Washington DC-Baltimore Area
I am an IT system engineer with over twenty years of experience in designing, implementing, and managing IT systems, ranging from single servers to complete SAAS solutions. Experienced in Scrum and Kanban.
• Worked extensively across teams and organizations to revamp the firm’s identity posture by designing, configuring, and implementing Okta as the firm’s primary identity provider. Okta was successfully deployed to all firm employees resulting in an increased security posture and additional visibility into user actions that were not previously possible. • Guided the Information Technology department in the enrollment of over 2,500 users into modern multifactor authentication via Okta Verify. A key metric was that all users were successfully enrolled into modern MFA over six weeks and a legacy MFA provider was deprecated effectively reducing the firm’s attack surface. • Mentored and provided guidance in the migration of authentication from ADFS to Okta for over 25 applications, with minimal interruption to users. This project effectively served as an access certification for the applications that resulted in the removal of many overprivileged users. • Led and supervised the segmentation and isolation of users into a separate Entra ID tenant. • Routinely identified, analyzed, and cataloged risks throughout the firm’s technology stack resulting in a higher security posture. • Established a solution to record and track the remediation of risky configurations and vulnerabilities. This led to increase accountability throughout the organization. • Served as the Subject Matter Expert for Identity and Access Management and regularly performed access reviews to ensure cyber hygiene and security principles are maintained across the firm’s identity providers. • Steered engineers on how to integrate and maintain secure engineering practices over the course of a project’s lifecycle. • Regularly reviewed system designs and proposals to ensure they follow cyber security best practices and align with the firm’s enterprise architecture. • Acted as a trusted advisor for information technology engineers on a regular basis.
• Led a high performing team in the adoption and implementation of Microsoft 365. • Lead engineer for Identity Access Management initiative to consolidate and standardize identity management. • Created and fostered a culture of cooperation, collaboration, and transparency between several historically siloed teams. • Acted as architect and scrum master for an initiative to modernize NVR’s workstations. In a compressed period, I directed a team of engineers in reducing the number of third-party agents by deploying Microsoft Defender for Endpoint and BitLocker across 6,000 systems with minimal user interruption. • Directed the onboarding of over 5000 Windows 10 devices into Microsoft Endpoint Manager (Intune). • Developed a risk-based strategy to deploy and manage Windows feature and security updates using deployment rings. We remotely upgraded over 5500 Windows 10 workstation to 20H2 as a result. • Implemented Privileged Identity Management to tighten privileged access to Microsoft 365. We introduced the principle of least privilege and just-in-time access. • Designed and implemented the deployment of Microsoft Defender for Cloud Apps increasing visibility into user activities, uncovered shadow IT, and secured access to systems by enforcing conditional access app control on several Microsoft 365 services. • Hardened Active Directory by implementing Microsoft Defender for Identity. • Acted as design authority for all changes to the Microsoft 365 platform to ensure conformity with our engineering processes and standards. • Managed and mentored engineers that are SMEs in specific M365 subject areas. I ensured that they received the proper training so they could be experts in their subject areas while also being educated in subject areas in which they were not directly responsible for. • Served as a member of the Architectural Review Board to ensure that all changes to the NVR IT Infrastructure are in alignment with the current IT strategy.
• Lead engineer for the configuration, implementation, and management of Azure AD. A key activity for this effort included implementing device-based conditional access. This was achieved by joining over 5000 Windows 10 systems to Azure AD. • Lead engineer and mentor for Microsoft Azure. A key effort included the migration of an application from a third-party vendor to Microsoft Azure. • Managed the organization’s Identity and Access Management effort, which integrated several internal and SAAS applications with Okta. • Designed and implemented Desktop Single Sign On (SSO), Multifactor Authentication (MFA), and Device Trust via Okta to over 5000 users and systems. • Subject Matter Expert for Active Directory and Windows-based servers. • Managed over 500 virtual machines using VMware vCenter spread over three datacenters. • Designed and deployed a Citrix Virtual Apps and Desktops (XenApp) farm to 120 users and implemented FsLogix to manage user profiles. • Designed and deployed Citrix Provisioning (PVS) for 80 VDI users. • Designed, managed, and maintained Citrix ADC (Netscaler) for company-wide VPN access. A key activity for this effort included the scaling up of resources and a re-design in preparation of Covid-19 work from home. • Implement a Privileged Access Management (PAM) solution for all users that required privileged access to NVR infrastructure. • Conducted regular mentoring to junior staff to foster a culture of innovation and collaboration. • Regularly created and updated system runbooks and documented routine system management tasks. • Developed familiarity and experience with several modern platforms and systems, including JIRA and Confluence. • Routinely worked across teams to coordinate and perform tier two and three support tasks as needed. • Regularly functioned as the manager on duty to handle escalations and communications with the business in the event of critical incidents.
• Technical lead for the design, implementation, and management of the iManage FileSite document management system (DMS). • Routinely worked with accounting team to provide support and coordination of maintenance for Elite Enterprise and Elite Document Studio. • Performed litigation support tasks such as loading data into Concordance and vendor coordination. • Technical lead in a proposal for the automation of firm processes and workflows. A key activity for this project included working directly with decision makers, and users to analyze the targeted processes and document them. • Expertly and routinely provided tier two and three support to firm and IT users. Maintained accountability and responsibility for all IT incidents. • Routinely worked with telephony vendors to troubleshoot transmission issues with sending or receiving client communications. • Designed, implemented, and routinely tested a comprehensive business continuity/disaster recovery (DR) plan for the firm. • Designed, implemented, and maintained Citrix XenApp and Netscaler to allow remote users and branch offices to connect to network resources securely. • Significantly increased the performance and stability of the firm’s applications and network within six months of being hired. • Routinely updated system documentation and provided mentoring to junior staff. • Technologies Used: Windows Server 2008 R2, Microsoft SQL Server 2008 R2, Microsoft Exchange 2010, Windows 7, Windows XP, Microsoft Office 2010, Citrix XenApp, Citrix Netscaler, iManage Filesite, Opentext Rightfax, McAfee E-Policy Orchestrator, Symantec Anti-Virus, GFI MailEssentials, WSUS, CA Arcserve Backup and RHA, Acronis Backup and Recovery, Barracuda Web Filter, Aruba WIFI controller, IPDAS, Concordance, Sophos Endpoint Protection, Fortigate.
I was both the systems administrator and office manager and was responsible for daily office operations and for IT infrastructure development and support. • Initial Build Out – Planned, designed, implemented, and managed a rapid turnkey office build-out within two months of being hired. Implemented an Active Directory infrastructure with Exchange 2007. Contracted out a phone system and security system installation. • Vendor Management - Evaluated and selected vendors ranging from IT hardware and security systems to office furniture. • Emergency Plans – Implemented various IT and physical security policies to ensure the safety and compliance standards of the organization. • Phone numbers – Matched all DID numbers with mobile phone numbers. Enabled feature on phone switch that allowed desk phones to ring to mobile phones. Ensured that the SLN of the DID’s matched the SLN of the mobile phone number. Technologies Used: Windows Server 2003, Windows XP, Microsoft Exchange 2007, Blackberry Enterprise Server, Symantec Ghost, Cisco ASA, Symantec Antivirus, WSUS, Avaya IP Office, Symantec BackupExec, OnTrack PowerContols.
I was the first full-time on-site system administrator for the organization; I was responsible for managing all technology and office assets. • Service/Vendor consolidation – Identified efficiencies in the IT budget resulting in an overall reduction of 25% by consolidating vendors and services. • Standardization – Standardized all desktops and laptops to run on a single platform to streamline IT management. • Office Move – Coordinated and completed the build-out of a new office space, and the transfer of all equipment to the new office location. Installed new telephony lines. Evaluated AV vendors and contracted for the installation of an AV system. • Annual Conference – Developed and implemented a new IT plan for conferences that led to a reduction in event costs. Technologies Used: Windows Server 2003, Window XP, Microsoft Exchange 2003, Blackberry Enterprise Server, Cisco PIX, Symantec AntiVirus, Symantec Ghost, Avaya Definity, Audix, HP printer repair