Identify real risks. Fix what matters. Stay compliant — without long-term contracts or scare tactics.,
Network Security Clinic helps digital-first organisations secure their networks, cloud environments (AWS & Azure), and critical infrastructure with clarity and confidence.
Led by over two decades of experience across public and private sectors, delivering secure, resilient infrastructure in complex and heterogeneous environments.
Outcome: Security strategies designed for real-world complexity — not theory.
A structured, practical approach to security — designed to reduce real risk, not generate paperwork.
No jargon.
No vendor lock-in.
No long-term contracts.
Just clarity and practical security.
We specialise in network and cloud security architecture, focusing on structured risk reduction. We remove complexity and speed up operations.
Unlike traditional MSPs who bolt security onto IT support, we focus exclusively on secure design, risk visibility, and structured remediation.
Designed to strategise operations — not just keep the lights on.
We see the risks.
We solve the issues.
We sustain the systems.
In many MSP models, assessment, documentation, and remediation are siloed across teams. Reports are written. Tickets are created. Responsibility is distributed.
We integrate assessment, remediation, and compliance into one accountable workflow.
Result: Hidden vulnerabilities, reactive fixes, audit stress, and preventable incidents..
You only discover the gaps when something breaks — or worse. We change that.If you are growing, moving to the cloud, or under compliance pressure — we provide clarity.
Modern websites are the digital representation of their owners. This digital presence comes with many weaknesses, and it’s not just the pages that need protection, but the underlying data as well.
There are established rules and best practices to follow in order to secure this data. The next section introduces these Security Implementations and how they are applied to any organisations.
This report presents the full security implementation for "confidential Client". It includes a detailed analysis of all configured security measures, their rationale, and how they protect the website from modern web threats.
The following sections break down objectives, technical implementation, flow diagrams, and recommendations for ongoing security improvements.
Author: Mohamed Warssame Network Security Consultant | Project Commenced: 02 Feb 2026 | Version: 1.0.0
Prepared and approved for: "confidential Client" | GDPR -compliant | Project Completed: 13 Feb 2026 | Version: 1.2.0
Classifications /status: Non confidential | all sensitive details and data removed (GDPR) : | Version: 1.3.0 Final version
This document provides a comprehensive end-to-end view of the security implementation for the "confidential Client" website, including CSP, HSTS, COOP/COEP, redirect handling, Web compatibility, and bot mitigation. It demonstrates how the File configuration enforces these policies.
Protecting data at rest and in transit is a core modern security principle and a key requirement under GDPR. This case study demonstrates certificate-based encryption implementation and how protected data flows across a secure traffic path. The objective is to ensure that sensitive information remains encrypted during transmission, preventing interception, tampering, or exfiltration.
The following sections outline the project objectives, implementation details, traffic flow diagrams, and recommendations for maintaining secure and resilient communication paths.
This report presents the certificate production deployment and security implementation for "Confidential Client" in a sensitive environment. .
It includes traffic path analysis, certificate validation, and enforcement of secure connections across all critical systems
Sections cover objectives, technical implementation, secure flow visualisation, and recommendations for maintaining a protected infrastructure.
Author: Mohamed Warssame, Network Security Consultant | Project Start: 02 June 2025 | Version: 1.0
Prepared for: "Confidential Client" | GDPR-compliant | Project Completed: 15 Feb 2025 | Version: 1.2.0
The below diagram demonstrates end-to-end certificate deployment and implementation of data protection traffic paths. It shows how TLS/SSL certificates enforce encryption, validate endpoints, and prevent unauthoried data access or exfiltration. The client is a public sector organisation that enforces General Data Protection Regulations (GDPR).
The primary objective is to illustrate certificate production, deployment, and how secure traffic is maintained across all communication channels.
The Log4Shell vulnerability represented a critical risk to production networks worldwide. This case study presents the upgrade of 54 Palo Alto Firewalls across multiple sites to remediate Log4Shell, ensuring continuous threat prevention, policy enforcement, and compliance with internal security standards.
The following sections outline project objectives, upgrade methodology, device grouping strategy, testing workflow, and recommendations for maintaining secure operations in a production environment.
This report documents the production upgrade of 54 Palo Alto Firewalls for "Confidential Client", focused on remediating the Log4Shell vulnerability while maintaining uninterrupted perimeter protection.
The implementation included pre-upgrade assessment, backup configuration validation, sequential firmware updates, policy and NAT verification, and post-upgrade vulnerability testing to confirm Log4Shell mitigation.
Sections cover business and technical objectives, upgrade sequencing, testing methodology, and operational recommendations to ensure resilient and secure firewall operations across the enterprise.
Author: Mohamed Warssame, Network Security Consultant | Project Start: 06 Dec 2021 | Version: 1.0
Prepared for: "Confidential Client" | Production Environment | Project Completed: 28 Dec 2021| Version: 1.2.0
The diagram below illustrates the upgrade workflow for 54 Palo Alto Firewalls across multiple data centres. It demonstrates sequential firmware updates, verification of policies, and testing to mitigate the Log4Shell vulnerability.
The primary objective of this deployment was to ensure that all firewalls were patched against Log4Shell, maintain uninterrupted traffic inspection and threat prevention, and verify compliance with internal security standards — without impacting production services.
Firewalls were upgraded across key sites, including Paris, London, and other critical data centres, to deliver geographically distributed protection and operational continuity.
High Availability (HA) is a critical requirement in production environments where network downtime cannot be tolerated. This case study presents the deployment of a Fortinet FortiGate HA cluster designed to ensure continuous service availability, stateful session synchronisation, and resilient perimeter protection.
The following sections outline the project objectives, HA architecture design, configuration approach (Active-Passive), failover validation testing, and recommendations for maintaining operational resilience within a secure production environment.
This report documents the production deployment of a Fortinet FortiGate High Availability cluster for "Confidential Client" within a sensitive operational environment.
The implementation included HA heartbeat configuration, session synchronisation, redundancy across critical interfaces, policy replication, and validation of automatic failover mechanisms.
Sections cover business and technical objectives, HA topology design, configuration methodology, failover testing results, and operational recommendations to maintain a resilient and secure perimeter infrastructure.
Author: Mohamed Warssame, Network Security Consultant | Project Start: 11 Oct 2017 | Version: 1.1.0
Prepared for: "Confidential Client" | Production Environment | Project Completed: 13 Feb 2018 | Version: 1.4.0
The diagram below illustrates the FortiGate High Availability cluster architecture within the production network. It demonstrates Active-Passive failover, stateful session synchronisation, and redundant uplinks designed to eliminate single points of failure.
The primary objective of this deployment was to ensure uninterrupted perimeter security services, maintain continuous inspection of traffic flows, and provide automatic failover in the event of hardware or link failure — without session disruption. The FortiGate appliances were deployed in PA3 and PA7 (Paris Data Centres) and LD9 (London PowerGate) to deliver resilient, geographically distributed HA coverage.
A Prestige Marketing Client required a structured approach to their geographically distributed data centres, ensuring critical production servers were visible, labeled, and resilient. This case study presents the deployment of the Data Centre Clinic Model, combining logical network mapping, device labeling, and high-availability design across multiple facilities.
Sections include project objectives, network mapping methodology, logical-to-physical labeling workflow, FSX server prioritisation, and recommendations for operational resilience in sensitive production environments.
This report documents the deployment of the Data Centre Clinic Model for "Confidential Client", focusing on logical network mapping, FSX server prioritisation, switch labeling, and documentation of critical connections.
The implementation included identifying all servers per switch, creating logical diagrams, labeling physical switches to match logical names, validating VLAN assignments, and focusing on Telecity and Equinix as priority sites.
Sections cover business and technical objectives, mapping methodology, labeling workflow, and operational recommendations to maintain a resilient and fully documented production network.
Author: Mohamed Warssame, Network Security Consultant | Project Start: 18 June 2018 | Version: 1.0
Prepared for: "Confidential Client" | Sensitive Production Environment | Project Completed: 01 July 2018| Version: 1.4.0
The objective of this deployment was to provide a clear, fully documented view of critical servers, their parent switches, and their logical and physical connectivity across multiple data centres.
FSX servers (~£70K) were prioritised for proper deployment, while Telecity and Equinix data centres were the primary focus. PowerGate was included for completeness but hosted minimal critical systems.
By establishing a comprehensive logical map first, the team was able to accurately label switches, define VLAN assignments, and ensure operational visibility for production servers, simplifying future troubleshooting and maintenance.
Our mission is to help Digital-First and growing businesses secure their networks with clarity, expertise, and practical guidance.
Our approach is structured: Diagnose network risks, treat vulnerabilities, and protect systems for the long term.
Our values: Transparency, clarity, client-first mindset, and proactive security.
.