Yasir Irfan, network security team lead at ELM Information Security Company, is passionate about his industry and about making an impact on it. Read on to learn where he sees the world of cybersecurity in the future as well as his advice for new professionals coming into the field.
How long have you been working in cybersecurity/technology? What drew you to this industry?
I have been in network [technology] for 15 or so years, but more in the network security domain in the last four to five years. Security is a key domain, and its challenges are quite interesting. While working in the health care segment, I was often challenged with huge integrations between various technologies, and I was always wondering how these integrations could be secured. Those challenges and my passion for security attracted me to be part of this industry. I am fond of new technological developments and always dream of how I can learn and contribute to the community.
In the next 10-15 years, where do you see the world of cybersecurity?
Cybersecurity will experience a new dimension in the coming decade. People will start thinking about moving away from traditional security toward more mature and adaptive security. We will also see more people become aware and concerned about securing not only their work premises but also their homes, thus allowing cybersecurity to become a part of daily life for many. Additionally, the threat levels will increase in many forms, and we will experience a vast technological growth.
What advice do you have for new professionals in this industry?
Since cybersecurity is a vast field, it’s not easy to keep up with new developments. I suggest that new professionals focus on one thing at a time and become a master of it. Being a specialist is what’s going to distinguish them from others. By adopting this approach, they are going to be recognized for their efforts and make an impact.
What is one challenge you faced in your career?
One challenge that was quite close to me was the deployment of an NAC solution for a huge medical city that was comprised of thousands of users. The integration of NAC with health care applications and appliances was a nightmare. When most organizations gave up on the implementation of NAC, we were quite successful in its deployments. At that particular time, the technology was not mature, and companies did not have such expertise. My belief to excel is what helped me overcome the challenge we faced.
Were you involved in the process of migrating to Palo Alto Network technologies? If so, what resources did you find helpful during migration?
Recently, I was involved with my team in migration activity from ASA to Palo Alto Networks Next Generation firewalls. Our challenge was quite complex, especially when both the firewalls were in production. Initially, we planned to use Palo Alto’s migration tool, but that proved not so handy for us, as we were targeting the migration from typical layer 3/4 rules to layer 7 rules, based on user ID, app ID, security profiles, etc.
We were successful in migrating more than 20 zones (15000 rules) ASA to Palo Alto firewall, transformed the rules from port based to user ID, app ID and optimized the Palo Alto firewall for optimum performance.
- Throughput increased from 650 Mbps to 20 Gbps.
- Uplink speed increased from 1 GB to 10 GB.
- Firewall utilization decreased from 80 percent to 16 percent.
- IP/port level accessed migrated to app level, user ID level with security profile.
- Gained better visibility of what’s happening in the network.
What books would you recommend fellow Fuel members read?
Currently, I am reading following books:
- CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (7th Edition)
- Network Security Architectures
- Cisco ASA: All in One Next Generation Firewall, IPS and VPN Services
- AAA Identity Management Security
I would certainly recommend reading Palo Alto Live Community articles and resources as it has great information related to security and network security architectures.
What is one thing most people don’t know about you?
I have been a technical blogger at IT Knowledge Exchange for a blog titled, “Network Technologies & Trends,” for the past seven years.