Sajid Ali

Sajid Ali WORK EXPERIENCE Sr. IT Security Specialist Higher Education U.A.E Nov 2007 – Present Responsible for providing and implementing overall security infrastructure thereby ensure protection confidentiality, integrity, and availability of information and information systems. The scope of this work includes security services for all the devices and services provided by the Infrastructure and Core Technologies Group and may extend to assignments in support of the EAI and CSC Groups as well. • Plan, organize, and maintain an effective enterprise security architecture. • Consult on long range planning for strategic Higher Education growth. • Proven experience managing mature technical staff. • Managing large and small project and budgets as well as getting results and improving efficiency and effectiveness. • Conduct Security vulnerability assessments, Penetration testing of systems, networks and communicate their result to the relevant team. • Analysis and documents network security requirements and define a security policy for firewalls and other network control point devices (eg. switches, VPN, routers, Wireless Access points, etc) and for enterprise client and business critical servers. • Installs configures, manages and monitor infrastructure security for threats or unauthorized access • Conduct ethical hacking and vulnerability probing to identify security risks in IT infrastructure and applications. • Regularly updated security policy to ensure maximum security of information and information systems • Upgrades security infrastructure by implementing and maintaining security controls. • Proactive monitoring and in-depth analysis of security related threats and events logs. • Response to incidents, conduct investigation and define measures to prevent re-occurrence. • Assist in evaluation of new security technologies and solutions in collaboration with other teams and prepare proposals to management. • Assist in developing security KPIs for measuring effectiveness of implemented IT Security controls • Demonstrate and apply strong project handling skills, inspire teamwork and responsibility with team members. • Use technologies and tools to enhance the effectiveness of deliverables and services. • Enables the work of the Customer Support Center (CSC) by solving security-related solving problems on a daily basis. • Train end-users and promote IT Security awareness. • CAB Team member. Major Projects - Education • Identity and Access Management (IAM) PingFederate, PingOne, PingProtect with UAEPass integration and MFA - • PingOne+PingProtect MFA project in progress • Application Observability for University websites and applications – in Progress • Palo Alto Networks Global Protect – 2020 • Microsoft Azure – Managing as Security Admin • Privilege Remote Access - 2022 • Splunk Enterprise & Enterprise Security Implementation (SIEM) - 2018 • Enterprise Vulnarbility Solution from Tripwire IP360, CCM and SIH - 2008 • CoreImpact Implementation and VA validation for Enterprise - 2012 • MicroFocus WebInspect and Static Code Analyzer (Fortify) - 2012 • New Campus Perimeter Security Design and Implementation -) ◦ Palo Alto Networks as Perimeter Firewall ◦ Juniper Network SRX-3600 Firewall (Core FW) ◦ HP TippingPoint 2500N-TRHA (Perimeter) ◦ BlueCoat Proxy SG 9000-40 ◦ F5-BigIP Cache LB ◦ Infoblox as External DNS ▪ Grid Master (HA) ▪ Master Candidate (HA) ▪ Grid Members ◦ Juniper Network SA-6500 (SSL-VPN) ◦ Fortinet- FortiMail 2000A (SMTP Gateway) ◦ Upgraded University SMTP Gateway from FortiMail to Cisco IronPort ESA ◦ ArcSight ESM/Logger deployment for SoC ◦ Splunk Implementation for SoC • New Campus Data Center Security Design and Implementation ◦ Palo Alto Networks 5060 as DC Firewall ◦ Juniper Network SRX-5800 Firewall ◦ HP TippingPoint 5000N+Core Controller ◦ F5-BigIP Application Load Balance ◦ Juniper Network Unified Access Control (EndPoint Security) ◦ nCircle IP360 Vulnerability Assessment ◦ HP ArcSight and Logger Implemenation (as SIEM and Central Event Logger) • New Campus End Point Security (PulseSecure PPS and PSA) - 2012 • F5-VIPRION Implementation and Migration from F5-BigIP 6400 - 2014 • SMTP Gateway Implementation and Migration from Old system to Fortinet New and enhanced hardware FortiMail 2000B - 2015 • Wireless Infrastructure Security using WPA2-Enterprise - 2018 • On-Board Enrollment System for Wireless (Student/Staff/Faculty and Guest) - 2018 • ISO-27001 part of Implementation Team - 2016 • Infoblox DDI & SPM (DHCP migration from MS and Switch Port Manager) – 2010 • Many more… Sr. Network Security Engineer Alpha Data Abu Dhabi U.A.E Jan 2004 – Oct 2007 Alpha Data is one of the largest and diversified companies of UAE with a workforce of 600+ qualified professionals. Alpha Data focuses on five main business areas. • Enterprise/Carrier Networking Division • Telecom Division • Enterprise Solution (Software development & Microsoft Application) • Infrastructure Cabling • Audio Visual Each Division has an independent operation and having tie-ups with world’s leading vendors like Juniper Networks, Nortel Networks, Marconi, Microsoft, Extreme Networks, Acer, Symantec and much more. Sr. Network Security Engineer for Networking Division, activity include presale consulting, designing IP Network, data center, and network security infrastructure. Scope of the position is expansive and includes full design, installation, implementation, training and support for • LAN/WAN Network Implementation and services • 24 X 7 H/A Data Centre Management & support • Security and risk assessment, implementation and design of security policies for wired and wireless infrastructure. • Content delivery Networks design and implementation • Wireless Network design and implementation • Troubleshooting and problem resolution of elusive customer network and difficulties • Participate in the selection of equipment and vendors for new projects Provide hands on training for customers Network/System Administrator Sweety Textiles (Pvt) Ltd Faisalabad – Pakistan Jun 2002 – Dec 2003 • Manage and Implement IP Data Network & Security. • Perform troubleshooting end-to-end between two sites. • Implemented and managing Windows 2000 Server based Client/Server • Image and re-image users’ desktops and laptops using ghost software. • Setup, configure and troubleshoot Internet Explorer 5.0/6.0 and Outlook2000/XP/2003. EDUCATION University of Liverpool – UK Master of Science (M.Sc) – Computer Security PROFESSIONAL SKILLS Summary of Skills • Compliance and Information Security Review • Demonstrated customer service and personal management skills • Vendor negotiating skills • Ability to configure, implement and maintain VA/PT tools and documentation • Ability to communicate effectively with non-technical and technical staff • Ability to perform tasks in a team as well as independently • Skilled in handling multiple projects and meet deadlines • Excellent troubleshooting, analyzing and problem-solving skills • Highly motivated and ability to work in a dynamic and fast-paced environment • Highly skilled in developing innovative solutions to handle complex problems. • Mentor all levels of skillsets within the team Technical Skills • PingIdentity – PingFederate + PingOne + PingProtect • Security (Firewall/SSL/IDP/IDS/VPN/security event handling and NG-FW) • Security Infrastructure Design and Implementation • Web Application Firewall (WAF) (F5-ASM) • EC-Council CEH v8 • EC-Council ECSA (EC-Council Certified Security Analyst) • Tripwire CCM (Configuration Compliance Manager) • Tripwire SIH and IP360 • Core Security (Core Impact) • MicroFocus WebInspect and Static Code Analyzer • Vulnerability Assessment (Qualys, Acunetix, Nexpose and Nessus etc.) • OpenSource Security Tools (Nmap, Wireshark, Kali Linux etc.) • Establishing & Implementing Security Guidelines for Network Systems and Servers • Network Admission Control & Wireless Security (Cisco ISE 2.x, PulseSecure) • Security Information and Event Management (MicroFocus ArcSight & Logger/Splunk) • Network Management (SolarWinds, MRTG/PRTG, Cacti, NetFlow/Event Log Analyzer) • Application Delivery Controller and Server Load Balance (F5) • SMTP Gateway Security (Cisco IronPort, FortiGate FortiMail) • Switching (L2/L3 Cisco, Extreme, Brocade, Nortel, Juniper) • Wireless Security (WAP2-Enterpise) • Cisco ACI • Internal and External DNS Security - Infoblox (DNS/DHCP/ IPAM) • ISO 27001:2013 Lead Implementer Non-Technical Skills • Project Management • Analytical problem solving • Vendor Management • Customer Management • Compliance Review (ISO 27001:2013) Industry Certifications • PCNSE (Palo Alto Networks Certified Network Security Engineer) • CHEv8 • ECSA/LTP v4 • ISO 27001:2013 Lead Implementer • ITIL v3 Foundation • JNCIP-Sec (SRX Platform- Juniper Network Junos-Sec) • Accredited Configuration Engineer (ACE) from Palo Alto Networks • ISO27001:2005 (Lead Auditor) • JNCIA-SSL – Security (Netscreen SSL-VPN) Juniper Networks • JNCIA-M – Routing (M/T Series) Juniper Networks • JNCIS-EX – Juniper Enterprise Ex Series Switch • CICE – Certified Infoblox Core Engineer (DNS/DHCP/IPAM) • CICA – Certified Infoblox Core Administrator • CCNA – Cisco Systems Technical Training • ISO 27001:2013 Lead Implementer • Certified Information System Security Professional (CISSP) • Juniper Networks – Advanced Junos Security v12 • Configuring Big-IP Local Traffic Manager v11 • Infoblox DNS/DHCP/IPAM (NIOS Configuration/Advance Admin) • Junos Pulse Secure Access (JPSA) v7.x • Blue Coat Certified Proxy Administrator (BCCPA) • Blue Coat Certified Proxy Professional (BCCPP) • FortiGate Multi-Threat Security System I & II • ITIL v3 Foundation –University • ISO 27001:2005 Lead Auditor • EC-Council Certified Ethical Hacker V8 • EC-Council Certified Security Analyst/LPT • Cisco SESA (IronPort ESA) • F5-ASM (Application Security Manager v12) • ACE (PaloAlto Networks) • ArcSight ESM Security Analyst - AESA  • Creating Advanced ESM Content for Security Use Cases (ArcSight)