Senior Network Engineer, Freelancer with 20+ Years Experience

• Administration of Cisco network infrastructure (LAN, WAN, and WLAN) including Cisco ISE, Cisco Prime, and Palo Alto Panorama applications; support for maintenance and troubleshooting at 3rd level; technical consulting for business units
• Administration of Palo Alto firewalls, firewall rule configurations; troubleshooting using firewall logs; participation in documentation maintenance; adding missing processes and methods
• Remote access and site-to-site VPN configurations with Cisco ASA for various external service providers and partner companies; improved network infrastructure and further development of the existing lifecycle; monitoring of responsible systems (PRTG)
• Configuration templates and other software distribution and new configuration rollout with Cisco Catalyst Center; enabled "Plug and Play" feature for switch configuration automation
• Management of external service providers; maintenance of IT documentation (operation manuals, etc.)
• Used HW/SW: Cisco 2900/9300/Nexus 5xxx switch series; Cisco ASA5500-X / Firepower 21xx; Cisco ISE v3.2; Palo Alto Panorama 10.x; Palo Alto Firewall 220/30xx series; Cisco Catalyst Center; Cisco Prime 3.10; Cisco Umbrella; Splunk; RSA Appliance (Secure Logon); Meraki MS210 switches; MR44 APs

• Operation, maintenance, and administration of the global network and security system landscape; support for maintenance and troubleshooting at 3rd level; technical consulting for business units
• Independent planning, execution, and monitoring of system updates (updates, upgrades, minor/major changes, software/hardware swaps/upgrades, etc.); responsible for end-to-end creation, continuation, and updating of documentation, guides, and operations manuals across locations
• Management of external service providers as part of service and escalation management
• Writing or modifying Ansible scripts based on task requirements
• Used HW/SW: VMware Velocloud SD-WAN; ExtremeCloud IQ; Extreme Networks X440/X460/X680 series switches; Extreme Networks NAC; PRTG; FortiGate FW 80E-600F v7.0; FortiAuthenticator v7.x; FortiSandbox v7.x; FortiAnalyzer v7.x; FortiManager v7.x; FortiMail 7.x

• Creating project schedules for LAN and WLAN component replacements with Cisco DNA Center (20 sites, 300 devices); executing the project plan; preparing hardware order lists by site and getting approval from management and site contacts
• Performing network segmentation and lifecycle replacement projects with local IT technicians at all sites worldwide
• Evaluating existing security concepts from external integrators on endpoint security and firewall improvements; coordinating with team leads and affected departments
• Planning new sites; developing network designs (HLD and LLD) according to company standards
• Supporting the operation of firewalls and LAN/WLAN infrastructure; firewall rule maintenance; creation and maintenance of relevant documents; troubleshooting and analysis; log file analysis
• Managing an external service provider and internal staff; updating project plans; tracking deliverables
• Used HW/SW: Cisco WLC9800; Cisco AP 2700/2800/3600/9100 series; Open Systems SD-WAN; Cisco 9200-9300 series switches; Cisco DNA Center; NeDI; PRTG; FortiGate FW 200E-600E v6.2; FortiAuthenticator v6.x; FortiSandbox v6.x; FortiAnalyzer v6.x; FortiNAC v9.x; Palo Alto Panorama v10; Palo Alto 400 series and 3200 series firewalls; Palo Alto Cortex XDR Endpoint Security

• Supported network segmentation project at Aareon Deutschland GmbH after Aareal Bank AG acquisition, consolidating firewall policies and redesigning IP addressing, preparing IPv6 addressing technology, reconfiguring Checkpoint firewalls to IPS, threat emulation, zero-day attack and SandBlast applications
• Created new unified company rules across all access and server network areas at German and European branches (VLANs, IP address ranges, firewall objects, firewall rules, switch configs, naming conventions, WLC configs), testing and troubleshooting after migrations
• Implemented 802.1x authentication (MAC-address or machine certificate) for PCs, printers, and other endpoints using Cisco ISE, TACACS and RADIUS servers, FlexConnect and other AP/WLC configs
• Assisted in MFA (multi-factor authentication) project with RSA Authentication Manager 8.x, held customer meetings and did requirements analysis with the project team and external experts. Connected RSA Authentication Manager to AD, configured policies, users, RADIUS profiles/clients, identity sources, backup tests, replica setup, created failover scenarios, project documentation and reports based on customer needs
• Assisted in configuring Cisco SD-WAN appliances between headquarters and remote offices, using new configuration templates (vManage, vSmart) for VPN policies during new office rollouts, applying routing (OSPF, BGP), QoS, traffic engineering and app-policy configurations
• Automated daily routine tasks, collected necessary data or changed global configs on network devices using Ansible scripts
• Used HW/SW: Cisco Catalyst 2960/3560/6500/9300 series switches, Cisco Nexus 5500 switches + 2248 FEX modules, Checkpoint 1400/5000/15000 series firewalls, Fortigate firewalls v6.2 with FortiAnalyzer, Cisco ASA-X firewalls, Cisco ISE v3.0, Cisco WLC 5500 series, RSA Authentication Manager v8.x, Cisco SD-WAN v17.2, HP Procurve switches

• Took over the network from a colleague who left (group transfer due to mass layoffs)
• Handled tickets and provided last-level support at sites in Bavaria with IET ticket system (around 150 sites)
• Daily operation of LAN and WLAN environments and supported 2nd-level and server teams on network issues, provided training and workshops, explained the use of new technologies (Cisco VRF-Lite, MACsec, ISE, ACI)
• Further developed/optimized the overall solution in close coordination with the customer, advised on implementing new/changed business requirements
• LAN refresh, network developments (device and IP address expansions at various sites), site builds and decommissions, coordination of field engineers, single to redundant site migrations, routing adjustments
• Used HW/SW: Cisco ASDM, ACI, Prime, ACS server, ISE, KIWI CatTools, Microsoft NPS, Windows Server 2012, Cisco ASA 5515-X, Cisco switches (2960, 3560, 3650, 3750, 3800, 4500, 4900 series), Nexus switch (3100 series), Icinga/MRTG monitoring, Cisco WLC 5508/8500 series

• Technical project management for migration, coordinating remodeling work, network expansions for various departments (Social Affairs, Construction, Planning, District Administration, AWM, Directorate), supporting about 500 devices.
• Operation, maintenance and further development of the infrastructure, implementation based on regulations on a virtualized platform.
• Troubleshooting (receiving, analysis, resolution) using Assyst ticket system.
• Inventory and needs analysis => documentation, network planning, component selection, client advising.
• Carrying out remodeling and migrations with third-party companies (subproject lead), site migrations onto the new MPLS VPN design (new IP addresses, new device installations, new configurations (PE-CE sites)), followed by functionality and redundancy tests.
• Advising city departments and municipal enterprises on communication technology questions, such as network solutions for various situations (connections, routing+switching, redundancy, datacenter, security, wireless rollout, guest Wi-Fi options).
• Operation, maintenance (Command), optimization and administration of active network components deployed (Cisco routers and switches, Cisco ASA/ASA-X or Check Point 2000-4000 firewalls (SW ver. R77.30), Cisco WLC 4400/5500 series, Fortinet FortiGate 200/300 series firewalls), the entire MPLS network (P, PE, CE devices, MPLS VPN and BGP routing).
• Creating concepts for various future and existing scenarios (larger/smaller sites with or without redundancy, hardware recommendations), WLAN installation concept (WLAN controller, APs, corresponding network hardware), concepts for different redundancy options (VSS, L3 redundancy, L2 redundancy, spanning-tree load balancing). Updating old concepts to current standards and Cisco recommendations.

• Rollout of standard network components in production environment (switches, routers, access points, firewalls). Data center operations (Cisco Nexus 2000/5000/7000 series, Cisco 6500-6800 series with VSS technology, Cisco ASA/ASA-X and Check Point 2200-4400 firewalls (SW R77.10), IPv6 addresses, Cisco WLC).
• Technical project management for migration, teardown and setup, network expansions.
• Advising on new technology introductions, project planning/pilot tests, software (IOS) certification.
• Migration from 2.4 GHz to 5 GHz wireless LAN at all sites, project planning and implementation.
• Assistance and test plan execution during prime installation (component testing), prime fine-tuning after implementation. Monitoring of the entire network using Cisco Prime application.
• Development of WAN, LAN and WLAN standard concepts, configuration templates on various network platforms and sites, especially in production environment.

Multinational telecommunications company with over 300,000 employees worldwide, mainly monitoring and support, troubleshooting for Cisco IP telephony and network systems with remote access. The Bratislava branch is the EMEA headquarters with about 1500 employees.

• Configuration of Cisco VG224/248 devices, CallManager 3.x - 7.x, Unity 4.x – 7.x, CUE, CME, CER, IPCC devices for customers, configuring new customer sites based on approved plans, identifying VoIP issues for customers. Performing necessary maintenance on servers, routers and gateway devices. Working with AT&T ticket system and change management processes.
• Installing and/or upgrading existing Unity or CallManager versions according to customer contracts or requirements at end customers such as Lexmark, General Motors, Flowserve, Ford Motor Co., Eli Lilly, Cognizant.

Manufacturing company with a redundant network and car tire production in 3 shifts. Wired and wireless network for offices and production area with about 3000 endpoints and 100 servers. Strict network security due to confidentiality of the fully automated production technology.

• Maintenance and installation of HP Blade and DL servers (DC, WSUS, application servers, file and print servers), support of other IT devices and users. Monitoring the infrastructure with HP OpenView, HP Insight Manager, Nagios, MRTG and Cacti applications.
• Maintenance and configuration of Cisco devices (2960-6500 series switches, 2800/1800 series routers). Configuration and installation of the IP telephony system (CallManager 4.2 + Unity 4.0), the two wireless controllers and setup of 45 APs. Setup of the Tandberg MX series conference system.
• Administration and monitoring of two Cisco ASA5540s with IPS modules, Cisco MARS, NAC, Security Agent and Management Center.