Security engineering and operations support for teams that need practical results.

Work is organized around identity security, Azure and endpoint hardening, network segmentation, DevSecOps, and secure client platform operations. Each engagement is documented so controls can be operated after delivery.

Service lines

What I help organizations strengthen.

The focus is job-ready security work: access control, monitoring, remediation, network hardening, automation, and production support.

Service

Identity and Access Security

Operate and improve Microsoft identity controls for least-privilege access, reliable user lifecycle workflows, and stronger authentication.

Least-privilege access that is easier to audit and safer to operate, including 19% excessive-permission reduction in prior work.

Capabilities

Microsoft Entra ID and Active Directory
RBAC, MFA, and Conditional Access
Onboarding, offboarding, and stale-account cleanup
Access reviews and privileged-access concepts

Service

Cloud and Endpoint Security Operations

Harden Azure and endpoint environments while keeping monitoring, remediation, and patch follow-through practical for operations teams.

Better visibility and faster response, including 150+ monthly security incidents mitigated and documented.

Capabilities

Azure VM, VNet, subnet, NSG, and VPN Gateway hardening
Microsoft Defender, M365 Defender, ESET, and SolarWinds workflows
Microsoft Sentinel, Log Analytics, and suspicious authentication review
Server patching and vulnerability remediation, including Log4j response

Service

Network Security and Segmentation

Strengthen hybrid and on-premises networks with secure access paths, segmented traffic, and validated firewall policy.

Reliable networks with reduced attack surface, clearer approved flows, and stronger isolation between user and device groups.

Capabilities

Fortinet and Palo Alto firewall rule cleanup
VLAN segmentation for staff, guest, IoT, VoIP, and server traffic
WPA3 and Aerohive wireless isolation
VPN, Wireshark validation, and IDS/IPS concepts

Service

DevSecOps, Client Platforms, and Server Management

Build and maintain secure web platforms for clients while applying security thinking to frontend, backend, hosting, and server operations.

Production websites and services that customers can rely on, backed by practical server management and secure deployment habits.

Capabilities

Next.js, React, TypeScript, and secure frontend delivery
Backend integration, DNS, SSL/TLS, hosting, and server administration
PowerShell, Python, SQL log queries, and event-log collection
Client support, troubleshooting, documentation, and deployment hygiene

How I work

A clear, evidence-driven engagement model.

Discover

Map the environment, identity paths, exposed services, monitoring gaps, and operational constraints before changing controls.

Harden and Validate

Implement least-privilege controls, hardening steps, automation, or segmentation changes, then validate the result with logs, packet flow, or documented evidence.

Document and Support

Create runbooks, communicate clearly with technical and non-technical users, and support the team through operation or handoff.

Need someone who can secure systems and still support the people using them?

Start a Conversation See Case Studies