Professional Overview
Principal Cybersecurity & IAM Strategist dedicated to navigating complex corporate ecosystems with adaptability and a critical eye. I bring over 15 years of experience securing organizations across diverse industries. Passionate about designing innovative security solutions, implementing scalable systems, and empowering businesses to thrive in an increasingly digital world. Recognized for leadership in IAM, Zero Trust strategies, and enhancing cloud security. Dedicated to creating resilient infrastructures and driving operational excellence.
Professional Experience
Local City Government
City of Chesapeake, VA
- Implemented and managed IAM solutions using One Identity, ADManager Plus, and Microsoft 365, ensuring secure identity governance and streamlined user lifecycle management.
- Conducted forensic security investigations using Secureworks Taegis and Sophos MDR, identifying threat vectors and mitigating security breaches.
- Developed and enforced access control policies, reducing unauthorized access incidents and improving overall security posture.
- Led cloud security initiatives across AWS, Azure, and GCP, aligning security frameworks with NIST 800-53, CIS, and HIPAA compliance standards.
- Designed and managed Microsoft 365 & Exchange Online security policies, leveraging DLP and Abnormal Security to prevent phishing and account takeovers.
- Utilized Python and PowerShell for security automation, streamlining IAM provisioning, auditing, and policy enforcement.
- Integrated One Identity Starling for privileged access management, reducing manual administrative efforts and increasing operational efficiency.
- Performed risk assessments and third-party security evaluations using Bitsight and DRATA to enhance vendor risk management strategies.
- Managed security infrastructure using Palo Alto, Checkpoint Identity Security, and Microsoft Defender for endpoint protection.
- Led incident response efforts, leveraging forensic analysis and security monitoring tools to detect, contain, and remediate cybersecurity threats.
Skills: IAM Solutions 路 One Identity 路 ADManager Plus 路 Microsoft 365 路 Forensic Security 路 Secureworks Taegis 路 Sophos MDR 路 Cloud Security 路 AWS/Azure/GCP 路 NIST Standards 路 Compliance (HIPAA, CIS) 路 PowerShell 路 Python 路 Incident Response
Federal Contractor, Legal Technology Organization
Lexis Nexus / United States Patent and Trademark Office
- Threat Detection Integration: Engineered solutions using CrowdStrike Falcon, Microsoft Defender, Palo Alto, and Checkpoint Identity Security, correlating telemetry across platforms to reduce incident response time by 90%.
- Zero Trust Implementation: Constructed framework with Just-In-Time provisioning and risk-based authentication, reducing standing privileges by 60% while implementing continuous authentication monitoring aligned with NIST 800-207.
- Privileged Access Management: Utilized One Identity Safeguard, Secureworks Taegis, and Sophos MDR in tandem to monitor privileged sessions, detect anomalous behavior, and respond to threats across 500+ hybrid systems.
- IAM Modernization: Migrated legacy platforms to Microsoft Identity Platform and Okta, enabling FIDO2/WebAuthn passwordless authentication, adaptive MFA, and lifecycle automation using PowerShell and Python for 15,000+ users.
- Federated Authentication Integration: Integrated Auth0 into enterprise IAM stack to enable OAuth2/OpenID Connect-based SSO across internal apps, supporting FedRAMP and NIST 800-53-compliant authentication workflows.
- Digital Forensics: Designed and executed forensic response plans using Secureworks Taegis and The Sleuth Kit, implementing NIST 800-86-aligned chain-of-custody workflows to preserve evidence integrity.
- Cloud Security: Led Azure security blueprint development, integrating NIST 800-53, CIS, and HIPAA frameworks, while automating compliance validation and reporting workflows across Microsoft 365.
- Multi-Cloud Security: Implemented consistent security controls and policy enforcement across AWS, Azure, and GCP environments with centralized CSPM integration and automated misconfiguration detection.
- Identity Governance: Unified fragmented IAM tools into enterprise-wide architecture using One Identity, ADManager Plus, and Microsoft Entra ID with AI-driven identity analytics and policy-based provisioning.
- Microsoft 365 Security: Overhauled Exchange Online with DLP, data classification, and conditional access policies to mitigate insider threats and enforce Zero Trust access principles.
Skills: Entra ID 路 Active Directory 路 Azure Active Directory 路 RSA 路 Crowdstrike 路 SSO/MFA 路 Zero Trust Architecture 路 PowerShell 路 Python 路 Bash 路 Windows/Linux Servers 路 PKI 路 NIST/ISO Standards 路 Technical Documentation
Major National Retail Company
Kroger, Technology & Digital Department
- Privileged Access Security: Implemented OneIdentity Safeguard/TPAM, aligning workflows with NIST 800-53 within 6 months and incorporating just-in-time privilege elevation.
- Endpoint Protection: Deployed CrowdStrike Falcon, reducing malware incidents by 45% across 2,000+ endpoints.
- Cloud Identity Management: Engineered security modernization using Entra ID/Azure AD for 12,000+ hybrid users with Kubernetes service identity integration.
- Virtualization Strategy: Standardized infrastructure using VMware vSphere across production and test environments, improving system uptime and reducing operational costs through centralized VM lifecycle management.
- Container Security: Designed pod identity solution for Azure Kubernetes Service (AKS), eliminating the need for static credentials in containerized applications.
- Authentication Modernization: Integrated Okta SSO/MFA across 40+ apps, implementing risk-based authentication, and reducing password-reset tickets.
- Access Control: Streamlined Active Directory with RBAC/conditional access, cutting unauthorized access by 30%.
- Account Lifecycle Management: Automated processes ensuring HIPAA compliance for 20,000+ accounts.
- Global Identity Provisioning: Led implementation for 32,000+ users across US/UK teams, cutting onboarding time by 55%.
- Data Governance: Enhanced security with Varonis, improving audit readiness for SOX/GDPR compliance.
Skills: Microsoft Azure AD/Entra ID 路 OneIdentity Safeguard 路 TPAM 路 CrowdStrike 路 Active Directory 路 Okta 路 SSO/MFA 路 Varonis 路 PowerShell 路 Account Lifecycle Management 路 Technical Debt Management 路 Global Team Collaboration
Federal Contractor
Department of Homeland Security, OCIO, United States Secret Service
- Privileged Access Management: Streamlined CyberArk's PAM workflows, achieving 100% compliance with NIST 800-53.
- Network Security: Deployed Fortinet FortiGate firewalls and micro-segmentation, achieving full CISA Zero Trust compliance.
- Enterprise IAM Strategy: Positioned IAM as the cornerstone of DHS security, integrating Active Directory, OAuth 2.0, and SAML 2.0 for 100+ legacy systems.
- Serverless Security: Implemented secure identity practices for serverless functions in GCP, enabling principle of least privilege with function-level permissions.
- Risk-Based Access Control: Mapped 75+ systems to business-criticality tiers, reducing high-risk privileged accounts by 35%.
- Cloud Migration Security: Orchestrated GCP migration for 50+ on-premises systems, enabling FedRAMP Moderate authorization with comprehensive SIEM integration.
- Identity Governance: Enforced granular access policies via Saviynt across 15,000+ user accounts.
- Security Certification: Spearheaded ISO 27001 certification for DHS's Information Security Management System.
- Agile Development: Utilized Agile, SCRUM, and scripting languages (PowerShell, Python, Java) to enhance system resilience and efficiency in alignment with FISMA compliance and security standards.
Skills: CyberArk 路 Google Cloud Platform (GCP) 路 FISMA Compliance 路 PowerShell 路 Python 路 Java 路 Active Directory 路 OAuth 路 SAML 路 Fortinet 路 Zero Trust Architecture 路 FedRAMP 路 ISO 27001 路 Saviynt 路 Qualys
Non-profit Healthcare
Accessia Healthcare
- Single Sign-On Implementation: Deployed PingFederate and Citrix NetScaler with 99.9% uptime for healthcare applications.
- Privileged Access Security: Spearheaded CyberArk implementation with NIST 800-53-aligned credential vaulting.
- Threat Detection: Engineered Microsoft Defender for Identity integration, reducing unauthorized access incidents by 75%.
- Cloud-Native Security: Implemented identity-aware proxies and service meshes for securing microservices architecture in AWS.
- Identity Architecture: Designed framework integrating Azure AD and PingFederate for 5,000+ hybrid identities.
- Behavioral Authentication: Implemented user and entity behavior analytics (UEBA) to detect compromised credentials and insider threats.
- Secure Communications: Modernized SSL/TLS protocols for 150+ domains, maintaining 100% compliance.
- Risk Management: Led vulnerability assessments aligned with NIST 800-53 and HIPAA standards.
- Compliance Automation: Implemented reporting via PingFederate logs for SOX, GDPR, and HIPAA audits.
Skills: HIPAA/NIST Compliance 路 Vulnerability Assessment 路 Healthcare IT 路 Microsoft Defender 路 MFA Implementation 路 SSL/TLS Management 路 EHR/PACS Systems 路 Auth0 路 CyberArk 路 Regulatory Compliance (SOX, GDPR)
Pharmaceutical Company
Indivior Pharmaceuticals
- Privileged Account Security: Deployed BeyondTrust PAM, securing 1,200+ privileged accounts with SOX-compliant audit controls.
- Conditional Access: Architected role-based, location-based, and device-compliance policies in Microsoft Entra ID.
- Cloud Security: Designed GCP security framework using Google IAM and Security Command Center for real-time threat detection.
- SSO & MFA Integration: Integrated Azure AD/Entra ID to enhance user verification and streamline access management.
- Data Protection: Implemented BitLocker encryption and backup policies to safeguard ePHI across all endpoints.
- Continuous Authentication: Implemented risk-based authentication with context-aware access policies to dynamically adjust security requirements.
- Infrastructure-as-Code Security: Integrated security guardrails into Terraform deployments, ensuring compliance from deployment to runtime.
- Identity Lifecycle Management: Engineered SailPoint provisioning/deprovisioning workflows for 500+ employees.
- Identity Governance: Led SailPoint IdentityNow implementation, enabling centralized governance for distributed workforce.
- Least Privilege Implementation: Mapped 200+ job functions to least-privilege roles, eliminating segregation-of-duties conflicts.
- Mobile Device Security: Designed IAM solutions using Microsoft Intune for secure mobile device management and remote access enforcement.
- Endpoint Protection: Maintained Carbon Black for threat hunting, policy enforcement, and incident response.
Skills: Microsoft Azure AD/Entra ID 路 SSO/MFA 路 BitLocker 路 Microsoft Intune 路 Active Directory 路 Linux Administration 路 SailPoint IdentityNow 路 Google Cloud Platform (GCP) 路 BeyondTrust 路 Carbon Black 路 PowerShell 路 Python
Financial Services
Wells Fargo Bank
- Zero Trust Architecture: Designed the bank's first Zero Trust-aligned IAM framework, reducing policy exceptions by 35%.
- Security Automation: Leveraged Microsoft Defender's auto-remediation capabilities, cutting manual SOC tasks by 30%.
- Customer Authentication: Engineered progressive profiling workflows using ADFS with 99.9% portal uptime.
- Multi-Cloud Security Governance: Implemented consistent identity controls across AWS and Azure environments.
- Regulatory Compliance: Enforced FFIEC and GLBA requirements via SCCM and Office 365 access controls.
- Identity Management: Maintained 12,000+ user accounts across hybrid environments through automated lifecycle workflows.
- Security Training: Conducted staff education on best practices, reducing phishing incident response time.
Skills: IAM Compliance 路 Agile/Waterfall Methodologies 路 Active Directory 路 Office 365 路 SCCM 路 VMware 路 Microsoft Defender 路 Splunk 路 COBOL 路 Security Awareness Training
Digital Security Consulting Firm
Wellsecured IT
- IAM Transformation: Led migration to ForgeRock Identity Management, standardizing identity lifecycle workflows for hybrid environments.
- Access Control: Architected conditional access policies using Microsoft Defender for privileged account management.
- Security Monitoring: Integrated Splunk with IAM tools, achieving ISO/IEC 27001 and NIST 800-53 compliance.
- API Security: Implemented OAuth 2.0 and OpenID Connect protocols for securing cloud-native application APIs.
- Cloud Identity Security: Built AWS IAM roles and encryption protocols across multi-cloud environments.
- Secure Access Solutions: Designed Citrix-based security for financial services clients' mission-critical applications.
- Customer Authentication: Spearheaded Auth0 integration for client-facing portals, balancing security with user experience.
- Security Automation: Partnered with DevOps teams to streamline log analysis and incident response.
Skills: ForgeRock IDM 路 Splunk 路 ISO/IEC 27001 路 NIST Standards 路 Ping Identity 路 Citrix 路 VMware 路 VirtualBox 路 Hyper-V 路 PowerShell 路 AWS 路 Auth0 路 Identity Lifecycle Management
Cybersecurity Consulting Firm
Cloudcentria Security
- Threat Response: Neutralized multi-vector DDoS attacks targeting financial sector clients with 99.99% uptime.
- Identity Integration: Pioneered Azure AD patterns for hybrid environments, adopted by Microsoft partner network.
- Digital Forensics: Led investigation recovering stolen intellectual property, establishing cloud evidence handling protocols.
- Cloud Workload Protection: Implemented comprehensive security for IaaS, PaaS, and serverless deployments across AWS environments.
- Compliance Management: Developed NIST 800-53 and ISO 27001-aligned policies with 100% audit success.
- Vulnerability Management: Scaled Nessus-based assessments to 15,000+ assets in AWS/Azure infrastructure.
- Authentication Unification: Integrated Ping Identity with Okta across SaaS platforms, reducing helpdesk requests.
- Security Training: Educated analysts in Kali Linux penetration testing methodologies for cloud environments.
Skills: Policy Development 路 Kali Linux 路 Penetration Testing 路 Ping Identity 路 Active Directory 路 Azure AD/Entra ID 路 DDoS Mitigation 路 Nessus 路 Digital Forensics 路 The Sleuth Kit 路 Incident Response
PC Repair
uBreakiFix
- Technical Support: Delivered first-level support for hardware, software, and network issues via phone, email, and in-person.
- Incident Management: Assessed and prioritized tickets based on impact and urgency to meet SLA targets.
- Customer Service: Maintained high satisfaction through timely support and detailed documentation of service desk activities.
Skills: Governance, Risk Management, and Compliance (GRC) 路 Strategy and Leadership 路 Technical Proficiency and Innovation 路 Technical Support 路 Hardware/Software Troubleshooting 路 SLA Management
Major National Electronics Retail Company
Circuit City
- Technical Support: Provided troubleshooting for computer and electronic products, resolving hardware and software issues.
- Product Setup: Assisted customers with initial configuration, software installations, and feature explanations.
- Hardware Repair: Conducted basic repairs or coordinated with authorized service providers.
- Inventory Management: Maintained stock of computer accessories and ensured product availability.
- Customer Engagement: Collaborated with sales team to align technology solutions with customer needs.
- Product Knowledge: Stayed current on technology trends and updated demo areas to reflect latest offerings.
Skills: Governance, Risk Management, and Compliance (GRC) 路 Strategy and Leadership 路 Technical Proficiency and Innovation 路 Customer Support 路 Product Knowledge 路 Hardware Repair 路 Inventory Management