Fahad Ali Mughal
Sydney
Summary
Experienced Cyber Security Architect with a strong focus on ICS/OT environments, delivering SIEM/SOC solutions, threat detection frameworks, and secure architecture designs across critical infrastructure sectors. Proven ability to bridge technical and operational teams, align solutions to risk, and drive tangible improvements in OT security posture.
Overview
19
19
years of professional experience
1
1
Certification
Work History
Sr. Cyber Solutions Architect (OT/IT)
Transport for NSW
Sydney
05.2021 - Current
- Key contributor to the Cyber Defence Portfolio (CDP) Architecture Team, providing consultative architecture leadership across Transport’s IT and OT domains. Operated at the intersection of cybersecurity strategy, OT risk reduction, and security control enablement for critical infrastructure, including rail systems.
- Designed and led the implementation of the first OT-specific SIEM/SOC platform for Sydney Metro, aligning detection content to the MITRE ATT&CK for ICS framework and enhancing visibility across segmented OT zones.
- Architected and guided deployment of OT Network Segmentation for Sydney Metro in alignment with IEC 62443 and CLC/TS 50701, reducing attack surface and aligning with RAMS principles.
- Acted as a bridge between internal stakeholders and MSSP vendors to drive the successful onboarding of a new 24x7 Managed SOC service, with a focus on rapid incident response for both IT and OT environments.
- Led the development of Transport’s Strategic Threat Intelligence and Threat Hunting Framework, operationalizing threat feeds and detection logic within SOC workflows.
- Authored the Strategic ICT Security Detection Roadmap, mapping threat use-cases to business-critical services using the MITRE Enterprise & ICS ATT&CK matrix and Transport’s risk register.
- Partnered with engineering and operations teams to align cybersecurity controls with system safety and resilience objectives, ensuring compliance and continuity across both legacy and modern ICS environments.
- Regularly engaged in consultative workshops with business units, vendors, and platform teams to co-design detection use-cases and solution architectures.
- Contributed to internal RFP evaluations, risk assessments, and control design reviews for major capital projects across the Transport Cluster.
Security Solutions Architect
Sydney Water
Sydney
04.2018 - 05.2021
- Led architecture and design for key initiatives within Sydney Water’s Cyber Security Uplift Program, focused on enhancing the security posture of both IT and Operational Technology (OT)/ICS infrastructure across water treatment plants and remote operation centers.
- Provided technical consulting and solution architecture for security transformation programs, aligning business requirements with ICS/SCADA risk mitigation strategies in critical utility environments.
- Architected and delivered an enterprise-grade SIEM/SOC capability, integrating both IT and OT telemetry sources, and supporting OT-specific threat detection aligned with regulatory frameworks and internal risk assessments.
- Designed and implemented a dedicated OT Intrusion Detection and Security Monitoring solution, providing visibility into Level 1–3 assets in the Purdue model (e.g., PLCs, RTUs, HMI systems), and supporting anomaly detection in Modbus and DNP3 traffic.
- Spearheaded rollout of endpoint and mobile security controls across corporate and remote industrial environments, including Application Whitelisting and Advanced Threat Protection for field-deployed operator tablets and laptops.
- Delivered secure data classification and encryption architecture using Azure Information Protection, integrating rights management and secure collaboration across business units and third-party vendors.
- Engaged with vendors in proof-of-concept evaluations, collaborating across IT/OT teams to validate detection logic, logging integrations, and solution interoperability in both testbeds and live environments.
- Played a key role in risk impact assessments, threat modeling, and architectural design reviews across multiple domains — including network security, data protection, and industrial protocol monitoring.
- Supported procurement, business case justification, and vendor negotiations for security tooling aligned with OT resilience goals.
Senior Security Architect
Aleron
Sydney
09.2017 - 03.2018
- Working closely with Westpac projects' customers to provide leadership and support to determine security requirements and provide security solution design and architect solutions to meet these requirements
- Conducting system security, vulnerability analyses and risk assessments, using strong business risk analysis skills to guide the implementation and remediation of risk and security assessment plans and undertaking assessments to resolve architectural implementation concerns that may arise
- Assessing and evaluating the need for security design policy exemptions
- Detailing mitigation strategies and controls and making appropriate recommendations for acceptance/rejection
- Maintaining security by monitoring and ensuring compliance to standards, policies and procedures, identifying security gaps and upgrading security systems by evaluating and implementing enhancements
IT Security Officer - Asia Pacific
ABN AMRO Clearing
Sydney
08.2016 - 09.2017
- Responsible for delivering High-valued Security Initiative, directly monitored by the Regional CIO of the organization, with a dotted reporting line to the Global ISO
- Carry out security assessments and penetration testing in coordination with relevant stakeholders and assist in carrying out the risk management process to facilitate adherence of all operations to the defined security regulations
- Assist in designing and implementation of strategies for detecting risks for ensuring the security and integrity of databases, files/programs and networks
- Assist in ensuring that the implemented systems/applications conform to defined Standard Security Baselines
- Implementation of Vulnerability Management Program across the APAC region with the coordination of all stakeholders
- Monitoring compliance to the regulatory frameworks established policy framework
- Liaise with different stakeholders across US, UK and APAC for security enhancements
- Conduct ongoing security monitoring for ABN AMRO systems and alerts on incidents to facilitate prompt identification of issues and propose corrective actions
- Implement dedicated security management solutions as per the established procedures
Sr. IT Security Specialist
KFH (Kuwait Finance House)
Kuwait
12.2013 - 05.2016
- Lead the Initiation, Design & Deployment of SIEM upgrade project, which involved the replacement of the old SIEM technology with the latest one
- Collected the business requirements, performed POCs, evaluated the different SIEM vendors and lead the implementation of the selected solution for the organization considering the scope and time factors
- Designed the different phases of the project for onboarding the different log sources
- Assisted in forming the SOC unit with the right candidates
- Lead the Design and Deployment of Network/Host IDS & IPS throughout KFH network
- Lead the Design and Implementation of Secure Managed File Transfer project to have a centralized and secure approach for sensitive file transfers within and outside KFH environment
- Key Member of the Enterprise Data Leak Prevention Program, Technical DLP Solution Upgrade project
- Lead the implementation of 'Encrypted Data Threat Visibility' Project
- Key Member of the ongoing PCI-DSS compliance project
- Aligned the Internal Penetration Testing / Vulnerability Assessment methodology for KFH
Network Operations Engineer/ Project Engineer
iSYS (Internet Systems Company)
Kuwait
04.2006 - 12.2009
- Maintained system security by identifying potential threats and implementing appropriate countermeasures.
- Evaluated emerging technologies for potential use within the organization.
- Implemented virtual private networks for secure remote connections between locations.
- Provided technical assistance to users in the areas of network connectivity, access control and email configuration.
Education
Cyber Leadership Program (CLP)
Cyber Leadership Institute
Sydney, NSW03-2025
Leadership & Influence -
University System of Maryland
US05.2020
Financial Accounting -
University System of Maryland
US03.2020
Bachelor Of Computer Science & Information Technology -
NED University of Engineering & Technology
Karachi, Pakistan01.2005
Skills
- ICS/OT Security Architecture & Design (Based on Purdue Model)
- Cyber Threat Detection & Monitoring for OT Networks (SIEM, OT IDS, SOC Enablement)
- IEC 62443 & MITRE ATT&CK for ICS Implementation
- Consultative Solution Design Engagements
- OT/IT Security Controls Integration & Segmentation
- Threat Intelligence, Threat Hunting & Incident Response
- Industrial Protocols & Analysis (Modbus, DNP3, OPC, S7, Ethernet/IP)
- Cloud & Hybrid Security Architecture (Azure, AWS)
- Privileged Access & Identity Security in OT Environments
- DevSecOps Integration & Secure SDLC Practices
- Vulnerability Management & Patch Governance
- Security Risk Assessment & Control Design
- Executive Reporting, Security Metrics & Communication
Certification
- CISSP, Certified Information Systems Security Professional, 473553, 12/01/13, Present
- AWS Certified Security - Speciality, Amazon Web Services, 03/01/23, Present
- AWS Solutions Architect Associate, Amazon Web Services, 03/01/20, Expired
- GCFA, GIAC Certified Forensics Analyst, 02/01/18, Expired
- CISM, Certified Information Security Manager, 08/01/17, Expired
- GWAPT, GIAC Certified Web Application Penetration Tester, 01/01/15, Expired
- PMP Certified, Project Management Professional (PMI), 12/01/12, Expired
Extra Qualifications Trainings
- Assessing and Protecting Industrial Control Systems - Udemy (Marcel Rick-Cen)
- Differences in Deployment of Industrial Control Systems (Online), US Department of Homeland Security
- Influence of IT Components on Industrial Control Systems (Online), US Department of Homeland Security
- Common ICS Components (Online), US Department of Homeland Security
- Cybersecurity Within IT and ICS Domains (Online), US Department of Homeland Security
- Advanced Digital Forensics, Incident Response and Threat Hunting SANS FOR 508
- ISO 27001:2013 ISMS LA
- Checkpoint Security Administration R77.30
- CNS-301-Advanced Administration for Citrix NetScaler 10.5
- SANS GIAC SE660 Advanced Penetration Testing, Exploit Writing and Ethical Hacking
- SANS GIAC SEC542 Web Application Penetration Testing and Ethical Hacking
- EC-Council CAST-616 Securing Windows Infrastructure: Attack Based Defence from the Ground Up
- EC-Council CAST-614 Advanced Network Defenses: Hardening Perimeter Defence
- Sourcefire Security Education Program (Sourcefire 3D System 4.9.1)
Residency
Australian Citizen
References
References available upon request.
Timeline
Sr. Cyber Solutions Architect (OT/IT)
Transport for NSW
05.2021 - Current
Security Solutions Architect
Sydney Water
04.2018 - 05.2021
Senior Security Architect
Aleron
09.2017 - 03.2018
IT Security Officer - Asia Pacific
ABN AMRO Clearing
08.2016 - 09.2017
Sr. IT Security Specialist
KFH (Kuwait Finance House)
12.2013 - 05.2016
Network Operations Engineer/ Project Engineer
iSYS (Internet Systems Company)
04.2006 - 12.2009
Cyber Leadership Program (CLP)
Cyber Leadership Institute
Leadership & Influence -
University System of Maryland
Financial Accounting -
University System of Maryland
Bachelor Of Computer Science & Information Technology -
NED University of Engineering & Technology
Similar Profiles
Hayden SutherlandHayden Sutherland
Civil Construction Worker at Transport For NSWCivil Construction Worker at Transport For NSW
Jay CrittendenJay Crittenden
Team Leader at Transport for NSWTeam Leader at Transport for NSW
DILEK SENGELDILEK SENGEL
Shared Services Consultant, Receivables and Payables, Corporate Services at TRANSPORT FOR NSWShared Services Consultant, Receivables and Payables, Corporate Services at TRANSPORT FOR NSW