Network Security Engineer

Joseph
Hannah III

Designing and securing enterprise networks in high-compliance production environments. Multi-site architecture, zero-downtime migrations, and infrastructure built to survive an audit.

View My Work Get In Touch
scroll
About

Self-taught. Production-proven.

I started in IT at 17 and have been building, breaking, and rebuilding networks ever since. No traditional degree path, just hands-on work across managed service environments, enterprise infrastructure, and now a PCI CPP-compliant card production manufacturer where the stakes are high enough that getting it wrong has real consequences.

My day-to-day involves architecting networks across multiple production sites, working with layered security zone architecture in a compliance-heavy production environment, and leading the network portion of compliance audits. I care about infrastructure that's designed correctly from the start, not patched into compliance after the fact.

I'm also the kind of person who reads PCI CPP compliance documentation on a Saturday morning just to stay sharp, which either makes me exceptionally well-suited for this work or seriously in need of better hobbies. Probably both.

Based in Toms River, NJ. Currently open to network security engineering opportunities.

Joseph Hannah
2017
First technical role. Been at it ever since.
10+
Production networks deployed across my career
PCI CPP
Compliance audit network SME, PCI CPP and ISO
50+
Self-hosted apps running in my home lab right now
Technical Skills

What I work with

Firewalls
pfSenseFortinet FortiGateCisco FMCCisco FTD
Switching & Wireless
Cisco Catalyst (IOS)Ubiquiti UniFiNetgearEnGeniusTP-Link
Protocols
IPSec / VPNVLANsLACP / 802.3adDynamic ARP InspectionNATSTPPGP
Security & Compliance
PCI CPPISO ComplianceHSM DeploymentCloudflare Zero TrustMicrosegmentationBitdefender
Platforms & Virtualization
ProxmoxVMwareTrueNASWindows ServerUbuntu ServerLinux
Tools & Monitoring
SplunkIT GlueHalo PSANinja RMMConnectWise
Experience

Where I've worked

August 2024 to Present
Network Security Engineer
TAG Systems (AustriaCard) / Eatontown, NJ
  • Architecting and deploying a new production facility network from the ground up, including security zone design, equipment selection, IP addressing, and PCI CPP-compliant remote HSA administration via IPSec VPN
  • Migrating a legacy flat production network to a fully segmented multi-zone architecture while maintaining continuous uptime across active card personalization operations
  • Designed a layered firewall architecture enforcing microsegmentation across edge, DMZ, and HSA security zones with least-privilege inter-zone routing and QoS
  • Network SME for PCI CPP and ISO audits, leading the infrastructure review and preparing technical evidence packages for assessors
  • Collaborating with global engineering and operations teams to coordinate deployments and compliance initiatives across sites
September 2022 to August 2024
Network Administrator
Monmouth Cyber / Brick Township, NJ
  • Managed enterprise network infrastructure for commercial clients across multiple industries
  • Configured and deployed Fortinet FortiGate firewalls, Cisco and Ubiquiti switching, and wireless infrastructure across managed environments
  • Executed network build-out projects and resolved escalated technical issues on-site and remotely
February 2022 to September 2022
IT Manager / IT Technician
Jenkinson's South Inc / Point Pleasant, NJ
  • Managed IT infrastructure for a high-availability entertainment campus
  • Ran and terminated structured cabling and provided risk assessment and IT strategy planning
September 2021 to January 2022
Fulfillment Expert
Target / Toms River, NJ
May 2017 to September 2020
Arcade Technician
Casino Beach Pier / Seaside Heights, NJ
  • First paid technical role, diagnosing and fixing hardware faults across a large arcade floor. The obsession with how things work started long before this, but getting paid to take machines apart at 14 made it clear it was never going away.
Featured Work

Projects that mattered

01 / Architecture
Multi-Site Production Network Deployment
Designed and deployed complete network infrastructure for a new production facility from the ground up. Covered security zone design, equipment evaluation and selection, full IP addressing scheme, structured cabling, and a PCI CPP-compliant site-to-site VPN architecture for remote HSA administration, all while managing the existing production environment in parallel.
ArchitectureIPSec VPNPCI CPPEquipment SelectionMulti-Site
02 / Migration
Zero-Downtime Production Network Segmentation
Migrated a legacy flat network to a fully segmented multi-zone architecture across an active card personalization production environment with no unplanned downtime. Work involved a complete VLAN redesign, IP addressing scheme migration, staged switch cutover, and firewall policy migration across all production zones, validated against PCI CPP requirements throughout.
VLAN DesignZero DowntimePCI CPPMicrosegmentationDAI
03 / Security
Layered Firewall and HSA Security Architecture
Designed a nested, multi-layer firewall architecture enforcing microsegmentation from the network edge through to the High Security Area. Implemented least-privilege inter-zone routing with QoS policies to prioritize production traffic, IPv6 security controls, Dynamic ARP Inspection, and port security throughout all access layers.
Firewall DesignMicrosegmentationHSAQoSIPv6 Security
04 / Migration
Enterprise Firewall Platform Migration
Executed a full firewall platform migration with no production impact, carrying over all security policy, site-to-site VPN tunnels, NAT configuration, VLAN subinterface design, and routing. Produced comprehensive reference documentation and a staged cutover checklist ensuring rollback options were available at every step.
Firewall MigrationIPSecNATDocumentationChange Management
05 / Compliance
PCI CPP and ISO Audit Network Review
Served as the network subject matter expert for PCI CPP and ISO audit cycles. Led the network infrastructure review, prepared technical documentation and evidence packages for assessors, responded to technical findings, and maintained the change management records that satisfy audit requirements across a multi-site environment.
PCI CPPISOAudit PrepDocumentationChange Management
06 / Compliance
Infrastructure Modernization and EoL Risk Remediation
Led the evaluation and selection of replacement switching infrastructure to address end-of-life hardware carrying deprecated cryptographic controls, a genuine PCI CPP audit exposure. Assessed candidate platforms against production PoE requirements, stacking architecture, IOS-XE cryptographic capabilities, and long-term compliance sustainability before recommending a migration path.
PCI CPPEquipment SelectionEoL PlanningCisco Catalyst
Home Lab

Enterprise infrastructure, at home

My home lab is not VLAN 1 on a consumer router. There is a full server rack in my home office that hums 24/7 and absolutely did not fit through the doorway without a brief moment of regret.

My real estate agent mentioned "home office potential." She did not specify what kind. I did not specify that I would be Googling load-bearing floor joist capacity before moving in a 7-foot rack. We have both chosen not to discuss it further.

The point of all of this is not to collect hardware. It's to make sure I'm never learning something for the first time on production equipment that matters. Every configuration I'm comfortable deploying at work has been destroyed, rebuilt, and documented here first.

The network runs on pfSense with full VLAN segmentation, IDS/IPS, and Cloudflare Zero Trust for remote access. No exposed ports, no port forwarding, no prayer-based security strategy. Compute is Proxmox hosting 50+ self-hosted applications across VMs and containers. Storage lives on TrueNAS Scale/CE with a 3-2-1 backup strategy that I have actually tested, because tested backups are the only kind that count.

Firewall
pfSenseVLAN segmentation, IDS/IPS, Cloudflare Zero Trust
Compute
Proxmox50+ self-hosted apps across VMs and LXC containers
Storage
TrueNAS Scale/CEMultiple nodes, redundant ZFS pools
Network
10GbE CoreLACP uplinks, managed switching, full VLAN tagging
Backup
3-2-1 StrategyOn-site redundancy, off-site replication, cloud cold storage
Remote Access
Cloudflare Zero TrustZero exposed ports, identity-aware access, audit logging
Certifications

Credentials and training

CompTIA ITF+
CompTIA A+
Fortinet NSE 1
Fortinet NSE 2
Fortinet NSE 3
CompTIA ITF+
CompTIA
CompTIA A+
CompTIA
Fortinet NSE 1 / 2 / 3
Fortinet
CCNA
In Progress / Cisco
Resume

The formal version

josephhannah_resume.pdf Download PDF

If the embed doesn't load, open the PDF directly.