// Case Study · Zero Trust
How We Replaced Legacy VPN with Zero Trust for 100,000+ Users Without a Single Outage
July 15, 2024
8 min read
Principal Engineer & Engineering Director Track
Building Secure,
Scalable, and
Cost-Optimized
Platforms.
I have over 15+ years of deep technical experience into Cybersecurity domain with proven track record of leading & delivering complex Cybersecurity transformation programs, and drive measurable business outcomes.
15
Years in Security
$30M
Cost Saved
50+
Projects Delivered
5+
Distinct Roles
View Case Studies →
Career Journey
Let's Connect
// Identity
Siddhant Tupe
CISSP, CEH, ISO 27001, ITIL
Sr. Staff Security Engineer → Principal Engineer / Principal Architect / Engineering Director
Zero Trust · Cloud Security · Network Security
Sr. Staff Security Engineer → Principal Engineer / Principal Architect / Engineering Director
Zero Trust · Cloud Security · Network Security
◆
Current — Sr. Staff Security Engineer, Albertsons Companies India
◆
Expertise — ZTNA, Cloud (Azure/AWS), Defense In Depth, Threat Protection, VPN
◆
Journey — IC Engineer → Team Lead → SME → Architect → Sr. Staff
◆
Education — M.Tech. Systems Engineering - BITS Pilani
◆
Location — Bengaluru, India
Open to Senior Leadership Roles
$30M
Cost Savings via Architecture Optimization
5+
Career Roles — IC to Sr. Staff
50+
Projects Delivered Across Domains
8+
High Performance Awards
01 // Executive Profile
Technical depth.
Leadership breadth.
Experienced cyber security architect and engineering leader — equally effective as a hands-on individual contributor, technical lead, people manager, and strategic advisor to senior leadership.
- Individual Contributor: Designed and implemented complex security architectures across Multiple technology landscape hosted on-prem & Multi-Cloud platform.
- Technical Lead: Guided engineering teams through large-scale network security transformations and ZTNA deployments.
- People Manager: Built, led, and mentored cross-functional security engineering teams from the ground up.
- Strategic Advisor: Presented architecture roadmaps and multi-million-dollar cost optimization business cases to senior leadership.
IC Engineer
Team Lead
Security SME
Solutions Architect
Sr. Staff Engineer
→ Principal / Director
Core Capabilities
Security Architecture
Cloud Security (Azure, AWS, GCP)
Network Security & Zero Trust
Engineering Leadership
Cost Optimization
Vulnerability Management
Risk & Compliance
Executive Communication
ZTNA — Zscaler ZPA / ZIA
Threat Protection & IDS/IPS
Firewall Policy Analysis
Team Building & Mentoring
02 // Career
15 years across
every level.
From Network security engineer to senior staff architect — the journey that built a multi-dimensional security leader.
Oct-2025 — Present
Sr. Staff Security Engineer
Albertsons Companies India · Bengaluru, India
Leading Security engineering efforts to design security architecture & deploy tools & technologies aligned to Cybersecurity strategy. Influencing org-wide security direction, mentoring engineers, and delivering programs with direct business impact including multi-million-dollar cost savings.
- Reporting to Director of Security Engineering responsible for driving various security engineering & strategic initiatives
- Leading end-to-end Zscaler ZPA/ZIA Zero Trust rollout replacing legacy VPN — on time, zero disruption
- Driving infrastructure architecture optimization project for performance improvement & cost savings
- Designing & Deploying Threat Deception technology across Endpoints, Networks, Clouds, Active Directory & Perimeter assets
- Driving Wiz Secrets management & Non-Human Identity related efforts to protect identities across organization
- Defined security standards, runbooks, and governance frameworks adopted org-wide
- Mentored security engineers; contributed to hiring, career planning, and team capability building
Architecture
Leadership
Cloud
ZTNA
Mentoring
Mar-2019 — Oct-2025
Sr. Cyber Security Solutions Architect
Maersk · Pune, India
Designed and delivered end-to-end enterprise security solutions across hybrid cloud and on-premise infra. Owned solution architecture from concept to production — vendor selection, stakeholder alignment, and technical delivery leadership. Led 12+ member Network Security Operations team.
- Report to the Director of Cyber Operations with ownership of cross-functional security architecture and consultation responsibilities across on-prem and cloud-hosted infrastructure. Partner with Strategy and Service Owners to evaluate critical risks and implement timely remediation plans.
- Improved security posture by designing & deploying NG SIEM, IDS/IPS, Zero Trust Network Access (ZTNA), Firewall policy analyzer, Prisma Cloud/Microsoft Defender CSPM, Anti-Malware CDR, Threat Deception solutions across global infrastructure.
- Regularly reviewing CSPM & CWPP reports to address Compliance, misconfiguration & policy violations against NIST 800-53, CSF & CIS benchmarks for Azure, AWS & GCP Cloud.
- Work with risk management team, Product Owners & Cybersecurity strategy team to analyze/evaluate Cybersecurity risks, identify gaps in security controls, prioritize risks & suggest security controls to close gaps to improve security posture.
- Designed & deployed Multiple Cybersecurity solutions in Threat Protection & Detection space.
- Led architecture design & deployment efforts for SIEM migration & Cribl implementation initiative while delivering $5 million per year in savings.
- Supported design & implementation of Azure & AWS Networking related projects which included deployment of Hub & Spoke Architectures, Vnet/VPC peering, Azure Firewalls, load balancer & IPSec VPN deployment.
- Designed & deployed Akamai EAA Zero Trust Solution to enable secure access to internal/hybrid cloud applications while maintaining 100% business uptime.
- Led multi-vendor (Checkpoint, Fortinet) Next-Gen Firewall Deployment & operations efforts without causing outages to sites.
- Architected hybrid cloud security solutions spanning Azure, AWS, GCP and on-premise environments.
- Supported business & critical business requirement during Covid-19 & Russia-Ukraine war situations by using various strategies.
- Delivered technical presentations and solution proposals to C-level stakeholders
- Received 8+ Star Performer award for Leading strategic initiatives & exceptional contribution towards project success.
- Led transition efforts to inhouse Network Security operations handled by 3rd party vendor while mentoring & upskilling team members.
- Played multiple roles such as Transition SME, L2 Operations Lead, L3 SME, Solutions Architect
Architecture
Cloud
Multi-Vendor
Team Leader
Jul-2018 — Feb-2019
Technical Lead - Network Security
T-Systems ICT India · Pune + Bengaluru, India
Technical Lead responsible to deploy & manage Network Security operations for T-Systems India Business offices.
- Led deployment & configuration of Next Generations Firewall solution including IDS/IPS, SSL Inspection, Anti-virus etc.
- Prepared SOP, best practices & maintenance guide for Network Security & other related technologies
- Deployed remote access VPN & SIEM solution for India business unit & it's users
SME
Stakeholder Management
Network Security
Aug-2011 — Jul-2018
Technical Lead - Network Security
Wipro Technologies - (India, USA & Europe)
Started as hands-on network security engineer, rapidly progressed to Team Lead. Managed Network security operations for India domestic & International clients, have led Transition efforts while onsite in Europe, UK & USA — responsible for both technical delivery and people leadership.
- Reported to the Delivery Head for Europe and the US region, responsible for leading a 15-member team and overseeing the successful delivery of multiple customer engagement focused on Network Security Operations.
- Accountable for end-to-end project execution, resource planning, and service delivery across diverse client environments, ensuring alignment with regional business objectives, SLAs, and security compliance standards.
- Configured firewalls, proxies, IDS/IPS. Identified vulnerabilities. Optimized settings. Ensured monitoring.
- Utilized AlgoSec Policy Analyzer to review and optimize over 10,000 firewall rules across multivendor environments, including Cisco, Check Point, and Fortinet. Identified and eliminated unused, redundant, and non-compliant rules, significantly improving firewall efficiency, security posture, and audit readiness.
- Configured and managed SSL and IPsec VPN connectivity for 1,800+ branch locations, ensuring secure, reliable access to enterprise resources. Implemented network monitoring solutions to proactively track uptime, performance, and capacity, enabling high availability and optimized network health across distributed environments.
- Executed device upgrades, patch management, and hardware replacements following an N-1 strategy to ensure stability, vendor support, and minimal risk exposure. Maintained system integrity and compliance by applying tested versions and proactively managing lifecycle operations across critical security infrastructure.
- Handled incident and change management tickets, performing end-to-end troubleshooting across network devices using tools like Wireshark for packetlevel analysis. Provided cross-functional support for troubleshooting issues at both the server and application levels, ensuring timely resolution and minimal business disruption.
Engineering
Team Lead
Network Security
MSSP
03 // Case Studies
Delivered outcomes,
not just responsibilities.
Click any project to read the full story — how it was scoped, executed, and what it delivered.
// Zero Trust Transformation
Enterprise Zero Trust Implementation
Led end-to-end Zscaler ZPA/ZIA deployment replacing legacy VPN for thousands of users across Globe.
Zero business disruption · On time & under budget · [100,000]+ users protected
// Cost Optimization
SIEM Transformation
Analyzed existing SIEM Solution deployment, identified challenges, redesigned architecture maintaining full functionality while eliminating $4M in annual spend.
$5M annual savings · Leadership-approved business case · 4-month delivery
// Threat Deception
Threat Deception at Scale: Catching Insiders & External Attackers Before They Reach Crown Jewels
Deployed a multi-layer deception fabric across network, endpoint, Active Directory, and external attack surface. Detected insider threat and external adversary within 72 hours of deployment.
Insider threat detected in 72hrs · External attacker caught in lateral movement · Zero false positives · 197-day dwell time → under 4 hours
04 // Technology
15 years of
hands-on expertise.
// Cloud Security
Microsoft AzureAmazon AWSWiz SecurityMicrosoft SentinelCloud Architecture
// Zero Trust & Access
Zscaler ZPAZscaler ZIAAkamai EAAMcAfee Web GWBluecoat ProxyCisco AnyConnect
// Firewalls & Network
Cisco ASACheckpointFortinetF5 LTMNetScalerA10IPSec VPNSSL VPN
// Threat & Vulnerability
IDS/IPSAnti-BotHTTPS InspectionApp ControlQualysNessusThreat DeceptionAlgoSecFireMon
// Management & Monitoring
Checkpoint CMA/CLMFortiManagerFortiAnalyzerSolarWindsWiresharkCrowdstrike Next Gen SIEM
// Load Balancing & Remote
F5 LTMA10NetScalerFortinet Remote AccessSSL VPN
05 // Recognition
Going beyond
what's expected.
Consistent high-performance recognition across roles and organizations.
★
2025
Star Performer — Delivering Complex SIEM migration project while delivering $5 Million per year in savings
Maersk
★
2024
Star Performer — Delivering Zscaler ZIA & ZPA solutions across organization for 100,000 Users
Maersk
★
2023
Star Performer - Leading various Performance optimization & cost saving initiatives
Maersk
★
2022
Spot Award - Implementing Strategy to restict Network Access & kill switch strategy during Russia & Ukraine war situation
Maersk
★
2022
Spot Award - Transforming Network security across organization by Implementing Next-Gen Firewalls across Global estate
Maersk
★
2021
Star Award - For handling complex network security incidents & efforts towards problem management
Maersk
★
2020
Spot Award - Upscaling Remote Access VPN capability from 15k to 65k user capacity without downtime
Maersk
★
2019
Star Award - Smooth transition of Network Security operations takeover from Vendor to inhouse team
Maersk
06 // Testimonials
What leaders
say about me.
"
Have seen Siddhant's progress in both Technical and professional areas. He is always keen in learning new domains. He is excellent and reliable in work.
"
One of the most sincere, hardworking resource. His attention to details, positive attitude to managerial feedbacks and camaraderie with his team mates are his strength.
"
Siddhant is a natural leader who is competent and a great coach.His uncanny ability to learn, explore and implement technology is an example of his adaptability and understanding of the situation.
07 // Certifications
Credentials &
continuous learning.
CISSP
Certified Information Systems Security Professional
ISC2
Active
ISB Leader
Cybersecurity for Leaders - India-EMERITUS
ISB
Active
ISO 27001
ISO 27001: Information Security Management Systems Certified
DNV
Active
ZCCA-PA
Zscaler Certified Cloud Administrator Private Access
Zscaler
Active
ZCCA-IA
Zscaler Certified Cloud Administrator Internet Access
Zscaler
Active
CEH
Certified Ethical Hacker
EC-Council
Active
CCSA
Checkpoint Certified Security Administrator
Checkpoint Software Technologies
Active
AZ-104
Microsoft Certified: Azure Administrator Associate
Microsoft
Active
GCP
Google Cloud Fundamentals: Core Infrastructure
Coursera
Active
08 // Contact
Ready for the
next challenge.
Open to Principal Engineer, Security Architect, and Director of Security Engineering opportunities. Also available for advisory engagements and security architecture assessments.
Email Me
siddhanttupe712@gmail.com
LinkedInhttps://www.linkedin.com/in/siddhant-tupe →
GitHubgithub.com/siddhant712 →
Download Resume / CVPDF →