Security Architect

11/2016 – 6/2017

F5 LTM, GTM and ASM

Load Balancing / Lastverteilung, Enterprise Architect (EA), System Architektur

7/2016 – 11/2016

On site as resident engineer for the Customer Amadeus
Migration from Cisco to Palo Alto networks firewalls
Implementation additional VSYS on production firewalls, Dynamic blocking list, URL Filtering + Reporting, Panorama Templates stacks, User Based policies, Zone protection profiles and Wildfire implementation
Network troubleshooting and operations support, Network and configuration analysis
Acting as customer technical liaison for Palo Alto Networks support and development teams
Deployment guidance to ensure that implementation is consistent with design specifications
Weekly updates on work in progress and current issues, if required

Reporting, Cisco Firewalls, Firewalls, IT-Support (allg.), Migration, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.)

3/2016 – 5/2016

 Trustwave, UTM’s, SIEM, Cisco Firewalls and Switching, Cyberark Enterprise Password Vault
PCI-DSS audit. Scope of work, liaison of Pen test with Trustwave. Communication with all teams to maintain PCI compliance
Projects: PCI-DSS SSL migration, lead the project to replace all certificates which supported SSL, allocated resources. Trustwave UTM Firewall audit for PCI audit
Guided as sole Security resource on various other projects, BAU for non PCI related security concerns

SSL / TLS, PCI-DSS, Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Qualitätsmanagement / QS / QA (IT), Enterprise Architect (EA), Architektur (allg.), Auditor, Kommunikation (allg.)

1/2016 – 3/2016

Palo Alto Network Firewalls, HP switches, F5 load balancers.
Firewall audit and improvement. Added DOS protection profile and SSL decryption policy
Server and Desktop Endpoint protection evaluation, Vendor shortlisting, Budget, Stakeholder approvals, Resource management and technical oversight of the project
Cisco PIX to ASA firewall upgrade
Critical Incident management document and ISO 27k audit

Incident Management, Netzwerk-Sicherheit, Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Enterprise Architect (EA), System Design, Telekommunikation / Netzwerke (allg.), IT-Beratung (allg.), Auditor

10/2015 – 12/2015

Cisco ASA firewalls with IPS, Checkpoint Firewalls with IPS, Threat Prevention, Antibot & Mobile Access, F5 LTM, Cisco Nexus routing and switching, Cisco Identity Services Engine, Qualys
Projects: F5 code update and GTM integration - HLD and LLD, Cisco IPS migration to Sourcefire IPS –HLD & LLD,
IPS tuning and review, Firewall audit and improvement
Daily BAU task and implementation of changes and support

Netzwerk-Sicherheit, Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), IPS (Intrusion Prevention System), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Migration, System Design, Telekommunikation / Netzwerke (allg.)

2/2015 – 10/2015

Palo Alto Network Firewalls using Global Protect with client certificates, Juniper Junos OS SRX firewalls and EX Switches using OSPF routing, Cisco Switches, F5 LTM Load Balancers used as SAML service provider and F5 APM LTM network access
Rollout of the Cabinet Office IT into the cloud. Consulting within Cloud deployments of network and security devices and service
Network and Security audit to comply with PSN Code of Connection (Public Services Network) and ISO 27k audit of the entire enterprise network
Consultancy for risk assessment and establishment of Information Security and Business Continuity plan
Documentation of an Incident response plan to protect the government data and improved general network security
Lead F5 architect on several service migration projects, including the design and implementation of 3rd party SSL VPN access through F5 LTM, F5 reverse proxy and architected and deployed a government wide F5 APM/SAML user authentication to several business critical applications
Acted as 3rd line to investigate network and security issues

Netzwerk-Sicherheit, IT Sicherheit (allg.), Informationssicherheit, Firewalls, Qualitätsmanagement / QS / QA (IT), Load Balancing / Lastverteilung, Enterprise Architect (EA), Migration, Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), IT-Beratung (allg.), Rollout, Design (allg.)

12/2014 – 1/2015

Response to the GOP Sony hack, consulted on security issues for the Palo Alto firewalls.
Vulnerability assessment, Security configuration Audit, Firewall rule-base audit.
Deployment of a Decryption Profile and Custom URL Category protection. Configuration of Security Profile Groups and adding Application awareness to the security rule-base on the Palo Alto Networks firewalls.

IT Sicherheit (allg.), Firewalls, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.), Technisches Qualitätsmanagement / QS / QA, Sicherheitstechnik (allg.), Auditor

11/2014 – 12/2014

Build of a new active-active cloud based data centre for the South West Grid for Learning
Low Level Designs of the following technologies: Internal Checkpoint VSX firewalls including IPS, F5 LTM and GTM load balancers, TippingPoint NGFW including IPS
Creation of Network Diagrams and review of High and Low Level Designs from other domains
Configuration of devices and configuration of firewall policies and IPS rules

Check Point (allg.), IT Sicherheit (allg.), IPS (Intrusion Prevention System), Firewalls, Load Balancing / Lastverteilung, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.), Architektur (allg.), Design (allg.)

10/2013 – 8/2014

Technologies: IBM Security Network Intrusion Prevention System, McAfee Network Security Platform, Checkpoint VSX and Palo Alto Network Firewalls, Cisco Nexus Switches, Citrix NetScaler Load Balancers
Architected, scoped and budgeted an enterprise £1M+ Network and Host Intrusion Prevention refresh project including an audit of the existing Network and HIDS solution
Provided architectural guidance to stakeholders and independently managed and coordinated the approved project to align towards service and departmental goals and consulted within other overlapping projects as like the Malware & DDOS projects
Collaborated with business units to identify company assets and conducted a technical risk evaluation of hardware, software, installed systems and networks to classify data and systems Host Intrusion Prevention protection
Designed and developed a proof-of-concept for the new IPS solution which will send system and intrusion logs to the Security Incident Event Management (SIEM)
Created several strategy documents to sell stakeholders the value and benefits of the Intrusion Prevention solution which included a design option pack - a mix between different Vendor and Open source NIPS/HIPS, a rough order of magnitude (ROM) estimate of the different NIPS and HIPS combinations and a High-Level Design of the chosen solution
Worked closely with project managers, system owners, and stakeholders to avoid redundancy, minimize expenditures, and improve overall strategies within organization and performed design reviews across the company

Hardware Entwicklung, Netzwerk-Sicherheit, McAfee (allg.), Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), IPS (Intrusion Prevention System), Firewalls, Qualitätsmanagement / QS / QA (IT), Load Balancing / Lastverteilung, Enterprise Architect (EA), System Design, Telekommunikation / Netzwerke (allg.), IT-Beratung (allg.)

9/2012 – 10/2013

Technologies: Checkpoint VSX managed by Provider1, Palo Alto Network and Juniper firewalls, F5 BIG-IP LTM
Independently managed and coordinated approved medium and large scale projects that align towards service and departmental goals
Acted as design and architect authority and provided high level IT Security briefing to management
Lead, coordinated, and managed all aspects of Security implementation, managed design sessions within areas of specialization. Oversaw the direction, development, and implementation of Security solutions, participated in design of new Network Security and strategies.
Client project requirements gathering, liaison with customers and project managers to translate the requirements into design documents.
Review of High Level Design documents for each project. Carried out security assessments and provided recommendations. Ensured that IP connectivity, topology, design and security settings are in line with customer security policy
Working with formal Change Control. Design and review of configuration changes for secured environments
Design and implementation F5 load balancing solutions
Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
Liaised with company's Operations team for prompt rectification of any problems or emergencies.

Hardware Entwicklung, Netzwerk-Sicherheit, Check Point (allg.), IT Sicherheit (allg.), Informationssicherheit, Firewalls, Load Balancing / Lastverteilung, Konfiguration, System Design, Telekommunikation / Netzwerke (allg.), Architektur (allg.), Management (allg.)

7/2012 – 8/2012

Technologies: Checkpoint managed by Provider1, Blue Coat Proxy and McAfee Web gateway, F5 BIG-IP (LTM)
Design and integration of network and security solutions on a project basis in the Network Services and Production Security team
Implementation of BAU security appliance changes, including OSPF and BGP route redistribution, policy based routing
Installation, configuration, and maintenance of F5 BIG-IP Local Traffic Manager (LTM) load balancers in a high availability environment.
Carried out day to day support activities of the enterprise network and the data centre sign and integration of network and security solutions on a project basis in the Network Services and Production Security team
Provided guidance and support to the enterprise; acted as single point of contact for Security Incidents and related issues.

McAfee (allg.), Check Point (allg.), IT Sicherheit (allg.), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Konfiguration, Router / Gateways, System Design, Telekommunikation / Netzwerke (allg.)

7/2011 – 6/2012

Technologies: Check Point NGX r54 – r70 running on Splat with VSX, SecureXL, ClusterXL, managed by Provider-1, Juniper and Cisco PIX and ASA firewalls on different platforms and F5 BIG-IP (LTM)
Executed proof of concept tactical plans. Consulted end-users, clients, or business owners to define business requirements for complex systems and infrastructure development.
Recommended and executed modifications to System, Network & System infrastructure in order to improve efficiency, reliability, and performance.
Designed and configured Cisco networking devices, on different platforms with VRF routing topologies, added Ace modules and CSS Load Balancers
F5 BIG-IP Local Traffic Manager (LTM) project design guidance, change coordination and implementation
Assigned to several projects as the sole network and firewall resource to deliver projects in time which included large projects with up to 450 data flows, medium and small project requests
Peer reviewed, advised and signed off network and firewall data flows for project related High Level designs
Writing change templates which bound to global naming standards and network security standards, peer review of team member’s changes
Implementation of Network and Firewall, Provider 1 Global policy implementation and management
Adhering to a strict change management process as changes are made on financial high critical firewalls
Analysed data traffic patterns within the network infrastructure, proactively identified symptoms and instabilities in a timely and accurate manner
Build of new firewalls in a physical and virtual environment, OAT testing of newly commissioned firewalls member of the Network and Security delivery team designing projects in a large Enterprise environment
Developed and executed test plans to check infrastructure and systems technical performance. Report on findings and make recommendations for improvement.

Hardware Entwicklung, Netzwerk-Sicherheit, Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Load Balancing / Lastverteilung, System Design, Telekommunikation / Netzwerke (allg.)

8/2010 – 5/2011

Architected and coordinated the migration of 150 VPN’s from a Cisco ASA firewall to a Juniper Firewall, including the creation of a VPN policy procedure document, a detailed Juniper VPN deployment guide, 3rd Party VPN request form and ensuring that a suitable support process exists for the new VPN’s
Creation of a “Future Mode of Operations” data centre documentation, a firewall operability - change and maintenance guide and security device policy and naming standards guide, updated all existing documentation
Network stream lead of the “Datacentre migration project” - project, risk and issue management, ensuring that projects are efficient and delivered on time
Involved in the architecture discussions and agreements for the shaping of the new data centre environment, including the approval of High Level Designs, review of firewall changes and approval as a CAB member, supported the Network and Security Architect within daily duties
Juniper Firewall security policy review to ensure that insecure or unnecessary firewall rules are removed and a general policy improvement (firewall rule base clean-up)

Cisco Firewalls, Juniper Netscreen, IT Sicherheit (allg.), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Migration, System Design, Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), IT-Beratung (allg.)

7/2010 – 12/2020

IT Network and Security Consultancy

IT
Networking
Security
Data Centers

-------------------------------------
- High Level Design
- Low Level Design
- Implementation
-------------------------------------

Experienced in designing and/or implementing IT security solutions in a medium to Enterprise environment
Strong understanding of IT infrastructure concepts and architectures, and good understanding of project management methodologies and Solution Delivery
Knowledge and understanding of security protocols, methodologies and architectures through detailed experience in deployment of diverse, resilient security solutions across a wide range of vendor platforms
Firewall expertise utilising Checkpoint on several platforms, Palo Alto, Juniper and Cisco PIX & ASA firewalls
Excellent troubleshooting skills of any kind of platforms including networking skills
Site to Site VPN expert on several platforms
Network & IT Security design
Network & IT Security implemtation
Network & IT Security support
IT solution design
IT Architecture
IT Process Definitions
Business Process Optimization
Critical projects and situations
Complicated structures
Analysis and design
IT Infrastructure project management

Check Point (allg.), Cisco Firewalls, IT Sicherheit (allg.), Firewalls, Enterprise Architect (EA), IT-Support (allg.), System Design, Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network), Prozessoptimierung, Architektur (allg.)

3/2010 – 8/2010

Employed as Security Designer within the Network and Security design team, to design and deploy new security infrastructures, ensuring a timely and quality delivery of platforms which meets current standards which included the migration of 280 Checkpoint Firewalls to Juniper Firewalls, a worldwide enterprise Websense with Blue Coat ProxySG integration and an enterprise Tipping Point 10GB IPS solution
Responsible for the design of new firewall deployments for the worldwide offices of the Enterprise client, end to end IPSEC and GRE VPN’s
Performing vendor assessments and technical proof of concepts to help the Enterprise client to select fit-for-purpose solution(s), engaged with the technical part of the documentation for the “Request for proposals” and “Statement of Requirements”, Created technical definitions at a detailed level of the architecture and design
Analysed business needs and requirements in terms of technical solutions, defining the technical requirements, integration issues and dependencies, identifying the architectures best suited to client needs
Liaised with product vendors, technical specialists, colleagues and other information sources to define product sets capable of fulfilling the client requirements
Developed detailed implementation plans to accommodate network growth, security, and enhancements by maximizing functionality of network security equipment
Drafting functional requirement descriptions, carrying out feasibility studies and liaising with external security specialists

Hardware Entwicklung, Netzwerk-Sicherheit, Check Point (allg.), Bluecoat (allg.), Juniper Netscreen, IT Sicherheit (allg.), IPSec, Firewalls, Load Balancing / Lastverteilung, Migration, System Design, Telekommunikation / Netzwerke (allg.), Architektur (allg.), Technische Konzeption

8/2008 – 2/2010

Designing, implementing, maintaining and supporting internal networks in an E-Commerce environment
Troubleshooting routing and firewall issues, followed by technical design meetings and workshops
Overseeing the upgrade and deployment of new Crossbeam &, Nokia Firewall clusters, new Toplayer IPS clusters, Sourcefire IDS running RNA and RUA, RSA Secure ID clusters, Blue Coat ProxySG and F5 Firepass clusters, migration of the company wide Firewall estate from Checkpoint on Crossbeam appliances to Juniper 5400 running Virtual Systems (VSYS), creating accurate documentation
Implementing several internal and 3rd party VPN’s on Checkpoint, Juniper and Cisco ASA firewalls
Analysing and implementing firewall changes, developing firewall polices including removal of unused objects and policies and creating change documentation including documentation of firewall rules
Sole F5 BIG-IP Local Traffic Manager (LTM) change implementer – mentored other team colleagues
Managing and implementing changes within strict timescales and controls whilst maintaining live services at all times, responding rapidly on high priority incidents during on call rota
Proactively involved in quality resolution of complex technical issues, responding with an appropriate sense of urgency to problems escalated; coordinated with the appropriate departments to determine positive solutions that increased end user satisfaction
Carrying out daily housekeeping tasks – firewall requests, proxy management, system checks, IPS management, log checks, appliances maintenance, ensuring that system patches are applied
Monitoring of all security devices including Firewall and Intrusion Detection Systems
Upgrading existing security systems to appropriate current hardware and Software levels

Hardware Entwicklung, Check Point (allg.), Cisco Firewalls, Bluecoat (allg.), Juniper Netscreen, IT Sicherheit (allg.), IPS (Intrusion Prevention System), IDS (Intrusion Detection System), Firewalls, Load Balancing / Lastverteilung, IT-Support (allg.), Migration, System Design, Telekommunikation / Netzwerke (allg.)

9/2007 – 8/2008

 Provided proactive 2nd Level technical security application support in English and German
Manage/Configure/Troubleshooting Check Point VPN-1 NG(X) Firewalls, Splat, Crossbeam Firewalls, Nokia Firewalls, F5 BIG-IP LTM, F5 BIG-IP GTM, F5 BIG-IP ASM, FirePass, Bluecoat, AAA, Sourcefire IDS/IPS and ISS.
Adhering to escalation and call management processes and procedures
Attended training courses covering products and technologies
Network protocol analysing, troubleshooting with log files, basic Linux administration

Netzwerk-Sicherheit, Check Point (allg.), Bluecoat (allg.), IT Sicherheit (allg.), IPS (Intrusion Prevention System), IDS (Intrusion Detection System), Firewalls, 2nd & 3rd Level Support, IT-Support (allg.), Telekommunikation / Netzwerke (allg.), VPN (Virtual Private Network)

6/2005 – 10/2006

Support Engineer (Contract) October 2006 – August 2007
AIRPRODUCTS PLC, Hersham, England

IT Systems Technician (Contract) June 2006 – September 2006
SIEMENS BUSINESS SERVICES, Munich, Germany

IT Systems Technician September 2005 – May 2006
COMPUSAFE DATA SYSTEMS AG, Munich, Germany

IT Support Technician December 2004 – June 2005
BRITISH TELECOM, Munich, Germany

2nd & 3rd Level Support, IT-Support (allg.)