware setup and testing.
Preparation of Complete Solution and implementation of all Broadband and Data Comm. products for Internet Access in field post sales
Routers and L3/L2 Switches etc
Completed Project for 7000 DSL customers spread across Houston single handedly
Core team member for DataOne (2000 Routers and L3 switches network) - statewide DSL service of SBC (South-Western Bell Corporation)
Responsibilities
Installation and configuration of Cisco and Juniper routers for local and regional offices
Firewall setup for the network
Troubleshoot LAN setup problems for regional offices
Provide recommendations on network related problem
Provide basic training for new comers
Employer : Palette Technologies
Duration : July 2017 – Feb 2018, Mar 2019 - Present
Role : Principal Network Security Architect
Employer : Choice Hotels International
Location : Phoenix, AZ
Duration : Feb 2018 – March 2019
Role : Sr. Information Security Lead
Employer : OpenSky Corporation
Duration : June 2010 – Jul 2017
Role : Principal Network Security Architect
Employer : Computer Sciences Corporation (CSC)
Duration : Feb 2009 – Jun 2010
Role : Sr. Network Engineer
Employer : IBM Corporation
Duration : May 2007 - Feb 2009
Role : Lead Engineer/Network Engineer
Employer : 3S Network Inc
Duration : July 2006 - May 2007
Role : Project Coordinator/Network Engineer
Went to graduate school for Masters in Electrical Engineering from Aug 2004 to July 2006
Employer : JDR Consulting
Duration : June 2003 - Aug 2004
Role : Network Engineer
Went to undergraduate school for Bachelors in Electrical Engineering from Aug 1999 to May 2003
Employer : Grameen Telecom Network
Location : Dhaka, Bangladesh
Duration : Jan 1996 - Aug 1999
Role : Team Leader/Field Engineer