Hi, I am Nathan McNulty

Nathan McNulty

Security Architect

I am passionate about designing secure solutions that provide the best user experiences possible. With more than 15 years of IT experience, I have served as help desk, endpoint administrator, client architect, cloud architect, and security architect.

My expertise is primarily in securing the Microsoft stack including Windows (Client and Server), Active Directory, Azure AD, Microsoft 365 E5, MEMCM/Intune, and more. Over the past 5 years, I have built a security program covering all aspects including architecture design, vulnerability management, SIEM, EDR, CASB, NSM, IAM/PAM, policies, and many other areas.

Windows Security
Identity
Email Security
Cloud
SIEM
NSM

Skills

Windows
Windows

With more than 13 years of Windows engineering in an Enterprise environment, I have a deep understanding of Windows internals and how to deploy, configure, and secure both client and server versions.

I have implemented and managed ADDS, ADCS, ADFS, DHCP, DNS, File Services, Remote Access, and RDS, and I have implemented and managed them with the System Center Suite and its modern counterparts such as MEMCM, Intune, and Azure Monitor.

Microsoft 365 E5
Microsoft 365 E5

In 2012, I migrated over 7K user mailboxes from our legacy email system (FirstClass) to Office 365. I implemented our Azure AD tenant along with DirSync (now known as Azure AD Connect), and since then, we have shifted to workloads such as SPO, Teams, Power Automate, and more.

I also implemented our E5 Security solutions including Azure ATP, Defender ATP, Office 365 ATP, MCAS, and Sentinel, as well as Conditional Access, PIM, Azure MFA, Azure Apps (and Proxy), and AIP.

Powershell
Powershell

For over a decade, I have been creating configuration management and automation with Powershell. I have created thousands of scripts to manage everything from operating systems to applications and even cloud services using REST API’s.

I am a firm believer in using automation wisely. DevOps provides better reliability, consistencency, and repeatability. My goal is to reserve valuable human judgement for things that cannot be easily automated.

Azure
Azure

Over the past 8 years, I have gradually expanded usage of Azure services, especially in the areas of Identity, Security, Monitoring, and also some limited IaaS and PaaS.

I have extensive experience in licensing which can often be pain point, and I have learned how to maximize spend and eliminate redundant on-premise costs.

Graylog
Graylog

A few years ago, I built a Graylog cluster to ingest syslog and Windows event logs from our servers, networking devices, and endpoints. For a sense of scale, I was ingesting roughly 400GB of logs per day after quite a bit of tuning (prior to COVID).

I am still building better correlation and alerting as Graylog has none of this out of the box, and due to the aging stack, I am migrating to elastic stack for better SIEM capabilities and SIGMA integration.

Tenable
Tenable

For part of my vulnerability management program, I selected Tenable.io as our initial platform out of a desire to educate and empower my SysAdmin team. We had this for a couple of years, but I had to limit what we could scan due to cost which as my program matured was no longer acceptable.

Since then, I have used Nessus Pro and created automated scanning based on tiers and services that provide actionable reports for myself and my teams to work through remediation.

G Suite
G Suite

I have 9 years of experience managing varoius aspects of G Suite ranging from the apps and services to devices such as Chromebooks. I originally brought Chromebooks in about 7 years ago, and we are now managing over 50K Chromebooks in our district.

Since moving to a security role, I have been more involved in investigations, reporting, and DLP (integrated with MCAS).

Experiences

1
Beaverton School District

October 2011 - Present, Beaverton, Oregon

Beaverton School District is one of the largest school districts in Oregon, home to more than 40K students. We run an extremely diverse set of technology as we focus on providing solutions that will best serve each student.

Security Architect

March 2018 - Present

  • Azure Services and Microsoft 365 E5 Security Suite
  • Active Directory, Server, and Client hardening
  • Identity and Access Management including IdP/SSO
  • Email security
  • Endpoint Detection and Response
  • Security Incident and Event Management
  • Cloud App Security and Data Loss Prevention
  • Digital Forensics and Incident Response
  • Vulnerability Management and Remediation
  • Threat and Adversary Emulation
  • Security policies and guidelines
Client Architect

October 2011 - March 2018

  • Azure and the full Microsoft 365 E3 Suite
  • Azure Active Directory, On-prem Active Directory, Group Policy, and security policies for servers and endpoints
  • Lead and train IT support staff on Windows, System Center, and Office 365
  • Provide highest tier of support for 45K users and 100K endpoints
  • Microsoft System Center Suite
  • Provide secondary administration for JAMF Casper Suite, Google Apps, and VMWare vSphere
  • Remote Desktop Farms including RemoteApp and thin client deployments
  • Vendor relationship management
  • Enterprise print management, help desk system, and community documentation / training

Enterprise Desktop Administrator
WHPacific, Inc

March 2007 - October 2011, Portland, Oregon

WHPacific is a civil engineering firm that had several hundred employees across 17 offices during my time there. It was a Native Alaskan owned company, but they have gone through a couple of splits and sales since that time.

Responsibilities:
  • Active Directory, Group Policy, and security policies for servers and endpoints
  • Enterprise endpoint management with System Center Configuration Manager
  • Responsible for complex Operating System, Application, and Software Update deployments
  • Manage IT projects, documentation, and develop related policies
  • Vendor relationship management, software license compliance, and associated costs
  • Monitor and maintain print servers, copiers, and plotters including enterprise print management solutions
  • Responsible for all system specifications and lifecycle management
  • Design and manage Enterprise Antivirus solutions and updates
  • Administer enterprise backups, DR replication, and data archives
  • Provide technical support and training for IT staff and end users
2