Automation & Integration
Network Automation & Security (Cisco Meraki)
Serverless automation to strengthen and modernize the management of an enterprise Cisco Meraki network — scheduled, verifiable configuration backup/disaster-recovery, plus a stronger wireless authentication proof-of-concept.
Fully automatic, no hand-maintained list
Endpoint discovery
WORM-friendly, checksum-verified
Backup design
Zero (throwaway only)
Production credentials used in PoC
The Problem
Enterprise wireless/network configuration is easy to change but hard to recover if something goes wrong, and legacy click-through wireless authentication is weaker than certificate-based alternatives. Both problems needed a safe, tested solution before touching production.
My Approach
Configuration Backup & Disaster Recovery
- Built a serverless, scheduled backup engine (timer-triggered, with an admin HTTP endpoint for on-demand runs) that discovers and catalogs every relevant configuration endpoint across the organization automatically, rather than relying on a hand-maintained list.
- Designed the storage layout to separate immutable backup snapshots (checksum-verified, suitable for WORM/compliance retention) from mutable operational state, so retention policy on one doesn't conflict with the other.
- Built in automatic redaction of sensitive values before anything is written to storage, and retrieved the API credential itself from a managed secrets vault rather than an environment variable or config file.
Certificate-Based Wireless Authentication (POC)
- Proved out WPA2-Enterprise with EAP-TLS certificate authentication using an access point's built-in local authentication, removing the need for a dedicated external RADIUS server.
- Ran it as an isolated, clearly-labeled proof-of-concept network, explicitly mirrored against (and validated side-by-side with) the existing production wireless configuration as a baseline, before any consideration of a live cutover — with throwaway test credentials, never production ones.
Stack
Automation
PythonAzure Functions (Python v2, timer + HTTP triggers)Azure Blob StorageAzure Key Vault
Networking/Security
Cisco Meraki Dashboard API v1WPA2-EnterpriseEAP-TLSPKI/certificate issuance and validationLocal (AP-based) RADIUS authentication
Practices
Immutable/WORM-friendly backup designAutomatic secret redactionIsolated proof-of-concept methodology before production changes
Skills Demonstrated
- ▸Network engineering: enterprise wireless authentication design (EAP-TLS, PKI, RADIUS alternatives)
- ▸Serverless backup/disaster-recovery engineering with compliance-aware storage design
- ▸Security-conscious automation: least-privilege secret access, automatic redaction, defense against accidental credential exposure
- ▸Disciplined proof-of-concept practice: validate against a real baseline in isolation before touching production