My Portfolio.

1. Professional Summary

Moffat Mubea | Cybersecurity-Focused Network Engineer I am a Network Engineer driven by a deep enthusiasm for Cybersecurity and robust infrastructure design. My approach goes beyond connectivity; I focus on building resilient networks that withstand modern threats. With a solid foundation in Cisco Networking and Python Essentials, I specialize in hardening network perimeters and ensuring data integrity. Currently securing operations at Aromakare Ltd, I am dedicated to continuous monitoring, vulnerability assessment, and the implementation of advanced firewall protocols to create safe digital environments.

2. Core Security Competencies

• Perimeter Defense: Expert configuration and management of industry-standard firewalls, including Sophos, Cisco, and Fortinet.

• Secure Connectivity: Designing and deploying VPNs (Site-to-Site and Remote Access) to ensure encrypted and authenticated communication channels.

• Vulnerability Management: Conducting daily vulnerability tests to identify and mitigate potential risks before they can be exploited.

• Access Control: Implementing AAA servers (Authentication, Authorization, and Accounting) to strictly manage user access and audit network activity.

• Network Segmentation: Utilizing VLANs to isolate traffic and reduce the attack surface within internal networks.

3. Security in Action (Professional Experience)

Network Engineer | Aromakare Ltd

(August 2024 – Present) At Aromakare Ltd, I serve as the first line of defense for the company's network infrastructure. My role revolves around proactive security measures and rapid response to potential threats.

• Firewall Administration: I design and configure complex firewall rules across Sophos, Cisco, and Fortinet platforms to filter traffic and block malicious actors.

• Proactive Hardening: I perform daily vulnerability assessments and ensure all network devices are patched with the latest firmware to close security loopholes.

• Secure Remote Work: I successfully configured VPN solutions to allow secure remote access for staff without compromising the internal network integrity.

4. Certifications & Education

• Network Security: Specialized training in securing network architectures.

• Cisco Certified Network Associate (CCNA 1, 2, 3): Comprehensive knowledge of switching, routing, and wireless essentials.

• Python Essentials: Scripting skills useful for automating security tasks and analysis.

• Diploma: Kenyatta University (2020).

5. Interests & Future Focus

My passion lies in staying ahead of the curve in Cybersecurity and Cloud Computing. I am constantly exploring new threat landscapes and defense mechanisms to ensure that the networks I manage are future-proof and secure against evolving cyber attacks.

skills and expertise

Networking & Security

• Network design and deployment
  
  

• VLAN segmentation and trunking
  
  

• Firewall configuration and rule auditing
  
  

• VPN configuration and secure access
  
  

• Bandwidth management and QoS
  
  

• Hotspot and captive portal systems
  
  

Systems & Platforms

• Linux administration (Kali, Ubuntu, WSL)
  
  

• Sophos XGS firewall
  
  

• MikroTik RouterOS
  
  

• UniFi Controller
  
  

• FreeRADIUS & daloRADIUS
  
  

• Virtual machines (VMware, VirtualBox)
  
  

Software & Automation

• Python scripting
  
  

• Flask development
  
  

• REST APIs
  
  

• SQLite databases
  
  

• Voucher systems & authentication workflows

Projects  and labs

1. Flask Voucher Authentication Portal

Built a web-based captive portal using Flask integrated with MikroTik Hotspot via HTTP POST and RADIUS authentication.

Technologies: Python, Flask, MikroTik, FreeRADIUS, SQLite
Outcome: Fully functional voucher-based authentication system.

2. Enterprise Firewall Configuration (Sophos XGS)

Designed and implemented a VLAN-based firewall policy structure using Sophos XGS firewall with segmented security zones.

Technologies: Sophos Firewall, VLANs, Routing, Security policies
Outcome: Improved network segmentation and controlled inter-VLAN traffic.

3. UniFi Controller Deployment on Linux

Installed and configured UniFi network controller on Linux virtual machine to manage enterprise-grade access points and switches.

Technologies: UniFi, Linux, Virtual Machines
Outcome: Centralized network management solution.

4. Network Simulation Lab

Built a full network simulation environment using Cisco Packet Tracer and GNS3 for training and proof of concept.

Outcome: Demonstrated real-world enterprise network designs.