From XP to a Standard Image: A 50-Site Fleet Overhaul

An early-career retrospective: replacing 100+ end-of-life Windows XP machines across 50 retail locations and helping cut over to a virtualized point-of-sale system. The project that taught me imaging discipline, vendor coordination, and rollout logistics.

read more ~7 min read
network visibility

TAP vs SPAN — Visibility Design Tradeoffs

When to use a physical TAP, when SPAN is good enough, and why in-line bypass design decides whether your visibility layer can ever take down the production network.

VISIBILITY REFERENCE
policy management

Firewall Rule Recertification — A Repeatable Methodology

A practical method for fighting firewall policy entropy: usage-driven review cycles, owner re-justification, and safe, reversible decommissioning backed by data.

ORCHESTRATION METHOD
deployment retrospective

Enterprise In-Line Tapping: Gigamon + NetScout

Inserting a packet-visibility layer into live enterprise production paths without inheriting new outage risk — bypass design, aggregation, and a tested cutover.

GIGAMON FIELD NOTE
cloud security

Public Cloud IAM

Identity and access management as the real control plane of the cloud — least-privilege at scale, boundary design, and detecting privilege drift.

IAM ONGOING
workload security

Container Security

Image provenance and scanning, runtime isolation, and the network policy model inside an orchestrator — where old perimeter assumptions stop holding.

CONTAINERS ONGOING
automation

DevOps for MSSP Tool Stacks

Treating security tooling as code — repeatable, version-controlled deployment of the stacks an MSSP runs across many customers.

DEVOPS ONGOING
Check Point
firewall
Enterprise firewall policy. CCSA + CCSE certified; primary platform across deployments.
Tufin
orchestration
Security policy orchestration. TOS Aurora certified (TCSE 1–3); change automation and audit.
AlgoSec
orchestration
Policy analysis and change management. CADE and Security Master certified.
Gigamon
packet broker
Visibility fabric. Aggregation, de-duplication, and tool-rail distribution.
NetScout
analysis
Packet-level performance and security analysis, fed from the tapping layer.
Arbor
edge defense
Edge DDoS detection and mitigation. Baseline-driven, pre-authorized defense.
VMware vSphere
virtualization
Virtualized infrastructure for tooling and workloads; vSphere and Fusion.
Python / PowerShell / Bash
automation
Glue and automation across the stack — provisioning, reporting, integration.

I'm Ian Dowd, a Lead Security Engineer based in Wethersfield, Connecticut, focused on firewall and policy orchestration, cloud IAM, and network visibility. This is my personal journal and research space for notes on network security engineering. See the resume for full work history and certifications.

The name comes from fault analysis: a single event upset (SEU) is a bit flip caused by ionizing radiation or an unexpected state change. In networking, most interesting problems are SEUs — a single misconfigured route, a single non-compliant resolver, a single open port in the wrong segment.

Content focuses on protocol security, network defense engineering, vulnerability analysis, and occasionally tooling. Nothing here is coordinated disclosure without explicit notice. All CVE content is post-patch unless marked otherwise.

TLP:WHITE — Traffic Light Protocol

All content on this site is TLP:WHITE unless explicitly labeled otherwise. TLP:WHITE may be distributed without restriction, subject to standard copyright. Content marked TLP:AMBER or TLP:RED will be clearly labeled and scoped accordingly.

name Ian Dowd — Lead Security Engineer location Wethersfield, Connecticut focus areas firewall & policy orchestration, cloud IAM, container security, network visibility primary stack Check Point, Tufin, AlgoSec, Gigamon, Linux, Python, VMware resume full work history & certifications contact contact@singleventupset.com built with pure HTML5 + CSS — zero JavaScript