Promoted by Bread Financial to overhaul their corporate PKI workflows and certificate authorities. Defined standard certificate workflows for application teams, transparently replaced legacy CA platforms with a modern standards-compliant application, and implemented automated certificate issuance and renewal for over 80% of managed certificates.

Demonstrated experience with layer 7 WAF administration, web security policy management, and botnet protection. Analysis and mitigation efforts reduced suspicious and malicious traffic on a major PCI-audited web app from over 70% to less than 0.3% of overall traffic, blocking over 1,000 bot requests per second and reducing backend server load by nearly half during normal operations.

Performed proactive cyber defense engineering by implementing DMARC and related email authentication protocols to prevent spoofing and impersonation at the domain level. Emphasized attack surface reduction through layered controls, integrating threat-aware mail flow policies, rigorous monitoring, and alignment with defense-in-depth strategies to harden enterprise messaging infrastructure.

Designed and maintained automation workflows using Bash, Python, and Ansible Tower to streamline system administration and security operations. Built centralized tooling around Jamf Pro and Workspace ONE to enforce policy, manage endpoints at scale, and reduce manual overhead across macOS and iOS environments.

Administered Jamf Pro to manage macOS and iOS devices at scale, developing custom policies, scripts, and configuration profiles to enforce security baselines while supporting informed user-consent management strategies. Leveraged smart groups and extension attributes to drive dynamic policy targeting, streamline compliance reporting, and minimize user disruption.

Held a CCNA in Routing and Switching and supported network infrastructure across small business and enterprise environments. Managed L3/L4 DDoS mitigation and administered L7 web application firewall policies to protect against application-layer threats while maintaining performance and availability.