Vahagn Madatyan

Vendor-agnostic ACL and firewall rule analysis with shadowed rule detection, overly permissive rule identification, unused rule discovery, redundant rule flagging, and rule ordering optimization. Covers ACLs (Cisco/JunOS/EOS) and firewall policies (PAN-OS/FortiGate/CheckPoint).

Arista EOS device health check and triage procedure. Use when troubleshooting Arista 7000, 7500, or 720X series switches — assessing CPU, memory, interfaces, environment, and agent/daemon health. Covers MLAG state validation and VXLAN/EVPN health as data center extension steps. EOS is Linux-native — standard Linux diagnostics (bash top, df, dmesg) are valid troubleshooting tools alongside EOS show commands. Includes agent health monitoring via show agent for EOS-specific daemon failure detection.

AWS VPC networking audit covering CIDR architecture, Security Group and NACL rule analysis, Transit Gateway connectivity, VPC Flow Log forensics, Route Table validation, and ENI/EIP resource optimization using read-only AWS CLI commands.

Azure VNet networking audit covering address space design, NSG rule evaluation, Azure Firewall policy analysis, ExpressRoute and VPN Gateway connectivity, VNet Peering topology, and UDR validation using read-only Azure CLI commands.

BGP protocol analysis with peer state diagnosis, path selection verification, route filtering validation, and convergence assessment. Multi-vendor coverage for Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS with protocol-first diagnostic reasoning.

Pre/post change verification with baseline capture, diff analysis, and rollback decision guidance across Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS. Structured around a single change event lifecycle — before, during, and after — with impact classification and rollback criteria.

Check Point R80+/R81.x rulebase layer analysis with blade activation audit, SmartConsole management plane validation, NAT policy review, identity awareness assessment, and compliance verification. Systematic layer-by-layer evaluation for Check Point Security Gateways managed via Management Server or Multi-Domain Server (MDS).

CIS benchmark compliance assessment for network infrastructure devices. Maps device configuration against CIS benchmark controls organized by Management Plane, Control Plane, and Data Plane categories across Cisco IOS, PAN-OS, JunOS, and Check Point platforms. References control IDs for traceability without reproducing copyrighted benchmark content.

Cisco IOS-XE and NX-OS device health check and triage procedure. Use when troubleshooting Cisco routers, switches, or Nexus platforms — assessing CPU, memory, interfaces, routing, and environment. Covers both IOS-XE (ISR, ASR, Catalyst 9K) and NX-OS (Nexus 3K/5K/7K/9K) with platform-specific commands, thresholds, and decision trees that account for IOS-XE QFP/RP architecture and NX-OS VDC isolation.

Dual-platform Cisco ASA and Firepower Threat Defense (FTD) firewall audit with ACL analysis, NAT policy validation, Modular Policy Framework / Access Control Policy evaluation, Snort IPS assessment, VPN configuration review, and logging completeness verification.

Cross-cloud security posture assessment covering IAM analysis, encryption audit, and public exposure detection across AWS, Azure, and GCP using [AWS]/[Azure]/[GCP] inline labels for provider-specific commands.

Configuration backup, drift detection, and golden config validation across Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS. Covers running vs startup comparison, config archival, section-level drift analysis, and compliance validation for ongoing configuration assurance.

EIGRP DUAL algorithm analysis with successor/feasible successor evaluation, stuck-in-active diagnosis, K-value validation, and redistribution loop detection. Cisco IOS-XE and NX-OS dual-platform coverage with protocol-first diagnostic reasoning for classic and named EIGRP modes.

Cisco IOS-XE device health check and triage procedure. Use when troubleshooting Cisco IOS-XE routers or switches, checking CPU utilization, memory usage, interface error counters, routing table health, or performing rapid device triage during an outage. Covers show commands, threshold interpretation, escalation decision trees, and structured report output for handoff.

FortiOS VDOM segmentation audit with UTM profile binding validation, FortiGuard service health assessment, SD-WAN security evaluation, and HA cluster posture check. Systematic per-VDOM policy analysis for FortiGate appliances and FortiGate-VM instances.

Fortinet FortiSASE audit — Secure Web Gateway policy review, ZTNA application gateway assessment, thin edge FortiGate integration validation, SD-WAN security overlay analysis, FortiClient endpoint compliance verification, and cloud security posture evaluation across FortiSASE tenants.

GCP VPC Network audit covering global VPC design, firewall rule priority evaluation with hierarchical policies, Cloud NAT egress analysis, Cloud Interconnect and Shared VPC connectivity, Cloud Router BGP validation, and resource optimization using read-only gcloud CLI commands.

Incident response process management following the NIST 800-61 lifecycle. Covers severity classification, escalation matrices, role assignment, communication management, phased recovery coordination, blameless post-mortem facilitation, and 5-whys root cause analysis. Scoped to the process and coordination layer — for network-level evidence collection and forensic analysis, use incident-response-network instead.

Network forensics evidence collection and analysis during security incidents. Guides volatile evidence preservation, lateral movement detection via flow records and ARP/MAC/CAM table analysis, and read-only containment verification across Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS. Scoped to network artifacts only — packet captures, flow data (NetFlow/sFlow/IPFIX), forwarding tables, routing state, and device logs. Not general incident response, endpoint forensics, or malware analysis.

Interface and link health assessment with error counter analysis, optical power monitoring, discard diagnosis, and utilization trending. Multi-vendor coverage for Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS with severity-tiered thresholds for physical and data-link layer metrics.

IP Address Management and DNS record reconciliation audit covering subnet utilization analysis, DNS forward/reverse consistency, IP conflict detection, and DHCP scope health. Platform-agnostic with references to common IPAM implementations. Uses the reconciliation procedure shape — IPAM source extraction, live discovery, diff analysis, and remediation reporting.

IS-IS protocol analysis with adjacency diagnosis, LSPDB analysis, level 1/2 routing validation, and NET address verification. Multi-vendor coverage for Cisco IOS-XE, Juniper JunOS, and Arista EOS with protocol-first diagnostic reasoning.

Juniper JunOS device health check and triage procedure. Use when troubleshooting Juniper MX, SRX, EX, QFX, or PTX platforms — assessing Routing Engine health, Packet Forwarding Engine state, chassis alarms, system resources, and environment. Covers dual-RE failover detection, alarm severity triage, PFE statistics analysis, and commit-correlated diagnostics. Procedure begins with RE mastership verification — health data from the wrong RE produces incorrect assessments.

Monitoring infrastructure assessment covering Grafana dashboard analysis, PromQL query validation, alert rule evaluation, SLA/SLO reporting review, and Prometheus data source health checks for network operations environments.

Device-level network log analysis using raw syslog data without SIEM platforms. Guides forensic timeline construction from rsyslog/syslog-ng collectors, device console logs, and SNMP trap data. Covers syslog pattern recognition across Cisco IOS-XE, Juniper JunOS, and Arista EOS message formats, multi-device event correlation using grep/awk/sort, anomaly detection via baseline deviation, and chronological timeline reconstruction with NTP-aware timestamp normalization.

Iterative network topology discovery using CDP/LLDP neighbor protocols, ARP/MAC table correlation, and routing table analysis. Multi-vendor coverage for Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS with layer-by-layer map building from L2 adjacency through L3 routing boundaries.

NIST Cybersecurity Framework (CSF) and SP 800-53 Rev 5 compliance assessment for network infrastructure. Maps device configuration against 6 control families with direct network device relevance — Access Control (AC), Audit and Accountability (AU), Configuration Management (CM), Identification and Authentication (IA), System and Communications Protection (SC), and System and Information Integrity (SI). Focuses on CSF Protect (PR) and Detect (DE) functions for network security posture assessment.

OSPF protocol analysis with adjacency diagnosis, area design validation, LSA interpretation, and SPF convergence assessment. Multi-vendor coverage for Cisco IOS-XE, Juniper JunOS, and Arista EOS with protocol-first diagnostic reasoning.

PAN-OS zone-based security policy audit with App-ID/Content-ID analysis, Security Profile Group validation, zone protection assessment, and decryption policy review. Systematic rule-by-rule evaluation for Palo Alto Networks PA-series and VM-series firewalls.

Palo Alto Prisma Access SASE audit — security policy evaluation for mobile users and remote networks, GlobalProtect Cloud Service configuration review, service connection validation, threat prevention profile assessment, and Strata Cloud Manager posture analysis across Prisma Access tenants.

Network-security-focused SIEM log analysis across Splunk, ELK, and QRadar platforms. Guides forensic timeline construction from network device syslog events — firewall denies, authentication failures, configuration changes, interface events, VPN tunnel state, and lateral movement indicators. Provides platform-independent diagnostic reasoning with platform-specific query syntax using [Splunk]/[ELK]/[QRadar] inline labels.

Network source-of-truth reconciliation audit comparing intended state in [NetBox] or [Nautobot] against live network discovery results. Uses [NetBox]/[Nautobot] inline labels where API patterns diverge. Focuses on reconciliation methodology, gap classification, and data quality scoring.

IPSec/IKE VPN troubleshooting with IKE state machine diagnosis, crypto parameter verification, and tunnel health assessment. Multi-vendor coverage for Cisco IOS-XE, Juniper JunOS, Palo Alto PAN-OS, and FortiGate FortiOS with FSM-driven diagnostic reasoning.

CVE assessment and CVSS v3.1 scoring for network infrastructure devices. Maps running software versions to known vulnerabilities via NVD and vendor advisories, classifies risk by severity, network exposure, and exploit availability, and generates prioritized remediation plans with SLA-driven timelines.

Wireless network security audit covering SSID policy, 802.1X/EAP validation, WPA3 encryption assessment, rogue AP detection, and RF security posture across Cisco WLC, Aruba, and Meraki wireless controllers. Systematic audit from SSID inventory through authentication, rogue AP, and RF assessment to final report.

Zero trust architecture maturity assessment with five-pillar scoring rubric. Evaluates identity, device, network, application, and data pillars against a five-level maturity model grounded in NIST SP 800-207 ZTA tenets. Produces a posture score, gap analysis, and prioritized remediation roadmap.

Zscaler Internet Access and Private Access SASE policy audit — URL filtering policy analysis, SSL inspection coverage validation, Cloud Firewall rule assessment, ZPA application segment review, access policy evaluation, and connector health verification across ZIA and ZPA tenants.