sysadmin@secure-net:~$ whoami
Defending networks, securing infrastructure, and building robust defenses.
Hello! I'm Aayush Sojitra, a Network Security Engineer specializing in designing, configuring, and securing network infrastructures. I am passionate about defending corporate environments against emerging cyber threats.
My expertise lies in translating foundational networking principles—such as routing, switching, and VLAN segmentation—into robust security architectures. I utilize industry-leading tools like Cisco network devices and Palo Alto Next-Generation Firewalls to establish secure, high-performance environments.
Whether configuring a Router-on-a-Stick for corporate networks or implementing strict access control policies, my goal is always to deliver network solutions that are secure, efficient, and fully functional.
root@sec-ops:~# ./check_status.py
Status: Highly Motivated
Clearance: Level 1 (Entry/SOC)
Objective: Secure global networks
Availability: Ready for Deployment
root@sec-ops:~# _
A complete corporate network redesign focusing on effective department security and reliable routing.
Problem: Soft Tech Company needed a scalable network that could handle efficient routing while securely isolating sensitive departments, like HR, from unauthorized access.
Solution: Engineered a resilient network using OSPF for routing, Router-on-a-Stick for controlled inter-VLAN communication, and Access Control Lists (ACLs) to enforce security policies.
Configuration Steps:
Result: Delivered a highly secure and segmented corporate network that ensures both overall connectivity and strict departmental privacy.
Problem: The company's network lacked advanced threat prevention and proper segmentation between internal devices and the public internet.
Solution: Deployed a Palo Alto Next-Gen Firewall to define secure zones and actively inspect traffic for malware and unauthorized access.
Steps: Configured trusted and untrusted security zones, created security rules for internet access, applied NAT policies, and enabled security profiles like Antivirus scanning.
Result: Successfully secured the internal network from external threats while gaining clear visibility into application layer traffic.
Problem: Two physical branch offices needed a way to securely share internal company data over the public internet without the risk of interception.
Solution: Established a secure IPsec Site-to-Site VPN tunnel to encrypt all traffic passing directly between the edge routers of both branches.
Steps: Configured IPsec parameters (IKE Phase 1 & Phase 2), used ACLs to define which traffic should be encrypted, and applied the configuration to the external interfaces.
Result: Enabled seamless and secure communication between branch locations, successfully protecting sensitive corporate data from eavesdropping.
Problem: Needed to understand how attackers scan and map out networks in order to build more effective defensive strategies.
Solution: Set up a secure lab environment to simulate reconnaissance attacks and implement active firewall countermeasures to block them.
Steps: Performed target scanning using Nmap to identify open network ports, analyzed the scanning traffic patterns, and configured firewall rules to automatically drop connections from the attacking IP.
Result: Gained valuable insight into real-world threat actor behaviors, improving incident response times and firewall rule tuning.
Problem: Network anomalies were causing slow performance and raising concerns about unencrypted, insecure data transfers.
Solution: Utilized Wireshark to capture and analyze live network traffic to identify the exact root cause of the issues.
Steps: Configured port mirroring (SPAN) to safely capture traffic. Filtered the captured packets to investigate TCP connection issues and uncover unencrypted web traffic.
Result: Pinpointed the network bottlenecks and successfully validated the need to transition to encrypted protocols to protect user credentials.
Problem: The organization was using a flat network, meaning an infected device or an unauthorized guest could potentially access the entire company's data.
Solution: Subdivided the main network into separate VLANs for different user groups, establishing logical security boundaries.
Steps: Assigned dedicated VLANs for Sales, IT, and Guests. Configured trunk links between switches to carry the separated traffic, and verified strict isolation within the network.
Result: Significantly contained network traffic and minimized security risks by ensuring guests and departments remained in their proper zones.
GNS3 | EVE-NG | Real Cisco Devices
Extensive hands-on practice designing and configuring realistic enterprise network topologies. I routinely build and manage simulated environments to practice deploying routing protocols (OSPF, EIGRP), handling network outages, and executing complex security scenarios.
Continuous Development via Projects
Dedicated hundreds of hours to building practical security projects. From configuring Palo Alto firewall policies and secure VPN tunnels, to tracking network behavior with Wireshark. I am also continuously exploring tools like Python to automate network deployment.
Completed
Routing & Switching - Done
Implementation - Done
Configuration - Done
Configuration - Ongoing
I'm currently an entry-level Network Security Engineer actively seeking opportunities in security and networking. Let's discuss how I can contribute to your team.