arshid Shafi Ahmed

Networking Certificates

1. CCIE- Written ENCOR Certified [Enterprise Infrastructure]

2. CCNP Certified [Cisco Certified Network Professional]

3. CCNA Certified [Cisco Certified Network Associate]

4. Trained & Experienced in HUAWEI & JUNIPER Routers & Switches in IBM.

Security Certificates

1. FortiGate NSE-3 Certified [Network Security Professional]

2. FortiGate NSE-1&2 Certified [Network Security Associate]

3. SonicWall NS -102 Certified [Sonic Wall Firewall - Network Security]

4. Trained & Experienced in JUNIPER SRX & CHECKPOINT Firewall in IBM.

Cloud Certificates

1. Microsoft Azure Security Technologies Certified [AZ -500]
2. Microsoft Azure Networking Solutions Certified [AZ -700]

3.   CloudFlare - Business Account Security Experienced

Trained & Experienced in ITILv3 SLA environment.

Networking Certificates

1. CCIE- Written ENCOR Certified [Enterprise Infrastructure]

2. CCNP Certified [Cisco Certified Network Professional]

3. CCNA Certified [Cisco Certified Network Associate]

4. Trained & Experienced in HUAWEI & JUNIPER Routers & Switches in IBM.

Security Certificates

1. FortiGate NSE-3 Certified [Network Security Professional]

2. FortiGate NSE-1&2 Certified [Network Security Associate]

3. SonicWall NS -102 Certified [Sonic Wall Firewall - Network Security]

4. Trained & Experienced in JUNIPER SRX & CHECKPOINT Firewall in IBM.

Cloud Certificates

1. Microsoft Azure Security Technologies Certified [AZ -500]
2. Microsoft Azure Networking Solutions Certified [AZ -700]

3.   CloudFlare - Business Account Security Experienced

Trained & Experienced in ITILv3 SLA environment.

NETWORKING:

•  Working in CISCO 1800, HP MSR935 routers to connect all our branches to Head offices and CISCO 3750, 2960 switches for local LAN.
• Creating VLAN, DHCP servers, Switch Stacking and Route Forwarding, HSRP.
• Core knowledge OSPF, route re-distribution, ACL, PVST+, HSRP, Port Security, Subnetting.
• Providing high availability using multiple redundant EtherChannel links from all ACCESS. SWITCHES to CORE SWITCH and STACKING of core 3750 Switches, and HSRP for critical servers. 
• Providing layer3 and layer2 security through Access Control List and Port Security-MAC binding.
• Installing CISCO IP phones through CUCM according to business requirement and troubleshooting. 
• Setting / configuring Access Points with controller, Door Access Controller, Attendance machine, Digital Signages, Video Conferencing. 

SECURITY:

• Creating DMZ, LAN, WAN zone according to requirement and Appling WEB, APPLICATION, IPS, AntiVirus policies on ForiGate 201e, FortiGate30e and SOPHOS-XG firewalls.
• Configuring multiple WEB filter, APPLICATION filter, IPS, DNS, AntiVirus policies and applying according to user group and department. 
• Cyber Threat Management, Network and Infrastructure Security, Application Security, Incident Response, Security Monitoring, etc.
• Implementing Security Information and Event Management (SIEM), Advanced Threat Protection, Privileged Access Management and/or Identity and Access Management.
• Penetration Test on network to simulates hacker attack via ethical hacking tools.
• Creating rate limit policy for DDoS attack and set the threshold accordingly. 
• Shaping the traffic through SD-WAN and QoS and providing priorities as per business requirement. 
• Public WAN to LAN port forwarding through Virtual address object (VIP) and security policies.
• Synching the AD server and FortiGate firewall for user mapping and authentication. 
• Setting multiple SSLVPN according to job role, through AD server user authentication.
• Setting 2-factor auth for SSLVPN users by integrating with SMS Gateway & Active Directory.
• Updating the firmware regularly any monitoring the logs and taking necessary action & reporting. 

CLOUD SECURITY:

• Creating layer 7 policies in AZURE/CLOUDFLARE and Allow/Deny traffic according to business topology setup for our Web Server and App Server.
• Deploying VM, NSG, Firewall, Gateway in Azure Cloud. 
• Deploying Site-to-Site Tunnel between on-premises firewall and AZURE Cloud.
• Setting Rate Limit policy, WAF, BOTNET policy, Threat score, IP Access Rules, Browser Integrity, and user agent filtering for all incoming traffics before hitting our WEB/APP servers.
• Blocking/Allowing the Countries, Zones, IPs, User Agents, and users according to business policies. 
• Setting SMS/mail notification based on severity of attacks. Monitoring & Reporting and Action.