Open to new roles

Practice

North Bay, Ontario - Remote, hybrid, or on-site

Patrick Ngenzi

I secure identity, cloud, endpoint, and network environments.

Cybersecurity and DevSecOps professional with 5+ years across school-board, telecom, service-desk, client web, and privacy-sensitive environments. I secure Microsoft identity, Azure, endpoints, networks, and production web platforms while keeping documentation clear for the teams who operate them.

View Projects Contact Resume

Scroll

1,000+

Endpoints supported

Identity, endpoint, access, connectivity, and availability support in a multi-site public-sector environment.

150+

Monthly incidents mitigated

Malware and security events triaged through ESET, SolarWinds, Defender-style workflows, and clear escalation notes.

25%

Firewall exposure reduced

Policy cleanup and approved access-path validation while maintaining operational connectivity.

Years in IT and security

Hands-on across cybersecurity operations, IAM, cloud security, network support, and secure web platforms.

Practice

Practical security work for real operating environments.

I help teams reduce risk across identity, Azure, endpoints, networks, and web platforms. My work is hands-on, documented, and aligned to least privilege, uptime, privacy, and measurable improvement.

Identity and Access

Entra ID, Active Directory, RBAC, MFA, Conditional Access, onboarding/offboarding, and access review discipline.

Cloud Security

Azure VM, VNet, NSG, VPN Gateway, Microsoft Sentinel, Defender, and Log Analytics hardening.

Network Defense

Fortinet and Palo Alto firewall cleanup, VLAN segmentation, WPA3, Aerohive WAPs, VPN, IDS/IPS concepts, and Wireshark validation.

DevSecOps and Server Operations

PowerShell and Python automation, secure deployments, DNS/SSL/hosting support, client platforms, and operational runbooks.

Selected Work

Projects organized for security and DevSecOps roles.

A recruiter-ready view of security architecture, network segmentation, production platform ownership, automation, and client/server operations.

All projects

Cloud Security / IAM / Sentinel

Azure Hybrid Network and IAM Security Architecture

Enterprise-style hybrid security architecture for an education environment. The project combines segmented Azure VNets, simulated on-prem connectivity, Entra ID governance, Conditional Access, RBAC, MFA, and Microsoft Sentinel detections.

Designed two VNets, eight subnets, VPN Gateway connectivity, and 15+ NSG rules to separate Staff, Students, Servers, and gateway traffic.

Microsoft Azure
Microsoft Entra ID
Conditional Access
MFA

Network Security / Segmentation

Enterprise Network Segmentation and Security Lab

Network-defense case study focused on segmentation, firewall policy design, and validation. It models how staff, student, guest, IoT, VoIP, and server traffic should be isolated and tested in an enterprise environment.

Mapped topology, trust boundaries, and approved flows so firewall rules are tied to business purpose instead of open-ended access.

Cisco
Fortinet
VLAN
Site-to-Site VPN

DevSecOps / Full-Stack / Operations

Neotha - Owner-Led Platform, Client Support, and Server Operations

Owner-led technology platform and client-service work where I build frontend and backend systems, support customers, manage hosting/server environments, and apply secure deployment habits to live business platforms.

Deliver production websites and client systems with React/Next.js, TypeScript, backend integration, SEO metadata, responsive UI, and accessibility-aware interfaces.

Next.js
TypeScript
React
Tailwind CSS

Security Operations / Automation

Network Monitoring and Security Automation Initiative

Monitoring and automation initiative shaped around real support work: availability signals, security follow-up, stale-account review, event-log collection, and repeatable documentation for faster troubleshooting.

Used SolarWinds/PRTG-style monitoring patterns to centralize availability and operational security signals.

SolarWinds
PRTG
PowerShell
Event Logs

Services

How I help organizations.

From IAM and cloud hardening to network security, automation, secure deployments, and client platform operations.

All services

Service

Identity and Access Security

Operate and improve Microsoft identity controls for least-privilege access, reliable user lifecycle workflows, and stronger authentication.

Microsoft Entra ID and Active Directory
RBAC, MFA, and Conditional Access
Onboarding, offboarding, and stale-account cleanup

Service

Cloud and Endpoint Security Operations

Harden Azure and endpoint environments while keeping monitoring, remediation, and patch follow-through practical for operations teams.

Azure VM, VNet, subnet, NSG, and VPN Gateway hardening
Microsoft Defender, M365 Defender, ESET, and SolarWinds workflows
Microsoft Sentinel, Log Analytics, and suspicious authentication review

Service

Network Security and Segmentation

Strengthen hybrid and on-premises networks with secure access paths, segmented traffic, and validated firewall policy.

Fortinet and Palo Alto firewall rule cleanup
VLAN segmentation for staff, guest, IoT, VoIP, and server traffic
WPA3 and Aerohive wireless isolation

Service

DevSecOps, Client Platforms, and Server Management

Build and maintain secure web platforms for clients while applying security thinking to frontend, backend, hosting, and server operations.

Next.js, React, TypeScript, and secure frontend delivery
Backend integration, DNS, SSL/TLS, hosting, and server administration
PowerShell, Python, SQL log queries, and event-log collection

Credentials

Certifications and credentials.

Validated security learning paired with day-to-day operational responsibility.

About me

01Certified

CompTIA Security+

CompTIA

02Certified

Google Cybersecurity Certificate

Google / Coursera

03In Progress

Microsoft SC-300: Identity and Access Administrator

Microsoft

Contact

For security, DevSecOps, IAM, cloud, or network roles.

Start a Conversation