Consulting Case Studies
Selected engagements across healthcare, financial services, and law enforcement — each delivered under demanding compliance requirements with measurable outcomes.
Emperion — Healthcare Cloud Platform (US / Asia)
The challenge: Emperion, a URAC-accredited IME provider with 47+ years of industry experience and a 25,000+ provider network, needed a complete Azure environment built from scratch. Their workforce operates 24/7 across the US and Asia Pacific — a borderless, always-on operation with zero tolerance for inconsistent access or compliance gaps. The infrastructure had to support global identity synchronization, unified device management across regions, and strict HIPAA requirements for protected health information.
What I built:
- Complete Azure environment designed from zero — all networking, compute, identity, and endpoints
- Multi-subscription architecture spanning US East, US West, and Asia regions
- Entra ID (Azure Active Directory) deployment with hybrid identity and Conditional Access
- Microsoft Intune and Autopilot for 1,000+ device fleet — unified management across all regions
- Azure Virtual Desktop (AVD) delivering seamless access for the global workforce
- VNet topology with ExpressRoute-capable design, NSGs, and private endpoints
- HIPAA-aligned access controls, audit logging, and BAA-compliant Azure service configuration
Outcomes: A production-grade, HIPAA-compliant Azure platform supporting a global distributed workforce with consistent user experience across US and Asia regions.
"He built and managed core systems including networking, storage, disaster recovery, Entra ID, Intune, and Azure Virtual Desktop, largely on his own initiative. He didn't wait to be told what needed doing; he figured it out and got it done. He also played a real role in strengthening the company's security posture and helped the organization hold up well through its audits."
"There was no team handing him pieces of it. He owned the full architecture end to end, made the decisions, and executed them. The infrastructure wasn't just functional; it was defensible."
UPC Insurance — Enterprise Cloud Transition (NYSE-Listed)
The challenge: UPC Insurance, a publicly traded P&C insurer, needed to exit expensive on-premises datacenters and migrate 500+ production servers running on VMware and Nutanix to Microsoft Azure — with zero downtime and controls designed to survive SOX external audit review.
What I delivered:
- Led end-to-end infrastructure migration across 6 Azure subscriptions
- Migrated 500+ VMware and Nutanix workloads to Azure IaaS with zero production downtime
- Designed Azure landing zone and network topology including hub-spoke, NSGs, and ASGs
- Active Directory integration with Azure — hybrid identity, AD Connect, and Entra ID synchronization
- SOX-compliant change management, privileged access controls, and audit logging framework
- Azure Virtual Desktop implementation improving remote access reliability to 99.9% uptime
- Complete datacenter lease exit, eliminating significant recurring infrastructure costs
Outcomes: Full datacenter exit completed on schedule. Zero downtime. Architecture passed SOX external audit review.
Slide Insurance — Greenfield Enterprise Build
The challenge: Slide Insurance, a fast-growing Florida insurer, needed its entire IT infrastructure built from the ground up — cloud platform, identity, endpoints, and remote access — all compliant with GLBA and Florida state insurance regulations.
What I built and maintain:
- Complete Azure cloud platform from zero — infrastructure, networking, governance
- Active Directory and Entra ID environment with full hybrid identity
- Microsoft Intune and Autopilot deployment for 1,000+ devices (Windows, iOS, macOS)
- Security baseline enforcement aligned with CIS benchmarks and GLBA requirements
- Azure Virtual Desktop and Windows 365 for secure remote access
- Conditional Access policies, Defender for Endpoint, and DLP configuration
- Ongoing Senior Cloud Engineer role — operating and evolving the full environment
- IaC migration in progress — converting manually-built Azure Landing Zone infrastructure to Azure Bicep templates deployed via Azure DevOps pipelines, bringing full version control and repeatable deployments to the environment
Outcomes: Production-grade, GLBA-compliant infrastructure supporting rapid company growth. Full cloud-native endpoint management replacing on-premises tooling.
Regional Sheriff’s Office — CJIS Security Hardening
The challenge: A Florida Regional Sheriff’s Office with a complex on-premises IT environment needed to remediate legacy vulnerabilities and prepare for Justice Department internal audits. CJIS Security Policy — one of the most rigorous frameworks issued by the FBI — requires advanced authentication, encryption, audit controls, and personnel security screening that far exceeds typical enterprise standards.
What I delivered:
- Comprehensive assessment and remediation of legacy on-premises infrastructure vulnerabilities
- MFA deployment and enforcement for all access to Criminal Justice Information (CJI)
- Audit log design, evidence packaging, and documentation framework for compliance review
- Access control hardening — role separation, least-privilege enforcement, privileged account controls
- Encryption at rest and in transit across all CJI-touching systems
- End-to-end preparation for Justice Department internal audit
- Achieved full CJIS Security Policy compliance
Outcomes: Agency successfully prepared for and passed Justice Department internal audit. Full CJIS-level compliance achieved across all systems touching Criminal Justice Information.