Milan Soni

Yeah. Sure. So I'm a bachelor of computer engineer, and recently, I completed my master of science in cyber security from California State University. Um, I'm a experienced professional, uh, with over 6 years of experience in network security domain. I work for the companies like Accenture, IBM, uh, the Infosys, uh, as a, um, network security engineers, IT operations associate, security engineer, and technology lead. I I managed the team, uh, with a member of more than 5, uh, when I was working with Infosys and also during the during my tenure in IBM. And, um, if you can see my LinkedIn profile, then I, uh, I have a skill set experience educations, uh, achievements, uh, that are completely aligned to these roles. And, um, um, I can say that, uh, senior network security or a senior network engineer role is completely aligned to my profile and, uh, is the one that I'm looking for, uh, as an ideal role. So, uh, this is my, uh, introductions, uh, and let's get started.

So my approach to migrating an enterprise systems to AWS cloud while, uh, while ensuring high availability and security. Uh, I prefer to use the connections from the on premise, uh, on premise, uh, devices, uh, networking devices, uh, at the router or the firewall network security devices, the perimeter devices to the, uh, AWS VPC. And with the help of the VPN and the inbuilt tools for the migrations, uh, from on premises to, uh, uh, the cloud irrespective of, uh, its vendor like Azure or AWS. Uh, I will follow the guidelines accordingly and maintaining the assure, uh, and assuring high availability and security. Uh, security, we can achieve in terms of the VPN kind of stuff or, uh, or with the help of 0 trust architecture. Uh, and up and also we can ensure that, uh, with the help of this, I can achieve the high availability as well. So these are a few steps of, uh, few steps, uh, from my approach, migrating an enterprise system so it builds cloud while ensuring high availability.

So, the process of managing and implementing SD-WAN technologies across a multidigital company, I suggest or I can use, I can say that with the help of the Cisco DNA Center Assurance, it's a network management, it's a network management technology. With the help of a single dashboard, we can manage the SD-WAN technologies, implement and deploy things across the regions or the different regions of a company, whether it's a site or have different locations. So, with the help of the SD-WAN and with the help of the Cisco DNA Center Assurance, we can easily manage the, easily manage networking, networking technologies, because these are the new tradition, these are the new technologies we are using and it avoids or it is completely different from the traditional one, where earlier we used to manage a lot of different devices and it was time-consuming and a tedious task for the administrator. But with the help of the new SD-WAN technologies, the software-defined based SD-WAN technologies, we can easily deploy the things irrespective of its communication media, either through MPLS or either or using the different Wi-Fi-based access, internet-based access through any media like Wi-Fi or the mobile internet as well. So we can say that I can easily define the process of managing and implementing SD-WAN technologies by introducing Cisco DNA Center that can ease our task to deploy the things, to onboard the devices and manage the devices across the globe or the different regions.

So what strategy would I need to employ to ensure PCI DSS compliance for every network point of sale system in a retail company? Yeah. So, um, we can say that, uh, we can use a security orchestration tool, uh, called AlgoSec. So it's a huge tool that we can integrate to different devices, uh, and we can onboard the devices from the different vendors irrespective of its vendor like Juniper, Palo Alto, Cisco, um, and the Cisco Meraki, etcetera. We can onboard all the devices, networking devices, as well as network security devices like firewalls, IDS, IPS, and routers and switches. And we can manage it from a single dashboard, uh, whether irrespective of its, uh, huge number of count PCI DSS compliant. And not only the PCI DSS, there are PCI DSS compliant. And not only the PCI DSS, there are other regulators and compliance reports available in the AlgoSec through which we can manage, uh, through which we can generate the report. And apart from compliant, we can do a lot of things like rule remediations, uh, risk mitigations, uh, and enhance and oral enhance the security, uh, of the devices.

process and the challenges of incorporating macfp ips into the existing security infrastructure yeah sure so integration process and challenges depends on the type of infrastructure the existing infrastructure we need to look into it properly and based on the existing infrastructure we need to check where it gets in where we can fit this integration of a macfp ips and depend upon the criteria and the requirement business requirement we can follow some simple procedures of the steps by or in order to incorporate this ips and we can we we cannot say that it's an impossible task but it's it's a easy task and while integration if there are any kind of issues for example a multi-vendor environment is there and how the how mcafe can work work perfectly with the different vendors or how it is compatible that depends upon that depends upon the requirement and and and the things we need to achieve and i can i can say that we need to follow the basic guidelines and the procedures available over the internet or through the mcafe resources in order to integrate the things and if we face any issue then we in the last gateway of resort we can try to contact the mcafe support team and they can help us to to resolve the issues that are related to any kind of hardware or the software kind of bugs apart from that if we are good with the software bugs and the hardware issue then we can easily configure the things and based on the configuration we can achieve the integration of mcafe

Key steps of deploying and securing an IIS server in an enterprise network. Okay. So, uh, my suggestion to deploy not only the IIS server, but any server in an enterprise network, um, make sure that, uh, we can, um, we can disable the ports which are not required because, uh, with the help of disabling the unused ports, uh, it helps to, you know, it helps to avoid, uh, kind of, uh, end mapping kind of, uh, end mapping kind of activity we can avoid, uh, to, uh, to make sure that, uh, if there is something open, then it is easy for attackers to attack the things, uh, to leverage that particular ports and the services server, uh, to get into the server and, uh, malfunction it. So in order to secure server, we need to make sure that we can use the certificates, uh, installed properly, uh, from the 3rd party or the global recognized entity that help us to access the server over the web browser. And we also need to make sure that whatever the client and server communicating uh, that channel is also authenticated with the help of the SSL, uh, communication. So in this way, uh, these are the some steps that we can, uh, use for deploying and securing IS server in the enterprise network.

How would you, uh, leverage a pulse scripting to automate a recurring networking configuration start? Uh, to be very precise, I haven't used the pulse scripting, but I used Python scripting to automate the recurring configuration tasks like, for example, using the PowerShell script large number of firewalls in the environment. Uh, to log in into the firewalls and taking the configurations, the latest configurations, backups and sealed into the one particular drive. Tedious task daily and increase the efficiency of the work and the performance. Apart from that, we already, um, there are already tools available in the market. Uh, also if the company, uh, wants to use, uh, the kind of tools like AlcoSec, uh, or the different solar wind or different kind of tools, If they, uh, in order to meet their business requirement, then we can achieve that thing also, uh, the automation also through this kind of tools. So, um, this kind of activities I already performed in my previous, uh, job tenure.

So, uh, necessary steps that I take that I need to take, configure the Palo Alto firewalls meet specific security requirements. Yeah. Sure. So, um, by default, uh, we need to configure the firewall or the firewall in built is developed in such a, uh, in such a way that by default, everything is in block state or we can say a too tight situation. Uh, so we need to understand the business requirements, and we need to include the ITIL process or the change management process, uh, that helps to keep the track record of the entire, uh, changes that are going to be taken place or that are already taken place. In order to overcome or in order to help in security auditing kind of stuff and the compliance also. So, uh, we can use, uh, either a third party tool called AlgoSec in order to configure the things or pushing the policies or the rules, uh, or the security firewall, or we can use the firewall dashboard. Like, Palo Alto uh, Panorama dashboard through which we can manage the multiple firewalls, um, and we can push the configure the things and push the policies, uh, based on the requirements, business needs. So before pushing our configuration anything on the firewall, uh, I suggest to use the change management ticket process, that requires some kind of discussions with the, uh, with the stakeholders getting the approvals from the higher authority and, uh, justifications behind, uh, behind its implementation. And based on that thing, we can configure the firewall, firewalls or any other devices, um, based on the requirements. And after suppose if we configured the firewalls and we can use the 3rd party tools or, uh, the other technique, uh, with the help of which we can or the inbuilt available tools from the vendor can help us to know how secure the device is, uh, based on that security, based on that report. Um, for example, um, for example, consider AlgoSec tool that help us to know the secure, uh, that help us to fetch the report uh, to have a minimum baseline configuration, um, how much, uh, how much, um, secure our device is. We can increase the security of the devices by hardening the, uh, device with the help of the configurations. And, uh, we can mitigate this risk, uh, with the help of this such kind of reports generated by the 3rd party to, uh, tools. And we can achieve and enhance the security of the devices based on the requirement.

Create a comprehensive project timeline for our clients network upgrade, which involves replacing all HSRP protocols with VRRP for device redundancy. So, uh, comprehensive project timeline, uh, we can say that it's not a huge project based on replacing all SSRP protocols with VRRP for device redundancy. Uh, we need to follow some vendor guidelines. Uh, for example, if we if we have a Cisco environment, then we need to consider, um, uh, what are what all are the steps needs to be required. And after taking such steps what are going to be the outcome. And we we can say that we need to create a lab kind of environment where we achieve this, uh, where we achieve this replacing, uh, HSRP, uh, protocols with VRRP, and then we can put it into the test environment and make sure that if everything goes, uh, if everything is working required, we need to also take help of tech support in case if we, uh, if we encounter with the bug reports or kind of compatibility issues or any kind of such hardware specifications requirement.

Consider ITIL, uh, version 3 framework. How do they influence your approach to network operation and incidents? Yeah. Sure. So, um, ITL process, because I am well aware about the process, because I work for the companies like Accenture, uh, IBM, and Infosys where they uh, ServiceNow tool, uh, for this network operations and incident managements with the help of which manage the changes required on the devices for the network operations, uh, implementing or deploying the configurations on the network devices and the network security devices, uh, keeping the track record of each and everything, uh, getting the business justifications, uh, before getting the necessary approvals, attaching the approvals, then representing that particular thing in in front of the cap advisory business calls, uh, explaining the requirement behind it once every phase is passed, then we can easily deploy the things with the with the defined configurations. Or we or even after configuration, if something goes wrong, then we can, uh, we have a revocation plan as well, incident management process or network operations, uh, with the help of the ITN. And incident management, we can, uh, we can have a number of tickets from the different, uh, different, uh, teams. Incidents. And then we can manage such things things with the help of this kind of a ServiceNow well known ticketing tool. Uh, because it help us to follow the ideal process, uh, that requires in order, uh, in order in order to meet the security in order to meet the security audit and the compliance requirement.

The benefits of employing NEC within an organization's network in terms of security and access control. Yeah. Obviously, if you consider an example of the Sys Wise, which is the most famous, uh, technology, uh, compared to all other vendors in, uh, currently running in the market not currently, but it have been in the market since long and it is continuously getting evaluated and enhancing their performance. So there are a lot of benefits of employing neck because network access control is a kind of a technology that we can access the control of the network devices in our environment. Um, this is required in terms of the security and access control because we need to make sure with the help of NEC that, uh, this devices as are the legitimate one, and they are supposed to access or get into our network based on their identity, uh, based on their identifications. For example, if if, uh, if some, uh, device wants to enter into the network, so that device needs to authenticate, um, with the, uh, with the Cisco or the network access control technology, uh, with the help of the switch. Switch on behalf of ISE is going to provide is going to check the authentication on the devices and get into the, uh, and get into the, um, ISE and with, uh, or the network access control technology. So with the help of network access control, we can also control the access. Uh, we can also, uh, we can enforce the security policies in order to increase the security posture of the devices with the network access control. So we can, uh, achieve a lot with the help of the network access control.