FHS Logo
2×CCIE (SEC·EI) · CISSP · MBA

Federico Hach

|

Cybersecurity architect and automation builder. I design Zero Trust programs that actually get deployed — 60+ enterprise customers across banking, telecom, and government in Latin America. Dual CCIE. CISSP. MBA.

Open to work in Mexico City and remote globally.

60+
Enterprise Deployments
16
Years in Cybersecurity
CCIE · Security + R&S
About Me

Who I Am

When LATAM banks needed to reach PCI-DSS compliance without disrupting live payment infrastructure, I designed and delivered full microsegmentation architectures using Cisco Secure Workload — leveraging the integration with Cisco FMC so firewall policies are updated dynamically, enabling agentless segmentation and traffic control across different zones within the Data Center. That kind of engagement — high-stakes, technically complex, timeline-constrained — is what I've been doing across 60+ enterprise customers in 6 countries for 16 years.

I also deployed Cisco Secure Network Analytics to provide full traffic visibility between IT and OT environments — enabling compliance-driven segmentation and integrating with Cisco ISE for automated threat response and containment actions in real time.

I'm a security architect who also likes vibe coding and writes code. My Python and AI automations have cut manual configuration during maintenance windows and operations from hours to minutes across multiple customer environments. I think in systems — architecture, policy, workflow — but I stay close to the implementation because that's where security programs actually succeed or fail.

We would like to express our sincere gratitude for your proactive use of AI tools to enhance our team’s efficiency. By streamlining our document processing, you have transformed what was once an activity of a couple of hours of manual work into a result achieved in mere seconds. We also want to commend you not only for developing this solution but for your dedication to sharing this knowledge and empowering others to learn.

Cisco CX Leadership

Thanks for all your efforts to drive AI adoption in Security by ideating new and innovative use cases, thoroughly testing, and presenting on the AI Security sessions. We could not have come this far in our AI adoption journey without your individual support and dedication!

Cisco CX Leadership

Zero Trust Architecture

Designed and delivered Zero Trust microsegmentation architectures aligned to NIST SP 800-207 for LATAM enterprises across banking, telecom, and government — from architecture design through phased rollout and full handover documentation.

Network Security

Firewall policy, VPN architecture, and threat detection with Cisco Secure Workload, Secure Network Analytics, Umbrella, Secure Access, and ISE.

AI-Driven Automation

Built Python + AI agents (including Claude-powered API tools) that reduced manual SOC query time from hours to under 5 minutes — transforming what was hours of manual work into seconds.

Python & DevSecOps

Developing dashboards, API integrations, MCP servers, and automated reporting tools that eliminate repetitive analyst work across customer environments.

Compliance & Frameworks

Led PCI-DSS scoping, segmentation design, and QSA-ready evidence delivery for 4 payment-processing environments in LATAM banking. Working fluency across NIST CSF, ISO 27001, MITRE ATT&CK, and CIS Controls.

Languages & Citizenship

EnglishB2 High-Mid · EF SET
SpanishNative
German Citizenship

Education

2024 - 2026

Master in Business Administration (MBA)

Tecnologico de Monterrey - EGADE / ITESM

2021 - 2022

Master in Cybersecurity

Tecnologico de Monterrey

2003 - 2008

Bachelor of Engineering in Computer Systems

Tecnologico de Monterrey

Career Timeline

Nov 2024 - May 2026

Customer Delivery Security Architect

Cisco Systems - Professional Services CX · Mexico City, MX

Lead Security Architect for enterprise customers across the Americas, responsible for security solution design, delivery, and post-deployment optimization across Cisco’s security portfolio. Drive Zero Trust, Secure Access, microsegmentation, network visibility, and AI automation initiatives within the Security Consulting team.

  • Drove AI adoption strategy for the Security Consulting practice — ideating use cases from concept through production and building Python + Claude AI automation tools that transformed document processing from hours of manual work into seconds, recognized by Cisco CX leadership for measurable productivity impact.
  • Mentored security engineers across the CX Security team on Secure Workload delivery methodology, raising team-wide delivery consistency.
  • Developed and shared internal AI tooling and enablement sessions, recognized by leadership for “empowering others to learn.”
  • Designed Zero Trust segmentation controls aligned to NIST SP 800-207 and PCI-DSS network segmentation requirements, implemented via Cisco Secure Workload — enabling 4 banks across LATAM to achieve compliance without disrupting live payment infrastructure.
  • Supported early customer adoption of Cisco Secure Access, including migration scenarios from Cisco Umbrella to Secure Access — reducing transition risk through phased rollout and validation.
  • Delivered architecture guidance, validation, and optimization for environments involving Secure Workload, Secure Network Analytics, Secure Access, ISE, NGFW, and Umbrella across multiple enterprise accounts.
  • Built an AI-powered security query agent (CSW OpenAPI Agent) that cut recurring SOC analyst query time from hours to under 5 minutes per investigation — eliminating manual CLI-diving for threat lookups.
Oct 2016 - Nov 2024

Consulting Engineer, Security Solutions

Cisco Systems - Professional Services CX · Mexico City, MX

Delivered end-to-end Cisco Security projects across the Americas, managing the full lifecycle from architecture design and implementation to documentation, validation, and operational handover. 60+ enterprise deployments across 6 countries.

  • Led change management for high-stakes engagements, coordinating customer teams, Cisco TAC, and Business Unit escalations — building lab environments to validate edge cases and reduce deployment risk.
  • Owned end-to-end delivery accountability across 60+ engagements: scoping, design authority, validation, and operational handover — spanning banking, telecom, government, and insurance verticals across Canada, United States, Mexico, Brazil, Chile, and Argentina.
  • Created High Level Design, Low Level Design, and Test Plan documentation for complex security engagements, which ended up being used as reference templates across the CX Security team.
  • Delivered PCI-DSS scope reduction, segmentation control design, and QSA evidence packaging for banking customers — implementing microsegmentation policies via Cisco Secure Workload across multi-site enterprise environments.
  • Delivered Cisco Secure Network Analytics projects end-to-end: flow collection, host group hierarchy design, custom security events, and response management integration — giving SOC teams real-time visibility they previously lacked.
Jun 2015 - Oct 2016

Security Specialist

Axtel - Nationwide Telecommunications Carrier

Deployed ISE, VPN, ASA, and Sourcefire security solutions for enterprise carrier customers; led security technical initiatives and designed LAN/WAN architectures using BGP, OSPF, DMVPN, and Cisco Nexus platforms.

Dec 2013 - May 2015

Field Engineer

Hola Innovacion - Network Services

Deployed Cisco Unified Wireless Network solutions, including site surveys with Ekahau, LAN/WLAN integration, and security hardening for enterprise customers.

Sep 2010 - Dec 2013

Solutions Architect & Systems Engineer

Cuatro Networks - Network Services

Designed Cisco LAN, WLAN, Data Center, Security, and Meraki cloud solutions following the PDI lifecycle for enterprise and mid-market customers.

Portfolio

What I've Built

Tools and solutions built with Windsurf IDE, combining cybersecurity expertise with AI-powered development to solve real enterprise challenges.

Featured
CSW OpenAPI Agent screenshot

CSW OpenAPI Agent

Cut analyst time on Cisco Secure Workload security queries from hours to under 5 minutes per investigation. AI-powered agent that interprets natural language questions, generates live API calls, and presents results in real-time.

Built to eliminate the manual process of navigating through multiple dashboards to get the information needed. Key feature: microsegmentation maturity assessment that evaluates the readiness and enforcement state of application segmentation policies. Also features natural language Q&A about your CSW deployment, live API calls with sandbox validation, pre-built queries for common operations, safe mode that shows API calls before executing, and CSV export. Built with Python, Claude AI, and the Tetration REST API.

PythonClaude AIREST APICisco CSWNLPAutomation
CSW Red Button screenshot

CSW Red Button

One-click forensic data collection during active security incidents — replacing a multi-step manual process that previously required Cisco TAC escalation. Gives IR teams same-day packet and flow context without waiting on ticket queues.

PythonFlaskCisco CSWForensics
WSA Policy Review Dashboard screenshot

WSA Policy Review Dashboard

Automated review of Cisco WSA policy configurations — surfacing compliance gaps and misconfigured rules that manual review routinely misses. Displays access policies, identification profiles, HTTPS policies, custom categories, routing, and security features at a glance.

PythonDashboardCisco WSAXML Parsing

CSW Vulnerability Reports

Automated vulnerability analysis that processes CVE data across workloads and generates actionable security intelligence — replacing hours of manual report compilation with on-demand reporting by label.

PythonCVESecurityReporting
Case Studies

Security Work with Measurable Impact

A business-focused view of how architecture, automation, and operational execution translate into faster decisions and lower risk.

Under 5 min

security query turnaround

CSW OpenAPI Agent

Problem

SOC and architecture teams spent hours navigating dashboards and manually collecting Cisco Secure Workload context.

Approach

Built a Claude-powered Python agent that interprets natural language, validates generated API calls, and returns real-time operational answers.

Impact

Reduced recurring investigation workflows from hours to minutes while preserving a safe mode for API visibility before execution.

Outcome-oriented security delivery

4 banks

enabled for compliance

PCI-DSS Microsegmentation

Problem

Payment environments needed PCI-DSS segmentation without disrupting live transaction infrastructure.

Approach

Designed phased Cisco Secure Workload segmentation architectures with dependency mapping, policy validation, and QSA-oriented evidence.

Impact

Enabled compliance progress with lower operational risk and a clearer path from visibility to enforcement.

Outcome-oriented security delivery

Seconds

for repeated document tasks

AI Security Automation Adoption

Problem

Security teams were spending repeated manual effort on document processing, reviews, and operational reporting.

Approach

Created Python and AI-assisted workflows that convert structured and unstructured inputs into reusable analysis outputs.

Impact

Transformed multi-hour manual activities into repeatable workflows measured in seconds and recognized by Cisco CX leadership.

Outcome-oriented security delivery
Presentations

Talks & Sessions

CISSP Domain 7: Security Operations

Cisco Internal2025 & 2026

Delivered a deep-dive session on CISSP Domain 7 — covering incident management, disaster recovery, logging & monitoring, and change management — as part of Cisco’s internal Route to Readiness certification program.

CISSPSecurity OperationsCertification Prep

AI Security Session: Cisco Secure Workload

Cisco Internal2026

Presented innovative AI use cases for Cisco Secure Workload — demonstrating how Python and Claude AI agents can automate policy analysis, microsegmentation maturity assessments, and operational queries.

AICisco Secure WorkloadAutomation

AI Security Session: Cisco WSA

Cisco Internal2026

Showcased AI-driven automation for Cisco Web Security Appliance — including automated policy review, configuration gap analysis, and compliance reporting using Python tooling.

AICisco WSAPolicy Review
Services

Consulting Offerings

Practical security architecture services for teams that need Zero Trust, compliance, and automation programs to move from strategy into production.

Zero Trust & Microsegmentation Assessment

Assess application dependency maps, segmentation maturity, enforcement readiness, and rollout risk against NIST SP 800-207 and Zero Trust maturity models.

NIST 800-207 alignmentPhased roadmapPolicy enforcement model

PCI-DSS & Compliance Advisory

Help payment environments reduce PCI-DSS scope, validate segmentation controls, and prepare QSA-ready evidence — with control mapping to NIST CSF and ISO 27001 where needed.

Scope reduction strategyQSA-ready evidenceFramework control mapping

Security Automation & AI Agents

Build Python tools, AI-assisted workflows, dashboards, and API integrations that reduce repetitive analyst and architect work.

API-driven workflowsAI-assisted triageExecutive reporting

Cisco Security Architecture Review

Review Secure Workload, Secure Access, ISE, Secure Network Analytics, Umbrella, NGFW, and FMC designs for operational readiness.

Architecture gapsOptimization backlogDeployment risk reduction

Executive advisory

Strategy, roadmap, and risk framing for security leaders.

Hands-on delivery

Architecture, implementation support, validation, and handover.

Technologies

Tools, Platforms & Domains

Frameworks & Standards

NIST SP 800-207 (Zero Trust)PCI-DSSNIST CSFMITRE ATT&CKISO 27001CIS Controls

Architecture Domains

Zero TrustMicrosegmentationCompliance & Audit ReadinessIncident ResponseOT VisibilityNetwork Security

Cisco Security

Secure WorkloadSecure AccessISESecure Network AnalyticsUmbrellaNGFW / FMC

Automation Stack

PythonClaude AIREST APIsDashboardsCSV ReportingNext.js
Architecture Principles

How I Approach Security Architecture

Design for enforcement, not slideware
Automate evidence collection wherever possible
Reduce analyst toil with safe, explainable workflows
Move Zero Trust programs through visible, phased maturity
Measure security controls by operational outcomes
AI Security Demo Concept

Turning Security Questions into Actionable Context

A visual example of the type of AI-assisted workflow I build: natural language questions, controlled API execution, risk-focused summaries, and outputs that both analysts and executives can use.

Natural LanguageSafe API CallsRisk SummaryCSV Export
csw-ai-agent.demo

Ask

show me the enforcement maturity assessment of workspace Data Center:WIndows

Assistant

Built-in workspace maturity scoring (100 pts):

CriterionWeight
Enforcement enabled20
Analysis enabled15
Policies defined (≥10)15
Catch-all = DENY15
Analyzed version exists10
Protocol specificity (<30% ANY)10
Has DENY rules5
Primary workspace5
Enforced version exists5

Ask maturity score for workspace X and you get a full criteria breakdown + level (🏆 Mature / 🟢 Advanced / 🟡 Developing / 🟠 Basic / 🔴 Minimal).

Contact

Let's Talk

Open to senior architect roles and consulting engagements.

Based in Mexico City · Available across Latin America and remote globally

Full-time roles

Senior architect and security leadership — CISO, Principal Architect, Head of Security. Connect on LinkedIn and mention the role.

Connect on LinkedIn

Consulting

Zero Trust, microsegmentation, PCI-DSS, and security automation. Project-based engagements across LATAM and remote globally.

ccie57675@gmail.com
Senior Security Architect rolesPrincipal Architect opportunitiesZero Trust advisoryPCI-DSS segmentation consultingAI security automation projects