Hard problems, handled.
Anonymized engagements showcasing the judgment and the methodology, never the client. Trust and confidentiality come first, always.
Sensitive PII, exposed and closed
Led a full-scope penetration test of a municipal governments internal network. Uncovered 1000s of citizens' unprotected personal records served over an open FTP service. My team ran discovery, documented findings, drove containment, conducted forensic analysis, and engaged with stakeholders, before finally handing the work over to internal investigators.
A tenant compromise, contained
Led incident response for a full tenant compromise event inside a Microsoft 365 and Azure environment | Scoped the intrusion, evicted the threat actors, rebuilt identity hardening from the ground up, conducted after-action-reviews with the client, and provided full documentation from discovery-through-resolution.
A data-security program, operationalized
Designed and operationalized a data-security and regulatory-compliance program for a SaaS platform operating within a heavily regulated industry. That program accounts for all the necessary controls, documentation, evidence, and the real-world security pipelines supporting them. All assets built, documented, and operationalized from zero-to-certification.
Infrastructure, codified
Replaced click-ops drift with reproducible, version-controlled cloud infrastructure inside AWS. Networks, identity controls, automated pipelines, and guardrails defined as code and deployed automagically through robust CI/CD review processes.
An aging network, migrated
Planned and executed a datacenter-to-cloud migration that included full mailbox and identity conversions from on-prem Active Directory & Exchange to Azure & M365 hosting with 0 downtime. Cut spend and tightened security at the same time. Not a lift-and-shift, but a deliberate re-architecture.
End-users, educated
Thousands of users trained directly. The biggest hole in any information security program is the people it's meant to support. Human error accounts for 95% of data breaches world-wide. Traditional security awareness training isn't enough. I build custom training programs using real-world data to keep users sharp-eyed and vigilant...AT ALL TIMES.