Andrew Sapp

Forward Deployed Engineering · Applied AI · Cloud Security

Ships MCP tooling & enterprise AI applications · 12 years customer-facing · SASE/SD-WAN expert

andrewsapp@gmail.com · github.com/bealmot · linkedin

Experience

Tier 3 Support Engineer

Cato Networks 2019 – Present · 6 years

Senior escalation engineer for the Gartner Magic Quadrant Leader in Single-Vendor SASE.

  • Own million-dollar Proof of Value engagements where technical success determines contract closure. Customers request me by name.
  • QB'd a regional PoP outage affecting 5–6 VIP customers while the management team was in QBR — coordinated NetOps, briefed management, responded to customers, and engineered a BGP workaround to restore traffic, all simultaneously.
  • Primary escalation point for blocked engineers. Maintained team continuity through multiple management transitions.
  • Built internal tooling adopted team-wide: shared script repository, log parsing plugins, multi-format analyzers.
  • Onboarded every new team member with comprehensive shadowing program covering architecture, methodology, and customer skills.

Product Support Engineer

NimbeLink 2017 – 2019 · 2 years

Technical support for hardware engineers integrating Skywire cellular modems into embedded products.

  • Supported diverse IoT scenarios: industrial sensors, fleet tracking, medical devices, smart city infrastructure.
  • Built AWS IoT and Azure IoT Hub test environments to replicate connectivity issues and validate end-to-end paths.
  • Performed failure analysis, RMA processing, and post-failure design consultations on antenna and power issues.

Technical Support Engineer

Ecessa 2014 – 2017 · 3 years

Enterprise SD-WAN deployments with multi-WAN aggregation, failover, and VoIP optimization.

  • Configured environments with up to 25 WAN links combining MPLS, broadband, LTE, and satellite.
  • Specialized in VoIP troubleshooting using real-time jitter/latency monitoring and SIP proxy configuration.
  • Collaborated directly with Engineering on bug reports, QA testing, and firmware validation in lab environment.

Capabilities

SASE & Cloud Security

6 years

Full Cato SASE stack: SD-WAN, ZTNA, CASB, SWG, FWaaS, DLP, IPS. Zero Trust policy design. Global backbone routing and PoP architecture.

SD-WAN & Network

9 years

Multi-WAN aggregation, failover, traffic shaping. IPSec/SSL VPN. Packet-level troubleshooting with Wireshark. VoIP optimization.

IoT & Embedded

2 years

Cellular protocols (LTE-M, NB-IoT). Embedded modem integration. AWS IoT Core, Azure IoT Hub. MQTT, AT commands, RF troubleshooting.

Infrastructure

Ongoing

Proxmox VE, Linux administration. Prometheus/Loki/Grafana observability. OPNsense, CrowdSec, Suricata IDS. Network segmentation.

Applied AI & LLM Tooling

Active

MCP server development (40+ tools in production). Local inference pipelines with Ollama/llama.cpp. Prompt engineering, agent systems, multi-LLM fallback architectures. Claude Code CLI workflows.

Development

Active

Python (FastAPI, SQLAlchemy, Click, async). TypeScript/React/Node.js. Internal tooling: log parsers, automation, data pipelines. AI-assisted development workflows.

Projects

Homelab Infrastructure

OPNsense · Proxmox · OpenWrt · Home Assistant · Prometheus

Custom-built router and WiFi 6 mesh with OpenWrt firmware. 20+ containers across VLAN-segmented Proxmox clusters with Prometheus/Loki/Grafana observability. Home Assistant automations with local voice control via Whisper.cpp on GPU. Self-hosted alternatives to all major cloud services.

fincli

Python · MCP · FastAPI · Multi-LLM

Production MCP server exposing 40+ tools to AI agents. YNAB/SimpleFIN integration, debt analysis, budget forecasting. Multi-LLM fallback with automatic provider failover. The same pattern Anthropic's FDEs ship for enterprise customers — built for personal use first.

duluth-digest

TypeScript · React · Node.js

Civic data platform aggregating 21 sources (APIs, RSS, scraping) with rate limiting, caching, health monitoring, and graceful degradation patterns.

Argus

Python · FastMCP · Kismet · IsolationForest · D3.js

Portable defensive WiFi monitoring platform. 9 threat detectors (deauth, rogue AP, KARMA, PMKID, ML anomaly), real-time Watchtower web dashboard with D3 radar and force-directed topology, MCP server for AI-assisted analysis. Dual-adapter Kali VM deployment, 231 tests.

Clarus

Python · TUI · Multi-format

Unified log analysis tool combining Wireshark, Windows Event Viewer, and HAR analyzer functionality. Parses evtx, pcap, har, json, and text logs in a single interface for support escalations.

Zendesk Toolkit

Python · Automation

Workflow automation for support: automatic download renaming with ticket metadata extraction, data sanitization for customer escalations, and Sublime Text log parsing plugins.

Education

A.A.S. Network Administration & Computer Support

Minneapolis Technical College
  • Cyber Defense Competition participant
  • Cybersecurity Bootcamp