All work
Automation & Integration

Network Automation & Security (Cisco Meraki)

Serverless automation to strengthen and modernize the management of an enterprise Cisco Meraki network — scheduled, verifiable configuration backup/disaster-recovery, plus a stronger wireless authentication proof-of-concept.

Fully automatic, no hand-maintained list

Endpoint discovery

WORM-friendly, checksum-verified

Backup design

Zero (throwaway only)

Production credentials used in PoC

The Problem

Enterprise wireless/network configuration is easy to change but hard to recover if something goes wrong, and legacy click-through wireless authentication is weaker than certificate-based alternatives. Both problems needed a safe, tested solution before touching production.

My Approach

Configuration Backup & Disaster Recovery

  • Built a serverless, scheduled backup engine (timer-triggered, with an admin HTTP endpoint for on-demand runs) that discovers and catalogs every relevant configuration endpoint across the organization automatically, rather than relying on a hand-maintained list.
  • Designed the storage layout to separate immutable backup snapshots (checksum-verified, suitable for WORM/compliance retention) from mutable operational state, so retention policy on one doesn't conflict with the other.
  • Built in automatic redaction of sensitive values before anything is written to storage, and retrieved the API credential itself from a managed secrets vault rather than an environment variable or config file.

Certificate-Based Wireless Authentication (POC)

  • Proved out WPA2-Enterprise with EAP-TLS certificate authentication using an access point's built-in local authentication, removing the need for a dedicated external RADIUS server.
  • Ran it as an isolated, clearly-labeled proof-of-concept network, explicitly mirrored against (and validated side-by-side with) the existing production wireless configuration as a baseline, before any consideration of a live cutover — with throwaway test credentials, never production ones.

Stack

Automation

PythonAzure Functions (Python v2, timer + HTTP triggers)Azure Blob StorageAzure Key Vault

Networking/Security

Cisco Meraki Dashboard API v1WPA2-EnterpriseEAP-TLSPKI/certificate issuance and validationLocal (AP-based) RADIUS authentication

Practices

Immutable/WORM-friendly backup designAutomatic secret redactionIsolated proof-of-concept methodology before production changes

Skills Demonstrated

  • Network engineering: enterprise wireless authentication design (EAP-TLS, PKI, RADIUS alternatives)
  • Serverless backup/disaster-recovery engineering with compliance-aware storage design
  • Security-conscious automation: least-privilege secret access, automatic redaction, defense against accidental credential exposure
  • Disciplined proof-of-concept practice: validate against a real baseline in isolation before touching production