NET-04 · EXPERIENCE

I design, segment, and secure Cisco networks and firewalls

I build and clean up the network layer that everything else depends on. That means Cisco IOS and Catalyst switching, Firepower firewall policy, VLAN and segmentation design, ACLs, and site-to-site VPN that actually holds. I work to published standards and I never touch production without a written change plan and a rollback ready to go.

Open a line All experience

01 · What I do

The actual work

Design VLANs and segmentation so the right traffic talks and the rest is walled off, including voice, management, and guest separation
Write and audit ACLs on switches and routers, then test them against the access you actually want to allow
Build and operate Cisco Firepower policy: rule sets, NAT, inspection, and logging that a SOC can read
Stand up and troubleshoot site-to-site VPN tunnels, including phase mismatches, MTU, and routing through the tunnel
Run segmentation reviews to find flat networks, overly broad rules, and paths that should not exist
Harden switch and firewall configs against DoD STIG and NIST 800-53 baselines, not just defaults
Document the topology, rule intent, and change history so the next person is not guessing

02 · What you get

What you are left with

A segmented network with clear zones and rules you can explain to an auditor
Firewall and ACL policy that matches intent, with the dead and duplicate rules cleaned out
Working, documented site-to-site VPN tunnels and the notes to troubleshoot them later
Configs measured against DoD STIG and NIST 800-53, with findings and fixes written down
A topology and change record so your team owns the network instead of fearing it

03 · Tools and knowledge

What I work with here

Cisco IOS
Cisco Catalyst switching
Cisco Firepower (FMC and FTD)
VLANs and 802.1Q trunking
Access control lists (ACLs)
Site-to-site IPsec VPN
Network segmentation and zoning
DoD STIG and NIST 800-53 network baselines

04 · How I approach it

Planned, scoped, and owned

It starts with a 30-minute scoping call and a same-day written fit assessment so we both know what we are dealing with before any quoting. Before I change anything in production, I write an ordered change plan with the exact commands, the validation gates, and a rollback, and I confirm who owns that rollback. Network changes break things quietly, so I cut over inside a defined window, validate against those gates, and keep the previous config staged the whole time. If a gate fails, we roll back instead of pushing forward and hoping.

Credentials and standardsMy Cisco CCNA covers the switching, routing, ACL, and VPN work directly, and my CCNP Collaboration means I have run Cisco gear deep enough to handle voice VLANs and QoS, not just the basics. CompTIA Security+ plus working knowledge of DoD STIG and NIST 800-53 is why segmentation and firewall hardening are part of the design from the start, not a bolt-on at the end.

05 · Questions

Good questions, straight answers

Can you work on a live network without taking us down?

Yes. That is the point of the change plan and the rollback. I schedule the work in a defined window, validate each step against gates, and keep the prior config ready so a problem is a quick revert, not an outage of unknown length.

Do you do Firepower, or only IOS switching?

Both. I handle Catalyst and IOS switching and routing alongside Firepower firewall policy, NAT, VPN, and logging, so the switch, ACL, and firewall layers are designed to agree with each other instead of fighting.

Can you just review what we already have instead of rebuilding it?

Yes. A segmentation and config review is a common starting point. I check the topology, VLANs, ACLs, and firewall rules against your intent and against DoD STIG and NIST 800-53, then hand you a written list of what to fix and why.

06 · Related experience

Adjacent work I do

Need this handled?

Tell me what you are trying to move and where it is stuck. A few sentences is plenty to start, and it goes straight to my inbox.

Open a line