Katy, Texas, United States
I am a Senior Security Engineer with nine years of experience spanning enterprise IT support, network troubleshooting, and systems administration. My background ranges from running operations as a sole systems administrator to serving as the technical cybersecurity review lead for critical infrastructure projects within the NASA Gateway program. Instead of relying on static checklists, I approach cloud and platform defense through an architectural and adversarial lens. I focus on ensuring that complex hybrid networks are structurally hardened against real-world lateral movement and directory exploitation pathways. Core Areas Of Expertise: - Cloud and Identity: Engineering secure Azure sandbox tenants, migrating environments from static security defaults to granular, group-scoped conditional access policies, and enforcing role-based access control schemas inside Entra ID. - SecOps and Monitoring: Evaluating operational technology systems against NIST SP 800-53 and ISO 27001, performing manual source code reviews against NASA 7150.2C standards, and collaborating with Splunk and Dell teams to design data ingestion requirements for dedicated SIEM systems. - Infrastructure Hardening: Configuring Cisco 3850 enterprise switches, maintaining localized VLAN segmentation to isolate wireless traffic, and troubleshooting network infrastructure down to patch panels and active switchports. - Threat Emulation: Validating defensive postures using insights from over 925 hours of dedicated, hands-on penetration testing labs. Technical Toolkit: - Cloud and Identity: Microsoft Azure, Entra ID, Conditional Access Policies, IAM, RBAC, Zero Trust Architecture - SecOps and Automation: Microsoft Sentinel SIEM, Splunk, Live Threat Hunting, Log Ingestion, MITRE ATT&CK, Python, PowerShell - Networking and Systems: Cisco Enterprise Switching, VLAN Segmentation, Windows and Linux Hardening, Active Directory, Infrastructure Support - Governance and Compliance: NIST SP 800-53, ISO 27001, NASA 7150.2C, NIST 800-82 ICS/SCADA, Secure SDLC Auditing Active Pursuits: Microsoft Certified Cloud and AI Security Engineer Associate (SC-500) HTB Certified Penetration Testing Specialist (CPTS) Certified Information Systems Security Professional (CISSP)
Technical Review Lead: Evaluated thousands of pages of network diagrams and infrastructure design plans to verify proper system hardening and network segmentation across spacecraft flight systems, ground stations, and cloud networks. Framework Compliance: Evaluated operational technology (OT) systems and spacecraft against NIST SP 800-53 and ISO 27001 controls to ensure compliance. SIEM Architecture Planning: Partnered directly with Splunk and Dell technical teams to review hardware procurement and data ingestion requirements for a dedicated SIEM monitoring system tracking critical infrastructure. Secure SDLC & Code Review: Performed manual source code reviews and audited software workflows against NASA 7150.2C secure software engineering standards to identify security flaws prior to deployment. Threat Emulation & Modeling: Mapped prospective system designs to MITRE ATT&CK and SPARTA frameworks, utilizing offensive insights from Active Directory exploitation and multi-stage pivoting labs to provide adversarial-based risk assessments.
Systems & Operations Management: Managed daily IT, network, and security operations as the sole IT resource for a campus of 600+ students and 50+ staff, maintaining a 99.9% network uptime. Identity & Access Management (IAM): Provisioned user accounts, structured security groups, and executed credential lifecycle management within Entra ID to enforce strict role-based access control (RBAC) schemas. Network Engineering: Configured Cisco 3850 enterprise switches and maintained localized VLANs to isolate staff, student, and guest wireless network traffic. Physical Layer Troubleshooting: Remediated physical connectivity issues by tracing dead wall drops and remapping patch panels directly to active switchports. Facility & Physical Security: Administered the Raptor guest screening system, the campus alarm network, and localized security camera infrastructure to ensure facility protection. Endpoint Deployment: Deployed campus hardware, configured enterprise laptop endpoints, provisioned classroom VoIP phones, and resolved localized wireless access point and hardware issues.
Technical Tier Progression: Promoted through three technical tiers based on performance, advancing from frontline support to managing complex department escalations and new-hire training pipelines. Server & RF Infrastructure: Troubleshooted and maintained satellite television server infrastructure across commercial properties, managing channel configurations, receiver resets, and RF signal adjustments. Commercial Server Configuration: Configured commercial server environments from templates and scratch, mapping channel distributions to specific QAM values and building custom maps using LG FTG software. Network Triage & Remote Connectivity: Triaged remote connectivity failures caused by ISP modifications, isolating issues at the physical layer, attempting router reconnections, and coordinating with property Wi-Fi vendors. Documentation & Onboarding: Authored a comprehensive technical troubleshooting manual and interactive decision trees on a shared network drive, reducing new hire phone-readiness onboarding time from one month to one week. Logistics Tracking: Logged client interactions and managed hardware replacement logistics for set-top boxes, remotes, and server components within Microsoft Dynamics NAV.
Vulnerability Assessments: Conducted local network security assessments to identify misconfigurations, open ports, and vulnerable entry points in office environments. Endpoint Hardening: Updated office Wi-Fi security protocols and adjusted local kiosk access controls to prevent unauthorized network access. Industrial Control Systems (ICS) Research: Researched Industrial Control Systems security and provided technical hardening recommendations for SCADA systems based on NIST 800-82 guidelines.