Ahsan Ahmed

WAF Policy Management and Optimization

• Developed and implemented comprehensive WAF policies to safeguard web applications against a wide range of cyber threats, including SQL injection, XSS, and other malicious attacks.
• Managed Global Account level WAF rules and Domain level Rules, ensuring comprehensive evaluation, analysis, and enforcement of custom WAF rules for 100% security coverage.
• Conducted thorough log analysis and real-time monitoring of WAF logs to identify and address any false positives and ensure optimal performance and accuracy of the WAF policies.
• Utilized advanced log analysis tools (Sumo Logic, Splunk) to fine-tune WAF rules, striking the perfect balance between robust security measures and minimal false positive occurrences.
• Proactively identified and addressed potential vulnerabilities in web applications by continuously refining and updating WAF policies based on emerging threats and attack patterns.

Incident Response and Threat Analysis

• Supported Visa Stakeholders by actively containing incidents from WAF's perspective and creating additional Custom WAF rules to remediate security findings on applications.
• Collaborated with the incident response team to analyze security incidents, ensuring that the WAF policies respond effectively to mitigate and contain any ongoing or potential attacks.
• Conducted regular security assessments and penetration testing to validate the effectiveness of WAF policies and identify areas for improvement or additional rule creation.

WAF Automation and Tool Development

• Successfully led "WASP Project," collaborating with Automation team to build versatile platform that benefits various cyber and non-cyber teams.
• Implemented automation in log analysis and policy management processes to enhance efficiency and reduce response time, leading to a more agile and proactive security posture.
• Contributed to the development of custom scripts and tools to streamline log analysis and policy management, improving the team's ability to detect and respond to security threats promptly.
• Currently leading a cutting-edge project utilizing AI/ML to detect web-based attacks, scanning behaviors, and detect the malicious requests that have bypassed WAF policies.

Security Assessments and Compliance

• Performed risk and vulnerability assessments and provided results and recommendations to senior management.
• Performed and reviewed technical security assessments to identify points of vulnerability and non-compliance with established information security standards and recommend mitigation strategies.
• As lead, I took charge of conducting Security Assessments for new and existing Visa applications, including acquisitions.
• Successfully navigated through WAF audit processes, ensuring compliance with industry standards, regulatory requirements, and internal security policies.
• Conducted regular internal audits of WAF policies and log analysis procedures, identifying areas for enhancement and implementing corrective actions to maintain a high level of security efficacy.

Project Management and Leadership

• Led and managed multiple complex cybersecurity projects including ATO protection, Cloudflare API Shield implementation, and Cloudflare WAFv2 migration.
• Demonstrated strong project management skills by overseeing project timelines, resource allocation, and stakeholder management.
• Successfully coordinated cross-functional teams including product development, engineering, and security operations to achieve project objectives.
• Developed and implemented a comprehensive WAF strategy focused on mitigating account takeover (ATO), API security, and bot management threats.
• Architected and implemented custom WAF rules to enhance protection against a broad spectrum of web-based attacks, including SQL injection, XSS, and DDoS.
• Optimized WAF performance through rigorous testing, analysis, and fine-tuning of rate-limiting rules, resulting in improved detection rates and reduced false positives.
• Pioneered the development and implementation of automated WAF rule analysis and generation, leveraging AI/ML technologies to enhance threat detection and response capabilities.
• Built and managed a robust WAF automation framework to streamline processes, improve efficiency, and reduce manual intervention.
• Collaborated with cross-functional teams to identify automation opportunities and drive process improvements.

• Deploy and maintain WAF infrastructure, including Advanced WAF rules, across on-premises and cloud-based environments
• Implement advanced Bot protection and targeted CDN delivery to bolster the security of web applications
• Collaborate with Cyber Threat Intel teams to translate actionable intelligence into secure architectural designs with well-documented and measurable controls
• Automate repetitive tasks through the development of workflows, streamlining WAF management and enhancing operational efficiency
• Engage closely with DNS, Networking, Application Development, and Risk Management teams to strategize, implement, and uphold secure service application delivery
• Contribute to the development of Information Security Standards, with a focus on bridging WAF-related gaps in security measures
• Act as a subject matter expert in secure edge technologies, playing a pivotal role in security assessments from both SIEM and WAF perspectives
• Regularly oversee and analyze WAF activities, such as SIEM offenses, L7 DDOS incidents, and other web-based traffic blocks enforced by WAF rules
• Demonstrate flexibility by occasionally taking up after-hours responsibilities to ensure non-protected web-based applications receive WAF coverage
• Respond promptly to assigned Threat tasks, addressing new vulnerabilities like CVE-2022-22965, to uphold WAF security
• Perform various assigned duties, including actively contributing to the Web Attack Surface Posture (WASP) project, supporting the CAP (Pre-audit effort), managing WAF inventory and Dashboards, overseeing Sumo logic User Access Review (UAR), enrolling Cloudflare/Imperva WAF instances, handling DNS/Tufin requests, enrolling Cloud Accounts (AWS/Azure/GCP/M&As) into Sumo logic, contributing to VISA Wiki documentation, and more.