[status: active]

Mario Sanchez

Senior Security Engineer at Palo Alto Networks. SASE at 100K-user scale, GenAI guardrails, endpoint trust. Compulsive automator.

8+ years at Palo Alto Networks. Currently the dedicated technical advisor for one of PANW's largest global SASE deployments: 100,000+ users, 34 regions, three clouds. I write Python that turns 35-hour manual processes into one-minute scripts, build AI tools my team now refuses to work without, and maintain a 50-service homelab because apparently I don't have enough infrastructure at work.

↓ Download Resume Learn More
linkedin github homelab journal
PCNSE
Certified
100K+
Users Protected
OWASP LLM Top 10
Research
8 Years
PANW Professional Services

01 About

Professional Summary

Senior Network Security Engineer with 15+ years in IT and network security, including 8+ years of customer-facing experience at Palo Alto Networks spanning Technical Support, Customer Success, and Professional Services.

Currently embedded as the dedicated technical advisor for one of PANW's largest global SASE engagements — 100,000+ users across 34+ regions on AWS, Azure, and GCP.

Manages infrastructure at scale: 34+ global regions, 50+ homelab services, and Python automation that eliminated 2,700+ manual configuration entries.

Combines deep PAN-OS and Prisma Access expertise with hands-on Python automation, AI-enhanced engineering workflows, and security research including OWASP Top 10 for LLMs.

02 AI Security Engineering

AI as a Force Multiplier

Applied AI Workflows

I use Claude and Gemini as daily engineering tools, not conference demos. Automated analysis, intelligent documentation, code reviews that actually catch things. Management saw the results and asked me to teach the rest of the company.

5-10 hrs/week saved
  • Practices adopted company-wide across engineering teams
  • Claude Code as a force multiplier for security consulting
  • AI-powered infrastructure automation and monitoring

AI Security Research

If we're deploying AI in production, we need to know how it breaks. I research LLM vulnerabilities, test prompt injection defenses, and run a local inference lab on Proxmox because some things you need to break yourself to understand.

OWASP LLM Top 10
  • AI agent workflows and security risk assessment
  • Prompt injection defense and LLM guardrails
  • Local LLM inference lab (Ollama, LM Studio on Proxmox)

AI-Powered Diagnostic Tools

I kept solving the same problems manually, so I built tools to stop doing that. Real diagnostic utilities for real workflows, not proof-of-concept demos.

Production tooling
  • GlobalProtect log analyzer with automated pattern detection
  • PCAP analyzer for AI-assisted packet capture analysis
  • AI agent pipelines for infrastructure monitoring

03 Projects

What I Build

AI-Integrated Security Lab

2023 — Present

50+ service security research environment across a 4-node Proxmox cluster with PA-440 NGFW (PAN-OS 11.2) and defense-in-depth across 6 VLANs. Local LLM inference, AI agent pipelines, OWASP Top 10 LLM threat testing. Ansible-driven IaC, Docker orchestration, Semaphore CI/CD, centralized SIEM (Graylog + OpenSearch), XDR (Wazuh), and Prometheus/Grafana observability.

Read the build logs →

Prisma Access DNS Automation

2025

Python automation for DNS config management across 18 global Prisma Access regions, 150 internal domains simultaneously. Reduced deployment from 25-35 hours to under 1 minute (99.9% reduction), eliminating 2,700+ manual entries.

SCM Address Group Converter

2025

Enterprise Python tool using Strata Cloud Manager SDK to convert static address groups to dynamic tag-based groups at scale. OAuth 2.0 auth, intelligent batch processing (200-400 objects/min), comprehensive backup/rollback, exponential backoff retry logic.

View on GitHub →

Troubleshooting Tools

2025

AI-powered diagnostic utilities including a GlobalProtect log analyzer for automated pattern detection and a PCAP analyzer for AI-assisted packet capture analysis. Built to accelerate security troubleshooting workflows.

04 Experience

Career at Palo Alto Networks

December 2020 — Present

Extended Expertise Consultant (Professional Services)

Palo Alto Networks — Embedded at Fortune 500 Clients

Santa Clara, CA

  • Led global Prisma Access deployment for Fortune 500 organization — 100,000+ users across 34+ regions — serving as single technical bridge between customer leadership, PANW engineering, TAC, and partner teams with 99.9% service availability
  • Built Python automation using PAN-OS SDK and Strata Cloud Manager API that reduced DNS config management from 25-35 hours to under 1 minute across 18 global regions (2,700+ manual entries eliminated)
  • Pioneered AI-enhanced engineering workflows using LLM tools (Claude, Gemini) — saving 5-10 hours/week with practices requested by management for company-wide adoption. Evaluated data leakage risks and implemented guardrails for secure AI tool usage
  • Led GlobalProtect rollout from 2,000 to 52,000+ users (2,500 users/day peak deployment), resolving cross-platform authentication and captive portal issues
  • Engineered China tenant architecture pivot — migrated mobile users via Hong Kong/Singapore, proactively identified BGP timer misconfigurations and DNS session issues before they caused outages
  • Built enterprise Python automation tools including SCM SDK address group converter with OAuth 2.0, batch processing at 200-400 objects/min, and reusable delivery templates adopted across global PS engagements
  • Identified and remediated 4,000 disabled rules, 1,100+ unused services, 600+ unused address objects in Panorama
  • Drove early adoption of SCM cloning tool and Prisma Access proxy features, providing direct product feedback to Engineering that influenced feature prioritization
August 2019 — December 2020

Customer Success Engineer, Network Security (Prisma Access)

Palo Alto Networks

Santa Clara, CA

  • Drove 40% Prisma Access adoption across 20 enterprise clients through solutions architecture and cloud security assessments (AWS/Azure)
  • Led migration of 10,000+ L4/L7 proxy rules to NGFW explicit proxy — reduced policy conflicts 60%, boosted performance 20%
  • Designed Zero Trust architectures: secure web gateways, network segmentation, advanced packet inspection for multinational networks
  • Delivered technical presentations and quarterly business reviews to C-level stakeholders across 20 accounts, directly influencing 3 enterprise-wide security platform renewals
July 2017 — August 2019

Technical Support Engineer (Prisma Access)

Palo Alto Networks

Santa Clara, CA

  • Customer-facing support for cloud-based NGFW, Panorama, and early Prisma Access — troubleshooting routing, VPN, and security issues
  • Hardened authentication: SAML, SSO, MFA integrations (Okta, Azure AD) across AWS, Azure, and GCP
  • Collaborated with engineering on complex escalations, contributing field insights to product development
March 2015 — July 2017

Network Support Engineer (Tier 2)

Aeris Communications

Santa Clara, CA

  • Diagnosed and remediated network security issues in site-to-site IPsec VPNs using Wireshark and packet capture analysis
  • Analyzed TCP/UDP, DHCP, and DNS traffic to identify and resolve vulnerabilities in enterprise production environments
  • Deployed and configured VPN appliances (ASA 5500, AnyConnect, Cisco 4451) and monitored enterprise production networks
January 2010 — March 2015

IT Consultant

eFX-Computer

San Leandro, CA

  • Provided technical support and deployed network solutions for small businesses, including Windows/Linux servers and virtualization (Hyper-V)

05 Technical Expertise

Technical Expertise

Security & Networking

Prisma Access (SASE/SSE) PAN-OS NGFW Panorama GlobalProtect / ZTNA 2.0 Strata Cloud Manager Zero Trust Architecture

Cloud & SASE Infrastructure

AWS (SASE deployments) Azure (SASE deployments) GCP (SASE deployments) Multi-cloud networking

Automation & Development

Python (PAN-OS SDK, SCM SDK) Ansible / Docker Compose REST API Automation OAuth 2.0 CI/CD (Semaphore)

AI/ML Security & Automation

LLM Security (OWASP Top 10) Prompt Injection / Data Leakage LLM Inference (Ollama/LM Studio) AI Agent Workflows AI Security Risk Assessment

Infrastructure

Docker / Proxmox / LXC Linux (Debian/Ubuntu) Graylog / OpenSearch Wazuh XDR Prometheus / Grafana

06 Credentials

Credentials

2024 PCNSE — Palo Alto Networks Certified Network Security Engineer

// Education

Education

AA Network Administration — Information Technology

Mission College — Santa Clara, CA — 2015