Name: Abdul Mohammed#: +1 (779) 706 – 1238 Email:

[email protected]
LinkedIn: https://www.linkedin.com/in/abdul-mohammed-818454196/

CAREER HIGHLIGHTS
Senior Network Security Architect leveraging extensive experience in digital infrastructure
development and cybersecurity to create systems and strategies that ensure data safety while
defending against malware attacks and outages. Efficient professional with a detail-oriented work ethic
consistently collaborating cross-functionally to troubleshoot issues, solve problems, and devise
innovative process improvements that result in minimal downtime and higher efficiency. Leading a
team in performing risk analysis, and threat hunting and deploying prevention measures against
potential attacks. Loyal team players utilize broad knowledge base to train and coach fellow colleagues
on best practices for cybersecurity, disseminating essential information that promotes safety
throughout organizations.

AREA OF EXPERTISE
RESULTS-DRIVEN CYBERSECURITY AND NETWORK SECURITY PROFESSIONAL WITH EXTENSIVE EXPERIENCE IN FIREWALL
ADMINISTRATION, NETWORK SECURITY, AND INFRASTRUCTURE PROTECTION. EXPERTISE IN MANAGING MULTI-CONTEXT
FIREWALLS (CHECKPOINT, PALO ALTO, CISCO ASA, AND FORTINET) FOR URL FILTERING, DLP, HTTPS
INSPECTION, IPS, ANTI-SPAM, AND ANTI-MALWARE. SKILLED IN FIREWALL CLUSTERING, UPGRADING,
MIGRATION, AND TROUBLESHOOTING, ENSURING ROBUST ENTERPRISE SECURITY.

EXPERTISE IN WEB APPLICATION FIREWALLS (WAF), INCLUDING F5 (LTM, AWAF, ASM) AND AKAMAI
(PROPERTY MANAGER, CDN, WEB SECURITY POLICIES, SITE SHIELD) TO SECURE WEB-FACING APPLICATIONS.
SUCCESSFULLY DESIGNED, DEPLOYED, AND MANAGED ON-PREM (F5) AND CLOUD-BASED (AKAMAI) WAF
SOLUTIONS TO PROTECT CRITICAL BUSINESS SERVICES

EXPERTISE IN AKAMAI GTM CONFIGURATIONS, INCLUDING LOAD BALANCING, FAILOVER, SITE TRAFFIC ROUTING,
AND PERFORMANCE OPTIMIZATION TO ENHANCE GLOBAL WEB ACCESSIBILITY. SKILLED IN AKAMAI WEB APPLICATION
FIREWALL (WAF) MANAGEMENT, IMPLEMENTING PROPERTY MANAGER CONFIGURATIONS, WEB SECURITY
POLICIES, SITE SHIELD, AND CDN OPTIMIZATIONS TO SAFEGUARD WEB-FACING APPLICATIONS.
PROFICIENT IN CACHE MANAGEMENT STRATEGIES, INCLUDING PURGING MECHANISMS TO ENSURE REAL-TIME CONTENT
UPDATES AND WHITELISTING INTEGRATIONS FOR SECURE AND EFFICIENT CONTENT DELIVERY. EXPERIENCE IN
INTEGRATING AKAMAI SECURITY SOLUTIONS WITH THIRD-PARTY PLATFORMS, AUTOMATING DEPLOYMENTS, AND
MAINTAINING COMPLIANCE WITH ENTERPRISE SECURITY POLICIES.

STRONG BACKGROUND IN ENDPOINT SECURITY, WITH PROVEN EXPERIENCE IN BUILDING SECURITY BASELINES AND
POLICIES FOR EDR SOLUTIONS USING MICROSOFT 365 ATP. EXPERIENCED IN VMWARE SECURITY
ADMINISTRATION AND CYBER THREAT MANAGEMENT TO SAFEGUARD ENTERPRISE ENVIRONMENTS. DEMONSTRATED
EXPERTISE IN ROUTING, SWITCHING, AND NETWORK SECURITY, ENSURING OPTIMAL PERFORMANCE AND RESILIENCE.

A HIGHLY MOTIVATED, RESULTS-ORIENTED PROFESSIONAL WITH A PROVEN ABILITY TO COLLABORATE WITH CROSS-
FUNCTIONAL TEAMS, PROVIDE SECURITY CONSULTATION FOR PRODUCT DEVELOPMENT, AND DOCUMENT INDUSTRY
BEST PRACTICES. ADEPT AT DESIGNING AND IMPLEMENTING NETWORK SECURITY FRAMEWORKS WHILE CONTINUOUSLY
IMPROVING SECURITY POSTURES TO MITIGATE EVOLVING CYBER THREATS.

 Security Architecture
 Risk Mitigation
 Advanced Troubleshooting
 Disaster Recovery
 Solutions Delivery
 Network Architecture
 End-User Support
 Cybersecurity

TOOL
Firewall: Checkpoint, Palo Alto,
WAF: Akamai, Cloudflare and F5 AWAF
Authentication: RSA Secure ID, OKTA, DUO
Loadbalancer: F5 load balancer BigIP LTM + ASM + AWAF and BIGIQ
Networkdevices: Cisco Routers & Switches & Extreme Routers & Switches
Antivirus- Trend Micro, Crowdstrike and M365 Defender ATP
EndpointWebSecurity: Forcepoint, Checkpoint Harmony and M365 Defender
IncidentResponse&Protection: CBR and Defender EDR
IdentityManagement: CyberArk PIM, M365, Azure IAM
EventLogAnalyzertools: Arc Sight SIEM and Sentinel.
Vulnerabilityscanning: Qualys Guard, Nessus and Tripwire
TicketingTools: Service Desk & Service Now
MonitoringTools: Solarwinds, OPManager
EndpointEmailSecurity: M365 Exchange Admin, Proofpoint, Cisco Email Security, Symantec &Fire
eye ETP
IPS&IDS: Trend Micro, Palo Alto, Checkpoint
Routing: OSPF, BGP (eBGP & iBGP), EIGRP, RIP v2, Route Summarization, Redistribution, Static
Routing and Dynamic Routing, Subnetting, IPv4 & IPv6.
Switching: VLANs, 802.Dot1Q, VTP, STP, RSTP, PVST+, MST and VLAN Maps.
Protocols: TCP/IP, UDP, LAN/WAN, DHCP, DNS, FTP, TFTP, ICMP, SNMP, ARP, SIP, HSRP.
Technologies: GRE, ACL, DHCP, DNS, Route map, HSRP, Ether-Channel, Tunnel.
Security: ACL, NAT, VPN, SSH, SSL, GRE Tunneling, ASA, VLANs, Firewall Rules & Policies.
LAN/WAN Technology: Ethernet, Frame relay, DSL, ISDN, MPLS.
Tools: GNS3, Wireshark, Packet Tracer, PUTTY, MS Visio and SolarWinds Orion, Spectrum, Net scout
WiFi Analyzer Pro.
Operating System: Windows XP/7/8/10, Linux, Server 2012/16/19/22, Cisco IOS, Ubuntu, CentOS

EDUCATION
 Bachelor of Engineering (CSE)from Osmania University 2014.
 Master’s in Business Administration from Concordia University 2017.

Current Project: Network Security Architect- Elevance Health INC – (Remote) Dec 2020 – Till
Date
Current location: California/Texas

Responsibilities:

Firewall & Network Security Architect

 Designed and led the enterprise firewall architecture, integrating Palo Alto, Checkpoint,
and Prisma Cloud across hybrid cloud and on-prem environments, ensuring scalability,
performance, and compliance.
 Developed security frameworks and architectural patterns for network segmentation,
traffic flow controls, and zero trust network access (ZTNA), aligning with organizational
security strategy.
 Directed firewall migration strategy, including Palo Alto hardware refresh (3430 to
5430) and Checkpoint version upgrades (R77.30 to R81.20), ensuring future-proof
infrastructure with minimal operational disruption.
 Led end-to-end cyber security due diligence for multi-million dollar M&A deals, identifying
and mitigating high-risk vulnerabilities prior to acquisition.
 Develop automation scripts and tools using Python and Golang for configuring routers,
switches, and firewalls
 Design, configure, and maintain WAN/LAN infrastructure using protocols such as OSPF, BGP,
and MPLS.
 Administer Cisco ACI fabric for data center networking and automation.
 Manage enterprise wireless networks through Cisco Wireless LAN Controllers (WLC).
 Configure and manage SD-WAN solutions for hybrid and distributed network environments.
 Established governance processes for firewall rule lifecycle management, introducing
risk-based rule reviews and automated policy validation, enhancing security posture and
audit readiness.
 Architected and deployed high availability (HA) firewall clusters and ISP redundancy
solutions, ensuring carrier-grade resilience and zero downtime for critical services.
 Led architectural reviews for VPN connectivity, designing IPSEC site-to-site solutions that
replaced costly MPLS links, saving over $1M while maintaining secure third-party access.
 Championed application-aware security policies, integrating identity-based access
controls, URL filtering, and advanced threat prevention into firewall rulesets, aligning
 security with business intent.
 Provided strategic guidance on firewall zone design, micro-segmentation, and secure
traffic flows, balancing security requirements with operational efficiency.
 Collaborated with cloud architects to design Palo Alto VM-Series deployments in
AWS/Azure, ensuring consistent security controls across hybrid environments.
 Drove firewall troubleshooting and root cause analysis frameworks, mentoring
engineering teams to improve incident resolution times and knowledge transfer.
 Advised leadership on emerging firewall capabilities, including TLS inspection, machine
learning-based threat prevention, and AI-powered policy recommendations.

Email Security Architect

 Designed and governed the global email security architecture, securing over 100,000
daily emails for 10,000+ users across global offices, balancing security with seamless user
experience.
 Defined email security strategy, integrating Cisco ESA, DMARC, DKIM, SPF, and
advanced threat defense to mitigate phishing, spoofing, and malware delivery, achieving
85% reduction in incidents.
 Led the email security transformation program, migrating from legacy solutions to Cisco
ESA, ensuring architectural fit, zero downtime, and enhanced policy automation.
 Developed global email security governance framework, including policy management,
exception handling, and compliance alignment (GDPR, HIPAA, PCI-DSS), improving
audit readiness.
 Established architectural patterns for inbound and outbound filtering, content
inspection, and threat intelligence integration, reducing false positives by 40% while
maintaining strong security controls.
 Partnered with SOC teams to design email threat hunting processes, leveraging Cisco
ESA AMP, URL filtering, and custom correlation rules in SIEM, improving detection and
response times by 50%.
 Provided executive-level advisory on email security risks, trends, and controls,
influencing broader cybersecurity strategy and business continuity planning.
Redesigned Network Architecture and Segmentation
 Led the redesign of network architecture, implementing VLAN segmentation to improve
security, traffic isolation, and performance.
 Configured firewalls and routing policies to enforce network segmentation and prevent
lateral movement of threats.
 Integrated next-generation firewalls (NGFW) and access control policies to enhance
network security posture.
 Mitigated inherited cyber risks, including outdated infrastructure, insecure remote access,
and non-compliant data handling practices across acquired entities.
 Collaborated with cross-functional teams to analyze and optimize traffic flow, ensuring
high availability and minimal downtime
Deploying Akamai for 500 Sites
 Led the end-to-end deployment of Akamai for 500+ sites, ensuring optimized
performance, security, and high availability.
 Configured Akamai GTM (Global Traffic Manager) for load balancing, failover, and
global DNS-based traffic management.
 Managed Akamai WAF (Web Application Firewall) implementations, configuring Property
Manager, Site Shield, Web Security Policies, and CDN optimizations.
 Implemented purging strategies and whitelisting integrations for efficient content
delivery and security compliance.
 Collaborated with development and security teams to fine-tune caching, authentication,
and access control policies.
Remote Access VPN for GlobalProtect
 Designed and deployed GlobalProtect Remote Access VPN, enabling secure and seamless
connectivity for remote users worldwide.
 Integrated Multi-Factor Authentication (MFA) and Active Directory authentication to
enhance user security.
 Configured split tunneling, client profiles, and security policies to optimize VPN
performance and enforce corporate compliance.
  Troubleshot and resolved VPN connectivity issues, performance bottlenecks, and user
authentication failures.
Migrated from Trend Micro Apex One to CrowdStrike (EDR Project)
 Successfully migrated the enterprise endpoint security solution from Trend Micro Apex
One to CrowdStrike Falcon.
 Deployed CrowdStrike EDR agents across multiple environments, ensuring real-time threat
detection and response.
 Created security baselines and response policies to enhance endpoint protection against
malware, ransomware, and advanced persistent threats (APTs).
 Monitored and fine-tuned CrowdStrike detections, response workflows, and threat
intelligence integrations to improve security posture.

Previous Project: Sr Network security Engineer- Capital Group - Los Angeles, California Dec 2019 – Dec
2020
Responsibilities:
Migrated from F5 to Cloudflare for 60 Sites
 Led the migration of 60 sites from F5 to Cloudflare, ensuring minimal downtime and
secure traffic redirection.
 Configured Cloudflare WAF, DDoS protection, and CDN services to enhance security and
improve site performance.
 Configure and maintain firewall security using Cisco ASA/Firepower, Palo Alto, and
Checkpoint.
 Managed DNS cutover and traffic routing strategies, ensuring a smooth transition with
zero impact on end-users.
 Optimized Cloudflare rules, rate limiting, and bot mitigation policies to protect against
web-based threats.
 Experience in setting up and configuring Cloudflare Spectrum to protect TCP and UDP
applications from DDoSattacks, ensuring high availability and reliability.
Cybersecurity & Endpoint Security
 Designed and governed endpoint security strategy across M365 ATP, Azure ATP, and
Defender for Endpoint, ensuring comprehensive detection and response for over X,000
endpoints across the enterprise.
 Developed and enforced M365 security baselines through Endpoint Manager,
enhancing endpoint hardening and reducing endpoint compromise risk by Y%.
 Automated vulnerability detection and reporting workflows by integrating M365 EDR
telemetry with custom PowerShell scripts, reducing vulnerability identification time by
50%.
 Optimized Secure Score across M365 and Azure, achieving continuous improvement by
implementing ASR rules, strengthening AV/Firewall policies, and deploying advanced
endpoint detection.
 Architected role-based access controls (RBAC) to restrict access to critical systems
and networks, aligning VLAN segmentation and firewall policies with identity
governance principles.
 Collaborated cross-functionally with M&A, legal, IT, and compliance teams, ensuring
cybersecurity was embedded in every phase of the deal lifecycle.
 Led critical endpoint protection initiatives across workstations, laptops, ATMs,
servers, and mainframes, ensuring consistent security controls across all platforms.
 Designed and maintained Carbon Black App Control policies, securing application
execution by controlling DLLs, EXEs, USB access, and other high-risk components.
 Integrated SOC visibility by onboarding endpoint telemetry into a Managed Risk platform,
improving threat correlation and reducing dwell time.
VPN Deployment & Security Integration
 Deployed and troubleshot VPN solutions (Site-to-Site, Remote IPSEC, and Cisco
AnyConnect) on a near-daily basis, ensuring secure remote access and inter-site
connectivity.
 Integrated Cisco AnyConnect VPN with LDAP and RADIUS for AAA authentication,
implementing one-time passwords (OTP) and session timeout policies.
 Configured SSL certificates (self-signed and CA-issued) to enhance VPN security and
encryption.
 Worked extensively with Cisco AnyConnect versions 2.x, 3.x, and 4.x, ensuring
compatibility with diverse enterprise environments.
  Configured VPN tunnels using CLI for Cisco firewalls and GUI-based setups for other
vendor-specific firewalls.
Implementing Squid Proxy
 Deployed and configured Squid Proxy to enhance web filtering, caching, and security for
internal users.
 Implemented custom ACLs (Access Control Lists) to regulate internet access, block
malicious sites, and enforce corporate policies.
 Optimized proxy caching strategies to reduce bandwidth consumption and improve
browsing speed.
 Integrated SSL/TLS inspection for enhanced visibility into encrypted traffic without
compromising security.
Firewalls Migration from Check Point to Palo Alto
 Planned and executed the migration from Check Point to Palo Alto firewalls, ensuring
seamless traffic transition and policy enforcement.
 Conducted policy translation and optimization, eliminating redundant rules and improving
firewall efficiency.
 Design, implement, and manage Azure network infrastructure (e.g., VNETs, NSGs,
ExpressRoute).
 Support cloud network and security configurations across Azure and other cloud platforms if
required.
 Deployed Palo Alto security features such as App-ID, User-ID, Threat Prevention, and
WildFire to enhance threat detection and response.
 Developed and executed test plans to validate firewall rules, VPN configurations, and failover
mechanisms

Previous Project: Sr Network Engineer–Autoliv (Remote) Aug 2017 – Dec 2019

Responsibilities:
Networking and Troubleshooting
 Configured and troubleshot Cisco routers and switches, gaining hands-on experience
with routing protocols such as BGP, OSPF, EIGRP, IGRP, and RIP, ensuring reliable
network connectivity across multiple sites.
 Assisted in managing Checkpoint Firewalls, creating and modifying access rules to
enable secure connectivity between internal servers and external vendor networks,
supporting seamless third-party integration.
 Implement monitoring tools using Golang or Python to track network performance, latency,
bandwidth usage, and uptime.
 Plan, implement, and configure Ivanti Endpoint Protection across the enterprise.
 Performed cybersecurity due diligence during Mergers, Acquisitions, and Divestitures
(MAD) activities to assess the security posture of target organizations.
 Configured and analyzed NAT (Network Address Translation) rules and Access Control
Lists (ACL), troubleshooting traffic flows to resolve connectivity issues and improve network
visibility.
 Supported network infrastructure planning and deployment, contributing to LAN
design, router/switch configuration, and firewall setup for remote and branch offices.
 Built small office networks from the ground up, installing and configuring routers,
switches, and firewalls, ensuring proper segmentation, performance, and security.
 Provided hands-on Layer 2 troubleshooting, diagnosing issues with HSRP, VLANs, VTP,
STP, RSTP, VRRP, and trunking, ensuring optimal traffic flow and redundancy across the
network.
 Provided daily technical support to over 1,500 users across multiple sites, working
closely with the Network Security Administrator to resolve network connectivity and
security incidents.
 Configured and deployed workstations (Dell, IBM, HP, Mac) for new and existing
employees, including executives and key stakeholders, ensuring devices met corporate
security baselines.
 Assisted in office migrations, helping install and configure servers and ensuring all
systems were properly integrated into the corporate network.
 Conducted threat landscape analysis specific to MAD entities, evaluating inherited risks and
exposures.
 Performed network-wide virus scans using McAfee antivirus software, identifying and
containing infected devices to prevent widespread outbreaks.
  Provided weekend support for scheduled system shutdowns, participating in backup
and recovery testing to validate disaster recovery plans and minimize data loss during
power outages.
Vulnerability & Risk Management
 Established enterprise vulnerability management program, integrating Nessus and
Qualys scanners into centralized dashboards, enabling executive-level risk visibility and
automated ticket creation for patch tracking.
 Developed and maintained weekly patch governance process, providing remediation
guidance to system owners based on CVSS severity, asset criticality, and exploitability
context.
 Collaborated with external partners like Mandiant for quarterly threat and vulnerability
reviews, enhancing proactive threat modeling and attack surface reduction strategies.
 Operationalized Bugcrowd penetration testing program, acting as primary liaison to
security researchers, validating findings, and processing bounty payouts—accelerating time-
to-remediation for external vulnerabilities.
 Led the end-to-end deployment and configuration of Ivanti Endpoint Protection across the
enterprise environment, ensuring robust endpoint coverage and alignment with organizational
security requirements.
 Championed external security posture improvements using Bitsight, improving
organizational security rating by proactively addressing public-facing vulnerabilities and
misconfigurations.
 Facilitated PCI compliance scans with Qualys, ensuring external-facing assets meet regulatory
requirements and maintaining an "Attestation of Compliance" record for auditors.
 Coordinated cross-functional incident response drills, enhancing IR readiness and
ensuring smooth communication across IT, SOC, and executive teams during real-world
security events.
 Regularly assessed emerging threats and developed proactive mitigation plans,
ensuring business continuity and minimizing risk exposure to evolving attack techniques.

Previous Project: Network Security Analyst -Smart Service Desk (Telangana,India) April 2014 –
Dec 2015
Responsibilities:

Network Consulting & Customer Support

 Provided network consulting, design, implementation, monitoring, and
troubleshooting services to a diverse range of organizations, from small businesses to
enterprise-level clients.
 Configured network devices based on customer requirements, delivering optimized
solutions and recommending improvements for enhanced network efficiency and security.
 Delivered on-site and remote support, assisting customers with network installations,
maintenance, and troubleshooting.
 Supported incident response readiness and threat monitoring during MAD phases, especially
post-acquisition.
 Managed customer contracts that required periodic network and firmware upgrades,
including voice and wireless projects.
 Provided after-hours and on-call support, ensuring business continuity and minimal
downtime for customers.
Routing, Switching & LAN/WAN Infrastructure
Maintained LAN/WAN connectivity, ensuring optimal network performance and
reliability.
 Configured Cisco Catalyst switches with VLAN Management, Spanning Tree Protocol
(STP), and Inter-VLAN Routing.
 Installed and configured VLANs, trunking, VTP, and RSTP on Cisco switches, including
2960, 3560, 3650, 3750, 3850, 4500, and 6500 series.
 Implemented Port Security, SPAN (Switch Port Analyzer), and Privilege Level
Assignments for secure and efficient switch operations.
 Supported network upgrades, coordinating with manufacturers and suppliers for new
 software and hardware elements.
 Installed and upgraded Cisco IOS on routers, switches, and ASA firewalls using TFTP
servers.
Firewall & Security Administration
 Upgraded firmware on Palo Alto, Check Point, and SonicWall firewalls using GUI-based
management tools.
 Configured VPN tunnels across multiple firewall vendors, ensuring secure and encrypted
site-to-site connectivity.
 Conducted security policy implementations, rule tuning, and firewall performance
optimizations for enhanced network security.
Lab Testing & System Validation
 Conducted bench testing in a lab environment, rigorously validating network gear
configurations before deployment.
 Performed network stress testing, failover validation, and security assessments to
ensure configurations met enterprise standards.
Load Balancers & Network Performance Optimization
 Hands-on experience with Citrix NetScaler and F5 Load Balancers, ensuring high
availability and optimized application delivery.
 Worked with F5 load balancers across various network environments, configuring traffic
management, health checks, and SSL offloading.