About

Michael Guallpa

Network and infrastructure engineer. Belleville, NJ.

I am a network and systems engineer holding the Cisco CCNA 200-301 and CompTIA Network+ certifications, with hands-on experience across the full range of problems small and mid-market businesses run into: flat networks that need to be segmented, switching layers with no documentation, remote access configurations that expose more than they should, servers without working backups, and infrastructure that nobody left instructions for.

My networking work is in Cisco IOS: configuring and troubleshooting VLANs and 802.1Q trunks, designing inter-VLAN routing via Layer 3 switches or router-on-a-stick, tuning Spanning Tree (PVST+, Rapid PVST+, root bridge placement, PortFast, BPDU Guard), building EtherChannel uplinks with LACP for aggregation and redundancy, running OSPF in single and multi-area designs, writing ACLs for network-layer access control, and configuring NAT, DHCP relay, and DHCP snooping. This work has been applied on client networks and in extensive lab environments.

I administer Linux and Windows Server environments, deploy and manage containerized services with Docker Compose, and operate Proxmox VE virtualization infrastructure with ZFS RAIDZ storage, NFS-backed service mounts, and automated backup pipelines with tested retention policies.

DevOps and security hardening work covers the full stack: CI/CD pipeline configuration, Ansible-based configuration management for repeatable and auditable infrastructure, and infrastructure-as-code deployment workflows. Server hardening follows CIS benchmark practices: kernel parameter tuning via sysctl, auditd configuration, service minimization, and privilege separation. The access control and perimeter layer includes Tailscale Zero Trust VPN with per-group ACL policies, Authelia for SSO and MFA across internal applications, CrowdSec for intrusion detection, PKI and certificate lifecycle management, and Caddy as a reverse proxy with automatic TLS and HTTP security header enforcement.

I also have a background in end-to-end hardware support: diagnostics, repair, and component-level soldering on Windows, macOS, and Linux hardware. That background matters when a problem turns out to be physical rather than logical.

Subnet Works operates on a direct engagement model. When you work with Subnet Works, you work with me directly, from the initial call through implementation and ongoing support. No hand-offs, no account managers, no explaining the environment to someone new each time.

Certifications

Cisco CCNA 200-301 Active

Credential ID: M2QVZ5HDLV9PHNG2

Cisco ID: CSCO15136086

Verify this credential
CompTIA Network+ Active

Credential ID: 53FVF99Q8N4QSFFJ

Verify this credential
AWS Solutions Architect Associate In progress

Technical skills

Switching

  • Cisco IOS switch configuration
  • VLAN design and 802.1Q trunking
  • Spanning Tree: PVST+, RSTP, root bridge placement
  • PortFast, BPDU Guard, BPDU Filter
  • EtherChannel: LACP and static bonding
  • Port security and dynamic ARP inspection
  • DHCP snooping and IP Source Guard
  • Voice VLAN for IP phones

Routing

  • Cisco IOS router configuration
  • Inter-VLAN routing (L3 switch and router-on-a-stick)
  • OSPF: single-area, multi-area, DR/BDR election
  • Static routing and floating static routes
  • NAT and PAT (overload, static NAT)
  • ACLs: standard, extended, named
  • DHCP server, relay (ip helper-address)
  • HSRP and VRRP for gateway redundancy

Network services and monitoring

  • DNS administration and split-horizon DNS
  • NTP synchronization across devices
  • Syslog and SNMP for monitoring integration
  • QoS: DSCP marking, traffic shaping, policing
  • Site-to-site VPN: IPsec, GRE over IPsec
  • Wireless: SSID separation, guest isolation
  • Network topology documentation

Virtualization and storage

  • Proxmox VE: KVM guests, clustering, live migration
  • GPU passthrough to VMs
  • ZFS: RAIDZ1/RAIDZ2, snapshots, scrub, send/receive
  • Docker and Docker Compose
  • NFS with access controls
  • Automated backup pipelines with retention policies
  • VM snapshot and recovery procedures

Security hardening

  • CIS benchmark Linux hardening
  • Kernel parameter tuning (sysctl) and auditd configuration
  • Service minimization and privilege separation
  • PKI and certificate lifecycle management
  • Tailscale Zero Trust VPN with per-group ACL policies
  • Authelia SSO and multi-factor authentication
  • CrowdSec intrusion detection and perimeter blocking
  • Caddy reverse proxy with automatic TLS
  • HTTP security headers (HSTS, CSP, X-Frame-Options)
  • Firewall policy design, review, and access control audits
  • SSH hardening and key-based access enforcement

DevOps and automation

  • CI/CD pipeline configuration (GitHub Actions, GitLab CI)
  • Ansible configuration management and playbook development
  • Infrastructure-as-code deployment workflows
  • Container image hardening and least-privilege service configuration
  • Secrets management and environment isolation
  • Log aggregation and centralized monitoring
  • Automated provisioning and rollback procedures

Operating systems and hardware

  • Ubuntu and Debian Server administration
  • Windows Server: AD, Group Policy, DNS, DHCP
  • OS hardening and patch management
  • macOS diagnostics and recovery
  • Component-level hardware repair and soldering
  • End-to-end diagnostics across Windows, macOS, Linux

Work with me directly.

The same engineer handles every engagement from the initial call through delivery. Start with a free 30-minute conversation.

Schedule a Consultation How we work