Stephen is available for hire
Hire StephenStephen Adebowale
Verified Expert in Engineering
Security Architect and Developer
Location
Calabasas, CA, United States
Toptal Member Since
September 8, 2023
Stephen is a Certified Information Systems Security Professional and AWS Certified Solutions Architect. He has 10+ years of experience designing cybersecurity solutions for multitenant hybrid or public clouds and on-premise architectures. As a consultant and senior architect, Stephen has led cybersecurity engagements for clients and engineered solutions adhering to accepted governance, risk, and compliance, such as PCI-DSS, HIPAA standards, and CIS frameworks.
Portfolio
Freelance
Azure, Amazon Web Services (AWS), Palo Alto Networks...
Victory Pacific Group, Inc.
AWS NLB, AWS IAM, Python, Object Storage, Computer, Data-level Security, SIEM...
TaskUs
Palo Alto Networks, AWS IAM, Azure, Amazon Web Services (AWS), AWS ELB...
Experience
Availability
Part-time
Preferred Environment
Azure, Amazon Web Services (AWS), Network Security, Identity & Access Management (IAM), Palo Alto Networks, Zero Trust, PCI DSS, HIPAA Compliance, GRC, Cybersecurity, Frameworks
The most amazing...
...project I've done is a risk assessment based on potential threats to a client's cloud and on-premise network using open-source tools like Metasploit.
Work Experience
IT Security Architect
2022 - PRESENT
Freelance
- Designed, built, and implemented enterprise-class cloud security systems and solutions, predominantly in AWS. Aligned standards, frameworks, and security with overall enterprise and technology strategies.
- Translated business requirements using complex methods/models to determine appropriate system solutions and cost models. Established and implemented technology migration strategies for applications or architecture.
- Collaborated with other IT architects in building and maintaining the enterprise cloud strategy, policies, and technology framework. Assisted in developing strategies and roadmaps that span multiple years to align with company strategic initiatives.
- Identified and communicated current and emerging security threats and designed security architecture elements to mitigate threats, create solutions, and balance business requirements with information and cybersecurity requirements.
- Led the development of strategies and roadmaps that span multiple years to align with company strategic initiatives and growth. Worked within a cross-functional team to provide technical expertise in designing and planning system solutions.
- Spearheaded the research, identification testing certification, and selection of technology products required for solution delivery.
Technologies: Azure, Amazon Web Services (AWS), Palo Alto Networks, Identity & Access Management (IAM), Network Security, Application Security, AWS NLB, Certified Information Systems Security Professional, Secure Access Service Edge (SASE), Zero Trust, IPsec, Amazon S3 (AWS S3), Object Storage, Data-level Security, Data Governance, GRC, SIEM, TOGAF, DevSecOps, Cloud Native, Security, PCI DSS, PCI Compliance, Firewalls, Azure Active Directory, Microsoft Sentinel, Risk Assessment, Risk Management, Cybersecurity, Frameworks, Database Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), AWS CloudFormation, Cloud Security, Information Security, ITSM, IT Security, Data Encryption, Data Protection, Web App Security, Security Architecture, Threat Modeling, Security Audits, Architecture, Compliance, Computer Security, Web Security, Security Design, DevOps, Infrastructure, CISSP, SecOps, Audits
Security Consultant
2021 - 2022
Victory Pacific Group, Inc.
- Employed data loss prevention technologies and led efforts to protect the company from internal data theft, financial loss due to a breach, and external attacks on its information systems.
- Provided security guidance to technical project teams on cloud solution security requirements. Collaborated with the security management and cross-functional peers on a long-range strategy requiring creative solutions.
- Contributed to implementing security policies adhering to Payment Card Industry Data Security Standards (PCI-DSS). Led the effort to make the company PCI-DSS compliant in hosting personally identifiable information.
Technologies: AWS NLB, AWS IAM, Python, Object Storage, Computer, Data-level Security, SIEM, Zero Trust, HIPAA Compliance, PCI DSS, PCI Compliance, Firewalls, Azure Active Directory, Risk Assessment, Risk Management, Cybersecurity, Frameworks, Database Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Information Security, IT Security, Data Encryption, Data Protection, Web App Security, Security Architecture, Architecture, Compliance, Computer Security, Web Security, Security Design, VPN, Infrastructure, CISSP, SecOps, Network Engineering
Network Security Architect
2018 - 2020
TaskUs
- Led and mentored a virtual team of security engineers across the US and Asia to establish the IT security architecture and engineering discipline.
- Secured and monitored AWS cloud infrastructure-as-a-service workloads using Palo Alto public cloud enterprise to enforce compliance and perform risk assessment for each cloud workload.
- Used cloud access security brokers like Palo Alto Prisma and McAfee Skyhigh to secure and monitor software-as-a-service infrastructure.
- Developed and implemented SDLC and SecDevOps methodologies for the company. Designed and executed AWS Single Sign-On (AWS SSO), now AWS IAM Identity Center, for access and privilege management with multifactor authentication.
- Drove the design and development of security architectures for on-premise network infrastructure using security information and event management platforms, like AlienVault USM, and Palo Alto next-gen firewalls.
Technologies: Palo Alto Networks, AWS IAM, Azure, Amazon Web Services (AWS), AWS ELB, Identity & Access Management (IAM), Certified Information Systems Security Professional, Secure Access Service Edge (SASE), Zero Trust, IPsec, Amazon S3 (AWS S3), Python, Object Storage, Data-level Security, GRC, Cisco, ISO 27001, Data Privacy, DevSecOps, Cloud Native, Security, HIPAA Compliance, PCI DSS, PCI Compliance, Firewalls, Risk Assessment, Risk Management, Frameworks, Cybersecurity, Database Security, AWS CloudFormation, Cloud Security, ITSM, Data Encryption, Data Protection, Web App Security, Security Architecture, Threat Modeling, Architecture, Compliance, Computer Security, Web Security, Security Design, DevOps, Networking, VPN, Infrastructure, AWS VPN, Networks, CISSP, SOC 2, SecOps
Senior Network Security Engineer
2016 - 2018
UCLA
- Led the successful upgrade of Cisco ASA to Palo Alto firewalls within a 10,000-node network.
- Drove the design and implementation of the network access control using Aruba and Palo Alto networks.
- Oversaw the migration of on-premise applications to AWS.
Technologies: Palo Alto Networks, AWS IAM, Cisco, IPsec, CCNP Security, Firewalls, Cloud Security, Security Architecture, Networking, VPN, Networks, CISSP, SOC 2, Network Engineering
Experience
AWS Single Sign-on (SSO) Design and Implementation
I used AWS Control Tower to deploy 200 accounts under one management organization for a reputable banking institution with over 10,000 employees and multiple portfolios. The result was to have 200 centrally managed and visible accounts (based on user-assigned roles) on a landing page, removing, in the process, direct access to individual accounts.
I successfully configured single sign-on (SSO) utilizing the system for cross-domain identity management (SCIM) standards to use Microsoft Entra ID (known previously as Azure Active Directory) as an identity store and provider with Conditional Access Policies (zero trust and defense in layers principles).
I successfully configured single sign-on (SSO) utilizing the system for cross-domain identity management (SCIM) standards to use Microsoft Entra ID (known previously as Azure Active Directory) as an identity store and provider with Conditional Access Policies (zero trust and defense in layers principles).
Design and Implementation of a Palo Alto Network SASE/SSE Solution
Architected and implemented a zero-trust SASE solution for TaskUs using Palo Alto Networks PRISMA ACCESS and GlobalProtect solution.
This project aimed to upgrade the current Cisco Umbrella and Cisco AnyConnect solution to Palo Alto Networks SASE.
This project realized cost savings of $10,000 per month and ensured business as usual to mitigate the effects of government-mandated "stay at home" orders during the pandemic.
The solution was designed to connect over 10,000 remote users, 10 data centers, and access to AWS cloud for mission-critical enterprise applications. The solution was successfully operational within 120 days.
This project aimed to upgrade the current Cisco Umbrella and Cisco AnyConnect solution to Palo Alto Networks SASE.
This project realized cost savings of $10,000 per month and ensured business as usual to mitigate the effects of government-mandated "stay at home" orders during the pandemic.
The solution was designed to connect over 10,000 remote users, 10 data centers, and access to AWS cloud for mission-critical enterprise applications. The solution was successfully operational within 120 days.
Malware Scanning Solution for AWS Object-level Storage
I led a team of engineers who configured and deployed a malware scanning solution using ClamAV and Sophos scan engines for 100 AWS accounts by implementing a vendor solution called Cloud Storage Security Anti-malware Solution for Amazon S3 (AWS S3) and AWS transfer family.
The project aimed to ensure zero-trust and data protection of files accepted from vendors and 3rd parties before ingested into Pathward's AWS environment, as mandated by security standards (PCI DSS).
The technical requirements of this project were to scan in real time up to 1,000 concurrent file uploads per second with file sizes up to 100 MB.
The project was completed with three weeks to spare.
The project aimed to ensure zero-trust and data protection of files accepted from vendors and 3rd parties before ingested into Pathward's AWS environment, as mandated by security standards (PCI DSS).
The technical requirements of this project were to scan in real time up to 1,000 concurrent file uploads per second with file sizes up to 100 MB.
The project was completed with three weeks to spare.
Security Technical Reference Architecture
I developed and maintained security technical reference architectures for the enterprise using a synergy of The Open Group Architecture Framework (TOGAF) and SABSA enterprise security architecture methodologies. Also led the technical effort to obtain ISO 27001 certification for Taskus.
Skills
Tools
AWS IAM, AWS CloudFormation, VPN, AWS ELB
Platforms
Azure, AWS NLB, Amazon Web Services (AWS), Cloud Native
Industry Expertise
Cybersecurity, Network Security
Other
Cisco, Palo Alto Networks, Certified Information Systems Security Professional, Identity & Access Management (IAM), Information Design, Secure Access Service Edge (SASE), Zero Trust, GRC, CCNP Security, Security, Firewalls, Risk Management, Frameworks, Static Application Security Testing (SAST), Cloud Security, Information Security, IT Security, Data Protection, Security Architecture, Threat Modeling, Architecture, Compliance, Computer Security, Security Design, Networking, Infrastructure, AWS VPN, Networks, CISSP, SOC 2, SecOps, Network Engineering, Audits, Computer, IPsec, Data-level Security, Data Governance, SIEM, Data Privacy, PCI DSS, PCI Compliance, Microsoft Sentinel, Risk Assessment, Dynamic Application Security Testing (DAST), ITSM, Data Encryption, Web App Security, Security Audits, Web Security, Application Security, ISO 27001, AWS Control Tower
Frameworks
TOGAF
Paradigms
DevSecOps, HIPAA Compliance, DevOps
Storage
Amazon S3 (AWS S3), Object Storage, Azure Active Directory, Database Security, Microsoft Entra ID
Languages
Python
Education
1992 - 1996
Engineer's Degree in Information Systems and Electrical Engineering
University of London - London, England
Certifications
AUGUST 2022 - PRESENT
AWS Certified Solutions Architect
Amazon Web Services
AUGUST 2021 - PRESENT
CISSP - Certified Information Systems Security Professional
ISC2
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring