Protima Pandey

pprotima@gmail.com

 

PROFILE

Responsible for network strategy and architecture, roadmaps, network services and technology evaluation, budgeting, project planning and scheduling, vendor and contract management, development of policies and procedures. Years of experience in architecting, engineering, and maintaining enterprise level data and voice networks, including but not limited to LAN/WAN/Internet provisioning, infrastructure, cloud connectivity and security, remote access, security, and unified communications. I have GIAC Security Essentials Certification (GSEC), CCNA, CCNP, and a Master’s degree in Electrical and Computer Engineering.

 

CORE TECHNICAL COMPETENCIES

LAN/WAN/Internet architecture, design, engineering, and support

Data center design and support, Hybrid Cloud, AWS

Network security architecture, design, engineering, and support

Remote access solutions

Unified communications (Voice, Video, and Data)

Network management, monitoring, capacity planning, and analytics

 

FUNCTIONAL COMPETENCIES

Management of network engineers

Budget planning for network infrastructure and operations

Project planning and management

Vendor and contract management

 

SKILLS SUMMARY

Networking: LAN/WAN/Internet architecture, design and engineering, IPSec and SSL based remote access VPNs, Site to Site VPNs, PKI infrastructure, Routing protocols, Wireless solutions

Protocols: BGP, OSPF, RIP, HSRP, VRRP, VTP, VLANs, STP, MGCP, SCCP, SIP, MPLS, VPLS, CDP/LLDP/FDP, SAML, DMVPN, Cisco  PfR (iWAN)

Network Security: Firewalls, Cisco ASA, Palo Alto, Juniper, IPSec, SSL, IPTables/TCP wrappers, Access Lists (ACL)

Network Management and Monitoring: Palo Alto Panorama, Juniper NSM, Solarwinds, SNMP, Snort, Nessus, nmap, tcpdump, MRTG, RRDTool, Nagios, wireshark, NMIS, Cacti, NetBrain

Unified Communications: Cisco UCS, Virtualization, Cisco CUCM, Unity Connection, CUPS, Cisco Jabber, Voice Gateway, Analog lines, STE, CME, SRST

Platforms: Unix, Linux, Windows, Juniper Screen OS, Cisco IOS, PAN-OS

Languages: PHP, Unix shell scripting, Tcl/Tk, Perl, CGI, Expect, HTML, JSON

Databases: MySQL, Postgresql, MS SQL

Other: Aruba ClearPass radius, Freeradius, CVS

Hardware: Cisco ISR/ASR, 3800, 6800, 2900, ASA, Cisco 2500 series WLC, UCS series; Juniper SSG series, Juniper MAG and Secure Access, Brocade CER, NetIron, TurboIron, and MLX series, Palo Alto

 

 

PROFESSIONAL EXPERIENCE

Bose Corporation, Stow, MA, USA      October 2013 – Present

Network Architect (October 2013-Present)

·   Responsible for developing network reference architectures to support corporate campus, 40 regional offices, and 300 stores worldwide. Also responsible for developing roadmaps to support evolving business requirements and products.

·   Responsible for evaluating upcoming trends and technologies and identifying ones that align with business strategies

·   Developed network connectivity and security architecture for migration of workloads to AWS clouds, to enable decommissioning of one of the data centers and support a global hybrid environment.

·   Developed standards and processes for securing confidential data and intellectual property in AWS. Design was implemented using AWS services such as security groups, and NACLs in addition to virtualized Palo Alto firewalls.

·   Responsible for architecting and engineering secure AWS environment to support evolving product development requirements of business units

·   Architected and engineered data centers to provide DCI (Data Center Interconnection) using MPLS VRFs/VPLS to support application HA/DR, while maintaining isolation as required by security policies

·   Architected and re-engineered WAN using BGP and Cisco PfR (iWAN) to utilize both dedicated MPLS and Internet circuits efficiently by load balancing based on application requirements and Internet circuit performance

·   Developed an architecture for Bose US retail stores using Cisco ISRs, Aruba APs, and Meraki managed services

·   Designed and engineered Okta based identity management solution, to provide single sign-on capability for cloud based and on-prem applications, both for employees and partners

·   Spearheaded assessment  of the network for architecture, infrastructure, processes, and people, conducted by outside consultants, and developed response plan to address the findings

·   Architected and engineered global location aware remote access solution using Juniper MAG series

·   Architected a solution based on FCAPS and ITIL hybrid to address network management and monitoring gaps. Evaluated several products and built a comprehensive solution.

 

Raytheon BBN Technologies, Cambridge, MA, USA   May 1999 – August 2013

Network Manager and Architect (May 2009-August 2013)

·   Responsibilities included management of network engineers, network budgeting, project planning and scheduling, vendor management, contract management, validating new requirements, capacity planning, LAN/WAN/Internet reference architecture and design for corporate and remote offices, producing technical specifications, network product selection

·   Designed and implemented network use and security policies, procedures and processes for all sites

·   Developed and implemented Disaster Recovery Plan (DRP)

 

Network Architect (May 2003-August 2013)

·   Architected and implemented production and research networks, physical and logical, for the new Data Center. Planned migration of infrastructure, network, and services

·   Designed and implemented Cisco Unified Communications system, including CUCM, Unity Connection, and Unified Presence. Integrated the system with Windows Active Directory (AD). Configured Cisco IOS router as MGCP gateway and end point for T1s. Configured VG224s as SCCP and MGCP gateways to provide support for analog devices, including faxes. Provided capability for analog and VoIP secure terminal equipment (STE) for encrypted voice and data transmission.  Configured remote office as a CME SRST site. Configured CUPS to enable support for soft phones, chat, video calls, desktop sharing, visual voicemail using Cisco Jabber client. Provided ability to use third party XMPP clients. Integrated with third party solution from Parlance for voice enabled directory. Updated the network to support voice VLAN and QoS.

·   Planned and implemented remote access solution, IPSec and SSL, using Cisco ASA with secure ID authentication and/or certificates.

·   Performed RF site survey and capacity planning for designing and implementing Cisco wireless solution. Configured Cisco 2500 series WLC to support multiple WLANs and Aironet series access points.

·   Designed, configured and supported the migration of network services to a new redundant, 10G corporate network using OSPF, HSRP, and VLANs.

·   Designed and implemented BGP for IPv4 and IPv6 in dual-homed environment.

·   Designed the security layout of the network for all sites. Installed and maintained Juniper firewalls and DMZs at all locations. Implemented IPSec VPNs connecting all sites to the main office.

·   Designed and implemented separate VLANed networks for externally accessible systems (EAS), to support collaboration with clients, contractors, and several government agencies.

·   Designed an IPv6 subnetting plan for corporate and remote offices. Planned and configured IPv4/IPv6 dual stack on Cisco and Juniper devices to enable support for IPv6 hosts and transition to IPv6

·   Designed and implemented the plan to upgrade the existing Data Center with complete redundancy and load balancing.

·   Developed and implemented a plan to provide employees access to the corporate network using Juniper based hardware VPNs.

·   Built a web based tool using PHP, perl, and MySQL for managing network inventory and vendor support. Also tied this tool to network management and monitoring system for automation.

·   Implemented authentication and accounting system for all network devices using Freeradius and MySQL.

·   Implemented a system to gather and analyze netflows from all devices. Used fprobe for devices that did not support netflows. Used flow-tools and nfsen for analysis.

·   Built a web based tool using PHP. SNMP, MySQL, MRTG, RRDTool, NMIS, CVS, Expect, rancid, and radius. This tool was also tied to the network inventory database. The tool provided an up to date topology map of the network, ability to locate any host on the network, switch port to VLAN mapping, employee VPN usage accounting, and also streamlines a number of network management and monitoring tasks.

·   Built a web based tool with MySQL backend to keep an inventory of physical connections, fiber and copper, between all network devices, patch panels, and office jacks across the campus. 

·   Evaluated Cisco, Avaya and Shoretel communication solutions for viability in the company’s environment.

 

Network Engineer (April 2001–May 2003)

·   Designed, configured and supported the migration of network services to a new redundant, gigabit corporate network, comprising of Cisco routers and switches.

·   Interfaced with the vendor for installing a T3 at the main office. Configured Cisco router and CSU/DSU for the same.

·   Developed and implemented a plan to provide employees access to the corporate network using hardware VPNs.

·   Establish TACACS+ system for authentication, authorization and accounting on network devices.

·   Configured Ascends dialup servers.

·   Developed a tool by integrating Nessus and Snort to meet the specific intrusion detection needs of the company.

·   Wrote Expect scripts to download configurations from routers, switches, and firewalls every night, and check them into a CVS repository.

·   Consolidated all network equipment information in a MySQL database, and implemented a web-based frontend for easy maintenance of the same.

·   Setup and maintained Linux servers for supporting network management and monitoring tools.

 

Department of Internetwork Research, Network Researcher (May 1999–April 2001)

Individual contributor responsible for design and implementation of several DARPA, Defense Advanced Research Projects Agency, and Army funded projects in the field of mobile, ad-hoc, packet switched radio networks.

·   Proposed modifications to PIM-SM/DM to perform on mobile, ad-hoc, radio network while keeping it interoperable with PIM on Cisco routers. This was for JTRS, Joint Tactical Radio System, which was an effort to build SCA compliant family of interoperable radios.

·   Lead a team for design and implementation of Elastic Virtual Circuits (EVCs) used to carry voice. This was an effort to provide QoS within SUO SAS (Small Unit Operations Situation Awareness System) radios. The implementation was done in C on Unix.

·   Studied the behavior of TCP over a load-reactive link that used a hysteresis control mechanism for capacity allocation. The results have tremendous applications in traffic engineering schemes that use allocable link layer technologies overlaid by IP services.

·   Instrumental in the implementation of IP stack on the radio, to be deployed on a mobile ad-hoc network capable of carrying voice, video and data. This network provided QoS for voice by implementing special algorithms for adaptive routing and elastic virtual circuits, researched and published by the company. The implementation was first done in C in the Opnet environment, and then ported to VxWorks, and deployed on Handheld Mobile Terminals (HMTs).

·   Published a paper titled ‘Performance of the Reliable All-Informed Voice Networking (RAVEN) System’ in Military Communications, MILCOM 2000.

 

Worcester Polytechnic Institute, Worcester, MA, USA              Jan 1998–May 2001

Graduate Assistant, Department of Electrical Engineering

Responsibilities included conducting signal analysis help sessions, labs, and substituting for professors for undergraduate level Electrical and Computer Engineering classes.

 

Lucent Technologies, Concord, MA, USA                              June 1998-Aug 1998

Summer Intern

·   Developed several configuration and display commands for the command line interface (CLI) of the router.

·   Debugged routing protocols like OSPF and RIP using CLI.

·   Developed SNMP MIBs for the router.

 

Tata Infotech Ltd, NEPZ, India                    July 1996-July 1997

Software Engineer

·   Member of the team developing a Local Check-in Assist (LCA) system in C++ for China Airlines.

 

Department of Electronics, Govt. of India Enterprise, Delhi, India            June 1995-Aug 1995

Summer Intern

·   Studied two types of artificial intelligence systems - Neural Networks and Expert Systems.

·   Designed and implemented tic-tac-toe expert system.

 

OTHER PROJECTS

Project for GSEC

·   Developed a wrapper to handle PGP/GnuPG encrypted mailing lists. Also developed a front-end for management of keys.

College Projects

·   Studied the behavioral differences between real-time Linux and Linux

·   Generated traffic models for the behavior of HTTP/1.0 and HTTP/1.1

·   Client Server programming and transfer of data using TCP/UDP- IP and sockets

 

EDUCATION AND CREDENTIALS

Professional Training and Certifications

GSEC - GIAC Security Essentials Certification (SANS affiliated)

CCNA – Cisco Certified Network Associate

CCNP – Cisco Certified Network Professional

 

Masters in Electrical and Computer Engineering

Worcester Polytechnic Institute, Worcester, MA, USA, May '99

 

Bachelor of Engineering in Electronics Instrumentation and Control

Delhi Institute of Technology, Delhi, India, June '92 - June '96