Sifeddine - Consultant cybersécurité CISCO
Ref : 151206E001-
20000 CASABLANCA (Maroc)
-
Ingénieur réseaux, Ingénieur Télécom, Consultant cybersécurité (39 ans)
-
Freelance
Network and security specialist
Expérience professionnelle (>10 ans d’expérience)
Parfaite connaissance des produits sécurité réseaux et systèmes.
Connaissance et expertise des solutions telecom et sécurité.
Excellentes qualités en gestion des projets technique.
Créatif, flexible, esprit proactif d’initiative, autonomie, résolution de problèmes et
Résistance au stress.
Depuis 01/04/2021 (position actuelle) : consultant réseaux et sécurité chez Manpower
Nantes France :
Etude et mise en œuvre d'un projet de transformation WAN vers une solution SDwan
- Porteur et réalisateur d'un projet de migration réseau sur une contexte datacenter
- Assainissement, refonte et standardisation réseaux
- Etude et mise en œuvre d'un PCA réseaux
- Conception, déploiement, migration de nouvelles architectures réseaux:
• LAN: déménagement de sites
• Interconnexion partenaire (MPLS, ipsec, ...)
• Etude et déploiement de solution NAC 802.1x
• Sécurisation des infrastructures et prévention des risques, politique de filtrage
- Traitement des incidents de niveau 3 et gestion proactive du réseau (MCO)
- Rédaction de procédures et de documentations techniques
- - Technologie : Fortinet, HPE, Aruba Network, Clearpass (Radius), , Forti Manager, HP IMC,
FortiAnalyser.
De01/08/2019 à 01/03/2021 (2 ans): consultant réseaux et sécurité chez Ericsson Paris
France :
PROJETS RÉALISÉS :
Projet innovation BRMC Orange Cloud Privé : Architecture et implémentation de NSX Palo alto Tufin
(automatisation des taches par call API : flux as a services, NAT as a service, Xaas..)
Programmation des taches réseaux et sécurité via API (Orchestrator, Postman )
Support /maintenance en cas de problème lors des migrations des composantes infrastructures
Hardware environment
- Palo Alto : NGN firewalls, Panorama
- Tufin secure track
- HDS 8000 (Ericsson Hyperconverged DC solution
- Juniper switches Switch (L2/L3 , Fabric, Control plane/Data plane)
- Pluribus switches
Virtualized environment NSX
-VRA/VRO
-SDN ( VMware NSX, VXLAN, Hardware VXLAN)
-Vsphere platform
-Vrealize suite
Depuis 01/03/2016 à 01/03/2018 (2 ans) : consultant Security infrastructure chez Banque
Société General branche Maroc :
PROJETS RÉALISÉS :
- Gestion des opérations et incidents (N2/N3) de la sécurité de toutes l’infrastructure SI du Banque :
réseaux, serveurs métier/infra, web (reverse proxy, Firewall WAF/applicatif), Database, , Antivirus…..
- Faire l’audit de la sécurité de tout le système d'information ainsi que fournir les rapports
hebdomadaires de traçabilité et fraude pour chaque départements et agences.
Implémentation du SIEM RSA et Guardium IBM et en réseaux Prod
Technologies:
Cisco ASA, Fortinet Fortigate , IBM Guardium, SIEM RSA , webgatway McAfee, F5, Xroad, SEP
Symantec Antivirus, SSO Evidian. Qualys.
Depuis 01/01/2015 a 2016: Senior Security consultant at HelpAG Corporation (German
Service Integrator Multi-vendor leader in Security solutions), Qatar and UAE
Etablir le Design(LLD/HLD),PoC, Implementation/deployment des solutions réseaux et sécurité
(Routeurs, Switchs, Firewall Next generation, IPS/IDS, SIEM, web filtering,email filtering,content
filtering… ) des different venders: CISCO, Palo Alto,F5 , Juniper, Fireeye,…
Faire le suivi et le conseil des clients dans toutes les phases du projet
Fournir le support (niveau 2,3).
Refontes et assistance des opérations et maintenance.
Ci-dessous les clients Majeur :
Gouvernements (MoFA Ministre of foreign affaires) : Projet de refonte et sécurisation LAN/WAN
Banques DIB Dubai Bank : support sécurité
Universités Qatar fondation : Projet d’implémentation du Firewall Palo Alto (POC, ingénierie,
déploiement et maintenance) et suivi du client pour le design d’un site DR redondant du site principal
Professional experience (more than 7 years):
• From 01/01/2015 to now (1 year):Senior security consultant at HelpAG Corporation (German Service Integrator based on Multi-vendor leader in Security and networking solutions),UAE – Qatar
-Design Solution deployment and support for customers Datacenters in networking security and systems with different vendors: CISCO, F5 (LTM ASM APM), Palo Alto, Juniper, Fireeye, HP.for major UAE and Qatar government/SME.
• January 01/2013to 01/2015 (2 year): Network security design architect at WANA Corporation (French Moroccan Service Provider based on CISCO equipment), Casablanca – Morocco.
Implementation, Support and maintenance of MPLS Backbone based on Cisco equipment :CRS, ASR9000, ASR1000, 6500 series, GSR, 7200 series, 7600 series
- Routing and switching Protocol: ISIS, OSPF, EIGRP,BGP, MP-BGP, MPLS, MPLS TE, LDP, QoS, L2VPN, L3VPN, and AToM.
- Make HLD, LLD and NIP of network and service: backbone IP/MPLS IP RAN Access.
- Handle connectivity within all platforms LTEPS IMS NGN CS and ADSL interconnection and integration into backbone ,
IPv6 integration in INWI Backbone using 6VPE MPLS VPN technology.
Implementation, Support and maintenance of Inwi - IP RAN ring Metro Ethernet Casablanca based on Cisco ASR Routersand Catalyst Switches.
Integration of different IN and VAS platforms (USSD, OCS, UVC, VMS, SMSC…).
Security: test performance and integration of ASA & Juniper SRX firewalls.
Test security of equipment penetration testing by tool IXIA (simulating traffic load attack DDOS, IP spoofing)
Implementation and configuration of VPN Methods
- Site-to-Site IPSec/VPN Remote Access VPN, AnyConnect Full Tunnel, SSL VPN, Full Tunnel IPSec VPN.
- Configuration of zoning and ACL
Implementation of Failover
- Configuration NAT and HA with VIP Gateway for internal Servers
- Integration with redundant architecture HA Failover (LAN and state links).
- Failover Triggers interface Monitoring
- Failover and State Links Configuration Replication
Implementation of Firewall Management Design
- SSH Access CLI
- Access to FW via HTTPS Access for ASDM
Wireless ericsson: configuration of BNG and WIC implementation
LTE : implementation of UGW subscriber concentrator
Work onGGSNequipmentfor PS project(APN Gi Gy Gx )coordination.
NGN VoIP: implementation of SBC equipment and knowledge on IMS HSS device and NGN architecture
DatacenterImplement VSSbetween catalystSwitches and design LLD of NexusSwitchimplementation.
Installation and deploying of F5.
• Huawei From 2010 to 2012 (3 year) Huawei Data Communication Engineer at HuaweiTechnologies, Rabat - Morocco.
Maroc telecom Metro IP Network Project – IAM IP RAN project :
- HSI (High Speed Internet), BTV (Broadband TV), VOD (Video on Demand) and VoIP (Voice over IP), fixed voice service, 2G , 3G and business VPN services integration.
- U2000 NMS monitoring provisioning maintenance for all datacomm equipment
- Technologies used: Working on IP RAN, IP/MPLS, MPLS VPN (Layer-2 & 3), MPLS-TE, MPLS-QoS, NMS, Routing (MP-BGP, IS-IS, OSPF), Multicast, IPv6, Switching, Security, U2000 Software Monitoring, High availability solutions, securing by tacacs and radius AAA
Maroc telecom BRAS (Broadband Remote Access Server) redeployment :
- Provide the technical support for the subcontractor till the final stage.
- Preparing the LLD Migration plan of the BRAS brodband access server.
- Implementation for the migration and testing the triple play: internet, VoIP and IPTV services.
- Preparing the script and cut-over plan.
- Communicate with customer and receive their requirement.
- Supervisory for subcontractor and Handle the configuration for all the Datacom equipments.
Maroc telecom Maintenance Team leader (duty phone handling) :
- Preparing the RFC, upgrade document and implementing new software and patch for the severs Switch and routers.
- Analyzing the existing design and make doc planning using MPLS TE and Carrier’s Carrier solution.
- Daily operation and maintenance for IP-MPLS backbone.
- Give a Support to the NGN, WCDMA, CDMA, IN and the Access Departments to solve their problems that are related to the Datacom Equipment.
- Periodic inspection & health check for network traffic usage
- Responsible for coordinating system upgrade and configuration.
- Responsible for technical communication with Customer for deploying new services.
IPv6 implementation IPv6 in Morocco telecom network.
Training delivery for customer
- Teach and present solution to customer providing training and technical support for the Customer and our company staff.
• Huawei 2008 to 2009(2 year): IP enginner Backbone expansion IP of Meditel.
Installation and deployment of 6 PE routers and following project till acceptance and removing all reserve.
implementation of 2 CX routers and installing NMS network managing system U2000
Training and Product
• ITIL foundation (Valid)
• CISSP (ongoing)
• CEH (Valid)
• Vendor certification:
• CCNP R&S (valid)
• CCNP security (valid)
• CCIE Datacenter written (valid)
• CCIE Lab(ongoing)
• JNCIA (valid)
• F5 ADC 101(valid)
• F5 TMOS 201(valid)
• Palo Alto ACE (Valid)
• Palo Alto PCNSE (valid)
• Vmware: VCP-NV(valid)
• Fireeye junior system engineer (Valid)
• Huawei certification : certificate HCDP huawei certified design professional (certificate of design)
• Training huawei Datacomm and access network in Huawei's regional office in Egypt from du 26th Dec, 2009 to 20th jan,2010
• Products Data IP /MPLS :
RouteurCisco :ASR, CRS, IOS, IOS-XE, IOS-XR.
Huawei :Net Engine core layer routeurs NE40/80/5000E
Firewall : ASA,juniper SRX, Eudemon 1000/500/200.
Accès : IP and ATM DSLAM
BAS : BRAS MA5200G et ME60
Management : Solarwind, Nagios,U2000
DSLAM/MSAN : MA5200T
Technical Proficiencies:
• Networking technologies and models: TCP-IP v4, OSI, IPV6, LAN, WAN, WLAN, ATM, Frame Relay, ETHERNET, MPLS, VIOP/TOIP,QoS, Multicast,IPv6 and IPv4 Coexistence and telecoms network.
• Router Configuration:RIP v1/v2, EIGRP, OSPF, RIPng, EIGRP v6, OSPF v3, BGP,ODR, route filtering and manipulation, redistribution, summarization,IP SLA , PBRand other advanced options.
•
• Switch Configuration:VLANs, private VLANs, DTP, VTP, STP, MSTP, RSTP, HSRP, VRRP, GLBP, Trunking, Etherchannel,Multilayer Switching, Inter-VLAN routing, VACLand other advanced options.
• Network security:Attacks/Prevention, Encryption, AAA, PKI,ACL,Firewall, IPS.
• Datacenter: OTV FCoE Nexus
• Virtual Private Network: VPN IPSec/GRE, MPLS L3 and L2 VPN , VPN SSL.
• Securing networks with CISCO devices (Switchs, Routers, ASAs, PIXs…)
• Wireless Networks (Standards, protocols, deployment and configuration).
• Operating Systems: Windows 7, Vista, XP, Windows Server 2003, Linux Administration..
Certification et compétences techniques
Neutral certification:
ITIL foundation (Valid)
CISSP (ongoing/ formation)
CEH (Valid)
CISA valid
ISO25005-Risk assessment (Valid)
Management certification
PMP (Valid)
Prince2 (valid)
Scrum master certified (Valid)
Vendor certification
CCNP R&S (valid)
CCNP security (valid)
CCIE Datacenter written (valid)
CCIE DC Lab(ongoing/formation )
JNCIA (valid)
F5 ADC 101(valid)
F5 TMOS 201(valid)
Palo Alto ACE (Valid)
Palo Alto PCNSE (valid)
Vmware: VCP-NV(valid)
Fire eye junior system engineer (Valid)
Oracle cloud foundation
NSE 2 Fortinet
Cyberark foundation
Produits Data IP /MPLS huawei :
o Routeur :Net Enginecore layer routeurs NE40/80/5000E
o Firewall :Eudemon 1000/500/200
o Accès :IP and ATM DSLAM
o BAS :BRAS MA5200G et ME60
o Management :U2000, N2000, Solarwind.
o DSLAM/MSAN : MA5200T
o Loadbalancer : F5
o Connaissance des modèles et technologies :TCP-IP v4, OSI, IPV6, LAN, WAN, WLAN, ATM, Frame
Relay, ETHERNET, MPLS, VIOP/TOIP, QoS, Multicast, transition entre IPv4-IPv6, réseaux télécoms.
o Configuration des Routeurs : RIP v1/v2, EIGRP, OSPF,ISIS,RIPng, EIGRP v6, OSPF v3, BGP/MPBGP,ODR, Filtrage et manipulation des routes, redistribution, summarization, IP SLA , PBR et autres
options.
o Configuration des Switches: VLANs, privateVLANs, DTP, VTP, STP, MSTP, RSTP, HSRP, VRRP,
GLBP, Trunk, Etherchannel, Inter-VLAN routing, VACL et autres options.
o Sécurité des systèmes d’information : Attaques/Solutions, PKI , AAA, Radius ; ACL, Firewall. IPS, DNS
o Configuration des réseaux Wireless (Normes, protocoles, Installation /configuration d’Access Points).
Protocoles
o QoS policing and shaping, VRRP, HSRP,BFD ,Security (L2TP IPsec) BGP, MPBGP, MPLSL3VPN, MPLS
L2VPN kompella and martini, OSPF, ISIS, MPLS TE, Multicast PIM SM, IPv6.IGMP,VLAN,DHCP
o Fast et Gigabit Ethernet, SDH,WDM.
o ATM, H323, TDM, SIP, RNIS,
systèmes:
o Microsoft Project Office et Visio : Gestion des déploiements et définition des architectures réseaux.
o Microsoft Office.
o Systèmes d’exploitation : Windows 7, Vista, XP, Windows Server 2003, Linux.
Formation
2008: Ingénieur INPT (Institut National des Postes et Télécommunication) option informatique réseaux et
services) à Rabat, mention : Bien.
2006: Licence en mathématique appliqué, à "université Hassan 2 " majorant de promotion.
2003: Baccalauréat sciences expérimentales, Lycée Mustapha Casablanca.
Langues
Anglais : Courante
Français : Courante
Russe : Basic
Espagnole : Basic
Intérêts
Randonne, Ping pong, participant (journal Chimie/bio-informatique/pharmacie), jeu d’échec