Designed, implemented, and enhanced technical and administrative security controls with respect to business need, least privilege, regulatory compliance, and popular frameworks such as NIST CSF, CIS CSC, PCI-DSS, NIST RMF.Created and implemented data lifecycle management programs regarding disaster recovery, classification, sanitization where previous procedures were either nonexistent or insufficient with regards to acceptable risk.Created and managed authentication, authorization, and access for both users and role-based service accounts with technologies like Active Directory, AWS Identity and Access Management (IAM), and multifactor authentication (MFA).Performed risk assessments to help clients correctly identify, assess, and manage risk; strategically planned solutions to lower risk and elevate security baselines with improved standards, policies, and procedures.Evaluated and recommended vendors for various business use cases based on security features and regulatory compliance such as SOC 2, HIPAA, ISO, PCI.Designed and implemented organization-wide email security policies, procedures, and standards regarding DomainKeys Identified Mail, Sender Policy Framework, and Domain Message Authentication Reporting.Designed and implemented monitoring and alerting systems by centralizing observability of logs and metrics from various sources and implementing visibility in the form of dashboards, status pages, and push notifications.Established standards for the encryption of data at rest and data in transit; familiarity with designing for zero trust architectures and how this format should assume there is no longer a traditional network edge (NIST SP 800-207).Acted as purchasing agent and/or subject matter expert in collaboration with business teams making major security and operations budget decisions, and managed third party vendors during security audits and external scanning.

Built, optimized, and secured various network services from the ground up, including but not limited to VoIP SIP/SRTP, SMB, NFS, iSCSI, HTTPS, with codecs and protocols analyzed for security and architecture constraints, including the provisioning and automated renewal of SSL/TLS security certificates on endpoints, middleware, reverse proxies, content delivery networks, etc.Forensics of block data including carving, analysis, restoration, and chain-of-custody and network forensics including packet captures and analysis.Designed and implemented network checkpoints such as bastion servers, authenticating reverse proxies, routing rules, etc. for authorization and access purposes utilizing secure protocols such as SSH, SFTP, SCP, RDP, HTTPS.Analyzed, selected, and engineered traditional and overlay VPN solutions for secure cloud, site-to-site, and client-to-site access utilizing various protocols and encryption schemes such as IPSec, OpenVPN, WireGuard, Zerotier, and AES, ChaCha20, Salsa20, Poly1305, IKEv2, and more.Selected, configured, and coded secure baselines for the automated and scalable provisioning of Linux servers using infrastructure as code (IaC) tools such as Ansible, Cloud-Init, and Terraform. Designed and automated patch/update management solutions for countless items such as endpoints, servers, containers, and other services.Aligned and automated organization-wide backup procedures with business continuity plans including disaster recovery objectives (RTO & RPO).Evaluated container security regarding User ID, Group ID, root permissions, privilege escalation, namespaces, capability additions, NFS, SMB, and ACL persistent storage permissions; coded standards into YAML configuration files for reproducibility, and documented implications for stakeholders.Scripted automated administrative tooling using BASH, such as monitoring, alerting, keepalive, and/or backup processes depending on case need.

Consultant, project manager, architect, and engineer for infrastructure projects. Strategic planning, design, implementation and maintenance of solutions across the majority of business security and technology domains, including on-premises and cloud based infrastructure.Projects included implementation and optimization of Linux and Windows Servers, Storage Services, Networks, Devices, Applications, and SaaS.

Identifying prospects, generating and qualifying leads, creating relationships, and presenting/promoting a wide range of customized technology infrastructure products to a diverse clientele positioned around their unique needs.Created and implemented a Python script for extracting data from proprietary sources in order to automate the scraping and conversion of key data into prospects, effectively generating new leads, while saving hours of manual preparation between the prospecting and qualifying stages of the sales pipeline.

Technology, promotions, and sales positions. Highlights include projects such as V.A. hospital campus audits of Cisco networking equipment as a subcontractor for the U.S. government, and regional management of a campaign that included billboards, television commercials, social and print media, direct mail to thousands of recipients, data extraction, data transformation, and data analysis for the purpose of targeting specific audiences, and point of contact/management of third party vendors.

Systems and network administrator of a multi-seat Active Directory lab with two on-premises Windows Servers, tape backup, hardware licensed software, network file servers, printers, and other network peripherals.Responsibilities included Windows Server (x2 in HA/failover), identity management (AD), security access policies (network shares, user policies, group policy objects, file security (ACL) permissions), roaming profiles, TCP/IP networking and subnetting, hardware configuration (SCSI and other interfaces), direct IP printers, print servers, tape backup, website design and development, IIS web/FTP hosting, software installation, configuration, and licensing.