(2023 - 2025)

Cloud Staff Engineer - High Availability and Disaster Recovery Architect at BHG Financial

Project: Enterprise Infrastructure Modernization
Business Objective: Upgrade the company's IT infrastructure for better scalability, availability, and security.
Accomplishments:

• Upgraded mission-critical legacy Java and COBOL-based core loan origination platform to a hybrid HA architecture spanning on-prem and Azure. Implemented Azure paired regions, Load Balancer, Site Recovery, and SQL Server Always On for cross-site redundancy and database-level HA, achieving 99.995% uptime with seamless failover to TransUnion and Equifax services.
• Replaced deprecated IPsec VPNs with secure RESTful APIs for services hosted both on-premise and in Azure, using Azure API Management, OAuth 2.0, mutual TLS, and private endpoints via VNet Integration to harden PII data exchange protocols.
• Authored detailed hybrid architecture diagrams covering both Azure and on-premise infrastructure, along with operational runbooks in Confluence for internal use and SOC 2 audits. Maintained comprehensive wikis tailored for support, engineering, and architecture teams to ensure consistent system understanding and accelerate onboarding across environments.
• Orchestrated the migration of 500+ VMs from on-prem VMware to Azure IaaS using Azure Migrate, Azure Arc, and Azure Monitor, with custom PowerShell automation for pre-migration validation and post-migration cleanup, resulting in $800,000+ annual savings across licensing, power, and cooling.
• Led the design and deployment of the Dell PowerProtect Cyber Recovery Vault with integrated PowerProtect Data Domain, overseeing the team while directly engineering immutability features and a tiered backup strategy using Azure Backup and Recovery Services Vaults, achieving a 1-hour RTO and 15-minute RPO.
• Deployed Azure Bastion, Just-in-Time VM Access, and Azure Firewall Premium to enforce layered network security, using Azure Resource Manager (ARM) templates and PowerShell automation integrated into CI/CD pipelines for consistent, repeatable deployments across staging and production environments.
• Led an 8-engineer DevSecOps team through the deployment of Cisco ACI integrated with Azure ExpressRoute and Policy-Based Routing (PBR), completing the project with minimal service disruption.
• Provided mentorship on Azure RBAC, Defender for Cloud policies, and compliance with CIS benchmarks.

(2020 - 2023)

System Engineer at BHG Financial

Project: Security Hardening and Environment Monitoring
Business Objective: Improve system security and monitoring to protect infrastructure and enhance operational visibility.
Accomplishments:

• Deployed Tanium for endpoint detection and response (EDR), vulnerability management, and compliance enforcement, reducing CVE exposure by 40% and improving MTTD/MTTR by 35%.
• Architected a Cisco UCS B-Series chassis infrastructure with VMware vSphere 7.0 and vCenter HA, enhancing compute efficiency and reducing hardware sprawl.
• Integrated LogicMonitor with Azure Monitor and SNMP traps for end-to-end observability across hybrid IaaS and on-prem workloads. Tuned alert thresholds and implemented automated remediation, reducing unscheduled outages by 85%.
• Created PowerShell DSC and scheduled tasks for patch management, inventory, and compliance tracking, freeing over 20 hours of manual admin time weekly.

(2018 - 2020)

Network Engineer at BHG Financial

Project: Network Optimization and Security Enhancement
Business Objective: Enhance network performance and security across all company branches, enabling secure remote work for employees.
Accomplishments:

• Designed and implemented an enterprise-grade Palo Alto PAN-OS firewall architecture with centralized management via Panorama, site-to-site and remote access via GlobalProtect VPN, and dynamic security policies leveraging LDAP/Active Directory group mapping, User-ID, and zone-based segmentation; reduced unauthorized access attempts by 60% and enhanced east-west traffic visibility.
• Integrated Pure Storage FlashArray with ActiveCluster and VVols for low-latency, high IOPS storage; deployed Cohesity DataProtect with SmartFiles for scalable backups and fast recovery.
• Configured BGP peering with route reflectors and OSPF segmentation for multi-site HA and fast convergence. Integrated SD-WAN overlays with policy-based routing (PBR), SLA monitoring, and app-aware routing to optimize Layer 3 traffic across hybrid WAN links.
• Conducted NIST-aligned network audits, applying STIGs and remediation plans to enhance compliance by 50%.

(2015 - 2018)

System Administrator at BHG Financial

Project: Data Center Consolidation
Business Objective: Consolidate multiple physical data centers to lower costs and improve efficiency.
Accomplishments:

• Managed a multi-domain Active Directory forest supporting 1500+ users and 400+ servers, leveraging GPOs, OU-based delegation, and fine-grained password policies. Integrated with Hybrid Azure AD using Microsoft Entra Connect to enable seamless identity synchronization and support cloud-based access controls and MFA policies.
• Consolidated data centers by migrating 800+ TB of data using VMware Storage vMotion and Hyper-V Live Migration, leveraging synchronous SAN replication, snapshot chaining, and CRC-based verification to ensure data integrity and zero data loss during transition across multi-site clusters.
• Migrated on-prem SharePoint 2016 to SharePoint Online using the SharePoint Migration Tool and hybrid search configuration; deployed Microsoft Entra Connect to synchronize identities and enable seamless SSO. Rolled out Microsoft Authenticator for MFA across the organization, enhancing security posture. Transitioned users from Cisco Jabber to Microsoft Teams via Teams Admin Center, with Intune enforcing endpoint policies.
• Deployed and managed mixed Hyper-V/VMware clusters across Tier 1 and Tier 2 applications, configuring SCVMM and vSAN for optimized resource allocation.

(2012 - 2015)

Information Technology Manager at Culinary Concepts

• Directed all IT infrastructure operations and endpoint lifecycle management.
• Rolled out POS system upgrades integrated with backend SQL systems and network printing policies via Group Policy.

(2011 - 2012)

Jr. System Administrator at Montana State University Billings

• Supported Windows Server and Red Hat Linux environments, automated helpdesk workflows with VBScript and batch files, and assisted in migrating student data to clustered file shares and a new DFS namespace.

Technical Skills

• Cloud & Virtualization: Azure (ARM, Arc, ExpressRoute, ASR, Log Analytics), AWS, VMware, Hyper-V, Azure Migrate, Azure Site Recovery, Terraform, Illumio
• Networking & Security: Palo Alto (PAN-OS, GlobalProtect, Panorama), Cisco (ACI, UCS, ASA), Fortinet, A10, VPN, Certificate Management, Azure Key Vault, OAuth2, mTLS, Azure Firewall, Defender for Cloud, Crowdstrike, LogicMonitor
• Storage & Backup: Pure Storage (ActiveCluster, VVols), Dell PowerStore, Cohesity, Dell PowerProtect Cyber Recovery, Azure Backup, Recovery Services Vaults
• Scripting & Automation: PowerShell, Python, Terraform (HCL), SQL, JSON, Desired State Configuration (DSC)
• Databases: SQL, Cosmos DB, MySQL, Advantage
• Endpoint & Infra Management: Tanium, Atlassian Suite, Git, Azure Monitor, Azure Bastion, New Relic

Education

• Western Governors University | 2016: Computer Information Sciences and Support Services
• Montana State University Billings | 2012: Cisco Networking Academy CCNA/LAN/WAN Management

Certifications

• Microsoft Certified: Azure Administrator (AZ-104) | Certification # KAF28A-5C4329 | 2024
• Administering Cisco UCS with Intersight | 2022
• Implementing Cisco DCACI Application Centric Infrastructure | 2022
• PCNSA - Palo Alto Networks Certified Network Security Administrator | 2019
• Cisco Networking Academy (CCNA Equivalent) | 2014

Professional Development

• Pluralsight and Udemy Advanced Cybersecurity and Infrastructure Training | 2020-Present
• ITIL Foundation Workshop, Global Knowledge | 2022
• Microsoft Ignite Conference, Cloud Infrastructure Track | 2019

References

Available upon request.