May 2023 – Present · 3 yrs · Richmond, British Columbia, Canada · Hybrid

• Conducted comprehensive network and host-based assessments using Red Team methodologies and advanced penetration-testing tools, identified exploitable vulnerabilities, and coordinated remediation aligned with NIST SP 800-115, NIST Cybersecurity Framework, and DoD/DFARS requirements to strengthen system resilience against cyber threats.
• Deployed and managed Rapid7 across Boeing Subsidiary environment: configured scan sites and tailored scan policies to align with organizational risk priorities; enabled credentialed scans on network devices to improve detection accuracy and coverage; and developed custom, risk based reports to support prioritized remediation and continuous monitoring.
• Partnered with cross-functional development teams to strategically address application vulnerabilities, proactively reducing technical debt and improving the security of the software development lifecycle.
• Architected and implemented a secure and resilient Identity, Credential, and Access Management (ICAM) posture by deploying CyberArk Privilege Cloud (SaaS) and enforcing SmartCard/MFA authentication for privileged Windows and Linux user accounts. This initiative secured high-value accounts and mitigated a primary vector for credential-based attacks.
• Created and maintained detailed Threat and Risk diagrams for datacenter environments, applying engineering methodologies to model complex system dependencies and failure points. This documentation supported compliance with NIST SP 800-30 and NIST SP 800-53, enabling stakeholders to visualize risks, prioritize mitigations, and demonstrate security posture for federal requirements.
• Supported security audits and risk assessments, strategically mapping remediation efforts to NIST CSF, NIST SP 800-171/800-53 control families, and DFARS requirements to ensure the protection of Controlled Unclassified Information (CUI).

May 2021 – Mar 2023 · 1 yr 10 mos

• Engineered and deployed a distributed Splunk logging infrastructure with centralized client management and custom dashboards. This platform provided advanced threat detection and generated automated compliance reporting (NIST, DFARS), significantly enhancing the enterprise's security posture and its ability to meet stringent federal requirements.
• Implemented a centralized, secure log collection framework by leveraging Windows Event Collector and Syslog with in-transit TLS encryption. This initiative provided a single pane of glass for security analysis by integrating with Microsoft Sentinel SaaS, thereby dramatically improving threat detection capabilities.
• Architected, built, and deployed an Active Directory reporting framework that was adopted as a corporate standard across multiple Boeing subsidiaries. This framework provides continuous, automated monitoring of privileged accounts, password hygiene, MFA adoption, and security anomalies, directly informing enterprise-wide risk posture.
• Established and implemented a comprehensive service account governance framework, reducing organizational risk by enforcing least-privilege policies and best practices for non-human identities.

Mar 2020 – May 2021 · 1 yr 2 mos

• Engineered and deployed an enterprise access control solution using Cisco Identity Services Engine (ISE), enforcing advanced authentication, authorization, and network monitoring for wired and wireless infrastructure.
• Developed and automated secure provisioning workflows for BYOD devices, including certificate-based enrollment and mobile device management (MDM) integration to enforce security policy from the endpoint.
• Architected and implemented a robust, multi-tier PKI infrastructure, creating a foundation for secure certificate-based authentication, encryption, and digital signatures across the enterprise.
• Secured a virtual desktop infrastructure (VDI) by implementing a federated identity solution (VMware Identity Manager, Okta IDaaS) and a secure gateway (VMware UAG), reducing the attack surface for remote access.
• Enforced a hardened security posture for network devices by deploying TACACS+ with two-factor authentication for administrative access and authorization.
• Led the implementation of a single sign-on (SSO) and MFA framework for multiple applications using SAML, significantly improving security while enhancing user experience.
• Implemented a robust SSL/TLS decryption solution on Palo Alto firewalls, significantly enhancing the visibility and detection capabilities for threats hidden within encrypted traffic.
• Architected and implemented a secure network segmentation strategy to isolate industrial control systems (ICS), directly mitigating risk and preventing lateral movement in the event of a compromise.

Mar 2015 – Mar 2020 · 5 yrs

• Architected and led the development of an Change Management framework for a Boeing subsidiary, creating standardized policies and procedures that improved auditability, risk tracking, and ensured compliance with NIST, ITIL, and DoD cybersecurity change control requirements.
• Engineered and deployed a Zero-Trust security architecture using VMware NSX, implementing micro-segmentation and least-privilege firewall policies to contain threats and prevent lateral movement.
• Led the strategic migration and optimization of security infrastructure, transitioning legacy firewalls to a high-availability Palo Alto Next-Generation Firewall cluster while refining policies to eliminate redundancies and enhance security posture.
• Designed and implemented secure remote access solutions, deploying MFA on Cisco ASA and Palo Alto firewalls. This included federated SAML-based authentication for contractors and clientless web portals for external partners.
• Re-architected and secured a datacenter network with Cisco Nexus switches in a fault-tolerant configuration, migrating from legacy hardware with zero downtime.
• Enforced a hardened security posture for network infrastructure by implementing TACACS+ with MFA for device management and authorization.
• Designed and deployed secure application infrastructure for Internet-facing workloads, implementing web application firewalls to protect against common web-based attacks.
• Designed and implemented a comprehensive DR datacenter, leveraging a multi-vendor stack including VMware, NetApp, and Nutanix for enterprise-wide business continuity.
• Engineered and implemented data protection strategies using a suite of technologies (Veeam, CommVault, NetApp) to ensure the replication and recoverability of VM, CIFS, and NFS data.
• Led and facilitated full-scale DR testing, conducting successful application failovers and table-top exercises to validate recovery procedures, identify procedural gaps, and strengthen organizational resilience.

Jan 2013 – Mar 2015 · 2 yrs 2 mos

• Engineered and maintained highly-available server infrastructure, providing advanced Windows and Linux server administration and support for mission-critical applications.
• Architected and managed a secure, resilient VMware virtual infrastructure to support enterprise-wide operations and business continuity.
• Designed and administered network security architecture, including Cisco Nexus switches, Juniper, and Palo Alto firewalls, to enforce perimeter defense and ensure secure, highly-available network access.
• Managed and optimized NetApp storage systems to ensure data integrity, availability, and enterprise data management.
• Led the design and implementation of highly-available database clusters for Microsoft SQL and Oracle, ensuring continuous operation for core business services.
• Developed enterprise-level SQL Server Reporting Services (SSRS) reports, providing business intelligence critical to management decision-making and operational efficiency.
• Established and enforced IT department standards for SQL Server administration, leveraging industry best practices to reduce organizational risk and enhance security.
• Oversaw the installation and configuration of Java application servers (Oracle Weblogic, JBoss, Tomcat) to host and secure corporate business applications.
• Engineered and deployed an automated system management solution using Microsoft System Center Configuration Manager (SCCM), implementing a centralized framework for asset inventory, application management, patch management, and automated OS deployment.
• Led corporate projects for the implementation, upgrade, and migration of critical business applications, collaborating directly with management and end-user communities to ensure project success and seamless knowledge transfer.