Keywords
Skills
A specialist in network infrastructure, security, DevOps and cloud with 10 years of experience in configuring, automating, troubleshooting, and documenting diverse IT scenarios.
I have hands-on experience of the following technology stack:
Routing and Switching:
L3: Static and dynamic routing, policy-based routing, IS-IS, OSPF, BGP, multicast
L2: STP, RSTP, MSTP, ARP, VLANs, PPP, PPPoE, Ethernet rings
MPLS: L2/L3 VPNs, LDP, RSVP-TE
IPv6: OSPFv3, BGP4+, tunneling technologies, migration scenarios, transition mechanisms, addressing
Security:
Next Generation Firewalls (NGFW), Unified Threat Detection, IDS/IPS, URL filtering, SSL decryption, Antivirus, Geolocation based filtering, Anti-Spam and RBL, application and service awareness, Single Sign-On (SSO), Integration with Active Directory/LDAP/MySQL/RADIUS for user management, virtual firewalls, VPN tunnels, DC security with east-west/north-south filtering, NAT, Packet capture and analysis, Anomaly Detection, Anti-Malware, Anti-DDoS, Botnet Defense, Fortinet, Cisco ASA, Juniper SRX, pfSense, OPNSense
Automation:
Scripting, Python, PHP, Rest APIs, Ansible, Bash shell, Git, VBScript, Perl
Cloud:
AWS, GCP, Containers, Docker, VPC, EC2, Terraform
Web Development:
PHP, Laravel, HTML, CSS, Javascript, Bootstrap, Bulma, Livewire
Servers:
Web: Apache/Nginx/IIS, Database: MySQL/MariaDB/PostGreSQL, AAA: freeRADIUS, Caching: Squid, SSL certificates: Let's Encrypt, Routing: Quagga/FRR, VPN: OpenVPN/Wireguard/Strongswan, Monitoring: Elastic Stack
Services and Allied Technologies:
IP Services: DNS (Dynamic DNS, DoH), DHCP, ICMP, URPF, NTP
Network Monitoring: SNMP, Netflow, sFlow, mirroring/SPAN, logging and reporting
Multicast: IGMP, PIM
Redundancy: VRRP, link aggregation, LACP, stacking, BFD
QoS: Congestion management and avoidance, DiffServ, traffic policing/shaping
Web and P2P caching: WCCP, Transparent Proxy
SD-WAN:
Palo Alto Prisma, Silver Peak
Data Center networking:
TOR/access/aggregation/core switches, 100GE/40GE/10GE links, leaf-spine architecture
Access Mechanisms:
WLAN: controllers, security, captive portals, guest management, Huawei 6600 series, Aruba Instant On, TP Link Omada, Aerohive, Ubiquiti Unifi, Cisco WLC, OpenWRT routers
I have hands-on experience of the following technology stack:
Routing and Switching:
L3: Static and dynamic routing, policy-based routing, IS-IS, OSPF, BGP, multicast
L2: STP, RSTP, MSTP, ARP, VLANs, PPP, PPPoE, Ethernet rings
MPLS: L2/L3 VPNs, LDP, RSVP-TE
IPv6: OSPFv3, BGP4+, tunneling technologies, migration scenarios, transition mechanisms, addressing
Security:
Next Generation Firewalls (NGFW), Unified Threat Detection, IDS/IPS, URL filtering, SSL decryption, Antivirus, Geolocation based filtering, Anti-Spam and RBL, application and service awareness, Single Sign-On (SSO), Integration with Active Directory/LDAP/MySQL/RADIUS for user management, virtual firewalls, VPN tunnels, DC security with east-west/north-south filtering, NAT, Packet capture and analysis, Anomaly Detection, Anti-Malware, Anti-DDoS, Botnet Defense, Fortinet, Cisco ASA, Juniper SRX, pfSense, OPNSense
Automation:
Scripting, Python, PHP, Rest APIs, Ansible, Bash shell, Git, VBScript, Perl
Cloud:
AWS, GCP, Containers, Docker, VPC, EC2, Terraform
Web Development:
PHP, Laravel, HTML, CSS, Javascript, Bootstrap, Bulma, Livewire
Servers:
Web: Apache/Nginx/IIS, Database: MySQL/MariaDB/PostGreSQL, AAA: freeRADIUS, Caching: Squid, SSL certificates: Let's Encrypt, Routing: Quagga/FRR, VPN: OpenVPN/Wireguard/Strongswan, Monitoring: Elastic Stack
Services and Allied Technologies:
IP Services: DNS (Dynamic DNS, DoH), DHCP, ICMP, URPF, NTP
Network Monitoring: SNMP, Netflow, sFlow, mirroring/SPAN, logging and reporting
Multicast: IGMP, PIM
Redundancy: VRRP, link aggregation, LACP, stacking, BFD
QoS: Congestion management and avoidance, DiffServ, traffic policing/shaping
Web and P2P caching: WCCP, Transparent Proxy
SD-WAN:
Palo Alto Prisma, Silver Peak
Data Center networking:
TOR/access/aggregation/core switches, 100GE/40GE/10GE links, leaf-spine architecture
Access Mechanisms:
WLAN: controllers, security, captive portals, guest management, Huawei 6600 series, Aruba Instant On, TP Link Omada, Aerohive, Ubiquiti Unifi, Cisco WLC, OpenWRT routers
Project history
09/2013
-
03/2018
Datacom Team Lead
Huawei
(>10.000 employees)
Internet and Information Technology
Worked as team lead to support large enterprises including ISPs, banks, and universities in their
network infrastructure and cybersecurity projects. Instrumental in the design and commissioning of
Lahore and Islamabad Safe City Projects - USD 225 Million smart city projects for security surveillance
and traffic monitoring. Led a team of 10-15 engineers.
Responsible for producing and reviewing HLDs and LLDs. Conducting pre-bidding project reviews and
audits. Demonstrating latest products and solutions to customers in Proof of Concept (POC) tests.
Nasir Hafeez - page 1
Working on greenfield deployments as well as expansions and migrations. Performing acceptance
tests for newly deployed equipment. Integrating Huawei products in multi-vendor environments and
ensuring inter-operability. Supporting Sales and Solution teams with technical expertise. Meeting and
supporting clients.
Spearheaded the design and deployment of campus networks, data centers and large-scale metro and
national networks. Engineered the installation and provisioning of network equipment including routers,
switches, firewalls, Anti-DDoS appliances, NAS/BRAS nodes, WLAN controllers and access points,
VPN gateways, MDM solutions, centralized NMS devices, policy orchestration solutions.
network infrastructure and cybersecurity projects. Instrumental in the design and commissioning of
Lahore and Islamabad Safe City Projects - USD 225 Million smart city projects for security surveillance
and traffic monitoring. Led a team of 10-15 engineers.
Responsible for producing and reviewing HLDs and LLDs. Conducting pre-bidding project reviews and
audits. Demonstrating latest products and solutions to customers in Proof of Concept (POC) tests.
Nasir Hafeez - page 1
Working on greenfield deployments as well as expansions and migrations. Performing acceptance
tests for newly deployed equipment. Integrating Huawei products in multi-vendor environments and
ensuring inter-operability. Supporting Sales and Solution teams with technical expertise. Meeting and
supporting clients.
Spearheaded the design and deployment of campus networks, data centers and large-scale metro and
national networks. Engineered the installation and provisioning of network equipment including routers,
switches, firewalls, Anti-DDoS appliances, NAS/BRAS nodes, WLAN controllers and access points,
VPN gateways, MDM solutions, centralized NMS devices, policy orchestration solutions.
08/2011
-
09/2013
Senior Network Engineer
Nayatel
(250-500 employees)
Internet and Information Technology
Responsible for maintaining ISP core infrastructure and routing protocol peering. Performed hardware/
software upgrades and service migrations. Provisioned new MPLS and internet links. Setup and
maintained a web and torrent caching engine that resulted in significant bandwidth savings.
Routine tasks consisted of provisioning of MPLS L2 and L3 VPN circuits. Managing IGP and BGP
infrastructure. Monitoring internet gateway links and ensuring optimized utilization. Troubleshooting
high priority technical issues and escalations. Performing web URL filtering according to local telecom
regulations. Also supported TDMoIP and SDH infrastructure. Resolved trouble tickets and updated their
record in CRM portal. Contributed to network documentation and created rack layouts and network
diagrams using Visio.
Supervised a team of 4-6 engineers. Championed customer happiness and satisfaction. Audited,
investigated, and documented the network.
software upgrades and service migrations. Provisioned new MPLS and internet links. Setup and
maintained a web and torrent caching engine that resulted in significant bandwidth savings.
Routine tasks consisted of provisioning of MPLS L2 and L3 VPN circuits. Managing IGP and BGP
infrastructure. Monitoring internet gateway links and ensuring optimized utilization. Troubleshooting
high priority technical issues and escalations. Performing web URL filtering according to local telecom
regulations. Also supported TDMoIP and SDH infrastructure. Resolved trouble tickets and updated their
record in CRM portal. Contributed to network documentation and created rack layouts and network
diagrams using Visio.
Supervised a team of 4-6 engineers. Championed customer happiness and satisfaction. Audited,
investigated, and documented the network.
Local Availability
Only available for the countries
Pakistan
Available for travel
