✓ CCNA
▶ CCNP Security – SCOR
○ SNCF
○ CCIE Security
904
Static Routes Migrated
210
Switches Automated
38
WLC CPU ACL Rules
7
Devices in OSPF Overhaul
BigLeaf
SD-WAN
SD-WAN
Dual ISP HA
FTD 4110
→ 4215
→ 4215
HA Firewall
Core L3
Switches
Switches
OSPF Migration
WLC
NY-WYCKOFF
NY-WYCKOFF
CPU ACL v2
NPS / MDM
EAP-TLS
EAP-TLS
802.1X
RapidAI
Cluster
Cluster
3-Node On-Prem
Experience
Network Engineer & Team Lead
2022 – Present
Wyckoff Heights Medical Center · Brooklyn, NY
- Sole network engineer — owns routing infrastructure, wireless, security, and automation end-to-end for a full-scale hospital environment
- OSPF Migration: Architecting a 904 static-route overhaul across 7 devices into a full OSPF domain (Phases 0–2), with transit VLAN 196 and conflict-resolution across biomedical systems (HILLROM)
- Firewall: Managing Cisco Firepower/FTD environment; leading procurement of FTD 4215 HA pair upgrade; authored 60-hour ACL optimization scope covering 627 existing rules
- WLC Security: Deployed CPU-ACL-V2 (38 rules) on NY-WYCKOFF-WLC-1 protecting the wireless LAN controller control plane from unauthorized access
- Network Automation: Built Netmiko-based serial collection, TAC documentation, and parallel ACL modification scripts targeting ~210 switches; integrated Claude Code + CML via MCP on Ubuntu 24.04 automation VM
- HIPAA Compliance: Maintains security posture across Firepower and Checkpoint; conducted vendor evaluation producing CIO-ready recommendations
- SD-WAN: Deployed Avaya SBC + BigLeaf dual-ISP HA solution; documented VLAN topology (850, 995–998) and managed change control lifecycle
- Zero Trust / PKI: Configured NDES/SCEP static passwords for MDM integration; resolved EAP-TLS auth failures across WLC + NPS + Samsung MDM stack; leading SSL certificate deployment for guestwifi.wyckoffhospital.org
- Clinical Systems: Onboarded RapidAI 3-node on-prem cluster (VIP 10.204.50.45) with SSL bypass and URL whitelisting; integrated Trend Micro Vision One data ingestion framework
- Built and owns WHMC’s Change Management process including a 10-section fillable PDF change control form with 5-approver workflow
Key Projects
Static → OSPF Migration
Eliminating 904 static routes across 7 devices. Full 3-phase project plan with Excel routing overview, VLAN 196 transit design, and vendor timeline deconfliction.
WLC CPU ACL V2
Designed and deployed 38-rule ACL on NY-WYCKOFF-WLC-1 to protect the controller control plane. Catch-all permit→deny change pending maintenance window.
FTD 4215 HA Upgrade
Led procurement and vendor evaluation for Firepower 4110→4215 HA pair. Authored CIO-ready Word doc recommending Driven Tech; includes 60-hr ACP optimization scope.
NetDevOps Automation
Python automation suite: parallel ACL deployment to ~210 switches, serial inventory harvester with fallback parsing, TAC doc collector. Claude Code + CML MCP integration on Ubuntu VM.
BigLeaf SD-WAN HA
Dual-ISP failover with Avaya SBC integration. Documented switch port topology across VLANs 850, 995–998. Active monitoring of primary ISP flapping with validated failover.
RapidAI Cluster Onboarding
Deployed 3-node on-prem AI inference cluster (VIP .50.45) with hybrid cloud architecture. Configured SSL bypass and URL whitelisting on FTD for clinical AI workloads.
Change Management Overhaul
Built WHMC’s change control process from scratch — 10-section fillable PDF, 5-approver workflow (Systems, Helpdesk, Network, CIO), and supporting documentation framework.
EAP-TLS / NDES / SCEP
Resolved 802.1X auth failures across WLC + NPS + Samsung MDM stack. Configured NDES/SCEP static password for certificate-based MDM enrollment.
Skills & Tools
Routing & Switching
OSPFBGPSTPVLANsL3 DesignStatic Routing
Security
Cisco Firepower/FTDCheckpointACL802.1XEAP-TLSHIPAA
Wireless
Cisco WLCEkahauSSID DesignRF SurveyingNPS
Automation
PythonNetmikoNAPALMNornirAnsibleClaude Code
Infrastructure
ProxmoxCMLUbuntuWSL2SD-WANPKI/NDES
PKM & Documentation
ObsidianOneNoteTodoistGitHubZettelkasten
Content & Community
NETWIT
Learn, Do, Teach! — Healthcare network engineering in public