Adelaide Law Firm Network Redesign
Problem Statement
Aging flat network with no segmentation, shared passwords for admin access, and frequent outages disrupting client meetings. Email-based file sharing introduced compliance risk due to lack of encryption and audit trail.
Technical Scope
- 3 VLANs (Users, VoIP, Management) across both sites
- Fortinet firewall with site-to-site VPN + secure remote access
- UniFi switches (PoE for phones + APs) with VLAN segmentation
- Dual ISP links (primary NBN Business, failover 4G)
- Centralized file server with encrypted backups
Tools & Stack
Measurable Outcomes
Ongoing Operations
24/7 monitoring of firewall health, VPN tunnels, and ISP links. Monthly patch management, quarterly firewall rule audits, and automated backup verification with test restore every 90 days.
Retail Store Wi-Fi & Guest Network
Problem Statement
Unreliable consumer Wi-Fi causing POS system dropouts during peak times. Guest Wi-Fi shared with staff network exposed POS and back-office systems to customer devices. Dead zones in stockroom meant handheld scanners lost connection.
Technical Scope
- Site survey with predictive heat-mapping for 650m² space
- 5× UniFi Wi-Fi 6 APs (3× sales floor, 2× stockroom/office)
- 3 SSIDs: Staff (WPA3-Enterprise), Guest (captive portal), POS (dedicated VLAN)
- VLAN isolation + firewall rules to segregate traffic
- PoE switch upgrade to support APs + future expansion
Tools & Stack
Measurable Outcomes
Ongoing Operations
Remote monitoring of AP health, channel utilization, and client count. Monthly firmware updates during off-hours. Guest portal analytics tracked for marketing insights. Quarterly Wi-Fi health reports provided to management.
Manufacturing Hybrid Cloud Infrastructure
Problem Statement
On-premise file server at end-of-life with no offsite backup. Remote workers using personal Dropbox accounts created data sprawl and compliance issues. Manufacturing floor IoT devices (sensors, PLCs) on same network as office created security risk.
Technical Scope
- Migration to Microsoft 365 (SharePoint/OneDrive) with hybrid Azure AD sync
- 4 VLANs: Office, IoT/OT, Guest, Management
- Azure VPN gateway for secure cloud access + ExpressRoute consideration for future
- Firewall rules isolating IoT from office; IoT can only reach cloud SCADA platform
- MFA rollout + conditional access policies for remote workers
Tools & Stack
Measurable Outcomes
Ongoing Operations
Azure AD health monitoring, M365 license management, monthly security posture reviews. IoT VLAN traffic monitored for anomalies. Quarterly access reviews to ensure least-privilege permissions. Annual cloud cost optimization audit.
Distribution Warehouse Network Buildout
Problem Statement
New warehouse fit-out with no existing cabling infrastructure. Need for reliable connectivity across office, warehouse floor (handheld scanners), and loading dock (barcode printers). Previous location used Wi-Fi-only which caused constant inventory system issues.
Technical Scope
- Full Cat6A structured cabling: 84 drops (office, warehouse, loading dock)
- 42U comms rack with cable management, UPS, and environmental monitoring
- 2× 48-port PoE switches (stacked for redundancy)
- 12× Wi-Fi 6 APs for complete warehouse coverage (handhelds, tablets)
- Fiber uplink to office wing (300m run) + copper distribution
Tools & Stack
Measurable Outcomes
Ongoing Operations
Switch stack health monitoring, AP performance tracking, and environmental monitoring (temp/humidity in comms room). Quarterly cable audit to identify any damaged or disconnected drops. Full as-built documentation provided with rack elevations and port mappings.
Medical Practice Security Hardening
Problem Statement
Patient management system exposed to internet with default ports open. No network segmentation meant guest Wi-Fi shared network with sensitive patient data. Staff using personal devices to check email introduced malware risk. Recent phishing attempt highlighted lack of email security.
Technical Scope
- Next-gen firewall with IPS/IDS, application control, and geo-blocking
- 4 VLANs: Clinical systems, Staff, Guest, Printers/IoT
- Zero-trust VPN for remote access (MFA required)
- Email filtering (ATP, sandboxing) via Microsoft Defender
- Endpoint protection (EDR) + patch management rollout
Tools & Stack
Measurable Outcomes
Ongoing Operations
24/7 threat monitoring with weekly security reports. Monthly firewall rule reviews, quarterly vulnerability scans, and annual penetration testing. Staff security awareness training every 6 months. Incident response plan documented and tested annually.
Accounting Firm Hybrid Work Enablement
Problem Statement
COVID-era remote work exposed lack of secure remote access — staff emailing sensitive client files to personal accounts. Office Wi-Fi unreliable with dropped Teams calls. Hot-desking model required flexible connectivity without wired desk drops for every seat.
Technical Scope
- Wi-Fi 6 upgrade: 8× APs with enterprise WPA3, band steering, and roaming
- Cloud VPN (WireGuard) for secure remote file access + conditional access policies
- Microsoft 365 migration with SharePoint + OneDrive sync
- QoS for VoIP/Teams traffic priority over Wi-Fi
- BYOD policy + device compliance via Intune
Tools & Stack
Measurable Outcomes
Ongoing Operations
Cloud-managed Wi-Fi with real-time alerts for AP failures or poor client experience. Monthly remote access usage reports, VPN health checks, and bandwidth utilization tracking. Quarterly user satisfaction surveys to identify pain points.
Consulting Firm M365 Security & Identity Overhaul
Problem Statement
Microsoft 365 deployed with default settings and no MFA. Global Admin role shared among 6 users with no segregation of duties. Frequent account compromises from phishing (3 incidents in 12 months). Remote contractors had permanent access with no time limits or conditional policies, creating audit and compliance gaps.
Technical Scope
- MFA rollout via Microsoft Authenticator (100% user coverage, phishing-resistant)
- Conditional access policies: MFA required, risky sign-in blocking, device compliance
- Admin role hardening: 4 least-privilege roles + 2 break-glass accounts (cloud-only)
- Privileged Identity Management (PIM) for just-in-time admin access
- Azure AD Identity Protection: risky user/sign-in detection + auto-remediation
- Guest user governance: 90-day access reviews, time-bound contractor accounts
Tools & Stack
Measurable Outcomes
Ongoing Operations
Monthly identity security posture reviews with sign-in logs analysis. Quarterly access reviews for guest users and admin roles. Automated alerts for risky sign-ins, disabled MFA, or stale accounts. Annual break-glass account testing and credential rotation. PIM activation logs monitored for unusual admin elevation patterns.
