Sampreet Bagchi

Proficient in leading end-to-end datacenter migration & platform migration projects; skilled at providing technical support involving security architecting On-prem and Cloud infrastructure and mitigation of vulnerabilities to ensure continual delivery operations.

• Microsoft:

Azure Fundamentals AZ-900

Azure Data Fundamentals DP-900

• Zscaler:

Zscaler Digital Transformation Administrator (ZDTA)

Zero Trust Certified Associate (ZTCA)

• Palo Alto Networks:

Network Security Fundamentals

Palo Alto Networks Certified Network Security Engineer (PCNSE)

• ITILv3 Foundation

Data Center Transition:

• Led the brownfield migration from Cisco Nexus legacy architecture to Cisco ACI, including APIC configuration, VRF creation, Application Profiles, Bridge Domains, and Contracts to ensure seamless policy-driven network automation and security segmentation.
• Executed VLAN cutover strategy to transition VLAN-based policies to EPGs, enable inter-VRF routing, and optimize application connectivity, ensuring minimal downtime and seamless workload migration within the ACI fabric.
• Managed the migration of Cisco ASA to Cisco FTD and Check Point to Palo Alto next-generation firewalls, implementing HA (High Availability) build, security zone configuration, NAT policies, IPS/IDS policies, and tag-based rule mapping. Designed and deployed template and template stacks for device groups structured per location, ensuring standardized security policies and efficient policy management across multiple sites.

Proxy Transformation:

• Led the migration from a legacy on-premises proxy to Zscaler Internet Access (ZIA), implementing explicit and transparent proxy modes with PAC file management, Z-Tunnel 1.0/2.0 traffic forwarding, and SSL inspection with custom certificate pinning exceptions. Configured GRE/IPSec tunnels for optimized egress routing, enforced Cloud Firewall policies with advanced Layer 7 application control, and integrated identity-based authentication using SAML and SCIM with Azure AD. Migrated and optimized security policies, including URL filtering, DNS security, sandboxing, and data loss prevention (DLP), to enhance cloud-based threat protection.
• Designed and deployed Zscaler Private Access (ZPA) to replace traditional VPN solutions, implementing application segmentation and least-privilege access using micro-tunnels. Configured ZPA App Connectors for secure application publishing, integrated SAML authentication with Azure AD for identity-aware access, and enabled posture-based policies using device trust settings. Optimized ZPA traffic flow by implementing Bypass, FQDN, and IP-based access policies, ensuring secure, low-latency connectivity for remote users accessing private applications without exposing internal networks to the public internet.

VPN Migration:

• Led the Site-to-Site (S2S) VPN migration project, managing end-to-end coordination between third-party vendors, customers, and internal stakeholders to ensure a seamless transition. Conducted technical assessments of existing VPN tunnels, restructured IPsec Phase 1/2 configurations, and optimized encryption algorithms to enhance security and performance. Facilitated project planning meetings, defined migration timelines, and implemented a phased cutover approach to minimize downtime. Performed rigorous pre- and post-migration testing, ensuring compliance with customer security policies and industry standards.

Public Cloud Migration:

• Configured Azure networking components for cloud migration through Azure Portal and automated deployments using JSON scripts via Azure PowerShell. Provisioned ExpressRoute circuits, generated authorization keys for private peering, and deployed Virtual Network Gateways (VNGs) with BGP peering. Created and managed Resource Groups, Virtual Networks (VNETs), and subnets while implementing User-Defined Routes (UDRs) for traffic control. Deployed Azure Firewalls with DNAT, SNAT, and application rule policies for secure traffic filtering, enforcing Network Security Groups (NSGs) at subnet and NIC levels to optimize network security and performance.
• Executed a phased network migration to Azure by establishing ExpressRoute private peering and validating BGP route advertisements. Conducted pre-migration network mapping, ensuring on-premises subnet-to-Azure subnet alignment with UDR adjustments. Deployed VNET-to-VNET peering for cross-region connectivity, applied NSG and Azure Firewall policies for layered security, and performed controlled cutovers for critical workloads. Utilized Azure Network Watcher for real-time packet tracing, flow log analysis, and end-to-end connectivity validation, ensuring a seamless transition with minimal downtime.

Network Refresh Project:

• Designed and deployed network infrastructure across multiple client sites, configuring switches, routers, and MPLS routing to establish secure and redundant data center connectivity. Engineered BGP and OSPF-based dynamic routing policies for MPLS integration, optimizing traffic flow, failover mechanisms, and high availability. Configured Layer 2/Layer 3 components, including VLANs, STP, EtherChannel, and QoS policies, ensuring efficient bandwidth utilization and network segmentation. Served as the techno-functional lead, overseeing project planning, vendor coordination, and risk assessments while managing end-to-end implementation, change control, and post-deployment validation to ensure seamless enterprise integration across all sites.