Kevin He
Verified Expert in Engineering
Network and Security Consultant and Developer
Auckland, New Zealand
Toptal member since April 7, 2023
Kevin is a senior network and security consultant with 18 years of experience in environments ranging from large global vendors and Telco to enterprise sectors like banks and government agencies. Skilled in a wide range of products such as Cisco, Juniper, Huawei, F5, Check Point, Palo Alto, and Fortinet. He has a proven track record of design, delivery, and BAU support for large-scale network and security projects. Kevin is Cisco CCIE, Check Point CCSE, and Fortinet NSE4 certified.
Portfolio
Experience
Availability
Preferred Environment
Cisco, Juniper, Check Point, Palo Alto Networks, FortiGate, F5 Networks, Networking, Network Security, Networks, IP Networks
The most amazing...
...projects I've contributed to in the past years involved helping two of New Zealand's top four banks with network and security datacenter migration projects.
Work Experience
Senior Network and Security Consultant
Self-employed
- Designed and delivered ANZ Bank New Zealand datacenter migration from Australia to New Zealand to comply with the Reserve Bank of New Zealand BS11 policy.
- Implemented EVPN on Cisco Nexus 9000 Series switches and Data Center Network Manager (DCNM) and deployed Check Point and Palo Alto firewalls, F5 load balancers, Infoblox IPAM and DNS, etc.
- Helped ANZ bank defend its network to mitigate the risk of cyber-attacks and data breaches. Provided security review of credit risk applications to comply with the security guidelines. Implemented firewall, web proxy, WAF, IPS, etc.
- Developed and executed Westpac New Zealand's datacenter migration from Australia to New Zealand to comply with the Reserve Bank of New Zealand BS11 policy. Deployed Check Point and Palo Alto firewalls, F5 load balancers, Infoblox IPAM and DNS, etc.
- Helped Westpac Bank defend its network to mitigate the risk of cyber-attacks and data breaches. Performed security review of their API Connect components, online banking, etc. Implemented firewall, web proxy, WAF, IPS, etc.
- Deployed Fortinet solutions for Kordia-managed NZ Maritime with ADOM, VDOM, clusters, VPN, IPS, etc., on FortiGate firewall and FortiSwitch managed by FortiManager.
- Migrated Kordia Australia datacentre firewalls from Palo Alto to FortiGate.
Security Design and Delivery Engineer
Vodafone NZ
- Upgraded and migrated FortiGate for Telecommunications as a Service (TaaS) firewall virtual farm, including FortiGate firewall, FortiManager, and FortiAnalyzer. Migrated 25 VDOMs for customers and internal platforms from v5.2.6 and v5.4.6 to v6.0.9.
- Upgraded and migrated Check Point firewalls and the MDM. Migrated the MDS and firewalls from R77.30 to the new R80.30 MDS and SG6600 appliances.
- Delivered and managed New Zealand Ministry of Business, Innovation, and employment check point firewalls and F5 LTM.
Senior Technical Solutions Specialist
NTT
- Designed and built Auckland Watercare's secure control network in 100+ sites using BGP, OSPF, VRRP, Spanning Tree Protocol, and VPN.
- Deployed Cisco ASR 920 routers, Nexus 3000 and Catalyst 9000 switches, check point firewalls, specifically Multi-domain, VSX, ClusterXL, VPN, and F5.
- Migrated Fortinet FortiGate to check point firewalls with ClusterXL, AV, IPS, SSL Inspection, URL filtering, and application control as part of the Auckland Watercare business internet migration project.
- Built Auckland Watercare's Azure ExpressRoute and AWS Direct Connect networks.
- Provided security review of secure control network for Watercare Auckland.
- Developed the Wellington Water AWS Direct Connect network with Cisco ASR 9000 routers, Nexus 9000 switches, and Check Point firewalls.
- Delivered the Wellington City Council network using WLAN, MPLS VPN, BGP, EIGRP, DMVPN, and HSRP. This project included Cisco ASR 920 and ISR 4431 routers, Nexus 9000, C3850, and C2960X switches, vWLC with AP2800, ISE, and check point firewalls.
Senior Network Engineer
Huawei Technologies Co.
- Designed and built Vodafone NZ EAN (IP RAN) project from phase 1 to phase 3 comprising 300+ routers all over New Zealand, using a seamless MPLS VPN solution with Huawei PTN 6900, ATN 910, Cisco ASR 9000, and Juniper MX.
- Developed and delivered Vodafone New Zealand NGSN datacenter project, using TRILL with Huawei CloudEngine datacenter switches.
- Delivered 2Degrees IP RAN including IP Core, transmission backhaul, and customer RAN edge with Huawei CX600, CX300, and ATN routers.
Senior Network Engineer
Sohu
- Developed and delivered the datacenter networks with Juniper MX480, Cisco ASR 9010, Nexus 7000, 5000, and 2000 (vPC and FEX), Cisco ASA firewalls, and Huawei WAN accelerators using BGP, OSPF, VXLAN, FabricPath.
- Designed and built Hong Kong CDN using Cisco ASR 9010, Nexus 7000, 5000, and 2000 (vPC and FEX), and Cisco ASA firewalls.
- Provided ongoing support and configuration for the network to get 99.99% availability.
Network and Security Engineer
H3C
- Designed and executed the e-government network project for Beijing City Council, with over 200 routers and switches all over Beijing, providing services to eight districts.
- Developed and built a wide area network (WAN) for the 2008 Beijing Olympic Games Committee, using MPLS VPN, BGP, OSPF, and IPSec VPN with routers, firewalls, VPN gateways, load balancers, and WAN accelerators.
- Delivered Baidu.com two datacentres with 4000+ switches and 30+ routers, utilizing MPLS, BGP, OSPF, and more.
Experience
Datacenter Migration for ANZ Bank New Zealand
http://www.anz.co.nzI designed and delivered the ANZ Bank New Zealand datacenter migration from Australia to New Zealand. To do that, I utilized Cisco Nexus 93180 and 93108 switches and DCNM to establish an EVPN and VXLAN network across two datacenters. Then I deployed Check Point firewalls for the on-premises network, Palo Alto firewalls for cloud connectivity (AWS, Azure, and GCP), F5 load balancers, and Infoblox IPAM and DNS.
Design and build of new datacenter for Westpac New Zealand
http://www.westpac.co.nzI designed and delivered Westpac's new data centers in New Zealand. We deployed EVPN-VXLAN with Cisco Nexus 9000 switches, NDFC, Palo Alto firewalls for inter-domain control, VMware NSX-T firewalls for east-west traffic control, F5 GTM and LTM, Infoblox IPAM and DNS, SolarWinds, etc. I also handled the migration of all the main financial systems and data from Australia to New Zealand.
Secure Control Network of Watercare
http://www.watercare.co.nzEAN of Vodafone NZ
Kordia Managed NZ Maritime
http://www.kordia.co.nzEducation
Bachelor's Degree in Computer Science
Nanjing University of Posts and Telecommunications - Nanjing, China
Certifications
Fortinet NSE 4 Network Security Professional
Fortinet
Check Point Certified Security Expert (CCSE)
Check Point
Cisco Certified Internetwork Expert (CCIE)
Cisco
Skills
Tools
VPN, SolarWinds
Paradigms
Software-defined Networking (SDN)
Industry Expertise
System Security, Cisco Adaptive Security Appliance (ASA)
Languages
Python
Platforms
Azure, AWS
Other
Cisco, System Security, FortiGate, F5 Networks, IP Routing, Cisco Switches, Multiprotocol Label Switching (MPLS), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), VXLAN, VLANs, Spanning Tree Protocol (STP), Virtual Router Redundancy Protocol (VRRP), HSRP, Multicast, Networking, System Security, Intrusion Prevention Systems (IPS), URL Filtering, Cisco Routers, 802.1X, Load Balancers, IPsec, IT Manufacturing, LAN, WAN, Dynamic Host Configuration Protocol (DHCP), SSL, SNMP, NetFlow, Networks, IP Networks, Security, IT Security, TCP/IP, Network Configuration, System Security, Web Application Firewall (WAF), Information Security, Network Design, Network Engineering, Network Monitoring, Routing and Switching Protocols, CCIE Enterprise Infrastructure, Juniper, Palo Alto Networks, DNS, Aruba, WLAN, WiFi, SSL Certificates, Software-defined WAN (SDWAN), System Security, System Security, Data Center Infrastructure, Software-defined Data Centers (SDDC), Network Architecture, Team Leadership, Web Proxy, Content Delivery Networks (CDN), Cyberattacks, Cisco Application Centric Infrastructure (Cisco ACI), Cloud Networking, Internet Security, Fortinet
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring