Farhan Simon

Security Engineer, CISSP | Incident Response & SOC Operations | Security Automation & Agentic AI Security | Microsoft Sentinel, Defender, Palo Alto NGFW

Somerset, New Jersey, United States

About

"I find the gap before an attacker does." Security Engineer with 12+ years spanning IT infrastructure, security, and compliance. I specialize in building and running enterprise security programs end to end — detection and incident response, identity, email, endpoint, and cloud — and in translating technical risk into clear decisions for directors and executives. My incident response work spans phishing and OAuth campaigns, business email compromise, and full-lifecycle ransomware response from detection through containment and recovery. My core strengths sit across the modern Microsoft security stack: SIEM and detection engineering in Microsoft Sentinel, endpoint protection with Defender for Endpoint, and email defense through Defender for Office 365 and Barracuda. On the network and identity side I work with Palo Alto NGFW, Active Directory security (Semperis), data-access governance (Varonis), application control (ThreatLocker), and identity/access across Azure AD and Okta SSO — backed by coordinating a 24/7 SOC. I'm equally at home in the weeds and at the whiteboard. I write PowerShell, tune detections, lead live incident response, and harden mail flow — and I also design programs: cyber-insurance audits, attack-surface reduction, and GRC frameworks aligned to CIS Controls v8, NIST, HIPAA, and GDPR. When the tooling doesn't exist, I build it — I stood up a unified Grafana security dashboard that pulls asset, vulnerability, and email-threat telemetry through REST APIs. I'm increasingly focused on AI and automation in security — and actively expanding into agentic AI security, building expertise in the OWASP Top 10 for Agentic Applications, prompt injection and tool-misuse defense, and securing autonomous AI workflows through certification training and hands-on red-teaming of AI agents I've built myself. Having come up through desktop engineering and security analysis before moving into security engineering, I stay grounded in how infrastructure actually breaks — which makes me faster at both finding and fixing the things that matter.

Experience

  • Network Security Engineer at New Jersey Compensation Rating and Inspection Bureau
    Nov 2021 - Present · 4 yrs 9 mos

    "Every organization is a target, a regulated one just has less room to be wrong. I own security operations end to end for a hybrid Microsoft 365 and Active Directory environment, defending from the network edge to the endpoint to the data itself. The stack I operate:" • Network & Perimeter: Palo Alto NGFW (prev. SonicWALL NSA/TZ, SMA) - segmentation, threat prevention, secure remote access. • SIEM & Detection: Microsoft Sentinel (prev. SolarWinds) - log aggregation, correlation, and threat detection. • Endpoint Detection & Response: Microsoft Defender for Endpoint (prev. Sophos Intercept X) - detects, isolates, and contains device threats. • Email Security: Barracuda + Microsoft Defender for Office 365 - phishing, impersonation, and BEC defense. • Identity & Access: Okta SSO and Microsoft Entra ID - SSO, MFA, and access governance across cloud and on-prem. • Active Directory Security: Semperis DSP - AD monitoring, threat detection, and rapid recovery. • Data Security: Varonis MDDR - data-access governance and managed detection/response. • Application Control: ThreatLocker - zero-trust allowlisting of approved software. • Vulnerability & Asset Mgmt: Tenable.io/.cs and RunZero - vulnerability scanning and asset discovery. • Endpoint Resilience: Absolute - device tracking, control, and recovery. • Network Monitoring: Auvik - network mapping and availability monitoring. • Security Awareness: KnowBe4 (prev. Proofpoint) - phishing simulation and user training. • Managed SOC: 24/7 managed detection and response. • Cloud Security: Microsoft Azure - workload, identity, and configuration security. • Governance, Risk & Compliance: CIS Controls v8, NIST, HIPAA, GDPR. • Disaster Recovery: backup and DR planning (prev. Logicalis, Sungard).

  • Sharaf DG (6 yrs 11 mos)
    • Information Security Analyst
      Dec 2016 - Dec 2020 · 4 yrs 1 mo

      • Researched, evaluated, and recommended systems and procedures to prevent, detect, contain, and remediate data security breaches. • Performed technical risk assessments across new and existing applications and systems, including data center physical security, IDS/IPS, and cloud environments. • Investigated security incidents, conducted threat hunting, and refined detection alerts to protect the environment. • Managed endpoint and data protection tooling: CrowdStrike (EDR), Cisco Umbrella (DNS security), and McAfee ePO with DLP. • Secured AWS cloud workloads in house. • Governed Active Directory access, including restricted website access provisioned through security groups. • Conducted vulnerability assessments and penetration tests, and researched emerging digital forensics methods and tools. • Supported disaster recovery and business continuity planning.

    • Senior Desktop Support Engineer
      Feb 2014 - Dec 2016 · 2 yrs 11 mos

      • Delivered onsite and remote troubleshooting for desktops, laptops, and peripherals in a ticket-driven environment. • Administered and maintained Microsoft Server, desktops, and Exchange, including patching and upgrades to core servers. • Configured and imaged endpoints using system management software, and set up desks and phones for new and existing employees. • Worked across the Microsoft stack: Windows, Office, Server 2008 R2 / 2012 / 2016, SQL Server, IIS 7.5, RDS, and Active Directory. • Managed AV conference room support and equipment inventory, coordinating asset transport between sites. • Contributed to service-level objectives by partnering with Tier II/III teams to align on service targets. • Ran internal training (lunch-and-learn sessions) to help staff get more from their applications.

  • Information Technology Technical Support at Abacus Consulting
    Nov 2011 - Jan 2013 · 1 yr 3 mos

    • Provided onsite analysis, diagnosis, and resolution of complex desktop issues for end users, with off-site repair for remote users as needed. • Installed, configured, tested, and maintained end-user and network hardware, peripherals, printing/scanning devices, presentation equipment, and software. • Built and tested customized configurations across various platforms and operating systems. • Supported new computer projects and hardware rollouts, contributing to long-term capacity planning for organizational hardware needs. • Responded to incoming work orders, liaised with third-party support and equipment vendors, and prepared performance monitoring reports.