Kevin He, Developer in Auckland, New Zealand
Kevin is available for hire
Hire Kevin

Kevin He

Verified Expert  in Engineering

Network and Security Consultant and Developer

Auckland, New Zealand

Toptal member since April 7, 2023

Bio

Kevin is a senior network and security consultant with 18 years of experience in environments ranging from large global vendors and Telco to enterprise sectors like banks and government agencies. Skilled in a wide range of products such as Cisco, Juniper, Huawei, F5, Check Point, Palo Alto, and Fortinet. He has a proven track record of design, delivery, and BAU support for large-scale network and security projects. Kevin is Cisco CCIE, Check Point CCSE, and Fortinet NSE4 certified.

Portfolio

Self-employed
Cisco, System Security, Palo Alto Networks, VXLAN...
Vodafone NZ
System Security, FortiGate, System Security, VPN, SSL, System Security...
NTT
Cisco, System Security, F5 Networks, FortiGate, Juniper, Aruba, WLAN, WiFi...

Experience

Availability

Full-time

Preferred Environment

Cisco, Juniper, Check Point, Palo Alto Networks, FortiGate, F5 Networks, Networking, Network Security, Networks, IP Networks

The most amazing...

...projects I've contributed to in the past years involved helping two of New Zealand's top four banks with network and security datacenter migration projects.

Work Experience

Senior Network and Security Consultant

2021 - PRESENT
Self-employed
  • Designed and delivered ANZ Bank New Zealand datacenter migration from Australia to New Zealand to comply with the Reserve Bank of New Zealand BS11 policy.
  • Implemented EVPN on Cisco Nexus 9000 Series switches and Data Center Network Manager (DCNM) and deployed Check Point and Palo Alto firewalls, F5 load balancers, Infoblox IPAM and DNS, etc.
  • Helped ANZ bank defend its network to mitigate the risk of cyber-attacks and data breaches. Provided security review of credit risk applications to comply with the security guidelines. Implemented firewall, web proxy, WAF, IPS, etc.
  • Developed and executed Westpac New Zealand's datacenter migration from Australia to New Zealand to comply with the Reserve Bank of New Zealand BS11 policy. Deployed Check Point and Palo Alto firewalls, F5 load balancers, Infoblox IPAM and DNS, etc.
  • Helped Westpac Bank defend its network to mitigate the risk of cyber-attacks and data breaches. Performed security review of their API Connect components, online banking, etc. Implemented firewall, web proxy, WAF, IPS, etc.
  • Deployed Fortinet solutions for Kordia-managed NZ Maritime with ADOM, VDOM, clusters, VPN, IPS, etc., on FortiGate firewall and FortiSwitch managed by FortiManager.
  • Migrated Kordia Australia datacentre firewalls from Palo Alto to FortiGate.
Technologies: Cisco, System Security, Palo Alto Networks, VXLAN, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Virtual Router Redundancy Protocol (VRRP), F5 Networks, VPN, Azure, SolarWinds, FortiGate, System Security, Cisco Routers, Cisco Switches, Load Balancers, Intrusion Prevention Systems (IPS), IPsec, LAN, WAN, Software-defined WAN (SDWAN), Dynamic Host Configuration Protocol (DHCP), SNMP, DNS, SSL, Python, Networks, Networking, IP Networks, System Security, Security, IT Security, TCP/IP, AWS, Network Configuration, System Security, System Security, Web Application Firewall (WAF), Information Security, Data Center Infrastructure, Software-defined Data Centers (SDDC), Software-defined Networking (SDN), Network Architecture, Network Design, Network Engineering, Network Monitoring, Team Leadership, Routing and Switching Protocols, Cyberattacks, Internet Security

Security Design and Delivery Engineer

2020 - 2021
Vodafone NZ
  • Upgraded and migrated FortiGate for Telecommunications as a Service (TaaS) firewall virtual farm, including FortiGate firewall, FortiManager, and FortiAnalyzer. Migrated 25 VDOMs for customers and internal platforms from v5.2.6 and v5.4.6 to v6.0.9.
  • Upgraded and migrated Check Point firewalls and the MDM. Migrated the MDS and firewalls from R77.30 to the new R80.30 MDS and SG6600 appliances.
  • Delivered and managed New Zealand Ministry of Business, Innovation, and employment check point firewalls and F5 LTM.
Technologies: System Security, FortiGate, System Security, VPN, SSL, System Security, Security, IT Security, Networks, Networking, System Security, Network Design, Network Engineering, Network Monitoring, Routing and Switching Protocols

Senior Technical Solutions Specialist

2017 - 2020
NTT
  • Designed and built Auckland Watercare's secure control network in 100+ sites using BGP, OSPF, VRRP, Spanning Tree Protocol, and VPN.
  • Deployed Cisco ASR 920 routers, Nexus 3000 and Catalyst 9000 switches, check point firewalls, specifically Multi-domain, VSX, ClusterXL, VPN, and F5.
  • Migrated Fortinet FortiGate to check point firewalls with ClusterXL, AV, IPS, SSL Inspection, URL filtering, and application control as part of the Auckland Watercare business internet migration project.
  • Built Auckland Watercare's Azure ExpressRoute and AWS Direct Connect networks.
  • Provided security review of secure control network for Watercare Auckland.
  • Developed the Wellington Water AWS Direct Connect network with Cisco ASR 9000 routers, Nexus 9000 switches, and Check Point firewalls.
  • Delivered the Wellington City Council network using WLAN, MPLS VPN, BGP, EIGRP, DMVPN, and HSRP. This project included Cisco ASR 920 and ISR 4431 routers, Nexus 9000, C3850, and C2960X switches, vWLC with AP2800, ISE, and check point firewalls.
Technologies: Cisco, System Security, F5 Networks, FortiGate, Juniper, Aruba, WLAN, WiFi, 802.1X, VLANs, Spanning Tree Protocol (STP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), DNS, Azure, System Security, VPN, Cisco Routers, Cisco Switches, IP Routing, LAN, WAN, SNMP, NetFlow, SSL, Networks, IP Networks, Networking, System Security, Security, IT Security, TCP/IP, AWS, Network Configuration, System Security, System Security, System Security, Information Security, Network Architecture, Network Design, Network Engineering, Network Monitoring, Team Leadership, Routing and Switching Protocols

Senior Network Engineer

2014 - 2017
Huawei Technologies Co.
  • Designed and built Vodafone NZ EAN (IP RAN) project from phase 1 to phase 3 comprising 300+ routers all over New Zealand, using a seamless MPLS VPN solution with Huawei PTN 6900, ATN 910, Cisco ASR 9000, and Juniper MX.
  • Developed and delivered Vodafone New Zealand NGSN datacenter project, using TRILL with Huawei CloudEngine datacenter switches.
  • Delivered 2Degrees IP RAN including IP Core, transmission backhaul, and customer RAN edge with Huawei CX600, CX300, and ATN routers.
Technologies: Multiprotocol Label Switching (MPLS), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), VLANs, Spanning Tree Protocol (STP), 802.1X, IP Routing, Cisco, Juniper, Cisco Routers, Cisco Switches, IT Manufacturing, LAN, WAN, SNMP, NetFlow, Networks, Networking, TCP/IP, Network Configuration, Data Center Infrastructure, Network Architecture, Network Design, Network Engineering, Network Monitoring, Routing and Switching Protocols

Senior Network Engineer

2011 - 2013
Sohu
  • Developed and delivered the datacenter networks with Juniper MX480, Cisco ASR 9010, Nexus 7000, 5000, and 2000 (vPC and FEX), Cisco ASA firewalls, and Huawei WAN accelerators using BGP, OSPF, VXLAN, FabricPath.
  • Designed and built Hong Kong CDN using Cisco ASR 9010, Nexus 7000, 5000, and 2000 (vPC and FEX), and Cisco ASA firewalls.
  • Provided ongoing support and configuration for the network to get 99.99% availability.
Technologies: Cisco, Juniper, System Security, Cisco Routers, Cisco Switches, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Virtual Router Redundancy Protocol (VRRP), VLANs, Spanning Tree Protocol (STP), VPN, DNS, Content Delivery Networks (CDN), Web Proxy, Load Balancers, 802.1X, LAN, WAN, Dynamic Host Configuration Protocol (DHCP), SSL, SNMP, NetFlow, Networks, Security, IT Security, TCP/IP, Network Configuration, Data Center Infrastructure, Cisco Adaptive Security Appliance (ASA), Network Engineering, Routing and Switching Protocols

Network and Security Engineer

2005 - 2011
H3C
  • Designed and executed the e-government network project for Beijing City Council, with over 200 routers and switches all over Beijing, providing services to eight districts.
  • Developed and built a wide area network (WAN) for the 2008 Beijing Olympic Games Committee, using MPLS VPN, BGP, OSPF, and IPSec VPN with routers, firewalls, VPN gateways, load balancers, and WAN accelerators.
  • Delivered Baidu.com two datacentres with 4000+ switches and 30+ routers, utilizing MPLS, BGP, OSPF, and more.
Technologies: Networking, System Security, 802.1X, Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), VLANs, Spanning Tree Protocol (STP), Virtual Router Redundancy Protocol (VRRP), Multiprotocol Label Switching (MPLS), Multicast, Cisco, IT Manufacturing, VPN, IPsec, LAN, WAN, DNS, Dynamic Host Configuration Protocol (DHCP), SSL, SNMP, NetFlow, Networks, Security, IT Security, TCP/IP, Network Configuration, Network Engineering, Routing and Switching Protocols

Datacenter Migration for ANZ Bank New Zealand

http://www.anz.co.nz
The ANZ Bank New Zealand is one of the four largest banks in New Zealand, and this project aimed to comply with the Reserve Bank of New Zealand's new policy.

I designed and delivered the ANZ Bank New Zealand datacenter migration from Australia to New Zealand. To do that, I utilized Cisco Nexus 93180 and 93108 switches and DCNM to establish an EVPN and VXLAN network across two datacenters. Then I deployed Check Point firewalls for the on-premises network, Palo Alto firewalls for cloud connectivity (AWS, Azure, and GCP), F5 load balancers, and Infoblox IPAM and DNS.

Design and build of new datacenter for Westpac New Zealand

http://www.westpac.co.nz
Westpac is one of the four major banks in New Zealand. The primary goal of this project was to build two new data centers with a fabric network.

I designed and delivered Westpac's new data centers in New Zealand. We deployed EVPN-VXLAN with Cisco Nexus 9000 switches, NDFC, Palo Alto firewalls for inter-domain control, VMware NSX-T firewalls for east-west traffic control, F5 GTM and LTM, Infoblox IPAM and DNS, SolarWinds, etc. I also handled the migration of all the main financial systems and data from Australia to New Zealand.

Secure Control Network of Watercare

http://www.watercare.co.nz
Watercare is New Zealand's largest water utility company. I designed and built the secure control network (SCN) within two data centers, two control centers, and 100+ remote sites using BGP, OSPF, VRRP, Spanning Tree Protocol, IPSec VPN, and more. This project incorporated Cisco ASR 920 routers, Nexus 3000 switches, Catalyst 9000 switches, and check point Firewalls (Multi-domain, VSX, ClusterXL, and VPN).

EAN of Vodafone NZ

Designed and built the EAN (IP RAN) project from phase 1 to phase 3, which comprised 300+ routers all over New Zealand. We utilized a Seamless MPLS VPN solution with Cisco ASR 9000, Juniper MX, and Huawei PTN 6900, ATN 910.

Kordia Managed NZ Maritime

http://www.kordia.co.nz
I deployed Fortinet solutions for a Kordia-managed NZ Maritime network with FortiGate firewalls and FortiSwitch, including ADOM, VDOM, clusters, VPN, IPS, Web Filtering, etc. I integrated with Kordia unified FortiManager and FortiAnalyzer.
2001 - 2005

Bachelor's Degree in Computer Science

Nanjing University of Posts and Telecommunications - Nanjing, China

AUGUST 2020 - AUGUST 2022

Fortinet NSE 4 Network Security Professional

Fortinet

FEBRUARY 2020 - FEBRUARY 2022

Check Point Certified Security Expert (CCSE)

Check Point

JULY 2013 - JULY 2015

Cisco Certified Internetwork Expert (CCIE)

Cisco

Tools

VPN, SolarWinds

Paradigms

Software-defined Networking (SDN)

Industry Expertise

System Security, Cisco Adaptive Security Appliance (ASA)

Languages

Python

Platforms

Azure, AWS

Other

Cisco, System Security, FortiGate, F5 Networks, IP Routing, Cisco Switches, Multiprotocol Label Switching (MPLS), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), VXLAN, VLANs, Spanning Tree Protocol (STP), Virtual Router Redundancy Protocol (VRRP), HSRP, Multicast, Networking, System Security, Intrusion Prevention Systems (IPS), URL Filtering, Cisco Routers, 802.1X, Load Balancers, IPsec, IT Manufacturing, LAN, WAN, Dynamic Host Configuration Protocol (DHCP), SSL, SNMP, NetFlow, Networks, IP Networks, Security, IT Security, TCP/IP, Network Configuration, System Security, Web Application Firewall (WAF), Information Security, Network Design, Network Engineering, Network Monitoring, Routing and Switching Protocols, CCIE Enterprise Infrastructure, Juniper, Palo Alto Networks, DNS, Aruba, WLAN, WiFi, SSL Certificates, Software-defined WAN (SDWAN), System Security, System Security, Data Center Infrastructure, Software-defined Data Centers (SDDC), Network Architecture, Team Leadership, Web Proxy, Content Delivery Networks (CDN), Cyberattacks, Cisco Application Centric Infrastructure (Cisco ACI), Cloud Networking, Internet Security, Fortinet

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring