Actively Seeking

Ronnie Bailey

Identity Security Director

15 years shaping how enterprise organizations secure, govern, and scale identity. Across Fortune 500 firms, federal agencies, and critical infrastructure, the work has always been the same at its core: make identity the thing that holds when everything else is under pressure.

Let's Connect

Perspective

The hardest problems in identity are rarely technical. The technical problems have answers. The hard problems are organizational: nobody owns the policy, the accountability structure was never defined, the exception became the rule, and by the time someone notices the debt is structural.

My value is in knowing how to walk into an environment where identity was built by ten different people over ten years and make it coherent, defensible, and owned.

Zero Trust is often used as a buzzword. In practice it is a posture you earn incrementally by making every access decision explicit and every privilege temporary. That is the difference between an organization that knows its exposure and one that finds out during an incident.

The most important work I do is translate. Technology decisions that are not understood by the people who fund them get defunded when priorities shift. Risk that is not legible to a CISO or a board does not get mitigated and usually ends up inherited by the next team. I own these programs end to end: governance, Zero Trust architecture, privileged access, federation, lifecycle management, and the CISO conversation that ties it all together. I can design the framework and I can also open a sign-in log and find what is breaking before it becomes an incident.

Professional Experience

Enterprise IAM Program Director
iHeartMedia
Full-time 06/2025 – Present
iHeartMedia is the number one audio company in America, reaching 9 out of 10 Americans every month. The corporate portfolio includes Katz Media Group, representing over 3,500 radio stations and 450 television stations nationally; Triton Digital, a global audio ad-tech SaaS platform operating across more than 50 countries; Premiere Networks, the largest radio syndication company in the United States; and a broad set of subsidiary brands spanning broadcast, podcast production, digital streaming, and national advertising sales. The identity environment reflects that scale and complexity, with multiple business units, multiple technology stacks, and multiple regulatory and operational requirements all converging on a single identity infrastructure. Brought in to own core identity security components across the enterprise IAM program, inheriting a fragmented environment with inconsistent controls, unclear ownership, and limited coordination across security, identity, and compliance functions.
  • Own core identity security components across the enterprise IAM program for a hybrid workforce of more than 30,000 users spanning iHeartMedia, Katz Media Group, Triton Digital, Premiere Networks, and subsidiary brands across broadcast, ad-tech, syndication, and media representation.
  • Aligned security, IT, HR, and business stakeholders across a multi-subsidiary portfolio to drive identity maturity and risk reduction, establishing structured cross-functional communication between identity, SOC, and GRC teams that had historically operated in silos with limited coordination between them.
  • Defined and maintained the IAM ownership model and RACI framework, assigning policy ownership, formalizing escalation paths, and creating cross-functional accountability across security, engineering, and business teams that had previously managed identity-related responsibilities independently.
  • Directed Conditional Access strategy and enforcement across a 60-policy estate aligned to Zero Trust, governing controls that spanned biometric authentication, geofencing, device compliance, MFA enforcement, and risk-based access decisions across a workforce spanning broadcast operations, podcast production, digital ad-tech, and national advertising sales.
  • Managed Mobile Application Management and Microsoft Defender Cloud Security policies across the enterprise, extending identity-aware access controls and security enforcement beyond traditional perimeter boundaries across the full corporate portfolio.
  • Identified a persistent pattern of onboarding failures tied to gaps in conditional evaluation logic, including delayed start dates, mismatched HR status in Workday, and incomplete downstream system readiness. Designed and implemented decisioning and alerting logic in Azure Logic Apps that eliminated manual provisioning delays and brought the onboarding process into alignment with actual business workflows.
  • Re-established enterprise identity governance and lifecycle controls across HRIS-integrated systems after persistent data integrity failures were traced to UPN normalization conflicts between Workday attributes and downstream system expectations. The root cause had been producing silent provisioning breakdowns, dynamic group membership failures, and access control gaps across the environment. Resolved the conflicts and restored provisioning integrity and access governance across Entra ID and connected enterprise systems.
  • Defined and drove enterprise authentication and federation standards across critical business platforms including Workday, Genea, and GCP-integrated systems, resolving authentication failures involving claims mapping mismatches, token misconfiguration, certificate trust issues, and identity normalization conflicts that had been causing outages across subsidiary identity boundaries.
  • Own the federation certificate lifecycle across all enterprise trust relationships, implementing proactive rotation processes that eliminated emergency renewals and prevented authentication outages tied to expired signing certificates across business-critical applications.
  • Inherited a degraded privileged access posture and restructured the enterprise PAM strategy using BeyondTrust and Entra ID PIM, eliminating standing privilege and enforcing just-in-time access and credential governance across all administrative tiers.
  • Designed approval workflows, session monitoring, and auditability processes that significantly improved organizational visibility into privileged activity and closed gaps left by the previous access control posture.
  • Govern secrets and credential management across BeyondTrust Secrets Safe, Password Safe, and Azure Key Vault, enforcing rotation policies, access controls, and auditability for privileged and non-human identities across a multi-subsidiary environment where service account sprawl had accumulated without governance.
  • Administered physical access governance through Genea, ensuring badge provisioning, access entitlements, and user lifecycle remained aligned with identity records across the enterprise.
  • Governs cross-boundary identity and access for international business partners and third-party collaborators across Triton Digital's global operations spanning more than 50 countries, managing federation trust, entitlement scoping, and access lifecycle across non-employee identity populations.
  • Managed identity governance for sensitive and high-profile personnel categories requiring elevated privacy controls, restricted administrative access, and non-standard lifecycle handling across the enterprise directory.
  • Investigated and resolved service account misuse tied to operational systems, enforcing separation between interactive and non-interactive access patterns and closing privileged access risks that had accumulated under the previous ownership.
  • Serve as the senior technical escalation authority for IAM incidents across a workforce of more than 30,000 users, resolving AADSTS errors, Conditional Access misconfigurations, federation trust breakdowns, and access outages when standard support paths and resolution workflows cannot close the incident.
  • Deliver weekly identity risk reporting directly to the CISO, translating technical exposure into prioritized business decisions with clear ownership, accountability, and measurable risk reduction.
Skills: Entra ID · Active Directory · BeyondTrust PAM · Azure Logic Apps · AWS IAM · Google Cloud Identity · Workday · SAML · OIDC · Azure Key Vault · Conditional Access · Entra ID PIM · Microsoft Defender · MAM · PowerShell · Python · Zero Trust · SCIM · ServiceNow · Genea
Identity Security Director
LexisNexis / United States Patent and Trademark Office
Contract | Public Trust Clearance 04/2024 – 06/2025
LexisNexis is a global provider of legal, regulatory, and business information and analytics serving customers in more than 150 countries with a workforce of about 10,000 employees and annual revenue of approximately 2.2 billion dollars. Part of RELX Group, the company serves law firms, corporations, government agencies, and academic institutions through platforms including Lexis Advance and a growing suite of AI-powered legal research tools. The United States Patent and Trademark Office is the federal agency under the Department of Commerce responsible for granting patents and registering trademarks, employing more than 14,000 federal workers across headquarters in Alexandria, Virginia and regional offices nationwide. Together these two engagements represented a dual mandate: enterprise commercial identity governance at a global information company and federal identity security under Public Trust Clearance at one of the most critical intellectual property agencies in the United States government.
  • Designed Zero Trust architecture aligned to NIST 800-207 with JIT provisioning and continuous authentication monitoring, adjusting access decisions in real time based on behavioral risk signals.
  • Built behavioral risk evaluation models adjusting access decisions dynamically based on user activity and contextual identity signals.
  • Led Azure security architecture aligned to NIST 800-53 and CIS standards, authoring Infrastructure-as-Code security policies that enforce baseline configurations and surface configuration drift in real time.
  • Standardized identity and security controls across AWS, Azure, and GCP with centralized CSPM integration, delivering unified dashboards aggregating risk signals across all three platforms for executive visibility.
  • Redesigned One Identity Safeguard deployment for enterprise-wide privileged access control, executing a full offboarding and re-onboarding of privileged assets and realigning session recording, account rotation, and access policies from the ground up.
  • Integrated Auth0 to deliver OAuth2 and OIDC-based SSO across enterprise applications, supporting FedRAMP and NIST 800-53-compliant authentication workflows with certificate rotation and trust validation.
  • Engineered threat correlation across CrowdStrike Falcon, Microsoft Defender, Palo Alto, and Checkpoint, improving detection quality and reducing response time through intelligent alert triage and deduplication.
  • Designed forensic response processes using Secureworks Taegis aligned to NIST 800-86, ensuring defensible evidence handling and investigation integrity.
  • Translated complex architecture and security findings into business impact for executive stakeholders, enabling informed decision-making on risk and remediation priorities.
Skills: Zero Trust · Entra ID · Azure · GCP · AWS · NIST 800-53 · CIS Controls · MITRE ATT&CK · One Identity Safeguard · CrowdStrike · Microsoft Defender · Palo Alto · Auth0 · SAML · OIDC · OAuth2 · PowerShell · Python · Incident Response
Identity & Access Management Architect
Kroger, Technology & Digital Department
Full-time 12/2022 – 02/2024
Kroger is the largest supermarket chain in the United States and one of the largest private-sector employers in the country, ranked 25th on the Fortune 500 with approximately 150 billion dollars in annual revenue and a workforce of about 420,000 associates across more than 2,700 grocery stores, fuel centers, and pharmacies nationwide. The Technology and Digital Department is the engineering and platform organization responsible for enterprise technology infrastructure, e-commerce operations, and digital transformation initiatives spanning both US and UK markets. Working within this environment meant operating at Fortune 50 scale across a hybrid workforce with stringent HIPAA compliance requirements, multi-region provisioning complexity, and a growing containerized infrastructure footprint.
  • Led identity provisioning for 32,000 users across US and UK operations while maintaining HIPAA compliance, implementing structured lifecycle controls and removing manual provisioning from the critical path.
  • Built role-aware provisioning workflows adapting access based on job function and peer access patterns, reducing inconsistent access assignments and privilege creep.
  • Implemented PAM using One Identity Safeguard and TPAM, enforcing just-in-time privilege elevation tied to ServiceNow approval workflows and significantly reducing standing privileged access.
  • Modernized identity using Entra ID across 12,000 hybrid users, eliminating legacy access models and improving authentication consistency across applications.
  • Integrated Ping SSO and MFA across more than 40 applications using risk-based authentication policies; behavioral analytics reduced password-reset volume while cutting unauthorized access attempts.
  • Designed AKS workload identity solution eliminating static credentials in containerized environments through workload identity federation.
  • Built continuous access certification processes using behavioral analytics to identify dormant accounts, excessive permissions, and separation-of-duties violations across 20,000 accounts.
  • Deployed CrowdStrike Falcon with threat hunting playbooks across a fleet of 2,000 endpoints, strengthening threat detection, visibility, and incident response capabilities.
  • Deployed Varonis for file access monitoring and data classification, strengthening SOX and GDPR audit readiness through continuous policy validation.
  • Streamlined Active Directory using RBAC and Conditional Access to reduce policy drift and improve access governance consistency.
Skills: Entra ID · Azure AD · OneIdentity Safeguard · TPAM · Ping Identity · Okta · CrowdStrike · Varonis · VMware · Kubernetes · AKS · ServiceNow · NIST 800-53 · PowerShell · Python
Customer Identity & Access Management Architect
Homeland Security, OCIO / US Secret Service
Contract | Public Trust Clearance 02/2022 – 12/2022
The Department of Homeland Security is one of the largest federal agencies in the United States, responsible for counterterrorism, border security, cybersecurity, and disaster response. The Office of the Chief Information Officer oversees the enterprise technology and identity infrastructure supporting DHS operations and its component agencies. The US Secret Service is among the most security-sensitive components within that portfolio, responsible for the protection of the President, Vice President, and senior officials as well as the investigation of financial crimes. This engagement required working under Public Trust Clearance within a zero-tolerance security posture, delivering identity architecture across more than 100 legacy systems and supporting a FedRAMP Moderate cloud migration under active federal compliance requirements.
  • Positioned IAM as a cornerstone of DHS security strategy, integrating Active Directory, OAuth 2.0, and SAML 2.0 across 100+ legacy systems in distributed federal infrastructure with automated federation trust management.
  • Spearheaded ISO 27001 certification for the DHS Information Security Management System, establishing an enterprise security governance framework with automated control validation that was adopted agency-wide.
  • Orchestrated the GCP migration of 50+ on-premises systems to FedRAMP Moderate authorization, standing up comprehensive SIEM integration and automated continuous compliance monitoring with infrastructure-as-code security baselines.
  • Secured serverless functions in GCP with automated workload identity federation, enforcing least privilege at the function level with permissions that adjust dynamically based on runtime context.
  • Enforced granular access policies via Saviynt across 15,000+ user accounts with automated entitlement reviews and separation-of-duties enforcement, dramatically reducing manual certification effort through intelligent access analytics.
  • Delivered Agile-based security automation using PowerShell, Python, and Java aligned to FISMA compliance, producing reusable modules adopted across DHS security teams.
Skills: CyberArk · GCP · FISMA · FedRAMP · ISO 27001 · Saviynt · PowerShell · Python · Java · Active Directory · OAuth 2.0 · SAML 2.0 · Zero Trust Architecture
Cloud Vulnerability Analyst
Accessia Health National Non-Profit Patient Assistance
Contract 07/2021 – 12/2021
Accessia Health is a national non-profit organization providing patient assistance programs for individuals who cannot afford prescription medications, serving patients across the United States through partnerships with pharmaceutical manufacturers and healthcare providers. As a healthcare organization handling sensitive patient data, the environment carried full HIPAA compliance obligations alongside SOX and GDPR requirements, operating cloud infrastructure in AWS with a distributed application stack that included PingFederate for authentication and Citrix NetScaler for application delivery. The engagement focused on vulnerability management, cloud security, and identity controls within a regulated non-profit healthcare context.
  • Led vulnerability management aligned to NIST 800-53 and HIPAA across enterprise systems, prioritizing remediation based on exploitability, business criticality, and threat intelligence.
  • Built audit-ready compliance reporting via PingFederate logs supporting SOX, GDPR, and HIPAA requirements with real-time dashboards for continuous authentication visibility.
  • Deployed PingFederate and Citrix NetScaler supporting high-availability authentication services through failover and health monitoring.
  • Designed credential vaulting and rotation for privileged healthcare accounts, eliminating static privileged credentials across the environment.
  • Secured AWS workloads using identity-aware proxies and service mesh policy enforcement, enabling zero trust network access for containerized healthcare applications.
  • Embedded security review into the infrastructure change process using policy-as-code frameworks, catching compliance violations before deployment rather than after.
  • Managed certificate lifecycle across a portfolio of 150 domains ensuring continuous compliance and eliminating manual tracking overhead.
Skills: HIPAA · NIST 800-53 · SOX · GDPR · PingFederate · Citrix NetScaler · AWS · PowerShell · CyberArk · Vulnerability Assessment
Privileged Access Management Architect
Indivior Pharmaceuticals Global Specialty Pharmaceutical
Full-time 10/2019 – 07/2021
Indivior is a publicly traded global specialty pharmaceutical company headquartered in Richmond, Virginia, focused on the development and commercialization of treatments for opioid use disorder. The company operates across 14 locations worldwide with a workforce of about 1,000 employees, annual revenue of approximately 1.2 billion dollars, and a product portfolio available in more than 30 countries. As a pharmaceutical organization, Indivior operates under stringent regulatory requirements including SOX compliance, HIPAA obligations for patient data, and GxP standards governing drug development and manufacturing systems. The identity environment spanned a distributed global workforce with cloud infrastructure across GCP and Azure, a substantial privileged access surface across business-critical pharmaceutical systems, and endpoint security requirements tied directly to patient data protection.
  • Led enterprise PAM transformation, mapping more than 200 job functions into structured least privilege RBAC models to systematically reduce excessive access across enterprise applications.
  • Deployed BeyondTrust PAM securing approximately 1,200 privileged accounts, enforcing SOX-compliant credential rotation, session monitoring, and audit controls while eliminating standing privileged access for routine operations.
  • Designed adaptive access policies in Entra ID with risk-based scoring that enforces access controls dynamically based on real-time threat intelligence and user behavior.
  • Built privileged access workflows supporting just-in-time elevation, approval-based access, and administrative tier separation.
  • Established centralized governance for privileged accounts across legacy systems and business units.
  • Built GCP security framework using Google IAM and Security Command Center, introducing centralized threat detection, policy enforcement, and access visibility across workloads.
  • Implemented BitLocker encryption with deployment and backup policies protecting ePHI across all endpoints in compliance with HIPAA requirements.
  • Integrated Terraform guardrails using policy validation, enforcing compliance from deployment through runtime with continuous scanning and drift detection.
  • Designed mobile device management using Microsoft Intune with enforcement policies for a distributed workforce, securing remote access without impeding productivity.
  • Supported incident response through analysis of privileged account activity and identification of misuse patterns across enterprise endpoints.
  • Briefed executive leadership on security risks, compliance gaps, and mitigation strategies, translating technical findings into business impact through data-driven risk dashboards.
Skills: BeyondTrust · CyberArk · Entra ID · Azure AD · GCP · Microsoft Intune · Carbon Black · SOX Compliance · Terraform · PowerShell · Python
Identity & Access Management Analyst
Wells Fargo Bank
Contract 04/2019 – 10/2019
Wells Fargo is one of the largest banks in the United States, serving millions of retail and commercial customers with annual revenue exceeding 80 billion dollars. As a federally regulated financial institution, the environment carried FFIEC and GLBA compliance requirements, rigorous audit obligations, and a hybrid infrastructure spanning AWS and Azure with more than 12,000 managed user accounts. This engagement focused on Zero Trust IAM framework design, cloud identity governance, and operational lifecycle management within one of the most heavily regulated sectors in the country.
  • Designed a Zero Trust-aligned IAM framework with risk-based access controls, applying continuous verification and intelligent policy recommendations driven by historical access patterns.
  • Built consistent identity controls across AWS and Azure environments using infrastructure-as-code for policy synchronization across cloud platforms.
  • Enforced FFIEC and GLBA requirements via SCCM and Office 365 with access controls and continuous compliance monitoring across the banking environment.
  • Extended Microsoft Defender's remediation capabilities through orchestrated threat response workflows and intelligent alert correlation, reducing analyst triage time.
  • Engineered progressive profiling workflows using ADFS with failover for customer-facing banking applications, adding intelligent session management and fraud detection capabilities.
  • Maintained a user base of 12,000 accounts across hybrid environments through lifecycle workflows, ensuring timely access grants and revocations via HR system integration.
  • Ran staff security education alongside phishing response workflows, significantly reducing incident response time through orchestrated investigation and remediation.
  • Briefed upper management on cloud security risks and mitigation strategies using risk dashboards that provided actionable recommendations and continuous visibility into posture trends.
Skills: Zero Trust Architecture · AWS · Azure · ADFS · Office 365 · SCCM · Microsoft Defender · FFIEC · GLBA · Agile · Waterfall
Customer Identity & Access Management Engineer
Wellsecured IT Enterprise IT Security Solutions
Full-time 10/2015 – 01/2019
Wellsecured IT is an enterprise IT security solutions provider serving clients across financial services, healthcare, and regulated industries. Working within a managed security and consulting model meant operating across multiple client environments simultaneously, each with its own identity stack, compliance posture, and technical debt. This role served as the primary IAM engineering and escalation function across the client portfolio, spanning Azure, GCP, and M365 implementations with a consistent focus on Zero Trust adoption, certificate lifecycle management, and Workday-to-Active Directory provisioning integrity. The breadth of exposure across fragmented multi-client environments built the diagnostic and architectural depth that carried forward through every senior engagement that followed.
  • Designed and implemented unified Zero Trust frameworks across Azure, GCP, and M365, aligning Conditional Access, PIM, and JIT workflows to reduce standing privileges by over 70% while strengthening overall security posture.
  • Served as the technical escalation authority for business-critical IAM failures: certificate expirations, broken SAML trusts, provisioning system outages. When automated remediation and support tiers couldn't resolve it, the problem came to me.
  • Mentored IAM engineers on automation frameworks, schema change management, and certificate lifecycle operations; created standardized runbooks and automation templates that reduced team dependency on senior resources for routine work.
  • Built automated certificate monitoring and renewal systems for SAML, OIDC, and OAuth2 across 100+ enterprise applications; proactive 60-day alerts and direct SaaS vendor coordination eliminated authentication outages and manual tracking overhead entirely.
  • Managed directory schema and attribute governance across Entra ID, Active Directory, and ActiveIDM to maintain data integrity in automated lifecycle processes; resolved sync failures between Workday, AD, and downstream identity repositories through intelligent data validation.
  • Served as the primary escalation for Workday-to-AD-to-Entra provisioning failures, resolving complex attribute mapping errors and sync breakdowns that blocked joiner, mover, and leaver processes across the hybrid identity stack.
  • Administered ActiveIDM's role-based provisioning engine with exception handling logic that routes edge cases to appropriate approvers automatically based on organizational hierarchy and risk level.
  • Led migration to ForgeRock Identity Management with automated workflow standardization for hybrid environments, cutting provisioning delays through intelligent lifecycle automation and structured exception handling.
  • Integrated Splunk with IAM tooling for automated security event monitoring and alerting, achieving ISO/IEC 27001 and NIST 800-53 compliance through centralized log correlation and threat detection.
  • Delivered Auth0 integration for client-facing financial services portals, building intelligent authentication that balanced security requirements with user experience at scale.
  • Authored Conditional Access policies using Microsoft Defender with automated recommendations for privileged account management, enforcing risk-based access decisions through continuous policy evaluation.
  • Implemented OAuth 2.0 and OpenID Connect with automated token lifecycle management for cloud-native application APIs and microservices architectures.
  • Built AWS IAM roles and encryption protocols across multi-cloud environments with automated policy enforcement ensuring consistent least-privilege patterns at scale.
  • Partnered with DevOps to embed automated log analysis and incident response directly into CI/CD pipelines.
Skills: ForgeRock IDM · Splunk · ISO/IEC 27001 · NIST 800-53 · Ping Identity · Citrix · VMware · PowerShell · AWS · Auth0 · Azure AD · Workday · ActiveIDM
Cloud Security Operations Lead
Cloudcentria Security Cloud Cybersecurity Firm
Full-time 06/2011 – 12/2015
Cloudcentria Security is a cloud cybersecurity firm delivering identity architecture, security operations, and managed security services across enterprise AWS and hybrid environments. This was the foundational role that established the core competencies in cloud identity, security governance, and forensic investigation that carried forward through every subsequent engagement. Working across IaaS, PaaS, and serverless environments at a time when cloud security practices were still maturing meant building frameworks and protocols from first principles, several of which became standard practice within the organization and informed approaches adopted more broadly across the industry.
  • Built cloud security and identity programs from the ground up across AWS and hybrid environments, establishing foundational IAM controls, governance models, and policy-as-code frameworks aligned to NIST 800-53 and ISO 27001.
  • Designed identity federation across SaaS platforms including Okta, Auth0, and application providers, resolving authentication failures and enabling centralized access control.
  • Led forensic investigations establishing chain-of-custody processes for security incidents, including recovery of stolen intellectual property that established cloud forensics protocols adopted as industry practice.
  • Delivered AWS security architecture including identity design, access enforcement, and continuous validation across IaaS, PaaS, and serverless deployments.
  • Scaled vulnerability management to an environment exceeding 15,000 assets across AWS and Azure, with prioritization by exploitability and business impact using Nessus-based assessments.
  • Optimized Entra ID Connect sync logic and hybrid sync rules, normalizing attributes and UPN conventions to keep identity data consistent across cloud and on-premises environments.
  • Administered BeyondTrust Password Safe with secret rotation and vault access workflows, eliminating credential sprawl through JIT tied to approved change management processes.
  • Partnered with SOC teams during active incidents supporting containment, investigation, and remediation efforts including analysis of token misuse and privileged session activity.
Skills: NIST 800-53 · ISO 27001 · AWS · Azure · Nessus · Ping Identity · Okta · Auth0 · BeyondTrust · Entra ID · Splunk · Digital Forensics
Systems Administrator
uBreakiFix Tech Repair and Support
Full-time 2009 – 2011
uBreakiFix is a technology repair and support services company providing hardware repair, diagnostics, and technical support for consumer electronics and computing devices. This role represented the entry point into professional technical work, establishing the customer-facing communication, incident prioritization, and systematic problem-solving disciplines that underpin every senior engagement that followed.
  • Technical Support: Delivered first-level support for hardware, software, and network issues via phone, email, and in-person.
  • Incident Management: Assessed and prioritized tickets based on impact and urgency to meet SLA targets.
  • Customer Service: Maintained high satisfaction through timely support and detailed documentation of service desk activities.
Skills: Technical Support · Incident Management · Customer Service · Hardware Repair · System Administration
IT Support Associate
Circuit City Consumer Electronics Retail
Full-time 2006 – 2009
  • Technical Support: Provided troubleshooting for computer and electronic products, resolving hardware and software issues.
  • Product Setup: Assisted customers with initial configuration, software installations, and feature explanations.
  • Hardware Repair: Conducted basic repairs or coordinated with authorized service providers.
  • Inventory Management: Maintained stock of computer accessories and ensured product availability.
  • Customer Engagement: Collaborated with sales team to align technology solutions with customer needs.
  • Product Knowledge: Stayed current on technology trends and updated demo areas to reflect latest offerings.
Skills: Technical Support · Hardware Repair · Customer Service · Inventory Management · Product Knowledge

Key Projects

Nuclear Energy Cloud IAM Transformation
Westinghouse Electric Company (2024)
  • Designed and implemented federated identity architecture enabling secure nuclear data processing in cloud environments.
  • Built MFA enforcement using Azure AD aligned to nuclear industry security requirements.
  • Implemented Conditional Access policies and just-in-time access via Privileged Identity Management for administrator accounts.
  • Executed security testing protocols supporting regulatory compliance validation.
Municipal Identity Threat Protection
City of Chesapeake, Virginia (2024)
  • Integrated CrowdStrike Falcon with identity systems to monitor authentication activity in real time.
  • Implemented Active Directory tiered administrative model for privileged access control.
  • Designed RBAC framework for critical municipal systems balancing security and operational continuity.
  • Delivered identity threat detection training using real-world attack scenarios.
Federal ICAM Compliance Analysis
Department of Veterans Affairs (2023)
  • Analyzed privileged accounts across federal systems using CyberArk PAM, identifying and categorizing access control gaps.
  • Improved PIV compliance metrics by 35 percent through structured reporting and remediation.
  • Designed SailPoint and Okta integration approach, establishing foundation for streamlined identity governance.
  • Implemented CyberArk policies aligned to Azure Conditional Access enforcement.
  • Established centralized identity event logging using Azure Event Hub.
Enterprise Provisioning Automation
Lithia Motors Fortune 500 Automotive Retail (2022)
  • Developed PowerShell scripts provisioning 15,000 user accounts, reducing processing time by 60 percent.
  • Built Azure Log Analytics workspaces monitoring critical provisioning workflows with real-time visibility.
  • Standardized provisioning processes across US and UK IT teams.
  • Remediated legacy provisioning technical debt and enforced Defender EDR policies.
  • Built compliance reporting using KQL queries against Azure Sentinel data.
Retail Authentication Directory
Lands' End Fortune 500 Apparel and Lifestyle (2021)
  • Designed authentication directory with selective attribute filtering for secure external partner access.
  • Built PingFederate authentication policies with MFA balancing usability and security requirements.
  • Implemented OpenID Connect for customer-facing applications.
  • Created ServiceNow-integrated troubleshooting tools for helpdesk teams, reducing resolution time for common issues.
Enterprise-Wide Zero Trust Implementation
DHS / US Secret Service (2022)
  • Led Zero Trust implementation across more than 200 mission-critical applications with micro-segmentation and continuous verification.
  • Reduced lateral movement risk by 80 percent while cutting incident response time by 60 percent.
  • Completed 3 months ahead of schedule, establishing a new security baseline for federal systems.
  • Integrated CyberArk, Fortinet, and identity governance frameworks aligned to NIST 800-53.

Cybersecurity News & Insights

Education & Certifications  ·  BS Cybersecurity, University of Richmond (In Progress)  ·  AAS Information Systems, Reynolds College  ·  AZ-900 Microsoft Azure Fundamentals (In Progress)  ·  Cybersecurity Essentials, Cisco  ·  IBM Cloud Essentials  ·  Network Administration, Reynolds College