Jul 2025 – Present · 10 mos

Jan 2025 – Present · 1 yr 4 mos

• I’m actively hunting for a role in AI, Data, Infrastructure, Cloud, Network or Cyber Security right now, and I’ve got around 16 yrs of hands-on work across AWS, GCP security, data security, plus some data science and AI security stuff mixed in. I’m pretty confident that background would be useful for your team. Only thing is, I’ll need visa sponsorship for 6 months, and I’ll be eligible for SC clearance from Nov 2026.

Aug 2023 – Dec 2024 · 1 yr 4 mos · Bristol, England, United Kingdom · Hybrid

• 1. Situation:
• As a Data Security Lead at Just Eat, I was responsible for strengthening the organization’s data security practices and deploying innovative solutions to secure sensitive information. This included addressing complex challenges in data infrastructure security for SaaS and IaaS environments and designing device trust mechanisms.
• 2. Tasks:
• Deploy and operationalize Data at Rest DSPM (Data Security Posture Management) solutions (Cyera) to improve the organization’s data security posture.
• Design a Kolide device trust framework to enforce secure access policies and ensure compliance across user devices.
• Enhance Google Workspace DLP (Data Loss Prevention) solutions to safeguard data integrity and reduce risks of data exfiltration.
• Monitor DSPM alerts and respond to potential vulnerabilities in real-time.
• 3. Actions:
• Led the end-to-end deployment of DSPM solutions, working closely with stakeholders to tailor configurations to organizational needs and achieve optimal performance.
• Designed the Kolide device trust solution to verify the health and security compliance of employee devices, ensuring secure access to critical systems.
• Performed extensive fine-tuning and troubleshooting of DSPM systems, reducing false positives and improving alert accuracy.
• Designed and enhanced Google Workspace DLP solutions, integrating advanced security controls to strengthen data protection while maintaining seamless user workflows.
• 4. Results:
• Improved the organization’s data security posture, mitigating critical vulnerabilities and reinforcing trust in SaaS and IaaS models.
• Reduced data loss risks through robust Google Workspace DLP solutions, ensuring effective safeguarding of sensitive information.
• Enhanced operational efficiency by optimizing DSPM alert handling, improving response times and incident resolution rates.
• Delivered comprehensive security solutions, ensuring compliance with regulatory standards

Nov 2021 – Aug 2023 · 1 yr 9 mos · London, England, United Kingdom · Hybrid

• 1. Situation:
• As part of a project focusing on enhancing cloud security, I was tasked with evaluating and improving the security posture of Google Cloud Platform (GCP) deployments. The existing architecture required updates to align with client security standards and address specific risks in advanced technologies like Vertex AI, Apigee, and BigQuery.
• 2. Tasks:
• Create threat models for key GCP services like Vertex AI Metadata and Apigee to identify potential risks.
• Develop security designs for BigQuery Column Level Security and configure Okta Access Gateway to strengthen identity management.
• Perform a detailed assessment of the existing GCP security deployment, identifying vulnerabilities and gaps.
• Design and deploy advanced security solutions, including data encryption for data at rest, and implement a Cloud DLP solution for second-layer encryption.
• 3. Actions:
• Developed comprehensive threat models for GCP services, identifying vulnerabilities and proposing actionable mitigations.
• Created security designs to ensure robust encryption protocols for data at rest, implementing a Cloud DLP solution to introduce a second layer of encryption.
• Designed BigQuery Column Level Security to enable fine-grained access controls for sensitive data.
• Configured Okta Access Gateway to enhance authentication and access controls for secure application access.
• 4. Results:
• Minimized risks in GCP services by creating and deploying effective threat models, improving operational security.
• Successfully designed a Cloud DLP solution, achieving enhanced encryption capabilities that met compliance requirements.
• Enabled fine-grained data access control for sensitive datasets in BigQuery, significantly reducing data exposure risks.
• Strengthened identity and access management through Okta Access Gateway, ensuring secure and streamlined application access.

Nov 2018 – Nov 2021 · 3 yrs · London Area, United Kingdom · On-site

• 1. Situation:
• In a multi-cloud environment (GCP, AWS, Azure), I was tasked with remediating inconsistent security configurations, over-permissive access, and weak policy enforcement—critical risks in regulated sectors like finance and telecom.
• 2. Task:
• Design and deploy a multi-cloud security architecture to automate controls, enforce Zero Trust, and ensure compliance. This included:
• Automating baselines with Terraform, Ansible, and Python
• Securing networks via Palo Alto, Imperva WAF, ZScaler (ZIA/ZPA)
• Enhancing Azure data protection using Microsoft Purview, MIP, DLP, and Key Vault
• 3. Actions:
• ✅ IaC for Multi-Cloud Security:
• Deployed Terraform for GCP (IAM, IAP, Cloud Armor), AWS (WAF, IAM, KMS), and Azure (Defender, Policy, NSG, Key Vault)
• Automated Palo Alto Firewall and Panorama configs on Azure via Ansible
• ✅ Azure Data Security:
• Led Microsoft Purview deployment to classify/label data across Azure & M365
• Implemented MIP sensitivity labels with Azure RMS for encryption-in-use
• Configured Azure Key Vault with BYOK/CMK across subscriptions
• Built DLP policies for Exchange, SharePoint, and Teams
• ✅ Security Automation:
• Automated removal of 600+ non-compliant AWS SGs via Python & GitHub Actions
• Deployed ZScaler ZIA/ZPA with Source IP Anchoring for policy-based access
• 4. Results:
• 🛡️ Strengthened multi-cloud security posture through automation
• ⚙️ Reduced manual errors, enforced consistent policies across clouds
• 🔐 Achieved Azure compliance with GDPR, ISO 27001
• 🚫 Removed 600+ risky AWS SGs, minimizing attack surface
• 🌐 Optimized Zero Trust access with ZScaler and Microsoft controls

Dec 2016 – Nov 2018 · 1 yr 11 mos

• 1. Situation:
• As part of a critical network security operations role, I was responsible for configuring and maintaining multiple security technologies, including firewalls, proxies, and NAC devices, to ensure the organization’s network was secure, resilient, and compliant with standards.
• 2. Tasks:
• Configure and manage Palo Alto Firewalls (PA-500/PA-3020) through Panorama, including OS upgrades, rule adjustments, CLI troubleshooting, and log analysis.
• Monitor and manage Blue Coat Proxies through Symantec Manager, implementing URL filtering and pac file changes as needed.
• Serve as a Subject Matter Expert (SME) for Forescout NAC devices, conducting knowledge transfer sessions.
• Configure and manage Web Application Firewall (WAF) solutions such as Brocade WAF to protect web applications.
• 3. Actions:
• Performed regular configuration updates and OS upgrades for Palo Alto Firewalls, ensuring alignment with evolving security policies and organizational needs.
• Optimized URL filtering policies and pac file configurations on Blue Coat Proxies to enhance access control and user experience.
• Delivered structured training sessions as an SME for Forescout NAC devices, enabling team members to effectively manage and maintain the platform.
• Configured and deployed Brocade WAF solutions to safeguard web applications against threats such as SQL injection and cross-site scripting.
• 4. Results:
• Improved firewall performance and reduced downtime by ensuring timely upgrades and configuration adjustments for Palo Alto firewalls.
• Strengthened network security and compliance by optimizing filtering policies and logs analysis across Blue Coat Proxies and Fortigate devices.
• Enhanced team capability through effective knowledge transfers for Forescout NAC, fostering operational independence and improved device management.
• Increased application security by deploying and configuring Brocade WAF, minimizing the risk of web-based attacks.

Aug 2014 – Dec 2016 · 2 yrs 4 mos

• 1. Situation:
• In a fast-paced network environment, I was tasked with maintaining the security and performance of Fortigate firewalls. Regular updates, policy adjustments, and thorough log analysis were required to address emerging threats and ensure seamless network operations.
• 2. Task:
• Upgrade firmware for Fortigate firewalls to ensure they were up-to-date with the latest security patches and features.
• Perform policy changes through Forti-Manager to align with organizational security requirements and improve access control.
• Conduct log analysis using Forti-Analyzer to monitor network activity, detect anomalies, and respond to potential security incidents.
• 3. Actions:
• Scheduled and executed firmware upgrades during maintenance windows to minimize disruption, following strict upgrade protocols to ensure smooth transitions.
• Reviewed and refined firewall policies using Forti-Manager, collaborating with stakeholders to identify and implement rule changes based on security needs.
• Analyzed logs in Forti-Analyzer, identifying unusual activity or potential threats, and initiated appropriate mitigation measures.
• 4. Results:
• Ensured optimal firewall performance and strengthened security posture by keeping firmware up-to-date with the latest patches.
• Reduced unauthorized access and improved network segmentation through effective policy changes.
• Enhanced threat detection and response capabilities by identifying and mitigating risks through comprehensive log analysis, reducing the likelihood of security incidents.

Dec 2013 – Aug 2014 · 8 mos · Pune Area, India

• 1. Situation:
• I was responsible for securing enterprise networks and ensuring seamless connectivity across multiple sites while managing various firewall and wireless technologies. This required expertise in configuring, deploying, and managing VPNs, firewalls, and wireless access points to meet organizational and security objectives.
• 2. Tasks:
• Build and configure Site-to-Site VPN tunnels on Netscreen firewalls using Network Security Manager (NSM) to enable secure inter-site communication.
• Configure policies on McAfee Sidewinder firewalls using McAfee Control Manager (MCM) to enforce access control and protect network resources.
• Manage Palo Alto Firewalls through Panorama, implementing configuration changes and optimizing security settings.
• 3. Actions:
• Designed and implemented secure Site-to-Site VPN configurations on Netscreen firewalls, ensuring encryption and secure communication between locations.
• Reviewed, updated, and optimized firewall policies on McAfee Sidewinder to meet security compliance and operational requirements.
• Configured and maintained Palo Alto Firewalls through Panorama, streamlining management and ensuring consistent policy enforcement across devices.
• 4. Results:
• Established secure and reliable inter-site connectivity by successfully implementing Site-to-Site VPN tunnels, reducing latency and ensuring data confidentiality.
• Enhanced network security by optimizing firewall policies on McAfee Sidewinder, reducing unauthorized access and strengthening compliance.
• Improved operational efficiency through centralized management of Palo Alto Firewalls via Panorama, ensuring consistent configurations and quick troubleshooting.

May 2013 – Dec 2013 · 7 mos

• 1. Situation:
• I was tasked with deploying and managing firewall and VPN solutions to enhance network security and ensure secure communication between remote sites and users. The environment included Cisco ASA, Checkpoint R65 firewalls, and Cisco Routers, requiring comprehensive configuration and troubleshooting expertise.
• 2. Tasks:
• Perform new firewall installations and configurations, ensuring alignment with organizational security policies.
• Build secure Site-to-Site VPN tunnels on Cisco ASA and Checkpoint R65 firewalls to enable encrypted communication between offices.
• Configure Remote Access VPN on Cisco ASA devices and Dynamic Multipoint VPN (DMVPN) on Cisco Routers to support remote user connectivity and scalability.
• 3. Actions:
• Deployed and configured new firewalls, including policy creation, network address translation (NAT), and access control rules, ensuring seamless integration with existing infrastructure.
• Set up Site-to-Site VPNs on Cisco ASA and Checkpoint R65 firewalls, ensuring proper encryption protocols and reliable connectivity between locations.
• Conducted thorough troubleshooting for firewall and VPN configurations, resolving connectivity issues and optimizing performance.
• 4. Results:
• Successfully deployed and configured new firewalls, strengthening the network’s security posture and minimizing downtime during installations.
• Established secure and reliable Site-to-Site VPN tunnels, ensuring efficient communication between geographically dispersed offices.
• Enhanced remote user productivity by implementing robust Remote Access VPN solutions with seamless connectivity.
• Achieved a scalable and cost-effective VPN architecture by deploying DMVPN on Cisco Routers, enabling secure and dynamic communication for remote sites.
• Improved network reliability and security through proactive troubleshooting and optimization of firewall and VPN configurations.

Apr 2011 – May 2013 · 2 yrs 1 mo

• 1. Situation:
• I was tasked with managing and securing the organization's communications and network infrastructure, including configuring and securing IP phones, wireless access points, and performing security assessments. The goal was to improve communication systems, enhance wireless security, and ensure network resilience.
• 2. Tasks:
• Configure and implement Avaya IP phones for seamless communication across the organization.
• Configure Cisco Access Points to ensure robust wireless coverage and mitigate potential security risks using Wireless IPS.
• Conduct Business Continuity Planning (BCP) testing, perform vulnerability assessments of firewalls, and reconcile firewall rules to enhance security and ensure business continuity.
• 3. Actions:
• Configured Avaya IP phones and integrated them into the existing telecommunication infrastructure, ensuring proper functionality and security.
• Set up Cisco Access Points, ensuring they provided optimal wireless coverage. Implemented Wireless IPS to monitor and mitigate wireless security threats such as rogue access points and unauthorized devices.
• Performed regular BCP testing, simulating disaster recovery scenarios to ensure systems remained operational in case of disruptions. Conducted vulnerability assessments on firewalls and analyzed firewall rules, identifying weaknesses and ensuring they met security standards.
• 4. Results:
• Successfully implemented Avaya IP phones across the organization, improving internal communication and streamlining operations.
• Strengthened wireless security by configuring Cisco Access Points and mitigating risks using Wireless IPS, ensuring safe wireless connectivity.
• Enhanced business continuity by performing BCP testing, ensuring readiness in case of a disaster. Improved the security posture of the organization by conducting vulnerability assessments and reconciling firewall rules, preventing potential security breaches.

Jan 2010 – Apr 2011 · 1 yr 3 mos

• 1. Situation:
• As part of my role in network and security management, I was tasked with configuring and monitoring multiple network tools, firewalls, and network resources to ensure optimal performance and security. This included working with a Juniper SSG 550 firewall, What’s Up Gold NMS, and troubleshooting network issues related to mobile networks.
• 2. Tasks:
• Configure Juniper SSG 550 firewall to secure network traffic and ensure proper access control.
• Set up and configure the What’s Up Gold Network Management System (NMS) tool for comprehensive network monitoring.
• Conduct regular security audits to identify vulnerabilities and ensure network security compliance.
• 3. Actions:
• Configured Juniper SSG 550 firewall, including setting up firewall rules, NAT policies, and VPNs to secure network traffic and manage access efficiently.
• Installed and configured What’s Up Gold NMS tool to monitor the network infrastructure, setting up alerts and visual dashboards for proactive network management.
• Conducted comprehensive security audits of the network, reviewing firewall configurations, access logs, and system vulnerabilities, then reporting findings to management for remediation.
• 4. Results:
• Successfully secured network traffic with the Juniper SSG 550 firewall, ensuring better protection against external threats and unauthorized access.
• Improved network visibility and management by configuring What’s Up Gold NMS, allowing for early detection of issues and reducing downtime.
• Enhanced network security by identifying vulnerabilities during security audits, leading to timely remediation and improved overall security posture.

Jan 2005 – Jun 2005 · 5 mos · Mumbai Area, India

• 1. Situation:
• I worked as a network engineer for an Internet Service Provider (ISP), where I was responsible for ensuring the reliability, security, and performance of customer internet services. The organization faced challenges with optimizing network infrastructure and managing the increasing demand for high-bandwidth services.
• 2. Tasks:
• Optimize and maintain the ISP’s network infrastructure to ensure uninterrupted service delivery to customers.
• Configure and manage modems to ensure connectivity and performance.
• Troubleshoot network issues, including bandwidth limitations, connectivity disruptions, and latency issues, to ensure optimal performance for customers.
• Provide technical support to customers facing service outages or slow connectivity.
• Implement network monitoring tools to proactively detect and resolve issues before they impact service.
• 3. Actions:
• Configured and maintained critical network devices such as routers, switches, and firewalls to ensure reliable service delivery and mitigate potential security threats.
• Monitored network traffic using performance monitoring tools, identifying congestion points, and reconfiguring the network to optimize bandwidth usage.
• Troubleshot and resolved connectivity and performance issues by collaborating with customer support teams and running diagnostic tests on affected connections.
• Worked closely with customer support teams to provide timely resolutions to customer complaints, including troubleshooting network issues and performing on-site visits if needed.
• 4. Results:
• Improved network performance by optimizing traffic routing, reducing latency, and increasing the overall bandwidth capacity, leading to enhanced customer satisfaction.
• Minimized service downtime by implementing network redundancy, resulting in a more resilient infrastructure.
• Increased customer satisfaction by resolving complaints quickly and effectively, leading to improved retention and positive feedback from clients.