Saqib Rana
Verified Expert in Engineering
Network Security Engineer and Developer
Wellington, New Zealand
Toptal member since April 12, 2023
Saqib is a results-driven professional with 10+ years of experience implementing IT network security solutions. He specializes in firewalls, load balancers, routing and switching, cloud or VPN solutions, web proxies, and automation. Saqib also manages multivendor devices, including Fortinet, Palo Alto, Check Point, FortiGate, Cisco—ASA, ISE, WSA, and Firepower Threat Defense or Management Center—Forcepoint, A10 Networks, Aruba, Splunk, FortiAnalyzer, and F5 BIG-IP web application firewalls.
Portfolio
Experience
- Palo Alto Networks - 10 years
- FortiGate - 10 years
- F5 Networks - 10 years
- Proxy Servers - 10 years
- Network Security - 10 years
- Cisco - 5 years
- Cloud - 5 years
- Terraform - 1 year
Availability
Preferred Environment
Checkpoints, Palo Alto Networks, Cisco, FortiGate, ISE, Cisco Switches, ASA, Aruba, F5 Networks
The most amazing...
...project I've successfully planned and implemented is migrating a Cisco Adaptive Security Appliance (ASA) firewall to a Check Point R80.40 solution.
Work Experience
Senior Security Consultant
BNZ Bank
- Engaged as a senior security consultant for a company with BIG-IP LTM deployed in Azure infrastructure using Terraform as infrastructure as code. The CI/CD pipeline for configuring BIG-IP was established on Bitbucket for users to carry out BAU tasks.
- Provided technical assistance for migrating the Cisco Identity Services Engine (ISE) from version 2.7 to 3.1, achieving a fully distributed ISE deployment for the policy administration, monitoring, and policy service nodes.
- Deployed threat emulation on Check Point blades and replaced the legacy McAfee service.
- Optimized gateway performance during high traffic by deploying Check Point DoS Penalty Box as a defense-in-depth security architecture.
Security Architect
2Degrees
- Performed risk assessments, threat modeling, and vulnerability analyses of 2Degrees' systems and assets, developing risk management plans to mitigate, transfer, or accept risks.
- Worked with 3rd-party vendors and contractors to ensure they met the organization's information security requirements and complied with ISO 27001 standards.
- Implemented the ThreatModeler solution to identify potential security threats and vulnerabilities in the 2Degrees cloud environment. This also provided a graphical illustration of the cloud resource topology.
- Integrated the AlgoSec solution with 2Degrees' existing network security infrastructure, providing a complete on-premises infrastructure topology that was extremely helpful for engineers to resolve incidents quickly.
- Designed and implemented a secure mobile device management (MDM) solution for a technology company. Selected and configured MDM tools, developed policies, and provided employee training.
Security Consultant
Spark NZ
- Implemented the Illumio Zero Trust microsegmentation project to restrict the lateral movement of malicious actors.
- Designed and implemented Fortinet SD-WAN for multiple customers.
- Executed an AlgoSec solution for a customer to automate network topology, compliance report, and configuration cleanup.
- Migrated the customer's firewalls from a legacy Cisco ASA to Check Point.
- Evaluated and implemented multiple cloud landing zone solutions to determine the best fit for the customer's needs.
- Configured cloud firewalls and proxies, ensuring they met the customer's security and compliance needs.
- Set up Websense, Cisco Web Security Appliance (WSA), and BIG-IP web application firewall proxies for customers according to the OWASP security framework.
- Onboarded new customers for BIG-IP LTM, creating isolated route domains and partitions.
Network Security Engineer
Bank Albilad
- Planned and designed a fully distributed Cisco ISE 3600 solution to enforce 802.1X authentication for all bank users, switches, routers, access points, cameras, printers, and IoT.
- Ensured better protection against external cyberattacks by migrating the perimeter firewall from Cisco ASA to the next-generation Palo Alto network.
- Designed network segmentation to isolate the bank's cardholder data environment traffic from the rest of the network, reducing the risk of unauthorized access.
- Enforced a Palo Alto WildFire sandboxing solution that detects malware in files and URLs.
- Devised and implemented an open-shortest-path-first (OSPF) network topology suited to the bank's needs and requirements.
- Created and executed a FortiGate 3950B data center firewall, providing enhanced security measures to protect east-west and north-south data traffic flows.
- Implemented an Aruba wireless solution for the bank, providing secure and reliable wireless connectivity for all employees and visitors.
Network Security Engineer
Ministry of Media
- Migrated switches from legacy Cisco edge, distribution, and core to Alcatel Omni for all Ministry of Media campuses.
- Moved a large campus's network from static to OSPF routes.
- Implemented the Intermapper network monitoring software for infrastructure devices.
- Ensured reliable, high-speed connection by designing and implementing hub-and-spoke fiber optic network connectivity between radio, television, press campuses, and data centers.
- Designed and implemented a comprehensive network security solution for the Ministry using Juniper ISG firewalls.
- Optimized network performance and improved application response times by designing and implementing Blue Coat PacketShaper for the Ministry.
Experience
Cisco ASA to Check Point Firewall Migration
I began by understanding the current network topology, evaluating the Check Point firewall, and planning the migration process. Next, I tested the migration plan, set up the new firewall, and proceeded with migrating security policies and the VPN. Finally, I enabled the Check Point Compliance blade, then tested the new environment before fully transitioning.
By following the roadmap with all stakeholders, I successfully migrated the firewall to a Check Point R80.40 solution while maintaining the security posture of the client network.
Zero Trust Implementation
llumio provides a centralized management console for managing label-based policies and configurations across the network. The project plan was to replace existing FortiGate firewalls with an Illumio microsegmentation solution. To do this, I developed a project team, understood the current network topology, and evaluated the Illumio solution. Next, I planned and tested the migration process, then set up the new Illumio solution and migrated security policies. I also tested the new environment before transitioning and monitored the new solution afterward.
This project emphasizes the importance of careful planning, testing, and monitoring. By following the project plan, the client successfully transitioned to an Illumio microsegmentation solution, resulting in enhanced compliance with regulatory requirements and an improved security posture. Additionally, the migration to Illumio has significantly reduced the required workforce compared to the previous setup that relied on FortiGate firewalls.
DMVPN to SD-WAN Migration
The FortiGate SD-WAN solution provided the client with improved redundancy and traffic management and cost savings by eliminating the need for multiprotocol label switching. Implementing the solution also enhanced the organization's security posture. Multiple retail locations can benefit from a secure, reliable, and cost-effective network solution by utilizing intelligent traffic routing, advanced security features, and centralized management of network policies and configurations.
Education
Bachelor's Degree in Computer Science
University of South Asia - Lahore, Pakistan
Certifications
F5 Certified! BIG-IP Administrator
F5, Inc.
Exam 201—TMOS Administration
F5, Inc.
Check Point Certified Security Expert (CCSE)
Check Point Software Technologies Ltd
Palo Alto Networks Certified Network Security Engineer (PCNSE)
Palo Alto Networks
Fortinet NSE 7 – Enterprise Firewall
Fortinet
Check Point Certified Security Administrator (CCSA)
Check Point Software Technologies Ltd
Cisco Certified Internetwork Expert (CCIE) Security Lab
Cisco
NSE 4 Network Security Professional
Fortinet
Cisco Certified Network Professional (CCNP) Routing & Switching
Cisco
Juniper Networks Certified Internet Specialist, Security (JNCIS-SEC)
Juniper Networks, Inc.
Cisco VPN Security Specialist
Cisco
Cisco IPS Specialist
Cisco
Juniper Networks Technical Certification Program (JNTCP), Enterprise Routing and Switching
Juniper Networks, Inc.
Cisco Firewall Security Specialist
Cisco
Cisco Certified Network Professional (CCNP) Security
Cisco
Microsoft Certified Professional
Microsoft
Skills
Tools
Terraform, Websense, VPN, Logging
Languages
Python
Paradigms
Cisco Certified Network Associate Routing & Switching
Industry Expertise
Telecommunications, Network Security
Storage
Azure Active Directory
Other
Palo Alto Networks, FortiGate, Cisco Switches, ASA, F5 Networks, IT Security, Computer Networking, Check Point, IP Routing, Cloud, Proxies, WAN, Checkpoints, Cisco, LAN, Web Application Firewall (WAF), ISE, Aruba, Cisco Identity Services Engine (ISE), Compliance, Frameworks, Application Security, Juniper, Security Policies & Procedures, Fiber Optics, Monitoring, Routing, Firewalls, Intrusion Prevention Systems (IPS), Proxy Servers, Server Administration, DNS, Enterprise
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring