Network Engineer · Hybrid Cloud Specialist
CCNP-certified network engineer specializing in hybrid cloud connectivity for healthcare environments. BGP route policy, IPSec tunnels, and Terraform-provisioned infrastructure across AWS and Azure.
AWS SAA in progress
I design and operate hybrid cloud infrastructure at the layer where enterprise networking meets AWS. That means BGP route policy, IPSec tunnels, VPC architecture, and the segmentation decisions that determine whether on-premises systems can reach cloud resources safely.
For the past several years I have been doing this work in healthcare environments where the connectivity I maintain is part of clinical infrastructure. My CCNP background gives me a foundation in routing and switching that shapes how I approach cloud networking problems, because the protocol stack does not change just because the hardware is virtual.
Every project on this website was built with Terraform against real AWS infrastructure. The live BGP lab below runs continuously inside micro EC2 instances. The others were provisioned, validated, and documented before teardown. Reproducible from state at any time.
All labs built with Terraform. All code is reproducible and publicly available.
Two FRR routers peered over an IPSec tunnel, running continuously in AWS. This is the exact protocol stack behind AWS Direct Connect: eBGP over encrypted transport, route advertisements flowing between autonomous systems. Query the live session using the terminal.
AS 65001 ←── eBGP / TCP 179 / IPSec ──→ AS 65002
IKEv2 IPSec tunnel between two AWS VPCs using strongSwan, simulating a production hybrid environment. Encrypted connectivity established, routes propagating across the tunnel, and end-to-end reachability verified between the networks.
View on GitHub →Hub-and-spoke topology across three VPCs: Shared Services at the center, Prod and Dev as isolated spokes. Each spoke reaches shared resources. They cannot reach each other. This is the standard segmentation pattern for enterprise-scale AWS environments.
View on GitHub →Production-grade fault tolerance: ALB distributing traffic across an Auto Scaling Group in two Availability Zones, with Multi-AZ RDS in private subnets. Failover tested by terminating instances and verifying automatic recovery.
View on GitHub →A parameterized Terraform module that provisions a complete VPC from a single definition. Instantiated with different inputs for prod and dev, eliminating configuration drift between environments. This is the pattern used in production IaC at scale.
View on GitHub →VPC Flow Logs piped to CloudWatch with custom Logs Insights queries for detecting rejected connections, unusual traffic patterns, and lateral movement. Rejection alarms and a live dashboard built for real incident investigation, not just log storage.
View on GitHub →Writing on cloud networking, infrastructure, and the work behind the portfolio.
From a Cardano stake pool on Linode to hybrid cloud infrastructure at scale. The journey from enterprise networking to cloud, and why 2026 is the right time to go deeper.
Read article →Most engineers have read about BGP. I wanted to show it. What building a queryable live routing lab in AWS taught me about the gap between certifications and production networking.
Read article →Have a question or want to connect? Let's talk.