Joris Oversteyns
Senior Network & Security Architect/Engineer
Senior Network & Security Architect with over 20 years of experience designing and managing large-scale global networks. Currently part of the network architecture and engineering team at Johnson Controls, I specialise in building secure, modern infrastructures that connect thousands of sites worldwide. My expertise ranges from traditional data center design to modern cloud networking (Azure, AWS, GCP) and global SD-WAN rollouts. I have a proven track record of leading large-scale global projects — from a 10,000+ subnet DDI migration across 1,000+ sites to SD-WAN deployments spanning 650+ locations — with a strong focus on network automation using Python, Ansible, and AI to drive efficiency at scale.
Experience
Senior Network & Security Architect/Engineer — Global Engineering & Architecture
Johnson Controls · Belgium · Hybrid
Mar 2023 — Present
- Engineered and implemented a cloud-based private voice solution for NICE: designed a dedicated MPLS network to offload voice traffic to two Equinix colocation facilities in the UK, with seamless automatic failover to a public internet path in case of private link failure. Solution used Silverpeak SD-WAN for WAN connectivity, Cisco for LAN infrastructure, and Fortinet firewalls for segmentation between the corporate network and the NICE environment in the colos.
- Engineered and implemented an end-to-end migration from Microsoft DHCP to Infoblox BloxOne Universal DDI (engineering to production), including IPAM migration from Men & Mice to Infoblox IPAM. Developed Python automation scripts using the Infoblox API to facilitate the migration of 10,000+ subnets across more than 1,000 remote sites globally.
- Investigated and evaluated network automation platforms — Ansible, n8n, and Itential — to define a strategy for scalable network automation, exploring integration opportunities with AI to further reduce manual operational overhead.
Senior Network & Security Engineer
ING · Brussels Metropolitan Area, Belgium
Feb 2019 — Jun 2023
- Maintained and enhanced a Cisco Nexus datacenter infrastructure using VRFs, OTV, vPC, and advanced Nexus technologies for high-availability and multi-tenancy.
- Managed LAN and WLAN rollout and refreshes for remote branches, implementing 802.1x port-based access control using Cisco ISE for endpoint authentication and segmentation.
- Core team member for the SD-WAN implementation across 650 remote sites in Belgium using the Cisco Viptela solution.
- Applied consistent segmentation and security policies across datacenter and branch environments to meet ING's strict compliance requirements.
- Migration project where we migrated from Check Point firewalls to Palo Alto using virtual systems (VSYS) and inter-VSYS routing to enforce strict traffic segmentation and meet financial security regulations.
- Delivered end-to-end wireless infrastructure migration from legacy controllers to Cisco Catalyst 9800 series with Cisco 9160 access points, covering full engineering, lab validation, and production rollout.
Senior Network & Security Architect/Engineer
Adient · Belgium
Oct 2016 — Jan 2019
- Rolled out Zscaler Cloud Security globally to 90,000 users, including local breakout on 200+ DMVPN remote sites with TCL automation scripts.
- Led global DMVPN separation project: built 4 new headend infrastructures using F5 SLB, new IOS-based PKI, new ACS cluster, and migrated 700+ remote spoke routers.
- Introduced Cisco 4000 series routers combining MPLS and DMVPN services with local breakout, ZBF, VRFs, NAT, and PBR.
- Technical lead for datacenter catalyst-to-Nexus migration (Nexus 7010, 5500, 2200).
- Migrated centralised datacenter firewalls from ASA 5545/5555 to 5585x in Active/Active multiple context mode.
Senior Network & Security Engineer
Johnson Controls · Belgium
Jan 2012 — Sept 2016
- Redesigned L2/L3 branch office networks to JCI standards, installing core/distribution/access layer devices across EMEA.
- Installed and reconfigured wireless LAN controllers (WiSM, Flex, LWAPP, FlexConnect) and standalone APs.
- Managed installation, troubleshooting, and change requests for local and centralised Cisco ASA firewalls.
- Implemented DMVPN solution for remote sites and installed BlueCoat proxy servers.
- Prepared LAN equipment for IPT rollout and handled network/security change requests.
Network & Security Support Engineer
Estée Lauder · Belgium
Jan 2005 — Dec 2011
- Installed and configured routers, ASA firewalls, switches, APs, and wireless LAN controllers.
- Led WiFi network rollout and managed wireless devices across Belgian sites.
- Managed Windows Server infrastructure including DHCP, File & Print, and Active Directory.
- Programmed and maintained Alcatel Omnivista 4760 voice hub and telephone cabling.
- Applied ITIL change and problem management using CA Unicenter and Remedy ticketing systems.
iSeries Operator / 2nd Level Support
IBM · Belgium
Sept 2001 — Dec 2004
- Second level support for AS400: monitoring backups, printers, software, hardware, and network.
- Responsible for AS400 bridge and Disaster Recovery bridge infrastructure including monitoring PCs.
- Maintained customer procedures and operational manuals.
Skills
Routing & Protocols
BGP / OSPF / EIGRP / ISIS · MPLS / IPSec-VPN / DMVPN · QoS / DSCP · RADIUS / TACACS+ / 802.1x · NTP / DNS / DHCP / NHRP / VSS · OTV / vPC / VRF
Security
Cisco ASA / PIX · Palo Alto NGFW · Check Point · Fortinet · Zscaler Cloud Security · Cisco ACS / ISE (AAA) · IPsec / VPN / ZBF
Network Infrastructure
Cisco Routers (8xx–ASR, 4k) · Cisco / HP / Ubiquity / Mikrotik Switches · Cisco Nexus (7010, 5500 — vPC, OTV) · SD-WAN (Cisco Viptela / Silverpeak) · Cisco Wireless (9800 Controllers / 9160 APs) · F5 BIG-IP LTM / GSLB / ACE
Network Management & DDI
Infoblox BloxOne (DDI / IPAM) · SolarWinds · Netscout · Cattools · Syslog / SIEM
Cloud Networking
Azure (VNet, ExpressRoute, vWAN) · AWS (VPC, Transit Gateway, Direct Connect) · GCP (VPC, Cloud Interconnect)
Automation & Platforms
Python / REST API · Ansible · n8n · Itential · TCL / EEM · VMware · Linux · Windows Server / AD
Certifications
- CCIE Routing & Switching — Written — CiscoJan 2015
- CCNP Routing and Switching — CiscoJan 2012
- CCNA — CiscoJan 2011
- CCNA Security — CiscoJan 2009
- Configuring BGP on Cisco Routers (642-661) — CiscoJan 2008
Training
- iSeries System Operator Workshop — Maintaining iSeries expertise2001
- iSeries System Performance Tuning — Extending iSeries expertise2001
- iSeries Backup Recovery and Media Services — Extending iSeries expertise2002
- Microsoft Windows XP — Certification track for MCSE2004
- Microsoft Windows Server 2003 Environment — Certification track for MCSE2005
- 642-661 Configuring BGP on Cisco Routers — Improvement BGP skills — Certification obtained2008
- CCNA Security — Certification as CCNA Security2011
- Nexus Data Center Switching — Improving Nexus skills2013
- 642-524 Securing Networks with ASA Foundation — Certification as Cisco Certified Security Specialist2013
- CCIE Security v4 — Online training class — INE2013
- BlueCoat ProxySG Administration and Professional — ProxySG administration and professional certification2014
- CCIE Routing & Switching — Online training — INE2014
- F5 Training — GTM & GSLB — In-house training for migration from ACE to F52016
- Palo Alto Network Security Professional — Extending Palo Alto NGFW expertise2021
- Cisco Viptela SD-WAN Training — Extending SD-WAN expertise2022
- Deploying Aruba SD-WAN Technologies — Extending Silverpeak / Aruba SD-WAN expertise2024
- Advanced SD-WAN Deployments and Troubleshooting SD-WAN Networks — Extending Silverpeak / Aruba SD-WAN expertise2024