AngelMedina

SENIOR NETWORK ENGINEER  ·  SECURITY  ·  AUTOMATION

summary.amedina.net - ssh angel@10.0.0.1
CompTIA A+ Network+ Security+ CIOS CSIS CCNA AWS CCP Enterprise Specialist (ENCOR) CCNP ENARSI
view experience → ↓ resume LinkedIn GitHub
Angel Medina
show status
experiencecalculating...
locationNew York, NY
network scalemultisite / 14,000 users
certificationsSpecialist / Sec+ / AWS
automationPython / Netmiko / APIs
monitoringSolarWinds / 7Signal / CCC
ticket resolution#1 dept / top 5 university
pursuingENARSI (Jun 2026)

CAREER

Experience

Senior Network Engineer Pace University Sep 2025 – Present
  • Leading enterprise infrastructure modernization, replacing legacy Catalyst 2960X/S with standardized 9300 stacks, validating golden images, and executing minimal-downtime migrations
  • Primary escalation point for outages, conducting root-cause analysis and driving long-term stability improvements
  • Manage Firepower FTD/FMC in production: NAT/PAT rule creation, object and object-group management, firewall policy edits, and event log analysis for security troubleshooting
  • Administer Cisco ISE for network access control: profiling-based authorization profile tuning, SGT tag creation and assignment, and log-based 802.1X troubleshooting across wired and wireless clients
  • Led OSPF redistribution project for a new building, using prefix lists and route maps to set cost-based ISP preference with automatic failover to secondary ISP
  • Supporting Cisco ACI Multi-Site operations alongside senior engineers, including fabric discovery observation and APIC dashboard reviews of tenants, EPGs, and contracts
  • Manage Cisco TAC escalations for complex hardware and software issues, coordinating RMAs and working cases through to resolution
  • Producing Visio documentation for physical rack layouts, L2/L3 topology, WAN interconnects, and site-to-site connectivity to support audits and troubleshooting
  • Performing advanced wireless optimization using 7Signal and AirMagnet, identifying RF gaps and improving coverage across high-density buildings
Catalyst 9300/9400/9500Cisco ACI / APIC Firepower FTD/FMCAirMagnet / 7Signal Microsoft VisioRoot Cause Analysis
Network Engineer Pace University Apr 2023 – Aug 2025
  • Managed network infrastructure for 14,000+ students across 3 campuses: 9800 WLCs, 2,000+ APs, 260 switch stacks (800+ switches), Cisco ISE/802.1X, Firepower 9000, and Catalyst Center
  • Led multi-campus AP refresh replacing legacy 2602/2702 models with 9120/9130/9164/9166 across all sites; managed AP onboarding, renaming, site assignment, and RF profile configuration in CCC
  • Performed wireless client troubleshooting using radioactive traces, RF profiles, and RRM data to resolve roaming and coverage issues across high-density environments
  • Administered Cisco ISE for 802.1X and MAB: managed profiling policies, adjusted authorization profiles for troubleshooting, created and assigned SGT tags, and analyzed logs for auth failures
  • Developed Python/Netmiko automation reducing deployment time by 70%+, including bulk compliance checks, AAA standardization, config backups, and Jinja2-templated switch deployments
  • Built production Python scripts querying the Cisco Catalyst Center API for device inventory, user data, and compliance reporting across all campuses
  • Designed VLAN configurations in collaboration with departments to meet business needs and security policies
  • Presented network performance, security, and availability reports to senior leadership with actionable recommendations
Cisco 9800 WLCISE / 802.1X Firepower 9000Catalyst Center OSPF / BGP / VRFPython / Netmiko Jinja2 TemplatesCoPP / SISF
Technical Support Specialist Pace University Aug 2021 – Mar 2023
  • Ranked #1 in ticket resolution across Westchester and Haub Law campuses
  • Collaborated with IT leadership to standardize device imaging workflows and implement security initiatives
  • Provided technical support for administrative and academic users covering hardware, software, and peripherals; met with clients on-site to diagnose and resolve issues
  • Managed Windows and macOS deployments using SCCM, JAMF, Active Directory, and Group Policy across classroom and lab environments
SCCMJAMF Active DirectoryGroup Policy Technical Docs

WORK

Projects & Labs

bash - projects_and_labs
Lab Portfolio

6 labs covering OSPF multi-area, EIGRP, BGP, redistribution, PBR, DHCP snooping/DAI, GRE, multicast, IP SLA failover, and AAA - built in Cisco Modeling Labs for ENCOR/ENARSI study and production scenario practice.

6 labs ENCOR / ENARSI CML
● 3 in progress · 3 planned
</>
Network Automation Scripts

Python/Netmiko scripts for enterprise switch compliance checks, TACACS server updates, and Catalyst Center API queries. Deployed in production across 800+ switches.

● production / github
Device Lookup Tool

Internal web app built on the Cisco Catalyst Center API. IT staff and helpdesk can look up any device by MAC address or IP to retrieve user info, connected switch, port, and location replacing manual CLI lookups across 800+ switches.

● complete / pending deployment

TECHNICAL

Skills & Tools

Routing & Switching
  • OSPF (multi-area, redistribution)
  • BGP (iBGP/eBGP, RR, confederations)
  • EIGRP (named mode, UCMP)
  • VLAN, VRF, STP, HSRP
  • PBR, QoS (lab)
  • Catalyst 9000 series
Wireless
  • Cisco 9800 / 8510 WLC
  • FlexConnect / Local Mode
  • AP series 9120/9130/9164/9166
  • Site surveys (NetScout AirCheck G2)
  • 7Signal sensors and agent monitoring
  • AirMagnet / RF optimization
Security
  • Cisco ISE (802.1X, MAB, TACACS+)
  • Firepower FTD / FMC
  • CoPP / SISF / TrustSec
  • Cisco ACI / APIC
  • Duo MFA with AnyConnect VPN
Automation & Dev
  • Python / Netmiko
  • Jinja2 templates
  • NETCONF / RESTCONF
  • Cisco Catalyst Center API
  • EEM / Guestshell
Management
  • Cisco Catalyst Center (CCC)
  • SolarWinds
  • Cisco Prime
  • Wireshark / Nmap
  • SCCM / JAMF / Active Directory
Labs & Study
  • Cisco Modeling Labs (CML)
  • EVE-NG
  • INE Premium / Skill Dive
  • Boson NetSim
  • GNS3
// CERTIFICATIONS - click to verify
Cisco Certified Specialist - Enterprise CoreAPR 2026 · exp Apr 2029
AWS Certified Cloud PractitionerAUG 2025 · exp Aug 2028
CompTIA Security+OCT 2023 · exp Oct 2026
Cisco CCNAJUN 2023 · exp Apr 2029
CompTIA Network+NOV 2022 · exp Oct 2026
CompTIA A+NOV 2020 · exp Oct 2026
CompTIA IT Operations Specialist (CIOS) StackableNOV 2022 · exp Oct 2026
CompTIA Secure Infrastructure Specialist (CSIS) StackableOCT 2023 · exp Oct 2026
Cisco CCNP ENARSI 300-410 target Jun 6, 2026IN PROGRESS

EDUCATION

Academic Background

M.S. Cybersecurity
Pace University - Seidenberg School
December 2023
B.S. Information Technology
Pace University - Seidenberg School
May 2022
A.S. Cybersecurity
SUNY Westchester Community College
May 2020

WRITEUPS

Blog & Notes

TROUBLESHOOTING
Diagnosing SISF CPU Spikes on Catalyst 9200L After CCC Provisioning

After provisioning Catalyst 9200L switches through Cisco Catalyst Center, we started seeing CPU hit 100% driven by the SISF-switcher process. The switches became sluggish and management was intermittently unreachable. These were among the only 9200L models in our environment, so it took a while to isolate.

Root cause: the default device-tracking policy was tracking every host it saw on every port - including AP trunk ports carrying broadcast traffic from hundreds of wireless clients and the uplink. The switch was trying to create binding table entries for everything, which hammered the SISF-switcher process.

Fix: created a new DT trunk policy with device-tracking policy DT_TRUNK_POLICY / device-role switch, applied it to all trunk/uplink interfaces. Also disabled IPv6 tracking across all DT policies since we don't run IPv6. CPU dropped immediately back to normal. Deployed the fix as a Day-N CLI template in CCC so all future 9200L provisioning gets it automatically.

APR 2024 · CATALYST 9200L · SISF · CCC DAY-N TEMPLATE
AUTOMATION
Building a Network Device Lookup Tool with the Catalyst Center API

Helpdesk tickets often come in with just an IP address or MAC and no other context. To speed up resolution, I built an internal web app using the Cisco Catalyst Center API that lets anyone on the IT team look up a device instantly - enter an IP or MAC and get back the connected switch, port, VLAN, device type, and user info. No CLI access required, no waiting on the network team for basic lookups. Built with Python on the backend querying the CCC REST API, with a simple web frontend anyone can use. Pending internal deployment.

2024 · CATALYST CENTER API · PYTHON · INTERNAL TOOLING
AUTOMATION
Standardizing 215 Switch Stacks with Netmiko - Security, STP, and VLAN Cleanup

Over time, network configs drift. VLANs get created and forgotten, security settings go stale, and STP best practices get skipped during rushed deployments. I wrote a Python/Netmiko script to audit and remediate over 215 switch stacks across our three campuses in one push.

Changes deployed: updated passwords and encryption to meet current security standards, removed legacy weak hashing, enabled login banners and hardened VTY lines. For STP, enabled Rapid PVST+, configured Root Guard on all downlinks, and enabled BPDU Guard on access ports. For VLANs, pruned all unnecessary VLANs from trunk uplinks - both legacy networks that no longer existed and new VLANs that had no presence on those switches.

What would have taken weeks manually was done in hours. The same script now runs as part of our standard switch onboarding process.

2024 · PYTHON · NETMIKO · STP · VLAN CLEANUP · 215 STACKS

GET IN TOUCH

Contact

Open to conversations about network engineering, enterprise security, or career opportunities. Drop a message or connect directly.

Message sent. I'll get back to you soon.
LinkedInlinkedin.com/in/angel-medina-us GitHubgithub.com/amedinaus Emailangel.medina.us@gmail.com