Yogesh Gupta
Group Head Of Cloud Infrastructure
Dubai
Summary
Accomplished engineer proffering extensive cloud monitoring, deployment and troubleshooting skills. Defined, built and maintained infrastructure using vendor-neutral and platform-specific tools. Organized and focused person with extraordinary leadership acumen. Resourceful [Job Title] experienced in evaluating and assessing client requirements and implementing infrastructure to solve identified problems. Harnessed code and cloud-native technologies to create scalable and user-centric systems. Strong negotiator with excellent value-driven solutions. Bilingual Network Engineer offering [Number]-year background in network planning and implementation. Confident and knowledgeable of multimedia systems, data storage and encryption devices. Creates support and training documentation that supports employee knowledge base.
Overview
20
20
years of professional experience
9
9
years of post-secondary education
Work History
Group Head Of Cloud Infrastructure
Network International
Dubai
10.2021 - Current
- Provided technical leadership and delivered innovative products and services to address customer specific requirements.
- Understood client needs and objectives by conducting proactive customer and data analysis.
- Identified gaps in market to spot opportunities to create value propositions.
- Partnered with infrastructure teams on evaluation and feasibility assessments of new systems and technologies.
- Utilized code and modern cloud-native deployment techniques to design, plan and integrate cloud computing and virtualization systems.
Senior Security Architect
Dubai
04.2021 - 07.2021
- Represented InfoSec Function in Cloud Center of Excellence (CCoE)
- Developed Security Standards for cloud computing, devSecOps and containers
- Acted as approval authority for Digital projects from security perspective
- Prepared organization for ISO 27001 compliance and developed risk assessment methodology
- Conducted workshops on cloud security awareness
Senior Technology Architect
10.2019 - 03.2021
- (Cloud Security) (Project: Mashreq Head of Cloud & Digital Security, Mashreq Bank, Dubai)
- Heading the Cloud Security & DevSecOps function of leading Bank of UAE - Mashreq Bank
- As a trusted advisor to CISO, I was responsible for developing security polices and standards for cloud infra
- As a member of CCOE, was instrumental in designing and implementing security controls in Azure cloud infrastructure
- Key Result Areas:
- Developed Cloud & Digital Security blueprint for Hybrid cloud infrastructure (on-premises plus Azure as public CSP) which included cloud security reference architecture (including RACI Matrix)
- Developed Secure Cloud Migration Guideline for CCoE (Cloud Centre of Excellence)
- Developed Security Standards for cloud computing, micro-services and container security
- Developed key security documents for cloud operations – Go-live check lists, SaaS application security check list, security controls for Azure services (Azure Active Directory, networks, SQL, Redis etc.)
- Providing custom security solutions design and conducting workshops Azure security practice which includes below features but not limited to features belo
- Access Security: Azure, Conditional Access, MFA, RBAC, SSO,Hybrid Identity
- Application Security: API Management Gateway, Azure DevOps, Secure Coding, SAST, DAST & container security
- Infrastructure & Endpoint Security: Azure Firewall, Network virtual Appliances (NVA), NSGs, CDRs, Express route, VPN Gateway, Azure Key Vault , Azure Application Gateway, AWS Azure Backup, AWS Backup,),Data Security, Azure information protection , ,Microsoft Defender Advanced Threat Protection (MDATP), Office 365 Advanced Threat Protection, Azure Advanced Threat Protection
- Cloud Security Posture Management : Azure Security Centre, Azure Sentinel, Log analytics
- Microsoft Cyber Reference Architecture
- Monitoring & logging: Azure Network Watcher, Azure Sentinel (AS) integration with on-premises Archsight.
Founder & Principal Security Architect
Secloud Guru
Dubai
09.2017 - 08.2018
Founder & Principal Security Consultant
NetworkLabs India as
02.2011 - 08.2017
Security Specialist
Cable & Wireless
02.2005 - 01.2011
Network Security Engineer
Vinciti Network
08.2004 - 01.2005
Technical Support Engineer
Mphasis
01.2004 - 07.2004
- Technical Skills
- Migrations
- Secure Migration of Application Servers to from On Prem to Cloud
- Regulatory and Security Assessment (platform, application based)
- Gap Analysis (Policy, Procedures, contracts, SLAs)
- Security Control selection / compensating control selection
- Infrastructure Platforms:
- Designing and deploying Azure network security strategy – hybrid connectivity between on-premises and cloud, Hub & Spoke deployments with VNets, NVAs (Checkpoint, Palo Alto, F5 ), NSGs
- Designing, deploying, configuring and managing Azure Infrastructure Solutions involves features like Compute, Vnet, OnPrem connectivity, Storage, Backup, Monitoring (app Insights), Load balancing, Disaster recovery, ARM and many more
- Designing and Implementing Azure AD, Azure Information Protection Solution, Conditional Access Policy
- Designing, deploying, configuring and managing Active Directory solution including ADFS, ADRMS, PKI (ADCS) Azure
- Azure Active Directory, Extend On-Premises Active Directory to Azure
- Multi-Factor Authentication
- SSO
- Site to Site VPN, Point to Site VPN, Express Route
- Basic understanding of PowerShell Scripts
- Microsoft Technologies - Azure (IaaS, PaaS, Hybrid), Microsoft 365 E5 Security
- Network Security – Network Virtual Appliances (Checkpoint, Palo Alto)
- DDoS Protection (Azure, Akamai), Azure Front door, Global traffic manager, Load balancers, Azure Firewall & NSG
- Cloud Security Posture Management (CSPM) – Azure Security Centre, Log Analytics, Azure Sentinel
- Data Protection – Data Encryption & Key Management, Azure Key vault, Hashicorp Vault
- Application Security – CI /CD Pipeline security (Veracode, CheckMarx, Whitesource Bolt), Micro-services Security, Web Application Firewalls
- Containers & container security – Dockers, Kubernetes, Twistlock, Aquasec
- DevOps Tools and Orchestration – Azure DevOps, Kubernetes, Jenkins
- Identity & Access Management – Azure Active Directory, Role based Access Controls (RBAC), SAML & SSO, Zero trust & Conditional Access Policies
- Automation – Infrastructure as Code (IaC) through Azure Blueprints, Terraform & Ansible, Azure Functions
Education
Azure Certified Security Engineer Associate -
Azure Certified Solution Architect Expert - undefined
Cloud Security Alliance CCSK
Authorised Instructor - undefined
AWS Certified Solution Architect – Associate - undefined
AWS Certified Cloud Practitioner - undefined
Certificate of Cloud Security Knowledge (CCSK) - undefined
Certified Cloud Security Professional (CCSP) - undefined
Certified Information System Security Professional (CISSP) - undefined
Other Vendor Certifications - undefined
01.2006 - 04.2015
Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Cisco Certified Security Professional (CCSP), Checkpoint Certified Security Administrator (CCSA), Certified SonicWALL Security Administrator (CSSA), ITIL Foundation (Exin), Certified Ethical Hacker (CEH), Cisco Security Solutions and Design Specialist - undefined
Master of Business Administration (MBA) - Information Technology
UCAM
Skills
Security Governance & RiskCompliance (PCI DSS, ISO 27001)Public Clouds - AWS, Azure, OracleMicro-Services & API SecurityDevSecOps & Container SecurityCloud Security Posture ManagementCloud Infrastructure SecurityEmerging Tech - IoT, BlockchainsProfile SummaryHas been serving as trusted advisor to key business and technology partners – Head of Cloud, CISO, Head of DevOps, Digital SquadsAccomplished and seasoned Security Executive with 18 years of experience in planning, building security strategies & roadmaps, managing security budgets and team management including hiringCertified Security professional with deep expertise and experience in Cloud & digital Security, Identity Security, Cloud Security Assessments, Cloud Security Architecture, Cloud Security Readiness and Posture Assessments involving industry standards checksHighlightsPerformed Security Assessment and for Azure Cloud Readiness which included technology, compliance and operational readinessPerformed Security gap assessment for of Azure DevOps CI / CD pipeline and recommending security tooling for the pipeline and container orchestration platform – KubernetesApproval authority for any new/exiting applications migrating to cloudSecurity review of solution architecture of new services, applications, micro services and procured solutionsConducted risk assessments for DevSecOps and IaC (Infrastructure as Code) deploymentsChange approval of high and critical infrastructure changes in cloud & digital infrastructurePreparing requirements document for new security solution, conducting PoC and evaluating vendor solutionsAugust’ 19 – Present with Cloud Security Alliance, Global as authorized instructor for CCSK coursesDelivering online and classroom training for CCSK and CCSK PlusMember of CSA working group on SDN and DevSecOpsAssisted CSA India in mapping cloud control matrix (CCM) security controls with RBI guidelines for BFSI companiesSept’ 18 – July’ 19 with Pricewaterhouse Coopers (PwC), India as Manager – Cyber Security & PrivacyProject : Ministry of Electronics and Information Technology, Govt of India: Managed the project (with team size of 5) to assist Ministry with “Meghraj” cloud initiative which included developing cloud security strategy for cloud adoption by government departments, developing security guidelines for empanelment of cloud service providers We further built an excel-based tool for software / application assessment to decide best candidate for cloud adoptionProject : MMTC-PAMP, India: Key assignments under this project were migration of 70 VMs and infrastructure on AWS platform from Singapore Region to Mumbai Region and deployment of DDoS solution Lead a team of 4 engineers in designing secure AWS migration strategy Team further evaluated vendors - Akamai, Cloudflare and F5 Silverline for DDoS protection services and assisted in developing use cases for PoC and selection of the vendorProject: SBI Cards India : As a trusted advisor to CISO, lead a team of 12 engineers to manage end to end cyber security of SBI Cards which included security architecture, IT risk management, ISO 27001 compliance, SOC operations and Identity & Access Management Team was also instrumental in building cloud adoption strategy and security assessments of SaaS application by SBI CardsDeveloped Service catalogue and capabilities for cloud security servicesWas in-change of managing cloud security engagments across IndiaDevloped presentation decks and reply to RFCsManaging and Assisting “CISO” function of large government and banking clients
Accomplishments
- Experienced DevSecOps professional in building secure CI / CD pipelines for both micro-services based applications and infrastructure as Code (IaC) deployments
- Architected, designed & developed cloud and security solutions while maintaining scalability, performance & availability and implemented global IT vision, IT strategy, policies, initializing IT investment & optimized current resource
- Good understanding of ISO 27001, CIS Control Framework, NESA, PCI-DSS, NIST Cyber Security Framework, CSA Cloud controls matrix (CCM)
- Good exposure in managing risk in Hybrid cloud environments and conducting Information Security Assessment for Azure Cloud Readiness which included technology, compliance and operational readiness
- Developing key security documents for cloud operations – Go-live check lists, SaaS application security check list, security controls for Azure services (Azure Active Directory, networks, SQL, Redis etc.)
- Cloud Security Alliance Authorized Instructor for delivering CCSK and CCSK Plus courses
- Expertise in vendor evaluation and solution procurement – developing security requirements and conducting PoCs
- Insightful understanding of ITIL foundation framework and Consulting framework
- Rich expertise in ensuring that the architecture strategic view, roadmap, rules and principals are considered in the actual projects and designing solutions for Application and its security architectures
- Worked closely with customers on the technical requirements to provide solutions; identified requirements including details required for service definition using technology solution document
- Supervised smooth support service delivery and tested of the application and extended post go-live & application maintenance support to the client
- Expertise in planning project activities such as scoping, estimation, tracking, change management, delivery management and implementing project plans within preset budgets and deadlines
- Designed & implemented enterprise infrastructure & platforms for, analyzed system requirements and ensured system integration with current applications
- Effective leader with excellent motivational skills to sustain growth momentum while motivating peak individual performances
- Continuous learning path throughout the career starting with CCNA (Cisco) in 2006 and currently holding multiple security certifications including CISSP, CCSP, CCSK, Azure Certified Solution Architect, AWS certified Associate Architect
- Member of Cloud Security Alliance working groups on Software-defined networks and DevSecOps
- Organizational Experience
- August ’21 till present with Network International as a Group Head of Cloud Security, UAE
- Managing and leading a group of inspired cloud security and DevSecOps professionals across Middle-East and Africa
- Primary responsibilities include defining security strategy and security architecture , managing budgets and teams
- Scope includes multi-cloud Hybrid IT environment using on-premises, Azure, AWS and Oracle Workloads
- Key Result Areas:
- Lead and managed the end-to-end security of new deployement on Oracle cloud Infrastruture – Compliance (SAMA and PCI-DSS), Security Architecture, Hiring & Budgets in Kingdom of Saudi Arabia
- Enhanced security controls for Azure cloud by implementing Tools such as Prisma, Veracode and improved cloud security posture of the Azure Environment
- Was part of Business Acquistion team during DPO acquisition bY NI – Security Gap assessment, build a security roadmap for next 3 years
- Implementation of new Cloud Access Security Broker (CASB) solution for SaaS Security
- Re-design DevSecOps programs by introducing static testing tools and container security
- Introduction of cloud security posture management solution.
Affiliations
- Lions Club
- International Association of Administrative Professionals
Timeline
Group Head Of Cloud Infrastructure
Network International
10.2021 - Current
Senior Security Architect
04.2021 - 07.2021
Senior Technology Architect
10.2019 - 03.2021
Founder & Principal Security Architect
Secloud Guru
09.2017 - 08.2018
Founder & Principal Security Consultant
NetworkLabs India as
02.2011 - 08.2017
Other Vendor Certifications - undefined
01.2006 - 04.2015
Security Specialist
Cable & Wireless
02.2005 - 01.2011
Network Security Engineer
Vinciti Network
08.2004 - 01.2005
Technical Support Engineer
Mphasis
01.2004 - 07.2004
Azure Certified Security Engineer Associate -
Azure Certified Solution Architect Expert - undefined
Cloud Security Alliance CCSK
Authorised Instructor - undefined
AWS Certified Solution Architect – Associate - undefined
AWS Certified Cloud Practitioner - undefined
Certificate of Cloud Security Knowledge (CCSK) - undefined
Certified Cloud Security Professional (CCSP) - undefined
Certified Information System Security Professional (CISSP) - undefined
Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Cisco Certified Security Professional (CCSP), Checkpoint Certified Security Administrator (CCSA), Certified SonicWALL Security Administrator (CSSA), ITIL Foundation (Exin), Certified Ethical Hacker (CEH), Cisco Security Solutions and Design Specialist - undefined
Master of Business Administration (MBA) - Information Technology
UCAM