SUMMARY:

• I is CISSP certified IT /ICS (Industrial Control System) Security Architect with over 35 years of experience in the architecture, design, implementation, testing and support of mission - critical systems, NOC (Network Operation Centre) and SOC (Security Operation Centre) SP800.61v2 (Incident Response), SIEM (Security Information and Event Management) SP800.137 (ISCM) implementation (QRadar, ArcSight, Splunk) and associated Risk-Assessment for Assets, implementation of IAM (Identity-Access-Management) SP1800-2c, PKI SP800.175B (Public-Key-Infrastructure) (very large scale dynamic Private/Public key encryption), Security (NERC-CIP, PCI-DSS, ISO27001/2, SOC2 Reports), implementation of Firewall /IPS from different vendors (Checkpoint, Juniper Cisco, Tipping Point), WebSense (Security Filtering), RSA (public /private key encryption technology)
• RADIUS and Cyber Security Architecture for Critical National Infrastructure based on ISA-99, NISTIR7628, SP v4 and SP /83 NERC CIP 002-009 for 61850 series, ICS 62351, TC57, CIM, (Common Information Model), SCADA (Supervisory-Control-and-Data-Acquisition) as well as for Security for Enterprise based on ISO27001/2 for Infrastructure of telecom, banking, insurance, airports, airlines, Water, Electricity as well as Oil and Gas Industry.
• My background is in LAN, WAN, DWDM, CDWM, Routing, Switching (OSPF, EIGRP, BGP4, MPLS, MPLS-TP (mpls-Transport-Profile), TWDM-PON (Time-and-Wavelegth-Division-Multiplexing-Passive-Optical-Network), GPON (Gigabit-Passive-Optical-Network, OSN8800, OSN1800), network design, IP, QoS and Multicast in infrastructure. I has deployed many Data-Centre /DR (Disaster Recovery) using DWDM, CWDM, Cisco, IBM, HP Blade Servers, Catalyst 6500, Nexus 9K, 7K, 5K and 2K, 9600/ACI, VPC and FCoE (Fibre-Channel-over-Ethernet) solution (used for Private-Cloud-Data-Centre). I is well versed in Cisco-ACI (Application-Centric-Infrastructure)/APIC as well as Unified Data Centre Solutions such as “VBLOCK” (Unified capabilities of Cisco UCS (Unified-Compute-System, VM-Ware Virtualization and EMC Multi-tier Storage) (used for Cloud implementation) and VM-Ware Micro-Segmentation Cloud Security using NSX (DVS (Distributed-Virtual-Switch), VXLAN (Virtual-Extensible-LAN), VTEP (VXLAN-Tunnel-End-Point), vRouter (DLR)(Distributed-Logical-Router), vFW (DFW) (Distributed-Fire-Wall) and vLoad-Balancer in creating scalable private and hybrid cloud (Microsoft Azure).
• I has substantial experience in SIEM (Security-Information-Event-management-System) products such as IBM Q-Radar, Splunk and ArcSignt solutions.
• My knowledge in MP-BGP (Multi-Protocol-BGP), BGP4 (Border Gateway Protocol), ISIS, OSPF, EIGRP, MPLS-VPN (Multi-Protocol-Lable-Switching-VPN), IGMPv3, PIM-SSM (Protocol-Independent-Multicast Source-Specific-Multicast), RADIUS, WIFI, VoD (Video on Demand), VoIP (Voice over IP), Polycom Tele-presence, Check-Point-FW, Cisco ASA5580 Context, Juniper NetScreen (Firewall), Juniper SSL-VPN, Windows Active Directory, Forefront Identity
• Manager cloud-based identity and access management solutions on Azure AD (IAM) TEMPhas enabled me to architect and implement very large networks ($50 Million projects) and secure them successfully. I has hands-on experience in large-scale deployment of IPSec-VPN, DMVPN (Dynamic-Multipoint-VPN), MPLS-VPN, VoIP (Voice-over-IP), and Video network architecture, Network /Security Architecture, IP, MPLS, Multicast, Firewall, IDS /IDP (Intrusion-Detection-System /Intrusion-Prevention-System)
• DC/DR (Data-Centre /Disaster-Recovery), connecting SAN (Storage-Area-Network), FC, FCIP (Fibre-Chanel-over-IP) and SAN multi-tier technologies in Private Cloud implementing using VM-Ware, ESX and vSphere in multi-Vendor Cisco, Juniper, Nortel, Checkpoint, Sun, Microsoft, Red-hat, HP, Dell and IBM infrastructure.

PROFESSIONAL EXPERIENCE:

Confidential

ICS Security Architect /IT Architect

Responsibilities:

• Define policy and procedures to unify the security aspect of OT and ICS technologies based on ISO 27001/27002, IEC62443, ISA 99, NISTIR 7628v4, SP, NERC CIP002-009v3 /v5 frameworks. Identify suitable security framework (COBIT 5), upgrade communication infrastructure, update current security policies and procedures. Design and implement OT Data Centre and associated physical and cyber-security securing OT services protecting Operation from Smart Grid services compromises using best of bread Active Directory, Checkpoint, Cisco,
• Firewall, IPS, Netflow, VBlock (Cisco UCS, VM-Ware and EMC/Dell) Multi-tiered Storage /Avamar-Backup and VMware Micro-Segmentation and Cloud Security using NSX (VDS, VXLAN, NSX-DFW, VTEP, vRouter, vFW, vLoad-Balancer). Identify and deploy suitable scalable IAM service using Microsoft (MS) Active Directory, MS Forefront Identity Manager and cloud-based identity and access management solutions on Azure Active Directory. Restructure OT (Operation) communication infrastructure (LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) -
• Deploy independent OT and ICS infrastructure from IT and Smart Grid using DC/RDC/DR based on unified DC (VBlock) private cloud, SOA (Service Orientated Architecture) and Services Orchestration. Creating isolated NOC (Network Operation Centre), monitoring with scalable Solarwinds EOC (Enterprise Operation Console), Implement state of art SOC SP800.62v2, define SOC Use-Cases to filter and correlated logs for SIEM (QRadar), update Ticketing-System and SAP, Integrate Emergency Response team with Integrated Dashboard
• Services Orchestration using feed from SIEM (QRadar), SIEM case-design and related Cyber Security for “Data in transit and at Rest”, deploy Role-Based-Access-Controls (Active Directory /IAM) on need-to-know bases as well as Security audit (NERC-CIP, PCI-DSS, ISO27001/2, SOC2 Reports). Support Smart Grid infrastructure integration and security including following smart grid projects Smart Meters and other Smart Grid programs such as DG (Distributed Generation), DR (Demand Response), EV (Electric Vehicle), and DA (Distributed Automation) by creating scalable PKI, base on UTD (Unified Threat Defence) for over x400 Transmission Substations as well as x30,000 pocket Substations, 801.15.4g (Zigbee /6lopan) RF-Mesh as well as upgrade of infrastructure via key future poof technologies such as WDM-PON, TWDM-PON, GPON and Huawei OSN9800, OSN1800 fibre to home technology.

Confidential

Smart Grid IT Architect

Responsibilities:

• I was acting as Smart Grid IT Architect in Central Office (Ontario Project) as well as acting as a member of CoC team for Siemens Smart Grid development in Fredericton. Responsible for consultation and planning multi-year business transformation program for Siemens smart grid clients.
• This included smart grid complete IT/OT/Infrastructure /Security Architecture restructuring using Siemens structured architecture framework. Estimating client’s transformation requirements using Capability Maturity Model Integration (CMMI). Deliver all planning phases and services using Siemens Smart-Grid Products for IT /OT / Security Architecture based on NERC CIP002-009 as well as pricing Business-Transformation-Program for multiple years.
• Following Siemens Smart Grid transformation framework client goes through Smart Grid 360 degree capability maturity model consulting program that includes “Orientation” and “Destination” consulting studies via which clients of progress for IT/OT/Infrastructure is agreed upon. From above studies Gap-Analysis and maturity model diagram is created that compare with “as-it” with desired level of maturity. The final “Routing” study phase identifies Siemens relevant Smart-Grid Products customization based on NERC CIP002-009 client requirement and a Business-Transformation-Program is created and priced.

Confidential

IT Systems and Infrastructure Architect

Responsibilities:

• Reporting to IBM as IT Systems and Infrastructure Architect to ADS project; my responsibility is to Architect Network and Systems for the ADS solution - (LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4). The team consist of 60 IBM, Hydro-One, GE (General Electric) and Telvent personnel. As architect I support delivery of conceptual and logical design of infrastructure and “IT Management Services” required in services catalogues for ADS program based on ITIL SOA.
• Key services are suitable; scalable IAM (Identity Access Management), HP SIEM (ArcSight), Microsoft Active Directory (IAM), MS Forefront Identity Manager, RSA, Radius, Citrix XenDesktop integration and Solar Winds. Program implementation is based on ICCP (Inter-control Centre Communications Protocol IEC60870-6) and SCADA (supervisory control and data acquisition) concepts with maximum 2 seconds response time to events on Electrical Systems.

Confidential

Network Architect

Responsibilities:

• (LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) - My responsibility as Network Architect in Confidential is integrating acquired assets, network-infrastructure, and create support-mechanisms and unified services and turn them into unified global architecture following ITILv3 standard and design.
• My activities include following concepts: IP restructuring, VoIP global unification, creating Video-conferencing facilities, building network and services redundancy, delivering QoS (Quality of Service) to deliver Voice, Video and Data across acquired networks, implement CWDM (Corse Wavelength Division Multiplexers technology), build global Data Centre, Disaster Recovery using SAN /Brocade, FC, FCIP, FCoE, NetApp communication
• NetApp Storage Management System, Nexus 10G, Server Virtualization, L3 Load Balancing using F5 BIG IP LTM /GTM (Local /Global Traffic Management)
• Riverbed 7500 accelerator, WebSense Global Security solution, MS Active directory, Citrix NetScaler, Citrix XenApp, VM-Ware, ESXi, vSphere, vCenter, Citrix XenDesktop virtualizations, Firewall-Security-Zones restructuring, Global Service Design Delivery and Monitoring, IT Procedure definitions, Telepresence, Cisco Unified-Communication Service-Deployment - and unified Hierarchical Network Management, Monitoring using Solarwinds EOC etc.

Confidential

Network Architect

Responsibilities:

• (LAN, WAN, DWDM, CDWM, Routing, Switching, OSPF, EIGRP, BGP4) (1) In BW-Management project I helped prevent Peer-to-Peer application use most of core network bandwidth and deployed 120 Cisco Deep Inspection Engine (SCE) and its associated 40
• Collection Managers Servers (Sun Netra-240) control and manage Rogers Internet services usage at a cost of 30M $CAN. (2) In IPSec Extranet project I help to use Cisco IOS-FW, Authentication-Proxy and Inspection-Technology to provide safe and large scale
• Network-to-Network access for Vendors; enabling them to reaching deployed Servers in Rogers’s network for support purposes with minimal risk to Rogers using Gated-Access-Technology. (3) In HD VOD (High Definition - Video On Demand) project
• I has evaluated the upgrade path for re-architecture of Roger HD VOD Services using Multicast MPLS-VPN and PIM-SSM technologies with Sea Change and Tandberg VOD Server and Services. This enabled Rogers to deliver HD and VOD services later to its 3 million customers.

Confidential

Network Specialist

Responsibilities:

• During contract I worked on three projects. (1) For Agriculture Canada HQ project (Canadian Government), I acted as the Infrastructure Architect where I completed planning and architecture of the new HQ network.
• As a result personnel from 12 sites of Agriculture Canada moved to HQ. (2) In School Board project I completed the deployment of core network using Cisco 6500 with integrated FW, IDS and NEM Modules.
• Over 200 schools and 30,000 users were connected to Ottawa School Board using the new system and could use Internet-Services. (3) In Statistics Canada Project I implemented a multi-Layer Multi-vendor firewall
• (PIX / Check-Point) network where it was essential protecting very sensitive data. This enables sensitive data to be protected from software weaknesses of single firewall vendor.