With more than 13 years of Windows engineering in an Enterprise environment, I have a deep understanding of Windows internals and how to deploy, configure, and secure both client and server versions.
I have implemented and managed ADDS, ADCS, ADFS, DHCP, DNS, File Services, Remote Access, and RDS, and I have implemented and managed them with the System Center Suite and its modern counterparts such as MEMCM, Intune, and Azure Monitor.
Microsoft 365 E5
In 2012, I migrated over 7K user mailboxes from our legacy email system (FirstClass) to Office 365. I implemented our Azure AD tenant along with DirSync (now known as Azure AD Connect), and since then, we have shifted to workloads such as SPO, Teams, Power Automate, and more.
I also implemented our E5 Security solutions including Azure ATP, Defender ATP, Office 365 ATP, MCAS, and Sentinel, as well as Conditional Access, PIM, Azure MFA, Azure Apps (and Proxy), and AIP.
For over a decade, I have been creating configuration management and automation with Powershell. I have created thousands of scripts to manage everything from operating systems to applications and even cloud services using REST API’s.
I am a firm believer in using automation wisely. DevOps provides better reliability, consistencency, and repeatability. My goal is to reserve valuable human judgement for things that cannot be easily automated.
Over the past 8 years, I have gradually expanded usage of Azure services, especially in the areas of Identity, Security, Monitoring, and also some limited IaaS and PaaS.
I have extensive experience in licensing which can often be pain point, and I have learned how to maximize spend and eliminate redundant on-premise costs.
A few years ago, I built a Graylog cluster to ingest syslog and Windows event logs from our servers, networking devices, and endpoints. For a sense of scale, I was ingesting roughly 400GB of logs per day after quite a bit of tuning (prior to COVID).
I am still building better correlation and alerting as Graylog has none of this out of the box, and due to the aging stack, I am migrating to elastic stack for better SIEM capabilities and SIGMA integration.
For part of my vulnerability management program, I selected Tenable.io as our initial platform out of a desire to educate and empower my SysAdmin team. We had this for a couple of years, but I had to limit what we could scan due to cost which as my program matured was no longer acceptable.
Since then, I have used Nessus Pro and created automated scanning based on tiers and services that provide actionable reports for myself and my teams to work through remediation.
I have 9 years of experience managing varoius aspects of G Suite ranging from the apps and services to devices such as Chromebooks. I originally brought Chromebooks in about 7 years ago, and we are now managing over 50K Chromebooks in our district.
Since moving to a security role, I have been more involved in investigations, reporting, and DLP (integrated with MCAS).