It Systems Enterprise
Resume:
Hussain Nalwala
Minneapolis, MN 847-***-**** ***********@*****.*** LinkedIn
Summary
Senior Cybersecurity Engineer with 5+ years of experience driving enterprise security initiatives across hybrid IT environments. Proven track record in managing secure infrastructure, leading multi-site firewall deployments, mentoring teams, and strengthening organizational security posture through compliance-aligned assessments, automation, and training. Skilled in leading cross-functional collaboration between security, infrastructure, and application teams across global environments. Adept at supporting large user bases, resolving incidents under pressure, and fostering a security-aware culture.
Key Accomplishments
Delivered 20% cost savings on a large-scale firewall refresh project by optimizing vendor contracts, redesigning network segmentation, and implementing rule-base automation aligned with CIS Control 13 (Network Monitoring and Defense).
Enhanced phishing detection and response by 30% through integration of EDR/XDR analytics and SIEM correlation rules, improving overall incident response time and user awareness metrics.
Supported over 5,000+ distributed users across hybrid environments, ensuring uninterrupted access and compliance with NIST CSF PR.AC
(Access Control) and PR.IP (Information Protection Processes) domains.
Achieved 100% remediation of critical vulnerabilities identified during annual VAPT, implementing secure configuration baselines and patch automation aligned with CIS Control 7 (Continuous Vulnerability Management).
Strengthened enterprise resilience by integrating MFA, privileged access policies, and proactive risk reporting to leadership, directly contributing to measurable improvements in organizational cyber hygiene posture. Technical Skills
Languages: Python, C++, Bash, PowerShell, Regex
Cloud & Email: Office 365, Google Enterprise, Azure AD, AWS
Systems: Windows Server, Linux (Ubuntu, Kali, Red Hat), macOS (Jamf-managed)
Networking: TCP/IP, VPN, Wi-Fi 802.11ac, VLAN, Routing/Switching, NAC Solutions, DLP Solutions, OAuth 2.0, SAML
Endpoint Management: BitLocker, Comodo, JAMF, Intune, Windows Defender
Tools: Wireshark, Nessus, Splunk, GoPhish, FortiOS, Cisco ASA, Cisco IOS, Linux firewall UFW, Jenkins, Docker, Ansible, Flask, Jinja
Support Tools: Ticketing Systems (Jira, ManageEngine), Remote Desktop, Knowledgebase creation
Frameworks: OWASP TOP 10, CVSS, EPSS, SSVC, MITRE ATT&CK, CIS v8, NIST CSF, NIST SP 800-53, ISO/IEC 27001 & 27002, PCI DSS, Cyber Kill Chain,
Work Experience
Senior Cybersecurity Engineer, upGrad July 2019 – Aug 2023
Led and strengthened organizational security posture by aligning policies and controls with NIST CSF, ISO 27001, CIS Controls, and GDPR frameworks, ensuring measurable compliance improvements across systems and users.
Directed annual VAPT audits in collaboration with third-party assessors; analyzed findings, prioritized risk remediation using CVSS methodology, and reduced critical vulnerabilities by 40% within two audit cycles.
Spearheaded EDR/XDR deployment and configuration across multi-location environments, enhancing endpoint visibility and threat response time by 60%.
Implemented and maintained multi-factor authentication (MFA), SSO, and privileged access management across Google Workspace and Active Directory, reducing unauthorized access attempts and improving identity assurance.
Partnered with IT, DevOps, and management teams to design and enforce secure baselines, patch management, and configuration hardening across servers, networks, and cloud workloads.
Conducted internal phishing simulation campaigns and user awareness training to drive behavioral change; achieved a 75% improvement in phishing resilience scores.
Collaborated on incident response and root cause analysis for malware, phishing, and email compromise events, applying MITRE ATT&CK techniques for improved detection and mitigation.
Coordinated the implementation of security documentation and risk registers, ensuring traceability and continuous improvement in alignment with PayPal-style enterprise security governance practices. GA Tutor – Networking & Cybersecurity, DePaul University, Chicago Aug 2024 – June 2025
Provided front-line technical support and tutoring for graduate students on TCP/IP, VPN configuration, firewall rules, and basic endpoint troubleshooting across Linux, Windows, and macOS.
Led lab sessions simulating real-world support environments, including L2/L3 switch segmentation, SIEM alert analysis, and secure Wi-Fi configuration (802.11x).
Assisted students in debugging lab system configurations, network routing problems, and system monitoring practices.
Supported practical understanding of incident response workflows, ticket triage, and technical documentation. Graduate Research Assistant, Cyber-Physical System, DePaul University, Chicago Jan 2024 – July 2024
Designed wearable knee exoskeletons integrating BLDC motors, microcontrollers, and IMUs, enhancing mobility support for users.
Developed firmware for ESP32 and Arduino boards to control actuators and monitor gait patterns, improving the accuracy of movement analysis.
Created secure protocols for CAN/I2C-based systems with Raspberry Pi for sensor data handling, ensuring reliable and secure data transmission.
Supported gait anomaly detection through ML analysis of sensor inputs, contributing to early identification of mobility issues.
Led testing and debugging in lab setups simulating real-world biomechanical interactions, improving system reliability and performance. Projects
Cybersecurity Risk Assessment – DePaul Cybersecurity Clinic (Volunteer) (Link)
Collaborated with a team to conduct a formal cybersecurity risk assessment for a nonprofit organization serving vulnerable communities.
Evaluated existing security practices across network infrastructure, email systems, cloud usage, and endpoint environments.
Assessed risk based on industry standards (CIS Controls v8, NIST SP 800-53) and documented key weaknesses in access control, patch management, firewall configuration, and backup processes.
Provided a detailed remediation roadmap prioritizing actionable steps while aligning with the organization’s minimal to no budget leveraging creative, open-source, and policy-based solutions.
Gained hands-on experience engaging with real stakeholders, building client relationships, and applying technical knowledge to improve organizational security posture under real-world constraints. Secure SSO Infrastructure with Docker & Certificate Authority – DePaul University (Capstone Project) (Link)
Architected and deployed a secure, containerized infrastructure simulating enterprise-grade SSO using Keycloak (IdP) and Nextcloud (SP) with OpenID Connect (OIDC) protocol.
Built a custom Root Certificate Authority (CA) to issue and manage internal TLS certificates, enabling encrypted HTTPS communication across services.
Configured local DNS using dnsmasq and implemented full trust-chain validation across Linux and Windows clients.
Deployed isolated Docker containers for Keycloak, Nextcloud, MariaDB, and reverse proxy, applying least privilege and network segmentation.
Hardened infrastructure through custom SSL configurations, port control, and certificate pinning to simulate real-world production security standards.
Diagnosed and remediated authentication failures and plugin conflicts, applying systematic troubleshooting and container resets.
Demonstrated strong command of identity federation, PKI, secure service orchestration, and hybrid infrastructure deployment in a simulated environment.
Firewall & IDS/IPS Deployment – upGrad
Led multi-site firewall upgrade project, including hardware refresh, ruleset auditing, and redundant failover configuration. Delivered project on time and 12% under budget.
Configured and managed enterprise-grade FortiGate firewalls to support multi-site VPN connectivity and access control.
Deployed and fine-tuned IDS/IPS solutions (Snort) to detect and prevent real-time threats across network segments.
Investigated firewall logs and intrusion alerts to perform packet-level traffic analysis and escalation handling.
Regularly updated firewall firmware and enforced network segmentation using VLANs and security zones. Annual VAPT Audit & Remediation – upGrad
Coordinated Annual Vulnerability Assessment and Penetration Testing (VAPT) with third-party vendors across AWS and on-prem infrastructure.
Analyzed vulnerability reports and implemented technical fixes including patching, rule tuning, and firewall policy refinement.
Closed all high-severity vulnerabilities with remediation strategies aligned to ISO 27001/GDPR controls.
Documented risk resolutions and supported internal audit reporting. Internal User Security & Phishing Tests – upGrad
Deployed GoPhish, an open-source phishing simulator, and created a custom phishing infrastructure hosted on the upGrad internal Intranet.
Designed and executed realistic phishing simulations targeting scenarios such as BEC, smishing, CXO fraud, and whaling.
Collected engagement metrics (click-throughs, submissions) and developed training campaigns based on user behavior.
Collaborated with the L&D team to create internal security awareness modules and rolled out gamified learning for company-wide cyber hygiene.
Achieved a measurable improvement in phishing detection rates and incident reporting across departments. Education
DePaul University - Chicago, IL
Masters in Cybersecurity with Specialization in Network and Infrastructure Security (Grade 4.0, Link) June 2025 Certifications
CompTIA Security+ Certified (SY0-701)
AWS Certified Cloud Practitioner (CLF-C02)
ISC2 Certified in Cybersecurity (CC)
Fortinet Certified Associate Cybersecurity (NSE-3)
Zscaler Fundamentals (EDU-104)
Pursuing: CCNP, CISSP
Relevant Coursework: Information Security Management, Network Security I & II (NET 477, NET 577), Computer Networks and Data Systems (NET 463), Digital Forensic Techniques (CSEC 450), Enterprise Security Infrastructure & Compliance (CSEC 533), Information Security Risk Assessment for Non-Profit Organizations (CSEC 490), Security Testing and Assessment (CSEC 488 – includes CTF challenges), Advanced Cyber Attack Responses and Defenses (CSEC 489), Cybersecurity Automation Operations (CSEC 480), Human- Centered Cybersecurity (CSEC 445), Computer Information and Network Security Capstone (CSEC 594) Academic Engagement:
Participated in graduate-level Capture the Flag (CTF) exercises involving reverse engineering, log analysis, and exploit development.
Contributed to internal cybersecurity research showcase, presenting secure communication protocols for wearable exoskeletons.
Led lab-based workshops on packet analysis (Wireshark), VLAN segmentation, and SIEM configuration as a graduate assistant.
Collaborated on course-aligned red team/blue team exercises simulating incident response in hybrid enterprise environments.
Engaged in curriculum-driven projects with real world non-profit organizations aligned with CIS Controls v8, ISO 27001, NIST SP 800-53, PCI-DSS, HIPPA and GDPR compliance practices. Soft Skills
Strong verbal and written communication Mentorship Technical documentation Cross-functional team collaboration
Problem-solving under pressure Root cause analysis Security incident resolution
Time and project management Deadline-driven Task prioritization in dynamic environments
Adaptability to new tools and technologies Fast learner Self-starter
End-user empathy Clear escalation practices Customer-first technical support
Contact this candidate