Amir Abolfazli - Cybersecurity Engineer
Personal Details

Email: work@abolfazli.me

LinkedIn: linkedin.com/in/amirabolfazli

Location: Canada/Toronto

I Am a Senior Cybersecurity & Network Security Engineer

With over 15 years in cybersecurity, I specialize in Security Architecture, Cloud Security, Zero Trust, and Risk Management across enterprise and cloud environments. I've led end-to-end security programs at major financial and telecom organizations — from threat modeling and architecture design through to regulatory compliance and governance.

I bridge the gap between technical depth and business strategy. Whether I'm designing a Zero Trust framework, leading a cloud migration security review, or mentoring engineers, I bring a structured, outcome-focused mindset that keeps security aligned with what the business actually needs.

What I Do

With 15+ years of experience, I design and implement resilient, scalable security architectures that not only protect systems today but are built to evolve with emerging technologies and threats. Specializing in cloud security, Zero Trust, and network security, my work integrates security practices into the core business strategy, enabling organizations to drive innovation securely. My leadership in security governance and risk management ensures that business objectives align seamlessly with robust security measures.

Cloud & Network Security

  • Cloud Security Architecture
  • Hybrid & Multi-Cloud Networking
  • Zero Trust Architecture
  • Network Segmentation & Secure Connectivity

Security Platforms & Technologies

  • Firewalls: Palo Alto, Fortinet, Firepower
  • Zscaler ZIA, Broadcom ProxySG/WSS
  • VPN, TLS Inspection, URL Filtering, DLP
  • Endpoint Security (Trend Micro HIPS)
  • Security Policy Management (AlgoSec)

Identity & Access Management

  • MFA, SSO, PAM
  • Ping Identity, RSA, EntraID
  • IAM Design & Integration

Monitoring & Incident Response

  • SIEM & Log Management
  • Threat Detection & Investigation
  • Log Correlation & Alert Tuning
  • Incident Analysis & Remediation

Automation & DevSecOps

  • Terraform, Bash
  • Network & Security Automation
  • CI/CD Integration

Leadership & Governance

  • Security Strategy & Roadmaps
  • Risk Assessment & Compliance
  • BCP / DR Planning
  • ITIL Framework
  • Team Mentorship & Training

Career History

As a seasoned leader in cybersecurity, I specialize in driving strategic security initiatives that integrate into the larger business framework. My role spans from designing resilient infrastructures to collaborating with business stakeholders to ensure that security frameworks align with enterprise goals. I’ve played a key role in leading cross-functional teams and guiding organizations through complex transformation projects, aligning both security and business needs for sustainable, compliant growth.

Senior Network Security Administrator

ScotiaBank 2021 - Now
  • Architect and drive end-to-end network security strategies across cloud, on-premises, and hybrid environments — aligning security posture with enterprise risk appetite and evolving threat landscapes.
  • Define, govern, and enforce cloud network security standards and policies; establish guardrails for secure cloud adoption across cloud environments.
  • Engineer and operate enterprise-grade security infrastructure including next-generation firewalls (NGFW), secure web gateways (SWG), SD-WAN VPN fabrics, and centralized SIEM/SOAR monitoring platforms — ensuring availability and resilience at scale.
  • Lead threat investigation, root cause analysis, and structured remediation for security events; reduce mean time to detect (MTTD) and contain (MTTC) through process optimization and automation.
  • Design and validate Business Continuity and Disaster Recovery (BCP/DR) security controls, ensuring critical financial systems meet RTO/RPO objectives and regulatory expectations.
  • Partner cross-functionally with Enterprise Architecture, Risk, and Compliance teams to satisfy OSFI, PCI-DSS, and internal regulatory obligations — translating security requirements into implementable technical controls.

Senior Network and Security Engineer

Hamrah-e-Aval 2018 - 2021
  • Architected and delivered Cisco ACI data centre fabric deployments across three geographic zones, encompassing 250+ network fabrics — enabling carrier-grade availability and east-west traffic segmentation.
  • Spearheaded cloud security architecture on Microsoft Azure, deploying four disaster recovery environments mirroring production systems; engineered security controls across VNETs, NSGs, RBAC, and MFA for global workforce access.
  • Modernized legacy routing and switching architectures to align with current NIST and ISMS security frameworks, eliminating technical debt and reducing attack surface.
  • Designed and deployed virtualized security services (vFirewall, vRouter, vLoad Balancer) on public and private cloud platforms, enabling service elasticity without compromising perimeter integrity.
  • Built automation pipelines and infrastructure-as-code scripts to eliminate manual, error-prone network operations — improving deployment velocity and configuration consistency.
  • Delivered internal SDN and network virtualization training programs, upskilling a 6-person engineering team and expanding operational capacity for Tier 2/3 incident response.
  • Directed client network infrastructure transformation programs within ITIL governance frameworks, aligning technology evolution to business-driven SLAs.

Senior Network and Security Engineer

NAK Telecom Managed Services 2011 - 2018
  • Designed and implemented secure network architectures (LAN/WAN/DMZ) for 10+ enterprise clients across financial, government, and commercial verticals — delivering solutions aligned to CIS Benchmarks and ISMS standards.
  • Drove proactive vulnerability assessments across client environments, producing risk registers and mitigation roadmaps that systematically reduced exposure across infrastructure layers.
  • Engineered identity and access management (IAM) infrastructure using 802.1X, RADIUS, TACACS+, and AAA frameworks — enabling zero-trust perimeter enforcement at the network edge.
  • Reduced client infrastructure operating costs by 60%+ through strategic migration from proprietary to open-source security solutions (FreeRADIUS, Samba, Bind DNS) without degrading security posture.
  • Led core network migration projects, coordinating workload transitions from legacy architectures to modernized platforms with minimal downtime and zero data loss events.
  • Developed and maintained comprehensive network documentation including logical/physical topologies, runbooks, and architecture decision records (ADRs) — enabling faster incident response and knowledge transfer.
  • Delivered performance baselines, capacity reports, and network health dashboards for 8 enterprise clients, supporting proactive capacity planning and SLA management.

My Certificates

Certifications represent my commitment to continual learning and adapting to evolving security challenges. These credentials enable me to build adaptable, forward-thinking security strategies that not only address current challenges but anticipate future ones, ensuring that systems remain secure, scalable, and compliant as technology evolves.

Google Cloud Certified Professional Cloud Architect
Google Cloud Certified Professional Cloud Architect
Cloud
Google Cloud Certified Professional Cloud Network Engineer
Google Cloud Certified Professional Cloud Network Engineer
Cloud
Google Cloud Certified Professional Cloud Security Engineer
Google Cloud Certified Professional Cloud Security Engineer
Cloud
Palo Alto Networks Certified Network Security Engineer
Palo Alto Networks Certified Network Security Engineer
Security
Cisco Certified Network Professional
Cisco Certified Network Professional
Network
Certified in Cybersecurity
Certified in Cybersecurity
Security
See More