Network engineering, scoped before commit.

Multi-vendor production work — FortiGate, Cisco, Microsoft Entra/Intune, Ruckus, UniFi, AWS/Azure/GCP, monitoring, AI-assisted ops. Remote, English and Spanish. The rollback plan gets written down before anything ships.

• Spot · hours to a day
• Project · 2–8 weeks
• Advisory retainer · monthly

cflores@packetloss.tech LinkedIn

Send a brief

Reply within one business day. No list, no follow-up sequence.

Name*

Email*

Engagement type Not sure yet Spot consulting (hours to a day) Project work (2–8 weeks) Advisory retainer (monthly)

What you're working on*

Send message →

If your IT team is wrestling with a firewall migration, an identity rollout that stalled, a VPN refusing to come up the night it was supposed to, or a monitoring stack that pages on noise instead of incidents — that’s the work we take on.

What we work on

• FortiGate · Multi-site firewall + VPN.
  • IKEv2 / IPsec site-to-site
  • SSL VPN deprecation path (FortiOS 7.4+)
  • SD-WAN + SAML to Entra ID
  • Hardening reviews against KB04-style guardrails
• Cisco FTD / FMC / IOS / Umbrella · Enterprise firewall + secure access.
  • FTD initial setup + FMC migrations from CDO
  • ASA → FTD conversions
  • DMVPN, EIGRP, access policies
  • Umbrella DNS-layer filtering + FVRF tunnel debugging
• Entra ID + Intune + Mosyle · Identity + endpoint, unified.
  • Conditional Access design + LAPS
  • Intune compliance policies + hybrid identity
  • Domain → Entra migrations (USMT + OneDrive KFM)
  • Mosyle for mixed Apple fleets — DEP + Entra-aware SSO
• Ruckus + UniFi · Wireless + switching that holds up.
  • Ruckus ZoneDirector → vSZ migrations
  • ICX switching + UniFi SMB designs
  • Cisco C9800M HA wireless deployments
  • Multi-AP roaming that actually works
• AWS + Azure + Google Cloud · Hybrid networking, day-two ready.
  • IKEv2 to AWS Site-to-Site + Azure VPN Gateway
  • Transit Gateway + hub-and-spoke designs
  • VPC/VNet peering + route propagation
  • SG vs NSG vs firewall-rule debugging across vendors
• Zabbix + Grafana · Monitoring that pages on incidents, not noise.
  • Templates for FortiGate, Cisco, Linux hosts
  • Grafana dashboards on InfluxDB or Prometheus
  • ntfy + email alerting
  • Capacity-planning queries that actually answer "is this circuit running out of headroom yet?"
• Claude + Gemini for ops · AI tooling in the workflow your team already uses.
  • Incident summarization from raw syslog
  • Change-plan drafts before MOPs
  • Runbook generation
  • AI-assisted documentation — tooling, not chatbots

Bilingual engagements across LATAM — the same expertise, delivered in Spanish. Neutral pan-regional Spanish that reads naturally to an IT team in Caracas, Bogotá, or Mexico City.

Selected work

A sample of production work across firewall, routing, wireless, identity, and monitoring:

• FortiGate 401F dual-ISP

  IKEv2 to Azure Traffic Manager and SAML auth via Entra ID for an SMB with two upstream carriers and active-active failover.

• Cisco FTD migration: CDO → local FMC

  Policy conversion, re-registration, post-migration event validation. The kind of project where the rehearsal runbook is half the deliverable.

• 50-PC domain → Entra ID migration

  USMT for profile carry-over, OneDrive KFM for file state, Conditional Access redesigned around the new identity surface, Mosyle for Apple devices in the same fleet.

• Ruckus ZoneDirector → vSZ

  Wireless controller migration with zero downtime for the production SSID and a clean swing-window for the guest VLAN.

• Zabbix + Grafana observability rollout

  Mid-market environment that paged on noise and missed real incidents. Re-templated FortiGate / Cisco / Linux hosts, set sensible thresholds, built capacity dashboards that actually drive purchasing decisions.

• Cisco Umbrella DNS-layer policies

  Roaming-client deployment for a hybrid workforce, content categories tuned against real query logs, integration with Entra ID groups for per-OU policy.

How engagements work

Remote-first. Time zone: Venezuela Time (UTC-4). Comfortable working across US Eastern, Central, and Pacific time zones and LATAM hours.

Three engagement shapes:

• Spot consulting

  Hours-to-a-day engagements.

  • Second-pair-of-eyes troubleshooting
  • Design or migration review
  • Tabletop incident walkthrough

• Project work

  2 to 8 weeks, scoped.

  • Migrations and deployments
  • End-to-end vendor changes
  • Documentation + handoff included

• Advisory retainer

  Monthly cadence.

  • Ongoing architecture review
  • Runbook drafting + updates
  • On-call backup for critical changes

Frequently asked

• What's the typical engagement size?

  Spot consulting runs a few hours to a day. Project work runs two to eight weeks for most firewall, identity, and monitoring scopes. Advisory retainers are monthly. Each shape comes back with scope and deliverables defined inside one business day after the intake call.

• Do you work outside the listed stack?

  Sometimes. If your stack overlaps ours in 70%+ of the work, we're probably a fit. If the project is centered on a vendor we haven't shipped in production (Palo Alto, Juniper SRX, Aruba ClearPass), we'll say so on the intake call rather than learn on your timeline.

• Are engagements available in Spanish?

  Yes. Native LATAM Spanish — comfortable with IT teams in Venezuela, Colombia, Mexico, Argentina, Peru, Chile. CLI commands stay in English (that's how the device interfaces render); the surrounding documentation, runbooks, and meetings can be Spanish, English, or both.

• How do AI-assisted operations work in practice?

  Concrete examples: incident summarization from raw syslog into a 5-line briefing, change-plan drafting that catches missing rollback steps before the change window, runbook generation tied to your real environment, weekly digest reports that surface drift and capacity trends. Always operator-in-the-loop — the AI suggests, your engineers decide. No autonomous-action setups.

• What does a typical migration deliverable look like?

  A scoped runbook (executive summary + per-step CLI/GUI sequence + rollback path), a change window, a post-change validation checklist, and a written summary at the end. Code blocks are copy-pastable. Diagrams where they earn their space — not every project needs one.

• Do you sign NDAs?

  Yes. Standard NDAs are fine — we'll sign before any sensitive material is shared. For longer engagements, an MSA + SOW structure is welcome.

Got context to share? Jump back to the brief form ↑ or email cflores@packetloss.tech directly.