Systems security · Network architecture · Infrastructure modernization

David Nicola

Consulting Systems Engineer

I help teams secure, redesign, migrate, and performance-tune hybrid infrastructure. My work sits between architecture, implementation, operational risk, and executive-readable technical communication.

  • Virtualization modernization across Proxmox VE and VMware vSphere
  • Fortinet firewall policy, segmentation, site connectivity, and traffic-flow review
  • Security liaison work across vulnerability remediation, evidence, identity, logging, and endpoint controls
  • Hybrid cloud, distributed file services, backup resilience, and practical AI/RAG infrastructure

Hiring-manager snapshot

A concise profile for technical and non-technical reviewers.

Modernization

Hypervisor migration planning, host design, shared storage, high availability, backup behavior, workload dependency mapping, and rollback planning.

Network security

FortiGate policy review, segmentation, software-defined WAN operations, IPsec VPN connectivity, routing behavior, and traffic-flow analysis.

Security operations

Vulnerability validation, evidence coordination, security liaison work, identity controls, logging, endpoint detection, and remediation tracking.

Hybrid systems

Linux and Windows servers, cloud platforms, distributed file services, backup resilience, automation, and self-hosted retrieval-augmented generation labs.

Selected work

Case studies written for infrastructure leaders, security teams, and hands-on engineers.

These are framed as project narratives: problem, approach, technical surface area, and delivery artifacts.

01

Infrastructure modernization

Virtualization modernization and migration planning

Migration planning across VMware vSphere and Proxmox VE environments with emphasis on architecture, recovery behavior, change sequencing, and operational handoff.

Problem

Hypervisor migrations fail when teams treat the work as a tooling swap. The real risk lives in storage placement, firmware mode, network attachment, backup compatibility, high-availability assumptions, and the cutover sequence.

Approach

  • Map workload dependencies, recovery priority, storage paths, network bindings, and backup state.
  • Separate host architecture, shared storage, recovery design, monitoring, rollback, and validation into testable workstreams.
  • Produce runbooks that operations teams can execute during change windows.
Proxmox VEVMware vSphereShared storageHigh availabilityBackup compatibilityMigration runbooks
02

Network security

Fortinet segmentation, site connectivity, and traffic-flow review

Firewall policy, routing, software-defined WAN, and VPN review work focused on resilient site connectivity and enforceable network security boundaries.

Problem

Security and availability issues often hide in rule sprawl, unclear routing intent, permissive segmentation boundaries, stale NAT behavior, and failover paths that are never tested against application traffic.

Approach

  • Review policy intent, source/destination zones, NAT behavior, route preference, IPsec VPN pathing, and failure domains.
  • Translate packet flow and routing behavior into low-risk change plans.
  • Prioritize visibility, segmentation clarity, and repeatable troubleshooting over cosmetic cleanup.
FortiGateFortinet SD-WANIPsec VPNRoutingSegmentationTraffic analysis
03

Security operations

Security liaison and vulnerability remediation workflows

Infrastructure-side security coordination across scanner findings, endpoint controls, DNS security, email security, identity services, logging, and closure evidence.

Problem

Security findings lose momentum when ownership, risk context, maintenance windows, validation, and closure evidence are not translated into executable infrastructure tasks.

Approach

  • Validate findings against actual systems, exposure, service impact, and operational constraints.
  • Coordinate remediation with network, server, identity, endpoint, and security stakeholders.
  • Document evidence, residual risk, and closure state in a format useful to both security and operations.
Vulnerability managementSecurity evidenceSIEM loggingEndpoint detectionDuo proxiesDNS security
04

Storage and performance

Distributed file services, namespace behavior, and user-impacting latency

Migration and support work around Nasuni, DFS namespaces, Server Message Block access patterns, site topology, cache locality, and rollout behavior.

Problem

File-service performance issues are rarely solved by bandwidth alone. Name resolution, namespace targeting, protocol round trips, cache behavior, and site pathing often drive the end-user experience.

Approach

  • Trace access paths across client, namespace, network, storage, and authentication layers.
  • Separate protocol behavior from platform behavior so teams understand where latency is introduced.
  • Document rollout, rollback, and support escalation behavior for distributed environments.
NasuniDFS namespacesServer Message BlockWAN latencyFile migrationUser impact analysis
05

Resilience

Backup resilience and recovery design

Recovery planning across backup repositories, encryption, retention, recovery exposure, validation workflows, and operational risk for infrastructure resilience.

Problem

Backup success does not equal recoverability. Teams need validated restore paths, isolated recovery assumptions, protected credentials, repository design, and retention policy alignment.

Approach

  • Review recovery objectives, repository placement, immutability options, encryption, retention, and administrative exposure.
  • Align backup behavior with virtualization, storage, identity, and security boundaries.
  • Document restore validation and operational handoff requirements.
VeeamRecovery validationImmutable storageRetention strategyEncryptionOperational runbooks
06

AI infrastructure

Self-hosted retrieval-augmented generation infrastructure

Lab and workflow development using local models, document indexing, embeddings, vector databases, Open WebUI, Ollama, and controlled document retrieval pipelines.

Problem

Organizations want AI assistance over internal documents, but uncontrolled SaaS usage, weak source attribution, and unclear data handling create governance and security concerns.

Approach

  • Build local retrieval workflows with document ingestion, embeddings, indexing, model selection, and response grounding.
  • Evaluate tradeoffs between local inference, data control, latency, model capability, and operational complexity.
  • Translate lab results into practical guidance for infrastructure teams.
OllamaOpen WebUIVector databasesEmbeddingsDocument retrievalLocal inference

Technical depth

Infrastructure domains I can discuss in detail.

Virtualization and systems

  • VMware vSphere and Proxmox VE host architecture
  • Linux and Windows server operations
  • High availability, storage mapping, workload cutover, and rollback planning
  • Datacenter and colocation migration support

Network architecture and security

  • FortiGate firewall policy, segmentation, and traffic-flow review
  • Software-defined WAN, IPsec VPNs, routing, and site connectivity
  • Cisco, Juniper, Meraki, MikroTik, Aruba, and Fortinet environments
  • High-availability pathing and operational troubleshooting

Security operations and identity

  • Security liaison work across infrastructure and security stakeholders
  • Vulnerability review, prioritization, remediation, and evidence coordination
  • Duo proxies, Mimecast, DNS security, endpoint detection, and SIEM logging
  • Active Directory, LDAP, OpenID, PKI, and identity controls

Cloud, automation, and AI systems

  • AWS and Azure hybrid infrastructure patterns
  • Terraform, AWS Cloud Development Kit, Ansible, Docker, and Kubernetes exposure
  • Bash, Python, PowerShell, Java, HTML, and MySQL
  • Local AI/RAG workflows with embeddings, vector databases, and document retrieval

Resume

Consulting Systems Engineer with security, network, cloud, and platform depth.

Experienced in advising clients and securing, redesigning, and performance-tuning cloud, hybrid, and on-premises infrastructure. Eligible for U.S. Secret or Top Secret clearance.

Certifications

AWS Solutions Architect - Professional AWS Solutions Architect - Associate Cisco CCNP Security Microsoft Azure Administrator Associate Fortinet FCSS Public Cloud Security Fortinet FCP Network Security IBM Cybersecurity Analyst

Education

  • M.S. Cyber Operations, University of Maryland Global Campus, GPA 4.0, 2024-2026
  • B.S. Computer Networks & Cyber Security, University of Maryland Global Campus, GPA 3.8
  • B.S. Political Science, The Ohio State University

Experience

Recent delivery path

June 2026 - Present

Consulting Systems Engineer

World Wide Technology

Client-facing systems engineering across virtualization modernization, infrastructure redesign, and network security technical projects.

July 2024 - June 2026

Infrastructure Engineer

IBP

Security liaison work, Fortinet operations, VMware, Nasuni/DFS migration, vulnerability remediation, identity tooling, endpoint controls, SIEM logging, and self-hosted AI/RAG workflows.

April 2022 - July 2024

Systems Engineer

Bresco Broadband

Legacy network redesign, DNS replication and failover, Azure and on-premises domain hardening, Linux databases, cloud services, VoIP/database tuning, patch workflows, and datacenter operations.

2020 - 2022

Network, implementation, and cyber QA roles

Chick-fil-A, L Brands, Huntington National Bank

Network support, switches, routers, firewalls, server support, IAM software deployment testing, security defect review, technical documentation, and operational troubleshooting.

Contact

For infrastructure, network security, cloud, or consulting systems engineering roles.

Best contact path: email or LinkedIn. Resume is available as PDF and DOCX.