Network Security Engineer · Boca Raton, FL

I build networks
that don't fail.

14+ years of enterprise networking and cloud security — from co-founding a wireless ISP outside Kyiv to architecting Zero Trust infrastructure for mid-market enterprises in the US.

Read my story Download resume LinkedIn
14+
Years in networking
Zero Trust
SASE / Cato Networks
AWS / EKS
Cloud infrastructure
MSc
Computer Systems Engineering
A
LinkedIn Profile Download Resume (PDF) andrii@example.com

About

Infrastructure engineer with a security-first mindset

I'm a network security engineer based in South Florida with over 14 years of hands-on experience spanning enterprise networking, cloud security, and identity infrastructure. My work lives at the intersection of connectivity and security — making systems faster, more resilient, and harder to compromise.

Before moving to the US, I co-founded a wireless ISP in the Kyiv suburbs, which remains one of the most formative experiences of my career: we built real infrastructure from the ground up, figured out routing on the fly, and learned what it means to own a network end-to-end. I carried that operator mindset into everything since.

Today I focus on Zero Trust / SASE architecture (Cato Networks), AWS/EKS security, Microsoft 365 / Entra ID, and endpoint security tooling — EDR, RMM, DLP. I lead proof-of-concept engagements, drive competitive displacements, and build Python/API automation that turns manual processes into repeatable infrastructure.

I hold an MS in Computer Systems Engineering and a background in physics from Kyiv National University. I care about systems that are understood deeply before they are operated confidently.

Zero Trust / SASE Cato Networks AWS / EKS Microsoft Entra ID Python / API Automation EDR / DLP Ruckus Wireless Hack The Box Penetration Testing VPC Flow Logs

Origin story

How a physics student became a network builder

The path from theoretical physics to enterprise network security isn't a straight line — but in retrospect, every step made the next one possible.

Early 2000s · Kyiv

Physics first — then the internet arrived

I started my undergraduate degree in physics at Kyiv National University, drawn to understanding how things work at a fundamental level. Then broadband internet hit the Kyiv suburbs. Neighbors needed connectivity. I got curious about how wireless links actually worked. That curiosity led somewhere unexpected.

Mid-2000s · Kyiv suburbs

Co-founding a wireless ISP — infrastructure from scratch

Along with a partner, I co-founded a wireless internet service provider serving the suburban Kyiv area. We designed the topology, sourced the radios, configured the routing — no playbook, just first principles. We were responsible for uptime for real customers who needed their connection to work. That experience crystallized something for me: networking isn't abstract. It's the infrastructure that everything else depends on.

Late 2000s · United States

Graduate school and the shift to enterprise

I relocated to the US to complete my MS in Computer Systems Engineering, which bridged the gap between the operator instincts I'd developed running the ISP and the formal systems knowledge needed to work at enterprise scale. I learned to think in architectures, not just configurations.

2010s · Enterprise networking

Building expertise across the enterprise stack

Over the next decade I accumulated deep hands-on experience across switching, wireless, firewall, identity, and eventually cloud. I ran competitive displacement projects, led Proof-of-Concept engagements, and built API-driven automation to eliminate the manual overhead that makes security teams slow. The through-line: understand the system at depth, then make it better.

Present · South Florida

Cloud security, Zero Trust, and what's next

Today I work at the convergence of network engineering and cloud security — Zero Trust architecture, Cato SASE, AWS/EKS, Microsoft Entra ID, and endpoint security. I run local AI inference for penetration testing research and work through Hack The Box to stay sharp on offensive techniques. The physics student from Kyiv is still asking: how does this actually work? What breaks? How do we build something that doesn't?

Experience

Career path

Network Security Engineer
Enterprise — South Florida
2018 – Present

Lead architect for Zero Trust / SASE deployments using Cato Networks. Manage AWS/EKS security infrastructure including VPC Flow Log analysis and security group remediation. Drive Microsoft 365 and Entra ID identity security initiatives. Built Python-based monitoring automation (Cato POP health tool) with Slack/email alerting via three-source API architecture. Lead PoC engagements and competitive network displacements.

Cato Networks / SASE AWS / EKS Microsoft Entra ID Python / API EDR / DLP / RMM VPC Flow Logs
Senior Network Engineer
Enterprise Infrastructure
2013 – 2018

Designed and managed enterprise wireless and LAN infrastructure. Led a competitive Meraki → Ruckus displacement at Cinch Home Services, leveraging Ruckus BeamFlex+, ChannelFly, DPSK3, and RUCKUS Analytics to solve density and roaming challenges. Developed structured PoC evaluation frameworks used across multiple customer accounts.

Ruckus Wireless Enterprise LAN Network Displacement PoC Leadership DPSK3
Network Engineer
Mid-market Enterprise
2010 – 2013

Managed switching, routing, and firewall infrastructure across multi-site enterprise environments. Built operational disciplines around network documentation, change management, and fault isolation. First role following graduate school — translated ISP-scale thinking into structured enterprise practice.

Switching / Routing Firewall Multi-site LAN Network Documentation
Co-Founder / Network Operator
Wireless ISP · Kyiv, Ukraine
2005 – 2008

Co-founded and operated a wireless broadband ISP serving suburban Kyiv. Designed wireless topology, configured routing and addressing from scratch, and managed end-to-end operations — customer support, billing, field installation, and uptime. The foundational experience that made everything else possible.

Wireless ISP BGP / Routing Network Design Operations Co-Founder

Writing

Professional articles

Practitioner-level writing on cloud security, Zero Trust architecture, identity governance, and the real-world tradeoffs of enterprise infrastructure decisions.

Identity 2025
Microsoft Copilot and the AI Governance Gap: What Security Teams Are Missing

Most M365 deployments expose sensitive data to Copilot before governance controls are in place. Here's what that looks like in practice — and how to fix it.
Zero Trust 2025
Entra Private Access for On-Prem AD: What Public Preview Gets Right (and What's Still Missing)

A hands-on evaluation of Microsoft's Global Secure Access for replacing traditional VPN access to on-premises Active Directory workloads.
AWS 2024
EKS Security Group Remediation at Scale: A Flow Logs-Driven Approach

How to extract actionable IP intelligence from VPC Flow Logs via CloudWatch Logs Insights, split it by scope, and drive security group cleanup without service disruption.
SASE 2024
Building a Cato POP Health Monitor: Three-Source Architecture with Slack Alerting

Why a single API source isn't enough for POP health visibility — and how combining CMA snapshot, accountMetrics, and StatusHub gives you real signal.
Endpoint Security 2024
What Zoho Assist Shell-Drop Patterns Actually Look Like in EDR Telemetry

A practical walkthrough of identifying remote-access tool abuse patterns — WMI activity, shell drops, process chains — without a SIEM, using EDR query alone.
Network Design 2023
Connectivity Debt: The Hidden Cost of Deferred Network Infrastructure Investment

A framework for quantifying and communicating the business risk of aging wireless and LAN infrastructure — useful for budget conversations with non-technical stakeholders.

Life outside work

The other stack

Engineering bleeds into everything. These are the places I find the same satisfaction outside of work — building, going fast, or understanding how things actually work.

🪁
Kiteboarding

South Florida is one of the best places in the country for it. There's something about reading wind and water conditions in real time that scratches the same itch as network troubleshooting — every session is different, nothing is deterministic, and the feedback loop is instant.

🏎
Enthusiast cars

Currently building out a 2026 VW GTI S — ceramic coating, paint protection film, and incremental mods. I like cars the same way I like networks: understanding them at the component level before touching anything, and making deliberate changes I can explain.

🔐
Hack The Box & red team research

I run a local AI inference stack on a Mac Mini M4 with Ollama for penetration testing research, remotely accessible on a security-first setup. Working through HTB challenges keeps offensive technique knowledge sharp — important for a defender who needs to think like an attacker.

🏃
Community running

Active in local South Florida running groups. Running is one of those rare activities where showing up consistently beats everything else — a useful reminder when debugging complex network issues that sometimes the answer is just methodical iteration.

⚛️
Physics (still)

The physics undergrad never fully left. I still revisit thermodynamics and electromagnetism through the Feynman method — relearning what I thought I knew until I can explain it to someone without using jargon. Relevant to optical communications, RF propagation, and more.

🔧
Home infrastructure & DIY

Lake Worth homeowner who would rather understand how an appliance or HVAC system works than call a technician to fix it. Same diagnostic instinct as network troubleshooting — isolate the variable, read the signal, test the hypothesis.

Get in touch

Let's talk infrastructure

Open to conversations about solutions engineering, network security architecture, and building things that scale. Reach out directly or connect on LinkedIn.

Send an email LinkedIn Resume (PDF)