Field notes from leading security operations engineering at a large utility. How a packet-broker fabric, edge DDoS defense, and a SIEM/SOAR pipeline fit together — and why accurate technical inventory is the foundation that makes detection possible.
Years of professional-services work across Check Point, Tufin, and AlgoSec, distilled. Why policy sprawl is inevitable, what orchestration actually buys you, and how to run change automation without losing the audit trail.
A retrospective on deploying in-line network tapping for an enterprise customer — packet-level visibility delivered with NetScout. Bypass design, tool-rail planning, and the operational gotchas that separate a clean cutover from an outage.
An early-career retrospective: replacing 100+ end-of-life Windows XP machines across 50 retail locations and helping cut over to a virtualized point-of-sale system. The project that taught me imaging discipline, vendor coordination, and rollout logistics.
When to use a physical TAP, when SPAN is good enough, and why in-line bypass design decides whether your visibility layer can ever take down the production network.
A practical method for fighting firewall policy entropy: usage-driven review cycles, owner re-justification, and safe, reversible decommissioning backed by data.
Inserting a packet-visibility layer into live enterprise production paths without inheriting new outage risk — bypass design, aggregation, and a tested cutover.
GIGAMONFIELD NOTE
current areas of research & interest
cloud security
Public Cloud IAM
Identity and access management as the real control plane of the cloud — least-privilege at scale, boundary design, and detecting privilege drift.
IAMONGOING
workload security
Container Security
Image provenance and scanning, runtime isolation, and the network policy model inside an orchestrator — where old perimeter assumptions stop holding.
CONTAINERSONGOING
automation
DevOps for MSSP Tool Stacks
Treating security tooling as code — repeatable, version-controlled deployment of the stacks an MSSP runs across many customers.
Security policy orchestration. TOS Aurora certified (TCSE 1–3); change automation and audit.
AlgoSec
orchestration
Policy analysis and change management. CADE and Security Master certified.
Gigamon
packet broker
Visibility fabric. Aggregation, de-duplication, and tool-rail distribution.
NetScout
analysis
Packet-level performance and security analysis, fed from the tapping layer.
Arbor
edge defense
Edge DDoS detection and mitigation. Baseline-driven, pre-authorized defense.
VMware vSphere
virtualization
Virtualized infrastructure for tooling and workloads; vSphere and Fusion.
Python / PowerShell / Bash
automation
Glue and automation across the stack — provisioning, reporting, integration.
I'm Ian Dowd, a Lead Security Engineer based in Wethersfield, Connecticut,
focused on firewall and policy orchestration, cloud IAM, and network visibility. This is my
personal journal and research space for notes on network security engineering. See the
resume for full work history and certifications.
The name comes from fault analysis: a single event upset (SEU) is a bit flip
caused by ionizing radiation or an unexpected state change. In networking, most interesting
problems are SEUs — a single misconfigured route, a single non-compliant resolver, a single
open port in the wrong segment.
Content focuses on protocol security, network defense engineering,
vulnerability analysis, and occasionally tooling.
Nothing here is coordinated disclosure without explicit notice. All CVE content is
post-patch unless marked otherwise.
TLP:WHITE — Traffic Light Protocol
All content on this site is TLP:WHITE unless explicitly labeled otherwise.
TLP:WHITE may be distributed without restriction, subject to standard copyright.
Content marked TLP:AMBER or TLP:RED will be clearly labeled and scoped accordingly.
nameIan Dowd — Lead Security EngineerlocationWethersfield, Connecticutfocus areasfirewall & policy orchestration, cloud IAM, container security, network visibilityprimary stackCheck Point, Tufin, AlgoSec, Gigamon, Linux, Python, VMwareresumefull work history & certificationscontactcontact@singleventupset.combuilt withpure HTML5 + CSS — zero JavaScript