SYED ATIF SHAMIM-
Executive Masters of Science in Information Systems Security.
(University of the Cumberlands, KY, USA)
Mobile: +1-617-***-****, Email: email@example.com LinkedIn: http://www.linkedin.com/pub/syed-atif-shamim/91/220/77
Well Trained, experienced and qualified Network Cyber Security Architect involved in Designing, Implementing both HLD & LLD. With POC (Proof of Concept) for both IT/OT Environments and also developing SD-WAN Architecture-Viptela as primary connectivity for 1 WAN Infrastructure.
Security Analyst-Team Lead, Service Now, Service next Change management, Cyber Forensics, Reverse Engineering with Cyber Security Test Lab.
Information Security policies, procedures and guidelines with respective compliance like as Service Now, Service Next, Change Management Processes, Compliances CIA TRIAD, HIPPA, ISO-27002,GDPR,SOX, NIST SP 800-82, NIST SP 800-53, FISMA, CIPPA, COPPA, ISA 99, IEC 62443 etc.
•Telecom/Fiber Optics: SDH/ Huawei OSN 1800V, Sonet, Fast Ethernet, Alcatel E1-MUX, New Bridge MUX, Loop Telecom, ZTE, Tainet Mux, Mercury Multiplexers. DSLAM (ADSL/DSL/HDSL modems), BRI, PRI, Digital Cross Connect Nodes (DXX), DWDM/CWDM Muxes, PL-1000T etc.
•RF Optimization: PCOM, REDLINE, AIRLINK, AIRAYA, Huawei, RTN 600 and 900 series.
•BTS: Huawei BTS 3900 & 3900L (LTE).
•SD-WAN: vManage, vBond, vSmart, vEdge, Zero Touch Provisioning process, Site ID, GPS Locations etc.
•Data Centre/ Backhaul Connectivity: Huawei OSN 1800V, Fast Ethernet Electrical Cards, Fiber Optic-Optical Cards, PL-2000DC, PL-2000AD, PL-1000T Metro Ethernet Mux, MPLS Mux for Backhauls connectivity over fiber 1gbps to 100 Gbps. Connecting Single Mode, Double and Multi-Mode Fiber. End to End Fiber testing with Loop Technologies using OTDR.
•Network Devices: Cisco 3845 Router, Cisco Switches 4500 Series, Juniper-MX960s, Ex8200s, EX4200, SRX Cluster, and Secure Access cluster.
•Network Management: IP NBAR, Net Flow, Wireshark, Solar winds, Kiwis slog, Cacti, MRTG, Port SPAN, RSPAN, Juniper-NSM, Observium, Cisco Prime, AVAYA -9620 C Management Tool, Wireless Network Management through ARUBA, Cisco ASA- Fire Work, Source Fire, ASDM, and CCP (Cisco Configuration Professional).
•Routing Skills: RIP, OSPF, OSPFv3, EIGRP, BGP, Redistribution, IPSLA, and IS-IS.VRF. MPLSL3VPN, DOCSIS 2.0, CMTS (Cable Modem Termination Systems).
•Switching Skills: STP, RSTP, VLAN, VTP, LAGP, Port security, MPLSL2VPN, Virtual Circuits, Frame Relay, HSRP, VRRP.HSRP, stack wise, Sub Netting, ACL, NAT/PAT, PPP, Port forwarding, Port Authentication, DHCP ARP Inspection, DHCP Snooping, IP Source Guard, Private VLAN, SVI, CEF (Cisco Express Forwarding), Brocade Switch ICX 7250, 6430.
•Security Skills: Cisco ASA-5500, Source Fire, Fire Power FTD, VPN Technologies-IPsec-SSL-VPN, IDS, IPS-Cisco 4200 Series, IPS-MacAfee (M-8000, M-4050), IOS Firewall ASA, Cisco ACS Server, Juniper SRX, Solar Winds, Splunk, Tacacs+, Radius, LDAP etc.
•Security Standards: PCI(DSS), Gram-Beach-Lilley ACT, HIPAA (Health Insurance Portability and Accountability ACT), FERPA, COPA, CIPA, FISMA, SOX, ISO-27002, OMB, DHS, COBIT-5, GAIT, NIST Compliance with FIPS, SP Standards, Cyber/Computer Security Forensic, COBIT, ISO-27002
•IP Telephony/ Voice: Avaya 9620, Cisco CUCM 9.X, CUCM 10.X. BRI, PRI, SIP, SCCP, MGCP. RTP, SRTP, Bulk Administrator Tool (BAT).
•QoS Skills: RSVP, RSTP, Policing, Shaping, Rate Limiting, Prioritizing, etc.
•Cloud Computing Skills: IAAS, PAAS.
•Project Skills: Project Management & Planning, IT service Management (ITSM), Managed Services Delivery.
•Microsoft Skills: Windows XP/7/8. RADIUS server.
•Surveillance system: CCTV, DVR, NVR, IP Camera.
•Wireless: Linksys/D-Link/TP-Link/Net Gear, Aruba 3600, Cisco 2500, Cisco 555 Series.
•Backups: MS windows backup, Genie Backup, WinZip.
•UPS: APC Online/smart UPS, Emerson, Saltec, Systek.
Network Cyber Security Architect
August/2018- Till Now
BHP Billiton, Houston, TX
Working on his own as Project Owner and Subject Matter expert for all Cyber /Network Security related projects.
HLD with Proof of Concept implementing at LLD low-level design and Detail Design Document. Threat Modeling Like as STRIDE etc. for Web and Software applications.
Managing the SDWAN, Firewalls / IPS/ IDS/SIEM /ISE Solutions, Router ISR, ASR, IOS XE, Load Balancers, and Nexus/Catalyst switches for the project with implementing both WAN/LAN Solutions.
Pro-Types and Pilot Network Lab Testing environment.
Configuration of SDWAN vManage, vBond, vSmart, vEdge, Zero Touch Provisioning process, Site ID, GPS Locations etc.
Security policies, procedures and guidelines for Security Audit. Also Forensics and Reverse Engineering including Proxy Servers, DHCP, PKI’s, Email gateway, Secure gateway, river-band, Antiviruses, Web gateways, End point Protections, etc.
Configuration level activities with SIEM, IPS, IDS, Cisco ASA 5500-X, IPS, Firepower, and ISE 2.2 etc.
Change management (CASB) for configuration changes made with Impact analysis, Risk Analysis, Rollout and Back-out plan using Service Next and Service Now platforms.
Pre-reviewed the changes made within the Firewall, ACL with particular ports and service objects.
VPN termination, SLL VPN, Easy VPN, Site to Site VPN IPsec, Clientless VPN and DMVPN.
Information Security policies, procedures and guidelines with respective compliance like as ISO-27002, GDPR, SOX, NIST, FISMA, CIPPA, COPPA, COBIT-5 etc.
Sanitizing the firewalls for Audit and processes with Endpoint security products.
Good hands-on practice on network and security tools and designing tools like as Microsoft Visio, Cisco Prime, Splunk, Alian-Vault, Network Management Tools, ASDM, FMC, Palo Alto GUI etc.
Reporting to Program Managers/Head of Technical Projects Lead.
1.Managed File Transfer: A solution to facilitate secure, fast and simple transfer of files for users within BHP. For both internal transfer and transfer of files to external stakeholders.
2.ISE 2.2 Migration: Migrating all Guest users to Authenticate and Authorized from ISE 2.2 over tacacs+ with IAR’s management, policing, NAD (Network Address Devices), web services, vulnerability assessment.
3.Cyber Security Test Lab: Construction of lab environment for Cyber Security for multiple locations responsible for Cyber Forensics and reverse engineering etc.
4.Data Loss and Monitoring: Setting up Splunk heavy Forwarders in Zone 1, 3 and OT.
5.Anomaly Detection Analysis: Setting up an Anomaly Detection Solution that would integrate with our current Splunk environment.
6.Selbaie SCADA Project: SCADA refresh and comms upgrade.
7.BHP Documentum Hardware Refresh: Network component of deployment of the new Flex pod solution that we will be deploying in to BHP to replace the current vBlock environments in both USA and Australia.
8.Santiago Gateway Shutdown: Removal of legacy OBS-managed Santiago Internet gateway.
9.Secure Hosting Gateway: Choice and installation of new secure hosting solution for incoming Internet-based connections to BHP.
10.Cyber Analysis and Detection Support: Detecting, Analysis of anomaly behaviors of cyber security devices.
11.GOM LAB: Developing an isolated Lab for OT Network.
12.SD-WAN-Viptela Site Connectivity: Implementing primary connectivity for all BHP Site and off-shore via SD-WAN Architecture and MPLS as secondary. (Total 35 site connectivity using Viptela).
Network & Security Consultant (Service Delivery)
Relig Staffing, Inc.
High Level and Low Level Designing HLD $ LLD for Different networks including Core, Distribution and Access Layer for Financial Institutes.
Configuring Routers, Switches, Firewalls, ASR, ISR, Gateways, Cisco CUCM 10.x, Voice and Wireless Networks.
Cisco PPDIO Mythology Prepare, Plan, Design, Implement, Operate and Optimize.
Pro-Types and Pilot Network Testing Network protocols RIP, EIGRP, OSPF, BGP L2 Encapsulation STP, RSTP, VRRP, HSRP etc.
Tier-3 and Tier-4 Data center Designing in accordance with TIA-942 Standards DR-Sites as HOT SIDE, WARM SIDE, COLD SIDE N+N Redundancy.
Managed Services Implementation likes as L3MPLPS, L2MPLS, IPSEC VPN, DMVPN, Easy VPN, RDP, Voice and Wireless Network designing, configuration and optimization.
Security Devices IPS, IDS, Cisco ASA, FTD, Juniper SRX, SA-4500, Cisco ACS, Cisco ISE.
SOP, Security policies, procedure and guidelines implementation in compliance with NIST, PCI-DSS, Social Engineering, COBIT-5 Frame work.
Network & Security Engineer, IT Infrastructure Section
Statistic Center, Abu Dhabi- Cloud technologies LLC
•Managing IT Secured Services Delivery & Operations including Health Performance, Incident Management, and Change Management in WAN, LAN Network, Wireless, IP Telephony and Data Center Operations.
•Cisco Router 3845, Catalyst Switch 6500, 4509, 4503, Core Switch 6509, Cisco ACS. Cisco ASA 5000 Series. (Configuration, Installation, Maintenance, Monitoring) for Enterprise Network using OSPF, BGP, STP, RSTP, ACL, NAT, PAT, VRRP, HSRP, Port Security Protocols & ETC.)
•Juniper SRX3400, SRX240. (Easy VPN, GRE-Tunnel, Dynamic Multipoint VPN, IPsec, SSL, S2S- Connectivity, Zoning, Trust, Un-trust, DMZ, MD5, SHA-1,2,3).
•SA-4500, MacAfee IPS (M-8000 & M-4050), Cisco 4200 series IPS. (Authentication, Security Deployed at Application Layer, Malware, Spyware, Logic Bombs, Web Beacon, Virus Protection, Patches Updates, DLP etc.), GRE-VPN Tunnel, IPsec, SSL, DMVPN Commissioning and troubleshooting.
•Cisco ASA-5560 Troubleshooting, Configuration and Monitoring.
•Avaya 9620 IP-Telephony, CUCM 9.X, CUCM 10.X. (QoS with RTSP).
•Wireless Connectivity of Aruba 3600. Access Point through Radius Server, Domain Controller, (Installation, Configuration of Access points and Controller).
•Network Tools Cisco Prime, Aruba Wireless Controller, GUI/NSM (Xpress) for Juniper SRX-3400, SRX-120h, SA-4500, Cisco ASA Source Fire.
•LLD &HLD Implementation.
•Supervision of Help-desk Team via Foot prints by implementing ITIL/ITSM/ISO-27002 Processes.
•Reporting to Head of IT & Manager IT Infrastructure Section.
Assistant Manager Datacenter (TIA942)-NOC Operations Lead
Pakistan Telecommunication Company Limited (ETISILAT) Karachi, Pakistan
Managed Services Delivery Specialist Network Operation Center (NOC) issues Total 150 Rack (TIER-3/ TIER-4).
Ensure availability of NOC operation 24X7. E1 /T1 /PRI /BRI /FE Connectivity.
Configuring NSM for monitoring of MX-960, EX-8200, EX-4200, SA-4500, SRX-3600 and integrating with Observium, MRTG.
Cisco ASR 9010, IOS, IOS-XE, IOS, XR Configuration and trouble shooting.
Commissioning MPLSL2, MPLSL3, Metro Ethernet, Leased Lines, P2P. P2MP, Digital Cross Connect Cross Connect Circuits, Frame Relay, WAN Networks over Lit Fiber end to end.
(Router, Switch, VPN Concentrator, IPsec, SSL, Access Server, and IDS/IPS) with LLD & HLD Implementation.
The incumbent is responsible for the installation, modification, upgrade, troubleshooting, and repair process for network related hardware including Routers, Switches and firewall.
Configure the MPLSL2VPN and MPLSL3VPN for clients, Configuration Management, Change Management, Logs Management, and Incident.
Configuration of Core/PE/CE Routers, L2/3switches and firewalls at Datacenter, and DR.
Reporting to Manager, Data center.
Services Engineer – NOC
Pak Datacom Limited (Subsidiary of Telecom Foundation)
Services Delivery Engineer by Planning Project Installation, Maintenance, Troubleshooting &Fault Restoration of Network and observing whole network through NMS (Network Management System).
Hand on experience of Installation, Operation and troubleshooting of Fiber Optics, Cross Connect &Drop Insert BRI, PRI, PaBX networks.
Multiplexes on E1 optical fiber using TDM&FDM Technologies and End-to-End BERT Testing, OTDR Fiber Testing, VSWR Testing.
Outdoor& Indoor Installation Testing, Maintenance and Troubleshooting of long distance Fiber Circuit (WAN) associated with New Bridge, Tainet equipment by using Optical Fiber (SDH/PDH) Transmission media &SONET.
Doctorate in Information Technology
January 2020 - Till Now
(Cyber Security and Information Assurance)
Capella University, MN, USA.
Executive Master of Science
(Information Security Systems)
University of The Cumberland’s, KY, USA.
Master of Science in Electronics Engineering
Specialization in Telecommunication & Networks
CGPA=3.1 (1st Division)
(Accredited from ECE-Educational Credentials Evaluator, USA).
Sir Syed University of Engineering & Technology, Karachi.
BS Electronics Engineering
CGPA=3.92 (1st Division)
(Accredited from ECE-Educational Credentials Evaluator, USA).
Sir Syed University of Engineering & Technology, Karachi.
•Cisco Certified Internetwork Expert-Security (CCIE-SEC 400-251).
•Cisco Certified Internetwork Expert- Routing and Switching (CCIE-R&S 400-101).
•Certified Ethical Hacker version 9 (CEHv9).
•Implementing Cisco Network Security (CCNA-SEC 210-260).
•Cisco Certified Network Associate (CCNA-200-120).
•PR2P PRINCE2® Foundation Certificate in Project Management.
•PR2P PRINCE2® Practitioner Certificate in Project Management.
•Certified Integrator in Secure Cloud Services (CI-SCS).
•CLOUDF-EXIN Cloud Computing Foundation.
•ITILv3® Foundation Certification in IT Service Management (EX0-117).
•Information Security Foundation based on ISO/IEC 27002 (ISFS).
•ITSM20F IT Service Management Foundation based on ISO IEC 20000.