Infrastructure Built to Satisfy Auditors, Not Just Architects

Available for project engagements, retainer consulting, and strategic advisory. Serving clients nationwide from Tampa, FL. Bilingual: English / Spanish.

Cloud Architecture & Migration

What your organization gets: A production-grade Azure environment — built to run, secured to pass audits, and designed to eliminate the datacenter costs and operational risk of on-premises infrastructure.

I deliver end-to-end Azure engagements from initial architecture through production cutover, with zero-downtime as the standard, not the goal. Whether you’re exiting a datacenter lease or building cloud-native from scratch, every architectural decision is made with governance, resilience, and compliance in mind.

What’s included:

  • Azure landing zone design (hub-spoke, subscription topology, governance framework)
  • Datacenter migration — VMware, Hyper-V, Nutanix to Azure IaaS
  • Multi-subscription environments with centralized policy and cost management
  • Azure networking — VNet, hub-spoke, ExpressRoute, VPN Gateway, Private Endpoints
  • Azure Virtual Desktop (AVD) and Windows 365 implementation
  • Azure Monitor, Defender for Cloud, and operational baseline setup
  • Zero-downtime production cutovers
  • Infrastructure as Code (IaC) with Azure Bicep and Azure DevOps — migrating manually-managed Landing Zone environments to version-controlled, pipeline-driven deployments

Scale delivered: 500+ server migrations. Multi-region deployments across US and Asia. Six Azure subscription environments managed simultaneously.

Identity & Zero Trust Security

What your organization gets: An identity architecture that stops lateral movement, satisfies compliance frameworks, and replaces the operational debt of legacy Active Directory — without breaking your users’ ability to work.

Active Directory and Entra ID are the nervous system of your enterprise. A compromised identity is a compromised organization. I’ve spent 27+ years managing directory services — from on-premises NT domains to modern Entra-first Zero Trust architectures — and I understand both the attack surface and the compliance requirements.

What’s included:

  • Active Directory health assessment, remediation, and hardening
  • Entra ID (Azure AD) deployment, hybrid identity, and AD Connect configuration
  • Conditional Access policy design and implementation
  • Privileged Identity Management (PIM) and tiered administration
  • Defender for Identity deployment and monitoring
  • SSO, MFA, and Windows Hello for Business rollout
  • Group Policy to Intune migration
  • Zero Trust architecture and network access controls
  • CCNA-grade hybrid networking: VNet topologies, ExpressRoute, secure hybrid bridging

Why this matters: Identity is the #1 attack vector in enterprise environments. It is also the foundation of every compliance framework — SOX, HIPAA, CJIS, and GLBA all start with identity controls. Getting this right eliminates an entire category of audit findings.

Secure Workforce Enablement — Intune & AVD

What your organization gets: A managed, secured, and compliance-aligned device fleet — regardless of platform, location, or whether your workforce is in an office, remote, or distributed across continents.

I’ve deployed and managed 1,000+ device environments for insurers, healthcare providers, and law enforcement agencies. I understand that endpoint management in a regulated environment is not just an IT problem — it’s an audit, security, and business continuity problem.

What’s included:

  • Microsoft Intune deployment and configuration (Windows, macOS, iOS, Android)
  • Windows Autopilot — zero-touch device provisioning
  • Security baseline enforcement (CIS, NIST, CJIS-aligned)
  • Conditional Access integration for device compliance
  • Microsoft Defender for Endpoint configuration and monitoring
  • Application deployment and lifecycle management
  • Windows Autopatch configuration
  • Information Protection and DLP policies
  • Azure Virtual Desktop — delivering secure, consistent workspaces for remote and global teams

Scale delivered: 1,000+ device fleet deployments. Multi-platform, multi-region environments. Compliance-aligned configurations for insurance, healthcare, and law enforcement.

Compliance & Audit Remediation

What your organization gets: Audit-ready infrastructure — and a clear path from where you are now to where you need to be before your next compliance review.

Most organizations discover compliance gaps when an auditor finds them. I find them first. Having supported compliance programs under SOX, HIPAA, CJIS, and GLBA — including a live Justice Department audit — I know exactly what external auditors look for, what evidence they require, and what technical controls actually eliminate findings versus papering over them.

What’s included:

  • Compliance gap assessment against SOX, HIPAA, CJIS, or GLBA requirements
  • Remediation roadmap with prioritized technical controls
  • Audit trail design and evidence packaging for external auditors
  • Privileged access management (PAM) implementation and documentation
  • Change control and segregation of duties architecture
  • Security policy documentation aligned to regulatory frameworks
  • Pre-audit infrastructure review and remediation
  • Ongoing compliance retainer for regulated environments

Frameworks: SOX (Sarbanes-Oxley) · HIPAA / HITECH · FBI CJIS Security Policy · GLBA · SEC Regulation SP · NIST SP 800-53

Why this differentiates: Most cloud engineers can configure a control. Few have been inside the room during a Justice Department audit or designed infrastructure specifically to withstand external SOX review. That experience is the difference between an architecture that looks compliant and one that is.

Regulated Industry Infrastructure

What your organization gets: Infrastructure built from the ground up for the regulatory environment you operate in — not retrofitted with compliance controls after the fact.

The regulated industries I serve — financial services, healthcare, and law enforcement — don’t just need functional cloud infrastructure. They need architecture where every access control decision, every audit log, and every network boundary is defensible to a regulator.

SOX (Sarbanes-Oxley) — Publicly traded company infrastructure with audit trails, privileged access management, change control, and segregation of duties. Designed to satisfy external auditors, not just internal teams.

HIPAA / HITECH — PHI access controls, audit logging, BAA-compliant Azure service selection, minimum-necessary access design, and URAC-aligned environments for healthcare organizations.

FBI CJIS Security Policy — Advanced MFA for all CJI access, end-to-end encryption, detailed audit logging, access control hardening, and personnel security screening. One of the strictest security frameworks issued by the US government.

GLBA (Gramm-Leach-Bliley Act) — Financial services infrastructure with customer data protection, access controls, and ongoing security program requirements for insurance and banking.

Schedule a Discovery Call View Case Studies