Tom Heinrich

Infrastructure Design and Implementation

Möhnesee, Germany

Experience

Jan 2025 - Present
7 months

Network Architect / System Engineer

Teleperformance

Technical focus: Fortinet rollout / site standardization / cloud / ISP migration

  • Network analysis, design and optimization, change management
  • ISP changes
  • Engaging service providers, local IT support
  • Setting up central management platform
  • Routing optimization with dynamic routing
  • Optimizing and creating firewall rules
  • AWS connection / design
  • MS Azure connection / design

Technologies / Tools: Fortigate, Palo Alto, WAN, SDN WAN, VPN, BGP, OSPF, Fortimanager, Panorama, Meraki, Alcatel, AWS, MS Azure, Network Architecture

Apr 2024 - Dec 2025
9 months
Düsseldorf, Germany

Network Engineer / Network Architect

Douglas IT

Technical focus: Fortinet rollout / site standardization

  • As-is analysis
  • Documentation
  • Setting up central management platform
  • SDWAN connections
  • Replacing Bintec devices
  • Commissioning, mostly in the evening / night / weekends
  • Local network cleanup, Cisco Meraki switches and access points
  • Data center move from Hagen to Düsseldorf
  • Replacing Juniper data center solution with Cisco Nexus VPC
  • Data center as-is / to-be documentation

Technologies / Tools: Fortigate, WAN, SD WAN, Bintec, VPN, BGP, OSPF, Fortimanager, Cisco Meraki switch and AP, VMWare, NX-OS, Netbox, Visio, Fortiswitch, FortiAP, Network Architecture, Juniper

Jan 2024 - Present
1 year 7 months

Lead Network Architect

Francotyp Postalia

Technical focus: Fortinet rollout / site standardization / data center hardware migration

  • Technical procurement consulting
  • Network analysis, design and optimization, change management
  • Planning / documentation
  • Engaging service providers, local IT support
  • Setting up central management platform
  • Routing optimization with dynamic routing
  • Darktrace analysis
  • MS Azure connection / design

Technologies / Tools: Fortigate, WAN, SDN WAN, VPN, BGP, OSPF, Fortimanager, Fortiswitch, FortiAP, Juniper SRX, Darktrace, MS Azure, AWS, Network Architecture, HP Aruba

Jan 2024 - Apr 2024
4 months

Network Architect, Network Engineer

Metabowerke GmbH

Technical focus: Fortinet rollout / site standardization

  • Staging
  • Firewall migration (device + policy)
  • Engaging service providers, local IT support
  • Setting up central management platform
  • SDWAN connections
  • Reverse engineering, hardening firewall rules, setting security profiles
  • Transfer to central management, hypercare phase, adjustments if needed
  • AWS connection / design
  • Troubleshooting
  • Commissioning, including evenings, weekends and holidays (as needed)
  • Local network cleanup, mostly Cisco Systems and HP Aruba

Technologies / Tools: Fortigate, WAN, SD WAN, VPN, BGP, OSPF, Fortimanager, Fortiswitch, Checkpoint, Sonicwall, AWS, Cisco switch, HP Aruba, Network Architecture

Jun 2023 - Sep 2023
4 months

System Engineer

Infodas

Technical focus: LAN/WAN assessment, WAN/network redesign

  • Network analysis, design and optimization
  • Planning / documentation

Technologies / Tools: Fortigate, Cisco, VMWare, MS Azure, AWS, Fortiswitch, FortiAP, Network Architecture

Jun 2023 - Sep 2023
4 months

Network Specialist

Signal Iduna

Technical focus: network separation / segmentation / zoning

  • Network analysis, design and optimization
  • Planning / documentation
  • Creating firewall rules
  • Engaging service providers

Technologies / Tools: Fortigate, HP Aruba, Servers, Network Architecture

May 2023 - Apr 2024
1 year
Germany

Lead Engineer in SD WAN Rollout Germany

Telefonica Deutschland

Technical focus: SD WAN

  • Advising customers
  • Network analysis, design and optimization
  • Planning / documentation

Technologies / Tools: Fortigate, WAN, SDN WAN, VPN, BGP, OSPF, Cisco/HP Aruba/Netgear/TP-Link switches, Network Architecture

Mar 2023 - May 2023
3 months

Network / Firewall Specialist

Aunde

Project for CirC IT.

  • Ticket handling, mainly in firewall area
  • Troubleshooting
  • Local network analysis, mostly Fortinet
  • Network analysis, design and optimization
  • Planning / documentation

Technologies / Tools: Fortigate, WAN, SDN WAN, VPN, Cisco switching, Fortiswitch, FortiAP

Nov 2022 - Mar 2023
5 months

Network Engineer

Würth Group

Project for Computacenter AG.

  • Rollout and implementation of approx. 200 Fortinet firewalls (F601E/FG-101F) in over 80 country units worldwide
  • Initial IT infrastructure assessment, coordination with local IT, alignment with central IT
  • Aligning customer requirements, reviewing existing documentation
  • Preparing local network, mostly Cisco Systems
  • Importing existing rule sets using FortiConverters
  • Adjusting system, interface and VPN settings / rules as per central IT guidelines
  • Commissioning, including evenings, weekends and holidays (as needed)
  • Segmenting into VLANs and subinterfaces, separating services
  • Optimizing firewall rule set, adjustments in coordination with global and country IT
  • Reverse engineering, hardening firewall rules, setting security profiles
  • Transfer to central management, hypercare phase, adjustments if needed
  • Troubleshooting
  • Local network cleanup, mostly Cisco Systems
  • Integration into PRTG, global centralized monitoring
  • Documentation
  • Handover to central IT, operational support

Technologies / Tools: Fortigate, Fortimanager, FortiConverter, FortiAnalyzer, WAN, SDN WAN, VPN, Cisco routing / switching, Dell servers, HP servers & switches, VMWare, MS Windows Server, Linux servers

Oct 2018 - Oct 2022
4 years 1 month

Network Architect / Consultant

NTT DATA Business Solutions

  • Concept creation, WAN design, vendor and product selection
  • Design and implementation of central firewall management with Fortimanager
  • Design and implementation of central firewall logging with FortiAnalyzer
  • Design and classification of a global IPv4 concept, Level A – Enterprise
  • Header policy design
  • Rollout and implementation of approx. 80 Fortinet firewalls (models 60/100/200/600) in over 50 countries worldwide
  • Expansion / redesign of LAN standards (including replacements), Cisco switches models 9500/3650/Nexus
  • Coordination with site leads, usually IT staff
  • Implementation of centralized DHCP services, certificate services, 802.1X
  • Rollout of two-factor FortiToken, FortiAuthenticator
  • Expansion of global remote access
  • Global monitoring with Cisco Prime and distributed PRTG systems
  • Global 2nd level support, vendor escalation
  • Redesign of WAN connections using own firewall systems, VPN, BGP, OSPF
  • Data center redesign, 3-firewall concept (2 vendors), logical separation of data center / office
  • Replacing leased MPLS, switching to VPN, SDWAN
  • Optimizing firewall rule set
  • Supporting UHD with ticket handling
  • Training new staff and apprentices
  • Remote and onsite support worldwide

Technologies / Tools: Fortigate, Fortimanager, FortiConverter, FortiAnalyzer, WAN, SDN WAN, VPN, Cisco routing / switching, Dell servers, HP servers & switches, VMWare, MS Windows Server, PRTG, ServiceNow, Network Architecture

Apr 2018 - Oct 2018
7 months
Frankfurt am Main, Germany

Datacenter Migration Consultant

Telefónica / O2

Project for Cancom GmbH.

  • Data center move from Munich to Frankfurt
  • Proposal creation
  • Grouping devices for installation or staging blocks
  • Identifying affected switches and importing new switches into Command
  • Reviewing and redesigning the environment
  • Managing, planning and documenting changes in ARS
  • Risk and complexity assessment
  • Updating network documentation (network diagrams, etc.)
  • Coordinating with responsible business units / external service providers
  • Creating migration move scripts and managing teams
  • Site surveys

Technologies / Tools: Cisco routing / switching, Checkpoint firewalls

Jan 2016 - Dec 2017
1 year
Munich, Germany

Freelancer

Baumann TGA

  • Planning and implementing new office in Munich (cabling, servers, clients)
  • Antivirus concept with Trend Micro Worry-Free Business
  • Expansion and new storage connections
  • WLAN with UniFi
  • Commissioning, support and operations, training and handover

Technologies / Tools: Fortigate, switching, HP servers, VMWare, MS Windows Server, VEEAM, Trend Micro AV

Jan 2016 - Dec 2017
1 year
Schalksmühle, Germany

Freelancer

Spelsberg

Combined projects for 2017.

  • Project Spelsberg II

  • Expanding data centers (Site III) at 2 locations

  • LAN expansion and configuration at 2 locations

  • In-house redesign (switches and cabling)

  • Heatmap creation – capturing and optimizing WLAN (UniFi/ Ubiquiti, Cisco Systems)

  • Commissioning, support and operations, training and handover

  • Project Spelsberg I

  • New build of data center and infrastructure in Schalksmühle and Buttstädt

  • Design and build firewall cluster for redundant VPN connections between Spielberg and Schalksmühle

  • In-house redesign (switches and cabling)

  • Heatmap creation – capturing and optimizing WLAN (UniFi/ Ubiquiti)

  • Commissioning, support and operations, training and handover

Technologies / Tools: Cisco routing / switching, Network Architecture, UniFi

Jan 2015 - Dec 2016
1 year

Freelancer

Project JONA (dental practice with 14,000 patients and day clinic).

  • New network and firewall build
  • SSL VPN for remote work
  • Virtualization of servers
  • Site-to-site VPN
  • Backup solution integration with VEEAM
  • Support and operations, training and handover

Technologies / Tools: Fortigate, switching, HP servers, VMWare, MS Windows Server, VEEAM, Trend Micro AV, Network Architecture

Jan 2015 - Dec 2015
1 year

Freelancer

  • New network and firewall ruleset build
  • Virtualization of servers
  • Site-to-site VPN
  • Backup solution integration with VEEAM
  • Support and operations, training and handover

Technologies / Tools: Fortigate, Cisco switching, HP servers, VMWare, MS Windows Server, VEEAM, Trend Micro AV, Network Architecture

Jan 2015 - Dec 2015
1 year
Switzerland

Freelancer

Weka Media

  • New WAN build for Weka Media, site-to-site VPN, hub and spoke
  • Main responsibility for Weka Media WAN
  • Managing 8 firewall clusters
  • Data center redesign in Kissing
  • Support and operations of Kissing data center
  • Redesign, planning and setup of 8 branches: Germany, Austria, Switzerland

Technologies / Tools: Fortigate, Fortimanager, FortiAnalyzer, Cisco routing / switching, PRTG, Network Architecture

Jan 2014 - Dec 2015
1 year
Russian Federation

Main responsibility for Hoffman WAN

Hoffman GmbH München

  • Managing 35 firewall clusters
  • Support and operations of data centers in Munich and Nuremberg
  • Building central data center mirrored to backup data center
  • Planning and setup of 3 branches: India, Russia, North America

Technologies / Tools: Fortigate, Fortimanager, FortiConverter, FortiAnalyzer, WAN, VPN, Cisco routing / switching, Network Architecture

Jan 2007 - Dec 2014
7 years

Main responsibility for Synlab network

Synlab Services GmbH

  • Mainly responsible for Synlab network (data center, branches in Germany and abroad (EMEA), MPLS and internet)
  • Responsible for ISO 9001 / 27001 certification cycles from 2010 Q4
  • Project consulting / planning / execution
  • Staffing planning for projects
  • Planning and expansion of Synlab network (international)
  • 3rd level support (coordination of staff and onsite support in branches if needed)

Technologies / Tools: Fortigate, Fortimanager, FortiConverter, FortiAnalyzer, WAN, VPN, Cisco routing / switching, Network Architecture

Jan 2003 - Dec 2008
5 years
Munich, Germany

Planning the replacement of the existing FDDI backbone

Staatliche Lotterieverwaltung München

  • Project consulting / planning / execution
  • 3rd level support
  • Communication interface with external companies
  • T-Systems, SGI, Deutscher Lotto-Block, external planning offices
  • Communication interface with business units

Technologies / Tools: Cisco routing / switching

Summary

For the past 20 years, I have been involved in infrastructure design and implementation of firewall systems and switching/router infrastructures to a standard. Site networking (WAN/SDWAN/BGP/OSPF/VPN) is part of my responsibilities. The manufacturers used here are Fortinet, Cisco Systems, VMware, Microsoft, and Linux systems. The Fortigates are usually managed via a central management system (Fortimanager). The individual sites are connected via SD-WAN and VPN aggregates (BGP). My strengths lie in the data center area. This includes segmentation and implementation of security policies, as well as hybrid clouds with MS Azure/AWS. My perspective on system availability requires my willingness and understanding to work on weekends and evenings. The design and conception of the infrastructure, from initial review to the IPv4 concept, LAN/WAN design, documentation, and handover to the customer, is my area of responsibility.

Languages

English
Advanced
German
Advanced

Certifications & licenses

CCDA Cisco Certified Design Associate

Cisco

CCDP Cisco Certified Network Design Professional

Cisco

CCNA Cisco Certified Network Associate V2010

Cisco

CCNA Security Cisco Certified Security Associate

Cisco

CCNA Voice Cisco Certified Network Associate Voice

Cisco

CCNP R/S Cisco Certified Network Professional

Cisco

CSSP Certified System Security Professional

FCSNA Fortinet Firewall Administrator

Fortinet

FCSNP Fortinet Firewall Professional

Fortinet

JNCIA-FFW Juniper Networks Internet Associate

Juniper Networks

MCTIP Windows Server Administrator

Microsoft

MCTS Windows 2008 AD

Microsoft

MCTS Windows 2008 NI

Microsoft

MCTS Windows 2008 SBS

Microsoft

VMWARE VCA VMware Certified Associate – Data Center Virtualization

VMware