dn@portfolio:~$ resume.pdf

cat engineering-profile.txt

Infrastructure. Network security. AI systems.

I build and modernize the systems underneath the application layer: DNS, virtualization, storage, routing, firewall policy, backups, monitoring, AI lab infrastructure, and the runbooks that make changes repeatable.

Core work: DNS modernization · VMware/Proxmox · ZFS/Ceph · network security · Nasuni/Azure Files · AI/RAG · GIS/DB tuning

Certifications: CCNP Security · AWS Solutions Architect Professional · Azure Administrator · Fortinet FCSS/FCP

Professional headshot of David Nicola
David Nicola Consulting Systems Engineer Infrastructure modernization / network security / platform operations

Project map

Browse the work by system type.

Each section is written around what was designed, migrated, tuned, secured, or made operational.

Capabilities

Practical engineering surface area.

Not a tool list. These are the systems I have had to make stable, secure, recoverable, and supportable.

Virtualization

VMware to Proxmox modernization

Host architecture, workload placement, ZFS-backed node design, Ceph cluster patterns, Proxmox Backup Server, HA boundaries, migration windows, and rollback planning.

Core Services

DNS and core service rebuilds

DNS host migration, zone/database reconstruction, replication/failover design, authoritative DNS operations, and PowerDNS-oriented modernization paths from legacy SimpleDNS-style workflows.

Network Security

Firewall, routing, and segmentation

Policy design, route preference, VPN/IPsec, SD-WAN, NAT, HA/failover, packet capture, log review, traffic-flow validation, and Fortinet platform implementation experience.

File/Data

Distributed file and archive systems

Nasuni, DFS namespaces, Azure Files, SMB permissions, cache/latency behavior, namespace continuity, restore validation, and S3 Glacier archival design.

AI Infrastructure

Self-hosted AI/RAG labs

Ollama, Open WebUI, local model runtime, document ingestion, embeddings, vector indexes, source-grounded retrieval, Docker/Linux deployment, and Python automation.

GIS / DB

GIS and database performance

3-GIS and ArcGIS support tied to SQL/query review, indexing, database maintenance, service dependencies, map-service responsiveness, monitoring, and backup/restore planning.

Technical skills

Skills recruiters can scan and engineers can verify.

Search by system, tool, protocol, storage layer, or project area.

Network security engineering

CCNP Securityfirewall policyroutingsegmentationVPN/IPsecNATSD-WANHA/failoverGSLBpacket capturenmaplog analysisFortiGateFortiAnalyzerFortiManagerFortiGSLBCiscoJuniperMerakiMikroTikAruba

Virtualization and clustered storage

VMware vSphereProxmox VEZFSCephclustered storageshared storageProxmox Backup ServerLinux serversWindows serversHP/Dell/SupermicroiDRAC/iLO/IPMImigration planningrollback designHA boundaries

DNS and core infrastructure

PowerDNSSimpleDNS migrationauthoritative DNSzone reconstructionreplication/failoverDNS databasesLinux servicesDebianUbuntuRed HatLibreNMSGraylogSNMP monitoringBashPythonPowerShell

Distributed file and archival systems

NasuniDFS namespacesAzure FilesSMBpermissions/ACLsnamespace migrationcache behaviorlatency reviewbackup/restore validationS3 Glacierretention planning

AI infrastructure labs

OllamaOpen WebUIlocal LLM hostingembeddingsvector databasesdocument ingestionretrieval pipelinessource groundingDockerLinuxPython automationdata-control design

Cloud, identity, and automation

AWSAzureVPCsEC2/RDS/S3S3 GlacierAzure endpointsExchangeTerraformAWS CDKAnsibleKubernetesDocker ComposePowerShellBashDNS/PKIActive DirectoryLDAP/OpenID/SSO

GIS and database platforms

3-GISArcGISSQL/query reviewindexingdatabase maintenancemap-service performanceapplication dependenciesMySQLPostgreSQLMongoDBbackup/restore planning

Security operations and evidence

security liaisonvulnerability validationscanner reviewremediation trackingevidence workflowsSIEM/loggingEDRDuo proxiesMimecastDNS securityrisk reviewSOPsoperational handoff

Project work

Projects with technical shape.

These are written as infrastructure stories: what was fragile, what was redesigned, and what became easier to operate.

01

DNS / Core Services

SimpleDNS to PowerDNS-oriented core service modernization

Modernized DNS operations by moving away from host-bound legacy workflows toward a cleaner authoritative DNS model with reconstructed zone data, replication/failover, and Linux service ownership.

Technical details
  • Migrated DNS services to new hosts and reconstructed DNS databases/zone records.
  • Designed replication and failover so core name resolution was not tied to a single fragile service path.
  • Framed the next operating model around PowerDNS authoritative services with a database backend for automation, auditability, and repeatable zone management.
  • Connected DNS work to PKI, SSO/LDAP, VPN, cloud endpoint, and core network dependencies.
Systems: SimpleDNS-style legacy DNS, PowerDNS architecture, Linux, DNS databases, replication/failover, PKI, LDAP/SSO, VPN dependencies.
Outcome: More maintainable DNS foundation, cleaner recovery path, and less operational risk around core network services.
02

Virtualization / Storage

VMware to Proxmox VE architecture with ZFS and Ceph

Designed migration patterns for moving workloads from VMware into Proxmox VE while treating storage, backup, HA, and rollback as first-class design constraints.

Technical details
  • Mapped workloads, host dependencies, backup relationships, storage paths, and recovery priority before migration sequencing.
  • Used ZFS for local node storage patterns where integrity, snapshots, and predictable recovery mattered.
  • Evaluated Ceph clustered storage for workloads that need shared storage semantics, failure-domain awareness, and HA flexibility.
  • Planned around Proxmox Backup Server, bridge/VLAN layout, management interfaces, and post-cutover validation.
Systems: VMware vSphere, Proxmox VE, ZFS, Ceph, Proxmox Backup Server, Linux/Windows workloads, Dell/HP/Supermicro hosts, iDRAC/iLO/IPMI.
Outcome: Lower dependency on licensing-heavy virtualization paths, more transparent storage behavior, and clearer recovery/runbook ownership.
03

Datacenter / Colo

HQ to colocation migration and physical buildout

Supported relocation of production systems from headquarters into a colocation facility over ELAN connectivity, including rack buildout, host configuration, and validation of production services.

Technical details
  • Built out physical infrastructure and host environments for the new facility.
  • Validated VMware host configuration, connectivity, rack layout, and operational access paths.
  • Aligned migration work with high availability, outage handling, and production continuity requirements.
Systems: VMware vSphere, HP/Dell hardware, colocation facility, ELAN, routing, host management, high-availability systems.
Outcome: Production systems moved into a more appropriate datacenter footprint with clearer operational ownership.
04

Network Security

Firewall policy, SD-WAN, segmentation, and traffic validation

Worked across firewall rules, routing, SD-WAN, VPN/IPsec, segmentation, centralized logging, and packet-level validation to make network behavior match security intent.

Technical details
  • Reviewed rule intent, NAT, address/service objects, tunnel paths, route preference, and HA behavior.
  • Used Nmap, packet capture, log analysis, and traffic-flow review to separate real issues from assumptions.
  • Kept Fortinet tooling in context: useful implementation platforms, not the actual skill by itself.
Systems: FortiGate, FortiAnalyzer, FortiManager, FortiGSLB, Cisco, Juniper, Meraki, MikroTik, Aruba, VPN/IPsec, SD-WAN, DNS/PKI.
Outcome: Security policy became easier to validate, troubleshoot, and hand off after routing or firewall changes.
05

File / Data Services

Legacy file services to Nasuni, DFS, Azure Files, and S3 Glacier

Worked on file-service migration and recovery design where permissions, user paths, latency, archive retention, and restore behavior had to be aligned before handoff.

Technical details
  • Migrated legacy file systems into Nasuni and DFS-style namespace patterns.
  • Reviewed SMB permissions, ACL continuity, cache behavior, and latency-sensitive access patterns.
  • Connected Azure Files and S3 Glacier decisions to retention, retrieval expectations, and recovery procedures.
Systems: Nasuni, DFS namespaces, Azure Files, SMB, Windows/Linux servers, AWS S3 Glacier, backup platforms.
Outcome: File services became more resilient, easier to recover, and less dependent on legacy path assumptions.
06

AI Infrastructure

Self-hosted RAG lab for controlled document retrieval

Built local AI/RAG workflows to test how infrastructure teams can use private document retrieval without treating public AI services as the default data path.

Technical details
  • Built local model workflows using Ollama, Open WebUI, embeddings, vector indexing, and document ingestion.
  • Tested retrieval quality, source grounding, model/runtime behavior, latency, and storage boundaries.
  • Documented practical operating patterns around data control, source attribution, and support ownership.
Systems: Ollama, Open WebUI, local LLMs, vector databases, Docker, Linux, Python, document retrieval pipelines.
Outcome: A practical lab for internal knowledge retrieval that is grounded in infrastructure constraints instead of demos.
07

GIS / Database

3-GIS and ArcGIS deployment support with database tuning

Supported GIS platform work across application dependencies, database performance, map-service response time, backups, and operational troubleshooting.

Technical details
  • Connected GIS behavior to database query plans, indexing, server dependencies, and service health.
  • Tuned and maintained database-backed systems where application performance depended on clean SQL, indexing, and maintenance routines.
  • Aligned restore planning and troubleshooting procedures with application-owner handoff.
Systems: 3-GIS, ArcGIS, MySQL, PostgreSQL, MongoDB, SQL/query review, indexing, map-service performance, Windows/Linux servers.
Outcome: GIS issues became easier to isolate across application, database, server, and storage layers.
08

Security Operations

Security liaison and vulnerability remediation workflow

Turned scanner output and security requirements into infrastructure work that could be assigned, validated, evidenced, and closed.

Technical details
  • Validated findings and separated real exposure from scanner noise.
  • Coordinated evidence, remediation ownership, risk review, and closure across infrastructure and security stakeholders.
  • Supported control workflows across identity, email security, endpoint controls, DNS security, logging, and EDR.
Systems: Arctic Wolf scanning review, Nmap, FortiAnalyzer, SIEM/logging, Carbon Black, Aurora, Duo proxies, Mimecast, DNS security, Active Directory, LDAP, PKI, OpenID.
Outcome: Security work moved from abstract findings to operational remediation and evidence.

Technical domains

Stack view by engineering area.

Built for recruiters who need a fast scan and engineers who want the actual substrate.

Virtualization

VMware / Proxmox / storage architecture

VMware vSphere · Proxmox VE · ZFS · Ceph · PBS · shared storage · HA · backups · migration windows · rollback · host management

  • Assess hosts, storage paths, backup relationships, and workload dependencies before migration.
  • Use ZFS where local integrity/snapshots matter; use Ceph where shared clustered storage and HA behavior are justified.
  • Document cutover, validation, rollback, and steady-state operations.

DNS/core

Core service modernization

SimpleDNS migration path · PowerDNS authoritative · zone/database reconstruction · replication/failover · Linux service ownership · monitoring

  • Move DNS away from fragile host-bound operation toward database-backed, auditable service management.
  • Rebuild zone data and failover paths so DNS is recoverable and maintainable.
  • Tie DNS changes to identity, VPN, cloud endpoint, PBX, and application dependencies.

Network security

Security controls at traffic level

CCNP-S · firewall policy · routing · segmentation · VPN/IPsec · SD-WAN · NAT · HA · GSLB · packet capture · logs · Fortinet platforms

  • Map traffic intent to rules, NAT, route preference, tunnel behavior, and segmentation boundaries.
  • Validate change outcomes with packet capture, Nmap, flow review, and centralized logs.
  • Keep vendor platforms secondary to fundamentals: route, policy, state, flow, recovery, and documentation.

File/data

Distributed file and archival systems

Nasuni · DFS namespaces · Azure Files · SMB · ACLs · cache behavior · latency review · backup/restore · S3 Glacier

  • Translate legacy paths into resilient namespaces with permissions continuity.
  • Map cloud file and archive services to access patterns, retention, recovery, and support ownership.
  • Validate backup, restore, archive retrieval, and handoff before treating the migration as complete.

AI infrastructure

Private retrieval infrastructure

Ollama · Open WebUI · local LLMs · embeddings · vector databases · document ingestion · RAG pipelines · Docker/Linux · Python

  • Run local model and retrieval stacks to understand real resource, latency, and data-control tradeoffs.
  • Test source grounding and retrieval quality instead of only testing chat UI behavior.
  • Write operating patterns for teams that will maintain the system after the proof of concept.

GIS/database

GIS application and database performance

3-GIS · ArcGIS · SQL/query review · indexing · DB tuning · map-service performance · monitoring · backup/restore

  • Trace performance across application, database, server, storage, and network layers.
  • Review indexing, maintenance, query behavior, and resource utilization for service impact.
  • Align troubleshooting and restore procedures with application-owner handoff.

SecOps

Security operations systems

Vulnerability validation · evidence · SIEM/EDR · DNS security · email security · identity controls · remediation tracking

  • Convert scanner findings into owned remediation work.
  • Translate security requirements into implementation steps and evidence artifacts.
  • Support controls across identity, endpoint, email, logging, DNS, and access layers.

Cloud/archive

Hybrid cloud and automation

AWS · Azure · VPCs · hybrid connectivity · S3 Glacier · Azure Files · Terraform · AWS CDK · Ansible · Docker · Kubernetes · DNS/PKI

  • Connect cloud networking, storage, archival, and endpoint services to on-prem systems.
  • Use automation and container patterns where repeatability matters more than one-off configuration.
  • Design around access control, logging, recovery, documentation, and maintainability.

Resume

Infrastructure roles with hands-on systems ownership.

Career path across network implementation, systems engineering, ISP/core services, infrastructure operations, security liaison work, and consulting systems engineering.

Certifications

  • Cisco Certified Network Professional Security (CCNP-S) | Cisco | 2025
  • Microsoft Certified: Azure Administrator Associate | Microsoft | 2025
  • FCSS Public Cloud Security | Fortinet | 2025
  • FCP Network Security | Fortinet | 2025
  • AWS Solutions Architect - Professional | Amazon Web Services | 2024
  • AWS Solutions Architect - Associate | Amazon Web Services | 2024
  • IBM Cybersecurity Analyst | Coursera - IBM | 2022

Education

  • M.S. Cyber Operations | University of Maryland Global Campus | GPA 4.0 | 2024-2026
  • B.S. Computer Networks and Cyber Security | University of Maryland Global Campus | GPA 3.8 | 2018-2020
  • B.S. Political Science | The Ohio State University | 2017-2019

Professional experience.

Consulting Systems Engineer

World Wide Technology

June 2026 - Present
  • Client-facing systems engineering across virtualization modernization, infrastructure redesign, and network-security projects.
  • VMware/Proxmox assessments: hosts, storage, HA, backups, migration path, workload placement, and cutover validation.
  • Firewall policy, segmentation, VPN/IPsec, and traffic-flow review for security and resiliency.

Infrastructure Engineer

IBP

July 2024 - June 2026
  • Security liaison: requirements, evidence, vulnerability validation, remediation ownership, and operational risk review.
  • Network security: Fortinet platforms, firewall policy, SD-WAN, VPN/IPsec, routing, segmentation, logging, and GSLB/failover review.
  • Infrastructure: VMware vSphere, Nasuni/DFS/Azure Files, datacenter colocation buildout, Proxmox workloads, backup/restore validation, and AI/RAG labs.

Systems Engineer

Bresco Broadband

April 2022 - July 2024
  • Redesigned legacy network and core services: DNS, replication/failover, user/security policy, Azure/on-prem domains, Linux databases, and server migrations.
  • Rebuilt DNS hosts and databases; worked toward a cleaner authoritative DNS model suitable for PowerDNS-style operations and automation.
  • Supported AWS Glacier/VPCs, Kubernetes, Docker, ECS/EKS, VPNs, LDAP, DNS, PKI, SSO, VoIP PBX migration, database tuning, and Cisco/Juniper routing.

Network, implementation, and cyber QA roles

Chick-fil-A · L Brands · Huntington National Bank · Ohio House

2019 - 2022
  • Network implementation, switch/router/firewall deployment, endpoint/server support, IAM testing, security-control validation, and documentation.
  • Built the foundation for later infrastructure work: troubleshooting, customer-facing support, root-cause analysis, network diagrams, procedures, and operational handoff.

Contact

Infrastructure modernization, network security, DNS/core services, AI/RAG, GIS, and data platforms.

Email, LinkedIn, and resume downloads are available below.