Kamel Boumaza

Design and definition of network and security architectures

Writing of architecture documents submitted to the steering committee on the improvement and/or new network and security infrastructure.

Management of service providers and cross-functional coordination

Complete and autonomous development of Technical Design Documents (DAT), from requirements gathering to final validation, with all technical and functional project characteristics.

Analysis and qualification of application audits to assess the performance and capacity of Internet/SDWAN links to support applications under real operating conditions.

Writing of scoping notes for network and security project needs, allowing relevant entities to validate the requirements.

Qualification and writing of budget commitment notes.

Level 3 support for all production hardware in the technical environment.

POC DLP Varonis/Prisma + architecture/deployment + compliance, data classification, IT/OT monitoring

SASE architecture audit + improvement proposal (cost + functionality)

Network and firewall audit

Management of the global SASE architecture audit with recommendations (cost, functional coverage, compliance, ZTNA) OT compliance, ZTNA, cost, functionalities

Compliance aligned with ISA95/NIS2 on 3 critical industrial sites

Reduction of non-compliant traffic by 40% after NSX microsegmentation + NGFW hardening aligned with Purdue level 1-3

Implementation and optimization of VRRP, BGP, OSPF, and MPLS on WAN/SD-WAN and datacenter architectures

Development of post-audit remediation and hardening plans (firewall, critical flows, ACL, routing, EOL)

Evaluation of WAN/SD-WAN infrastructure resilience within the framework of business continuity (BCP/DRP)

Integration of Cortex XSOAR in POC for automated security incident response

Reduction of security incident response time by 35% via Cortex

OT compliance achieved on 3 critical plants, ISO 27001/IEC 62443/NIS2/NIST audits

Operator entry point to study line requirements (MPLS + Internet). Implementation with associated technical architecture of SD WAN and its deployment. Security requirements study for the implementation of new flow rules and layer 7 security. Migration of VPN users to the new infrastructure with all associated tests for validation. Migration of partner VPNs with associated tests to the new infrastructure. Study and implementation of a new Zscaler SAAS proxy tenant to secure outgoing user and server traffic.

Project management/monitoring and implementation of technical exchanges with service providers and partners Creation of technical architecture documents.

Creation, update, and correction of architecture documents (HLD, LLD)

Management of Level 3 incident resolution received by the operations center with a specialization in network and security perimeter incidents (On Premise and Cloud)

Analysis and resolution of issues on network and security perimeters

Project execution: architecture, technical engineering, participation in deployments, migrations, and application go-lives

Implementation/Configuration on Azure and GCP of Expressroute, Virtual Network, Virtual Network Gateway, Application Gateway, NSG, Load Balancer, Firewall, Peering, Route, and BGP

Contact point for managing interconnections to the ATT/LVMH MPLS MAN

Deployment of Meraki, Fortinet, Palo Alto, Aruba Wifi, and Switches at remote sites (stores and factories)

Renewal and integration of new certificates

BGP VPN configuration between Palo Alto and Azure

Architecture, analysis, study, and technical expertise addressing various issues related to current environments and/or the deployment of new environments worldwide. Project to migrate to a new Nexus 7k/5k/2k infrastructure in BGP with all related issues concerning the integration of new Juniper Firewalls Migration and integration of Infoblox DNS/DHCP/IPAM appliances

Creation of technical architecture documents.

Update and correction of architecture documents. Management of Level 3 incident resolution received by the operations center with a specialization in network and security perimeter incidents Analysis and resolution of issues on network and security perimeters Communication with the client on project progress and ongoing incidents Project execution: technical engineering, participation in deployments, migrations, and application go-lives, organization of knowledge transfer on the technical environment listed below. Architecture, configuration, administration, intervention with industrial OT suppliers on various issues, evolution of factory infrastructures on the network and security side.

Technical Environment LAN, MAN, WAN: F5 LTM/ASM LoadBalancer Cisco NEXUS 9K, 7k, 5K, 2K (VDC, VPC, Fabric-Path, FC) Cisco ASR9K Cisco Catalyst 6500/6800 in VSS, 3560, 3750, 2960 Juniper MX-Series Stormshield, Fortinet, Palo Alto, Juniper SRX and SSG, Forcepoint, ASA Firepower Proxy Bluecoat Wifi WLC Cisco Juniper SA, Riverbed Cisco ISE DNS (Infoblox, Efficient IP, UNIX) Tufin