Daniel Sarica, Developer in New York, NY, United States
Daniel is available for hire
Hire Daniel

Daniel Sarica

Verified Expert  in Engineering

Network and Security Architect and Software Developer

New York, NY, United States

Toptal member since August 26, 2022

Bio

Daniel is a network and security architect with 12 years of success developing secure network designs and architecture for customers. He is dedicated to improving the cybersecurity posture of his clients. Daniel is highly skilled in creating business-driven security architectures and infrastructures. He offers a rare blend of technical skills and the ability to present highly technical information to non-technical stakeholders, helping them drive better business decisions.

Portfolio

Security Consultant
Firewalls, Azure, Cisco, Fortinet Firewall Configuration, Palo Alto Networks...
Autoriteit Financiële Markten
CrowdStrike, Azure IaaS, Azure PaaS, Azure, Azure MFA...
ING Group
Checkpoints, Palo Alto Networks, Fortinet Firewall Configuration, McAfee...

Experience

  • Networking - 14 years
  • Firewalls - 12 years
  • Wireless - 12 years
  • Cybersecurity - 12 years
  • Web Security - 7 years
  • Security Architecture - 4 years
  • Cloud Security - 2 years
  • Risk Management - 2 years

Availability

Part-time

Preferred Environment

MacOS, Python, Slack

The most amazing...

...network security design standard I’ve created was for an outsourcing company that generated more than $200,000 in revenue.

Work Experience

Network and Security Architect

2020 - PRESENT
Security Consultant
  • Designed and implemented a Fortigate SD-WAN network of 300+ locations for a major food company.
  • Automated deployment and reduced manual installation time of legacy Cisco network infrastructure from two hours to ten minutes. Used Ansible, Python, and Ansible Tower.
  • Deployed a security operation center using open-source tools. Used Wazuh, OSSEC, Ansible, and Ansible Tower, saving $100,000 in costs.
  • Developed a secure network design standard that generated $200,000 for an outsourcing company implementing it for its customers.
  • Reduced delays of up to 40 hours in Azure Cloud Services migration. Provided roadmaps, standards, and checklists. Allowed for a smoother migration and minimal downtime.
  • Led the implementation of an SIEM solution using Wazuh Indexer as the SIEM back end, Graylog for log ingestion and normalization, Fluent Bit for forwarding logs, Grafana for reporting and display, and GreyNoise for thread intelligence.
  • Helped multiple customers comply with CIS controls for both on-prem infrastructure and cloud deployments.
  • Worked with Lansweeper asset management tool. I deployed it for a 5,000+ person company with more than 2,000 assets. Created reports for management and used them to improve the environment's security posture further.
  • Helped create an SSO portal using the F5 platform as a SAML IdP.
  • Deployed Okta for a financial company. Made integrations between Okta SSO/SAML and SCIM and a dozen applications like Github, Slack, Zendesk, Datadog, etc.
Technologies: Firewalls, Azure, Cisco, Fortinet Firewall Configuration, Palo Alto Networks, Security, IT Security, Consulting, SSL Certificates, Windows Server, Windows, Cybersecurity, Vulnerability Identification, Cloud, Authentication, APIs, Intrusion Prevention Systems (IPS), Snort, Intrusion Detection Systems (IDS), IDS/IPS, Data Protection, pfSence, Duo, SAML, Networks, Single Sign-on (SSO), Linux, CentOS, Zeek, Elasticsearch, Network Security, Bro Network Security Monitor, Risk Assessment, Penetration Testing, SecOps, SonicWall, VPN, Network Access Control, Network Engineering, Audits, Google Cloud Platform (GCP), Cloudflare, DDoS, Application Security, OWASP Top 10, Identity & Access Management (IAM), Okta, CISO, Security Engineering, DevSecOps, Security Audits, Data Governance, HIPAA Compliance, Ethical Hacking, Compliance, WP Engine, Cisco Adaptive Security Virtual Appliance (ASAv), FirePower, RADIUS, Cisco Meraki, Duo 2FA, VLANs, Cisco AnyConnect, Amazon Web Services (AWS), PCI, Microsoft 365, Security Information and Event Management (SIEM), 802.1X, Azure VDI, Border Gateway Protocol (BGP), FortiGate, HSRP, Microsoft Entra ID, OSI Model, Open Shortest Path First (OSPF), Software-defined WAN (SDWAN), Virtual Desktop Infrastructure (VDI), WAN

Network and Security Architect

2020 - 2022
Autoriteit Financiële Markten
  • Created and maintained infrastructure drawings and high-level designs.
  • Translated and mapped business requirements to technical implementation decisions using business impact analysis and the resulting confidentiality, integrity, and availability ratings.
  • Designed IT architecture guidelines (functional, infrastructural, and technical) to create an optimal solution for the customer's request.
  • Designed disaster recovery scenarios to guarantee business continuity for the customers.
  • Defined infrastructure standards and best practices to define a sustainable solution in line with the customer's expectations.
  • Created migration plans to accomplish a smooth transition of the customer's environment for new customers.
  • Served as 4th-line support to resolve fundamental problems in the architecture quickly and efficiently.
  • Created and maintained infrastructure drawings in the customer's architecture solution.
  • Audited customer IT environments to define improvement proposals.
Technologies: CrowdStrike, Azure IaaS, Azure PaaS, Azure, Azure MFA, Identity & Access Management (IAM), Okta, CISO, Security Engineering, DevSecOps, Penetration Testing, Security Audits, Data Governance, Ethical Hacking, Compliance, RADIUS, Duo 2FA, VLANs, Amazon Web Services (AWS), PCI, Microsoft 365, Cybersecurity, 802.1X, Azure VDI, Border Gateway Protocol (BGP), FortiGate, HSRP, Microsoft Entra ID, OSI Model, Open Shortest Path First (OSPF), Software-defined WAN (SDWAN), Virtual Desktop Infrastructure (VDI), WAN

Senior Network and Security Engineer

2019 - 2020
ING Group
  • Automated a DDoS protection mechanism with DDoS scrub providers. Resulted in activation of DDoS protection from two hours to five minutes.
  • Improved security by gathering IoCs from different vendors and automatically ingesting them into the security appliances.
  • Reduced firewall rule implementation from 48 hours to 30 minutes on different firewall appliances (FortiGate and Palo Alto Networks). Created custom workflows and used ServiceNow APIs and Python scripting.
  • Improved together with the CISO and disaster recovery and business continuity plans.
Technologies: Checkpoints, Palo Alto Networks, Fortinet Firewall Configuration, McAfee, Endpoint Security, Web Security, Security, IT Security, SSL Certificates, Windows Server, Windows, Cybersecurity, Vulnerability Identification, Cloud, Authentication, APIs, Intrusion Prevention Systems (IPS), Snort, Intrusion Detection Systems (IDS), IDS/IPS, pfSence, Duo, SAML, Networks, Single Sign-on (SSO), CentOS, Network Security, Penetration Testing, Network Access Control, Network Engineering, VPN, SonicWall, SecOps, Risk Assessment, Windows Server 2016, System Administration, Audits, Cloudflare, WordPress, DDoS, Identity & Access Management (IAM), Okta, DevSecOps, Security Audits, Ethical Hacking, Cisco Adaptive Security Virtual Appliance (ASAv), RADIUS, VLANs, Cisco AnyConnect, Amazon Web Services (AWS), McAfee Endpoint Security, 802.1X, Azure VDI, Border Gateway Protocol (BGP), FortiGate, HSRP, ExpressRoute, Virtual Desktop Infrastructure (VDI)

Team Leader

2016 - 2018
Cegeka
  • Managed a team of 22 local and remote network and security engineers. Served as a key escalation point for all inquiries, questions, and problems encountered or reported by team members.
  • Reduced ticket resolution time by 25% and increased efficiency in ticket solving per engineer by 35%.
  • Achieved 98% of ticket handling within the service level agreement in six months by automating procedures.
  • Trained staff on-boarding processes and standards. Improved their first time right principle by 50%, and increasing from 60% to 90%.
  • Led the internal hiring process and mentored new and junior employees. Boosted the retention rate from 70% to 90%.
Technologies: Cisco, Linux, DevOps, Firewalls, Wireless, LAN, Security, IT Security, SSL Certificates, Windows Server, Cybersecurity, CentOS, Network Engineering, Network Access Control, VPN, Cisco Meraki, VLANs, FortiGate, OSI Model

Network and Security System Engineer

2010 - 2016
Cegeka
  • Trained 200+ engineers on networking and security fundamentals.
  • Deployed 1000+ network or security appliances (firewalls, routers, switches, proxy server, wan optimizations, wireless access points, and controllers) on client infrastructure.
  • Built relationships with top security and networking vendors including Cisco, Fortinet, Checkpoint, Palo Alto Networks, Arista, HP Juniper, and Aruba.
  • Automated the process of information gathering for configuration management databases (CMDB) purposes with Python. Saved an average of 15 minutes per device.
Technologies: Cisco, Cloud Security, Checkpoints, Azure, Architecture, Endpoint Security, Fortinet Firewall Configuration, Firewalls, LAN, Security, IT Security, SSL Certificates, Windows, Cybersecurity, Vulnerability Identification, Cloud, Authentication, APIs, Intrusion Prevention Systems (IPS), Snort, Intrusion Detection Systems (IDS), IDS/IPS, pfSence, Duo, SAML, Palo Alto Networks, Networks, Single Sign-on (SSO), Linux, Network Security, Network Access Control, Network Engineering, VPN, SonicWall, Windows Server 2016, System Administration, Cloudflare, WordPress, DDoS, DevSecOps, CCNA, CCNP, Cisco Adaptive Security Virtual Appliance (ASAv), FirePower, RADIUS, Duo 2FA, VLANs, Cisco AnyConnect, PHP, React Native, Amazon Web Services (AWS), PCI, Microsoft 365, Border Gateway Protocol (BGP), FortiGate, ExpressRoute, Microsoft Entra ID, Open Shortest Path First (OSPF), Software-defined WAN (SDWAN), Virtual Desktop Infrastructure (VDI), WAN

Secure Network Design

Developed a secure network design standard that generated over $200,000 for an outsourcing company that implemented it for its customers. I provided a general blueprint that could be deployed to multiple customers.

Development of a “Secure Network Design” Standard

As a cybersecurity expert, I developed a unique "Secure Network Design" standard. This initiative was grounded in my deep understanding of the evolving threat landscape and the need for robust, secure networking solutions that would protect the integrity of sensitive data and ensure seamless operations for businesses.

This standard was a comprehensive blueprint for building a secure network infrastructure that could withstand diverse cyber threats. It considered several critical factors, including network segmentation, firewall configuration, intrusion detection systems, secure VPNs, end-to-end encryption, multi-factor authentication, and adherence to the latest cybersecurity protocols.

Realizing the immense potential of this standard, an outsourcing company decided to adopt it. This company was a prominent player in the IT sector, providing services to a wide range of clients globally.

The standard was implemented across all their services. It became a significant selling point for the company, appealing to the growing cybersecurity consciousness among businesses.

As a result, the company saw a significant uptick in revenue, generating over $200,000 in additional profits.

Pentesting a SaaS Startup

The scope of this project was to check the security of the SaaS Startup before it went live. They were expecting contracts from big-name companies like Meta, Google, and Adobe.

They were expecting those companies to ask for penetration testing (pentest) before they added their data within the SaaS startup environment.
• Planning and preparation: Create pentest scope and goals, set up Burp Suite and Tenable, whitelisted IPs, and outlined procedures and timelines.
• Discovery: Utilized Tenable for vulnerability scanning and Burp Suite for reconnaissance and application-level vulnerability detection.
• Attack: Conducted manual attack attempts using Burp Suite, focusing on business logic errors and documenting the outcomes
• Post-attack analysis: Determine the efficacy of current security measures and where improvements can be made.
• Reporting: Created a detailed pentest report, highlighting critical vulnerabilities, successful attack vectors, and providing recommendations.
Key vulnerabilities resolved included remote code execution (RCE) enabling full back-end server control, blind SQL injections, and XXE injection.

Design and Implementation of a Security Operation Center

As a cybersecurity professional, I successfully deployed a Security Operation Center (SOC) using open-source tools, including Wazuh, OSSEC, Ansible, and AWX. This project was designed to enhance our cyber-defense capabilities while also considering cost efficiency.

Wazuh, an advanced intrusion detection system, and OSSEC, a host-based intrusion detection system, were key components in our SOC set up. They provided comprehensive security monitoring and alerting, ensuring suspicious activities were swiftly detected and responded to.

Ansible was used to automate the deployment and configuration of these tools, ensuring consistency and reducing manual errors. Its web-based counterpart, AWX, made it possible to manage and control our Ansible playbook runs in a more user-friendly way.

Using these open-source tools, as opposed to expensive commercial alternatives resulted in substantial cost savings. The project saved the company approximately $100,000, a testament to the financial viability of utilizing open-source solutions without compromising on security efficacy.
2010 - 2012

Master's Degree in Project Management

Academy of Economic Studies - Bucharest, Romania

2006 - 2010

Bachelor's Degree in Computer Science

Polytechnic University of Bucharest - Bucharest, Romania

MARCH 2022 - PRESENT

Information Systems Security Architecture Professional (CISSP-ISSAP)

(ISC)²

SEPTEMBER 2021 - PRESENT

Certified Cloud Security Professional (CCSP)

(ISC)²

JULY 2021 - PRESENT

SABSA Chartered Security Architect

The SABSA Institute

JUNE 2021 - PRESENT

Certified Information Systems Security Professional (CISSP)

(ISC)²

Libraries/APIs

RADIUS

Tools

VPN, Snort, pfSence, FirePower, Cisco Meraki, Duo 2FA, Slack, McAfee, Bro Network Security Monitor, Ansible, Ansible Tower, Azure MFA, McAfee Endpoint Security

Paradigms

Penetration Testing, DevSecOps, DDoS, HIPAA Compliance, Agile Project Management, DevOps

Platforms

Duo, Azure, Linux, Windows Server, Windows, CentOS, Windows Server 2016, WordPress, Amazon Web Services (AWS), MacOS, Zeek, Wazuh, Google Cloud Platform (GCP), CrowdStrike, Azure IaaS, Azure PaaS

Industry Expertise

Cybersecurity, Network Security

Languages

SAML, Python, PHP

Storage

Elasticsearch, WP Engine, Azure Active Directory, Microsoft Entra ID

Frameworks

React Native

Other

Security Architecture, Firewalls, Wireless, Networking, Cisco, LAN, Security, SSL Certificates, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), IDS/IPS, Vulnerability Identification, Networks, Risk Assessment, Network Engineering, Network Access Control, Identity & Access Management (IAM), Security Engineering, Security Audits, Ethical Hacking, Compliance, CCNA, CCNP, VLANs, CISSP, 802.1X, FortiGate, HSRP, OSI Model, Open Shortest Path First (OSPF), Software-defined WAN (SDWAN), WAN, Web Security, Cloud Security, Risk Management, Palo Alto Networks, Architecture, IT Security, Consulting, Cloud, Authentication, APIs, Data Protection, Single Sign-on (SSO), System Administration, SecOps, Audits, Cloudflare, Application Security, OWASP Top 10, Okta, CISO, Data Governance, Office 365, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco AnyConnect, PCI, Microsoft 365, Azure VDI, Border Gateway Protocol (BGP), ExpressRoute, Virtual Desktop Infrastructure (VDI), Development, Web Project Management, Fortinet Firewall Configuration, Checkpoints, Endpoint Security, Zero Trust, Network Segmentation, AWX, SonicWall, Security Information and Event Management (SIEM), Fortinet

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring