Sr. Network Consultant

DC Network Segmentation.

This project focused on DC Network Segmentation during the plan/implement phase. Main expertise included Aruba Pensando, Fortigate, Nutanix, Intune, and scripting.

To align with governmental regulations and adhere to best practices recommended by Gartner's Zero Trust Network Segmentation, HHR's data center must be segmented to enhance security and mitigate risks. Zero Trust principles emphasize that no user or system, whether inside or outside the network, should be automatically trusted. By segmenting the data center, HHR can limit access to critical applications and prevent lateral movement of potential threats across the network. This approach reduces the attack surface, isolates sensitive systems, and ensures stricter access controls, reinforcing the overall security posture of the organization.

Actions taken:

• HLD network segmentation
• Implementing Nutanix Flow FW segmentation (IT)
• Implementing Intune FW segmentation (OT)

Results:

• Both IT and OT environment has been secured by implementing network macro/micro-segmentation

Used techniques:

• Fortigate, Aruba Pensando , Intune, Nutanix Flow Security
• Power shell scripting is used for VM tagging; Postman is used for configuring policies on Pensando; Terraform for Nutanix flow

Financial impact:

• Secure datacenter network communication which lower possibility of cyber-attack events

Network guidelines, migrations and upgrade.

This project focused on Network architecture during the Design / Plan phase. Main expertise included Architecture, TOGAF, and SASE.

As a Network Architect, Mohamed was responsible for developing and implementing network architecture and guidelines for the company. The role demanded a thorough understanding of different infrastructure frameworks, and the ability for conceptual thinking. He was expected to collaborate with other architects, including cloud and domain architects, to ensure cohesive and efficient network solutions. Additionally, the role included providing expertise and acting as a knowledge hub for network technology, guiding the architectural team in adopting best practices and innovative solutions.

Actions taken:

• Developed and wrote comprehensive network architecture and guidelines for the company's network infrastructure.
• Conducted extensive research to expand and refine the definition of the network services, incorporating new trends and technologies.
• Collaborated closely with cloud and domain architects, sharing network technology expertise to enhance the overall architecture.
• Acted as a central knowledge hub, providing guidance and support on network technologies to architect colleagues.
• Authored a solution architect document detailing the implementation of SD-WAN technology to interconnect data centers and office locations.

Results:

• Successfully delivered a detailed and robust network architecture and guidelines document that was adopted company-wide
• Produced a high-quality solution architect document that effectively outlined the SD-WAN interconnection strategy, resulting in a seamless integration of data centers and office locations.

Used techniques:

• Cisco DC R&S, SDWAN, ACI, TOGAF 9.2, Zero Trust, Micro segmentation

Financial impact:

• Less MPLS bandwidth usage (less OPEX) , better SaaS performance due to introduction of local internet lines (higher client satisfaction),well defined network service architecture.

DC Migration from Cisco fabric path to ACI.

This project focused on DC migration during the Design / Implement phase. Main expertise included R&S, Wireless, Voice ACI, Netscaler, BGP/OSPF, and ISP.

The workload encompassed coordinating the network migration implementation among various involved parties, specifically Cisco Advanced Services and Accenture. This task required effective communication and collaboration with these external teams to ensure the seamless execution of the migration plan. The engineer was also responsible for creating detailed micro designs for different system migrations within the data center. This involved a meticulous approach to ensure that the designs were consistent across different network zones, maintaining uniformity and coherence in the overall network architecture. The engineer had to address any discrepancies and ensure that all designs aligned with the project's objectives and standards. Additionally, the role required the engineer to oversee the implementation process, monitor progress, troubleshoot issues, and provide regular updates to stakeholders.

Actions taken:

• As SME, provide network consultancy service for Allianz Technology clients and business units.
• Implement different migration projects from Fabric Path into ACI
• Solve issues and implement changes on external connections (BGP/OSPF).
• Provide migration plan for Citrix SDX load balancers and help management taking migration decision.
• Migration of OOB network from cisco 2901 to Perle terminal servers, redesign the network to allow high redundancy and better security
• Working with ISP on implementing changes

Results:

• As a result of network migration, Allianz business units have better application experience and higher user satisfaction rate.

Used techniques:

• Cisco DC R&S, Citrix load balancers, IPv6, Python, ACI, microsegmentation. Python scripts were used to gather inventory from network devices

Financial impact:

• ACI allowed for micro segmentation of different business unit applications, which provided higher security and faster time to market for new applications. Automation tools allowed for less change lifecycle time.

Design and engineering for wireless and wired remote office network.

This project involved the design and implementation of LAN/WLAN during the Design/ Implement phase. Main expertise covered R&S, Wireless, Voice, and ISE.

ABN AMRO Clearance bank is doing clear and finance over 16 million trades per day and covers 90 of the world’s leading exchanges across Europe, the Americas and Asia Pacific. Network design for LAN and WiFi network for remote offices was needed.

Actions taken:

• Design and implement guest Wi-Fi network and remote office network for Europe and APAC locations
• Work with ISP implementing changes

Results:

• Secure mobility for guest users
• Secure and reliable data communication for end users
• Simplified network landscape

Used techniques:

• Cisco Unified CM, VRFs, MPLS, OSPF,WLC 5508, WLC3504,AP SSO HA

Financial impact:

• Easier managed and secure network allowed for higher business continuity and deployment of agile applications.

Design and implementation of secure network solutions for upstream locations at Shell (NL&UK).

This project involved designing and implementing secure network solution for industrial control systems (ICS) during the Design/ Implement/ Maintain phase. Main expertise covered R&S, Fortigate, traffic analysis, and ISA99.

Main responsibility of ICS security team is to enable secure operation for all upstream gas locations belonging to the NAM (Nederlandse Aardolie Maatschappij). Tasks are divided in two categories: run & maintain which includes: Support incident response activities and central coordination with IT and IRM stakeholders, Managing and maintaining a secure ICS in an operational facility and ensuring compliance to applicable standards (Shell DEP,ISA99), Deliver solutions to ensure that all assets and projects within the defined domain/scope are meeting the expected cyber risk management activities and reporting status/posture/compliance to the central technical and global leadership teams, Contribute to the central strategic direction and program objectives and communicating expectations in region, Collect technical solutions from regional stakeholders and communicate to the central team, Provide technical leadership and consulting to improvement, remediation projects. projects: Designing, developing and deploying resilient ICS architectures and system configurations during innovation and capital projects, Interfacing with operations when planned activities impact site operations, Integrating system security and robustness requirements into procurement specifications and contract agreements.

Actions taken:

• Design and implementation of security and networking solutions to integrate new subsystems into network infrastructure
• Real-time network and traffic auditing using network monitoring and event logging tools
• Ensure system availability and integrity
• Delivering project documentation

Results:

• Integration of new ICS subsystems for different vendors (YOKOGAWA, Schneider Electric, Honeywell, and Siemens) into existing infrastructure met business needs and was successful without interruption.
• No security incident has been recorded due to professional way of operation

Used techniques:

• PCAD portal, Whatsup Gold, Infoblox IPM, WSUS, ePO, Symantec, Cisco, Fortigate, Fortianalyzer, Fortimanager, Checkpoint, KiWi

Financial impact:

• ICS systems were secure at all upstream locations and worked continuously without interruption of gas production.

This project involved the rejuvenation of Coen tunnel in Amsterdam during the Design and implementation phase. Main expertise included Fiber optics and L2 switching.

The second “Coentunnel” and “Westrandweg” highway have been constructed to improve traffic flow and accessibility of Amsterdam city. Mohamed was responsible for design and implementation of layer 2 backbone network which backhauls traffic for all subsystems inside the tunnel. The network is coupled with the traffic management system for the Dutch government. Redundancy and low latency were key design requirements for this network and have been optimally achieved. Cisco switches and optical fiber connections were used in building the network. The network was successfully implemented and all functionalities were successfully verified against requirements.

Actions taken:

• HLD was translated into LLD and implemented
• Appointments were taken with different system custodians in order to provide the right network requirements for each system
• Old infrastructure ring were decommissioned and replaced by new one

Results:

• The network infrastructure was operationally delivered to RWS according to agreed specifications and system functional requirements

Used techniques:

• Cisco L2 Switching, AutoCAD, Visio, Whatsup Gold, making of fiber optic batching design, Wireshark, Cisco Catalyst IE300, Cisco 3750, C50 encoder

Financial impact:

• The tunnel was operational again and new installed systems increased safety and improved traffic flow.

Implementation, migration and troubleshooting of telephony infrastructure.

Project: ING VOIP infrastructure (Client: ING Bank, Netherlands)

• Purpose: Migrate telephony infrastructure into new version of AVAYA communication manager (Implementation Phase). Main expertise: AVAYA aura communication manager.
• Management team of ING bank in the Netherlands has approved a plan to enhance the telephony infrastructure owned by the bank nationwide. Within an implementation team, Mohamed has carried out the test and implementation of AVAYA unified communication network on multiple remote locations. All remote locations were able to use uninterrupted voice services and were connected to the main cluster server.
• Actions taken:
• Servers and gateways were configured accordingly
• FAT has been done to ensure correct functionality and business needs have been met
• For each location, system has been staged and delivered to maintenance department after SAT has been performed.
• Results:
• New functionalities have been added to telephony system which allowed more collaboration among workers
• System capacity has been increased
• Used techniques: AVAYA Aura Communication Manager 6.1, AVAYA Aura Session Manager,AVAYA Aura System Manager, G series media gateways
• Financial impact: Obsolete telephony system was replaced by more advanced one with higher capacity. This allowed for higher collaboration.

Project: CAK VOIP infrastructure (Client: CAK, Den Haag, Netherlands)

• Purpose: Consolidate scattered infrastructure into one central location (Implementation Phase). Main expertise: AVAYA aura communication manager.
• CAK (Centraal Administratie Kantoor) has a central position in health care by performing financial arrangements and informing citizens on insurance regulations. The company has decided to relocate separate remote locations to one main location in Den Haag. Mohamed has implemented the new telephony infrastructure for the main office, which contains AVAYA communication manager, session manager, session border controller and AVAYA gateways. For mobile users, Mohamed has implemented AVAYA DECT solution to offer robust voice service. The new main office was ready on time at the opening day and offered unified communication services for the new location.
• Actions taken:
• New telephony infrastructure has been deployed in new location
• The system supports DECT telephones for mobile workers
• Results:
• After successful SAT , system has delivered to maintenance department on agreed time
• Used techniques: AVAYA Aura Communication Manager 6.1, AVAYA Aura Session Manager, AVAYA Aura System Manager, G series media gateways
• Financial impact: Obsolete telephony system was replaced by more advanced one with higher capacity. This allowed for higher user collaboration and better call center performance.