Daniel Ampofo

EDUCATION

• Mechanical Engineering Technologist (George Brown College of Applied Arts and Technology)

PROFESSIONAL CERTIFICATIONS
• CCSE R80
• CCSA R80
• CCSM R77 (Checkpoint Certified Security Master)
• CCMSE MDSM with VSX R77
• CCSE R77 (Checkpoint Certified Security Expert)
• CCSA R77
• CISSP (Working on Certification)
• CCNP (R/S), CCNA, (R/S) ,VCP-NSX,NSA, A+
• MCSE
• ITIL v3

TECHNICAL SKILLS

• Routers (Cisco 2800,2900,1800,1900)

• Cisco Switches (6500,3600,3500,3960)
• Cisco Firewalls (ASA 5505,5510,5550, VPN Concentrator, ASA NG)
• Juniper Firewalls (SSG )
• Palo Alto firewalls
• OC-48, OC-12, OC-3, DS3, T-1, ISDN, FDDI, MAN
• Routing protocols (BGP, OSPF, EIGRP, RIPv2, VRF, Multicast, AnyCast, MSDP, PIM-DM/ SM, IS-IS)
• Juniper Routers ( M120, M10, M7i, 6350, 4360 )
• Network Management (What’s UP Gold, Orion NPM, Qualys, Fire Eye )
• Data Center (Nexus 7k, 5k, 2k, 1k, UCS, FEX/IOM,vPC,vDC,VPLS, OTV, DWDM, LISP )
• IPv6 OSPF/EIGRP
• Cisco Meraki Switches
• Tufin Secure Track Policy Orchestration
• Tufin Secure Change
• Firemon
• Fortinet Firewalls
• Symantec DLP

PROFILE

• Over 15+ years of extensive hands-on security and network experience with some prestigious organizations like CTV and
TELUS and Royal Bank of Canada and Bank of Montreal
• Firewall Auditing and Remediation for compliance using Tufin Secure Track and Secure Change
• Worked as an onsite liaison with a customer for security and network engineering consulting and also as a SME on technical
discussions for pending projects, products and solutions.
 • McAfee Anti-Virus end to end Security solutions
• Symantec Security solutions
• Provided support for customer with Move, Add, Change or delete in addition to overseeing the needed troubleshooting,
service and repair of complex network equipment and systems.
• Aided as needed in design and integration of Checkpoint Firewall Gaia R77
• Palo Alto Firewall 6.1, Splunk Log Analyzer, Algosec Firewall Analyzer in multivendor environment
• Extensive hands-on configuration and troubleshooting Checkpoint firewalls, Palo Alto firewalls, ASA firewalls, Juniper
firewalls, Cisco routers and switches for various L2/L3 routing protocols (RIP, EIGRP, OSPF, BGP, IS-IS BGP and MPLS) NAT,
MULTICAST, IP, Qos, MSTP
Extensive hands-on configuration experience in MPLS VRF VPN, LAN/WAN technologies, Network Security, Network
Management, TCP/IP, UDP.
• Fireye Security solutions
• Pravail APS Security Solutions
• Effective verbal, written communication as well as presentation skills. Excellent documentation skill in addition to technical
reports on complex technical matters. I am a fast learner and excellent team player.

Professional Experience

HPE /DXC

CIBC Account

Firewall Engineer / Lead Engineer Feb. 2017- till Present

• Implementation of VPN site – to – Site with clients

• Technical rule design for client firewalls
• Support of client firewalls of different vendors across the globe
• QMS peer review of Firewall Request Changes
• Mentoring of Engineers
• Troubleshooting of technical issues with firewalls
• Working on multiple firewall projects

Bank of Montreal August 2015 – Nov. 2016

Security/ Firewall Policy Analyst

• Periodic review of a firewall policy as per defined standardized reporting criteria outlined in Section: Standardized
Secure Track Reports using Tufin Policy Orchestrator Security Tool
• Provide remediation recommendations as a result of those reports as defined in Section: Standard Remediation
• Submit, track, and verify approved remediations are implemented
• Documentation and archiving of all review/remediation activities
• Querying for specific elements within a firewall policy (i.e. rules, source, destination, services, actions, etc.)
• Audit reports for comments or naming syntax, missing comments, unlogged rules, overly permissive rules, missing stealth
or clean up rules
• Query for fully shadowed or disabled rules, high-hitting rules in low places of the firewall policy
• Aggregated rule usage history, both for a rule itself and objects within a rule
• Compare policy revision history and report on changes within a policy
• Report to FGO as per review directives
Programs and Tools used for project are:
• Check Point MDG Client (R77)
• Juniper NSM Client (2010.3s14)
• Tracked vendor and security internal vulnerability alerts
 • Created reports for senior Risk Management
• Juniper NSM Client (2007.3r5)
• Adobe Acrobat X
• Microsoft Office (Word, Excel)
• BMC Remedy Client
• Mozilla Firefox

Royal Bank Canada Feb.2015 – July 2015

Security Analyst.

• Duties include day to day Security operations of Over 200 multi-vendor firewalls including Palo Alto and Checkpoint Firewalls.
• Responsible for monitoring network for Data Loss Prevention (DLP)
• Creating MoP’s for firewall requests and staging policies.
• Installed, configured, and managed Symantec SEP 11 and 12, Symantec DLP, troubleshooting client communication with
primary servers, custom install, and Policy settings.
• Troubleshooting firewall issues for internal and external partners.
• Detecting and locking down NPPI / SI data using Symantec’s Data Insight and Vontu/DLP in accordance to GLBA
• Using Algosec Firewall Analyzer for investigative, root cause and problem solving on the network.
• Using FireEye appliance to monitor network for Cyber Security protection for company network.
• Using Splunk Log server for troubleshooting network connectivity issues.
• Managed Vulnerability and patch management
• Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc) and changes to highly sensitive
computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
• Managed Infrastructure Lifecycle Management
• Tracked vendor and security internal vulnerability alerts
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage
Prevention (DLP), forensics, sniffers, and malware analysis tools
• Created reports for senior Risk Management
• Administered and supported McAfee Data Loss Prevention monitoring tools
• Managed Pravail APS security solutions

Calyx Transportation Inc. Sept.2014 – November 2014

Network Security Engineer

• Responsibilities included Reviewing Client's current network infrastructure and redesigned the network
• Managed Customers ASA firewall across various provinces using Cisco CSM and ASDM
• Meraki switches and Access Points, Cisco 4800, 4900 routers and Switches.
• The routing protocols used OSPF and RIPv2
• Reviewed Clients internal Vlan subnets and setup.
• Configured Link Aggregation between Meraki Switches and Cisco switches to provide redundancy.
• Addition of New access switches for users.
• Reviewed Network traffic
• Configured and setup What’s UP Gold Monitoring Tool for monitoring Servers, routers, switches, Meraki Switches Access
Point.
• Provided suggestions in internal network adjustment.
• Provided extensive and detailed network infrastructure for Client’s Head office and Remote Sites thus providing Network
infrastructure visibility to Client.
• Use of McAfee for internal LAN Security
• Integration of Qualys for auditing, PCI compliance and Web application security
• Supported Customers Checkpoint firewalls
• Integration of Load balancers
Plan Group, Toronto [Managed & Monitoring Information Oct. 2013 – July 2014
Network Security Engineer

• Designed and implemented VSS Technology (network) using Cisco 6509

• Designed and integrated Security Cameras (network)
• Designed and integrated Nurse Call station (network)
• Worked as a managed Support Engineer for Hospitals and a Bank
• Implemented ASA Site-to-Site and remote VPN using IPsec
• Managed ASA firewalls using Cisco CSM
• Implemented Site-to-Site VPN between Managed Provider firewall and customer Checkpoint firewall.
• Managed Cisco 6500 series using VSS Technology
• Prepared Support Technical documentation for the client environment
• Supported HP Switches used for security camera monitors
• Supported Allied Telesys devices used for Hospital communications systems
• Participated in minor presales and RFP for bidding projects.
• Integration of F5 and Kemp Load balancers in the network.
• Managed and supported the WiFi infrastructure
• Monitored Customer Internal Network with Qualys.
• Integration of UCS to an existing Network
• Supported Customers Checkpoint firewalls
• Managed Vulnerability and patch management
• Managed Infrastructure Lifecycle Management
• Tracked vendor and security internal vulnerability alerts
• Created reports for senior Risk Management

McMillan, Toronto July 2012 – August 2013

Network Engineer

• Redundant design, and deployment of McMillan Core Network

• Data Center Network MPLS Core Migration project and Daily support of Network
• The routing protocols used EIGRP and BGP
• Using Cisco 4500 Layer 3 switches with Layer 3 Routed Port Channel Links in OSPF environment.
• Upgrading of the IOS of Cisco 6500 series Switches.
• Configuring of HSRP between redundant Cisco 4500 series switches
• Troubleshooting and Support of Cisco 6500, 4500, 3600 series switches
• Implementation of Cisco ASA firewalls and support Cisco devices
• Managed Cisco ASA firewalls using ASDM and CSM
• Staging of DMVPN Tunneling and IPSec, and deployment in production.
• MPLS VPN and Qos Configuration on Cisco 6500 series switches.
• Copper and Fiber cabling of the Cisco devices.
• Documentation and design of the Network.
• Deployment and management of FireEye Appliance for network threat detection.
• Managed and supported Riverbed appliances for capacity planning and WAN optimization
• Managed the WiFi infrastructure in the enterprise environment.
• Integration of Nexus 5k with VM and Nimble for Storage Area Network.
• Managing of Checkpoint firewalls
• Managed Vulnerability and patch management
• Managed Infrastructure Lifecycle Management
• Tracked vendor and security internal vulnerability alerts
 • Created reports for senior Risk Management
• Managed Symantec end Security products
• Monitoring and preventing data loss on endpoints
• Monitoring and preventing data loss from corporate mobile devices
• Configured policy response rules

SYMCOR Feb. 2012 –June 2012

Network Security Engineer

• Resolved Network connectivity issues in a timely manner.

• Data Center Security and Network Infrastructure Migration (6500,4500, ASA 5500, 3560)
• The routing protocols used EIGRP and BGP
• Installed, configured, and managed Symantec SEP 11 and 12, Symantec DLP, troubleshooting client communication with
primary servers, custom install, and Policy settings.
• Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc) and changes to highly
sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted
irregularities.
• Documentation and implementation of projects based on ITIL Standards
• Worked with operations team to implement Mcafee/ Symantec encryption & DLP.
• Implementation of Cisco Works LMS
• Implementation of Orion NPM /NCM
• Detecting and locking down NPPI / SI data using Symantec’s Data Insight and Vontu/DLP in accordance to GLBA
• Provide Support for LAN, WAN and performance issues.
• ASA firewall migration for clients
• Managing ASA firewalls with ASDM and CSM
• Corporate Security Management using Qualys

CPI Canada Oct. 2011 – Jan 2012

Network Administrator

• Implementation of Juniper SSG firewalls for perimeter protection

• Implementation and integration of Scanners and with Cisco AP’s
• Administering of Windows AD
• Implementation and configuration of cisco switches and routers
• Administering of Meridian Mail and FTP servers

TELUS Feb.2011 – Sept.2011

Network Security Engineer

• Implementation of Dynamic Multicast VPN Tunneling using IPsec and GRE (DMVPN) for Telus retail stores in High
Availability mode.
• Designed Customer Site devices for connectivity to Telus Hub using Cisco 1811 routers and cisco 3560 switches
• Monitoring and preventing data loss (DLP) on endpoints
• Monitoring and preventing data loss (DLP) from corporate mobile devices
• Detecting and locking down NPPI / SI data using Symantec’s Data Insight and Vontu/DLP in accordance to GLBA
• Support and troubleshoot WAN and LAN issues of Telus DMVPN retail stores
• Resolve Network connectivity issues in a timely manner.
• Managed and supported the WiFi for clients.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage
Prevention (DLP), forensics, sniffers and malware analysis tools
• Documentation and implementation of projects based on ITIL Standards.
• Adding deployed Telus retail stores nodes to Orion NPM
• Follow up with client and provider till WAN and LAN issues are resolved.
• Monitoring LAN ,WAN, and Tunnel interfaces with Orion Monitoring tool
 • Using Riverbed tool for monitoring WAN optimization and Capacity planning
• Upgrade of Telus Retail Store hardware IOS.
• Creating MOP using CQWeb Application for deployment of project and change management control and approval.
• Managing of Customers Checkpoint firewalls
• Managed Symantec end Security products
• Configured policy response rules

Kinross Gold June 2010 – December 2010

Network Security Engineer

• Integration of and implementation of Riverbed Steelhead for WAN Optimization

• Managed Riverbed appliances for WAN optimization and capacity planning
• Integration of Cascade Profiler for WAN monitoring
• Experience with MacAfee and Symantec anti-virus structures
• Monitoring and preventing data loss (DLP)on endpoints
• Monitoring and preventing data loss (DLP) from corporate mobile devices
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage
Prevention (DLP), forensics, sniffers and malware analysis tools
• Migration of RVA Backup to New ISP address Block using DMVPN
• Implementation of Site-to-Site VPN using ASA firewalls and Provider VPN device
• Implementation of Cisco Works LMS
• Implementation of Orion NPM /NCM
• Provide Support for LAN, WAN and performance issues.
• Setting up of Video Conferencing using Cisco ASA firewalls
• Managing Lan security using McAfee
• Managed Symantec end Security products
• Configured policy response rules

CTV Television July 2007 – April 2010

Sr. Network Engineer

• Participated in the Hierarchical, redundant design, and deployment of CTV Core Network
• Monitoring and preventing data loss (DLP) from corporate mobile devices
• Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc) and changes to highly
sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted
irregularities.
• Managing Lan security using McAfee
• Managed Vulnerability and patch management
• Managed Infrastructure Lifecycle Management
• Tracked vendor and security internal vulnerability alerts
• Created reports for senior Risk Management Using Cisco 6500 Layer 3 switches with Layer 3 Routed port channel Links in
OSPF environment.
• Upgrading of the IOS of Cisco 6500 series Switches.
• Configuring of HSRP between redundant Cisco 6500 series switches
• Troubleshooting and Support of Cisco 6500 , 4500 , 3600 series switches
• Implementation of Cisco ASA firewalls and support Cisco devices
• Staging of DMVPN Tunneling and IPSec, and deployment in production.
• MPLS VPN and Qos Configuration on Cisco 6500 series switches.
 • Copper and Fiber cabling of the Cisco devices.
• Documentation and design of the Network.
• Implementation, and support of Cisco MARS, Cisco NAC , Cisco TACACS , Netflow ,and NetScout
• Configuration of SSO for Cisco supervisor engines redundancy
• Managed and supported the enterprise WiFi environment.
• Integration of Cisco VSS using Cisco 6509
• Integration of Alcatel Lucent 7750SR in a Cisco / Juniper environment MPLS deployment
• Integration of Juniper 7750SR for VPLS (Metro Ethernet L2 VPN )
• Implemented the Lab set up and implementation of Juniper Operating system for MPLS VPN Multicast for video transfer
with the integration of NetVx using OSPF as the IGMP and BGP to establish The VPN tunnels at various provincial sites.
• Implemented Qos on the Juniper Routers.
• Implemented Any Cast and RP using Juniper OS
• Participated in the deployment of Metro Area Network between two sites over 10G with redundancy
• Managed Symantec end Security products
• Configured policy response rules

Lafarge North America Jan 2006 – June 2007

Network Engineer

• Duties include Monitoring, Operations, and Maintenance of the LNA Network. This includes all LANs, building and campus
wireless, intrusion detection and working with the WAN provider. Network Problems are identified and resolved in a timely
and high-quality manner.
• Provides support for all Cisco LNA networks
• Managed Vulnerability and patch management
• Managed Infrastructure Lifecycle Management
• Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc) and changes to highly
sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted
irregularities.
• Tracked vendor and security internal vulnerability alerts
• Created reports for senior Risk Management
• Provides improvement and technical upgrades to the network
• Installs programs and supports Cisco switches (6500, 4500, 1841, 3750)
• Installs and supports Cisco wireless access points
• Installs and support campus wireless
• Monitors the network using automated tools to generate alerts and responds to such alerts within established timeframes.
• Network documentation is up to date and available
• Deadlines and budgets for projects are respected.
• Designed proposed Customer Network and submitted to customer for approval and deployment.

Minacs Worldwide Jun 2001- Nov 2005

Network Design Engineer

• Designing and managing of data communication through checkpoint firewalls on Nokia Appliance
• Managing Lan security using McAfee
• Experience with MacAfee and Symantec anti-virus structures
• Implementing and managing an enterprise distributed environment checkpoint firewalls on Nokia Appliance High
Availability using VRRP as well as on separate modules.
• Worked with operations team to implement Mcafee/ Symantac encryption & DLP.
• Responsible for creating and managing of client VPN, Site-to-Site VPN, Extranet VPN, and Pass-through VPN for the
company and with the company’s strategic partners.
 • Responsible for configuring and managing VoIP for the company with a
strategic partner on two separate continents through the checkpoint
firewall
• Consults with Solution Architect, designs and implement data communication for
customer’s projects.
• Implementing enterprise Citrix and Siebel applications communicating through
checkpoint firewall
• Responsible for establishing multiple web servers on DMZ communicating
with Databases on the internal network for surveys as well as point of
sales businesses.
• Monitoring networks using network management and analysis products to
ensure network reliability , and responsiveness
• Manages and responds to any concerns regarding cabling in the LAN or WAN
highway
• Identifies and resolves basic network problems including connectivity, network
address incompatibility, response times.
• Assisted in the resolution of complex network problems through consultation
with various local network support personnel.
• Handled highest level of escalated problem solving for the Network.
• Administers security for data systems including local nodes of
communications network. Follows up on any security violations
• Oversees policy related to user password configurations and security protocol as
per client and organization inputs
• Sets and implements checkpoint firewall protection policies
• Controls and manages cabling, switches, and IP Address Network.
• Participates in analysis of communications systems proposals on; costs,
technical feasibility, and compatibility with current and future infrastructure.
• Managed Symantec end Security products
• Monitoring and preventing data loss (DLP) on endpoints
• Monitoring and preventing data loss (DLP)from corporate mobile devices
• Configured policy response rules

Maxon Services January 2000 – May 2001

Network Security Specialist

• Visited customer sites, performed site assessment and designed Network security
solution

• On-site implementations of several Checkpoint based security solutions

throughout Maxon’s customer base.
• Implementations were mainly focused on Checkpoint and Net screen Security
solutions including DMZ, VPN,
 • Full Cluster capabilities with Stonebeat Full Cluster and authentication through
RSA/SecurID as well as VPN.
• Deployed a solution to allow business partners to securely conduct e-commerce
with a catalogue of well over 2000 items.

PSINet. Canada September 1998 – December 1999

Network Security Specialist

Acting as a facilitator for Web hosting facility

• Responsible for dedicated and Web hosting installs on NT, & Unix
• Involved in the provisioning of new clients on the Black diamond switch thus
providing
• Appropriate IP blocks and port numbers
• Configure Cisco / Ascend /Netopia routers and CSU /DSU Switches
• Familiar with ISDN, Analog, Frame-Relay and T1(Fractional, full & burstable
connectivity )
• Monitored and maintained servers by utilizing an application called What’s Up
Gold.
• Maintained client database and track daily events in Remedy
• Assisted in the design and implementation of MRTG to measure network
performance.
• Monitored the state of automated backups.
• Netcool HP Openview IT/O
• Action Remedy / Webtrend