Aaron Stovall

Menu

Aaron Stovall | Network Security Engineer

Menu

SCROLL

// INTRODUCTION

I'm a Network Security Engineer & Automation/DevOps Expert

// ABOUT / PROFESSIONAL SUMMARY

"I don't wait for the threat landscape to change — I build infrastructure that's already ready for it."

Senior Network Security Engineer with over 15 years of experience designing, securing, and automating enterprise-scale network infrastructure. I don’t just manage firewalls — I build the environments that make organizations defensible.
 
My foundation is hands-on network security engineering: architecting and operating Palo Alto Panorama-managed HA environments across PA-7080, PA-5400, PA-3000, and PA-1400 series platforms, managing Check Point Multi-Domain environments with thousands of HA-configured firewalls, and engineering Cisco, Meraki, and Aruba ecosystems across global multi-site deployments. I’ve led greenfield builds, hardened production infrastructure under pressure, and embedded automation into every layer from policy enforcement to device provisioning.
 
At TikTok, I led network security operations within the USDS enclave, directing a global Panorama environment alongside a full Meraki SD-Access network while aligning to NIST, CISA, and CIS frameworks. I implemented biometric 2FA, built Ansible Tower automation that eliminated 40% of manual effort, and served as the Tier 3 escalation point for the most complex cross-domain issues hitting production. Before that, I spent over a decade at TE Connectivity — progressing through three title promotions while managing global firewall operations, leading M&A security integrations, and building the Python tooling that modernized how my team operated at scale.
 
What separates me from most network engineers is that I also write production software. I independently designed and built a full-stack network management platform in Rust and SvelteKit, integrating APIs across Palo Alto Panorama, Cisco Catalyst Center, Cisco ISE, and Juniper Mist into a single control plane. I think in code as fluently as I think in network architecture, and that intersection is where I do my best work.
 
I stay sharp by staying uncomfortable — pursuing unfamiliar hardware, unconventional configurations, and emerging frameworks before they become mainstream. The threat landscape doesn’t wait, and neither do I.

Click For Latest Resume

// RESUME – KEY ACCOMPLISHMENTS

 

Achievements & Capabilities

A concise breakdown of proven achievements, strategic capabilities, and technical mastery honed over 15+ years.

Key Accomplishments

  • Global Firewall Operations Leadership Directed Palo Alto Panorama-managed HA environments (PA-7080, PA-5400, PA-3000, PA-1400), Check Point Multi-Domain, and Cisco Meraki infrastructure across global operations. Improved incident response time by 20% through centralized policy management and proactive automation.
  • Cross-Functional Architecture Expertise  Built a deep, cross-disciplinary skillset spanning hands-on infrastructure engineering, automation tooling, and secure protocol design across global-scale environments. Known for bridging high-level architecture decisions with low-level implementation — equally comfortable in a Panorama policy review and a Python debugging session.
  • DevOps & Automation at Scale            Reduced manual operational tasks by 40% through Python and Ansible automation integrated into DevOps pipelines. Built a custom Ansible Tower environment enabling consistent, secure provisioning across hundreds of firewalls and network devices.
  • Enterprise Platform Development Independently designed and built a full-stack network management platform in Rust and SvelteKit, integrating APIs across Palo Alto Panorama, Cisco Catalyst Center, Cisco ISE, and Juniper Mist into a unified control plane.
  • Custom Tooling & Operational Impact  Created custom security and network analysis tools adopted by adjacent teams, directly improving operational efficiency and reducing time-to-resolution across security operations.
  • Team Leadership Led and mentored west coast technical teams, fostering advanced skills and building autonomous, high-performing workforces capable of operating independently across complex environments.

Core Competencies & Technical Expertise

  • Security Architecture:
    Expert in designing secure, resilient infrastructures
    aligned with Zero Trust, NIST, CIS, and CISA frameworks.
  • Firewall Architecture:
    Deep expertise across Palo Alto Panorama-managed HA environments (PA-7080, PA-5400, PA-3000, PA-1400), Check Point Multi-Domain, and Fortinet platforms.
  • Network Engineering:
    LAN/WAN design and deployment across Cisco Catalyst, Meraki, and Aruba ecosystems. Routing, switching, wireless architecture, and Tier 3 troubleshooting.
  • Automation & DevOps:
    Python, Ansible, Ansible Tower/AWX, CI/CD pipeline security, API orchestration, and Infrastructure as Code. Reduced manual tasks by 40%.
  • Development:
    Production code in Rust, TypeScript, Python, and Go. Built a full-stack network management platform integrating Palo Alto, Cisco, and Juniper APIs.
  • Incident Response & Escalation:
    Tier 3 escalation lead across routing, switching, firewalls, wireless, and VPN. 24/7 on-call operations with a track record of resolving production-impacting issues.
  • Security Focused Design:
    Designed and threat modeled network security architecture following industry benchmarks, corporate policy, and least-privilege principles.
  • Custom Tooling:
    Built security and network analysis tools adopted across teams — API-driven automation for firewall policy validation, configuration analysis, and operational workflows.
  • MA&D:
    Led network security integrations and divestitures for TE Connectivity's Global Network Security team. Conducted perimeter security reviews for acquired hardware, drove service stack integrations, and enforced new standards on executive timelines.

// RESUME - WORK HISTORY

Work History Overview

A distilled summary of a career built through sustained impact, hands-on leadership, and evolving technical mastery.

Rady Children's Hospital

2025-2026

Network Engineer

 

  • Served as a contract network engineer specializing in firewall request fulfillment, policy troubleshooting, and firewall analysis across the hospital's Palo Alto Panorama-managed HA environment, supporting PA-7080 and PA-5400 series firewalls.
  • Developed custom automation tools leveraging the Palo Alto Networks API to streamline firewall operations, policy validation, and configuration analysis across the PA-7080 and PA-5400 platforms.
  • Built solutions for Cisco Catalyst Center integration, utilizing both the platform API and direct SSH operations to automate network device management and configuration tasks across the hospital's switching infrastructure.
  • Performed in-depth firewall troubleshooting and traffic analysis to resolve complex connectivity and security policy issues in a healthcare environment governed by strict HIPAA compliance and patient data protection requirements.
  • Processed and fulfilled daily firewall change requests, coordinating with clinical and IT teams to ensure policy changes maintained security posture while supporting operational needs across a 24/7 healthcare facility.
 

Independent Development & Consulting

2024-2024

Network Automations & DevOps Engineer

  • Designed and developed a full-stack enterprise network management platform using Rust (Axum) for the backend and SvelteKit with TypeScript for the frontend — purpose-built to deliver unified visibility and control across multi-vendor network infrastructure from a single pane of glass.
  • Built integrated firewall policy analysis modules supporting overlap detection, shadow rule identification, and rule optimization across Palo Alto environments, including automated import and comparison of large-scale rulesets with thousands of entries.
  • Developed network diagnostic and traffic analysis tools with real-time data visualization, enabling granular inspection of application-level traffic patterns, security posture assessment, and rapid identification of policy gaps.
  • Engineered API integrations across Palo Alto Panorama, Cisco Catalyst Center, Cisco ISE, and Juniper Mist platforms, providing centralized orchestration and telemetry collection across disparate vendor ecosystems through a unified interface.
  • Implemented a full SSH client with support for legacy and modern device interaction, alongside certificate management systems for key lifecycle operations — enabling both automated bulk operations and interactive terminal sessions against network infrastructure.
  • Created enterprise authentication and session management frameworks supporting multiple credential types, role-based access control, and secure multi-user deployment scenarios with persistent encrypted session handling.
  • Architected the platform with a modular, extensible design philosophy — each vendor integration, analysis tool, and management interface built as an independent module, allowing rapid onboarding of new vendor ecosystems without rearchitecting the core.

TikTok

June 2022 - Nov 2024

Sr. Business Operations Protections Specialist

 

  • Directed daily operations for a global Palo Alto Panorama-managed HA environment with PA-3000 and PA-1400 series firewalls, alongside a Cisco Meraki infrastructure of MX routers, MS switches, and wireless access points; improved incident resolution times by 20% via proactive automation and live collaboration with engineering teams.
  • Engineered multi-cloud network security architectures across Azure and Oracle Cloud, improving security posture by 30% through automation-driven deployments and advanced threat modeling using Python and Go.
  • Built a custom Ansible Tower environment to automate firewall and network configurations, cutting manual effort by 40% and enabling consistent, secure provisioning at scale across hundreds of devices.
  • Authored internal compliance tooling and led regulatory audits, achieving 100% adherence to frameworks including NIST, CISA, and ISO 27001, while reducing audit prep overhead through automation.
  • Developed and deployed biometric 2FA solutions using TruU and Prisma APIs, improving user experience and reducing security incidents by 15% through seamless biometric verification workflows.
  • Led Tier 3 troubleshooting efforts for complex issues involving network infrastructure, wireless connectivity, firewall policies, and VPN services, often resolving escalations that impacted production services.
  • Participated in 24/7 on-call operations, ensuring rapid incident response and maintaining uptime for critical infrastructure across global environments.
  • Spearheaded multiple projects and authored comprehensive documentation for internal teams, streamlining deployment and support processes for firewalls, BYOD networks, and VPN solu

TE Connectivity

November 2011 - June 2022

Network Security Engineer III (Consolidated, Highest Title)

 

  • Managed global firewall operations across a Check Point Multi-Domain Management System (MDMS) with thousands of HA-configured firewalls, processing daily inbound requests and leading site security integrations and posture reviews as part of M&A activities across TE Connectivity's global portfolio.
  • Developed Python applications to automate firewall imaging, policy updates, health checks, and log analysis for a 6,000-device refresh project, significantly accelerating deployment timelines and reducing manual effort across the team.
  • Built custom tooling for policy validation, scanning firewall configurations in batch to detect violations and untracked access patterns, remediating through targeted rule updates and establishing repeatable audit workflows.
  • Partnered with SOC analysts to enhance detection workflows using Python-based log parsing and anomaly flagging, improving incident triage response times. Served as lead point of contact for major incidents on the west coast team for 24/7 on-call operations.
  • Reduced security incident rates by 10% via QA validation, HA failover testing, and automated remediation during infrastructure changes. Conducted security reviews, evaluations, and risk assessments supporting the development of security policies and procedures.
  • Oversaw multi-site IT operations for West Coast facilities, coordinating upgrades, greenfield deployments, and on-site security integrations aligned with corporate standards. On-site work accounted for 35–45% of responsibilities.
  • Developed and implemented comprehensive vulnerability management programs, reducing security risks by 20% through proactive assessment, remediation planning, and automated reporting.
  • Established team standards for technical and operational management of security platforms. Led DevOps initiatives and collaborated with cross-functional teams to standardize infrastructure security across new and acquired sites, ensuring scalable, secure growth.

Ramko MFG

Feb 2009 - April2010

Network Administrator

  • Network Administration
  • Device Administration
  • User Support

Deutsch Industrial Products

April 2010 - Nov 2011

Helpdesk Administrator

  • Helpdesk Administration
  • Global SAP Backup Management
  • Network Administration
  • Device Administration
  • User Support

// SKILLSET

Core Network Security Skillset

“Crafted through experience. Driven by strategy. Proven in production.”

Firewalls

100%

Firewall Policy and Orchestration

95%

OSI Troubleshooting

95%

Networking Fundamentals

95%

Network Security Architecture

90%

Switches

90%

Security Architecture

90%

Palo Alto

85%

Routers

85%

Architectural Diagrams

85%

Cisco

85%

DevOps Engineering

85%

Automation

85%

Python

85%

GO Lang

85%

Risk Management

85%

Check Point

75%

Rust

85%

Typescript

85%

API Development

100%

// DEVOPS

Devops Portfolio

 

My Github Available Here
 
These projects reflect how I approach infrastructure tooling — purpose-built, automated, and engineered to solve real operational problems. Each one started with a gap I kept running into and ended with a tool that filled it. Take a look, and feel free to reach out if you want to dig deeper into any of them.

GhostShell Toolkit

Welcome to GhostShell Toolkit – a cross-platform network diagnostics and survey GUI application built using Python and PySide6. It provides a suite of network diagnostic tools, including connection quality measurement, throughput monitoring, network scanning, Wi-Fi surveying, and packet capture, all within an elegant custom user interface.

 

https://github.com/gh0stinthemirr0r/GHOSTSHELL-TOOLKIT

Surveyor

 

Surveyor

Surveyor is a Python-based network scanning and diagnostics tool that uses Nmap for host discovery and port scanning, simulates traffic generation for connection quality measurements, and displays the results on a modern, scrollable dashboard built with Pygame. It also generates detailed reports in both PDF and CSV formats and exposes Prometheus metrics for monitoring.

 

https://github.com/gh0stinthemirr0r/Surveyor

Layers

Layers

Originally starting as a as a command line python project, now a full gui golang project, 

LAYERS: OSI Layers CLI Testing Suite

https://github.com/gh0stinthemirr0r/Layers

pan_engine

Pan_Engine

Pan_Engine is a gui wrapper for the Palo Alto API that will allow you to directly export API reports directly from this interface using an input API Key.

https://github.com/gh0stinthemirr0r/pan_engine

GHOSTSHELL

GHOSTSHELL

Post-Quantum Secure Terminal Application (Multi-Window)

Application is still in alpha.

GhostOps

VERTEX

RSAT-VISION

PRISM

PA-DIAG

GP-Medic

// QUESTIONS 



Common Questions

For your convenience, some frequently asked questions are addressed below.

  • Are you currently looking for work?

    I’m currently open to offers, and even when I’m not actively seeking, I remain open to hearing about compelling opportunities.

  • Would you be interested in pure programming work?

    I appreciate the opportunity, but this isn’t the right fit for me at this time, as my true passion lies in security."

  • Do you prefer contract for full-time employment?

    While I prefer full-time roles, I’m also open to long-term W2 contract opportunities.

  • Can you work full time?

    I can work full time.

  • What is the best method of contact?

    I am most active on LinkedIn, as well as use the contact forms on this site, although, LinkedIn is most reliable.

  • What is your LinkedIn?

    My LinkedIn is: https://www.linkedin.com/in/aaron-stovall/

  • What is your preferred email?

    My preferred email is: aaronstovall@pm.me

// CONTACT FORM

 

Contact Form

Please feel free to use the below form to reach out to me, should you need immediate contact. It simply utilizes your email client to send my primary email an email. Alternatively, message me over LinkedIn (Preferred).

* Marked fields are required to fill.

Your Message has been sent!

Click For Latest Resume