I build, troubleshoot, and secure enterprise networks.
Isolating departments, securing guest traffic, and ending broadcast storms on flat networks.
A growing business runs its entire office on one flat network. The guest Wi-Fi, the accounting workstations, and the office phones all share the same broadcast domain. The network slows down at peak hours, guests can technically reach internal file shares, and there's no way to enforce who can talk to what without buying more hardware.
I redesign the network with VLAN segmentation so each department gets its own isolated subnet, inter-VLAN routing for controlled communication between them, and ACLs that enforce who can reach what. Guest devices are completely cut off from internal systems. Voice traffic gets its own VLAN so call quality is protected. Broadcasts stay contained inside each VLAN, so a single noisy device can't slow the whole office down. The result: better performance, real security boundaries, and a network that scales as the team grows, without replacing equipment.
Connecting multiple offices with automatic failover, so a single dropped link doesn't take down the business.
A company with two or more offices is connecting them with static routes that someone has to update manually every time a subnet is added. When a link goes down, traffic stops, someone has to log into a router and reroute it by hand. Outages turn into 30-minute downtime windows. Adding a new site means touching every router.
I deploy OSPF across the sites so the routers learn the network automatically and update each other when anything changes. When the primary link to a site fails, traffic reroutes through the backup path in seconds with no human intervention. New subnets propagate themselves, add a network at one site and every router knows about it. The business gets a self-healing WAN: fewer outages, faster recovery, and no manual route maintenance as the company adds locations.
Protecting the network edge, exposing only what should be exposed, and giving remote sites secure private access.
A business is sitting behind a basic ISP router with no real firewall. Internal services they want reachable from outside (a booking portal, a remote-access tool) are either fully exposed to the internet or not reachable at all. The remote branch office connects to head office over the public internet with no encryption. There's no logging of who tried to reach what.
I deploy a FortiGate at the edge with zoned interfaces (WAN, LAN, DMZ) and policy-based control over every flow in and out. Only the specific services that should be reachable from outside are exposed, on the specific ports they need. The remote branch connects to head office over an IPsec VPN tunnel, all traffic encrypted, no public exposure. Every connection is logged, so when something looks wrong there's an actual record. The business gets a real security perimeter and compliance-grade visibility, instead of relying on hope.
Wi-Fi that stays connected as people walk between rooms, with guests safely isolated from internal systems.
A multi-room office or facility has a single consumer-grade access point in one corner. Coverage is patchy, staff lose connection walking between rooms, video calls drop. Visitors are given the same Wi-Fi password as staff, which means guest devices end up on the same network as internal servers and printers. The password gets shared around and never changed.
I deploy multiple controller-managed access points covering the whole space, with a separate SSID for staff and a separate SSID for guests, each tagged to its own VLAN. Staff stay connected as they move because the APs hand them off seamlessly (802.11r fast-roaming). Guests get internet access through a captive portal but cannot reach anything internal. Modern WPA3 encryption is used where supported, with WPA2 fallback for older devices. The business gets reliable coverage, a clean separation between staff and visitor traffic, and no more shared-password problem.
Cutting phone bills, replacing aging landlines, and keeping call quality steady even during heavy data use.
A business is paying for traditional phone lines that are expensive and inflexible. Adding a new extension means calling the phone company and waiting a week. There's no IVR, no ring groups, no way to route calls intelligently. When someone in the office starts a large file transfer or backup, voice calls go choppy because data and voice are sharing the same network with no prioritization.
I deploy an on-premises PBX with SIP extensions, an IVR for inbound call routing, and ring groups so calls can hunt across teams. The PBX connects to the outside world through SIP trunking or existing FXO lines, whichever fits the budget. Voice traffic gets its own dedicated VLAN, and QoS is configured on the switches so voice packets always take priority over data. The business gets a modern phone system at a fraction of the cost, with call quality that holds steady even when the network is busy.
I'm a network engineer based in Kingston, Jamaica focused on enterprise networking, infrastructure, and security. I build, troubleshoot, and secure routing, switching, firewall, wireless, and VoIP environments. BSc in Computer Networking and Security from the University of Technology, Jamaica (May 2026).
Open to opportunities and collaboration. Reach out via any channel below.