Montasir Azad, Developer in Phoenix, AZ, United States
Montasir is available for hire
Hire Montasir

Montasir Azad

Verified Expert  in Engineering

Security Architect and Developer

Location
Phoenix, AZ, United States
Toptal Member Since
August 28, 2023

Montasir is an InfoSec leader with 20+ years of experience managing cybersecurity and enterprise architecture. He has designed and enforced security solutions for complex IT systems, including creating five-year security technical architecture roadmaps. With solid technical expertise and a profound grasp of industry best practices, Montasir develops and executes cybersecurity strategies that effectively mitigate risks, protect sensitive data, and ensure compliance with regulatory requirements.

Information SecuritySecurityEndpoint SecuritySecurity ArchitectureVulnerability ManagementGRCData ProtectionData PrivacyWindowsCybersecurityNetwork SecurityAmazon Web Services (AWS)FirewallsCloud SecurityWeb SecurityCisco RoutersNetwork MonitoringCisco Switch

Portfolio

iHeartMedia
Vulnerability Management, GRC, Architecture, Management, Cloud Security...
Infosys
Architecture, Security Policies & Procedures...
Choice Hotels
IDS/IPS, Firewalls, Identity & Access Management (IAM)...

Experience

Policies & Procedures Compliance - 13 yearsArchitecture - 12 yearsVulnerability Management - 12 yearsDisaster Recovery Consulting - 12 yearsCloud Security - 10 yearsGRC - 10 yearsBackups - 9 yearsSIEM - 5 years

Availability

Full-time

Preferred Environment

Windows

The most amazing...

...process I've designed included a cybersecurity risk assessment questionnaire with ServiceNow change management, improving the SSDLC method for iHeartMedia.

Work Experience

Director | Senior Principal Security Architect

2021 - 2023
iHeartMedia
  • Developed cybersecurity capability and maturity across the organization based on the NIST Cybersecurity Framework. Identified and prioritized gaps based on cybersecurity needs and provided mitigation guidelines and processes.
  • Built and maintained an enterprise security architecture process, enabling the enterprise to develop and implement security solutions and capabilities aligned with business, technology, and threat drivers.
  • Constructed enterprise security strategy plans and roadmaps based on sound enterprise architecture practices.
  • Produced and maintained security architecture artifacts, such as models, templates, standards, and procedures, to leverage security capabilities in projects and operations.
  • Tracked internal and external developments and changes in digital business and threat environments to ensure they were adequately addressed in security strategy plans and architecture artifacts.
  • Collaborated with the CISO, CTO, and tech teams to develop and validate business solutions, IT infrastructure, and multi-cloud, and other reference architectures for security best practices. Recommended changes to enhance security and reduce risks.
  • Reviewed security technologies, tools, and services and provided recommendations to the broader security and technology teams for their use based on security, financial, and operational metrics.
  • Provided solutions to integrate cloud infrastructure and align with industry best practice security controls. Developed AWS and Azure cloud architecture based on reference models to implement security solutions in the cloud.
  • Created 5-year security technology architecture roadmaps, reference and target architecture, design principles, best practices, patterns, and standards. Oversaw adherence to defined enterprise security architecture principles and standards.
  • Worked with the application security team to develop a recurring penetration testing and secure system/software development lifecycle (SSDLC).
Technologies: Vulnerability Management, GRC, Architecture, Management, Cloud Security, Identity & Access Management (IAM), Data Encryption, Compliance, Computer Security, Web Security, IT Security, Application Security, Cybersecurity, Security, Network Security, Critical Security Controls (CIS Controls), Security Design, Google Workspace, Web App Security, Google Cloud Platform (GCP), Cloudflare, Data Privacy, Data Protection, DevSecOps, Vulnerability Assessment, Hybrid Cloud Infrastructure, Container Orchestration, Ethical Hacking, Amazon Web Services (AWS), Datadog, Azure, Information Security, Documentation, Endpoint Security, Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Architecture

Project Director | Senior Principal Security Architect

2019 - 2021
Infosys
  • Led a cybersecurity team, managed various projects, and facilitated services through all project lifecycle phases.
  • Implemented and maintained security solutions, such as firewalls, intrusion detection and prevention systems, antivirus software, and encryption technologies.
  • Conducted risk assessments and vulnerability testing to identify security weaknesses in systems, networks, and applications.
  • Developed and implemented security policies, standards, and procedures that meet industry best practices and regulatory requirements.
  • Built the event collector and processor's complete architecture for Cyberwatch, an IBM QRadar-based SIEM.
  • Architected the complete security design for the Broadcom Sterling and San Jose data center using the Palo Alto PA-3250 and PA-5560 firewalls.
  • Created Kubernetes policies to secure the underlying infrastructure platform, hosts, and individual applications within the cluster.
  • Trained and educated employees on security best practices, policies, and procedures.
Technologies: Architecture, Security Policies & Procedures, Managed Security Service Providers (MSSP), Data Loss Prevention (DLP), SIEM, GRC, GAP Analysis, Compliance, Computer Security, Web Security, IT Security, Vulnerability Management, Application Security, Cybersecurity, Security, Network Security, Critical Security Controls (CIS Controls), Penetration Testing, Google Workspace, Web App Security, Cloudflare, Data Privacy, Data Protection, Google Cloud Platform (GCP), DevSecOps, Vulnerability Assessment, Hybrid Cloud Infrastructure, Identity & Access Management (IAM), Container Orchestration, Ethical Hacking, Amazon Web Services (AWS), Azure, SAML, Terraform, Information Security, Documentation, Endpoint Security, Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Architecture

Senior Information Security Lead

2017 - 2019
Choice Hotels
  • Assisted in leading the InfoSec team in designing and implementing security solutions to ensure appropriate guidelines, policies, and procedures are in place to adequately address threats and vulnerabilities.
  • Partnered with technology and business teams as a security expert and trusted advisor in providing security designs, requirements, risk monitoring, and mitigation guidance in alignment with industry best practices and regulatory requirements.
  • Evaluated networks and systems to identify, report on, and guide the remediation of security gaps.
  • Responded to InfoSec threats, ensuring that Choice's information assets remained secure, and performed incident response activities as necessary.
  • Managed and performed product and service evaluations, recommendations, and implementations for InfoSec that support strategic operational needs and security requirements.
  • Trained other team members on new security solutions and transitioned ownership upon successful implementation.
  • Assessed the environment continuously to ensure compliance with external regulations and Choice Hotels InfoSec policies and standards.
  • Helped the director with security strategy development and risk prioritization.
Technologies: IDS/IPS, Firewalls, Identity & Access Management (IAM), Role-based Access Control (RBAC), NIST, Amazon CloudWatch, AWS CloudTrail, Compliance, Computer Security, IT Security, Vulnerability Management, Application Security, Cybersecurity, Security, Network Security, Critical Security Controls (CIS Controls), Penetration Testing, Google Workspace, Data Privacy, Data Protection, Vulnerability Assessment, Hybrid Cloud Infrastructure, Amazon Web Services (AWS), Azure, Information Security, Documentation, Endpoint Security, Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Architecture

Principal Network Security Architect

2010 - 2017
OpenSky Corporation
  • Designed and implemented ThreatConnect, Palo Alto virtual wire firewalls, Imperva Web Application Firewall, and Forescout CounterACT network access control.
  • Implemented IXIA out-of-band packet broker, UDP Director, FireMon, Attivo deception technology, Forcepoint proxy, Tanium, and Tenable.
  • Established security standards for new environments and implementations.
  • Set up controls and compliance zones for Payment Card Industry Data Security Standard (PCI-DSS), HIPAA, and ISO 27001 in FireMon and automated the reporting for non-compliance.
  • Worked on the SolarWinds redesign and architecture. Set up and configured SolarWinds modules.
  • Performed the PCI and Identity Services Engine network segment design and firewall migration.
Technologies: Vulnerability Management, GRC, FireMonkey, SolarWinds, Network Monitoring, Bro Network Security Monitor, Backups, Architecture, Firewalls, Security, Compliance, Computer Security, IT Security, Cybersecurity, Splunk, CA Network & Systems Management (NSM), Network Security, Critical Security Controls (CIS Controls), DDoS, HIPAA Compliance, Data Protection, Vulnerability Assessment, Hybrid Cloud Infrastructure, Identity & Access Management (IAM), ISO 27001, SOC 2, Azure, Information Security, Managed Security Service Providers (MSSP), Documentation, Endpoint Security, Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Architecture

Senior Network Engineer

2009 - 2010
Computer Sciences Corporation
  • Developed and oversaw the IT vulnerability management model for VISA, which included determining the scope, identifying various sources, handling remediation, and planning.
  • Enforced rules and signatures for McAfee Intrushield intrusion detection and prevention system (IDS/IPS) sensors and firewalls.
  • Implemented and configured the WTI remote management and power management consoles.
  • Set up and implemented the nCircle remote monitoring system.
  • Upgraded devices to comply with the current rules and signature sets.
Technologies: Development, TACACS Protocol, Cisco Routers, Cisco Switches, SolarWinds, Computer Security, Documentation

Lead Network Engineer

2006 - 2009
IBM
  • Engaged as the IBM technical lead for Circuit City's retail point of sale (RPOS) migration project.
  • Migrated data from Windows 2003 servers to the Linux-based in-store gateway servers.
  • Tested the functionality of Linux-based POS systems.
  • Performed technical troubleshooting of routing information and frame relay protocols in the small office networks of Circuit City GO stores.
  • Handled the switch configuration of Cisco 2950 and Symbol ES 3000 and 5000.
Technologies: RpoS, ISG, IDM, SDM

Project Coordinator | Network Engineer

2003 - 2004
3S Network
  • Engaged as the technical coordinator for the 3S Network team and Cingular Wireless.
  • Coordinated a team of 16 engineers, managed their schedule, assigned tasks for deployment, planned testing requirements and processes, and reported daily progress, updates, and results to the Cingular project lead.
  • Conducted a network survey for predesigned network estimation.
  • Designed a Cisco network for small to mid-size offices.
  • Performed physical network infrastructure implementations employing wiring installation, hardware set up, and testing.
  • Configured the network for open-shortest-path-first protocol and implemented IDS and Cisco PIX firewalls.
Technologies: Open Shortest Path First (OSPF), IDS/IPS, Firewalls, Cisco, Cisco Routers, Cisco Switches, Cisco PIX

HII Digital Defense Modernization (DDM)

Led the cybersecurity team and managed the DDM project, facilitating services through the entire project lifecycle.

I developed technical documentation for various components of cybersecurity implementations, including on-premise and Azure/AWS cloud security architecture and security processes. I also provided architectural solutions and guidelines for firewall migration and implementing data loss prevention, log collection, SIEM analysis, and vulnerability management. In addition, I helped with the governance, risk, and compliance (GRC) audit and identified the gaps. Then, I developed guidelines for mitigating the initial gaps and risks, including the recurring GRC audit process.

Identification of NIST CSF-based Cybersecurity Maturity and Capabilities

Ran NIST CSF-based assessment on cybersecurity maturity and capabilities. I identified the maturity level of each CSF domain and the primary risk factors and risk matrices. I then architected a plan to mitigate the identified risks and developed a 5-year road map to increase the capabilities and compliance level.

PCI DSS and NIST 800-53 Audit for a Pharmaceutical Company

Ran a PCI DSS compliance audit to identify PCI risks. I identified internal and external risks in PCI transactions and provided recommendations to mitigate the risks. I also developed process documents to establish recurring PCI DSS audits and risk mitigation.

I ran a NIST 800-53 compliance audit to identify internal and external risks to cybersecurity. I provided recommendations to mitigate the risks. Finally, I developed process documents to establish a recurring NIST 800-53 audit and risk mitigation.
2004 - 2006

Master's Degree in Electrical Engineering

University of Texas–Pan American - Edinburg, Texas, USA

2001 - 2003

Bachelor's Degree in Electrical Engineering

Minnesota State University, Mankato - Mankato, Minnesota, USA

Paradigms

Management, Penetration Testing, DDoS, HIPAA Compliance, Role-based Access Control (RBAC), DevSecOps

Platforms

Windows, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP)

Industry Expertise

Cybersecurity, Network Security

Other

Architecture, GRC, IDS/IPS, Vulnerability Management, Disaster Recovery Consulting, Backups, Policies & Procedures Compliance, Managed Security Service Providers (MSSP), Security, Compliance, Computer Security, IT Security, Risk Management, Security Audits, Threat Modeling, Critical Security Controls (CIS Controls), Security Design, Google Workspace, Data Privacy, Data Protection, Vulnerability Assessment, Hybrid Cloud Infrastructure, Information Security, Documentation, Endpoint Security, Endpoint Detection and Response (EDR), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Architecture, Firewalls, Encryption, Cloud Security, Identity & Access Management (IAM), SIEM, Web Security, Application Security, CA Network & Systems Management (NSM), ISO 27001, Lecturing, Web App Security, Ethical Hacking, SOC 2, Data Encryption, Security Policies & Procedures, Data Loss Prevention (DLP), GAP Analysis, Electrical Engineering, NIST, Network Monitoring, Development, TACACS Protocol, Cisco Routers, Cisco Switches, RpoS, ISG, IDM, SDM, Open Shortest Path First (OSPF), Cisco, McAfee DLP, Frameworks, PCI DSS, Cloudflare, Container Orchestration, Cyberattacks

Languages

SAML, Transaction Control Language (TCL)

Tools

Amazon CloudWatch, Splunk, SolarWinds, Bro Network Security Monitor, Log Collector, AWS CloudTrail, Terraform, Cisco PIX

Storage

Datadog

Frameworks

FireMonkey, AWS HA

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring