Description

This curriculum spans the technical and operational complexity of a multi-phase network modernization program, comparable to an enterprise-wide advisory engagement that integrates architecture design, security transformation, automation, and cross-functional alignment across global IT and business units.

Module 1: Assessing Legacy Network Infrastructure

Conducting inventory audits of existing routers, switches, and firewalls to identify end-of-life or end-of-support hardware.
Evaluating protocol dependencies such as legacy VLAN configurations that conflict with modern segmentation requirements.
Mapping application traffic flows to determine which systems rely on outdated network services like MPLS or Frame Relay.
Identifying shadow IT network devices introduced without central IT approval, posing security and compliance risks.
Measuring latency and jitter across WAN links to justify migration from leased lines to SD-WAN.
Documenting interdependencies between network services and business-critical applications during peak operations.

Module 2: Defining Network Architecture for Hybrid Operations

Selecting between hub-and-spoke and full-mesh topologies based on regional data sovereignty and latency constraints.
Designing IP address schemes that support multi-cloud environments without overlapping subnets.
Choosing between centralized and distributed routing models for branch-to-cloud connectivity.
Integrating on-premises data centers with cloud VPCs using direct connects or IPsec tunnels.
Specifying BGP versus static routing for dynamic failover across redundant internet circuits.
Implementing DNS architectures that support split-horizon resolution for hybrid workloads.

Module 3: Implementing Software-Defined Networking (SD-WAN)

Deploying SD-WAN edge appliances at regional offices with zero-touch provisioning using pre-shared keys.
Configuring application-aware routing policies to prioritize VoIP and ERP traffic over bulk transfers.
Integrating SD-WAN controllers with existing IAM systems for role-based administrative access.
Establishing SLA thresholds for jitter and packet loss that trigger automatic path selection.
Testing failover behavior between LTE backup links and primary broadband connections.
Monitoring throughput degradation during peak hours and adjusting QoS policies accordingly.

Module 4: Securing the Modernized Network

Replacing legacy firewall rules with micro-segmentation policies based on Zero Trust principles.
Deploying inline decryption for TLS 1.3 traffic at network egress points, balancing security and performance.
Enforcing 802.1X authentication for all wired and wireless endpoints across global sites.
Integrating SIEM systems with network switches to correlate MAC address anomalies with user identities.
Configuring WAF rules to protect externally exposed APIs without disrupting backend service performance.
Implementing DNS filtering to block access to known command-and-control domains at the resolver level.

Module 5: Integrating Cloud Networking Services

Configuring AWS Transit Gateway or Azure Virtual WAN to reduce peering complexity across multiple VPCs.
Establishing private connectivity to SaaS providers using AWS PrivateLink or Azure Private Access.
Allocating bandwidth quotas for cloud backup jobs to avoid saturating internet links during business hours.
Setting up centralized logging for cloud network gateways to meet audit requirements.
Managing shared responsibility for cloud network security, particularly in IaaS environments.
Automating the provisioning of cloud subnets using Terraform, aligned with naming and tagging standards.

Module 6: Automating Network Operations

Developing Ansible playbooks to standardize switch firmware upgrades across 200+ branch locations.
Using Python scripts to extract BGP neighbor states and generate outage alerts before failures occur.
Implementing GitOps workflows for network configuration changes with peer review and rollback capabilities.
Integrating network automation tools with change management systems to enforce CAB approval processes.
Building dashboards in Grafana to visualize interface utilization trends from NetFlow data.
Validating configuration templates against compliance baselines using tools like Batfish or NCC.

Module 7: Governing Network Performance and Reliability

Establishing SLAs with ISPs that include financial penalties for uptime below 99.99%.
Deploying synthetic transaction monitoring to simulate user access to critical applications from remote sites.
Conducting regular failover drills for core network components without disrupting live traffic.
Allocating buffer capacity on backbone links to accommodate unexpected traffic spikes during mergers.
Setting thresholds for interface error rates that trigger automated ticket creation in service desks.
Reviewing network utilization reports quarterly to identify underused circuits for cost optimization.

Module 8: Managing Organizational Change and Stakeholder Alignment

Coordinating network cutover windows with regional operations teams across multiple time zones.
Presenting technical migration plans to non-technical executives using business impact assessments.
Training helpdesk staff on new troubleshooting procedures for SD-WAN and cloud connectivity issues.
Negotiating with facility managers to secure power and cooling for new network equipment in branch offices.
Documenting rollback procedures for network upgrades, including pre-change configuration backups.
Facilitating cross-departmental workshops to align network policies with application team deployment cycles.