Open to New Opportunities

Steven Hosek Network & Security Ops Technician

Greater New York City Area
stevenjhosek@icloud.com
linkedin.com/in/stevenhoseknyc

Comfortable in 24x7 environments with escalation ownership, high event volume, and production support responsibility.

Network and security operations technician with hands-on experience in event triage, fault isolation, authentication troubleshooting, escalation coordination, and production support across managed services and enterprise environments.

TL;DR Experience

Managed services and enterprise support experience across 24x7 operations, production troubleshooting, escalation-heavy workflows, and client-facing technical support.

Current role NOC Technician I at Sourcepass supporting network, security, identity, and infrastructure operations.
Core work Event triage, fault isolation, escalation coordination, maintenance support, and post-change validation.
Operating model 24x7 environments, multi-site clients, high event volume, and production support responsibility.
Strengths Clear communication, calm triage, cross-platform troubleshooting, and production-safe decision making.
Cisco Fortinet LogRhythm VMware SQL Server PowerShell CUCM / CER Zscaler

Professional Summary

Operations-focused security and infrastructure support for live environments.

Built around the kind of work that matters in live environments: triage, troubleshooting, clear escalation paths, and changes that do not create new problems.

I support network and security operations across client and enterprise environments. Day to day, that means triaging alerts across monitoring and security platforms, isolating faults across network, identity, and server layers, working through authentication and connectivity issues, supporting patching and maintenance windows, and keeping communication clear between internal teams, vendors, and clients. I do my best work when a problem is noisy, cross-functional, or ambiguous and needs to be reduced to something technically actionable.

Multi-site event triage, cross-platform fault isolation, and operational troubleshooting
Escalation coordination, remediation planning, and production-safe change execution
Communicates technical findings clearly to clients, internal teams, and vendor support
Works across infrastructure, identity, endpoint, cloud, voice, and security platforms
Environment ExposureManaged services and multi-client support workflows
Environment ExposureMulti-site infrastructure and branch-connected environments
Environment Exposure24x7 operations, escalation ownership, and high event volume
Environment ExposureProduction maintenance windows and post-change validation

Experience

Professional Experience

Roles that best reflect my background in operations, troubleshooting, escalation handling, and security-focused support work.

NOC Technician I

Sourcepass · Bohemia, New York · On-site
Oct 2021 – Present
  • Monitor and triage network, infrastructure, and security events across managed client environments, helping move incidents toward resolution or the right escalation path in a 24x7 operations model.
  • Investigate alerts across infrastructure, cloud, identity, and security platforms using OpsGenie, Splunk, AppDynamics, RabbitMQ, Azure, AWS, Active Directory, Azure AD, FortiEDR, Palo Alto, Defender, Barracuda, Proofpoint, KnowBe4, and LogRhythm.
  • Support client environments through troubleshooting, risk review, incident handling, and technical communication with internal teams, vendors, and stakeholders across network, security, identity, and server-related issues.
  • Owned critical PKI certificate issues in a 24x7 support workflow and coordinated closely with security and operations teams through resolution, including issue validation, stakeholder updates, and escalation handling.

Service Desk Analyst – Raytheon

DXC Technology · Holbrook, New York · Remote
Jun 2021 – Oct 2021
  • Provided Level 1 enterprise support in a defense-contractor environment supporting employees, contractors, vendors, executives, and VIP users across identity, access, endpoint, and productivity-related issues.
  • Used ServiceNow to document incidents, resolve common issues, identify recurring patterns, and escalate higher-risk or more complex issues to senior support tiers.
  • Supported Office 365 provisioning, restricted portal access, mobile device issues, and multi-factor authentication workflows using smart cards and hardware or software tokens.

Help Desk Analyst – The Freeman Company

Infogain · Holbrook, New York · Remote
Apr 2021 – Jul 2021
  • Delivered L1/L2 support across phone, chat, and email for password resets, distribution groups, Office 365 provisioning, and Okta-based access workflows in a high-volume support environment.
  • Worked across Active Directory, SAP, Five9, Exchange, Google Workspace, Box, Dropbox, Zoom, and Citrix-based internal systems.
  • Escalated non-resolvable issues appropriately while maintaining consistent user support across remote environments.

Specialist

Apple · Lake Grove, New York
Oct 2019 – Feb 2020
  • Served as an initial point of contact for customers, helping guide purchasing, setup, and product support conversations.
  • Contributed to customer experience, team support, and visual merchandising in a fast-paced retail environment.

Technical Work

Selected technical work.

Representative investigations showing how I approach triage, fault isolation, and production-safe remediation.

Highlight 01

802.1X Authentication Failure Analysis

Correlated wireless-side events with backend authentication logs to narrow an intermittent 802.1X issue toward endpoint supplicant or certificate state rather than shared infrastructure.
ProblemUsers were experiencing recurring authentication failures on enterprise wireless.
ApproachCorrelated controller-side behavior with identity service events and reviewed the timing of client authentication attempts.
OutcomeNarrowed the issue toward endpoint supplicant or certificate behavior rather than unnecessary infrastructure changes.
View investigation notes
What I checkedController-side authentication behavior, timing windows, identity service events, and whether failures lined up across systems.
What I ruled outBroad controller outage, systemic identity platform failure, and a general wireless service interruption.
What pointed to root causeTimeout behavior on one side without matching backend authentication activity strongly suggested an endpoint-side issue.
Next actionValidate the failing endpoint directly by reviewing supplicant behavior, certificate state, and repeatability on a known affected device.
Highlight 02

VPN Tunnel Stability Investigation

Validated both ends of a recurring VPN issue and used a controlled recovery sequence to restore connectivity and stabilize the monitoring path without introducing unnecessary production risk.
ProblemA production VPN path experienced recurring tunnel drops and basic recovery attempts did not restore service.
ApproachValidated tunnel behavior from both ends, tested recovery steps, and coordinated controlled peer re-establishment.
OutcomeRestored connectivity and stabilized the monitoring path while narrowing the issue to peer/session recovery behavior.
View investigation notes
What I checkedTunnel state on both sides, response to peer clears, route behavior, and post-recovery monitoring path stability.
What I ruled outA simple one-sided peer reset as the fix, and a purely transient issue that would clear without coordinated action.
What pointed to root causeThe tunnel only recovered cleanly when both ends were handled in a coordinated sequence, pointing to session recovery behavior rather than basic reachability.
Next actionContinue to watch recurrence patterns, document the successful recovery path, and use that sequence for future incidents.
Highlight 03

Critical Vulnerability Remediation & Upgrade Execution

Supported targeted remediation by validating exposure, upgrade paths, affected versions, and which platforms actually required action.
ProblemCritical vulnerabilities required remediation across production infrastructure without creating unnecessary risk.
ApproachReviewed affected systems, validated versions, confirmed upgrade paths, and separated impacted platforms from those not in scope.
OutcomeSupported targeted patching and production-safe upgrade execution tied to critical security issues.
View investigation notes
What I checkedProduct versions, vulnerability applicability, upgrade paths, operational risk, and whether adjacent systems were actually impacted.
What I ruled outBlind patching across every related platform and unnecessary changes to products that were not affected.
What pointed to root causeVersion and platform validation narrowed exposure to a smaller, better-defined scope, which made targeted remediation possible.
Next actionExecute controlled maintenance, validate service health post-change, and document the final supported remediation path.
Highlight 04

Cisco CER / ELIN Callback Routing Analysis

Traced callback behavior through CUCM call records and translation logic to isolate why ELIN callbacks were not reaching the intended emergency-routing path.
ProblemInbound callback traffic tied to emergency routing was reaching CUCM but not being handled by the expected callback logic.
ApproachReviewed CDRs, called and final-called numbers, partitions, and translation behavior to identify where call processing was being matched first.
OutcomeNarrowed the issue to a directory number and partition match that was taking precedence over the intended ELIN translation path.
View investigation notes
What I checkedCUCM call detail records, trunk ingress behavior, called-party fields, translation patterns, and the partition associated with the callback target.
What I ruled outA carrier-side delivery failure and a complete CER routing outage, since the call was arriving in CUCM and matching internal logic.
What pointed to root causeThe call was matching a line partition entry before it could hit the intended ELIN translation pattern, which explained the null device routing behavior.
Next actionConfirm the affected DN is not in use, then remove or move it so the emergency callback translation can be evaluated first.

The Lab

Home lab built for practical networking, systems, and security validation.

My home lab is where I validate the same kinds of workflows I deal with professionally: segmentation, virtualization, DNS control, service placement, and repeatable troubleshooting.

Lab Topology

Segmented environment centered on FortiWiFi at the edge, a UPS-backed core, and a home server running clustered Proxmox workloads.

Internet WAN / ISP FortiWiFi Policy / Routing / VLANs UPS Home Server Proxmox cluster / core lab workloads AdGuard DNS filtering / visibility Trusted VLAN Workstations / primary devices Guest VLAN Untrusted / temporary access Lab VLAN Testing / sandbox services Infra VLAN Management / core services

Edge security and routing are handled by FortiWiFi, with VLAN-separated trusted, guest, lab, and infrastructure segments. Core services and virtualized workloads run on a home server using Proxmox, with AdGuard providing DNS control and a UPS protecting the core path.

The environment is built around a FortiWiFi firewall and a home server, with VLANs used to separate trusted, guest, lab, and infrastructure networks. I use it to test routing, policy changes, service placement, and access behavior in a controlled environment before I carry the same thinking into production work.

UPS-backed core gear keeps the environment stable during outages and gives me a clean shutdown path for hosts and services when power is interrupted.

  • Edge and segmentation: FortiWiFi-based routing, policy control, and VLAN separation for distinct network zones.
  • Virtualization: Proxmox cluster used for hosting lab workloads, testing infrastructure changes, and working through VM and service recovery scenarios.
  • DNS and filtering: AdGuard used for DNS control, filtering, and visibility into client query behavior across segments.
  • Power resilience: UPS integration to protect equipment, avoid abrupt shutdowns, and support graceful recovery planning.
  • Operational use: Validation of routing changes, access rules, service placement, patching workflows, and troubleshooting patterns before applying similar thinking elsewhere.
  • Administration and tooling: Ongoing work with Windows administration, scripting, monitoring, and documentation to keep the lab useful instead of static.

Automation / Scripting

I use lightweight automation where it saves time and reduces drift. Most of it is operational: repeatable checks, service validation, file transfer, configuration review, and post-change verification.

  • PowerShell: service-state checks, port validation, backup verification, and repeatable server-side health checks before and after maintenance.
  • Bash / SSH / SCP: image transfer, remote command execution, config retrieval, and post-change validation across lab hosts and network gear.
  • Config validation: compare expected versions, confirm reachability, validate service status, and verify that the device or server came back in the expected state.
  • Why it matters: small operational scripts reduce drift, shorten repetitive checks, and make it easier to document exactly what was validated during troubleshooting or maintenance.
Examples
Get-Service -Name MSSQLSERVER,SQLSERVERAGENT,W3SVC
Test-NetConnection server01 -Port 443
ssh admin@lab-fw "get system interface"
ssh admin@lab-fw "get router info routing-table all"
scp firmware.out admin@lab-core:/var/tmp/

Post-change workflow:
- confirm expected image / version
- validate service state and listening ports
- verify network reachability from the correct segment
- review logs and alerts for regression after change

Platforms & Tools

Technologies across networking, security, systems, and operations.

A tighter view of the platforms and tooling I have worked across in live support, troubleshooting, validation, and operations workflows.

Networking

  • Cisco IOS / IOS-XE
  • FortiGate
  • FortiWiFi
  • Cisco FMC
  • VLANs
  • DHCP
  • DNS
  • RADIUS
  • 802.1X
  • MAB
  • EAPOL
  • VPN Troubleshooting

Security

  • LogRhythm
  • FortiEDR
  • Microsoft Defender
  • Palo Alto WildFire
  • Zscaler
  • Proofpoint
  • PKI / Certificate Handling
  • Vulnerability Remediation
  • Incident Triage
  • Event Correlation

Systems

  • Windows Server
  • Linux
  • Ubuntu
  • VMware
  • vCenter
  • Nutanix Prism Central
  • SQL Server
  • Proxmox
  • NetScaler SDX / VPX
  • Backup Validation

Tools / Operations

  • Splunk
  • OpsGenie
  • ServiceNow
  • ConnectWise
  • IT Glue
  • PowerShell
  • Bash / CLI
  • SSH / SCP
  • WinSCP
  • AppDynamics
  • RabbitMQ

Contact

Let’s Connect

Open to new opportunities. Email is the best way to reach me, and LinkedIn is available for a quick profile review.

Emailstevenjhosek@icloud.com
LinkedInlinkedin.com/in/stevenhoseknyc
PDFDownload one-page PDF
Get In Touch

Professional Preview

This profile is shared selectively.Enter your access code to continue

Thanks for taking a look. This site is shared selectively for hiring and professional conversations. Enter the access code you were given to view the full profile, technical highlights, and resume.