Verified Expert in Engineering
Security Architect and Developer
Montasir is an InfoSec leader with 20+ years of experience managing cybersecurity and enterprise architecture. He has designed and enforced security solutions for complex IT systems, including creating five-year security technical architecture roadmaps. With solid technical expertise and a profound grasp of industry best practices, Montasir develops and executes cybersecurity strategies that effectively mitigate risks, protect sensitive data, and ensure compliance with regulatory requirements.
The most amazing...
...process I've designed included a cybersecurity risk assessment questionnaire with ServiceNow change management, improving the SSDLC method for iHeartMedia.
Director | Senior Principal Security Architect
- Developed cybersecurity capability and maturity across the organization based on the NIST Cybersecurity Framework. Identified and prioritized gaps based on cybersecurity needs and provided mitigation guidelines and processes.
- Built and maintained an enterprise security architecture process, enabling the enterprise to develop and implement security solutions and capabilities aligned with business, technology, and threat drivers.
- Constructed enterprise security strategy plans and roadmaps based on sound enterprise architecture practices.
- Produced and maintained security architecture artifacts, such as models, templates, standards, and procedures, to leverage security capabilities in projects and operations.
- Tracked internal and external developments and changes in digital business and threat environments to ensure they were adequately addressed in security strategy plans and architecture artifacts.
- Collaborated with the CISO, CTO, and tech teams to develop and validate business solutions, IT infrastructure, and multi-cloud, and other reference architectures for security best practices. Recommended changes to enhance security and reduce risks.
- Reviewed security technologies, tools, and services and provided recommendations to the broader security and technology teams for their use based on security, financial, and operational metrics.
- Provided solutions to integrate cloud infrastructure and align with industry best practice security controls. Developed AWS and Azure cloud architecture based on reference models to implement security solutions in the cloud.
- Created 5-year security technology architecture roadmaps, reference and target architecture, design principles, best practices, patterns, and standards. Oversaw adherence to defined enterprise security architecture principles and standards.
- Worked with the application security team to develop a recurring penetration testing and secure system/software development lifecycle (SSDLC).
Project Director | Senior Principal Security Architect
- Led a cybersecurity team, managed various projects, and facilitated services through all project lifecycle phases.
- Implemented and maintained security solutions, such as firewalls, intrusion detection and prevention systems, antivirus software, and encryption technologies.
- Conducted risk assessments and vulnerability testing to identify security weaknesses in systems, networks, and applications.
- Developed and implemented security policies, standards, and procedures that meet industry best practices and regulatory requirements.
- Built the event collector and processor's complete architecture for Cyberwatch, an IBM QRadar-based SIEM.
- Architected the complete security design for the Broadcom Sterling and San Jose data center using the Palo Alto PA-3250 and PA-5560 firewalls.
- Created Kubernetes policies to secure the underlying infrastructure platform, hosts, and individual applications within the cluster.
- Trained and educated employees on security best practices, policies, and procedures.
Senior Information Security Lead
- Assisted in leading the InfoSec team in designing and implementing security solutions to ensure appropriate guidelines, policies, and procedures are in place to adequately address threats and vulnerabilities.
- Partnered with technology and business teams as a security expert and trusted advisor in providing security designs, requirements, risk monitoring, and mitigation guidance in alignment with industry best practices and regulatory requirements.
- Evaluated networks and systems to identify, report on, and guide the remediation of security gaps.
- Responded to InfoSec threats, ensuring that Choice's information assets remained secure, and performed incident response activities as necessary.
- Managed and performed product and service evaluations, recommendations, and implementations for InfoSec that support strategic operational needs and security requirements.
- Trained other team members on new security solutions and transitioned ownership upon successful implementation.
- Assessed the environment continuously to ensure compliance with external regulations and Choice Hotels InfoSec policies and standards.
- Helped the director with security strategy development and risk prioritization.
Principal Network Security Architect
- Designed and implemented ThreatConnect, Palo Alto virtual wire firewalls, Imperva Web Application Firewall, and Forescout CounterACT network access control.
- Implemented IXIA out-of-band packet broker, UDP Director, FireMon, Attivo deception technology, Forcepoint proxy, Tanium, and Tenable.
- Established security standards for new environments and implementations.
- Set up controls and compliance zones for Payment Card Industry Data Security Standard (PCI-DSS), HIPAA, and ISO 27001 in FireMon and automated the reporting for non-compliance.
- Worked on the SolarWinds redesign and architecture. Set up and configured SolarWinds modules.
- Performed the PCI and Identity Services Engine network segment design and firewall migration.
Senior Network Engineer
Computer Sciences Corporation
- Developed and oversaw the IT vulnerability management model for VISA, which included determining the scope, identifying various sources, handling remediation, and planning.
- Enforced rules and signatures for McAfee Intrushield intrusion detection and prevention system (IDS/IPS) sensors and firewalls.
- Implemented and configured the WTI remote management and power management consoles.
- Set up and implemented the nCircle remote monitoring system.
- Upgraded devices to comply with the current rules and signature sets.
Lead Network Engineer
- Engaged as the IBM technical lead for Circuit City's retail point of sale (RPOS) migration project.
- Migrated data from Windows 2003 servers to the Linux-based in-store gateway servers.
- Tested the functionality of Linux-based POS systems.
- Performed technical troubleshooting of routing information and frame relay protocols in the small office networks of Circuit City GO stores.
- Handled the switch configuration of Cisco 2950 and Symbol ES 3000 and 5000.
Project Coordinator | Network Engineer
- Engaged as the technical coordinator for the 3S Network team and Cingular Wireless.
- Coordinated a team of 16 engineers, managed their schedule, assigned tasks for deployment, planned testing requirements and processes, and reported daily progress, updates, and results to the Cingular project lead.
- Conducted a network survey for predesigned network estimation.
- Designed a Cisco network for small to mid-size offices.
- Performed physical network infrastructure implementations employing wiring installation, hardware set up, and testing.
- Configured the network for open-shortest-path-first protocol and implemented IDS and Cisco PIX firewalls.
HII Digital Defense Modernization (DDM)
I developed technical documentation for various components of cybersecurity implementations, including on-premise and Azure/AWS cloud security architecture and security processes. I also provided architectural solutions and guidelines for firewall migration and implementing data loss prevention, log collection, SIEM analysis, and vulnerability management. In addition, I helped with the governance, risk, and compliance (GRC) audit and identified the gaps. Then, I developed guidelines for mitigating the initial gaps and risks, including the recurring GRC audit process.
Identification of NIST CSF-based Cybersecurity Maturity and Capabilities
PCI DSS and NIST 800-53 Audit for a Pharmaceutical Company
I ran a NIST 800-53 compliance audit to identify internal and external risks to cybersecurity. I provided recommendations to mitigate the risks. Finally, I developed process documents to establish a recurring NIST 800-53 audit and risk mitigation.
Management, Penetration Testing, DDoS, HIPAA Compliance, Role-based Access Control (RBAC), DevSecOps
Windows, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP)
Cybersecurity, Network Security
Architecture, GRC, IDS/IPS, Vulnerability Management, Disaster Recovery Consulting, Backups, Policies & Procedures Compliance, Managed Security Service Providers (MSSP), Security, Compliance, Computer Security, IT Security, Risk Management, Security Audits, Threat Modeling, Critical Security Controls (CIS Controls), Security Design, Google Workspace, Data Privacy, Data Protection, Vulnerability Assessment, Hybrid Cloud Infrastructure, Information Security, Firewalls, Encryption, Identity & Access Management (IAM), SIEM, Web Security, Application Security, CA Network & Systems Management (NSM), ISO 27001, Lecturing, Web App Security, Ethical Hacking, SOC 2, Cloud Security, Data Encryption, Security Policies & Procedures, Data Loss Prevention (DLP), GAP Analysis, Electrical Engineering, NIST, Network Monitoring, Development, TACACS Protocol, Cisco Routers, Cisco Switches, RPOS, ISG, IDM, SDM, Open Shortest Path First (OSPF), Cisco, McAfee DLP, Log Collector, Frameworks, PCI DSS, Cloudflare, Container Orchestration
SAML, Transaction Control Language (TCL)
Amazon CloudWatch, Splunk, SolarWinds, Bro Network Security Monitor, AWS CloudTrail, Terraform
FireMonkey, AWS HA
Master's Degree in Electrical Engineering
University of Texas–Pan American - Edinburg, Texas, USA
Bachelor's Degree in Electrical Engineering
Minnesota State University, Mankato - Mankato, Minnesota, USA
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.Start hiring