Hashemi Salah-Uddin, Developer in Edinburgh, United Kingdom
Hashemi is available for hire
Hire Hashemi

Hashemi Salah-Uddin

Verified Expert  in Engineering

IT Systems Architecture Developer

Edinburgh, United Kingdom
Toptal Member Since
October 12, 2021

Hashemi is a multi-cloud disciplined cyber security architect with 15+ years of experience improving security posture by innovating secure solutions aligned with organizational strategies. He owns cloud threat landscape deep knowledge and knows how to mitigate technical designs for Cloud IaaS, PaaS, and SaaS services harnessing DevSecOps practices. Hashemi has a record of identifying cyber threats and transforming both mindsets and business processes to accelerate public cloud adoption securely.


Azure, Amazon Web Services (AWS), Google Cloud, Cloud Security, Cybersecurity...
Deutsche Bank
Azure, Google Cloud Platform (GCP), Office 365, Terraform...
The Royal Bank of Scotland
Amazon Web Services (AWS), Azure, Office 365, SIEM, IT Security, Cybersecurity...




Preferred Environment

Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS)

The most amazing...

...project I've implemented is a cloud security monitoring capability to the gold standard that would be expected from a client of a global bank.

Work Experience

Lead Cloud Security Architect

2021 - PRESENT
  • Led the cloud security strategy formulation for the Cloud Acceleration Program and established organization-wide cloud security standards for a new cloud hub function.
  • Authored multi-cloud security designs that included Azure, AWS, and GCP and a solution alignment with cloud provider security best practices and reported to the head of cloud architecture.
  • Evaluated a security charter and internal IT controls to establish baseline cloud environment policies aligned to Center for Internet Security (CIS) Benchmarks and NIST SP 800-53/171.
  • Implemented a repeatable approach for cloud-native CSPM capabilities, i.e., Microsoft Defender for Cloud, AWS Security Hub, and Google Security Command Center across multiple operating companies, adhering to the cloud provider's best practices.
Technologies: Azure, Amazon Web Services (AWS), Google Cloud, Cloud Security, Cybersecurity, IT Security, Security Architecture, Cloud Architecture

Lead Cloud Security Architect

2019 - 2021
Deutsche Bank
  • Provided cloud security consultancy focused on establishing a secure multi-cloud adoption from a security operation perspective.
  • Reported to a director of cyber threat analytics and cloud security monitoring, defined identification and remediation processes for Azure, Microsoft 365, and GCP threats, and aligned them with MITRE ATT&CK and CSA Cloud Control Matrix frameworks.
  • Derived program deliverables and a workstream structure from the cloud security strategy.
  • Evaluated an Azure AD solution design and provided remediation best practices against cyber threats related to Azure identity and access management (IAM) services.
  • Designed a cloud service provider agnostic security monitoring and logging strategy, roadmap, and Azure and GCP reference architectures.
  • Developed a security policy as code guardrails using Terraform Sentinel and Prisma Cloud for Azure and GCP.
  • Assessed 50+ Azure native services and 70+ GCP native services to establish encryption requirements, guardrails, and security logging, monitoring, and incident response requirements aligned with NIST and CIS Benchmarks best practices.
  • Implemented Azure Sentinel using Terraform Enterprise (TFE) to provide user and entity behavioral analytics (UEBA) and security orchestration, automation, and response (SOAR) capability while integrating with existing incident response processes.
  • Acted as a subject matter expert to define, optimize, and train the security operations center (SOC) team on security monitoring use cases for Azure and GCP.
Technologies: Azure, Google Cloud Platform (GCP), Office 365, Terraform, Identity & Access Management (IAM), SIEM, IT Security, Cybersecurity, Security Architecture, Cloud Architecture, Microsoft 365

Cyber Security Architect

2018 - 2019
The Royal Bank of Scotland
  • Engaged to provide cyber security consultancy for the strategic adoption of public cloud services, particularly AWS, Azure, and Office 365.
  • Reported to the head of security architecture, owning all O365 security-related topics.
  • Defined the penetration testing scope and end-to-end engagement of internal and third-party pen testers for mobile connectivity and cloud authentication services.
  • Evaluated security controls taxonomy to identify required software as a service (SaaS) and platform as a service (PaaS) controls based on ISF standard of good practice (SoGP) and the UK NCSC cloud security guidance for AWS and O365 services.
  • Provided risk-based evaluation of an entire suite of Microsoft cloud and on-premise security components to deliver the best value for enterprise-wide license purchasing decisions.
  • Enforced cryptography requirements for cloud and on-premise traffic in line with the security policy.
  • Defined a zero-trust Azure AD security model using privileged identity management (PIM).
  • Implemented Azure Information Protection (AIP) for GDPR-compliant classification of sensitive data with integration to existing data loss prevention (DLP) and encryption solutions.
  • Provided continuous security assurance and vulnerability assessment to enable additional functionality by DevOps engineers towards an agile project delivery.
  • Defined an O365 security logging and monitoring roadmap using Microsoft Azure services to integrate existing security tooling and security operations center (SOC) processes.
Technologies: Amazon Web Services (AWS), Azure, Office 365, SIEM, IT Security, Cybersecurity, Security Architecture, Cloud Architecture, Microsoft 365

Senior Infrastructure Designer

2016 - 2017
Standard Life Aberdeen
  • Engaged in delivering conceptual, logical, and physical infrastructure designs focused on advancing long-term infrastructure and cloud strategies for the operational IT business area. I reported to the senior program manager.
  • Translated customer requirements into viable public cloud (AWS and Azure), private cloud (third-party managed IaaS), and on-premise infrastructure solutions.
  • Led the implementation of the Payment Card Industry Data Security Standard (PCI-DSS) compliant cloud-based debit card payment solution.
  • Designed an enterprise-wide logging and monitoring solution using Splunk SIEM and Dynatrace following evaluation of multiple products with a primary focus on existing technology integration.
  • Owned principal approval for AWS and Azure infrastructure designs aligned to a cloud adoption strategy.
  • Acted as the key stakeholder for assuring third-party platform as a service (PaaS) and software as a service (SaaS) solution designs hosted on public cloud platforms, primarily AWS and Azure.
  • Devised an Office 365 capability-based enterprise roadmap working with Microsoft to provision Exchange, SharePoint, and Lync Online services for newly acquired business propositions.
  • Worked closely with project and delivery managers to produce an estimation of infrastructure costs and resource requirements and business case summarization to enable business case approval.
  • Acted as the key infrastructure stakeholder in currency and obsolescence (decommissioning and containment of legacy technologies and suppliers) and critical services (improving resilience) programs.
  • Led design pattern standardization, network perimeter requirements, and public cloud adoption on Azure for several new business acquisitions based on a cloud-first services principal.
Technologies: Amazon Web Services (AWS), Azure, Office 365, IT Infrastructure, IT Systems Architecture, Design, Estimations, F5 Networks, Cloud Architecture

Lead Infrastructure Architect

2015 - 2016
Standard Life Aberdeen
  • Engaged to directly support business teams migrating 2,000+ servers from the on-premise data center to a hybrid private cloud/infrastructure as a service (IaaS) platform underpinned by a long-term data center exit strategy.
  • Reported to the senior portfolio delivery manager and managed the workload of a team with system analysts, business analysts, and test analysts.
  • Presented service impact implications to non-technical senior business stakeholders.
  • Liaised with a third-party networks partner (BT) to ensure design compliance and timely delivery of network changes aligned with the internal business team changes.
  • Evaluated the existing physical infrastructure to establish cost savings achievable from virtualization and successfully P2V’d all suitable infrastructure.
  • Drove decision-making within the technical direction team owning the corporate strategy.
  • Led design activities to provide solutions for storage-related migration challenges and increased resilience to the existing systems.
Technologies: IT Infrastructure, IT Systems Architecture, Design, Estimations, Cloud Architecture

Technology Architect — Infrastructure

2014 - 2015
Royal London Asset Management
  • Hired to identify appropriate, cost-effective, and robust technical solutions to support business development, such as a data center exit design delivery providing cost savings of over £3.2 million/year for mainframe, Wintel, and telephony services.
  • Designed the adoption of cloud solutions using a combination of infrastructure as a service (IaaS) on AWS and Azure, platform as a service (PaaS), and software as a service (SaaS) to securely provide dynamic service scalability and high availability.
  • Evaluated the existing services to establish cost savings achievable from virtualization and cloud.
  • Owned the design through approval, delivery, and review phases, including the oversight of subject matter expert-developed design work.
  • Defined and implemented an enterprise mobility strategy encompassing corporate and bring your own device (BYOD).
  • Led the migration of an Oracle and SQL infrastructure to a virtualized environment.
  • Chaired and participated in technical design approval groups (TDAGs).
  • Performed quality assurance (QA) of proposed designs and post-implementation reviews for infrastructure solutions.
  • Worked with the IT security team to ensure full compliance with standards and the overall security strategy.
Technologies: IT Infrastructure, IT Systems Architecture, Design, Estimations, Oracle, Data Center Migration, F5 Networks, Cloud Architecture

Solutions Designer | Project Technical Lead

2012 - 2013
The Royal Bank of Scotland
  • Worked on the Active Directory (AD) remediation project, produced the complete design, and implemented a new global AD delegation, security, and group policy (GPO) model and the corresponding role-based access control (RBAC) matrix.
  • Produced Infrastructure high-level designs (HLDs) for infrastructure solutions covering areas including options analysis, cost-benefit analysis, target operating model (TOM) design, and infrastructure cost estimates.
  • Led end-to-end design of a new Dell/Quest Change Auditor infrastructure solution to track and audit all AD data and structure changes required for regulatory purposes.
  • Analyzed the existing elevated AD privileges using advanced Microsoft Excel and Access—including an SQL Server back-end design, and database structure and SQL data analysis queries—to ensure the principal of least privilege's optimal implementation.
  • Acted as a stakeholder influence and managed third-party vendors and internal teams.
  • Managed the work stack and mentored senior technical analysts, technical analysts, business analysts, and communications analysts.
Technologies: Active Directory Programming, Identity & Access Management (IAM), Group Policy Management, Role-based Access Control (RBAC), Design, TOM

Customer Solutions Architect | Technical Team Manager

2011 - 2012
The Royal Bank of Scotland
  • Reported directly to the Fujitsu program director, managing all client-based Fujitsu technical project resources, technical design, project delivery, and driving new business on the RBS managed service account.
  • Owned line management and workload management of technical project teams— with 32 technical team members each working on multiple projects—including the complete formation of new sub-teams as determined by project and program requirements.
  • Led a team on project work across the RBS strategic virtual desktop infrastructure (VDI) environment based on VMWare ESX infrastructure.
  • Considered to be one of the few VDI subject matter experts at RBS.
  • Produced low-level technical project designs (LLDs) for team members and RBS platform teams using industry best-practice methods in line with RBS governance, policies, and standards.
  • Produced high-level technical project designs (HLDs) and statements of works (SoWs) for project managers in order for them to prepare budgets and bids.
  • Guided project management and the delivery of multiple projects streams throughout the entire lifecycle across various RBS projects and programs, covering multiple infrastructures and delivering an average of 30 ongoing projects at once.
  • Owned stakeholder management of third-party vendors, project managers, and program managers (both business and technology) to formulate detailed project plans.
  • Spearheaded the detailed reporting of team resources, project financial forecasts, and end-of-month reconciliations to Fujitsu finance and project management office (PMO) teams.
Technologies: Virtual Desktop Infrastructure (VDI), VMware, Active Directory Programming, Design

Technical Team Lead

2009 - 2010
The Royal Bank of Scotland
  • Delivered over 70 projects across RBS, undertaking project management and technical leadership roles on various projects.
  • Acted as a key member in the design and implementation of the VDI solution for the RBS IT systems off-shoring program.
  • Implemented and supported the new virtual desktop infrastructure (VDI) rollout of 7,800 virtual machines (VMs) using Windows XP based on a VMWare ESX and F5 Networks FirePass VPN infrastructure.
  • Owned the analysis and remediation of server, client, and application issues for the entire VDI infrastructure.
  • Led the migration from Windows Server to NetApp filer, successfully moving home and profile data for 10,000+ users.
  • Migrated business-developed databases from Microsoft Access/SQL Server to an Oracle 8i/10g infrastructure.
  • Developed bespoke Perl, VBS, VBA, and PowerShell scripts to automate bulk Active Directory activities.
  • Led Active Directory and Exchange activities across multiple domains and forests and increased the overall team efficiency by 600%.
  • Trained and mentored team members on RBS governance, policies and standards, and technical implementation methods.
Technologies: Virtual Desktop Infrastructure (VDI), VMware, F5 Networks, Windows, NetApp, VBScript, Perl, Windows PowerShell, Data Migration, Oracle

Senior Technical Analyst

2008 - 2009
The Royal Bank of Scotland
  • Delivered over 30 projects across RBS, often in technical lead roles, displaying deep-rooted knowledge of RBS legacy infrastructure and domains and their integration with current systems.
  • Designed VBS and VBA scripts to implement and enhance the existing migration strategy and provided technical support for the migration of 6,000+ EMEA users.
  • Designed the migration strategy, management, implementation, and support of a large project, migrating 7,000+ users from a Novell NetWare infrastructure to a Windows NT/2003 infrastructure within RBS insurance.
  • Acted as the primary technical resource on implementing the new Aspect telephony products— Workforce Management, Perform (real-time adherence), and Empower—to integrate with Windows NT and Active Directory providing cost savings of over £3M/year.
  • Designed and implemented a SAS module and technical audit installation throughout the entire RBS estate providing cost savings of over £10 million during subsequent contract negotiation.
  • Provided third-line support to the back-office migration team of engineers for any escalations on the Windows NT 4.0 to Windows Vista rollout.
  • Assumed third-line Active Directory/Exchange support to engineers for the migration of 1,500+ users across several domains onto a single domain on the UK business banking rollout.
Technologies: VBScript, Active Directory Programming, MS Exchange, Novell NetWare, SAS

Azure Landing Zone Design

WPP required a new landing zone design for strategic Azure adoption.

As the lead cloud security architect, I ensured technical design alignment with organizational security standards, strategy, and MS best practices. I identified required IT policies and controls, defined secure-by-design DevSecOps requirements, aligned design decisions to the security strategy, devised cloud-first solutions to address security risks, and provided engineering guidance for security components. Also, I succeeded in delivering a productionized landing zone using infrastructure as code (IaC) within eight months.

Secure Finance Application Deployment

WPP required an expedited secure cloud-hosted deployment of a critical finance application for 4,000+ users.

As the lead cloud security architect, I deployed isolated application architecture incorporating Azure Virtual Desktop. Also, I ensured adherence to regulatory controls, deployed the least-privilege RBAC model, implemented segmented network design, integrated 50+ Okta Identity Provider sources with Active Directory Domain Services (AD DS) and Azure AD cloud sync, and initiated an external pen test with no significant findings.

The project was successfully delivered within eight weeks from inception to go live.

Cloud Security Monitoring Capability

Deutsche Bank required a security monitoring capability for cloud adoption.

As the lead cloud security architect, I defined a cloud-agnostic cloud security logging, monitoring, and incident response long-term strategy accompanied by Azure and GCP reference architectures. I deployed both Azure and GCP infrastructure as code via Terraform for enterprise and policy compliance via Terraform Sentinel and Prisma Cloud. I also succeeded in delivering a cloud-native Azure UEBA and SOAR capability and a GCP security management platform integrated with on-premise SIEM.

Microsoft Office 365 Security Controls Evaluation

Deutsche Bank wanted to secure its Microsoft Office 365 deployment to meet IS policy and regulatory requirements.

As the lead cloud security architect, I reviewed all existing controls and defined cloud-relevant security controls. I provided expert guidance on the Microsoft Office 365 control plane and Azure AD security configuration, conducted a risk-based analysis of phased security controls deployment, undertook a post-implementation review, and provided remediation actions. Also, I ensured timely delivery of a secure Microsoft Office 365 and Azure AD tenant within tight business-need-driven timescales.

Microsoft Security Tooling Evaluation

The Royal Bank of Scotland wanted to understand Microsoft security tooling requirements for cloud adoption aligned to a CISO strategy.

As a cyber security architect, I evaluated 20+ Azure security components to enable license purchasing. I gathered control requirements from security and business teams, identified relevant security components and validated them with MS product experts, conducted multiple POCs to determine component suitability, and produced business-risk-based justifications to adopt shortlisted components. I also succeeded in obtaining a senior stakeholder agreement for procurement.

Logging and Performance Monitoring Capability

Standard Life required a new strategic digital platform logging and monitoring capability.

As a senior infrastructure designer, I deployed an enterprise-wide logging and performance monitoring framework. I evaluated SIEM and APM products for middleware system integration, designed the infrastructure HLD, implemented using the Agile Scrum framework, guided cybersecurity tooling integration, provisioned infrastructure to maximize DevOps continuous integration and delivery, and trained operational and development staff. I also succeeded in containing and decommissioning several non-strategic technologies.

Infrastructure as a Service (IaaS) Migration

Standard Life needed to migrate 2,000+ servers from a data center to IaaS in tight timescales.

As the lead infrastructure architect, I provided service assurance to senior stakeholders. I devised the migration schedule minimizing service impact, drove the technical direction team's decision-making, designed an unidentified systems eDiscovery toolset, and re-designed the existing infrastructure improving resilience. I successfully migrated all servers to achieve industry-leading 99.982% infrastructure availability – pivotal in the System Integration Project of the Year industry award win.

Network IP Address Transformation

The Royal Bank of Scotland required the migration of IP addresses for 2,500 servers and 4,000 printers.

As a customer solutions architect, I designed an automated IP migration process to reduce engineering requirements, designed tools to migrate Windows servers and print queues using VBScript, developed a robust communication mechanism using SharePoint Services, implemented an automated change management system, and trained PMs and engineers to ensure a smooth system transition. I also succeeded in reducing on-site engineer resource requirements by 60%.

Enterprise Mobility Strategy

The Royal London Group decided to exit from Blackberry while renewing their landline and mobile contracts.

As a technology architect, I defined a viable 3-year enterprise mobility strategy. I evaluated the technical suitability of AirWatch, MobileIron, and Good for enterprise on BYOD and corporate devices, produced the infrastructure HLD, led cost-modeling production to obtain senior stakeholder buy-in, and trained the existing team to become subject matter experts. I also succeeded in delivering a stakeholder-approved strategy that provided £200,000 per year in cost savings.

Virtual Desktop Infrastructure (VDI) Provisioning

The Royal Bank of Scotland required a virtual desktop infrastructure for 10,000 new offshore staff.

As the technical team lead, I implemented the VDI solution in a compressed timeframe. I built the VDI on VMware infrastructure using App-V and XenApp virtualized apps, led a group of six to undertake all VDI project work for customized application sets, directed application troubleshooting for UAT sign-off with business users, and guided a build of 7,800 VMs with defined reusable building blocks. I also succeeded in delivering a complex offshoring program on time and within budget.

Technical Analyst Team Expansion

Fujitsu required the expansion of the technical analyst team to accommodate increased project demands.

As a customer solutions architect, I led the team's growth in a short timeframe. I identified, interviewed, and recruited key technical talent, set up three sub-teams to operate over 24-hour periods, evaluated individual technical strengths to distribute resources across 20 projects, and reinvigorated existing processes by implementing program efficiencies. I also successfully built a core team from six to 32 in under two months while increasing overall margins by 12%.

Active Directory Scripting

The Royal Bank of Scotland required more efficient bulk AD user account management mechanisms.

As the technical team lead, I scripted everyday Active Directory and Exchange activities for 32 domains covering 250,000 users. I reviewed existing manual processes to eliminate time-intensive activities, developed robust modular ETL tools using Visual Basic, advised senior support teams on obtaining tool approval, and trained BAU teams on tools usage. I also succeeded in delivering time-efficient AD management mechanisms, which improved activity timescales by 600%.

Data Center Migration

The Royal London Group required a migration from an outsourced data center hosting to internal data centers.

As a technology architect, I designed DevOps-oriented test and production environments. I analyzed the existing physical estate to identify virtualization opportunities, established software-defined networking to pilot migration of Wintel, mainframe, and telephony platforms, devised Avaya IP telephony to replace Cisco CallManager, and designed the entire DR solution of VMWare estate within business service line RPO/RTOs. I also succeeded in delivering £3.2 million per annum in savings.

Insurance Claims System Replacement

The Royal Bank of Scotland required the transformation of an insurance user base from a legacy NetWare to a standardized Windows platform.

As a customer solutions architect, I migrated users, desktops, and data to enable cost savings from the insurance CSR system. I ran an entire discovery exercise on the business app and data usage, led project estimation workshops to engage relevant technical stakeholders, designed a new exchange infrastructure, and devised three-year SAN capacity forecasts for 8,000 users. I also successfully delivered user and data migration, which enabled £30 million in yearly savings.

Active Directory Remediation

The Royal Bank of Scotland wanted the design of an AD delegation model using role-based access control.

As the project technical lead, I produced the design and migration strategy. I designed a PCI-DSS-compliant ChangeAuditor infrastructure for auditing privileged AD activities, analyzed elevated AD privileges for 32 domains using SQL database tools, produced and managed project plans using Microsoft Project, and mentored senior technical analysts on AD scripting. I also succeeded in achieving SOX compliance by reducing admin-level AD access from 1,500 to 15 users.
1999 - 2003

Bachelor's Degree in Computer Science

University of Aberdeen - Aberdeen, Scotland, UK


Microsoft Certified: Cybersecurity Architect Expert


JULY 2021 - JULY 2023

Microsoft Azure Solutions Architect Expert


JULY 2021 - JULY 2023

GCP Professional Cloud DevOps Engineer

Google Cloud

JUNE 2021 - JUNE 2023

GCP Professional Network Engineer

Google Cloud

JUNE 2021 - JUNE 2023

GCP Professional Cloud Security Engineer

Google Cloud

JUNE 2021 - JUNE 2023

GCP Professional Cloud Architect


MAY 2021 - MAY 2024

AWS Certified Solutions Architect Professional

Amazon Web Services Training and Certification

JULY 2019 - JULY 2024

Microsoft Azure Security Engineer Associate



Certified Information Systems Security Professional (CISSP)


JUNE 2018 - JUNE 2024

AWS Certified Security — Specialty

Amazon Web Services

MAY 2018 - MAY 2024

AWS Certified Solutions Architect Associate



MCITP: Enterprise Administrator Windows Server



MCITP: Server Administrator on Windows Server



MCSE: Microsoft Windows Server



MCITP: Virtualization Admin Windows Server



VMware Certified Professional



ITIL Foundation



PRINCE2 Practitioner



Terraform, Prisma, Microsoft Exchange, MS Exchange, Logging, Microsoft App-V, Citrix XenApp, VMware, Novell NetWare, Microsoft Project


Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS), Windows Server, Microsoft, Windows, SharePoint, Oracle, Windows Vista


Role-based Access Control (RBAC), Software-defined Networking (SDN), DevSecOps, Penetration Testing, Agile, DevOps, Automation, ETL

Industry Expertise



Azure Active Directory, Google Cloud, NetApp


SQL, VBScript, TOM, Perl, SAS


Windows PowerShell


Architecture, Cloud Security, Solution Architecture, Certified Information Systems Security Professional, Office 365, IT Infrastructure, IT Systems Architecture, Incident Response, IaaS, Strategy, Design, Disaster Recovery Plans (DRP), PCI DSS, Identity & Access Management (IAM), IT Security, Security Architecture, Cloud Architecture, Microsoft 365, Computer Science, Networks, Engineering, Enterprise, Server Administration, Virtualization Technology, IT Project Management, Active Directory Programming, SIEM, Infrastructure as Code (IaC), Proof of Concept (POC), Virtual Desktop Infrastructure (VDI), IT Recruitment, Interviewing, Process Improvement, Data Center Migration, IP Telephony, Cloud Telephony, Estimations, Data Migration, Group Policy Management, F5 Networks, Azure VDI, Statistics, VMware ESXi, IT Service Management (ITSM), Monitoring, Controls, eDiscovery, IT Networking, Enterprise Mobility Management (EMM), Mainframe, Avaya Software, SANs, SOX Compliance, Okta

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.


Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring