Mohamed Kamal - Professional Portrait

Mohamed Kamal

Senior Infrastructure & Network Security

11+ Years Experience
5+ Projects
Contact View Experience

Professional Summary

With over 11 years of experience in IT systems and security, my expertise lies in architecting and managing enterprise network infrastructure to ensure scalability, resilience, and compliance. My focus includes designing secure IPsec tunnels, optimizing VLAN segmentation, and leveraging containerized virtualization with Docker to streamline deployments and resource utilization.

I contribute to maintaining a robust and secure infrastructure by managing proxy and firewall solutions, enforcing secure port policies, and optimizing traffic routing. Dedicated to aligning technical strategies with organizational goals, I aim to deliver scalable network solutions while upholding a secure and efficient IT environment.

Core Skills

🌐

Networking

  • Routing & Switching
  • VLANs & Trunking
  • VPN / IPsec Tunnels
  • Network Segmentation & Design
  • LAN / WAN Architecture
  • Site-to-Site Connectivity
  • High Availability & Redundancy
  • Bandwidth Management & QoS
  • TCP/IP & Subnetting (Advanced)
  • Inter-VLAN Routing
  • Multi-Branch Network Design
🔒

Security

  • Firewalls
  • IDS / IPS
  • WAF
  • Zero Trust
  • Infrastructure Hardening
  • Network Hardening (L2/L3)
  • Firewall Policy Design & Optimization
  • Secure VPN Architecture
  • Access Control & Least Privilege
  • Network Traffic Monitoring & Analysis
  • Security Baseline Implementation
  • Patch & Vulnerability Management
  • Attack Surface Reduction
  • Secure Remote Access (SSL VPN)
  • Security Auditing & Compliance Readiness
  • Incident Response (Network Level)
🖥️

Infrastructure & Systems

  • Windows Server (2012 / 2016 / 2019 / 2022)
  • Linux Administration
  • Active Directory (Design & Administration)
  • Group Policy (GPO Design & Enforcement)
  • Domain Services (AD DS)
  • DNS & DHCP Services
  • File Services & Access Control
  • Identity & Access Management (IAM)
  • Patch Management (WSUS)
  • Endpoint Protection Management
  • Infrastructure Hardening
  • Virtualization (VMware ESXi / vSphere)
  • Hyper-V Virtualization
  • Virtual Machine Lifecycle Management
  • Backup & Restore (Veeam, Veritas Backup Exec)
  • Disaster Recovery Planning
  • High Availability & Failover
  • Office 365 Administration
  • Hybrid Identity (AD Connect)
  • SharePoint Administration
  • Monitoring Integration (Zabbix, PRTG)
☁️

Cloud (Essentials Level)

  • AWS
  • Azure
  • Google Cloud Platform
🐳

DevOps Tools

  • Docker
  • Container Orchestration
  • Docker Compose
  • Container Image Management
  • Dockerfile Optimization
  • Docker Networking
  • Docker Volumes & Persistence
  • Container Security & Scanning
  • Registry Management
🔄

Automation Tools

  • n8n Workflows
  • Workflow Automation
  • Integration Automation
  • Process Automation
  • API Integration
  • Conditional Logic & Scheduling
  • Data Transformation
  • Third-party Service Integration
  • Python Automation Scripts
📊

Monitoring & Tools

  • Sophos
  • FortiGate
  • NGINX / Proxy Manager
  • Zabbix
  • PRTG

Professional Experience

Senior Network & Infrastructure Engineer

Souhoola | Consumer Finance

2024 - Present

  • Enterprise network architecture: Architected and managed enterprise network infrastructure including IPsec tunnels, VPN/SSL VPN, VLAN segmentation, and bandwidth optimization to ensure scalability and resilience
  • Containerized virtualization: Designed and managed containerized virtualization environments with Docker to enhance scalability, simplify deployments, and optimize resource utilization
  • Firewall & proxy management: Configured and maintained enterprise-grade firewalls and proxy servers, administering Proxy Manager to streamline proxy configurations and efficiently route traffic across backend systems
  • Secure port management: Enforced secure port management policies to reduce attack surfaces and maintain a hardened network environment
  • Traffic monitoring & optimization: Audited and optimized network usage based on predefined triggers to ensure business continuity, minimal latency, and high availability
  • Patch management & endpoint protection: Oversaw patch management to maintain compliance and security across all infrastructure components while managing enterprise-wide endpoint protection solutions
  • Secure third-party integrations: Coordinated with development team to test and validate API integrations with external payment gateways through secured IPsec tunnels, ensuring reliable, compliant, and uninterrupted transactions
  • Domain infrastructure & access control: Administered private domain infrastructure including Group Policy Objects (GPOs) and access management to enforce corporate security standards
  • Technical leadership & mentoring: Provided technical leadership and mentorship to junior engineers, fostering professional growth and promoting a culture of technical excellence

Senior IT Systems & Security Engineer

ASCOM For Geology & Mining

3 Years

  • Windows Server Administration: Managed Windows Server environments, Active Directory, GPO, WSUS, and WDS
  • Sophos firewall administration: Configured and maintained enterprise firewall infrastructure
  • VMware ESXi: Administered virtualized infrastructure across multiple hosts
  • Backup & DR: Implemented backup and disaster recovery solutions using Veritas and Veeam
  • Zabbix monitoring: Deployed comprehensive infrastructure monitoring and alerting systems
  • Office 365 & AD Connect: Managed cloud identity synchronization and Office 365 services
  • Team Leadership & Mentoring: Led and mentored Infrastructure Engineers, providing technical guidance and fostering professional development in daily operational tasks
  • Infrastructure Automation: Developed and deployed automation scripts to streamline infrastructure and helpdesk operations, improving efficiency and reducing manual workload across the IT team

IT System Administrator

SMSA Express | International Shipping Company

3 Years

  • Multi-branch network design: Designed and implemented site-to-site VPN architecture connecting multiple branches
  • Barracuda firewall: Configured and maintained network security appliances
  • ESXi Virtualization: Managed and administered VMware ESXi virtualization environment including the company infrastructure and systems
  • Cisco VOIP: Deployed and managed unified communications infrastructure
  • Helpdesk systems: Established IT support ticketing and asset management systems
  • Core services: Administered Active Directory, DNS, and DHCP services

IT Junior → IT Specialist

Future Media Telecommunications Group (CBC Channels)

3 Years

  • Enterprise media infrastructure support: Supported enterprise media infrastructure across desktop, network, and security layers
  • Active Directory administration: Administered Active Directory, Group Policies, and domain-joined systems
  • Network & security: Worked with Cisco routing & switching and FortiGate firewalls
  • Physical security systems: Implemented CCTV and biometric attendance systems
  • Unified communications: Supported Cisco IP telephony and enterprise mail systems
  • Operational foundations: Built strong operational foundations in enterprise IT environments

Projects

Multi-Branch Network Design

Infrastructure

Designed and implemented a secure multi-branch network infrastructure from passive network to production launch, supporting multiple branches with approximately 20 users per branch.

  • End-to-end infrastructure design from ground up
  • Standardized LAN/WAN architecture across branches
  • Secure site-to-site VPN (IPsec) connectivity
  • Firewall zoning, policy design & security hardening
  • Network segmentation and VLAN implementation
  • Centralized authentication & policy enforcement
  • Bandwidth optimization & traffic control
  • Monitoring integration and operational handover
VPN Firewall Network Design

Active Directory Upgrade

Migration

Successfully migrated Active Directory infrastructure from Windows Server 2019 to 2022 with zero downtime, ensuring security, stability, and business continuity.

  • AD domain & functional level upgrade
  • FSMO roles transfer and validation
  • DNS & replication health checks
  • GPO restructuring, consolidation & security hardening
  • DHCP and file services migration
  • Privileged access review & least-privilege enforcement
  • Pre- and post-migration validation & monitoring
Active Directory Windows Server Migration

Enterprise Network Segmentation & Zero Trust Architecture

Network Security

Transformed a flat network architecture into a secure, segmented infrastructure by implementing 7 department-based VLANs, significantly improving security, performance, and traffic control.

  • Converted flat network into structured departmental VLANs
  • VLAN ID planning and IP subnet design
  • Secure inter-VLAN routing with controlled access
  • Granular access control policies between departments
  • Broadcast domain isolation and lateral movement reduction
  • Improved network performance and fault isolation
  • Optimized traffic flow and bandwidth utilization
  • Scalable segmentation model for future expansion
VLAN Network Segmentation Security

Enterprise Infrastructure Build-Out: Ground-Up Network Deployment

Infrastructure

Designed and implemented a complete enterprise infrastructure from passive network to production launch, including network segmentation, security gateway, centralized authentication, endpoint protection, and backup/recovery solutions.

  • Initial business assessment and security requirements analysis
  • Passive network infrastructure design (structured cabling, racks, patch panels, server room)
  • 2 Cisco PoE switches deployment (core & access layer)
  • 8 VLANS segmentation (Finance, Customer Service, Management, HR, Operations, Servers, CCTV, Access Points)
  • Sophos XG Firewall implementation (WAN, NAT, LAN Security Policies)
  • Active Directory Domain Services deployment (Windows Server 2019)
  • Active Directory redundancy with Additional Domain Controller
  • Group Policy enforcement for users, devices, and security baselines
  • Symantec Endpoint Protection Manager rollout across all endpoints
  • Veritas backup and recovery solution design and implementation
  • Core infrastructure services (DNS, DHCP, time synchronization)
  • Granular inter-VLAN access control for sensitive departments
  • System hardening across servers, firewall, and network devices
  • Comprehensive network diagram, IP Architecture, and VLAN documentation
  • Production go-live support and operational handover
Active Directory Firewall Network Segmentation Backup & Recovery

Courses

IT Management & Leadership

📋 Frameworks for IT Managers🏅
📋 Strategic Thinking🏅

Governance, Risk & Compliance (GRC)

🔐 Fraud Mandatory Training🏅
🔐 Compliance & Anti-Money Laundering (AML) Mandatory Training🏅
🔐 PCI DSS 4.0 Compliance Requirements🏅

Cloud Infrastructure & Platforms

☁️ Google Cloud Fundamentals: Core Infrastructure🏅
☁️ Cloud Azure Fundamentals (AZ-900)🏅
☁️ Cloud Management with Microsoft Intune🏅

Cyber Security & Network Security & Infrastructure Protection

🛡️ Foundations of Cyber Security🏅
🛡️ Introduction to Network Security🏅
🛡️ Security in FinTech: Essential Training🏅
🛡️ Sophos Firewall Administration | XG/XGS/SG
🛡️ FortiGate Firewall Administration
🛡️ NSX Firewall Administration

Systems Administration & Infrastructure

🖥️ MCSA🏅
🖥️ Linux Administration🏅
🖥️ VMware vSphere & ESXi (6.5, 6.7, 7.0, 8.0)
🖥️ Hyper-V Virtualization

System Backup & Restore

💾 System Administration: Backup & Recovery🏅
💾 Backup Exec 21.x Administration
💾 Veeam Backup & Replication Solutions

DevOps & Infrastructure Automation

⚙️ Docker Containerization🏅
⚙️ Automation using Python
⚙️ PowerShell Scripting & Automation
⚙️ Jenkins Automation Server
⚙️ Azure DevOps
⚙️ n8n Workflow Automation & Integration
🌐 NGINX Web Server & Proxy Management🏅
🤖 RPA Basics & Introduction to UiPath

Enterprise Networking & Communications

🌐 CCNA Routing & Switching

VoIP & Telephony

☎️ CCNA Collaboration (CUCM, CCX Administration)
☎️ Asterisk VoIP Administration🏅

IT Service Management & Operations

📞 Service Desk Plus (ManageEngine) Helpdesk Ticketing
📞 GLPI | ITSM
Certificate
1 / 11

What I Can Do

🔧

Network Design & Implementation

End-to-end network architecture from planning to deployment, ensuring scalability and performance.

🛡️

Network Security & Hardening

Comprehensive security assessments and implementation of defense-in-depth strategies.

🔥

Firewall Architecture & Management

Expert configuration and management of enterprise firewall solutions (Sophos, FortiGate, Barracuda).

☁️

Cloud & Hybrid Infrastructure

Design and implementation of cloud and hybrid infrastructure solutions across AWS, Azure, and GCP.

🤖

Automation for IT Efficiency

Development of automation scripts and workflows to streamline operations and reduce manual tasks.

🚨

Incident Response & Troubleshooting

Rapid response to security incidents and complex technical issues with proven resolution methodologies.