Bony Varghese

With over a decade of experience in network and security engineering, I currently serve as a Senior Specialist at HCLTech, where I focus on managing large-scale Palo Alto Networks Panorama environments. My expertise lies in centralized firewall policy management, High Availability clusters, and resolving complex firewall and network security incidents.

Skilled in Palo Alto Next-Gen Firewalls and certified as PCNSE and CCNP-Security, my professional mission is rooted in ensuring operational stability, security compliance, and seamless connectivity for enterprise networks. I am committed to delivering robust and scalable solutions by leveraging advanced security configurations and collaborative approaches to address intricate challenges in network security.

Served as a Firewall Subject Matter Expert (SME) managing a large-scale 49-cluster Palo Alto Networks Panorama environment, ensuring high availability, security compliance, and operational stability across enterprise networks.
• Led centralized firewall policy management using Panorama, including security rules, NAT, objects, templates, device groups, and stack templates.
• Performed Palo Alto PAN-OS upgrades, hotfix deployments, and post-upgrade validation with minimal downtime and zero business impact.
• Acted as L3/L4 escalation point for complex firewall incidents, traffic flow issues, asymmetric routing, VPN failures, and HA failovers.
• Implemented and maintained High Availability (Active/Passive) clusters, including sync verification, failover testing, and troubleshooting split-brain scenarios.
• Utilized ClearPass for network access control integrations and security posture enforcement.
• Managed incidents, changes, and problem records using ServiceNow, ensuring SLA compliance and proper root-cause analysis (RCA).
• Collaborated with SOC, Network, Cloud, and Application teams to troubleshoot security events, support production changes, and improve end-to-end visibility.
• Supported IPS, URL filtering, App-ID, User-ID, SSL decryption, and threat prevention configurations aligned with enterprise security standards.
• Conducted rule-base optimization, cleanup, and security audits to reduce risk, improve performance, and align with best practices.
• Contributed to process improvements, documentation, and KT sessions, enhancing team efficiency and operational readiness.

Led the end-to-end planning, deployment, and optimization of enterprise-grade wireless networks utilizing Cisco WLAN technologies. Installed and configured Cisco Lightweight Access Points (LWAPs) and Wireless LAN Controllers (WLCs), including the 5500 series, ensuring reliable connectivity and performance across large-scale environments. Managed Cisco Prime Infrastructure 2.0 for centralized wireless monitoring, performance diagnostics, and automated WiFi test plan creation.

Designed predictive RF coverage maps using TamoSoft and OpenNMS, following 802.11a/b/g/n/ac standards to conduct active, passive, and spectrum site surveys in the 2.4 GHz and 5 GHz frequency bands. Performed on-site assessments and validated RF design with heat maps, enabling accurate placement of LWAPs for optimal coverage. Evaluated RFID vendor solutions and WLAN integration for inventory and access management use cases.

Created detailed wireless network diagrams, topology layouts, and infrastructure documentation.

Performed advanced wireless performance tuning by analyzing signal strength, interference sources, latency, and throughput data. Resolved complex connectivity issues and supported escalated troubleshooting scenarios in high-availability environments.

Enforced robust wireless security through RADIUS/TACACS+ authentication and integrated ClearPass NAC for dynamic, role-based WiFi access control. Developed access policies and segmentation strategies to safeguard critical zones. Maintained audit logs, system change records, and survey result documentation.

Collaborated with cross-functional IT teams and mentored Network Engineers to align wireless strategies with business needs and industry standards. Actively pursued emerging technologies to ensure modern, scalable, and secure wireless deployments.