Professional Overview
Principal Cybersecurity & IAM Strategist dedicated to navigating complex corporate ecosystems with adaptability and a critical eye. I bring over 15 years of experience securing organizations across diverse industries. Passionate about designing innovative security solutions, implementing scalable systems, and empowering businesses to thrive in an increasingly digital world. Recognized for leadership in IAM, Zero Trust strategies, and enhancing cloud security. Dedicated to creating resilient infrastructures and driving operational excellence.
Professional Experience
Local City Government
City of Chesapeake, VA
-
Implemented and managed IAM solutions using One Identity, ADManager Plus, and Microsoft 365, ensuring secure identity governance and streamlined user lifecycle management.
-
Conducted forensic security investigations using Secureworks Taegis and Sophos MDR, identifying threat vectors and mitigating security breaches.
-
Developed and enforced access control policies, reducing unauthorized access incidents and improving overall security posture.
-
Led cloud security initiatives across AWS, Azure, and GCP, aligning security frameworks with NIST 800-53, CIS, and HIPAA compliance standards.
-
Designed and managed Microsoft 365 & Exchange Online security policies, leveraging DLP and Abnormal Security to prevent phishing and account takeovers.
-
Utilized Python and PowerShell for security automation, streamlining IAM provisioning, auditing, and policy enforcement.
-
Integrated One Identity Starling for privileged access management, reducing manual administrative efforts and increasing operational efficiency.
-
Performed risk assessments and third-party security evaluations using Bitsight and DRATA to enhance vendor risk management strategies.
-
Managed security infrastructure using Palo Alto, Checkpoint Identity Security, and Microsoft Defender for endpoint protection.
-
Led incident response efforts, leveraging forensic analysis and security monitoring tools to detect, contain, and remediate cybersecurity threats.
Skills: IAM Solutions · One Identity · ADManager Plus · Microsoft 365 · Forensic Security · Secureworks Taegis · Sophos MDR · Cloud Security · AWS/Azure/GCP · NIST Standards · Compliance (HIPAA, CIS) · PowerShell · Python · Incident Response
Leading Global Legal Information & Analytics Provider + Federal Intellectual Property Governing Authority
LexisNexis / United States Patent and Trademark Office
-
Threat Detection Integration:
Engineered solutions using CrowdStrike Falcon, Microsoft Defender, Palo Alto, and Checkpoint Identity Security, correlating telemetry across platforms to
reduce incident response time by 90%
.
-
Zero Trust Implementation:
Constructed framework with Just-In-Time provisioning and risk-based authentication,
reducing standing privileges by 60%
while implementing continuous authentication monitoring aligned with NIST 800-207.
-
Privileged Access Management:
Utilized One Identity Safeguard, Secureworks Taegis, and Sophos MDR in tandem to monitor privileged sessions, detect anomalous behavior, and respond to threats across
500+ hybrid systems
.
-
IAM Modernization:
Migrated legacy platforms to Microsoft Identity Platform and Okta, enabling FIDO2/WebAuthn passwordless authentication, adaptive MFA, and lifecycle automation using PowerShell and Python for
15,000+ users
.
-
Federated Authentication Integration:
Integrated Auth0 into enterprise IAM stack to enable OAuth2/OpenID Connect-based SSO across internal apps, supporting FedRAMP and NIST 800-53-compliant authentication workflows.
-
Digital Forensics:
Designed and executed forensic response plans using Secureworks Taegis and The Sleuth Kit, implementing NIST 800-86-aligned chain-of-custody workflows to preserve evidence integrity.
-
Cloud Security:
Led Azure security blueprint development, integrating NIST 800-53, CIS, and HIPAA frameworks, while automating compliance validation and reporting workflows across Microsoft 365.
-
Multi-Cloud Security:
Implemented consistent security controls and policy enforcement across AWS, Azure, and GCP environments with centralized CSPM integration and automated misconfiguration detection.
-
Identity Governance:
Unified fragmented IAM tools into enterprise-wide architecture using One Identity, ADManager Plus, and Microsoft Entra ID with AI-driven identity analytics and policy-based provisioning.
-
Microsoft 365 Security:
Overhauled Exchange Online with DLP, data classification, and conditional access policies to mitigate insider threats and enforce Zero Trust access principles.
Skills: Entra ID · Active Directory · Azure Active Directory · RSA · Crowdstrike · SSO/MFA · Zero Trust Architecture · PowerShell · Python · Bash · Windows/Linux Servers · PKI · NIST/ISO Standards · Technical Documentation
Fortune 50 Retail Technology & Innovation Center
Kroger, Technology & Digital Department
-
Privileged Access Security:
Implemented OneIdentity Safeguard/TPAM, aligning workflows with NIST 800-53 within
6 months
and incorporating just-in-time privilege elevation.
-
Endpoint Protection:
Deployed CrowdStrike Falcon,
reducing malware incidents by 45%
across 2,000+ endpoints.
-
Cloud Identity Management:
Engineered security modernization using Entra ID/Azure AD for
12,000+ hybrid users
with Kubernetes service identity integration.
-
Virtualization Strategy:
Standardized infrastructure using VMware vSphere across production and test environments, improving system uptime and reducing operational costs through centralized VM lifecycle management.
-
Container Security:
Designed pod identity solution for Azure Kubernetes Service (AKS), eliminating the need for static credentials in containerized applications.
-
Authentication Modernization:
Integrated Okta SSO/MFA across
40+ apps
, implementing risk-based authentication, and reducing password-reset tickets.
-
Access Control:
Streamlined Active Directory with RBAC/conditional access,
cutting unauthorized access by 30%
.
-
Account Lifecycle Management:
Automated processes ensuring HIPAA compliance for
20,000+ accounts
.
-
Global Identity Provisioning:
Led implementation for
32,000+ users
across US/UK teams,
cutting onboarding time by 55%
.
-
Data Governance:
Enhanced security with Varonis, improving audit readiness for SOX/GDPR compliance.
Skills: Microsoft Azure AD/Entra ID · OneIdentity Safeguard · TPAM · CrowdStrike · Active Directory · Okta · SSO/MFA · Varonis · PowerShell · Account Lifecycle Management · Technical Debt Management · Global Team Collaboration
Elite Federal Law Enforcement Technology Division
Department of Homeland Security, OCIO, United States Secret Service
-
Privileged Access Management:
Streamlined CyberArk's PAM workflows, achieving
100% compliance
with NIST 800-53.
-
Network Security:
Deployed Fortinet FortiGate firewalls and micro-segmentation, achieving full CISA Zero Trust compliance.
-
Enterprise IAM Strategy:
Positioned IAM as the cornerstone of DHS security, integrating Active Directory, OAuth 2.0, and SAML 2.0 for
100+ legacy systems
.
-
Serverless Security:
Implemented secure identity practices for serverless functions in GCP, enabling principle of least privilege with function-level permissions.
-
Risk-Based Access Control:
Mapped
75+ systems
to business-criticality tiers,
reducing high-risk privileged accounts by 35%
.
-
Cloud Migration Security:
Orchestrated GCP migration for
50+ on-premises systems
, enabling FedRAMP Moderate authorization with comprehensive SIEM integration.
-
Identity Governance:
Enforced granular access policies via Saviynt across
15,000+ user accounts
.
-
Security Certification:
Spearheaded ISO 27001 certification for DHS's Information Security Management System.
-
Agile Development:
Utilized Agile, SCRUM, and scripting languages (PowerShell, Python, Java) to enhance system resilience and efficiency in alignment with FISMA compliance and security standards.
Skills: CyberArk · Google Cloud Platform (GCP) · FISMA Compliance · PowerShell · Python · Java · Active Directory · OAuth · SAML · Fortinet · Zero Trust Architecture · FedRAMP · ISO 27001 · Saviynt · Qualys
National Patient Assistance Organization (Non-Profit)
Accessia Healthcare
-
Single Sign-On Implementation:
Deployed PingFederate and Citrix NetScaler with
99.9% uptime
for healthcare applications.
-
Privileged Access Security:
Spearheaded CyberArk implementation with NIST 800-53-aligned credential vaulting.
-
Threat Detection:
Engineered Microsoft Defender for Identity integration,
reducing unauthorized access incidents by 75%
.
-
Cloud-Native Security:
Implemented identity-aware proxies and service meshes for securing microservices architecture in AWS.
-
Identity Architecture:
Designed framework integrating Azure AD and PingFederate for
5,000+ hybrid identities
.
-
Behavioral Authentication:
Implemented user and entity behavior analytics (UEBA) to detect compromised credentials and insider threats.
-
Secure Communications:
Modernized SSL/TLS protocols for
150+ domains
, maintaining 100% compliance.
-
Risk Management:
Led vulnerability assessments aligned with NIST 800-53 and HIPAA standards.
-
Compliance Automation:
Implemented reporting via PingFederate logs for SOX, GDPR, and HIPAA audits.
Skills: HIPAA/NIST Compliance · Vulnerability Assessment · Healthcare IT · Microsoft Defender · MFA Implementation · SSL/TLS Management · EHR/PACS Systems · Auth0 · CyberArk · Regulatory Compliance (SOX, GDPR)
Global Specialty Pharmaceutical Company – Addiction Science Focus
Indivior Pharmaceuticals
-
Privileged Account Security:
Deployed BeyondTrust PAM, securing
1,200+ privileged accounts
with SOX-compliant audit controls.
-
Conditional Access:
Architected role-based, location-based, and device-compliance policies in Microsoft Entra ID.
-
Cloud Security:
Designed GCP security framework using Google IAM and Security Command Center for real-time threat detection.
-
SSO & MFA Integration:
Integrated Azure AD/Entra ID to enhance user verification and streamline access management.
-
Data Protection:
Implemented BitLocker encryption and backup policies to safeguard ePHI across all endpoints.
-
Continuous Authentication:
Implemented risk-based authentication with context-aware access policies to dynamically adjust security requirements.
-
Infrastructure-as-Code Security:
Integrated security guardrails into Terraform deployments, ensuring compliance from deployment to runtime.
-
Identity Lifecycle Management:
Engineered SailPoint provisioning/deprovisioning workflows for
500+ employees
.
-
Identity Governance:
Led SailPoint IdentityNow implementation, enabling centralized governance for distributed workforce.
-
Least Privilege Implementation:
Mapped
200+ job functions
to least-privilege roles, eliminating segregation-of-duties conflicts.
-
Mobile Device Security:
Designed IAM solutions using Microsoft Intune for secure mobile device management and remote access enforcement.
-
Endpoint Protection:
Maintained Carbon Black for threat hunting, policy enforcement, and incident response.
Skills: Microsoft Azure AD/Entra ID · SSO/MFA · BitLocker · Microsoft Intune · Active Directory · Linux Administration · SailPoint IdentityNow · Google Cloud Platform (GCP) · BeyondTrust · Carbon Black · PowerShell · Python
Top 5 U.S. Banking & Financial Services Corporation
Wells Fargo Bank
-
Zero Trust Architecture:
Designed the bank's first Zero Trust-aligned IAM framework,
reducing policy exceptions by 35%
.
-
Security Automation:
Leveraged Microsoft Defender's auto-remediation capabilities,
cutting manual SOC tasks by 30%
.
-
Customer Authentication:
Engineered progressive profiling workflows using ADFS with
99.9% portal uptime
.
-
Multi-Cloud Security Governance:
Implemented consistent identity controls across AWS and Azure environments.
-
Regulatory Compliance:
Enforced FFIEC and GLBA requirements via SCCM and Office 365 access controls.
-
Identity Management:
Maintained
12,000+ user accounts
across hybrid environments through automated lifecycle workflows.
-
Security Training:
Conducted staff education on best practices, reducing phishing incident response time.
Skills: IAM Compliance · Agile/Waterfall Methodologies · Active Directory · Office 365 · SCCM · VMware · Microsoft Defender · Splunk · COBOL · Security Awareness Training
Enterprise-Level IT Security Solutions Provider
Wellsecured IT
-
IAM Transformation:
Led migration to ForgeRock Identity Management, standardizing identity lifecycle workflows for hybrid environments.
-
Access Control:
Architected conditional access policies using Microsoft Defender for privileged account management.
-
Security Monitoring:
Integrated Splunk with IAM tools, achieving ISO/IEC 27001 and NIST 800-53 compliance.
-
API Security:
Implemented OAuth 2.0 and OpenID Connect protocols for securing cloud-native application APIs.
-
Cloud Identity Security:
Built AWS IAM roles and encryption protocols across multi-cloud environments.
-
Secure Access Solutions:
Designed Citrix-based security for financial services clients' mission-critical applications.
-
Customer Authentication:
Spearheaded Auth0 integration for client-facing portals, balancing security with user experience.
-
Security Automation:
Partnered with DevOps teams to streamline log analysis and incident response.
Skills: ForgeRock IDM · Splunk · ISO/IEC 27001 · NIST Standards · Ping Identity · Citrix · VMware · VirtualBox · Hyper-V · PowerShell · AWS · Auth0 · Identity Lifecycle Management
Premier Cloud Cybersecurity Firm
Cloudcentria Security
-
Threat Response:
Neutralized multi-vector DDoS attacks targeting financial sector clients with
99.99% uptime
.
-
Identity Integration:
Pioneered Azure AD patterns for hybrid environments, adopted by Microsoft partner network.
-
Digital Forensics:
Led investigation recovering stolen intellectual property, establishing cloud evidence handling protocols.
-
Cloud Workload Protection:
Implemented comprehensive security for IaaS, PaaS, and serverless deployments across AWS environments.
-
Compliance Management:
Developed NIST 800-53 and ISO 27001-aligned policies with
100% audit success
.
-
Vulnerability Management:
Scaled Nessus-based assessments to
15,000+ assets
in AWS/Azure infrastructure.
-
Authentication Unification:
Integrated Ping Identity with Okta across SaaS platforms, reducing helpdesk requests.
-
Security Training:
Educated analysts in Kali Linux penetration testing methodologies for cloud environments.
Skills: Policy Development · Kali Linux · Penetration Testing · Ping Identity · Active Directory · Azure AD/Entra ID · DDoS Mitigation · Nessus · Digital Forensics · The Sleuth Kit · Incident Response
National Tech Repair & Services Franchise
uBreakiFix
-
Technical Support:
Delivered first-level support for hardware, software, and network issues via phone, email, and in-person.
-
Incident Management:
Assessed and prioritized tickets based on impact and urgency to meet SLA targets.
-
Customer Service:
Maintained high satisfaction through timely support and detailed documentation of service desk activities.
Skills: Governance, Risk Management, and Compliance (GRC) · Strategy and Leadership · Technical Proficiency and Innovation · Technical Support · Hardware/Software Troubleshooting · SLA Management
Former Fortune 500 Consumer Electronics Retailer
Circuit City
-
Technical Support:
Provided troubleshooting for computer and electronic products, resolving hardware and software issues.
-
Product Setup:
Assisted customers with initial configuration, software installations, and feature explanations.
-
Hardware Repair:
Conducted basic repairs or coordinated with authorized service providers.
-
Inventory Management:
Maintained stock of computer accessories and ensured product availability.
-
Customer Engagement:
Collaborated with sales team to align technology solutions with customer needs.
-
Product Knowledge:
Stayed current on technology trends and updated demo areas to reflect latest offerings.
Skills: Governance, Risk Management, and Compliance (GRC) · Strategy and Leadership · Technical Proficiency and Innovation · Customer Support · Product Knowledge · Hardware Repair · Inventory Management
Enterprise IAM Implementations & Consulting Engagements
Fortune 500 Apparel and Lifestyle Merchandiser
Lands' End
- Directory Authentication Implementation
Environment:
Ping Identity, Active Directory, LDAP, PowerShell, ServiceNow ITSM, OAuth 2.0
-
Designed and implemented a specialized authentication directory with selective attribute filtering for secure external partner access.
-
Built PingFederate authentication policies with core MFA capabilities that balanced security requirements with usability.
-
Implemented essential OpenID Connect components for customer-facing applications, enhancing digital shopping experience.
-
Articulated practical security recommendations that aligned IAM strategy with business objectives for leadership approval.
-
Created integrated troubleshooting tools for the helpdesk with ServiceNow ITSM integration, reducing resolution time for common issues.
Top U.S. Automotive Retailer and Fortune 500 Company
Lithia Motors
- Enterprise Provisioning Automation
Environment:
Entra ID, PowerShell 7, ServiceNow CMDB, Azure Event Hub, Defender EDR, KQL queries
-
Developed comprehensive PowerShell scripts that automated provisioning for
15,000+ user accounts
across two business units, demonstrating a
60% reduction in processing time
.
-
Created custom Azure Log Analytics workspaces to monitor critical provisioning workflows, giving real-time visibility into account creation.
-
Implemented standardized workflows between US and UK IT teams, establishing consistent provisioning practices across regions.
-
Remediated key technical debt issues from legacy provisioning practices and implemented Defender EDR policies that improved security posture.
-
Built automated compliance reporting using KQL queries against Azure Sentinel data, providing leadership with actionable metrics.
Major Federal Veterans Services Agency
Department of Veterans Affairs
- ICAM Security Analysis
Environment:
SailPoint IdentityIQ, OKTA Lifecycle Management, CyberArk PAM, Azure Log Analytics, Winlogbeat, JIRA
-
Conducted comprehensive analysis of privileged accounts across Federal systems, using CyberArk PAM to identify and categorize security gaps.
-
Created automated reports that helped the team identify and remediate non-PIV compliant accounts,
improving compliance metrics by 35%
.
-
Designed integration approach between SailPoint and OKTA platforms, establishing the foundation for streamlined identity governance.
-
Implemented CyberArk policies aligned with Azure AD Conditional Access rules, enhancing security while maintaining operational efficiency.
-
Established centralized logging for key identity events via Azure Event Hub, creating a unified view of authentication activities.
Global Nuclear Energy Company and Pioneer in Power Technologies
Westinghouse Electric Company
- Cloud IAM Implementation
Environment:
Azure Entra ID, ADFS, Conditional Access, Azure Sentinel, Defender for Cloud, ServiceNow ITSM
-
Designed and implemented a federated identity architecture enabling secure nuclear data processing in the initial cloud environment.
-
Built a multi-factor authentication solution using Azure AD that met nuclear industry security standards for the first phase of deployment.
-
Implemented comprehensive Conditional Access policies covering all critical access scenarios for cloud resources.
-
Worked directly with product owners to deploy Just-In-Time access through Privileged Identity Management for administrator accounts.
-
Created and executed a thorough security testing protocol ensuring compliance with regulatory requirements for the initial deployment.
Prominent Mid-Atlantic Municipal Government
City of Chesapeake, VA
- Identity Threat Protection Implementation
Environment:
CrowdStrike Falcon Identity Protection, Active Directory, Azure Sentinel, Elastic Logstash, NXlog, Palo Alto Firewalls
-
Integrated CrowdStrike Falcon with existing identity systems, establishing real-time monitoring of authentication activities.
-
Implemented comprehensive Active Directory security controls, including a tiered administrative model for privileged access.
-
Configured NXlog agents on domain controllers to forward authentication events to a central repository with basic analytics rules.
-
Developed a practical role-based access control framework for critical municipal systems, balancing security with operational needs.
-
Created and delivered focused training sessions for IT staff on identity threat detection using real-world attack scenarios.