Joao Miguel Rodrigues

Global Head of Network Security

Bulle, Fribourg, Switzerland

About

Cisco CCNP Security certification; CISSP - Certified Information Systems Security Professional training; SANS - SEC503 - Intrusion Detection In-Depth; SANS - SEC504 - Hacker Tools, Techniques, Exploits, and Incident Handling; Cisco CCNP certification; Cisco CCDP certification; Cisco CCIP certification; Cisco CCSI #32883; Cisco CCNA certification; Cisco CCDA certification; CCIE R&S Written Exam; Specialties: Senior Network Engineer. Administrator of Cisco ASA firewalls, Check Point, F5 LTE, Riverbed, Infoblox DNS/DHCP, Gigamon, Entrust PKI infrastructure.

Experience

  • Global Head of Network Security at Liebherr Group
    Jan 2026 - Present · 7 mos

  • Global Service Owner for Network Security at ABB
    Sep 2023 - Dec 2025 · 2 yrs 4 mos

    I was responsible for ABB’s global Network Security function, working as Global Head of Network Security for the Group (corporate). I led a distributed team of 37 engineers (L1–L3, internal and external) and owned the global architecture, governance, and operating model for network security services across more than 1000 sites worldwide, covering offices, manufacturing plants, and data centres (on-prem & cloud). My focus was to bring clarity, stability, and accountability to a critical global security capability. This included defining and enforcing security standards, aligning network security controls across IT and OT environments, and ensuring consistent policy compliance at scale. The governance model aligned with the NIST Cybersecurity Framework, with strong emphasis on the Protect function. I worked closely with senior stakeholders across IT, OT, manufacturing, cloud, and the CISO organization to translate strategy into practical outcomes. Leadership was central to my mandate. I stabilized a function affected by chronic turnover, rebuilding trust, structure, and predictability. This resulted in a highly engaged team and sustained service performance. I believe durable security outcomes are built through people, clarity of purpose, and realistic execution. I contributed to shaping ABB’s future security architecture. As a member of the enterprise-wide Zero Trust working group, I co-led executive workshops with the Group CIO, CTO, and CISO, helping define the roadmap for secure access, segmentation, and SASE adoption. This included driving the global use of Zscaler ZIA and ZPA as foundational elements of ABB’s ZTNA strategy. I was deeply involved in governance and execution: audit readiness, regulatory alignment, resilience planning, vendor governance, and the introduction of structured, ITIL-aligned service documentation. My objective throughout was to ensure that network security was robust, predictable, auditable, and aligned with business reality.

  • Senior Network & Security Engineer at Straumann Group
    Jan 2021 - Aug 2023 · 2 yrs 8 mos

    Part of the Corporate Network Services team, I played a pivotal role in ensuring seamless network infrastructure across 100 global locations for the Straumann Group. My key responsibilities encompassed: • Leading architectural design, planning, installation, and operation of network infrastructure worldwide. • Successfully managing IT projects, such as the implementation of the corporate Infoblox DDI – DNS, DHCP, IPAM project. • Serving as the Tech Lead for critical security projects including Network Segmentation and OT Security across manufacturing sites. • Overseeing the Cisco network environment (LAN / WAN / Viptela SDWAN), Cisco Identity Services Engine (ISE), Cisco Umbrella cloud service, Meraki wireless infrastructure, Palo Alto Firewalls, Infoblox DDI, AWS cloud networking, and Terraform in AWS. • Spearheading on-site rollout activities for international operations, including coordination of external providers. • Playing a pivotal role in the outsourced 24/7 NOC management and support.

  • Bank for International Settlements – BIS (9 yrs 3 mos)
    • Senior Security Specialist
      Apr 2017 - Apr 2020 · 3 yrs 1 mo

      Part of the Cyber Security team, where my key responsibilities are: • Embed security engineering into IT infrastructure projects and advise on topics such as security services segmentation and encryption/authentication technologies. • Lead incident response activities for cybersecurity events across all IT. • Contribute to the development of advanced cybersecurity analytics. • Conduct cybersecurity risk assessments, advising on security measures to protect the Bank’s infrastructures. • Ensure effective vulnerability management by contributing to the design of and subsequent compliance with security standards and policies. • Contribute to the implementation of key critical controls and compliance requirements. • Lead and/or contribute to technical security projects. • Identify and analyze unauthorized activity (e.g., misuse, malware, intrusion attempts) on monitored networks; recognize potential, successful and unsuccessful intrusion attempts; provides comprehensive incident documentation and review. • Create the Bank´s IDS strategy. • Manage the Entrust PKI infrastructure, the malware lab network infrastructure and the Gigamon Visibility fabric. • Contribute to the definition of new IT and Security architecture, strategies and technologies. • Team advisor/mentor for networking related topics. • Member of recruiting panels for a wide range of IT and Security disciplines. Managed projects that delivered several key services to the Bank. The visibility fabric, WAF – Web Application Firewall, SSL offloading, DNS firewalling, Malware lab, Encryption Standards policy, replacement of the CCTV infrastructure by a new VSS – Video Surveillance System, to mention the most relevant ones. I also managed several external providers.

    • Chair of the Bank for International Settlements Staff Committee
      Nov 2017 - Nov 2019 · 2 yrs 1 mo

      The Staff Committee acts as a consultative organ of the Bank’s senior management and HR department, for all relevant matters to staff members. I was heading the Staff Committee team of 5 people, who would meet with the Secretary-General, head of HR, Senior Management, Executive Committee, and Bank’s Management Roundtable, to negotiate and agree on matters regarding the Bank’s staff and staff development strategies. It is a high-profile role with significant exposure to senior management and to all Bank’s staff, which brings with it a level of responsibility, requiring frequent interaction with managers and staff. We have been key partners in the profound reforms being made, in line with the ongoing 2025 innovation program.

    • Senior Network Engineer
      Feb 2011 - Mar 2017 · 6 yrs 2 mos

      • Part of a team of system engineers where the main responsibilities included design, configuration, maintenance and support of the Bank’s IT communication LAN/WAN network in Switzerland and remote offices. • Planned and managed the organization’s routing and switching (LAN/WAN) infrastructure, load balancing, multivendor firewalls, WAN optimizers, DNS/DHCP, NTP servers, ACS, ISE/NAC and Cisco Prime. • Technical lead on several projects – Network and DC renewal project, IP Telephony project, new remote office (Mexico) datacentre, and new IP telephony infrastructure. • Part of the infrastructure team to define the Bank’s IT landscape and new technologies – the replacement of firewall provider, replacement of load balancer technology, selection of network integration partner, replacement of proxy provider, replacement of internet providers, selection of external IT providers for the remote offices, just to mention the most significant ones. • Member of recruiting panels for many IT disciplines. • Management of external providers. • Handling of 2nd and 3rd level IT incidents. Using cutting edge technologies, in this role I successfully contributed to build and maintain a reliable, secure, redundant and highly available network, providing an excellent IT infrastructure to the Bank’s business areas. Worked with Cisco Routing & Switching (Nexus 7000, 5000, FEX, C6500, C4500, C3650, ISR 7200, 3900, 2900, 1800, among others), Cisco ACS, Cisco ISE/NAC, Cisco Prime, ASA firewals, Infoblox (DNS/DHCP), Riverbed WAN optimizer, Checkpoint, Gigamon and F5 LTM (Load balancers).

  • Cisco Trainer at Rumos
    Jan 2008 - Feb 2011 · 3 yrs 2 mos

    Cisco certified trainer in Routing and Switching, Network Design, MPLS, QoS and BGP. Developed and led training programs for senior IT professionals during my years as a Cisco trainer and also interacted with many other professionals to deliver my work as a consultant. This role encompassed constant interaction with clients.