Daniel Sarica
Verified Expert in Engineering
Network and Security Architect and Software Developer
New York, NY, United States
Toptal member since August 26, 2022
Daniel is a network and security architect with 12 years of success developing secure network designs and architecture for customers. He is dedicated to improving the cybersecurity posture of his clients. Daniel is highly skilled in creating business-driven security architectures and infrastructures. He offers a rare blend of technical skills and the ability to present highly technical information to non-technical stakeholders, helping them drive better business decisions.
Portfolio
Experience
- Networking - 14 years
- Firewalls - 12 years
- Wireless - 12 years
- Cybersecurity - 12 years
- Web Security - 7 years
- Security Architecture - 4 years
- Cloud Security - 2 years
- Risk Management - 2 years
Availability
Preferred Environment
MacOS, Python, Slack
The most amazing...
...network security design standard I’ve created was for an outsourcing company that generated more than $200,000 in revenue.
Work Experience
Network and Security Architect
Security Consultant
- Designed and implemented a Fortigate SD-WAN network of 300+ locations for a major food company.
- Automated deployment and reduced manual installation time of legacy Cisco network infrastructure from two hours to ten minutes. Used Ansible, Python, and Ansible Tower.
- Deployed a security operation center using open-source tools. Used Wazuh, OSSEC, Ansible, and Ansible Tower, saving $100,000 in costs.
- Developed a secure network design standard that generated $200,000 for an outsourcing company implementing it for its customers.
- Reduced delays of up to 40 hours in Azure Cloud Services migration. Provided roadmaps, standards, and checklists. Allowed for a smoother migration and minimal downtime.
- Led the implementation of an SIEM solution using Wazuh Indexer as the SIEM back end, Graylog for log ingestion and normalization, Fluent Bit for forwarding logs, Grafana for reporting and display, and GreyNoise for thread intelligence.
- Helped multiple customers comply with CIS controls for both on-prem infrastructure and cloud deployments.
- Worked with Lansweeper asset management tool. I deployed it for a 5,000+ person company with more than 2,000 assets. Created reports for management and used them to improve the environment's security posture further.
- Helped create an SSO portal using the F5 platform as a SAML IdP.
- Deployed Okta for a financial company. Made integrations between Okta SSO/SAML and SCIM and a dozen applications like Github, Slack, Zendesk, Datadog, etc.
Network and Security Architect
Autoriteit Financiële Markten
- Created and maintained infrastructure drawings and high-level designs.
- Translated and mapped business requirements to technical implementation decisions using business impact analysis and the resulting confidentiality, integrity, and availability ratings.
- Designed IT architecture guidelines (functional, infrastructural, and technical) to create an optimal solution for the customer's request.
- Designed disaster recovery scenarios to guarantee business continuity for the customers.
- Defined infrastructure standards and best practices to define a sustainable solution in line with the customer's expectations.
- Created migration plans to accomplish a smooth transition of the customer's environment for new customers.
- Served as 4th-line support to resolve fundamental problems in the architecture quickly and efficiently.
- Created and maintained infrastructure drawings in the customer's architecture solution.
- Audited customer IT environments to define improvement proposals.
Senior Network and Security Engineer
ING Group
- Automated a DDoS protection mechanism with DDoS scrub providers. Resulted in activation of DDoS protection from two hours to five minutes.
- Improved security by gathering IoCs from different vendors and automatically ingesting them into the security appliances.
- Reduced firewall rule implementation from 48 hours to 30 minutes on different firewall appliances (FortiGate and Palo Alto Networks). Created custom workflows and used ServiceNow APIs and Python scripting.
- Improved together with the CISO and disaster recovery and business continuity plans.
Team Leader
Cegeka
- Managed a team of 22 local and remote network and security engineers. Served as a key escalation point for all inquiries, questions, and problems encountered or reported by team members.
- Reduced ticket resolution time by 25% and increased efficiency in ticket solving per engineer by 35%.
- Achieved 98% of ticket handling within the service level agreement in six months by automating procedures.
- Trained staff on-boarding processes and standards. Improved their first time right principle by 50%, and increasing from 60% to 90%.
- Led the internal hiring process and mentored new and junior employees. Boosted the retention rate from 70% to 90%.
Network and Security System Engineer
Cegeka
- Trained 200+ engineers on networking and security fundamentals.
- Deployed 1000+ network or security appliances (firewalls, routers, switches, proxy server, wan optimizations, wireless access points, and controllers) on client infrastructure.
- Built relationships with top security and networking vendors including Cisco, Fortinet, Checkpoint, Palo Alto Networks, Arista, HP Juniper, and Aruba.
- Automated the process of information gathering for configuration management databases (CMDB) purposes with Python. Saved an average of 15 minutes per device.
Experience
Secure Network Design
Development of a “Secure Network Design” Standard
This standard was a comprehensive blueprint for building a secure network infrastructure that could withstand diverse cyber threats. It considered several critical factors, including network segmentation, firewall configuration, intrusion detection systems, secure VPNs, end-to-end encryption, multi-factor authentication, and adherence to the latest cybersecurity protocols.
Realizing the immense potential of this standard, an outsourcing company decided to adopt it. This company was a prominent player in the IT sector, providing services to a wide range of clients globally.
The standard was implemented across all their services. It became a significant selling point for the company, appealing to the growing cybersecurity consciousness among businesses.
As a result, the company saw a significant uptick in revenue, generating over $200,000 in additional profits.
Pentesting a SaaS Startup
They were expecting those companies to ask for penetration testing (pentest) before they added their data within the SaaS startup environment.
• Planning and preparation: Create pentest scope and goals, set up Burp Suite and Tenable, whitelisted IPs, and outlined procedures and timelines.
• Discovery: Utilized Tenable for vulnerability scanning and Burp Suite for reconnaissance and application-level vulnerability detection.
• Attack: Conducted manual attack attempts using Burp Suite, focusing on business logic errors and documenting the outcomes
• Post-attack analysis: Determine the efficacy of current security measures and where improvements can be made.
• Reporting: Created a detailed pentest report, highlighting critical vulnerabilities, successful attack vectors, and providing recommendations.
Key vulnerabilities resolved included remote code execution (RCE) enabling full back-end server control, blind SQL injections, and XXE injection.
Design and Implementation of a Security Operation Center
Wazuh, an advanced intrusion detection system, and OSSEC, a host-based intrusion detection system, were key components in our SOC set up. They provided comprehensive security monitoring and alerting, ensuring suspicious activities were swiftly detected and responded to.
Ansible was used to automate the deployment and configuration of these tools, ensuring consistency and reducing manual errors. Its web-based counterpart, AWX, made it possible to manage and control our Ansible playbook runs in a more user-friendly way.
Using these open-source tools, as opposed to expensive commercial alternatives resulted in substantial cost savings. The project saved the company approximately $100,000, a testament to the financial viability of utilizing open-source solutions without compromising on security efficacy.
Education
Master's Degree in Project Management
Academy of Economic Studies - Bucharest, Romania
Bachelor's Degree in Computer Science
Polytechnic University of Bucharest - Bucharest, Romania
Certifications
Information Systems Security Architecture Professional (CISSP-ISSAP)
(ISC)²
Certified Cloud Security Professional (CCSP)
(ISC)²
SABSA Chartered Security Architect
The SABSA Institute
Certified Information Systems Security Professional (CISSP)
(ISC)²
Skills
Libraries/APIs
RADIUS
Tools
VPN, Snort, pfSence, FirePower, Cisco Meraki, Duo 2FA, Slack, McAfee, Bro Network Security Monitor, Ansible, Ansible Tower, Azure MFA, McAfee Endpoint Security
Paradigms
Penetration Testing, DevSecOps, DDoS, HIPAA Compliance, Agile Project Management, DevOps
Platforms
Duo, Azure, Linux, Windows Server, Windows, CentOS, Windows Server 2016, WordPress, Amazon Web Services (AWS), MacOS, Zeek, Wazuh, Google Cloud Platform (GCP), CrowdStrike, Azure IaaS, Azure PaaS
Industry Expertise
Cybersecurity, Network Security
Languages
SAML, Python, PHP
Storage
Elasticsearch, WP Engine, Azure Active Directory, Microsoft Entra ID
Frameworks
React Native
Other
Security Architecture, Firewalls, Wireless, Networking, Cisco, LAN, Security, SSL Certificates, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), IDS/IPS, Vulnerability Identification, Networks, Risk Assessment, Network Engineering, Network Access Control, Identity & Access Management (IAM), Security Engineering, Security Audits, Ethical Hacking, Compliance, CCNA, CCNP, VLANs, CISSP, 802.1X, FortiGate, HSRP, OSI Model, Open Shortest Path First (OSPF), Software-defined WAN (SDWAN), WAN, Web Security, Cloud Security, Risk Management, Palo Alto Networks, Architecture, IT Security, Consulting, Cloud, Authentication, APIs, Data Protection, Single Sign-on (SSO), System Administration, SecOps, Audits, Cloudflare, Application Security, OWASP Top 10, Okta, CISO, Data Governance, Office 365, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco AnyConnect, PCI, Microsoft 365, Azure VDI, Border Gateway Protocol (BGP), ExpressRoute, Virtual Desktop Infrastructure (VDI), Development, Web Project Management, Fortinet Firewall Configuration, Checkpoints, Endpoint Security, Zero Trust, Network Segmentation, AWX, SonicWall, Security Information and Event Management (SIEM), Fortinet
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring