Hashemi Salah-Uddin, IT Systems Architecture Developer in Edinburgh, United Kingdom
Hashemi Salah-Uddin

IT Systems Architecture Developer in Edinburgh, United Kingdom

Member since September 7, 2021
Hashemi is a multi-cloud disciplined cyber security architect with 15+ years of experience improving security posture by innovating secure solutions aligned with organizational strategies. He owns cloud threat landscape deep knowledge and knows how to mitigate technical designs for Cloud IaaS, PaaS, and SaaS services harnessing DevSecOps practices. Hashemi has a record of identifying cyber threats and transforming both mindsets and business processes to accelerate public cloud adoption securely.
Hashemi is now available for hire

Portfolio

Experience

  • IT Systems Architecture 10 years
  • IT Infrastructure 7 years
  • Office 365 7 years
  • Azure 6 years
  • AWS 6 years
  • Cloud Security 5 years
  • Certified Information Systems Security Professional 4 years
  • Google Cloud Platform (GCP) 2 years

Location

Edinburgh, United Kingdom

Availability

Part-time

Preferred Environment

Google Cloud Platform (GCP), Azure, AWS

The most amazing...

...project I've implemented is a cloud security monitoring capability to the gold standard that would be expected from a client of a global bank.

Employment

  • Lead Cloud Security Architect

    2019 - PRESENT
    Deutsche Bank
    • Engaged to provide cloud security consultancy focused on establishing a secure multi-cloud adoption from a security operations perspective.
    • Reported to the director of cyber threat analytics and cloud security monitoring, defining identification and remediation processes for Azure, O365, and GCP threats and aligning with MITRE ATT&CK and CSA Cloud Control Matrix (CCM) frameworks.
    • Derived program deliverables and the workstream structure from cloud security strategy.
    • Evaluated an Azure AD solution design and provided remediation best practices against cyber threats related to Azure identity and access management (IAM) services.
    • Designed the cloud service provider agnostic security monitoring and logging strategy, roadmap, and Azure and GCP reference architectures.
    • Developed security policy as code guardrails using Terraform Sentinel and Prisma Cloud for both Azure and GCP.
    • Assessed 50+ Azure native services and 70+ GCP native services to establish encryption requirements, guardrails, and security logging, monitoring, and incident response requirements aligned with NIST and CIS Benchmarks best practices.
    • Implemented Azure Sentinel using Terraform Enterprise (TFE) to provide user and entity behavioral analytics (UEBA) and security orchestration, automation, and response (SOAR) capability while integrating with existing incident response processes.
    • Acted as a subject matter expert to define, optimize, and train the security operations center (SOC) team on security monitoring use cases for Azure and GCP.
    Technologies: Azure, Google Cloud Platform (GCP), Office 365, Terraform, Identity & Access Management (IAM)
  • Cyber Security Architect

    2018 - 2019
    The Royal Bank of Scotland
    • Engaged to provide cyber security consultancy for the strategic adoption of public cloud services, particularly AWS, Azure, and Office 365.
    • Reported to the head of security architecture, owning all O365 security-related topics.
    • Defined the penetration testing scope and end-to-end engagement of internal and third-party pen testers for mobile connectivity and cloud authentication services.
    • Evaluated security controls taxonomy to identify required software as a service (SaaS) and platform as a service (PaaS) controls based on ISF standard of good practice (SoGP) and the UK NCSC cloud security guidance for AWS and O365 services.
    • Provided risk-based evaluation of an entire suite of Microsoft cloud and on-premise security components to deliver the best value for enterprise-wide license purchasing decisions.
    • Enforced cryptography requirements for cloud and on-premise traffic in line with the security policy.
    • Defined a zero-trust Azure AD security model using privileged identity management (PIM).
    • Implemented Azure Information Protection (AIP) for GDPR-compliant classification of sensitive data with integration to existing data loss prevention (DLP) and encryption solutions.
    • Provided continuous security assurance and vulnerability assessment to enable additional functionality by DevOps engineers towards an agile project delivery.
    • Defined an O365 security logging and monitoring roadmap using Microsoft Azure services to integrate existing security tooling and security operations center (SOC) processes.
    Technologies: AWS, Azure, Office 365
  • Senior Infrastructure Designer

    2016 - 2017
    Standard Life Aberdeen
    • Engaged in delivering conceptual, logical, and physical infrastructure designs focused on advancing long-term infrastructure and cloud strategies for the operational IT business area. I reported to the senior program manager.
    • Translated customer requirements into viable public cloud (AWS and Azure), private cloud (third-party managed IaaS), and on-premise infrastructure solutions.
    • Led the implementation of the Payment Card Industry Data Security Standard (PCI-DSS) compliant cloud-based debit card payment solution.
    • Designed an enterprise-wide logging and monitoring solution using Splunk SIEM and Dynatrace following evaluation of multiple products with a primary focus on existing technology integration.
    • Owned principal approval for AWS and Azure infrastructure designs aligned to a cloud adoption strategy.
    • Acted as the key stakeholder for assuring third-party platform as a service (PaaS) and software as a service (SaaS) solution designs hosted on public cloud platforms, primarily AWS and Azure.
    • Devised an Office 365 capability-based enterprise roadmap working with Microsoft to provision Exchange, SharePoint, and Lync Online services for newly acquired business propositions.
    • Worked closely with project and delivery managers to produce an estimation of infrastructure costs and resource requirements and business case summarization to enable business case approval.
    • Acted as the key infrastructure stakeholder in currency and obsolescence (decommissioning and containment of legacy technologies and suppliers) and critical services (improving resilience) programs.
    • Led design pattern standardization, network perimeter requirements, and public cloud adoption on Azure for several new business acquisitions based on a cloud-first services principal.
    Technologies: AWS, Azure, Office 365, IT Infrastructure, IT Systems Architecture, Design, Estimations, F5 Networks
  • Lead Infrastructure Architect

    2015 - 2016
    Standard Life Aberdeen
    • Engaged to directly support business teams migrating 2,000+ servers from the on-premise data center to a hybrid private cloud/infrastructure as a service (IaaS) platform underpinned by a long-term data center exit strategy.
    • Reported to the senior portfolio delivery manager and managed the workload of a team with system analysts, business analysts, and test analysts.
    • Presented service impact implications to non-technical senior business stakeholders.
    • Liaised with a third-party networks partner (BT) to ensure design compliance and timely delivery of network changes aligned with the internal business team changes.
    • Evaluated the existing physical infrastructure to establish cost savings achievable from virtualization and successfully P2V’d all suitable infrastructure.
    • Drove decision-making within the technical direction team owning the corporate strategy.
    • Led design activities to provide solutions for storage-related migration challenges and increased resilience to the existing systems.
    Technologies: IT Infrastructure, IT Systems Architecture, Design, Estimations
  • Technology Architect — Infrastructure

    2014 - 2015
    Royal London Asset Management
    • Hired to identify appropriate, cost-effective, and robust technical solutions to support business development, such as a data center exit design delivery providing cost savings of over £3.2 million/year for mainframe, Wintel, and telephony services.
    • Designed the adoption of cloud solutions using a combination of infrastructure as a service (IaaS) on AWS and Azure, platform as a service (PaaS), and software as a service (SaaS) to securely provide dynamic service scalability and high availability.
    • Evaluated the existing services to establish cost savings achievable from virtualization and cloud.
    • Owned the design through approval, delivery, and review phases, including the oversight of subject matter expert-developed design work.
    • Defined and implemented an enterprise mobility strategy encompassing corporate and bring your own device (BYOD).
    • Led the migration of an Oracle and SQL infrastructure to a virtualized environment.
    • Chaired and participated in technical design approval groups (TDAGs).
    • Performed quality assurance (QA) of proposed designs and post-implementation reviews for infrastructure solutions.
    • Worked with the IT security team to ensure full compliance with standards and the overall security strategy.
    Technologies: IT Infrastructure, IT Systems Architecture, Design, Estimations, Oracle, Data Center Migration, F5 Networks
  • Solutions Designer | Project Technical Lead

    2012 - 2013
    The Royal Bank of Scotland
    • Worked on the Active Directory (AD) remediation project, produced the complete design, and implemented a new global AD delegation, security, and group policy (GPO) model and the corresponding role-based access control (RBAC) matrix.
    • Produced Infrastructure high-level designs (HLDs) for infrastructure solutions covering areas including options analysis, cost-benefit analysis, target operating model (TOM) design, and infrastructure cost estimates.
    • Led end-to-end design of a new Dell/Quest Change Auditor infrastructure solution to track and audit all AD data and structure changes required for regulatory purposes.
    • Analyzed the existing elevated AD privileges using advanced Microsoft Excel and Access—including an SQL Server back-end design, and database structure and SQL data analysis queries—to ensure the principal of least privilege's optimal implementation.
    • Acted as a stakeholder influence and managed third-party vendors and internal teams.
    • Managed the work stack and mentored senior technical analysts, technical analysts, business analysts, and communications analysts.
    Technologies: Active Directory Programming, Identity & Access Management (IAM), Group Policy Management, Role-based Access Control (RBAC), Design, TOM
  • Customer Solutions Architect | Technical Team Manager

    2011 - 2012
    The Royal Bank of Scotland
    • Reported directly to the Fujitsu program director, managing all client-based Fujitsu technical project resources, technical design, project delivery, and driving new business on the RBS managed service account.
    • Owned line management and workload management of technical project teams— with 32 technical team members each working on multiple projects—including the complete formation of new sub-teams as determined by project and program requirements.
    • Led a team on project work across the RBS strategic virtual desktop infrastructure (VDI) environment based on VMWare ESX infrastructure.
    • Considered to be one of the few VDI subject matter experts at RBS.
    • Produced low-level technical project designs (LLDs) for team members and RBS platform teams using industry best-practice methods in line with RBS governance, policies, and standards.
    • Produced high-level technical project designs (HLDs) and statements of works (SoWs) for project managers in order for them to prepare budgets and bids.
    • Guided project management and the delivery of multiple projects streams throughout the entire lifecycle across various RBS projects and programs, covering multiple infrastructures and delivering an average of 30 ongoing projects at once.
    • Owned stakeholder management of third-party vendors, project managers, and program managers (both business and technology) to formulate detailed project plans.
    • Spearheaded the detailed reporting of team resources, project financial forecasts, and end-of-month reconciliations to Fujitsu finance and project management office (PMO) teams.
    Technologies: Virtual Desktop Infrastructure (VDI), VMware, Active Directory Programming, Design
  • Technical Team Lead

    2009 - 2010
    The Royal Bank of Scotland
    • Delivered over 70 projects across RBS, undertaking project management and technical leadership roles on various projects.
    • Acted as a key member in the design and implementation of the VDI solution for the RBS IT systems off-shoring program.
    • Implemented and supported the new virtual desktop infrastructure (VDI) rollout of 7,800 virtual machines (VMs) using Windows XP based on a VMWare ESX and F5 Networks FirePass VPN infrastructure.
    • Owned the analysis and remediation of server, client, and application issues for the entire VDI infrastructure.
    • Led the migration from Windows Server to NetApp filer, successfully moving home and profile data for 10,000+ users.
    • Migrated business-developed databases from Microsoft Access/SQL Server to an Oracle 8i/10g infrastructure.
    • Developed bespoke Perl, VBS, VBA, and PowerShell scripts to automate bulk Active Directory activities.
    • Led Active Directory and Exchange activities across multiple domains and forests and increased the overall team efficiency by 600%.
    • Trained and mentored team members on RBS governance, policies and standards, and technical implementation methods.
    Technologies: Virtual Desktop Infrastructure (VDI), VMware, F5 Networks, Windows, NetApp, VBScript, Perl, Windows PowerShell, Data Migration, Oracle
  • Senior Technical Analyst

    2008 - 2009
    The Royal Bank of Scotland
    • Delivered over 30 projects across RBS, often in technical lead roles, displaying deep-rooted knowledge of RBS legacy infrastructure and domains and their integration with current systems.
    • Designed VBS and VBA scripts to implement and enhance the existing migration strategy and provided technical support for the migration of 6,000+ EMEA users.
    • Designed the migration strategy, management, implementation, and support of a large project, migrating 7,000+ users from a Novell NetWare infrastructure to a Windows NT/2003 infrastructure within RBS insurance.
    • Acted as the primary technical resource on implementing the new Aspect telephony products— Workforce Management, Perform (real-time adherence), and Empower—to integrate with Windows NT and Active Directory providing cost savings of over £3M/year.
    • Designed and implemented a SAS module and technical audit installation throughout the entire RBS estate providing cost savings of over £10 million during subsequent contract negotiation.
    • Provided third-line support to the back-office migration team of engineers for any escalations on the Windows NT 4.0 to Windows Vista rollout.
    • Assumed third-line Active Directory/Exchange support to engineers for the migration of 1,500+ users across several domains onto a single domain on the UK business banking rollout.
    Technologies: VBScript, Active Directory Programming, MS Exchange, Novell NetWare, SAS

Experience

  • Cloud Security Monitoring Capability

    Deutsche Bank required a security monitoring capability for cloud adoption.

    As the lead cloud security architect, I defined a cloud-agnostic cloud security logging, monitoring, and incident response long-term strategy accompanied by Azure and GCP reference architectures. I deployed both Azure and GCP infrastructure as code via Terraform for enterprise and policy compliance via Terraform Sentinel and Prisma Cloud. I also succeeded in delivering a cloud-native Azure UEBA and SOAR capability and a GCP security management platform integrated with on-premise SIEM.

  • Office 365 Security Controls Evaluation

    Deutsche Bank required to secure their Office 365 deployment to meet IS policy and regulatory requirements.

    As the lead cloud security architect, I reviewed all existing controls and defined cloud-relevant security controls. I provided expert guidance on the O365 control plane and Azure AD security configuration, conducted a risk-based analysis of phased security controls deployment, undertook post-implementation review, and provided remediation actions. I also ensured timely delivery of a secure O365 and Azure AD tenant within tight business-need driven timescales.

  • Microsoft Security Tooling Evaluation

    The Royal Bank of Scotland required to understand Microsoft security tooling requirements for cloud adoption aligned to CISO strategy.

    As a cyber security architect, I evaluated 20+ Azure security components to enable license purchasing. I gathered controls requirements from security and business teams, identified relevant security components and validated them with MS product experts, conducted multiple POCs to determine component suitability, and produced business-risk-based justifications to adopt shortlisted components. I also succeeded in obtaining a senior stakeholder agreement for procurement.

  • Logging and Performance Monitoring Capability

    Standard Life required a new strategic digital platform logging and monitoring capability.

    As a senior infrastructure designer, I deployed an enterprise-wide logging and performance monitoring framework. I evaluated SIEM and APM products for middleware system integration, designed the infrastructure HLD, implemented using a scrum agile framework, guided cybersecurity tooling integration, provisioned infrastructure to maximize DevOps continuous integration and delivery, and trained operational and development staff. I also succeeded in containing and decommissioning several non-strategic technologies.

  • Infrastructure as a Service (IaaS) Migration

    Standard Life needed to migrate 2,000+ servers from Data Centre to IaaS in tight timescales.

    As the lead infrastructure architect, I provided service assurance to senior stakeholders. I devised the migration schedule minimizing service impact, drove the technical direction team decision making, designed an unidentified systems eDiscovery toolset, and re-designed the existing infrastructure improving resilience. I successfully migrated all servers to achieve industry-leading 99.982% infrastructure availability–pivotal in the System Integration Project of Year industry award win.

  • Network IP Address Transformation

    The Royal Bank of Scotland required the migration of IP addresses for 2,500 servers and 4,000 printers.

    As a customer solutions architect, I designed an automated IP migration process to reduce engineering requirements, designed tools to migrate Windows servers and print queues using VBScript, developed a robust communication mechanism using SharePoint Services, implemented an automated change management system, and trained PMs and engineers to ensure a smooth system transition. I also succeeded in reducing on-site engineer resource requirements by 60%.

  • Enterprise Mobility Strategy

    The Royal London Group decided to exit from Blackberry while renewing their landline and mobile contracts.

    As a technology architect, I defined a viable 3-year enterprise mobility strategy. I evaluated the technical suitability of AirWatch, MobileIron, and Good for enterprise on BYOD and corporate devices, produced the infrastructure HLD, led cost-modeling production to obtain senior stakeholder buy-in, and trained the existing team to become subject matter experts. I also succeeded in delivering a stakeholder-approved strategy that provided £200,000 per year in cost savings.

  • Virtual Desktop Infrastructure (VDI) Provisioning

    The Royal Bank of Scotland required a virtual desktop infrastructure for 10,000 new offshore staff.

    As the technical team lead, I implemented the VDI solution in a compressed timeframe. I built the VDI on VMware infrastructure using App-V and XenApp virtualized apps, led a group of six to undertake all VDI project work for customized application sets, directed application troubleshooting for UAT sign-off with business users, and guided a build of 7,800 VMs with defined reusable building blocks. I also succeeded in delivering a complex offshoring program on time and within budget.

  • Technical Analyst Team Expansion

    Fujitsu required the expansion of the technical analyst team to accommodate increased project demands.

    As a customer solutions architect, I led the team's growth in a short timeframe. I identified, interviewed, and recruited key technical talent, set up three sub-teams to operate over 24-hour periods, evaluated individual technical strengths to distribute resources across 20 projects, and reinvigorated existing processes by implementing program efficiencies. I also successfully built a core team from six to 32 in under two months while increasing overall margins by 12%.

  • Active Directory Scripting

    The Royal Bank of Scotland required more efficient bulk AD user account management mechanisms.

    As the technical team lead, I scripted everyday Active Directory and Exchange activities for 32 domains covering 250,000 users. I reviewed existing manual processes to eliminate time-intensive activities, developed robust modular ETL tools using Visual Basic, advised senior support teams on obtaining tool approval, and trained BAU teams on tools usage. I also succeeded in delivering time-efficient AD management mechanisms, which improved activity timescales by 600%.

  • Data Center Migration

    The Royal London Group required a migration from an outsourced data center hosting to internal data centers.

    As a technology architect, I designed DevOps-oriented test and production environments. I analyzed existing physical estate to identify virtualization opportunities, established software-defined networking to pilot migration of Wintel, Mainframe, and Telephony platforms, devised Avaya IP telephony to replace Cisco CallManager, and designed the entire DR solution of VMWare estate within business service line RPO/RTOs. I also succeeded in delivering £3.2 million/annum savings.

  • Insurance Claims System Replacement

    The Royal Bank of Scotland required the transformation of an insurance user base from a legacy NetWare to a standardized Windows platform.

    As a customer solutions architect, I migrated users, desktops, and data to enable cost savings from the insurance CSR system. I ran an entire discovery exercise on the business app and data usage, led project estimation workshops to engage relevant technical stakeholders, designed a new Exchange infrastructure, and devised three-year SAN capacity forecasts for 8000 users. I also successfully delivered user and data migration, which enabled £30 million in savings per year.

  • Active Directory Remediation

    The Royal Bank of Scotland required the design of an AD delegation model using role-based access control.

    As the project technical lead, I produced the design and migration strategy. I designed a PCI-DSS compliant ChangeAuditor infrastructure for auditing privileged AD activities, analyzed elevated AD privileges for 32 domains using SQL database tools, produced and managed project plans using Microsoft Project, and mentored senior technical analysts on AD scripting. I also succeeded in achieving SOX compliance by reducing admin-level AD access from 1,500 to 15 users.

Skills

  • Paradigms

    Role-based Access Control (RBAC), Software-defined Networking (SDN), Agile, DevOps, Automation, ETL
  • Platforms

    Google Cloud Platform (GCP), Azure, Windows Server, Microsoft, Windows, SharePoint, Oracle
  • Storage

    Azure Active Directory, NetApp
  • Other

    AWS, Architecture, Cloud Security, Solution Architecture, Certified Information Systems Security Professional, Office 365, IT Infrastructure, IT Systems Architecture, Incident Response, IaaS, Strategy, Design, Disaster Recovery Plans (DRP), PCI DSS, Identity & Access Management (IAM), Computer Science, Networks, Engineering, Enterprise Administrator, Server Administration, Virtualization Technology, IT Project Management, Active Directory Programming, SIEM, Infrastructure as Code (IaC), Proof of Concept (POC), Virtual Desktop Infrastructure (VDI), IT Recruitment, Interviewing, Process Improvement, Data Center Migration, IP Telephony, Cloud Telephony, Estimations, Data Migration, Group Policy Management, F5 Networks, Statistics, VMware ESXi, IT Service Management (ITSM), Monitoring, Controls, eDiscovery, IT Networking, Enterprise Mobility Management (EMM), Mainframe, Avaya Software, SANs, SOX Compliance
  • Frameworks

    Windows PowerShell
  • Tools

    Terraform, Prisma, Microsoft Exchange, MS Exchange, Logging, Microsoft App-V, Citrix XenApp, VMware, Novell NetWare, Microsoft Project
  • Languages

    SQL, VBScript, TOM, Perl, SAS

Education

  • Bachelor's Degree in Computer Science
    1999 - 2003
    University of Aberdeen - Aberdeen, Scotland, UK

Certifications

  • Microsoft Certified: Azure Solutions Architect Expert
    JULY 2021 - JULY 2022
    Microsoft
  • Google Cloud Certified Professional Network Engineer
    JULY 2021 - JULY 2023
    Google Cloud
  • Google Cloud Certified Professional DevOps Engineer
    JUNE 2021 - JUNE 2023
    Google Cloud
  • Google Cloud Certified Professional Security Engineer
    JUNE 2021 - JUNE 2023
    Google Cloud
  • Google Cloud Certified Professional Cloud Architect
    JUNE 2021 - JUNE 2023
    Google Cloud
  • AWS Certified Solutions Architect — Professional
    MAY 2021 - MAY 2024
    Amazon Web Services
  • Microsoft Certified: Azure Security Engineer Associate
    JULY 2019 - JULY 2022
    Microsoft
  • Certified Information Systems Security Professional (CISSP)
    JANUARY 2019 - PRESENT
    (ISC)2
  • AWS Certified Security — Specialty
    JUNE 2018 - JUNE 2024
    Amazon Web Services
  • AWS Certified Solutions Architect — Associate
    MAY 2018 - MAY 2024
    Amazon Web Services
  • MCITP: Enterprise Administrator Windows Server
    MARCH 2012 - PRESENT
    Microsoft
  • MCITP: Server Administrator on Windows Server
    DECEMBER 2011 - PRESENT
    Microsoft
  • MCSE: Microsoft Windows Server
    SEPTEMBER 2010 - PRESENT
    Microsoft
  • MCITP: Virtualization Admin Windows Server
    SEPTEMBER 2010 - PRESENT
    Microsoft
  • VMware Certified Professional
    SEPTEMBER 2010 - PRESENT
    VMware
  • ITIL Foundation
    MAY 2010 - PRESENT
    AXELOS
  • PRINCE2 Practitioner
    APRIL 2010 - PRESENT
    AXELOS

To view more profiles

Join Toptal
Share it with others