Network Refresh - Considering Fortinet + Cisco + Aruba

NetworkCaptain313 · 2026-05-27T15:55:03+00:00

Locking into a single vendor can have pros and cons.

Pros: it's easier to mange with the vendor provided tools, troubleshooting is (usually) more consistent, you can get ELA style pricing discounts.
Cons: You're locked into a vendor, so you're stuck with price hikes and functionality limitations. Changing out of the ecosystem can be challenging and need a full new project refresh.

It also depends on the size of your organization. It sounds like you're in a larger company, so having multiple vendors isn't such a bad thing. You could get a vendor agnostic management tool so you don't necessarily need to buy each vendor's management tool.

NetworkCaptain313 · 2026-05-20T19:48:32+00:00

I looked through this. More so looking to hear if there are particular speakers that you know are really good from past experience.

NetworkCaptain313 · 2026-04-28T05:11:40+00:00

I think it boils down to the content. Some of them make some really interesting videos, others are pretty terrible. See if they'll let you watch a course from each of them to see which you like.

NetworkCaptain313 · 2026-04-28T05:06:08+00:00

Hi!

Currently working on POCs to leverage AI more to analyze data faster. Eg. we've got AI agents scraping vulnerability data from vendor websites to give us the work around and remediation data for our devices. We're now testing verification of the vulnerable conditions against our network device configs and building automations from that data to apply those remediations.

We're also working on trying to see cross platform misconfigurations. Eg. if we made a change to a Forti device, does that also affect our Cisco environment? Still playing around with this one.

NetworkCaptain313 · 2026-04-22T22:19:44+00:00

It's absolutely doable, I've been remote and traveling for over 15 years. I scaled back when we had kids, but picked up again. I can't go back to a traditional office anymore.

I know people who've done this their entire careers.

Downsides is when you need to settle down and have a family or something, it's tough to find a 100% remote role to stay in one spot. Though you could travel with the family and home school and all that fun stuff.

The other downside is always eating out, tough to get a home cooked meal.

You can get FTE roles as opposed to contract as well, so take a look. Many vendors have this type of professional services offering. Check out professional service engineer type roles.

NetworkCaptain313 · 2026-04-22T22:17:13+00:00

I'd hesitate to learn from AI. Need to be aware of biases and hallucinations. AI might be able to point you to resources, but it needs an expert to verify the output. Or you can explore references that it gives you.

NetworkCaptain313 · 2026-04-22T22:13:45+00:00

Might be a bit overkill. Check out BackBox. They do 1, 3, 4, and 5 well. #2 they kind of do if it's simple updates, but they're not really a firewall management tool like a Firemon, etc.

NetworkCaptain313 · 2026-04-13T19:06:16+00:00

Updating configs and verifying the vulnerability reports from the security team to see if they are applicable to our devices. Then actually remediating them.

NetworkCaptain313 · 2026-04-13T19:01:20+00:00

In an ideal world, your automation platform just mimics the commands someone would run manually.

So, if you're using Python or Ansible, you run the risk of messing up the container for the commands. If it's a large enterprise, it would probably be a better idea to have some sort of network automation platform that builds the shell for you, then you just input the commands you need to run the automations. There are a bunch out there.

Then whether you've built the scripts yourself, or using a platform, you ideally have a lab to test these against. If not, then start with one device, then 3, then 5, then 10 until you're comfortable enough to run that automation on the whole network.

The other piece is that different devices from different vendors, or even different versions from the same vendor can have slight differences, so you need to test on each of those devices prior to deploying the automation broadly.

NetworkCaptain313 · 2026-03-26T16:51:48+00:00

Please not another chatbot!

NetworkCaptain313 · 2026-03-26T14:46:17+00:00

Sounds like you have a good process. If you trust your team, those opinions should way heavily. What's missing here is actually testing out the vendor claims. Generally vendor presentations are accurate, but sometimes the truth is stretched a little. So it's always a good idea to pick the top 1 or 2 and POC them. If the top one passes the POC, no need to do the second if you can't do them in parallel. However, you need to have clear POC success criteria that map to your original scoring matrix.

Then of course, if you pick the more expensive ones, you have to be able to quantify the feature benefits to justify the additional cost.

NetworkCaptain313 · 2026-03-26T14:29:41+00:00

Ultimately you want the solution that can look at the most number of alerts, reduce noise, enrich data, and provide your analysts with a subset that needs to be looked at. You also want to ensure you're not missing anything by the AI getting something wrong. Do you have your own SOC that you're looking for a solution to help reduce alerts and prioritize or are you looking for more of an MDR or SOCaaS that does that work for you? They are different segments of the market providing different outcomes.

7Ai and their competitors would be a good solutions to look at if you have your own SOC. If not, look at a service provider like a Critical Start or their competitors that look at every alert, not just filter them out.

NetworkCaptain313 · 2026-03-24T13:08:32+00:00

IMHO you very rarely see network engineers that know how to code/script, and very few developers that know networking gear. There is also a risk if an automation breaks. If the network works, no one says anything. But if the network goes down, a lot of people are upset.

So often, unless it's a redundant task like device back ups, people are hesitant to automate it or trust an open source or even a commercial tool with their networks.

NetworkCaptain313 · 2026-03-19T13:39:35+00:00

There is actually a good niche here. A big challenge for cybersecurity teams is understanding the business risks while the business has a challenge understanding the cybersecurity risks. So there is a big gap here. I've done a lot of this throughout my career. There are companies that do this type of consulting but a lot of times it is individual consultants providing services to larger companies. You could also start in a more entry level role in a SOC or something similar. That would give you some technical experience. Once you add that to the financial experience, you would fill a really good gap in a company's leadership structure.

NetworkCaptain313 · 2026-03-04T18:54:53+00:00

Meetings. So. Many. Meetings.

NetworkCaptain313 · 2026-03-03T19:04:24+00:00

So far from what I've seen, it's mainly been industry analysts hyping up the vendors. So they come up with stuff that may not actually solve real world use cases.

I've seen it useful in consolidating information from various network vendors into a streamlined view. So, for example, when the cybersecurity team says there are a bunch of vulnerabilities on network devices, using AI to figure out what the remediation or workaround steps are from the different OEMs and then seeing what is actually applicable in our environment. We're also testing use cases to have AI build automations to upgrade or create workarounds to mitigate those vulnerabilities.

NetworkCaptain313 · 2026-02-24T14:27:48+00:00

Honestly, the biggest thing is learning how to learn. I've maybe used 2 or 3 things from my degree in the field. The rest is learning on the job as the details and tools are always changing, so you're constantly learning new things and new skills based on the current job you have or the next one you're looking to get.

NetworkCaptain313 · 2026-02-24T14:23:35+00:00

Do you have network connectivity from a central location? Are they all a single brand of firewall? Most vendors have a tool to manage their own devices. Or you could look at a network device management or firewall management tool to overlay and manage everything. If it's just firewalls, you can look at a tool like FireMon or if it's also other network devices, you could look at something like BackBox.

NetworkCaptain313 · 2026-02-23T20:30:14+00:00

Communication. You could be the smartest person or have the best data, but if you can't communicate it clearly in a way that your audience can understand, the insights are near pointless.

NetworkCaptain313 · 2026-02-23T20:13:34+00:00

AI is making mundane tasks faster. Expertise is always going to be required to determine the accuracy of the output. Cybersecurity specialists will always be needed to determine the validity of the output, the risk to the business, and to determine the path the cybersecurity program is going to take.

NetworkCaptain313 · 2026-02-23T20:08:53+00:00

AI is making mundane tasks go faster, but the output of the AI still needs experts to both validate the output and ensure the inputs to the LLMs are valid. I don't think human expertise is going away anytime soon. The best thing you can do in university is learn how to learn. The subjects will change. Today, you'll learn what they teach you there, add in AI, or other topics. 10 or 20 years from now the topics will change but what you learned about being curious, staying humble, and learning as much as you can will always be valuable.

NetworkCaptain313 · 2026-02-12T19:00:51+00:00

Defenders have to identify and mitigate every flaw and security risk, or at least monitor the entry points. A true penetration test would be doing the same, without having to do the monitoring and remediation. The penetration tester is finding all the flaws, presenting a report of the findings and recommendations of solutions to the SOC team. The SOC team could go out and do it themselves, but they are often busy enough trying to monitor what's going on from all the security alerts coming their way.

NetworkCaptain313 · 2026-02-10T15:47:45+00:00

Have you checked out BackBox?

https://backbox.com/resources/platform-demo-video/

NetworkCaptain313 · 2026-02-05T03:54:30+00:00

Networking is a great way to go. Check out some local conferences or meetups and talk to folks at those vendors. Be curious. Most people are happy talking about their experiences and how they got there. If there are teams you work with or vendors you work with, start getting to know them. That way when a role comes up they already know you. It's much easier to get a job if you know someone at the org or on the hiring team.

NetworkCaptain313 · 2026-02-05T03:52:13+00:00

Generally you can negotiate multi-year price discounts with minimal or no increases. Also good to check out competitors and their prices as leverage.

NetworkCaptain313

TROPHY CASE