Fawad Ahmad

Senior Network & Security Specialist

NSE4 | HCIP | CCNP R&S | Security | WLAN | Storage
x AFINITI | x MOBILINK | x SUPERNET | x HUAWEI HUTIC
Email [email protected] | Mobile +92-307-1140620
Gender Male | Date of birth 28 November 1990 | Nationality Pakistan
SUMMARY

 A Certified Network and Security Specialist having 9 years of experience gained through practical exposure in a challenging
and technology-driven environment.
 Capability to handle network construction, capacity expansion, migration, and reconstruction.
 Provide the internal and external customers with accurate solutions for cases based on in-depth analysis, in the agreed time frame
with high quality to ensure the ‘first time’ right solution.
 Hands-on experience with a broad variety of networking equipment and on multiple vendor technologies including Cisco, Huawei,
Juniper, F5, Palo Alto, HP, RUCKUS, ARUBA, SOPHOS, Fortinet, ENGENIUS, IPCOM, MIKROTIK, DELL, 3COM, DLINK, TPLINK, and
others.
 Experience in large-scale project deployments, migrations, upgradations and managing Network Security, WLAN infrastructure, and
NOC operations.
 Experience in customer service and proposing HLD, LLD, and DLD during Project Implementation.
 Design and develop network architecture and corporate information systems.
 Experience of configuring secure network management and reporting.
 Self-motivation with the ability to take initiative in identifying and resolving problems independently and knowing when to
escalate issues.
 Demonstrate high customer satisfaction with the ability to resolve difficult situations.

EXPERIENCE

Organization Designation Duration

ATSG Senior Network Engineer Aug 2023- Present

AFINITI Software Solutions Pvt. Limited Senior Network & Security Engineer (GNOC) March 2022- Aug 2023

Mobilink Microfinance Bank Limited Manager Networks May 2021-March 2022

SUPERNET Pvt. Limited Senior Core Network & Security Engineer July 2019-March 2021

Huawei UET Telecom IT Center Senior Network Engineer Dec 2014-July 2019

WORK HISTORY

ATSG Aug 2023- Present

Senior Network Engineer (Cloud Operations)

Overall Responsibilities

 Handle network operations to ensure 24/7 99.99% availability of the network.

 Having meetings with clients and proposing HLD, LLD, and DLD for the network design.
 Design and configure different network integration scenarios to have successful integration of client network with the company
providing production services.
 Demonstrate high customer satisfaction with the ability to resolve difficult situations.
 Troubleshoot the network and security environment including all aspects from L1 to L7 to successfully mitigate the issues.
 Working on Cisco latest network and security technologies including Datacenter Nexus switches, ASRs, Cisco ISE, ASAs, ASAv and
FTDs.
 Configuring new instances and maintaining ongoing operations related to F5 LTM and WAF in the production environment.
 Vulnerabilities assessment and mitigation of these on all the network and security devices regularly and quarterly.
 Plan and execute the Upgradation of Operation systems and hardware of all the infrastructure devices as per the latest releases from
the vendor.
 Open TAC cases with the principal vendor in case of unforeseen issues and bugs.
 Experience of configuring secure network management and reporting.
 Day to Day Troubleshooting and configuration on following networking things: IPSEC VPN, SSL VPN, MPLS VPN, OSPF, EIGRP, BGP,
VTIs, VPC, Trunks, Spanning Tree, VLANs etc.
 Configuring Firewall Change requests as per the internal and external teams’ requests.

AFINITI Software Solutions Pvt. Limited March 2022-Aug 2023

Senior Network Engineer (Global Network Operations Center)
Overall Responsibilities

 Handle network operations to ensure 24/7 99.99% availability of the network configured with high redundancy.
 Handle internal and external network and security flows, expansions and integration.
 Propose and construct the network designs for customers to integrate with them for Datacenter hosted services.
 Quickly learn company business process and IT infrastructure, and identify any potential network weaknesses and vulnerabilities.
 Responsible for the Planning, design, documentation, implementation and management of enterprise network infrastructure solutions
based on specific project needs. These solutions should be stable, secure, highly available and scalable to evolving
technology/architecture.
 Produce professional diagrams and documentation for networks and operational best practices, standards, policies and procedures,
using Visio, Power Point and/or OmniGraffle.
 Manage or assist in the resolution of complex technical problems, while providing appropriate communications to all involved
business partners and related stakeholders.
 Design, re/architect, and implement a secure global network infrastructure across multiple domains, platforms and multi-tiered
architectures, enabling automation and/or machine-based resolution, with optimized alerting through technical analysis
 Advanced knowledge of Firewalls, VPN, and Network Virtualization – with strong abilities to architect solutions that
enhances/maintains the reliability and stability of the network, and strengthens the traffic flow of data throughout global network
 Advanced/expert level infrastructure systems administration and engineering, with a strong emphasis on solution integration and
systems implementation
 Well versed in network security, security policies, cryptography, authentication, and secure communication protocols
 Lead projects containing cross-functional IT members to ensure timely delivery of business objectives, communicating status and
initiatives to management
 Strong working knowledge of application and server virtualization, networking and storage, enterprise-level infrastructure high
availability/disaster recovery etc. Identify, solve problems and/or track issues encountered during projects.
 Confident presenter who can prepare and present technical material to both business and technical audiences.
 Select and implement security tools, policies, and procedures in conjunction with the Information security team.
 Ensure within established configuration and change management policies/practices, approvals and success of changes made to the
network infrastructure.
 Have Knowledge about network technologies implemented in AWS / Azure / Google Cloud.
 Experience of deploying hybrid systems, those with an on-premises data center and AWS / Azure / Google Cloud components.

MOBILINK Microfinance Bank Limited May 2021-March 2022

Manager Networks

Projects

 MMBL Datacenter Design and Implementation with Cisco Latest Technologies.

o Cisco XG Firewall FTDs and FMC.
o Cisco Integrated Service Engine ISE used as AAA functions for users and devices, Cisco Nexus Switches for Datacenter
infrastructure Spine-Leave Architecture, ASR Routers as an Aggregation Router for the 300 plus branches.
o Ensured High Availability between each device.
 MMBL Solar Winds NMS Implementation
o Implemented modules including NTA, NCM, NPM in Solar Winds for the business-critical bank network.
o Created desired Alerts and Reports for efficiently Monitoring the network.
 Implemented Cisco WLCs with High Availability and integrating APs.
 Disaster Recovery Site Implementation with Juniper SRX 1500/330 and EX4200/4300 Switches MMBL WAF Implementation on F5
with High Availability.
 MMBL Proxy Firewall Implementation on SOPHOS with High Availability.
 Syslog Server Implementation for FMC Logs Storage.
 Managing and Implementing changes in the network as per business requirement on routine basis.

SUPERNET Private Limited July 2019-March 2021

Senior Network and Security Engineer

Projects
 Implemented IPSEC VPNs over Palo Alto Firewalls with Pak and US network connectivity.
 Implemented NAT over the IPSEC Tunnel between Pak and US with US IP
 Implemented URL Filtering and Global Protect feature on Palo Alto Firewalls.
 Implemented DLP solution on the Palo Alto Platform.
 Implemented EDR Solution for the client PCs and Servers.
 Implemented Split Tunneling and Local Policies and Web Filtering on Local Palo Alto Implemented remote policies on main Palo Alto
Firewall in US
 Cisco client AnyConnect SSL VPN Deployment on ASA.

Enterprises Projects:

Name Project Description

Physicians Revenue Group Inc. IPSEC VPNs deployment across regional sites with Palo Alto PA520 in HQ and PA220 in branches.
 Also Implemented Local and Remote policies on corresponding Firewalls.
Packages Mall Dynamic VLAN Configuration over Wireless Network with Single SSID across multiple
geographical locations. RUCKUS WLAN Controller | Zone Director 1200 and APs: R710 | R720.
Pak Elektron Limited (PEL) Wi-Fi 6 802.11ax implementation with RUCKUS Smart Zone and APs R710 | R720.
NDURE FortiGate SDWAN Solution Deployment.
Pak Mission Pvt Limited FortiGate Firewall Deployment.
US Denim Virtual SOPHOS Appliance Deployment.
Cotton Web Kaspersky EDR Optimum 1000 Endpoints Solution Deployments for Desktops and Servers.
CHARCOAL FortiGate Firewall Deployment.
Sapphire SOPHOS XG Firewall and EDR Endpoints Deployment and managed through SOPHOS Central.
Naveena Denim SOPHOS XG Firewall and RUCKUS WLAN Infrastructure Deployment.
NetSol HQ-Branches Connectivity using QNQ Tunneling across ISP network.
Servaid Pharmacy HQ-Branches Connectivity using Cisco IPSEC EZVPN for 50 branches.
Powersoft19/ Venturetronics RUCKUS WLAN infrastructure Design, Planning and Deployment of Wi-Fi 6.
Deluxe footwear SOPHOS Endpoints Installation and Configuration.
WARDA Textile Fortinet XG300 Firewall Deployment.
Express Solutions Pvt. Limited SOPHOS XG330 Firewall Deployment.
Gourmet WAN Infrastructure Design and Implementation.
JKS Pvt. Limited SOPHOS XG330 Firewall Deployment.
CMH Lahore Medical College EnGenius WLAN Infrastructure Design & Deployment.

Huawei UET Telecom IT Center Dec 2014-July 2019

Senior Network Engineer / Instructor

Projects
UET--Campus Network Infrastructure Migration from Core to Access Layer
 Designed Network Infrastructure design including LAN, WLAN and WAN.
 Migrated the existing infrastructure from Access to Core Layer with HUAWEI technologies.
 Installation of 150 L2 and L3 nodes (Huawei S3300 and S5700 series).
 Provisioning and IOS upgradation
 Configured OSPF as an IGP protocol and ensured successful routing between nodes.
 Installation of HUAWEI AP points and the WLAN controller.
 Implemented BGP at the WAN edge device with the ISPs links.
 Implemented redundancy and load balancing at the WAN.
 Implemented Network topology on NMS: Solar Winds for the monitoring of the nodes.
 Ensured connectivity from LAN to WAN and optimized the network.
UET—HEC Smart Wi-Fi Deployment
 Performed the Predictive Planning for the WLAN Implementation on HUAWEI WLAN Planner tool.
 Designed a solution for the WLAN Infrastructure as per Predictive Planning.
 Installation of 250 HUAWEI Indoor APs and the 6605 WLAN Controller.
 Provisioning and firmware upgradation of the APs from the controller by discovering all the APs on the WLAN controller.
 Centrally configured and managed all the APs from the WLAN Controller.
 Performed the WLAN optimization and testing using Huawei WLAN Tester.
HUAWEI UET Telecom IT Center--Datacenter Implementation & Deployment
 Deployment of the Datacenter in Huawei UET Telecom IT Center with the Huawei Official team as HALP(Huawei Authorized Learning
Partner).
 Implemented and designed Datacenter for the Telecom and Network technologies of Huawei.
 Installation, Configurations and Commissioning of the 2G/3G whole network entities including
BTS1200/NodeB3900/BSC600/MSC6000/MGW8900/OLT5700T.
 Installation and Deployment of the networking and video conferencing equipment including Huawei Switches (S3300.S5300.S5700),
Routers (AR1200.2200), Firewalls (USG5500, USG6000), Videoconferencing: MCU and SMC.
Implementation of NMS: Solar Winds, PRTG, Cacti and ELK
 Installation of Solar Winds, PRTG and Cacti NMS on the Windows Server Machine.
 Discovered the network topology and added nodes in the Solar Winds.
 Pooled the nodes in Solar Winds with SNMP community configured.
 Draw the topology map on the Solar Winds software ‘Network Atlas’.
 Mapped the interfaces on the Network Atlas.
 Added nodes in the Cacti NMS for the network traffic utilization and monitoring.
 Added nodes and interfaces in PRTG NMS as a sensor for monitoring latency, outage, and uptime.
WLAN Training for LUMS Network Engineers
 Conducted CCNA Wireless and HCNA WLAN Partner Training for the LUMS Network Professional
 Covered Cisco and Huawei exam blueprints.
 Hands on training on Cisco 2500 WLAN Controller and Aironet APs to manage APs centrally.
 Hands on training on Huawei 6605 WLAN Controller and APs 6610/7010 for controller-based APs management.
HCNP/CCNP R&S Training for PSDF and NAVTCC
 Conducted professional training in HUTIC for the Govt. projects NAVTCC and PSDF.
 Taught CCNP and HCIP Routing and Switching exam blueprints to the10 batches and 300 students.

KEY SKILLS
 Hands-on experience in Service Provider and Enterprise Network environments.
 Hands-on experience with Cisco devices:
Router 800 | 1800 | 2600 | 2800 | 2900 | 3745 | 3725 | 3600 | 7200 | 7600 | ASR 1000 ISR 1100 | 4200 | 4300 | 4400
Switch C2950 | C2960 | C3560 | C3750 | C3850 | C4500 | C6500 | C9200 | C9300 Nexus 9k,5k & 3k, Meraki MS120
Firewall ASA5515 |5555, FTD 4110 | 2110 v6.6.1 and FMC 1600 v6.7.0 Meraki MX64
WLAN AP:2700 | 2800 | 3800 | 9100 and WLC 9800 | 3504 | 2504, Meraki MR33
 Hands-on experience with HUAWEI devices:
Router AR200|1200|2200 series Switches S9300 | 5300| 3700 | 3300 series
Firewall USG5500 | USG6000 | USG6500 WLAN AP6010DN and WLAN Controller – AC6605 & AC6005
 Hands-on experience with ENGENIUS devices:
Switch EWS7952 | 7928 | 7926 | 5912
WLAN Indoor AP: EWS350AP | 360AP Outdoor AP: EWS 870AP | 860AP WLAN Controller: EZ-Master
 Hands-on experience with Palo Alto devices:
Firewall PA200 | PA220 | PA520 | PA550 | PA3020
 Hands-on experience on Sophos devices:
Firewall 330 | 310
Security Endpoints Intercept X Endpoints for Server and PCs
 Hands-on experience with Fortinet devices:
Firewall FortiGate 80F | 100F | 200F
 Hands-on experience with F5devices:
F5 BIG-IP i2000 | i2600 | i4000 | i4600 | i4800 F5 Modules: LTM | DNS | WAF
 Hands-on experience with Juniper devices:
Firewall SRX 1500 | 330 | 210 | 230 Switch EX 2200 | 2300 | 4200 | 4300
 Hands-on experience with RUCKUS devices:
WLAN AP: R310 | R320 | R510 | R710 | R720 WLAN Controller: Zone Director 1200
 Routing protocols: RIP | OSPF | IS-IS | EIGRP | BGP.
 Switching Technologies: VLAN | VTP | GVRP | STP | RSTP | MST | Ether channel | Eth-Trunk
 Advance Switching: SDM Templates | CDP | LLDP | UDLD | SPAN | RSPAN | Stack-wise
 First Hop Redundancy Protocol: HSRP | VRRP | GLBP
 Security: Port Security | Storm Control | Private VLANs | DHCP Snooping | IP Source Guard | Dynamic ARPInspection DAI
| AAA
 VPNs: GRE | IPsec | IPsec EZVPN | DMVPN | SSL | MPLS-L2VPN | MPLS-L3VPN | QNQ | L2TP | L2CP | DVTI
 QOS: Configured Wireless and Wired Networks
 WLAN Planner and WLAN Tester: Wireless sites Planning and Optimization
 Video Conferencing Protocols: SIP | RTP | RTCP | RTSP |H.248
 SDN: RYU Controller | MININET | HP Controller | Cisco ACI | Cisco APIC
 Data Center: Nexus | Leave-Spine Architecture | VXLAN | VPC | VDC | Cisco ACI | Cisco UCS | MDS Switches | FCoE

TECHNICAL TRAINING

 HCIE | CCIE Routing & Switching

 Cisco Certifications: ENCOR | ENARSI | SCOR
 HCNP WLAN
 CCNP Wireless
 HCNP Video Conferencing
 Cisco Certified Design Professional CCDP
 SOPHOS Certified Network Security Engineer (Firewall & Endpoints)
 NSE4: Fortinet Firewalls and Endpoints
 KESM: Kaspersky Endpoint Security & Management
 JUNOUS Design, Security, DevOps, and Cloud Computing

EDUCATION

Degree Institution Time

MS Computer Engineering University of Engineering and Technology Lahore 2018-2023

2010-2014
BS Communication Systems Engineering Institute of Space Technology, Islamabad, Pakistan

(PEC # Telecom5496)
CERTIFICATION

Vendor Name Time

Huawei HCNP | HCIP R&S 2019

Huawei HCNA | HCIA Security 2019

Huawei HCNA | HCIA WLAN 2017

Huawei HCNA | HCIA Storage 2019

Cisco CCNA R&S 2016

NSE NSE4.NSE2, NSE1 2017