Experience

5 mins read

Experience

Crane Aerospace & Electronics — Network Security Engineer

Lynnwood, WA | April 2021 – Present

Crane is a defense contractor with sites across the US, Europe, and Taiwan. As the primary network security engineer, I own everything that touches network, identity, or server boundaries — in practice that means I’m the person called when something is broken badly enough that nobody else can fix it.

Network Access Control & Identity

  • Migrated the entire NAC environment from FortiNAC to Juniper Mist on my own, at a point when Juniper Mist NAC was still in early development. Signed an NDA to work directly with the Juniper engineering team to get it production-ready. Built custom PowerShell modules so the team could manage the NAC environment through their API instead of doing everything by hand.
  • Designed and deployed the enterprise-wide NAC solution using 802.1x and RADIUS, integrated with Windows AD and PKI, enforcing hardware-level identity verification at every network entry point.
  • Manage SafeNet (Thales) SSO/SAML integrations, handling authentication flows for hundreds of internal and external enterprise applications.

Network Infrastructure

  • Deploy and manage Juniper Mist for centralized, AI-driven control of all Juniper Wireless and Wired infrastructure across every global site.
  • Implemented East/West firewalling to enforce identity-based segmentation across server workloads.
  • Deployed and maintain Cisco Umbrella for DNS security across the organization.
  • Traveled to Europe and Taiwan to physically upgrade and deploy core networking equipment and wireless access points at remote sites.

Security & Compliance

  • Implemented CMMC/NIST security controls across the organization, resulting in a near-perfect score from external auditors.
  • Deployed Carbon Black App Control in High Enforcement mode to monitor and control all execution across the environment.
  • Use Rapid7 for vulnerability management and Carbon Black EDR for incident response.

Automation & Documentation

  • Built and maintain a library of PowerShell modules automating cross-platform tasks between Juniper hardware and Windows environments.
  • Authored all standardization and SOP documentation for an environment that had none when I arrived.
  • Tier 3 escalation point for enterprise-wide outages spanning networking, server hardware, and application access.

Charlie’s Produce — Network Systems Analyst

Seattle, WA | January 2019 – April 2021

Charlie’s Produce is a regional food distributor operating across the Pacific Northwest. I was the primary IT engineer covering datacenter operations, networking, and Windows and Azure administration end-to-end.

  • Stood up a complete site from nothing — racked and configured all server and network hardware from scratch.
  • Primary administrator for the full server estate: Windows Server 2008 through 2019, covering Active Directory, Group Policy, DNS, DHCP, File Services, and DFS across multiple datacenters.
  • Migrated the entire ~3,000-person workforce from Windows 7 to Windows 10 using SCCM in-place upgrades, including custom task sequences and driver packages.
  • Designed and deployed a ground-up PKI infrastructure and Certificate Authority from scratch to support certificate-based authentication and secure internal communications.
  • Built a custom PowerShell integration that synced Active Directory attributes with ADP HR data, automating personnel management. HR had real visibility into org structure for the first time, and the IT team got meaningful hours back.
  • Managed hybrid Azure AD via Azure AD Connect, implemented SAML authentication for third-party SaaS apps, and handled the full Exchange Online migration.
  • Managed rack/stack, UPS systems, and SAN storage across multiple regional sites.

NAES Corporation — Service Desk Technician II / Systems Administrator

Issaquah, WA | October 2017 – January 2019

NAES is an energy services company. I joined during active M&A activity and spent most of my time consolidating IT environments from recently acquired companies into a single cohesive infrastructure.

  • Consolidated multiple Active Directory forests into a single unified domain following a series of corporate acquisitions — designing the migration path, handling trust relationships, and cleaning up the resulting environment.
  • Merged disparate O365 tenants following acquisitions, unifying the organization onto a single Microsoft 365 platform.
  • Implemented Intune co-management to bridge the existing SCCM environment with cloud-based endpoint management, enabling modern device management without ripping out what was already in place.
  • Deployed Cisco Hyperconverged Infrastructure as a VMware replacement for the virtualization layer.
  • Provided administration for Exchange Online, SharePoint, and the full Office 365 suite across a diverse user base.

Affirma Consulting — Infrastructure Consultant

Bellevue, WA | May 2016 – October 2017

Client-facing consulting across roughly 20 business clients. Firewall deployments, server builds, O365 migrations, WAN troubleshooting — different problems every week.

  • Ran an internal penetration test against US Steel’s legacy Active Directory environment, identifying exposure across their older on-premises infrastructure.
  • Migrated around 20 clients to Office 365, covering all aspects of the deployment — the main driver being migrations from on-premises Exchange to Exchange Online.
  • Implemented Azure AD Connect for hybrid identity synchronization across the client base, enabling consistent SSO and directory services in mixed on-premises and cloud environments.
  • Handled firewall and WAN configurations using Dell SonicWall, Fortinet, and Palo Alto — from initial design through site-to-site VPN setup and policy hardening.
  • Built and hardened Windows Server environments for small-to-midsize enterprises, covering Active Directory design, secure remote access, and security baseline configuration.
  • Authored post-implementation technical documentation and ran client training for every delivered solution.

US Army — Corporal (MOS 25N), Joint Nodal Network Operator

Germany, Afghanistan, and United States | May 2011 – May 2016

25N is the Army’s Joint Nodal Network Operator MOS — responsible for operating mobile NOCs in tactical environments. I served in Germany, at multiple domestic posts, and deployed to Jalalabad, Afghanistan from 2012 to 2013.

  • Operated mobile NOCs providing full TCP/IP and satellite connectivity for a 2,500-soldier Brigade in tactical environments.
  • Deployed as a NOC/SOC administrator in Jalalabad, Afghanistan, supporting over 3,000 NATO, civilian, and military personnel.
  • Led a 5-person team responsible for hardware repair, COMSEC management, and base-wide systems administration. Accountable for all cryptographic materials at the battalion level.
  • Completed Warrior Leadership Course (US Army Sergeant Training).