Hashemi Salah-Uddin

WPP required a new landing zone design for strategic Azure adoption.

As the lead cloud security architect, I ensured technical design alignment with organizational security standards, strategy, and MS best practices. I identified required IT policies and controls, defined secure-by-design DevSecOps requirements, aligned design decisions to the security strategy, devised cloud-first solutions to address security risks, and provided engineering guidance for security components. Also, I succeeded in delivering a productionized landing zone using infrastructure as code (IaC) within eight months.

WPP required an expedited secure cloud-hosted deployment of a critical finance application for 4,000+ users.

As the lead cloud security architect, I deployed isolated application architecture incorporating Azure Virtual Desktop. Also, I ensured adherence to regulatory controls, deployed the least-privilege RBAC model, implemented segmented network design, integrated 50+ Okta Identity Provider sources with Active Directory Domain Services (AD DS) and Azure AD cloud sync, and initiated an external pen test with no significant findings.

The project was successfully delivered within eight weeks from inception to go live.

Deutsche Bank required a security monitoring capability for cloud adoption.

As the lead cloud security architect, I defined a cloud-agnostic cloud security logging, monitoring, and incident response long-term strategy accompanied by Azure and GCP reference architectures. I deployed both Azure and GCP infrastructure as code via Terraform for enterprise and policy compliance via Terraform Sentinel and Prisma Cloud. I also succeeded in delivering a cloud-native Azure UEBA and SOAR capability and a GCP security management platform integrated with on-premise SIEM.

Deutsche Bank wanted to secure its Microsoft Office 365 deployment to meet IS policy and regulatory requirements.

As the lead cloud security architect, I reviewed all existing controls and defined cloud-relevant security controls. I provided expert guidance on the Microsoft Office 365 control plane and Azure AD security configuration, conducted a risk-based analysis of phased security controls deployment, undertook a post-implementation review, and provided remediation actions. Also, I ensured timely delivery of a secure Microsoft Office 365 and Azure AD tenant within tight business-need-driven timescales.

The Royal Bank of Scotland wanted to understand Microsoft security tooling requirements for cloud adoption aligned to a CISO strategy.

As a cyber security architect, I evaluated 20+ Azure security components to enable license purchasing. I gathered control requirements from security and business teams, identified relevant security components and validated them with MS product experts, conducted multiple POCs to determine component suitability, and produced business-risk-based justifications to adopt shortlisted components. I also succeeded in obtaining a senior stakeholder agreement for procurement.

Standard Life required a new strategic digital platform logging and monitoring capability.

As a senior infrastructure designer, I deployed an enterprise-wide logging and performance monitoring framework. I evaluated SIEM and APM products for middleware system integration, designed the infrastructure HLD, implemented using the Agile Scrum framework, guided cybersecurity tooling integration, provisioned infrastructure to maximize DevOps continuous integration and delivery, and trained operational and development staff. I also succeeded in containing and decommissioning several non-strategic technologies.

Standard Life needed to migrate 2,000+ servers from a data center to IaaS in tight timescales.

As the lead infrastructure architect, I provided service assurance to senior stakeholders. I devised the migration schedule minimizing service impact, drove the technical direction team's decision-making, designed an unidentified systems eDiscovery toolset, and re-designed the existing infrastructure improving resilience. I successfully migrated all servers to achieve industry-leading 99.982% infrastructure availability – pivotal in the System Integration Project of the Year industry award win.

The Royal Bank of Scotland required the migration of IP addresses for 2,500 servers and 4,000 printers.

As a customer solutions architect, I designed an automated IP migration process to reduce engineering requirements, designed tools to migrate Windows servers and print queues using VBScript, developed a robust communication mechanism using SharePoint Services, implemented an automated change management system, and trained PMs and engineers to ensure a smooth system transition. I also succeeded in reducing on-site engineer resource requirements by 60%.

The Royal London Group decided to exit from Blackberry while renewing their landline and mobile contracts.

As a technology architect, I defined a viable 3-year enterprise mobility strategy. I evaluated the technical suitability of AirWatch, MobileIron, and Good for enterprise on BYOD and corporate devices, produced the infrastructure HLD, led cost-modeling production to obtain senior stakeholder buy-in, and trained the existing team to become subject matter experts. I also succeeded in delivering a stakeholder-approved strategy that provided £200,000 per year in cost savings.

The Royal Bank of Scotland required a virtual desktop infrastructure for 10,000 new offshore staff.

As the technical team lead, I implemented the VDI solution in a compressed timeframe. I built the VDI on VMware infrastructure using App-V and XenApp virtualized apps, led a group of six to undertake all VDI project work for customized application sets, directed application troubleshooting for UAT sign-off with business users, and guided a build of 7,800 VMs with defined reusable building blocks. I also succeeded in delivering a complex offshoring program on time and within budget.

Fujitsu required the expansion of the technical analyst team to accommodate increased project demands.

As a customer solutions architect, I led the team's growth in a short timeframe. I identified, interviewed, and recruited key technical talent, set up three sub-teams to operate over 24-hour periods, evaluated individual technical strengths to distribute resources across 20 projects, and reinvigorated existing processes by implementing program efficiencies. I also successfully built a core team from six to 32 in under two months while increasing overall margins by 12%.

The Royal Bank of Scotland required more efficient bulk AD user account management mechanisms.

As the technical team lead, I scripted everyday Active Directory and Exchange activities for 32 domains covering 250,000 users. I reviewed existing manual processes to eliminate time-intensive activities, developed robust modular ETL tools using Visual Basic, advised senior support teams on obtaining tool approval, and trained BAU teams on tools usage. I also succeeded in delivering time-efficient AD management mechanisms, which improved activity timescales by 600%.

The Royal London Group required a migration from an outsourced data center hosting to internal data centers.

As a technology architect, I designed DevOps-oriented test and production environments. I analyzed the existing physical estate to identify virtualization opportunities, established software-defined networking to pilot migration of Wintel, mainframe, and telephony platforms, devised Avaya IP telephony to replace Cisco CallManager, and designed the entire DR solution of VMWare estate within business service line RPO/RTOs. I also succeeded in delivering £3.2 million per annum in savings.

The Royal Bank of Scotland required the transformation of an insurance user base from a legacy NetWare to a standardized Windows platform.

As a customer solutions architect, I migrated users, desktops, and data to enable cost savings from the insurance CSR system. I ran an entire discovery exercise on the business app and data usage, led project estimation workshops to engage relevant technical stakeholders, designed a new exchange infrastructure, and devised three-year SAN capacity forecasts for 8,000 users. I also successfully delivered user and data migration, which enabled £30 million in yearly savings.

The Royal Bank of Scotland wanted the design of an AD delegation model using role-based access control.

As the project technical lead, I produced the design and migration strategy. I designed a PCI-DSS-compliant ChangeAuditor infrastructure for auditing privileged AD activities, analyzed elevated AD privileges for 32 domains using SQL database tools, produced and managed project plans using Microsoft Project, and mentored senior technical analysts on AD scripting. I also succeeded in achieving SOX compliance by reducing admin-level AD access from 1,500 to 15 users.