résumé

A PDF version of my résumé is available here (opens in new tab), and is up to date as of April, 2025. If you’d like to contact me, send me an email at jmcma2sy {@} icloud {dot} com.

Summary

I offer 16 years of professional information technology experience, with the last 8 years in cybersecurity. I currently manage the enterprise security (sometimes called “corporate security” or “IT security”) function at a cloud-native, late-stage startup.

At this stage in my career, I am less focused on day-to-day operations and more focused on technical direction and strategic decision making. I oversee projects end-to-end from initial vendor call to handoff to security operations teams.

I am not interested in pursuing a career in people management at this time. However, I do serve as a “dotted line” manager for a small team and have consistently offered mentoring and leadership to junior staff and interns over the past eight years.

Education & Qualifications

M.S. Information Technology (Cybersecurity / Cybersecurity Management) @ Virginia Tech, est. Dec 2024
B.S. Business Administration @ University of Mary Washington, 2004 – 2008
CompTIA Advanced Security Practitioner (CASP), Jun 2016 – Jun 2019
SANS GIAC Certified Enterprise Defender (GCED), Apr 2019 – Apr 2023

Skills

  • Python, Java, Bash, and Powershell
  • Network Security and Zero Trust Networking
  • Identity and Access Management (IAM)
  • IdP Administration (Okta/AD/Entra)
  • Endpoint Detection & Response
  • 802.11i and Wireless NAC
  • Infrastructure as Code (Ansible, Terraform)
  • Cryptography
  • Computer system architecture
  • Apple/Windows MDM
  • Incident Response
  • Vendor and Relationship Management
  • Email Security (SPF/DKIM/DMARC)
  • Risk Assessments and Frameworks (NIST 800-Series, SOC2)
  • People Management
  • Public Speaking
  • Containerization
  • API Programming

Career Experience

Senior Security Engineer – Tech Lead, Arcadia – May 2022 – Present

  • Technical lead for enterprise, corporate, and workforce security at Arcadia, directly leads and supervises onejunior team member. A mix of hands-on and technical leadership/strategy/planning.
  • Manages functional areas of endpoint detection and response, email security, workspace security, workforceidentity and access management, vulnerability management, and zero trust.
  • Participates in the hiring and management of junior staff. Provides feedback/edits on job descriptions andmaintains “dotted line” relationships and guidance/mentorship to improve team capabilities.
  • Regularly leads high-stakes security projects from inception to operationalization/handoff to IT andoperations teams.
  • Manages endpoint detection and response (EDR) across Mac, Linux, and Windows endpoints withCrowdstrike.
  • Eliminated use of passwords across the organization as a primary authentication method in favor ofphishing-resistant multifactor authenticators.
  • Deployed and manages Proofpoint Enterprise to comprehensively defend against email threats. Managesemail authentication protocols and best practices for the company to ensure deliverability. (SPF, DKIM,DMARC).
  • Participates regularly in technical incident response activities, including managing a very unusual case ofresponding to and recovering from activities by an insider threat.
  • Implemented vulnerability management program from scratch and implemented patch management SLAs.
  • Writes and manages automations (Python, Powershell, and shell scripting) to bridge functionality gaps in SaaS platforms via APIs.
  • Where possible, manages security resources in public cloud providers (AWS) using industry standard infrastructure-as-code tooling (Hashicorp Terraform).
  • Leads multiple initiatives to increase the company’s security posture based on zero-trust principles.
  • Communicates, company-wide, clearly and effectively on security updates and initiatives.
  • Migrated company off of a legacy VPN solution to a zero-trust network access solution.
  • Supports automation and process improvement for user lifecycle activities (onboarding/offboarding).
  • Evaluates security tooling on a technical and cost basis for potential integration into Arcadia’s environment.
  • Participates in risk assessment and governance/risk/compliance activities when needed.

Network Analyst III, Arlington Public Schools – Jun 2017 – May 2022

● Overhauled and re-architected network security design with new Palo Alto 5250 platform in high-availability mode.
● Implements and maintains user and application-aware security policies with egress/ingress control.
● Creates and maintains custom application signatures where needed.
● Manages multiple site-to-site IPsec VPNs with cloud providers and vendors.
● Responds to incidents involving direct cybersecurity threats, student concerns, and AUP violations.
● Provides reports to leadership on priority remediations and mitigations from third-party cybersecurity audit.
● Automates reporting of student content filtering violations using Palo Alto URL categories and automation tools.
● Responds to vulnerability scan results from internal tools (Nessus) and external partners (AT&T).
● Creates, publishes, and maintains “smart secure” documentation for students, faculty, and staff.
● Deploys patches, updates, and hotfixes to vulnerable systems where needed.
● Manages setup and configuration of GlobalProtect Endpoint VPN for over 27,000 users.
● Assists in endpoint security and security management of over 30,000 Windows, iOS, and macOS devices.
● Greatly expanded the use of group policy objects to automate security and configuration on user endpoints.
● Managed setup and deployment of Nutanix Frame VDI environment in Azure for over 6,000 students.
● Manages and maintains open-source network monitoring solution (Cacti) for network monitoring.
● Automated and audited all school network device configurations using Ansible/Github.
● Assisted in migrating legacy datacenter to redundant multi-datacenter solution in modern facilities.

IT Network Engineer, Carbonite Inc. Nov 2015 – May 2017

● Responsible for day-to-day network troubleshooting, maintenance, and handling of incident escalations.
● Maintained and updated network and application policies on Juniper SRX-series and Check Point firewalls.
● Provided training and guidance on networking and best practices to junior staff.
● Created and maintained site-to-site Juniper IPSec tunnels and associated policies to 10 remote sites.
● Designed and installed secure network environments for remote office locations.
● Troubleshot complex network issues using packet-inspection tools, advanced logging, and real-time monitoring.
● Maintained Linux-based IT Network tools and applications environment.

Cloud Systems Engineer, Reclaim Hosting (part-time, contract) Aug 2015 – Feb 2016

● Scoped and implemented cloud web server monitoring and tracking system with automated discovery and reporting.
● Created scripted, interactive install for setup and provisioning of new cloud web servers.
● Provided guidance to customers and users on web application security.
● Documented project steps and milestones, provided additional technical documentation/remediation where necessary.

IT Systems Administrator, Apex Clean Energy Inc. Jan 2015 – Nov 2015

● Responsible for all day-to-day IT operations of the company, including management and training of IT staff.
● Scoped, designed, and installed high-performance virtualization environment for specialized applications.
● Implemented federated identity management system/SSO (Okta) for employee applications.
● Evaluated and implemented Solarwinds helpdesk ticketing and tracking system and provided KPIs to management.
● Implemented Solarwinds NPM and for monitoring and alerting of critical network and server equipment.
● Automated new hire orientation and asset tracking systems.
● Implemented Windows Deployment Services (WDS) to automate deployment of new employee workstation images.
● Oversaw new employee IT orientation, wrote and implemented acceptable use policies and guidelines.

Information Security Engineer, Carbonite Inc. Jul 2013 – Jan 2015

●Responsible for management and distribution of code signing certificates and related cryptographic keys for development group.
●Acted as security systems administrator responsible for documentation and management of secure systems and networks, including monitoring, patching, and setting up virtualization (ESXi) where applicable.
●Set up and configured Check Point firewall and packet inspection system; maintained policies as necessary.
●Designed, implemented, and maintained public DMZ with required routing and NAT policy.
●Maintained Active Directory GPOs for hardened and secure systems environments using industry-standard practices.
●Deployed user awareness and compliance training for Carbonite corporate users.
●Responded to information security events and remediated existing vulnerabilities on insecure systems

Network Engineer, Carbonite Inc. Jul 2011 – Jul 2013

● Troubleshot and implemented layer 1-3 network solutions: Physical Power/ Design (“rack-and-stack”), IP Design/ Subnetting, VLANs, STP, LACP (EtherChannel), Static Routing, OSPF, ACL Design and Configuration, NAT, DHCP, SNMP.
● Facilitated management of 70+ gbps of total bandwidth.

Mac Product Customer Support Lead, Carbonite Inc. Mar 2010 – Jul 2011

Specialist, Apple Inc. Sep 2008 – Mar 2010 (part-time)

Residential Network Technician, Apogee Telecom, Inc. Nov 2008 – Nov 2009

Volunteering/Other

SANS Advisory Board Member – 2019 – Present
Arlington County Citizen’s Police Academy – 2018
Computers4Kids of Charlottesville – Youth Mentor, 2015-2017 Albemarle County/UVA Community Emergency Readiness Team – 2015-2017
Amateur Radio Operator (KM4CQD) – 2014-2024