[Derrick Adams]

A company secures its network by layering administrative, technical, and physical controls—defense in depth.
Administrative (policy) controls set the rules: an acceptable-use policy, least-privilege access standards, change management, vendor and remote-access rules, and an incident-response plan with the 3-2-1 backup rule. Security awareness training and phishing drills keep people from being the weak link.
Technical controls enforce those rules. Start with identity and access management: strong passwords, MFA, role-based access, and regular account reviews. Segment the network (user, server, and management VLANs), restrict traffic with firewalls, and use secure configurations on routers and switches. Add endpoint protection and patch management. Use encryption for data in transit (TLS/VPN) and at rest. Deploy IDS/IPS, DNS filtering, and email security to block malware and command-and-control. Centralize logs in a SIEM for monitoring, alerting, and compliance. Run vulnerability scans and periodic pen tests, then fix findings.
Physical controls protect the gear: locked rooms and racks, badges, cameras, and environmental sensors.
Together, these preventive, detective, and corrective controls reduce risk, limit blast radius, and give the team what it needs to respond quickly when something goes wrong.