https://7f57629a.jeremiahwindle.pages.dev/Recent content on Jeremiah WindleHugoen-usWed, 01 Apr 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/msp-to-enterprise-skills/Wed, 01 Apr 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/msp-to-enterprise-skills/Four years in an MSP seat gives you something that’s genuinely hard to get in enterprise IT: breadth under pressure. When you’re responsible for network infrastructure across 40 different organizations simultaneously — each with different tools, different configurations, and different stakes — you develop a kind of situational awareness that pure deep-dive engineers often don’t have. But it also leaves gaps. Real ones. This post is an honest accounting of both.https://7f57629a.jeremiahwindle.pages.dev/blog/siem-platforms-compared/Wed, 18 Mar 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/siem-platforms-compared/Most SIEM comparisons are written by vendors or analysts who’ve seen the demos. This one is written by someone who’s used these platforms in production — ingesting real logs, tuning real alerts, and investigating real incidents across dozens of client environments. Here’s what actually matters. The Three Platforms I’ve had meaningful production time with: Kibana (ELK Stack) — primary SIEM at my current MSP for security operations across municipal government clients Perch Security — co-managed SIEM platform purpose-built for MSPs, used across 40+ client organizations Splunk — exposure through client environments and hands-on study; included here for completeness against the standard that everyone measures against Kibana (ELK Stack) Kibana is the visualization layer on top of Elasticsearch and Logstash — the “K” in ELK.https://7f57629a.jeremiahwindle.pages.dev/tools/network-config-backup/Sun, 01 Mar 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/tools/network-config-backup/Pulls running configurations from multiple Cisco IOS devices over SSH and saves them as timestamped files. Reads device inventory from a YAML file — no hardcoded credentials, no hardcoded hostnames. What It Does Reads device list from devices.yaml (hostname, IP, credentials, device type) SSHs into each device using Netmiko Runs show running-config and captures output Saves each config as {hostname}_{YYYY-MM-DD_HH-MM}.txt Logs success/failure per device to backup.log Sends an email summary when complete (optional) Built initially to run nightly via cron across MSP client sites.https://7f57629a.jeremiahwindle.pages.dev/blog/conditional-access-policies/Sat, 28 Feb 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/conditional-access-policies/Conditional Access is one of those features where the gap between “we have it enabled” and “we have it configured correctly” is wide enough that attackers drive through it regularly. I’ve managed CA policies across 100+ organizations at two MSPs. Here’s the framework I’ve landed on. The Foundation: What CA Actually Is Conditional Access is Entra ID’s policy engine. Every sign-in attempt hits it, and the policy evaluates conditions — who is signing in, from where, on what device, to what application — and makes a decision: allow, block, or allow with requirements (MFA, compliant device, etc.https://7f57629a.jeremiahwindle.pages.dev/tools/ping-sweep/Sun, 01 Feb 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/tools/ping-sweep/Simple subnet scanner. Pass it a CIDR range, get back a list of live hosts. 1python sweep.py 10.0.10.0/24https://7f57629a.jeremiahwindle.pages.dev/blog/ccna-study-plan/Thu, 15 Jan 2026 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/blog/ccna-study-plan/Target date: June 2026. Here’s the actual plan — resources, schedule, lab setup, and where I’m struggling. Why the CCNA Matters for Me Specifically I’ve been managing Cisco Meraki, Fortinet, and UniFi networks across 40+ client organizations for four years. I can configure a FortiGate firewall policy, troubleshoot a VLAN trunk, set up a site-to-site VPN, and triage a flapping BGP session at 2am. The CCNA doesn’t teach me most of this — I’m already doing it.https://7f57629a.jeremiahwindle.pages.dev/about/Mon, 01 Jan 0001 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/about/The Story I’ve spent the last four-plus years working as an L2 Helpdesk Technician at MSPs — which is a title that dramatically understates what the job actually is. Managing infrastructure for 100+ organizations and 3,000+ endpoints means you don’t get to have a “this isn’t my job” mindset. You deal with network outages, security incidents, identity issues, firewall misconfigurations, and failed backups — often simultaneously, often at 2am, always with a client on the phone.https://7f57629a.jeremiahwindle.pages.dev/lab/Mon, 01 Jan 0001 00:00:00 +0000https://7f57629a.jeremiahwindle.pages.dev/lab/Philosophy Everything on this site gets tested on real gear before it’s published. I don’t write about how something should work — I write about how it actually works, including what breaks and how I fixed it. The software stack is entirely free and open source. Proxmox VE instead of vSphere (for the cluster), OPNsense instead of commercial firewalls (for software firewall labs), TrueNAS Scale for storage, GNS3 and EVE-NG for network topologies.