Open to New Opportunities

Steven Hosek Network & Security Ops Technician

Greater New York City Area

Comfortable in 24x7 environments with escalation ownership, high event volume, and production support responsibility.

Network and security operations technician with hands-on experience in event triage, fault isolation, authentication troubleshooting, escalation coordination, and production support across managed services and enterprise environments. Most of my work sits at the intersection of networking, security monitoring, identity, and infrastructure, where the job is to reduce noisy symptoms into a clear technical path forward.

Download PDF

Network & security operations

Incident response and escalation

Vulnerability remediation support

Client-facing technical communication

Current FocusProxmox clustering and service placement

Current FocusVLAN segmentation and policy boundaries

Current FocusDNS filtering and network visibility with AdGuard

Current FocusBackup, power resilience, and graceful shutdown planning

Professional Summary

Operations-focused cybersecurity and infrastructure support for live environments.

Built around the kind of work that matters in live environments: triage, troubleshooting, clear escalation paths, and changes that do not create new problems.

I support network and security operations across client and enterprise environments. Day to day, that means triaging alerts across monitoring and security platforms, isolating faults across network, identity, and server layers, working through authentication and connectivity issues, supporting patching and maintenance windows, and keeping communication clear between internal teams, vendors, and clients. I do my best work when a problem is noisy, cross-functional, or ambiguous and needs to be reduced to something technically actionable.

Multi-site event triage, cross-platform fault isolation, and operational troubleshooting

Escalation coordination, remediation planning, and production-safe change execution

Communicates technical findings clearly to clients, internal teams, and vendor support

Works across infrastructure, identity, endpoint, cloud, voice, and security platforms

Environment ExposureManaged services and multi-client support workflows

Environment ExposureMulti-site infrastructure and branch-connected environments

Environment Exposure24x7 operations, escalation ownership, and high event volume

Environment ExposureProduction maintenance windows and post-change validation

Experience

Professional Experience

Roles that best reflect my background in operations, troubleshooting, escalation handling, and security-focused support work.

NOC Technician I

Sourcepass · Bohemia, New York · On-site

Oct 2021 – Present

Monitor and triage network, infrastructure, and security events across managed client environments, helping move incidents toward resolution or the right escalation path in a 24x7 operations model.
Investigate alerts across infrastructure, cloud, identity, and security platforms using OpsGenie, Splunk, AppDynamics, RabbitMQ, Azure, AWS, Active Directory, Azure AD, FortiEDR, Palo Alto, Defender, Barracuda, Proofpoint, KnowBe4, and LogRhythm.
Support client environments through troubleshooting, risk review, incident handling, and technical communication with internal teams, vendors, and stakeholders across network, security, identity, and server-related issues.
Owned critical PKI certificate issues in a 24x7 support workflow and coordinated closely with security and operations teams through resolution, including issue validation, stakeholder updates, and escalation handling.

Service Desk Analyst – Raytheon

DXC Technology · Holbrook, New York · Remote

Jun 2021 – Oct 2021

Provided Level 1 enterprise support in a defense-contractor environment supporting employees, contractors, vendors, executives, and VIP users across identity, access, endpoint, and productivity-related issues.
Used ServiceNow to document incidents, resolve common issues, identify recurring patterns, and escalate higher-risk or more complex issues to senior support tiers.
Supported Office 365 provisioning, restricted portal access, mobile device issues, and multi-factor authentication workflows using smart cards and hardware or software tokens.

Help Desk Analyst – The Freeman Company

Infogain · Holbrook, New York · Remote

Apr 2021 – Jul 2021

Delivered L1/L2 support across phone, chat, and email for password resets, distribution groups, Office 365 provisioning, and Okta-based access workflows in a high-volume support environment.
Worked across Active Directory, SAP, Five9, Exchange, Google Workspace, Box, Dropbox, Zoom, and Citrix-based internal systems.
Escalated non-resolvable issues appropriately while maintaining consistent user support across remote environments.

Specialist

Apple · Lake Grove, New York

Oct 2019 – Feb 2020

Served as an initial point of contact for customers, helping guide purchasing, setup, and product support conversations.
Contributed to customer experience, team support, and visual merchandising in a fast-paced retail environment.

Technical Highlights

Representative investigations showing how I approach triage, fault isolation, and production-safe remediation.

Highlight 01

802.1X Authentication Failure Analysis

Correlated wireless-side events with backend authentication logs to narrow an intermittent 802.1X issue toward endpoint supplicant or certificate state rather than shared infrastructure.

ProblemUsers were experiencing recurring authentication failures on enterprise wireless.

ApproachCorrelated controller-side behavior with identity service events and reviewed the timing of client authentication attempts.

OutcomeNarrowed the issue toward endpoint supplicant or certificate behavior rather than unnecessary infrastructure changes.

View investigation notes

What I checkedController-side authentication behavior, timing windows, identity service events, and whether failures lined up across systems.

What I ruled outBroad controller outage, systemic identity platform failure, and a general wireless service interruption.

What pointed to root causeTimeout behavior on one side without matching backend authentication activity strongly suggested an endpoint-side issue.

Next actionValidate the failing endpoint directly by reviewing supplicant behavior, certificate state, and repeatability on a known affected device.

Highlight 02

VPN Tunnel Stability Investigation

Validated both ends of a recurring VPN issue and used a controlled recovery sequence to restore connectivity and stabilize the monitoring path without introducing unnecessary production risk.

ProblemA production VPN path experienced recurring tunnel drops and basic recovery attempts did not restore service.

ApproachValidated tunnel behavior from both ends, tested recovery steps, and coordinated controlled peer re-establishment.

OutcomeRestored connectivity and stabilized the monitoring path while narrowing the issue to peer/session recovery behavior.

View investigation notes

What I checkedTunnel state on both sides, response to peer clears, route behavior, and post-recovery monitoring path stability.

What I ruled outA simple one-sided peer reset as the fix, and a purely transient issue that would clear without coordinated action.

What pointed to root causeThe tunnel only recovered cleanly when both ends were handled in a coordinated sequence, pointing to session recovery behavior rather than basic reachability.

Next actionContinue to watch recurrence patterns, document the successful recovery path, and use that sequence for future incidents.

Highlight 03

Critical Vulnerability Remediation & Upgrade Execution

Supported targeted remediation by validating exposure, upgrade paths, affected versions, and which platforms actually required action.

ProblemCritical vulnerabilities required remediation across production infrastructure without creating unnecessary risk.

ApproachReviewed affected systems, validated versions, confirmed upgrade paths, and separated impacted platforms from those not in scope.

OutcomeSupported targeted patching and production-safe upgrade execution tied to critical security issues.

View investigation notes

What I checkedProduct versions, vulnerability applicability, upgrade paths, operational risk, and whether adjacent systems were actually impacted.

What I ruled outBlind patching across every related platform and unnecessary changes to products that were not affected.

What pointed to root causeVersion and platform validation narrowed exposure to a smaller, better-defined scope, which made targeted remediation possible.

Next actionExecute controlled maintenance, validate service health post-change, and document the final supported remediation path.

Highlight 04

Cisco CER / ELIN Callback Routing Analysis

Traced callback behavior through CUCM call records and translation logic to isolate why ELIN callbacks were not reaching the intended emergency-routing path.

ProblemInbound callback traffic tied to emergency routing was reaching CUCM but not being handled by the expected callback logic.

ApproachReviewed CDRs, called and final-called numbers, partitions, and translation behavior to identify where call processing was being matched first.

OutcomeNarrowed the issue to a directory number and partition match that was taking precedence over the intended ELIN translation path.

View investigation notes

What I checkedCUCM call detail records, trunk ingress behavior, called-party fields, translation patterns, and the partition associated with the callback target.

What I ruled outA carrier-side delivery failure and a complete CER routing outage, since the call was arriving in CUCM and matching internal logic.

What pointed to root causeThe call was matching a line partition entry before it could hit the intended ELIN translation pattern, which explained the null device routing behavior.

Next actionConfirm the affected DN is not in use, then remove or move it so the emergency callback translation can be evaluated first.

The Lab

Home lab built for practical networking, systems, and security work.

My home lab is where I validate the same kinds of workflows I deal with professionally: segmentation, virtualization, DNS control, service placement, and repeatable troubleshooting.

Lab Topology

Segmented environment centered on FortiWiFi at the edge, a UPS-backed core, and a home server running clustered Proxmox workloads.

Edge security and routing are handled by FortiWiFi, with VLAN-separated trusted, guest, lab, and infrastructure segments. Core services and virtualized workloads run on a home server using Proxmox, with AdGuard providing DNS control and a UPS protecting the core path.

The environment is built around a FortiWiFi firewall and a home server, with VLANs used to separate trusted, guest, lab, and infrastructure networks. I use it to test routing, policy changes, service placement, and access behavior in a controlled environment before I carry the same thinking into production work.

UPS-backed core gear keeps the environment stable during outages and gives me a clean shutdown path for hosts and services when power is interrupted.

Edge and segmentation: FortiWiFi-based routing, policy control, and VLAN separation for distinct network zones.
Virtualization: Proxmox cluster used for hosting lab workloads, testing infrastructure changes, and working through VM and service recovery scenarios.
DNS and filtering: AdGuard used for DNS control, filtering, and visibility into client query behavior across segments.
Power resilience: UPS integration to protect equipment, avoid abrupt shutdowns, and support graceful recovery planning.
Operational use: Validation of routing changes, access rules, service placement, patching workflows, and troubleshooting patterns before applying similar thinking elsewhere.
Administration and tooling: Ongoing work with Windows administration, scripting, monitoring, and documentation to keep the lab useful instead of static.

Automation / Scripting

I use lightweight automation where it saves time and reduces drift. Most of it is operational: repeatable checks, service validation, file transfer, configuration review, and post-change verification.

PowerShell: service-state checks, port validation, backup verification, and repeatable server-side health checks before and after maintenance.
Bash / SSH / SCP: image transfer, remote command execution, config retrieval, and post-change validation across lab hosts and network gear.
Config validation: compare expected versions, confirm reachability, validate service status, and verify that the device or server came back in the expected state.
Why it matters: small operational scripts reduce drift, shorten repetitive checks, and make it easier to document exactly what was validated during troubleshooting or maintenance.

Examples

# PowerShell - service and reachability validation
$services = "MSSQLSERVER","SQLSERVERAGENT","W3SVC"
Get-Service -Name $services |
  Select-Object Name, Status, StartType

Test-NetConnection server01 -Port 443
Get-ChildItem "D:\Backups" |
  Sort-Object LastWriteTime -Descending |
  Select-Object -First 5 Name, LastWriteTime, Length

# SSH / SCP - network device validation
ssh admin@lab-fw "get system interface"
ssh admin@lab-fw "get router info routing-table all"
scp firmware.out admin@lab-core:/var/tmp/

# Post-change workflow
- confirm expected image / version
- validate service state and listening ports
- verify network reachability from the correct segment
- review logs / alerts for regression after change

Technical Skills

Core tools, platforms, and operational areas

Built from hands-on work across network infrastructure, security monitoring, systems support, voice, and client operations.

Selected PlatformsCisco, Fortinet, Palo Alto, and NetScaler environments

Selected PlatformsMicrosoft, VMware, Nutanix, SQL Server, and Windows infrastructure

Selected PlatformsVoice, identity, monitoring, and security operations platforms

Selected PlatformsAccess control, surveillance, and physical security support systems

FortiWiFiSegmentation and policy testingHome lab edge control and VLAN boundary validation

ProxmoxClustered lab workloadsVirtualized services, recovery tests, and service placement

AdGuardDNS filtering and visibilityClient query review across segmented networks

Cisco CERE911 routing analysisELIN and callback behavior review in voice environments

Networking / Infrastructure

VLANs
DHCP
DNS
RADIUS
MAB
EAPOL
Cisco IOS / IOS-XE
FortiGate
FortiWiFi
Cisco FMC
VPN Tunnel Troubleshooting
WAN / LAN
Network Monitoring
NAC / Policy Troubleshooting
Wireless Authentication Troubleshooting

Voice / Collaboration

Cisco Unity
Cisco CER
CDR Analysis
SIP / Call Routing Troubleshooting
ELIN / E911 Routing
CUCM

Security / Monitoring

Incident Triage
Event Correlation
False Positive Analysis
Threat Detection Review
Vulnerability Scan Review
Security Escalation Handling
Microsoft Defender
FortiEDR
Palo Alto WildFire
Zscaler
Proofpoint
LogRhythm
SIEM Triage

Systems / Platforms

VMware
vCenter
Nutanix Prism Central
SQL Server
Windows Server
Linux
Ubuntu
Proxmox
Backup Validation
Server Health Monitoring
NetScaler SDX / VPX

Physical Security / Access Control

Brivo
Milestone Recording Server Support
Video Surveillance Troubleshooting
Access Control Support

Operations / Tooling

Runbook Creation
Technical Documentation
Client-Facing Incident Communications
Vendor Coordination
PowerShell
Bash / CLI
WinSCP
SSH / SCP
OpsGenie
Splunk
AppDynamics
RabbitMQ
Azure
AWS
ServiceNow
Okta
ConnectWise
IT Glue

Contact

Let’s Connect

Open to new opportunities. Email is the best way to reach me, and LinkedIn is available for a quick profile review.

Emailstevenjhosek@icloud.com

LinkedInlinkedin.com/in/stevenhoseknyc

Resumestevenhosek.dev/Steven-Hosek-Resume.pdf

Get In Touch

Professional Preview

This profile is shared selectively.Enter your access code to continue

Thanks for taking a look. This site is shared selectively for hiring and professional conversations. Enter the access code you were given to view the full profile, technical highlights, and resume.