Skip to main content
Aaron Stovall 32.64°N · 117.08°W · Chula Vista, CA
Network Security Engineer · Chula Vista, California

Aaron Stovall

Defending enterprise networks, building the tooling to run them.

// 15 yrs · panorama & check point MDM · agentic automation

Fifteen years inside the firewall estates of global manufacturers, a hyperscale social platform, and a pediatric hospital, with deep Palo Alto Panorama and Check Point Multi-Domain practice, and equally a builder shipping production Rust, TypeScript, and Go platforms that turn firewall operations into automated, self-service workflows.

Focus
Palo Alto · Check Point · Cisco
Builds in
Rust · TypeScript · Go
Compliance
NIST · CIS · ISO 27001
Profile

Network security engineer with fifteen years spent inside the firewall estates of global manufacturers, a hyperscale social platform, and a pediatric hospital, with deep Palo Alto Panorama and Check Point Multi-Domain practice across thousands of HA-configured devices, layered over Cisco Catalyst, Nexus, Meraki, ISE, and Aruba.

15+
Years Experience
70+
Automated Features
40%
Less Manual Work
20%
Faster Response
100%
Audit Adherence

Selected Impact

Global firewall operations
Ran Palo Alto Panorama and Check Point Multi-Domain estates across global operations, cutting incident response time 20% through centralized policy management and automation.
Automation at scale
Removed 40% of manual operational work via Python and Ansible pipelines, then extended past scripting into production-grade Rust and TypeScript platforms.
Agentic infrastructure automation
Designs agentic, AI-assisted automation for multi-vendor network operations, pairing natural-language intent with deterministic, governed execution.
Platform development
Built full-stack network management and analysis platforms integrating Palo Alto, Cisco, and Juniper APIs into unified control planes.
M&A security integration
Led perimeter assessments and site integrations across mergers, acquisitions, and divestitures, standardizing the work into repeatable playbooks.
Tier 3 escalation
Resolved hundreds of cross-domain escalations spanning routing, switching, firewall policy, wireless, and VPN in 24/7 production environments.
Compliance & zero trust
Held 100% audit adherence across NIST, CIS, CISA, and ISO 27001, embedding least-privilege enforcement into policy, access control, and segmentation.
Education & Credentials
Bachelor of Science, Game Software Development Westwood College, Upland, CA · 2005 – 2009
Palo Alto Networks Certified Network Security Engineer (PCNSE) Renewal in progress
Cisco Certified Network Associate (CCNA) Previously held
Experience

Eight roles across six organizations over fifteen years, progressing from helpdesk and field operations into senior network security engineering and platform development.

  1. Oct 2025 – Feb 2026

    Insight Global

    Network Engineer
    70+ automated featuresPA-7080 · PA-5400 fleetHIPAA-governed
    • Ran firewall request fulfillment, policy troubleshooting, and traffic analysis across a Panorama-managed HA estate of PA-7080 and PA-5400 firewalls in a HIPAA-governed healthcare environment.
    • Built the CNTRL platform, unifying Palo Alto Panorama, Cisco ISE, Catalyst Center, and Juniper Mist APIs into one control plane with 70+ automated features spanning policy hygiene, rule-overlap detection, compliance, and traffic analysis.
    • Developed Palo Alto API tooling for policy validation, operational dashboards, PAN-OS lifecycle management, upgrade automation, and visual log analysis.
    • Automated Cisco Catalyst Center and Nexus operations through platform APIs and direct SSH.
    • Designed and built SYDONIC, a custom agentic framework still actively supported, orchestrating Ansible playbooks for provisioning, configuration validation, compliance enforcement, and automated remediation across multi-vendor infrastructure.
  2. Nov 2024 – Oct 2025

    Mythos Systems

    Principal Network Security Engineer & Automation Developer
    Rust (Tauri 2) + SvelteKit115+ diagnostic scenariosPost-quantum crypto
    • Shipped a portfolio of production-grade network security and automation platforms in Rust (Tauri 2.0) and SvelteKit, converting years of firewall operations experience into tooling that removes manual effort and shortens incident resolution.
    • Architected API-driven integrations across Palo Alto Panorama, Cisco Catalyst Center, and Cisco ISE, automating policy hygiene, compliance, blast-radius assessment, and 115+ diagnostic scenarios that previously demanded manual CLI work.
    • Current work centers on a custom agentic framework for network operations: natural-language request interpretation, an integrated LLM with hybrid RAG retrieval over Palo Alto, Cisco, and Juniper documentation, and controlled, citation-backed execution.
    • Engineered post-quantum secure communications across the stack using Open Quantum Safe cryptography, including Kyber key exchange, Dilithium signatures, and quantum-safe TLS.
    • Cut firewall and VPN triage from hours to minutes by parallelizing 60+ diagnostic commands with anomaly detection and TAC-ready reporting.
  3. Jun 2022 – Nov 2024

    TikTok (ByteDance)

    Sr. Business Operations Protection Specialist, Network Security
    20% faster resolution30% posture gain40% less manual work
    • Directed daily operations for a global Panorama-managed HA environment of PA-5200, PA-3000, and PA-1400 firewalls alongside Cisco Meraki and Nexus switching, improving resolution times 20% through proactive automation.
    • Engineered multi-cloud network security across Azure and Oracle Cloud, lifting security posture 30% via automation-driven deployment and threat modeling in Python and Rust.
    • Provisioned and managed Palo Alto firewalls and Panorama in Azure using Terraform, configuring network security groups, peering, and policy sets to extend on-premises architecture into the cloud.
    • Built a custom Ansible Tower environment that cut manual provisioning effort 40% and made deployments repeatable at scale.
    • Deployed and managed ByteWAF and Akamai WAF via Istio service mesh, configuring rulesets and monitoring threats across web services in the USDS enclave.
  4. Nov 2011 – Jun 2022

    TE Connectivity

    Network Security Engineer III Mar 2021 – Jun 2022
    6,000-device refreshCheck Point MDMSZero-trust ZIA/ZPA
    • Managed global firewall operations across a Check Point Multi-Domain Management System spanning thousands of HA-configured firewalls, leading site security integrations and posture reviews through M&A activity.
    • Wrote a Python application automating Check Point firewall onboarding, imaging, policy provisioning, health checks, and log analysis for a 6,000-device refresh.
    • Built policy validation tooling on the Check Point Management API, scanning configurations across domains for rule violations, shadowed rules, and untracked access.
    • Administered Zscaler ZIA and ZPA, managing app connectors, access policies, and traffic forwarding for zero-trust connectivity across remote users and branch sites.
    • Coordinated multi-domain change management globally, holding policy consistency and compliance validation through M&A integrations and refresh cycles.
    Information Security Engineer III Jan 2019 – Mar 2021
    15% faster delivery10% fewer incidents24/7 on-call
    • Ran daily operations on Check Point MDMS firewalls across thousands of HA-configured devices: security requests, policy changes, HA failover validation, and M&A site integrations.
    • Processed policy updates, imaging requests, and health check validation, holding configuration standards and security baselines through maintenance windows.
    • Audited firewall configurations for policy violations and untracked access, driving remediation through targeted rule updates and change management.
    • Partnered with the Cyber Security team on incident response workflows and organizational security objectives.
    • Improved project delivery timelines 15% through Python and Rust automation of configuration updates and policy validation.
    IT Operations Analyst III Nov 2011 – Jan 2019
    Aruba wireless SMEFounded dev team35–45% on-site
    • Oversaw multi-site IT operations across West Coast facilities: upgrades, greenfield deployments, and on-site security integrations spanning Cisco Catalyst, Nexus, and Check Point. On-site work ran 35–45% of the role.
    • Served as subject matter expert for Aruba wireless, managing controllers, access point deployments, RF tuning, and role-based access policy.
    • Managed vendor and contractor relationships for infrastructure procurement, covering UPS systems, racks, network closets, AV systems, and gigabit Ethernet installations.
    • Evolved the team’s DevOps standards to include development standards, and established a small development team building Python and Rust network automation.
    • Partnered across Facilities, IT, and HR to support scalable, secure growth through process automation and consistent policy enforcement.
  5. Apr 2010 – Nov 2011

    Deutsch Industrial Products

    Helpdesk Administrator
    • Provided helpdesk administration and network support across the organization, handling user support and system troubleshooting.
  6. Feb 2009 – Apr 2010

    Ramko Manufacturing

    Network Administrator
    • Managed network administration, user support, and multi-site infrastructure.
Capabilities

Two ways to read this chapter: the disciplines Aaron operates across, and the concrete toolchain behind them.

Disciplines

Security
Palo Alto NGFW & Panorama·Check Point MDMS·Fortinet·Zscaler ZIA/ZPA·WAF·IDS/IPS·Zero Trust·Segmentation·Threat modeling
Network
Cisco Catalyst, Nexus, Meraki·Cisco ISE 802.1X·Aruba wireless·SD-WAN·LAN/WAN·Routing & switching·Tier 3 troubleshooting
Automation
Python·Ansible & Tower/AWX·Terraform·REST API orchestration·CI/CD·Infrastructure as code
Development
Rust (Axum, Tauri)·TypeScript·SvelteKit·Python (Django, Flask)·Agentic frameworks·LLM/RAG integration

Toolchain

Languages
  • Rust
  • TypeScript
  • Go
  • Python
Automation & IaC
  • Ansible & Tower/AWX
  • Terraform
  • CI/CD
  • SYDONIC
Platforms & APIs
  • Palo Alto Panorama
  • Check Point MDMS
  • Cisco Catalyst Center
  • NetBox
  • Infoblox
Operations
  • Zero Trust
  • Threat Modeling
  • ServiceNow
  • Jira
  • Observability

A 90+ mastery B 80–89 advanced C working proficiency

Selected Work

A year of focused product development under Mythos Systems: production-grade desktop platforms built in Rust and SvelteKit for the network engineers who run the world's firewall infrastructure.

2024 – Present

VERTEX

Palo Alto Command & Control Platform

Native desktop application built for network engineers and security operations teams managing enterprise Palo Alto Networks firewall infrastructure at scale. Built with Tauri 2 (Rust backend + SvelteKit 5 frontend), it ships as a lightweight, browser-free binary for Windows and macOS. The platform consolidates what would typically require dozens of separate tools into a single unified interface.

  • Eklipse Real-Time Telemetry Real-time firewall telemetry monitoring (CPU, memory, sessions, throughput) across multiple devices with threshold-based alerting.
  • Omnis Predictive Monitoring Predictive monitoring with SSH-based telemetry collection and anomaly detection across the managed firewall fleet.
  • PA-DIAG Diagnostics Engine Automated diagnostics engine with 115+ troubleshooting scenarios across 46 diagnostic categories, with PDF/DOCX/Excel/JSON report generation.
RustTauri 2.0SvelteKitTypeScriptPalo Alto API
2024 – Present

PRISM

Cisco Catalyst Intelligence Platform

Windows desktop application built with Tauri (Rust backend) and SvelteKit/Svelte 5 (frontend) designed for network engineers managing large-scale Cisco Catalyst switching infrastructure. Connects to Cisco Catalyst Center via REST API and to individual network devices via SSH and serial console.

  • Helix Terminal Manager Multi-tab SSH terminal manager with device inventory, command snippets, config pull, session logging, and serial console support.
  • Exception Report ISE 802.1X compliance analysis across all switch ports, with per-port compliance scoring, heatmaps, remediation, and rollback.
  • Config Analysis SSH-based configuration compliance checking against customizable rule templates covering security, best practices, QoS, STP, SNMP, and NTP.
RustTauri 2.0SvelteKitTypeScriptCatalyst Center API
2024 – Present

GHOSTWAVE

Wireless Analysis & Security Auditing Platform

Cross-platform desktop wireless network analysis and security auditing platform. Built with Tauri 2 (Rust backend) and SvelteKit (frontend), it provides a comprehensive suite of tools for Wi-Fi infrastructure management, from network scanning and RF analysis to security auditing and compliance reporting.

  • Security Auditing WPA3 transition scoring, PMF auditing, credential analysis, PCI compliance checks, and rogue AP classification.
  • RF Spectrum Analysis Waterfall displays, channel overlap/utilization analysis, interference detection, heatmap visualization, and environment baselining.
  • Client & Roaming Intelligence BSS transition tracking, roaming path graphing, sticky client detection, band steering analysis, and client identity profiling.
RustTauri 2.0SvelteKitTypeScriptSQLite

Also built

Contact

Let’s build
defensible infrastructure.

Open to senior network security, DevOps, and cleared roles, remote or in the San Diego area. The full résumé, references, and cover letter are available below.

MYTHOS/SYSTEMS © 2026 Aaron Stovall · Set in Fraunces & Inter · Built with SvelteKit