IMTEYAZ

AHMAD
CISA|CISM|CEH|CHFI|CCIE|MCSE|ITIL| CIA|CCNP|CCNA,

Plot-105.Sangam Nagar, Ring Road, Nagpur-440013

Email: [email protected] ; [email protected]
MOBILE: 0091-8600038911/7208835363
GCC Driving License: Valid Till 2017, Passport Valid Till: 10th April 2022

PROFILE SUMMARY:
A technocrat with 20 years’ experience in Linux/Unix and Network security ; Specialized in Security
assessment, design, implementation, and management of a wide variety of Information Security products
and services including Fox-it / Lightware Data diode, F5 Big-IP LTM,/GTM, Palo Alto    PA-
500/2020/3060, Fortinet products such as Fortigate, FortiAnalyzer, FortiWiFi, FortiAP, FortiDB, and
FortiManager. Fortigate UTM ,c UTM ,Sourcefire IPS ,Stonesoft IPS ,Rapid7, SIEM(IBM Qradar),,
IronPort mail & web security, FireEye Web and Email Security ,Kaspersky Endpoint Security .   
Extensive experience in, Risk Assessment Tools and Methods, IT Security Framework Design and
Implementation, Security Risk Management , Security Metrics and Measurement, Identity Management,
Firewalls ,Security Policy Design ,Troubleshooting. In-Depth Knowledge of Regulatory compliance,
Process reviews, ISO 27001-2 controls.

 Hands-on expertise in Implementing unidirectional gateway firewall ( Foxiit / Lightware Data

diode)
 Configuring Linux firewall using iptables for system/host security.
 Installing and configuring nessus vulnerability scanner
 Performing vulnerability scans for Unix/Linux environment
 Preparing Scan reports and implemented solutions to eliminate/mitigate security risk.
 Installing, configuring ossec intrusion & detection server and client for the entire Unix/Linux
environment
 Used CA & Centrify identity management to enforce strict role based access control in UNIX
environment.
 Hardening Redhat Linux 6 and Solaris 10 server.
 Managing patching on redhat 6 and Solaris 10 server using, yum and pca report tool.
 Creating and managing user accounts. Setting password aging and account expiration.
  Troubleshooting user account issues and network related connectivity issues
 Installing and provisioning new servers to the network using non interactive kickstart and,
jumpstart installation.
 Troubleshooting system boot issues using rescue environment and single user mode.
 Performing system monitoring; cpu, memory, I/O, hardware, jobs scheduling and processes
management
 Creating new partitions, including raid partitions, logical volumes, zfs file systems for running
systems nondestructively.
 Performing package management for system upgrades and updates using yum and rpm.
 Building local yum repository for internal network use.
 Creating and extending physical volumes, volume groups. Resize existing logical volumes for
additional space requirements.
 Restricting access to files and directories using Access Control Lists file permissions. Set suid, sgid
and sticky bits on files as needed.
 Configuring NFS servers for file sharing in Solaris 10 and Rhel 6 Servers.
 Troubleshoot network connectivity, hardware, cpu, memory, I/O, boot, DNS and other application
issues
 Installing and configuring DNS for internal name resolution.
 Installing and configuring zones in Solaris 10.
 Implementing Raid 0 5 in Rhel servers and Raid 0 Z in Solaris 10 servers.
 Setup ZFS user quotas, group quotas, refquotas in Solaris 10 and user and group quotas in Rhel 6
Expertise in defending against cyber security threats, perimeter protection, network protection,
minimizing control plane attacks, minimizing data plane attacks, internal application protection (malware
protection), cyber security framework for layered networking defenses in OIL&GAS, Utility,
Manufacturing, Govt and BFSI sector. Extensive background in event log monitoring of security devices
i.e. intrusion detection/ prevention systems, firewalls, VPN, ACS, and Application level firewalls, content
filters, Hands-on with Fortinet firewalls and a comprehensive knowledge of IP networking and network
security including Intrusion Detection, DMZ, encryption, IPSec, PKI, VPNs, MPLS/VPN, Site to Site
VPN tunnels, SSL/VPN, proxy    services, and DNS. Indepth Knowedge of networking protocols TCPIP,
SMTP, FTP, HTTP, SNMP, Syslog, SSH etc. Acute understanding of networking, hardware, software, and
data centers, as well as emerging technologies, such as BMS, Security Surveillance( CCTV/IP Camera,
Biometric, Anti Crash, Barrier , MIDS, FIDS) and mobile devices. In-Depth Knowledge of GCC
Regulatory compliance, Process reviews, ISO 27001-2 controls. Expertise in developing and
implementing security awareness & training programs and giving recommendations regarding prevention.

ENTERPRISE SECURITY TOOLS:

 FOX-IT/ Lightware Data Diode, Palo Alto PA-500/2020/3060, Fortigate, FortiAnalyzer,
FortiWiFi, FortiAP, FortiDB, and FortiManager, Fortimail, FortiCleint, FortiMobile,FOrti
SandBox; ISP Load balancing & Bandwidth Aggregation on Fortigate, Failover on Fortigate Firewall
( Active/Standby & Active/Active), Cisco PIX /ASA Firewall & Cisco VPN Concentrator , Cisco MARS
50 , Cisco Device Security, IPSec, VPNs, AAA Model (RADIUS and TACACS), NAT and Access Lists,
IOS Firewall, DMZ setups, CBAC, DoS and common threats prevention , Failover on ASA Firewall
( Active/Standby & Active/Active),    Cisco Secure ACS Server, Cisco ezvpn, Site to Site VPN, Remote
Access VPN, Symantec Mail Security 8360 hardware appliance, QRADAR/ArcSight, NetWitness,
Encase, FTK, Nessus, eEye, McAfee ePO, McAfee HIPS (Entercept), McAfee IntruShield , McAfee
Network Security Manager system ,SNORT, Cisco ASA, Cisco Security Manager, MS TMG Forefront/
ISA Server, Checkpoint NG, Fortinet fortigate, Sonicwall, Juniper Netscreen, Backtrack, Ecora
Enterprise,    Retina, nMap, ISS Scanner, AppDetective, LANalyzer,    SAINT, kismet, GFI LanGuard,
Paros Proxy, Dsniff etc.
HIGH AVAILABILITY TOOLS:
 Fortigate, Cisco, Barracuda, Citrix, Radware, F5, VMWare, VCS, SUN Cluster, MS Cluster.
DRP/BCP/BACKUP TOOLS:

 PlateSpin Forge, Symantec VERITAS Netbackup/Backup Executive, Acronis, Doubletake.

NETWORK MONITORING & MANAGEMENT:

 HP OpenView, Cisco works, Cisco QPM, CISCO NAM, Dell Open Manage, Solarwinds, OP
Manager, GFI LAN Guard, NETPRO Change Auditor.
NETWORK MONITORING & MANAGEMENT:

 HP OpenView, Cisco works, Cisco QPM, CISCO NAM, Dell OpenManage, Solarwinds, OP Manager, GFI
LAN Guard, NETPRO Change Auditor
ANTIVIRUS:

 Macafee,    Sophos, Symantec Norton Anti Virus,    Trend Micro , AVG, Avast, Panda Software etc.
ROUTERS & SWITCHES:
 CISCO ROUTER 1800, 2600, 2800, 7200, 7600 & CISCO CATALYST      CE500, 2900, 3500, 3700, 4500,
6500 ETC
SERVERS & STORAGE SOLUTIONS:
 Dell , HP, IBM, Super Micro, SUN, Netapps
PROJECT MANAGEMENT:
 MS PROJECT 2007/2010, Oracle Primavera, MS Office 2010.

NOTABLE PROJECTS:
 Kahramaa’s ICS/SCADA Security Risk& Vulnerability Assessment& BCP/BCM:
Customer Profile: Qatar General Electricity & Water Corporation is government authority to supply and support
Electricity and Water needs of the kingdom.

Project Objective: The scope of this project is to conduct Risk &Vulnerability Assessment and Design and
deploy BCP/BCM Policy, Standard and Procedure for Kahramaa’s ICS/ SCADA System.
 My Role: Conducting Risk& Vulnerability assessment on People, Process, Tools and technology as per global
best practices and ICT Qatar/NIA , NIST and NERC    Standards& security Guidelines and Leading the team of
security Consultants in the development of ICS /SCADA Security Blueprint for conducting the Risk Assessment
/Vulnerability assessment and BCP of Kahramaa’s ICS/SCADA system.

 Aramco-Marafiq Berry Gas Plant –:

Customer Profile: Aramco & Marafiq are the Government owned companies in Kingdom of Saudi Arabia,
Aramco is one of the world’s largest OIL& Gas Company and Marafiq is Saudi Arabia largest water and
electricity Supplier covers entire Eastern State & kingdom Capital Riyadh.   

Project Objective: The scope of this project was to conduct Risk Assessment and plan, design, and deploy
complete Wired& wireless Network Infrastructure for SCADA system, Security surveillance system & Unified
Communication.

My Role: Conducted Risk assessment on People, Process, Tools and technology as per global best practices and
Marafiq Standards security Guidelines and led the team to supply and deliver long distance secured Wireless
PTP WAN infrastructure from O&M Center to Gas plant and various pumping stations.

Enterprise Architect –IT Infrastructure, Cloud & Cyber Security, QatarGas LTD,      MAR 2018 –
AUG 2021

Establishing architectural vision & roadmap –working with the architecture team, business
stakeholders, analysts and technical staff to craft a shared vision of the infrastructure future state, while
employing standards and practices to provide a secure, innovative and cost-effective environment.
Also    responsible for guiding the development of reference architectures and technology roadmaps and
helping migrate from legacy to modern technologies with an eye on reducing technical debt using solid
lifecycle management principles.

New Technology introduction: understand the needs of QG’s customers and internal business
stakeholders and guiding the evaluation of new strategic technologies and emerging standards, from an
enterprise infrastructure perspective, that fit QG’s future needs as well as establishing processes that
govern selection, prototyping and adoption of different technologies.     
Architecture Guidance & Consulting – guiding the technical, solution and system architects that are
part of the Technology & Operations organization. Providing guidance and direction to the various
development, contractor, and business groups on infrastructure and security technology standards while
ensuring that applications, infrastructure and security needs are architected for total scalability and
performance.

 Oman Oil Marketing Company Llc

Customer Profile: This is the Government owned companies in Oman responsible for marketing its OIL &
Natural GAS worldwide.
 Project Objective: The scope of this project was to conduct    audit& risk assessment and    plan, design, and
deploy complete Data centre Infrastructure Security.

My Role: Conducted audit & risk assessment , planned, designed and deployed/implemented the security
solution which also includes BCP/DRP using Trend micro, Symantec Veritas, GFI, DELL|EMC storage and
other third part solutions.

 OMAN REFINERY COMPANY LLC(ORPC).

Customer Profile: This is the Government owned companies in Oman responsible for Production &
Development of OIL & Natural GAS and other resources.

Project Objective: The scope of this project was to Audit & asses the Business process and supply, Installation,
configuration, customization, testing and deployment of Service Management System /Help Desk System.

My Role: Audited, implemented, and customized the Help Desk System which includes Altiris Help Desk
system, Windows 2003, Dell Servers and other third party solutions.

 GUJRAT GAS LTD.

Customer Profile: This is the Government owned companies in Gujrat state of India responsible for Production
& Development of OIL & Natural GAS and other resources.

Project Objective: The scope of this project was to Audit & asses the Business requirement for Data center
Hosting & Network Infrastructure.

My Role: Assessed the business requirement and provisioned most cost effective and efficient Data center
Collocation services and hosted the network Infrastructure with Managed Physical and logical security services.

 SKJ GROUP OF COMPANIES, BRUNEI DARUSSALAM (CONTRACTOR AT BRUNEI SHELL

PETROLEUM):
Customer profile:

This is one of oldest & largest Group of companies in Brunei Darussalam involved in Oil & Natural Gas, ,
Crude oil Vessels and Tanker, Shipping, Scaffolding, Construction; Furniture & Interior, Information &
Telecommunication Services.

Project Objective: The scope of the project was to conduct risk assessment and develop and deploy a smart
Business Automation infrastructure & Quality Management System.

MY Role: Auditing & Risk assessment of the current infrastructure and developing and deployment of Quality
Management System, Quality Operation Procedure, Quality System Procedure as per ISO 9000:2000, ISO
17799(BS7799), ISO 20000(BS 15000), ISO 27001 and ITIL framework.

 MAADEN ALUMINUM SMELTER, KINGDOM OF SAUDI ARABIA:

Customer profile:

Wolrds Largest Aluminum Smelter worth more than USD$20 Billion; having a 14 Kilometer of PCD      Fiber
optic network distribution for    for SCADA/ICS system.
 Project Objective: The scope of the project was to conduct risk assessment and develop and deploy a smart
secured network    infrastructure & Quality Management System.

My Role: Conducted Risk Assessment/Security Audit for Fiber & UTP network for ISO & BICSI standards
compliance and Quality Audit and certification for Network Distribution and Unified communication / IP
Telephony System and Planned, designed, architected Implemented and tested Scalable Unified Communication
system (Cisco IP Telephony Solutions) Infrastructure for 1500 Employees. Led the successful distribution,
termination and of testing around 400, 000 meter Fiber & Copper Backbone core network infrastructure for
SCADA & voice & data network.

 KENANA SUGAR COMPANY LTD, REPUBLIC OF SUDAN:

Customer profile:

Wolrds Largest Sugar production company worth more than USD$500 Million; having a 4 Kilometer of PCN     
Fiber optic network distribution for SCADA/ICS system.

Project Objective: The scope of the project was to conduct risk assessment and develop and deploy a smart
secured network    infrastructure & Quality Management System.

My Role: Conducted Risk Assessments for process, technology and people, and Planned, designed, architected
Secured Wireless WAN (Long distance Free Frequency PTP) Infrastructure and factory Site PCD Network
Infrastructure

 ROYAL COURT AFFAIRS (DEWAN, THE PALACE) SULTANATE OF OMAN

Customer Profile: This is the Ministry of Royal Kingdom of Oman which is responsible for His Majesty
Internal and Global Affairs.

Project objective: The scopes of this project was to audit and analyze the current infrastructure , capacity
planning, reengineering the data center and    propose an efficient Active Directory, File system auditing tools.

Equipments & software used: includes Multi Vendor Solutions, Netpro Change Auditor, Netpro Directory
Analyzer, Dell\EMC SAN Storage, HP and IBM Blades, Computer Associates Solutions, Citrix Solutions,
Complete Microsoft    Infrastructure software, and third party equipments & Tools.

My Role:    Conducted Security Audit ,    Planned and successfully    implemented    Enterprise Change Auditing
Tools, which gives the complete report of all the changes ( threat /Vulnerabilities) enterprise wise    and the
impact of that change to the business and recovery and resumption option to undo the unwanted and un-
expected changes driven by hackers and    internal threats.       

CAREER HISTORY:
2010 TO CURRENT-SR CONSULTANT (CYBERSECURITY, BCP & BMS) ICS PVT LTD ( EMEA
Region)
2008-2010 -SR. SOLUTION ARCHITECT (MANAGED SECURITY&IDC)    BHARTI AIRTEL
ENTERPRISE SERVICES LTD

2006 TO 2008- SR. IT CONSULTANT (NETWORK/SECURITY/BCP) MOHSIN HAIDER DARWISH

LLC, SULTANATE OF OMAN.

2000-2006 IT EXECUTIVE/IT MANAGER SKJ GROUP, BRUNEI DARUSSALAM

1996-2000 TECHNICAL SUPPORT ENGINEER TESS OVERSEAS LTD (MIDDLE EAST& AFRICA)

EDUCATION & TRAINING

 Master of Science - Information Technology.
CERTIFICATION& TRAINING

 Certified Information System Security Manager(CISM)

 Certified Ethical Hacker(CEH)v8                 
 Certified Computer Hacking Forensic Investigator (CHFI)v8
 Certified Information System Auditor (CISA)
 Unix/ Linux System Administration
 Sun Solaris System Administration (I & II)
 High Availability Management (MS, VERITAS & SUN Clustering)
 Certified Information S system Security Professional (CISSP) Trained.
 Information Technology Infrastructure Library (ITIL) v3.
 Microsoft Certified System Engineer (MCSE 2000)
 Cisco Certified internetwork Expert (CCIE Voice)
 Cisco Certified Network Professional (CCNP)
 Cisco Certified Network Associate (CCNA)
 ISO 9000:2000 Certified Internal Auditor
 Recovery Management (VERITAS & Acronis)
 Project Management Professional (PMP).
 Advanced training in Information Security Management System (ISMS) (ISO 17799 -
BS7799 - ISO 27001)
 Advanced training in Total Quality Management