Security Architect Infrastructure - Security Governance and Risk available

Security Architect Infrastructure - Security Governance and Risk

Profileimage by Anonymous profile, Security Architect Infrastructure - Security Governance and Risk
  • 8833 Wolwelange Freelancer in
  • Graduation: not provided
  • Hourly-/Daily rates:
  • Languages: English (Native or Bilingual) | French (Native or Bilingual) | Dutch (Native or Bilingual) | Spanish (Limited professional)
  • Last update: 05.02.2020
Profileimage by Anonymous profile, Security Architect Infrastructure - Security Governance and Risk
Latest CV

You need an account to view this information.

  • CISSP from (ISC)² (Certified Information Systems Security Professional) #64426
  • CISM from ISACA (Certified Information Security Manager) #1840114
  • RSA/CSE (RSA SecureID Certified Systems Engineer)
  • NSA (Nokia Security Administrator)
  • CCSE NGX R65 (Checkpoint Certified Security Expert)
  • CCSE NG + (Checkpoint Certified Security Expert plus)
  • CCMSE NG (Checkpoint Certified Managed Security Expert – Provider-1)
  • CAA (Certified AlgoSec Administrator 6.5)

Computer skills:
Operating Systems:     Win2000 Prof, Win XP, W2003, W2008, WinVista, Win7
                                     Linux Redhat 5 & 6
 IPSO 3.2.1 – 6.2
                                     Checkpoint Secure Platform R55-R75.20
                                     Checkpoint GAIA R77 - R80
Networking:                TCP/IP protocols (advanced knowledge)     
                                     Configuration of Cisco Routers and Switches (IOS)
PM tools:                     MS Project 2003 & 2007 project server & MS Sharepoint usage     
Perimeter Security:      Checkpoint Suite from version 3.0b (1998) to version NGX R80 (manager)
                                     Nokia 120, 290, 390, 530, 690, 1220 Security Appliance on IPSO 3.2.1 – 6.2
                                     Symantec Enterprise Firewall 6.0 -> 8.0.
                                     Netscreen SreenOS 5.4 to 6.2 on Netscreen 50, 208 and 5200 (Juniper)
                                     Fortinet Fortigate 60B-620B-3016B v4.0 build 8445
                                     Cisco ASA 8.4 with ASDM 6.4
                                     Finjan’s Surgingate 5.0 -> 7.0 SP2
 Trendmicro’s Viruswall 3.8.1
 TrendMicro’s Deep Security HIDS 9.6.3177
                                     Websense 3.1 -> 4.5 URL-screening
                                     Bluecoat ProxySG 810 – 8100 – 9000 appliances – sgos5.4.3.1 to 6.5.5
                                     Juniper SA2500 –SA4500 SSL VPN based on version 6.5R4 -> 7.4R5
                                     MobileIron Virtual Smartphone Platform r4.5 and Sentry 3.2
                                     Infoblox NIOS 5.1r2 to 6.1.5
                                     SourceFire IPS solution 5.4 & SourceFire Defence Center
                                     F5 Application Security (ASM) and Access Policy (APM) ver 10.2 –> 12
AAA Security:            Cisco ACS Solution Engine 3.2-4.3
                                     RSA ACE server 5.2 -> 7.1 for SecureID tokens
                                     Navis Radius server 4.3.10 from Lucent
Security Management: Solsoft Policy Manager 7.2 & Cisco MARS Appliance
                                     Checkpoint Provider-1 NGX (R65-R77)
Loadbalancing & HA:            Cisco Content Service Switch 11000 & CSM blades in Catalyst 6500 series
                                     Cisco Application Control Engine (ACE)
                                     F5 LTM on version 10.2 –> 12 hotfix2
                                     Nokia VRRP and IPClustering
Security Analysis:       Network protocol analyzers:  Ethereal, Wireshark
 Network Scanners: NMap, Rapid7 Vulnarability Scanner, MetaSploit Pro
                                     HTTP analyzers: HTTPWatch, Paros 3.1.3
                                    Thread Emulation: FireEye, Checkpoint TE, TrendMicro Deep Discovery
                                    Security Assessment: Kali Framework
                                    Endpoint detection and response: FireEYE HX, Carbon Black, Sentinel ONE
(1 May 2001 – …): Independent Consultant and owner of MindeGap
(July 2017 –  Jun 2018): Deloitte Consulting: Risk Management Consultant
  • Responsible for the creation of several security policies and standards needed to achieve compliancy with the Belgian National Bank and GDPR regulation.
  • Develop Security Metrics to establish if the IT department and IT Service providers are compliant with the policies and standards.
  • Risk Assessment of the new IT architecture, which uses Guidewire (Insurance Management), Alfresco (Document Management) and Acrobat Experience Manager (Enterprise Content Management) and assessing the integration of those tools with the IAM (Identity and Access Management) platform deployed.
  • Development of a Taxonomy of operational security threats and vulnerabilities for the IT environment and perform a threat assessment
  • Defining the functional and business processes for the identity creation and the access management of the various business software through the IAM using BPMN (Business Process Model and Notation).
  • Helping in the creation and analysis of the RBAC model for implementation in the IAM.
  • Analysis of the use cases needed to define the Cloud Strategy. Definition of the architectural needs and shortlisting of the CASB (Cloud Access Security Brokers) vendors to integrate into the RFP send out.
(January 2017 – June 2017): European Parliament (Luxembourg): Security Operations Management:
  • Validation and implementation of Firewall access requests on Checkpoint FW 77.30 and Netsreen Security Manager.
  • Responsible for the development of the Disaster Recovery Strategy and testing of BCP in the wake of the move of the Luxembourg premises to new buildings being build.
  • Responsible for the follow up of the System Patching and coordination with Operations teams.
  • Development and giving of security awareness training to different Operations teams
(June 2014 – December 2016): CLEARSTREAM/Deutsche Boerse Group (Luxembourg - Frankfurt): Security Consultant in the Information Security Engineering Team:
  • Deployment of a ESX based lab needed to POC (Proof of Concept) all security solutions in the Security Roadmap and deployment of Checkpoint 77.30 VE + IPS blade, F5 VE, SourceFire IPS VE and the different tools involved in the various security POC’s
  • Development of the IPS Strategy and deployment of SourceFire 6.4 and Checkpoint FW’s + IPS blade (R77.30) at DBG
  • Malicious Code Protection POC to analyse various Sand Box Technologies to integrate into the existing security infrastructure. Comparative analysis between Checkpoint Threat Emulation Appliance, FireEye and TrendMicro Deep Discovery.
  • Deployment and design of Checkpoint Threat Emulation Appliance into the DBG group infrastructure (surfing and web traffic)
  • Implementation of Rapid7 NeXpose and MetaSploit Pro for vulnerability assessment
  • Fine-tuning of the Security Policy of the BlueCoat WebProxy infrastructure
  • Comparative analysis and POC of various Endpoint Protection and Response tools line FireEye HX, Carbonblack server, Tanium, Guidance Encase, Sentinel1 and Bromium
  • Deployment of TrendMicro Deep Security HIDS 9.6 on all internet facing webservers
  • Deployment of F5 LTM for load balancing and the ASM as a WAF solution
  • Integration of all Security solutions with the SIEM solution ARCSight
  • Coordinate with the Risk Management team to validate that the defined risks are mitigated by the various security countermeasures.
(July 2012 – June 2014): EUROCLEAR: Technical Security Consultant in the Security Infra Team (Paris):
  • Migration of Nokia-Checkpoint clusters in R65 to a virtualized environment based on Crossbeam and Checkpoint VSX R67 and Provider-1 R75.20 for management.
  • Migration of proxy servers from Bluecoat ProxySG and TrendsMicro IWSS to Cisco Ironport Web Security Gateway, with an embedded Webroot and Sophos for malware scanning.
  • Setup of a new Juniper SA (version 8.0R2) environment for home PC access
  • Implementation of AlgoSec AFA and FireFlow for firewall Security management (version 6.5)
  • Migration of Checkpoint Provider-1 to R77 on GAIA and testing of the Identity awareness blade and the App Sec blade for in depth application control.
  • Migration of Crossbeam VSX R67 to R77.
(January 2012 – June 2012): D’ieteren: Security Consultant in the Security Infra Team
  • Research for a mobile management platform including vendors like: MobileIron, Zenprise, Airwatch.
  • Day to day management of Checkpoint and Netscreen FW’s and clean-up of rulebase.
  • Implementation of Cisco 800 routers for VPNs between branches and the Corporate ASA FW
(October 2011 –December 2011): Swift: Security Consultant for the MDM (Mobile Device Management) project for remote access.
  • Setup of Remote Access VPN‘s between Apple iPad & iPhone devices and Juniper SA SSL VPN. Deployment of MobileIron VSP and Sentry for remote devices management (MDM)
  • Adaptation of Checkpoint FW environment and Fortinet Fortigate clusters, to allow the MDM (mobile device management) flows.
  • Upgrade of Infoblox NIOS 5.1r2 to 6.1.5 to resolve a security Vulnerability
(February 2011 –September 2011): Dexia Technical Services: Technical Security Consultant in the Security Infrastructure team:
  • Migration of Cisco ASA firewall to version 8.4 and ASDM 6.4 in various environments.
  • Upgrade of BlueCoat ProxySG 8100 with sgos based on Websense URL filtering to the ProxySG9000 on SGOS using BlueCoat Webfilter for URL filtering.
  • Review and implementation of new policy for web surfing on the new BlueCoat Proxy-servers.
  • Upgrade of Checkpoint FW modules from R62 to R71.40 after conversion from flash-based systems to HD based FW modules.
  • Implementation of F5 LTM load balancing to replace the Cisco ACE modules
  • Day-to-day operation of the security infrastructure.
(May 2010 – January 2011): National Bank Belgium: Technical Security Consultant in the Security Infrastructure team:
  • Responsible for maintaining the new dedicated infrastructure for the ESCB (European System for central banking).
  • Setup of a new Swift infrastructure for the ESCB environment
  • Migration of CP Firewalls to version R71 and activation of IPS blades
  • Responsible for the setup  of a new Secure file transfer infrastructure based on Globalscape EFT
  • Setup of Access VPN‘s between Apple IPad devices and Juniper SA SSL VPN.
  • POC for the setup of a USB based Secure Workspace based on Checkpoint Abra
(October 2009 – March 2010): ICTRA, B-Holding - Project Manager Security Track ConformIT 
  • Member of the architecture team responsible for the new datacenter design.
  • Responsible for the deployment of a Security Framework based upon the ISO2700x framework
  • Management of 6 consultants who cover the areas of the security framework.
  • Reporting to higher level management of ICTRA and the client (Infrabel) on the evolution of the security  project
  • Assess the Risks discovered during the Security review and validate with program management team on how to mitigate those risks.
(July 2009 - September 2009): SIEMENS: Security Analyst for sTESTA (European Commission):
  • Security audit of the sTESTA Security Procedures based upon the ISO2700x framework.
  • Review of the security policies - procedures, and match them to ISO 27002 controls.
  • Perform a Risk Analysis and check the existing Risk Management plan.
  • Review the Business Continuity Plan (BCP) for sTESTA and attend the CAB (Change Activity Board) meetings to validate changes in the environment.
(August 2006 – April 2009): EUROCLEAR: Technical Security Consultant in the Security Infrastructure team:
  • Responsible in the network team for the follow up of bugs and security breaches on all our platforms. Member of Euroclear’s Security Prioritization Forum.
  • Participation in the network security audit performed by Verizon.
  • Migration of Cisco ACS to 4.1 and integration with Windows AD for user authentication and group membership retrieval to unify user authentication
  • Involved in the selection of the Tumbleweed Secure Email Gateway for email encryption (TLS and S/MIME). Responsible for the infrastructure risk analysis of the solution and for the network integration in the periphery environment.
  • Involved in the selection of a tool for Central Logging and log aggregation. Vendors tested: Loglogic, NetIQ and Cisco Mars.
  • Day to day operation of the Firewalls, load-balancers, Bluecoats, ACS servers and the RAS.
  • POC for the deployment of Checkpoint Provider-1 to manage the Checkpoint Environment
  • Migration of a Checkpoint Integrity Server 6.5 cluster with a SQL2000 external DB to a new cluster that support SQL 2005 + Setup of the RAS infra in our pre-production environment to test the migration strategy.
(January 2006 – September 2006): PROXIMUS: Security Consultant for the GPRS architecture redesign:
  • Security consultant for the GPRS firewall architecture redesign and deployment: The project consists of a migration of 5 Checkpoint NG Clusters to a Netscreen 5200 cluster using 5 virtual systems (VSYS) and 2 Cisco FWSM blades in a catalyst 6500 series for the management connections. The migration goes together with a complete architecture redesign.
  • The Checkpoint management environment used for the Checkpoint clusters changes to a Solsoft Policy Server for the management of the new Netscreen clusters and the FWSM.
  • Logging aggregation is done using Cisco’s central event management tool Mars.
  • Reconfiguration of Cisco CSM 4.1.6 blade to comply with the new architecture.
(March 2005 – December 2005): EQUANT: Project Manager on TESTA (Trans-European Service for Telematics between Administrations) for the European Commission:
  • Planning and execution of the migration of the Testa Management environment from Equant France to a dedicated infrastructure at the Equant Brussels site.
  • Training and coaching of 3 junior security consultants for Testa
  • Development of the security policy for the Testa network.
  • Accessing the security of the new infrastructure (physical and technical) to prepare for an external audit by the European Commission.
  • SureWare Net line encryptors, deployed to secure the EC connections on the MPLS backbone.
(November 2000 – March 2005): FortisBank: Member of the Security Project Team.
  • Managing various business projects, which involving changes in the firewall architecture.
  • Writing of the Intrusion Detection System emergency response procedures.
  • Accountable for the deployment of extranet VPN’s with partners and subsidiaries
  • Wrote the procedures for the Operational Support of the various security tools.
  • In charge of the 3rd-level troubleshooting of the products managed by the firewall team.
  • Planning and execution of the 5.0 ACE server upgrade to the new 5.2 ACE servers.
  • In charge of the design and deployment of Provider-1 AI for cross-border FW management.
  • Team leader for the migration of the Raptor 6.5 firewall in the E-banking and the surfing environment to Symantec Enterprise Firewall 7.0.4 on Solaris 2.9
  • Planned and coordinated the migration of the Checkpoint 2000 firewalls to CP Next Generation FP3 HF2 (summer of 2003) and later (end of 2004) to CP NG AI (release R55W).
-     Designed and performed the setup and configuration of the new lab environment.
  • Deployed Content Analysis and virus-scanning using Trend Micro 3.8 & Finjan’s Surfingate 7.0 SP2 in the surfing environment.
(March 1999 -October 2000): Telinfo Group, Telinfo High Tech Institute.
Responsible for the development and teaching of the following courses:
  • E-commerce introduction and business strategies (1 day)
  • E-commerce applications (2 days)
  • Virtual Private Networking (2 days)
Teaching the product courses:
  • Introduction to Checkpoint Firewall-1 4.0 & CP2000
  • Advanced Firewall-1 4.0 & CP 2000
  • Introduction to Meta - IP 4.x
  • Introduction to Bandwidth Management using Floodgate-1 4.x
(April 1998 – February 1999): Telinfo Group, Telindus pre-sales.
Responsible for the Networking services within the pre-sales department.
(October 1997 – March 1998): ORACLE Belgium
Application design consultant in the Custom Development business unit.
(October 1995 – September 1997) Free University of Brussels:
Member of the “Assisting Academic Personnel” at the center for Business-IT in the faculty of Economical, Social & Political Sciences.

Luxembourg, Netherlands, Germany, UK