Paul Wedde
Verified Expert in Engineering
Network Engineer and Developer
Wellington, New Zealand
Toptal member since April 11, 2023
Paul has nearly 20 years of experience in diverse network specializations. Both as an employee and a contractor, he has worked for managed service providers, internet service providers, one of the world's largest media conglomerates, and financial service providers. Paul has previously held UK government security clearances, including "Basic," CTC, and SC clearances.
Portfolio
Experience
- Cisco Networking - 17 years
- SNMP - 16 years
- DNS - 15 years
- Check Point - 14 years
- Fortinet Firewall Configuration - 10 years
- Transport Layer Security (TLS) - 10 years
- Palo Alto Networks - 6 years
- F5 Networks - 4 years
Availability
Preferred Environment
Cisco, Check Point, F5 Networks, Palo Alto Networks, Bash, Ansible, Linux, Fortinet Firewall Configuration
The most amazing...
...project I've been involved in was architecting multi-cloud connectivity for New Zealand's largest bank.
Work Experience
Network Designer
ANZ Group
- Contributed to the BS11 project to build a "bank within a bank", focusing on Active Directory (AD) networking requirements.
- Built a new laptop provisioning location over VPN over a third-party vendor's MPLS.
- Migrated a network privileged access management (PAM) application between AD domains.
- Onboarded multiple replacement DMZ switches and managed hardware lifecycle.
- Migrated a backup application to a new AD domain, including networking components.
- Built a remote data canter in Sydney via Cloud OnRamp for IaaS.
Network Engineer and Team Lead
FNZ
- Deployed user web proxy and optimized proxy auto-configuration (PAC) file.
- Consolidated vendor firewall, merging two layers of firewalling and routing into one.
- Redesigned and physically moved Wellington's data center.
- Deployed Microsoft Office 365 and Exchange Online.
- Designed and deployed dual site call center network.
- Upgraded APAC-wide firewall hardware and software.
- Designed and implemented a third-party private link.
Network and Security Engineer
Sony Interactive Entertainment
- Contributed to Europe-wide Infoblox dynamic host configuration protocol (DHCP) migration by moving all Sony Interactive Entertainment (SIEE) offices from AD-integrated DHCP to a specific vendor.
- Assisted in relocating the office based in Frankfurt by moving it a few blocks down the road. Built a new wireless network, wired local area network (LAN), and associated wide-area network (WAN) connectivity.
- Worked actively on satellite VPN swing for SN Systems.
Senior Network Engineer
Sony Pictures
- Redesigned and remotely deployed a computer network in SPE's 24-hour media based in Singapore.
- Completed the upgrade of a remote console server estate.
- Played a key role in pre-sales work for new SPE offices in Mexico and India.
- Participated in a global domain name system (DNS) and DHCP migration project for about six months.
- Designed a global configuration template for Cisco Internetwork Operating System (IOS), enabling multiple virtual routing and forwarding (VRF) instances.
- Deployed a captive portal using specific vendors' firewalls.
- Tested AD and lightweight directory access protocol (LDAP) integration with Cisco Context Directory Agent (CDA) and Palo Alto User-ID.
Senior Technical Network Consultant
Endava
- Collaborated with other senior network and server engineers to deliver a multi-tenant, scalable virtualized infrastructure.
- Completed an audit of a client's data center and multi-office network, successfully leading to further architecting, redesigning, and implementing their data center presence.
- Managed network-related responsibilities during a client disaster recovery exercise.
- Supported network for a high-profile website during an annual event.
- Redesigned and implemented a multi-office client network and global VPN mesh.
- Implemented a multi-tier Linux application platform using CentOS.
- Redesigned and implemented the client's data center and office networks.
- Worked actively on pre-sales, architecture, and implementation for many intrusion prevention systems (IPS) deployments.
Technical Services Specialist
PwC
- Supported over 30 UK-based offices and three data centers with up to 1,800 network devices.
- Redesigned wireless network infrastructure incorporating Cisco autonomous wireless access points (WAP) with Wireless LAN Solution Engine (WLSE) and newer lightweight access point protocol (LWAPP) with wireless LAN controllers (WLC) and WCS.
- Supported approximately 80 countries in the EMEA region and London, including MPLS and internet protocol security (IPsec) VPNs.
- Designed and implemented a new network for office relocation.
- Supported global connectivity with London as the hub for EMEA, interacting with other global hubs using a single contiguous network address space. It was a major achievement for PwC, with 236,000 people in 158 countries and 743 offices at the time.
- Designed and implemented wired and wireless networks for a new office.
- Assisted in designing the network and implementing the Cisco Adaptive Security Appliance (ASA) firewall on a voice-over-internet protocol (VoIP) pilot.
- Helped design and implement a network for video conferencing over an IP pilot.
- Designed and implemented a network for global WAN migration using border gateway protocol (BGP) peering into multiple service providers' MPLS and IPSec networks.
Network Support Engineer
DXI Networks
- Managed and supported dedicated, resilient internet connections utilizing LAN extensions, E1 leased lines, symmetric digital subscriber line (SDSL), asymmetric digital subscriber line (ADSL), primary rate interface (PRI), and basic rate ISDN (BRI).
- Supported a complex multi-user, multi-company VoIP platform, including troubleshooting many VoIP phones and administering the network via Cisco CallManager.
- Configured, administered, and troubleshot a large variety of networking hardware and software associated with the core of our provider's network.
- Supported a large corporate ADSL platform, including servers such as remote access server (RAS), network access server (NAS), LNS, and remote authentication dial-in user service (RADIUS) running FreeRADIUS under SUSE Linux.
- Analyzed layer 2 tunneling protocol (L2TP) and point-to-point protocol (PPP). Troubleshot BT's ADSL using the whoosh test.
Technical Support Analyst
Datacom Group
- Worked actively for both Kiwibank and NZ Post, which gave me a solid support foundation and exposed me to several key technologies.
- Provided support for Postlink II, NZ Post's proprietary software designed and managed by Datacom, which handled all PostShop's transactions.
- Troubleshot the front end of Kiwibank transactions and IP voucher banking process.
Experience
Check Point VPN Migration from R75 to R80
Certifications
Cisco Certified Specialist - Enterprise Design
Cisco
CCNP Security
Cisco
Cisco Certified Specialist - Network Security Firepower
Cisco
Cisco Certified Specialist - Network Security VPN Implementation
Cisco
Cisco Certified Specialist - Security Core
Cisco
Cisco Certified Specialist - Security Identity Management Implementation
Cisco
Cisco VPN Security Specialist
Cisco
Cisco Certified Specialist - Web Content Security
Cisco
Cisco IOS Security Specialist
Cisco
CCNP Enterprise
Cisco
CCNP Routing and Switching
Cisco
Cisco Certified Specialist - Enterprise Advanced Infrastructure Implementation
Cisco
Cisco Certified Specialist - Enterprise Core
Cisco
CCSA R65
Check Point
Cisco IPS Specialist
Cisco
Cisco Certified Security Professional (CCSP)
Cisco
Cisco Information Security Specialist
Cisco
Cisco Firewall Specialist
Cisco
Cisco VPN Specialist
Cisco
Cisco Certified Network Associate (CCNA)
Cisco
Skills
Tools
VPN, VMware, Ansible, VirtualBox, Ansible Tower
Paradigms
Deep Packet Inspection (DPI), DevOps, Automation
Industry Expertise
Network Security
Languages
Bash
Platforms
Linux, Unix, Citrix, Quick EMUlator (QEMU), Proxmox, Wazuh
Other
Cisco, Cisco Networking, SNMP, Firewalls, Cisco Routers, Networking, Networks, TCP/IP, Network Design, Network Engineering, Network Monitoring, Computer Networking, Routing, Check Point, F5 Networks, Fortinet Firewall Configuration, Transport Layer Security (TLS), ASA Firewalls, DNS, Load Balancers, Wireless, Security, IT Security, Cryptography, Encryption, Border Gateway Protocol (BGP), Intrusion Detection Systems (IDS), Open Shortest Path First (OSPF), Palo Alto Networks, NetFlow, Web Security, Intrusion Prevention Systems (IPS), SSL Certificates, Web Application Firewall (WAF), Cisco Switches, VoIP, Network Architecture, Multiprotocol Label Switching (MPLS), IP Routing, Routing and Switching Protocols, Network Switching, Ansible Playbooks
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring