Yusuf Lasisi

SD-WAN/SASE Architecture & Deployment: Architected and led the enterprise-wide deployment of Cisco SD-WAN (Viptela) for intelligent routing, seamlessly integrating it with Netskope Secure Access Service Edge (SASE) to deliver unified cloud-native security (SWG, CASB, DLP) and granular Zero Trust Network Access (ZTNA) across [X hundred/thousand] branch locations.

• Strategic SASE Integration & Zero Trust: Engineered a comprehensive Secure Access Service Edge (SASE) framework, integrating Cisco Umbrella for DNS-layer security, Zscaler (ZIA/ZPA) for web/private access, and Palo Alto Prisma Access to deliver cloud-delivered Secure Access and meet Zero Trust Network Access (ZTNA) objectives.
• Cisco SD-WAN Deployment & Automation: Led the greenfield deployment of Cisco-Viptela SD-WAN, configuring Application-Aware Routing (AAR), advanced QoS policies, and dynamic routing (BGP, OSPF); achieved massive scale using ZTP and vManage templates.
• Cloud On-Ramp & Automation: Developed and executed Cloud-OnRamp automation solutions to provision Cisco vEdge/cEdge routers into both AWS and Azure environments, establishing secure and high-performance hybrid cloud connectivity.
• Fortinet SD-WAN & Security Orchestration: Deployed Fortinet FortiGate SD-WAN clusters, orchestrating centralized firewall security policy and UTM features (IPS, Anti-Malware) via FortiManager, and utilizing FortiAnalyzer for log review and complex troubleshooting.
• Prisma SD-WAN Implementation: Implemented Palo Alto Prisma Access for Mobile Users (GlobalProtect) and remote site connectivity, leveraging User-ID, Application-ID, and Host Information Profile (HIP)-based access control for enhanced security posture.
• Access Control & NAC: Managed and optimized Cisco Identity Services Engine (ISE) for robust 802.1X and NAC policies, resulting in a demonstrable 50% reduction in unauthorized device connections and improvement in network security posture.
• Configuration Automation: Leveraged Ansible to automate the deployment and change management process for network configurations across data center firewalls and routers, significantly reducing configuration errors and improving deployment consistency.

• Palo Alto NGFW Expertise: Administered and managed a global deployment of Palo Alto Next-Generation Firewalls (NGFWs) utilizing Panorama for centralized policy orchestration, software management, and log correlation across the enterprise fabric.
• SASE & Prisma Access Deployment: Engineered and executed the deployment of Palo Alto Prisma Access for Service Connections, Remote Networks, and Mobile Users (GlobalProtect), leveraging User-ID, Application-ID, and Host Identification Profile (HIP) for granular, context-aware access control.
• Fortinet UTM Optimization: Configured and maintained FortiGate firewalls for Unified Threat Management (UTM) features (Intrusion Prevention, Anti-Malware, Web Filtering), centrally managing devices via FortiManager to optimize firewall performance and achieve a [15-20%] reduction in false positives.
• Routing & Switching Architecture: Configured, optimized, and maintained core network infrastructure by implementing dynamic routing protocols (BGP, EIGRP, OSPF) and advanced Layer 2 technologies (VLANs, STP), ensuring optimal network performance, redundancy, and availability.
• Foundational Security Controls: Implemented and enforced foundational network security measures, including the rigorous application of Access Control Lists (ACLs), configuration of diverse VPN topologies (IPSec/SSL), and establishment of secure 802.1X/WPA3 wireless authentication standards.
• SIEM Integration & Monitoring: Established centralized threat visibility by integrating firewall and network device logs with SIEM platforms (Splunk, SolarWinds) for real-time monitoring, correlation, and automated alerting, enhancing security incident response capabilities.
• Vulnerability Management: Directed regular vulnerability scanning and led the subsequent remediation efforts across critical infrastructure, resulting in a measurable improvement to the organization’s security posture and risk profile.

• Vulnerability Management: Performed vulnerability scans and managed remediation efforts, reducing the risk of security breaches.
• Compliance Assurance: Conducted regular security audits to ensure compliance with industry standards such as PCI-DSS, HIPAA, and GDPR.
• Documentation: Created and maintained comprehensive documentation of security policies, procedures, and network configurations.
• NAC Implementation: Implemented and managed network access control (NAC) solutions (Cisco ISE) to enforce security policies based on user identity and device compliance. Configured and managed 802.1X authentication for wired and wireless networks, ensuring secure access control.

• 802.1X Authentication: Configured and managed 802.1X for secure access, enhancing network security and reducing unauthorized access incidents by 40%.
• Cloud Networking and Security:
• AWS Integration: Deployed and managed cloud-native security services, including AWS Security Groups, NACLs, and Azure Network Security Groups, to protect cloud workloads.
• Hybrid Cloud Connectivity: Established secure and efficient hybrid cloud connectivity using VPNs, Direct Connect (AWS) ensuring seamless integration between on-premises and cloud environments.

• Firewall Security Management:
• Palo Alto Firewalls: Managed Palo Alto NGFWs with Panorama. Successfully deployed Palo Alto Prisma Access for Service Connection, Remote Networks, and Mobile Users – Global Protect, including User-ID, Application-ID, and Host Identification Profile (HIP).
• Fortinet Firewalls: Configured FortiGate firewalls for UTM features, including intrusion prevention, anti-malware, and web filtering, while optimizing firewall performance and reducing false positives, and managed multiple Fortinet firewalls using FortiManager.
• Identity Services and Access Control:
• 802.1X and NAC: Configured and managed 802.1X authentication for wired and wireless networks, enforcing security policies and ensuring only authorized devices gain network access.

• VPN Configuration:
• Remote Access: Configured and maintained VPN solutions (Cisco AnyConnect, Fortinet FortiGate) for remote workers, integrating with multi-factor authentication (MFA) for enhanced security.
• Performance Monitoring: Monitored and optimized VPN performance, troubleshooting connectivity issues and ensuring seamless user experience.

• Network Design and Implementation:
• Routing and Switching: Configured and managed Cisco routers and switches, including Layer 2 and Layer 3 features, VLANs, and inter-VLAN routing.
• Network Segmentation: Implemented network segmentation and isolation using VLANs and access control lists (ACLs) to enhance security and optimize performance.

• Network Installation and Configuration:
• Device Setup: Configured Cisco and Juniper network devices, setting up routing protocols (BGP, OSPF), VLANs, and access controls.
• Network Expansion: Supported network expansion projects, including the integration of new devices and technologies.
• Technical Documentation: Created and maintained documentation for network configurations, changes, and procedures.
• Documentation: Developed and updated network diagrams, configuration guides, and support procedures.