Post Job Free
Sign in

Information Technology Data Center

Location:
Matawan, NJ
Posted:
November 20, 2024

Contact this candidate

Resume:

FARAN A. BAJWA

** ******* ** *********, ** ***** · Cell 732-***-****

************@*****.*** · https://www.linkedin.com/in/faran-bajwa-3924573b/ · Active Certifications – Cisco CCNA, CCNP, Meraki, PALO, ZSCALER Fortinet – NSE 1,2 and 3

I am a highly motivated individual with over a decade of experience in the field of network telecommunications and IT consultation. My journey in information technology began when I graduated from DeVry in 2013, with a bachelor’s degree in network communications and management. I have since experienced working in many different environments expanding my technical knowledge from enterprise production networks that scale globally (Colgate) to managing massive network topologies that scale 3000+ devices (Port Authority). My experience overtime has thought me the importance of production networks, valuable team collaborations, and meeting business objectives in a timely manner. My greatest accomplishments have been my abilities to become an expert in network technologies including but not limited to routing, switching, firewalls, data center, server management, Wireless and cloud computing. These skillsets have given me the opportunity to become a strong technical resource that can lead projects from start to finish and provide recommendations to constantly improve the infrastructure. The biggest challenge we all face today is keeping up with the ever-changing field of information technology as it continues to go through paradigm shifts. My goal is to keep pace with this growth as I continue to learn as an individual and a contributor to overcome emerging technologies/solutions.

SKILLS/EXPERTISE

• Infoblox / IPAM servers

• CISCO IOS, IOS-XE, IOS-XR

• Nexus NX-OS (NXOS)

• Networking TCP/IP

• VYOS/PFSENSE/OpenVPN

• Cisco Meraki

• Cisco ASA 5000s

• Firepower NGFW (4110,4145,9000 SM-

56, and 2000 series)

• Firepower threat defense, FMC and FMD

• Fortinet Firewalls (FortiGate,

Fortianalyzer, FortiNAC,

FortiManager, FortiEMS, FortiSASE

• Palo Alto NGFW Firewalls, Prisma,

Panorama

• MS Azure Cloud /AWS /GCP

• Express Route / Direct Connect

• Data Center Technologies – Spine leaf

topology, Nexus, Arista.

• Visio / SOW / SOP / BOM

• Multicast / CCTV

• BGP / MPBGP /MPLS

Layer 2, Layer 3

• Spanning-Tree, Rapid, MSTP

• Cisco Optical Technologies (DWDM,

CWDM, SONET, multiplexing, ONS

Nodes)

• Viptella SD-WAN Solution

• VRF Technologies

• CISCO ISE / TACACS+

• DWDM/CWDM Technologies

• SNMP monitoring - Zabbix, Cacti

• Riverbed monitoring

• Cisco DNACenter / Prime / Collector

• IAM setups and deployments

• Cisco wireless technologies- WLC, APs

3700s, 9100.

• Catalyst 9000 series (9200,9300,9500,

8000s, 8300,8500)

• SAN MDS series 9148s,9250is

• VXLAN / DCI / ACI

• IGP Protocols – OSPF, EIGRP, RIP

• IPV4, IPV6

• Red seal – Security monitoring.

• SolarWinds -NPM, NTA, IPAM, UDT.

• Disaster Recovery

• Cloudflare SWG, VPN, and RBI

• SASE and SSE concepts

EXPERIENCE

AUG 2023 – OCT 2024

PRINCIPAL CONSULTANT

BLACKHAWK DATA LLC

• Client Collaboration: Worked closely with clients to discuss design reviews and infrastructure refreshes.

• Statements of Work (SOW) and Bill of Materials (BOM): Created detailed Statements of Work (SOW) for clients based on design reviews and generated Bills of Materials (BOM) for recommended deployment products.

• Vendor Collaboration: Collaborated with various vendors, including Cisco, Palo Alto, Fortinet, and Juniper, to stay current with the latest technological trends and updates.

• Vendor Training and Certification: Participated in vendor training sessions for certifications in both pre-sales and technical sales.

• Process Automation with Microsoft Tools: Utilized Microsoft automation tools, such as Power BI, to streamline processes for the sales team, enabling smoother engagement with Pre-Sales Solutions Architects on new deals and opportunities. This initiative improved tracking for deals and opportunities.

• RFP Responses: Composed RFP responses for medium to large bids and collaborated with vendors to deliver turnkey solutions.

• SASE and Secure Edge Design Concepts: Familiar with the latest design concepts for SASE and secure edge solutions, supporting a hybrid workforce and replacing VPN technologies. Also knowledgeable in CASB solutions for enhanced security and in transitioning environments toward Zero Trust networking.

• VPN Replacement Strategies: Up-to-date with current VPN replacement concepts based on Secure Service Edge (SSE) or SASE approaches. Deployed Fortinet VPN solutions integrated with Multifactor authentication, including SSL VPN, FortiEMS for ZTNA trust tags and certificate signing. Also Deployed SASE solutions for endpoint management and setting up a Zero Trust network.

• Deployed FortiGate’s with tie into FortiManager and FortiAnalyzer for best practices methodology. Using recommended IPS rulesets along with ML logic to create signature- based firewall policies.

• Designed and deployed Fortinet SD-WAN solution using ADVPN for a hub and spoke topology as first phase of migration from legacy network builds.

• Deployed Fortigates in HA policy for redundant topologies and utilizing VDOMs for DMZ and VPN related traffic.

• Deployed Fortinet WAF solutions for customers looking to secure their on prem web hosted applications, preventing layer 7 attacks like SQL intections.

• Interactive with Fortinet Developer Network to create automation processes using API calls and discussing latest trends and bug fixes.

• Deploying Arista Cloudvision solutions for customers looking for an automated and centralized management solution. Creating policies for Zero Trust provisioning and configuring complex designs like BGP EVPN with VXLAN for data centers. MAY 2022- AUG 2023

MANAGER, NETWORK OPERATIONS & INFRASTRUCTURE

PORT AUTHORITY OF NY & NJ

• Creating standard policies on network device configurations and software/firmware baselines to adhere to cybersecurity and industry standards.

• Evaluating firmware on devices against NIST national vulnerability databases, prioritizing high CVSS score vulnerability using data from SNMP polls from various sources.

• Managing and supporting Network Management Systems (NMS) including but not limited to SolarWinds, Zabbix, Cisco Prime, Net Registrar (DHCP), Cisco DNA Center, WLC, Riverbed, Firewall FMC and FMD for Cisco Firepower.

• Managing ISP vendors Verizon, ATT, and Crown Castle to identify current infrastructure and continually work to optimize our current WAN mediums to meet business needs.

• Designing/Architecting new network deployments/solutions as the agency continues to expand its infrastructure in support of our critical applications. Includes scoping devices, fiber, power and shifting focus on end user experience.

• Designing/Architecting new SD-WAN refresh of the current WAN architecture which includes a migration the current Verizon fiber ring to a MPLS cloud/DIA hybrid solution to allow for more flexibility and use of cloud applications. Projected 44 Edge devices that will be managed via central management plane.

• Designing/Architecting for EOL (End of Life) hardware upgrade project to cover 2000 plus devices that have potential to reach software vulnerability dates which ultimately impacts the security front of network.

• Re-designing/upgrading Azure Express route via ATT Net bond circuits to 10GB from 1GB to meet expanding needs for cloud computing. As well as migrating Azure Wan to vWan hub with Palo Alto VM firewalls to allow for better communication flows between cloud instances.

• Designing and deploying AT&T private APN Solution (FirstNet) for mobile IOT devices via SIM cards to connect back using IPSEC tunnel on ATT’s network backbone. This solution provides a secure direct connectivity to corporate environment for end users/applications.

• Designing and deploying AT&T MEC (Multi-Access Edge Computing) solution for a private cellular network environment. The private cellular network will provide coverage/connectivity for cisco 1101 routers in the MEC coverage area as directly connected devices via SIM cards.

• Designing/Architecting Data Center migration strategy to migrate current Data center to a new location. Project involves identify key network core elements for migration including Nexus 7710 cores, ASR9001 edge routers, and Cisco Firepower NGFWs.

• Contract manager for fiber and network solutions vendor, maintaining compliance standards, creating, and ensuring vendors are adhering to SLA requirements.

• Deploying Fortinet 3201F firewalls at new possible datacenter location to replace Cisco firepower FTD firewalls.

• Creating migration plan to migrate Cisco to Fortinet Firewalls and deploying policies around full SSL decryption.

FEBRUARY 2018- MAY 2022

SENIOR NETWORK ENGINEER

PORT AUTHORITY OF NY & NJ

• Leading network infrastructure projects on Port Authority’s major site locations including but not limited to, major airports such as JFK, LaGuardia, and Newark. As well as bridges and tunnels including Holland Tunnel, Staten Island Outer Bridge Crossing, and Sea Ports.

• Supporting Port Authority capital plan projects which are budgeted around 3.5 billion. Capital plan included but was not limited to redevelopment of all 3 major airports, and core infrastructure. This plan involved massive network infrastructure redesign and rebuilt starting in 2018 and projected completion in 2028.

• Providing technical expertise on initial surveys, scoping a design/solution, implementation, post implementation checks, post completion documentation for day-to-day operational needs.

• Lead Engineer on refresh of the revenue control system at all three major airports. Overall project goal was to transition to new revenue control system designed with Cisco IE5000 industrial ethernet switches in lane cabinets and cellular backup via cisco 829 routers using DMVPN tunnels. Project also involved device hardening to adhere to industry PCI standards.

• Core network upgrade to migrate from directly connected WAN circuits to BGP MPLS VPN environment with RR clients to isolate vendor traffic in VRFs across enterprise core network. This allowed us to transport vendor networks in isolated environments back to data centers.

• Providing solutions for Layer 2 Lan extensions using L2tpv3 and BGP EVPN, and VPLS technologies.

• Major firewall migration project including major migration from Checkpoint Firewalls to Cisco Firepower NGFWs. Migration included moving access control rules, IPSEC VPN tunnels, site to site VPN tunnels and setting up of dynamic and static NAT.

• Installing Cisco Firepower’s to be managed by FMC as a central management GUI.

• Lead engineer for the new Terminal 1 at Newark Airport. Included deploying 9600s chassis in SVL acting as a single core in redundant MDFs. As well as installing Firepower 4110s in HA to provide security against shared vendor traffic that tied into Port Authority core switches.

• Well experienced with Cisco CLI/GUI in ISR routers, catalyst switches, nexus family, ASA firewalls, as well as Cisco GUI interfaces for ASAs, Meraki, and more recently DNA.

• Assisted in setting up SNMP monitoring in ZABBIX and SolarWinds for network systems environment to monitor and manage over 3000+ devices.

• Led efforts to install CISCO DNA center to manage and monitor our core infrastructure. Included installing servers in a cluster/HA mode, as well as bringing up a test version of DNAC to test in our environment. Currently working in test mode pending GO-LIVE to apply in production networks.

DECEMBER 2014- FEBRUARY 2018

SR NETWORK CONSULTING ENGINEER, PRESIDIO INC.

• Working full time with the client Port Authority of NY/NJ to assist their Technology Services Department in everyday implementation and troubleshooting.

• Involved with projects such as DWDM deployment for their optical environment for their PATH facilities as well as the Airport facilities like Newark Airport.

• Also implemented and executed projects with CWDM passive optics

• MP-BGP set up for the core network, included segmenting all downstream locations via RD’s and RTs. This allowed us to better segment major production traffic and any vendor related technologies that were also on the network.

• Lead for sites such as, Newark Airport, and Holland Tunnel, to carry out projects such as full VOIP deployments with a Voice Team where old PBX supporting their Analog voice systems were replaced by cisco VG series (224, 310). Some Projects included Core upgrade involving replacing 6509 Chassis with 4500X Switches running VSS between the pair. As well as upgrading access switches with 2960s or 3850s depending on the requirements.

• Carried out other projects like Holland Tunnel full network upgrade which involved replacing the existing 6509 cores with Nexus 93180’s as well as the access layer which was due for an upgrade as devices reached End of Life.

• Implementing Nexus 7K series and 9372’s to replace a lot of older cores 6509, and 4507 switches to provide the client a stronger backbone with more throughput at 40 and 10 gigabytes.

• Setting up a SAN A and B environment for client with a physical fabric separation based on Cisco best practices. Setting up FCIP tunnel set up between data centers to extend the SAN environment between the client’s two data centers.

• Set up the SAN’s initial fabric environment by defining alias’s / PWWN’s on Cisco’s MDS equipment and managing SAN database.

• Completed documents after a completion of a project which involved Visio Diagrams, Excel Documents for IP Address management IPAM, Data Tracking, and As-Built Documents before handing over to PA’s Operations department.

• Setting up and using network appliances like Cisco Prime, Infoblox, and ISE for maintaining the daily network operations included but not limited to daily device monitoring, IP address management, and device/identity management.

• Led design meetings with Port Authority project managers and other sub-contractors to discuss more in depth the design details and set up for current/upcoming infrastructure changes.

MAY 2014- DECEMBER 2014

NETWORK CONSULTING ENGINEER, ASPIRE TECHNOLOGY PARTNERS

• Working with customers to plan, build, and help operate internetworking solutions.

• Experience with Cisco ASA firewall solutions, including but not limited to setting up site to site VPN’s, SSL clients and dual ISP set ups.

• Implementing data center technologies such as Nexus 7k, 5K and 2Ks for a core and aggregation layer, and understanding protocols such as OTV, FCoE, VPC and Fabric Path to help eliminate or create a network that works with STP.

• Deploying various Cisco technologies on site for as part of the SOW written per solutions team to meet business needs.

• Understanding and doing fiber related work which included patching connections and working with OTDR technologies for troubleshooting purposes.

• Conduct documentation in all phases of a project, including pre topology design, post topology design, and project closure documents using tool such as Microsoft Visio. NOVEMBER 2013 – MAY 2014

CISCO NETWORKING ENGINEER, IPSOFT INC.

• Interact with toolsets to Automate tasks

• Automate tasks as much as possible through the development of scripts and administration tools.

• Monitoring of system stability, availability and performance.

• Ensuring 24x7x365 operation of internal and client systems.

• Drive service provides to resolve issues in the shortest time possible

• Assist in implementing new network technologies and equipment by working with a team of network engineers.

• Perform documentation of procedures.

• Execute change management according to documented procedures.

• Engage with clients to troubleshoot issues and ensure production of their network.

• Ensuring up keeping of devices such as cisco ISR 800, 1800, 2800, 3800, and 7200 routers as well as cisco catalyst 4500E, 3650, 3850, 3560, 6800 switches.

• Resolving and implementing enterprise routing protocols such as BGP, OSPF, EIGRP.

• Troubleshooting WAN circuits and various WIC modules including HWIC, VWIC, ISDN, T1, Metro E, controllers, Crypto Tunnels.

APRIL 2012- OCTOBER 2013

OPERATIONS TECHNICIAN, COLGATE-PALMOLIVE TECHNOLOGY CENTER

• Troubleshoot and analyze WAN and LAN issues utilizing various tools including visual performance monitor, HP network node manager and network equipment access.

• Coordinate with other team members on outage restoration times, root cause analysis and escalation.

• Configuring unicast and multicast routing using protocols such as EIGRP, OSPF and IGMP.

• Interface with ISPs such as Verizon, PCCW and Orange to ensure Colgate receives superior service, quality, and trouble tickets are being worked efficiently and effectively.

• Responsible for the on-going review and monitoring of the production environment to ensure effective operation and overall stability of the environment in support of the business.

• Escalate and ensure resolution of business-critical issues as well as take appropriate action when alerts and notifications are received, to minimize any foreseeable downtime.

• Partner closely with 2nd level support on procedures and resolution plans for staff to utilize which in turn keeps systems, performing effectively and efficiently.

• Perform daily scheduled operations such as daily unified communications meetings, tape backups, SAP recycles, printer setups, and KPI upkeep.

• Ensuring all Production Control members are informed with regards to on-going issues and outstanding items Provide follow-up and resolution to ensure continuum and progress.

• Liaison with internal business units and work streams to ensure that information is communicated efficiently and accurately to all key stakeholders.

• Facilitate meetings with support teams to gather updates on outstanding issues and provide guidance on resolution strategies.

• Participated in upgrading Critical Business Application Autosys to a new Service Pack 1 Install which affected the major production network.

• Prepared technical documents with instructions and procedures to carry out major project steps along with providing updates to upper management

• Participated in Disaster Recovery Testing and preparing documentation for redundancy purposes.

AUGUST 2012 - SEPTEMBER 2013

INFORMATION TECHNOLOGY HELP DESK, DEVRY UNIVERSITY

• Diagnose PC hardware and software.

• Troubleshoot network and OS issues.

• Install OS Patches and images

• Repair malware and

• Install/repair OS on PC’s and laptops.

• Tutor students in Networking Communications course EDUCATION

OCTOBER 2013

BACHELOR OF SCIENCE IN NETWORK AND COMMUNICATIONS

MANAGEMENT, DEVRY UNIVERSITY, NORTH BRUNSWICK, NJ

GPA 3.7

CERTIFICATIONS

• Cisco CCNA – Jan 5, 2013 - Present

• Cisco CCNP – Aug 17, 2014 - Present

• Cisco Certified Specialist Enterprise Core- March 2022- Present

• Cisco Certified Specialist Enterprise Advanced Infrastructure Implementation - March 2022- Present

• Cisco CCNP – ENCOR - March 2022- Present

• Cisco Meraki CMNA – Oct 2017 – Present

• Cisco Certified Specialist – Enterprise Wireless Implementation

• Fortinet NSE 1 – June 2023 – Present

• Fortinet NSE 2 – June 2023 – Present

• Fortinet NSE 3 – June 2023 – Present

• ZSCALER Certified Sales Engineer

• Palo Alto Networks System Engineer (PSE): Foundation (October 2023)

• Palo Alto Networks PSE- Strata Associate (Jan 2024)

• Palo Alto Networks System Engineer (PSE): Hardware Firewall Professional (July 2024)



Contact this candidate