Davor Grce
Infrastructure Architect · Senior Network Specialist · Cybersecurity Consultant
Designing secure, resilient, and high-performance enterprise infrastructures
Trusted by organisations across North America and Europe
About
Where strategy
meets architecture.
Based in
Calgary, Alberta, Canada
Education
M.Sc., Belgrade University
Currently
PhD Candidate — AI & Cybersecurity
Industries
Oil & Gas · MSP · Finance · Public Sector
Davor Grce is an accomplished Infrastructure and Network Professional with extensive experience designing, implementing, and governing complex infrastructure architectures across multi-cloud, hybrid, and on-premises environments. He specializes in architecting secure, resilient, and scalable network and security infrastructures built on industry-leading platforms — including Palo Alto, Check Point, Fortinet, Cisco Firepower, and VMware.
As a Microsoft Certified Azure Solutions Architect Expert, Check Point Security Expert, Fortinet Security Expert, Cisco Certified Network Professional, and VMware Certified Professional, he brings a comprehensive understanding of infrastructure, virtualization, cloud platforms, automation, and security engineering across the full stack.
Davor has led the design and implementation of hybrid cloud architectures using Azure, AWS, and Google Cloud — ensuring seamless integration of IaaS, PaaS, container, and network-centric cloud security services with existing enterprise systems. His architectural approach combines deep technical expertise, structured methodology, and a strong foundation in governance frameworks including TOGAF, BTABOK, and ISO 27001.
His enterprise consulting work spans architecture standards, governance models, modernisation roadmaps, and operational frameworks following Agile and ITSM methodologies. He produces high-quality HLDs, LLDs, system blueprints, dependency mappings, and risk analyses that align infrastructure designs with organisational goals, regulatory requirements, and industry best practices.
“What sets me apart: I bridge enterprise architecture, infrastructure engineering, and cybersecurity execution—able to design strategic target-state environments while also solving urgent operational problems in production. Employers value my ability to step into complex environments quickly, stabilize critical systems, and deliver measurable improvement.”
Expertise
Six domains of
deep specialization.
Comprehensive architectural expertise across the full infrastructure stack — from physical network layers to cloud-native services.
01
Network Architecture
Multi-site enterprise network design using Cisco, Ruckus, Arista, and HPE platforms. Advanced routing protocols — OSPF, EIGRP, BGP — SD-WAN, DMVPN, VXLAN, and campus/datacenter fabric architecture.
02
Firewall & Security Engineering
Next-generation firewall design across Palo Alto, Check Point, Fortinet, and Cisco Firepower. Zero-Trust architecture, high-availability deployments, deep segmentation strategies, and threat prevention.
03
Cloud Architecture
Azure Solutions Architect Expert — environments built from the ground up. IaaS, PaaS, hybrid integrations, ExpressRoute, Azure security baselines, governance, cost optimisation, and identity frameworks.
04
Virtualisation & Datacentre
VMware vSphere ESXi cluster design, multi-site HA/DR architectures, capacity planning, and lifecycle management of 200+ virtual machines. Datacentre migrations and full stack modernisation.
05
OT / SCADA Security
Industrial network security integration in oil & gas environments. Fortinet Security Fabric for OT cybersecurity, SCADA architecture, PLC integration within Rockwell environments, and IPsec VPN across 70+ field endpoints.
06
Enterprise Consulting
Trusted advisor for large-scale infrastructure transformation. Delivering HLDs, LLDs, modernisation roadmaps, and risk analysis frameworks aligned with TOGAF, BTABOK, ISO 27001, and Agile ITSM practices.
Career
A decade of
enterprise excellence.
2025 — Present
Senior IT Infrastructure & Network Consultant
Baytex Energy Corp. · Calgary, Canada
Oil & Gas- Experienced in designing and managing multi hub-and-spoke IPsec, VXLAN and ADLAN architectures using Check Point, FortiGate (rugged 70F, 70F, 60F, 200G) and HA Cisco Security Firewall managed by FMC – firewall management center.
- Oversaw and managed site‑to‑site and remote‑access IPsec VPN connectivity for more than 70 field endpoints across oil and gas fields.
- OT cybersecurity integration using Fortinet enterprise solutions within the Zero-Trust principles.
- Experienced in SCADA systems and Wonderware, PLC programming within Rockwell enterprise environments.
- Led an enterprise firewall migration from Check Point R81.10 to a high‑availability Cisco Firepower 3110 (active‑standby) deployment managed through Cisco FMC, alongside integration with Fortinet’s Security Fabric including FortiManager, FortiAnalyzer, FortiSwitch, FortiOS, and FortiAP.
- Experienced in configuring Dell and Cisco Nexus core/distribution switches within complex stacked environments.
- Configured and managed Cisco Meraki infrastructure across a large‑scale enterprise environment.
- Managed corporate PKI certificate and SSL/TLS renewals using both local CA authorities and third-party providers such as Entrust and Sectigo.
- Designed, configured, and patched multi-site, multi-cluster and within a single datacenter Vmware vSphere environment for enterprise-grade virtualization.
- Monitored, designed and orchestrated more than 200+ VMs – virtual machines, optimizing and tightening up affinity groups tailor to meet the security requirements.
- Configured and monitored critical infrastructure using OP Manager and Arctic Wolf enterprise tool with SNMP and NetFlow for performance and reliability tracking.
- Performed the demotion of a Windows Domain Controller from the forest domain.
- Managed clustered Windows server pathing, Group Policy changing, DNS and DHCP re-establishing in a complex hybrid environment.
- Administered the Zscaler ZIA and ZPA in complex enterprise environment.
- Developed document, and maintain system administration policies, procedures, and related training materials.
- Produced enterprise architecture documentation (HLD, LLD, diagrams, risk analysis) using Visio and Lucidchart.
- Utilized enterprise business applications and portals such as Dashlane, Freshservice and ServiceNow, Broadcom online, Fortinet cloud, Artic Wolf, Meraki online, and more.
2024 — Present
IT Network and Infrastructure Architect
IT Architecture · Calgary, Canada
IT Consulting- Developed Cisco network training materials and delivered foundational training to senior IT Architects.
- Built network and azure architecture framework and templates for IT Architect’s client base.
- Advised IT Architects’ infrastructure architects on Cisco network design and deployment initiatives.
2022 — 2024
Senior Infrastructure & Network Analyst
Packers Plus Energy System Ltd. · Calgary, Canada
Oil & Gas- Designed, configured and administered Cisco Nexus NX 55xx/9300/9500. Switching over from old Cisco 3560 switches to the new Brocade/Ruckus ICX-7150 and ICX-8200 core switches, mastering Ruckus virtual Smart Zone environment.
- Architected and configured Ruckus wireless/radio access point technologies, and administration throughout the Ruckus Virtual Smart Zone single pain of glass for Ruckus devices.
- Administered and configured Cisco routers (IOS-XE, IOS, NX-OS), switches (IOS-XE, IOS, NX-OS) and Wi-Fi devices through Cisco DNA center as central and management software and defined and enforced security policies utilized Cisco ISE engine.
- Implemented and configured dynamic routing protocols such as OSPF, EIGRP and BGP in a complex enterprise network. Enhanced network reliability and performance by optimizing routing paths and ensuring seamless data flow across multiple sites.
- Investigated packets expanding SPAN/RSPAN and mirror ports capabilities on the network devices using Wireshark tool.
- Proficient in set up various network protocols, included DHCP, TLS, DNS, SSL, VTP, RSTP/RPVSTP, FHRP (HSRP, VRRP, GLBP), RSPAN, SPAN, mirroring, 802.1Q, EtherChannel (LAG, LACP, PAgP-cisco proprietary), DMVPN utilizing mGRE tunneling in a hub and spoke environment, GRE tunneling over IPsec, VXLANs, ADVPN, and more.
- Managed Cisco and Ruckus switch stacks in a multiple data center environment.
- Utilized SolarWinds infrastructure performance monitor tool, configured alerts to meet organization needs, and enabled real-time visibility into network health and performance.
- Managed enterprise IPsec VPNs (P2S and S2S) and IPS/IDS access control.
- Built, optimized, and patched VMware vSphere environments across multi-site and multi-cluster architectures, as well as standalone datacenters, for enterprise-grade virtualization reliability.
- Managed and secured multi‑site network environments by deploying and maintaining Palo Alto firewalls (physical and VNF) across on‑prem and cloud platforms, including VMware VeloCloud and Azure.
- Performed ongoing threat prevention, vulnerability scanning, PAN‑OS patching, and incident response using Palo Alto tools, Cortex XDR, Stratejm, and Wazuh SIEM to strengthen organizational security posture.
- Implemented Zero Trust principles and administered CrowdStrike Falcon to enhance endpoint protection, improve threat visibility, and safeguard sensitive data across hybrid work environments.
- Performed complex VM backup and restore operations using Druva, while troubleshooting issues and supporting mission‑critical datacenter environments.
- Developed and deployed network automation solutions using Python Netmiko library and PowerShell to monitor, export, and back up configurations on critical network infrastructure.
- Collaborated with clients and technical teams to resolve incidents and problems, leveraging ServiceNow for incident, problem, and change management workflows.
- Installed, configured, and administered Azure services including virtual networks, VMs, storage accounts, security controls, Cost Management, and Azure Advisor, while managing a multi‑tenant Azure AD/Entra ID hybrid environment.
2021 — 2022
Senior IT Project Engineer & Implementation Analyst
Compuvision System · Calgary, Canada
Managed Service Provider- Implemented and administered enterprise network infrastructure using Cisco routers, switches, ASA firewalls, Fortinet 60F/80F devices, Aruba switches, and HPE core platforms.
- Designed and managed core network services and protocols including DHCP, DNS, VLANs, STP variants, FHRP (HSRP/VRRP/GLBP), EtherChannel, DMVPN, GRE/IPsec, SNMP, SPAN/RSPAN, and more.
- Administered dynamic routing protocols such as OSPF, EIGRP, and BGP within complex multi‑site environments, including traffic analysis via SPAN/RSPAN and Wireshark.
- Deployed, configured, and centrally managed FortiGate and Palo Alto security solutions using FortiManager, FortiAnalyzer, and Panorama - centralised management tool, including: security policies, NAT/PAT, RA VPN & S2S VPN, ADVPN and PAN‑OS upgrades & pathes, application filtering, URL filtering, and more.
- Maintained detailed documentation, diagrams, and security-aligned configurations while following industry best practices, including Cisco wireless design and monitoring standards.
- Deployed, and maintained VMware ESXi and vCenter (6.5–7.x) clusters using HPE ProLiant DL380 servers, along with performing datacenter hardware and software installations.
- Executed advanced VM backup and recovery operations using Veeam B&R, and monitored multiple client infrastructure to ensure ongoing stability and performance.
- Utilized SolarWinds for infrastructure monitoring and alerting, and developed automation scripts in Python (Netmiko library) and PowerShell for configuration backups, monitoring, and operational efficiency.
- Supported incident, problem, and change management through ServiceNow, collaborated with clients and technicians for resolution, and maintained accurate documentation of configurations and environments.
2019 — 2020
Senior IT Network Specialist & Project Manager
Roaming Networks · Belgrade, Serbia
System Integrator- Designed, implemented, and administered enterprise network security infrastructure using Cisco and Huawei switches/routers, Palo Alto (with Panorama), and Check Point firewalls, including VPNs, IPS/IDS, and SSL/TLS services.
- Performed upgrades and lifecycle management across PAN‑OS, Panorama, Cisco and Huawei platforms, and Check Point software blades to maintain secure and stable operations.
- Led a successful datacenter migration project, overseeing relocation of servers, storage, and networking racks while executing a full testing plan to ensure minimal downtime.
- Monitored and optimized network performance using Cisco infrastructure, conducted packet‑level analysis (SPAN/RSPAN/Mirror) with Wireshark, and administered core protocols including DNS, DHCP, VLANs, VoIP, IPsec VPNs, and more.
- Strengthened security posture through vulnerability scanning, incident response, policy/NAT/VPN configuration, and centralized Palo Alto management via Panorama for multi‑site environments.
- Deployed and maintained VMware ESXi/vCenter (6.5–6.7) and Microsoft Hyper‑V virtualization clusters for corporate datacenters using HPE ProLiant hardware.
- Used SolarWinds to monitor infrastructure performance, built automation scripts with Python and PowerShell, resolved client incidents and problems, and kept documentation current.
2012 — 2019
Senior IT Infrastructure Network Specialist
Association of Serbian Insurers · Belgrade, Serbia
Government / Public Sector- Designed, implemented, and administered enterprise network‑security infrastructure using Cisco routers/switches, Palo Alto, and Cisco ASA, working with advanced technologies including IPS/IDS, Next‑Gen firewalls, SSL/TLS, VPN, VRRP, 802.1Q/802.1X, LAG/LACP, VTP, OSPF, EIGRP, BGP, MPLS, and L2/L3 VPNs, and more.
- Managed synchronous and asynchronous disaster‑recovery sites 300 km apart by performing infrastructure upgrades, applying patches, and executing recurring DR testing based on security policies and procedures.
- Maintained resilient inter‑site connectivity by deploying Cisco 3900 routers and configuring eBGP across multiple autonomous systems to ensure high availability and DR readiness.
- Configured security policies, NAT rules, and both point‑to‑point and client VPN solutions, while performing deep packet analysis via SPAN/RSPAN/Mirror ports using Wireshark.
- Led IT security functions including penetration testing (web and thick‑client), vulnerability assessments, risk analysis, and recommending mitigation strategies while operating Palo Alto and Cisco ASA firewalls in a multi‑site environment.
- Managed Windows and Office 365 environments, including AD, GPOs, file/remote services, Exchange on‑prem, LDAP/RADIUS authentication, clustering, and enterprise tape‑library backup systems.
- Installed and administered VMware ESXi/vCenter and Microsoft Hyper‑V environments, led datacenter migration projects, developed PowerShell automation for network operations, ensured regular patching, supported incident resolution, and maintained accurate documentation.
Credentials
Certified. Validated.
Recognised.
Professional Certifications
AZ-305
Azure Solutions Architect Expert
Microsoft
CCSE
Check Point Certified Security Expert
Check Point
NSE 1–3
Fortinet Network Security Expert
Fortinet
PANCNSP
Palo Alto Networks Certified Network Security Professional
Palo Alto
CCNP
Cisco Certified Network Professional: Core Enterprise
Cisco
VCP
VMware Certified Professional — NSX
VMware
TOGAF
Technology Architecture — Phase D
The Open Group
BTABOK
Business Technology Architecture Body of Knowledge
IASA
ISO 27001
Information Security Management System
ISO
CIPS - I.S.P.
Information System Professional
CIPS Canada
MCSE
Microsoft Certified System Engineer
Microsoft
Education
PhD Candidate
Ongoing
AI and Cybersecurity
Advanced Information Security Methods · Belgrade University
M.Sc.
2016
Network Security & Digital Forensics
Information Technology · Belgrade University
B.Sc.
2015
Project Management in Operational Automation
Engineering Management · Belgrade University
Key Platforms
Academic work.
Peer-reviewed.
Published Research · Architecture and governance magazine
Greencore data centers redefining AI and sustainability.
View PublicationPhD Program — Advanced Information Security Methods · Belgrade University
Publication expected in 2026 — link will be added upon release.Contact
Let's architect
your future.
Available for senior consulting engagements, infrastructure architecture advisory, and strategic infrastructure initiatives across North America and Europe.