Reconfigured Backup

Previous Backup Configuration

Veeam backup was out of date

Veeam backed up to 3 different NAS

Backups were not scheduled correctly

2nd Quarter of 2022
New Backup Configuration

Built Veeam 11 server, Veeam One server and two proxy servers this helped prevent bottlenecks and monitored all servers

Setup notifications

Worked with department heads and/or server owners to find ideal backup time and number of restore points

Configured replication to azure

Setup automated reports to make sure servers were backing up consistently

Began Improving NTFS Permissions

Reason to Start Improving Permissions

Permissions were not consistent

Permissions were provided per user instead of group

When adding users, caused users to miss files or have access they didn't need

Users were in groups providing rights including admin rights

1st Quarter of 2023
Beginning Process

Audited folder and group permissions via scripts

Reached out to Department Heads to determine folder necessity

Started project and added multiple users to the project

Provided documentation and scripts to project members

Upgraded Citrix

Problems with Original network

VPN: Less than 20 users could connect, the VPN was slow

Security: Lacked security & couldn't upgrade certificates

MPLS Tunnel: Slow connection for satellite offices and expensive

Firewalls: out of date, couldn't be updated

Physical: Upgraded HQ from Copper to Fiber

4th Quarter of 2022 & 1st Quarter of 2023
Process to Rebuild Network

Lead a team rebuilding the network.

Replaced VPN, Firewall, Security, and ran Fiber cable in HQ.

Connected VPN to SSO requiring MFA to connect to network, the security was upgraded to TLS 1.2

Sent recurring emails to company employees, created articles showing how to connect to VPN

Upgraded Backup

Problems with Original network

VPN: Less than 20 users could connect, the VPN was slow

Security: Lacked security & couldn't upgrade certificates

MPLS Tunnel: Slow connection for satellite offices and expensive

Firewalls: out of date, couldn't be updated

Physical: Upgraded HQ from Copper to Fiber

3rd & 4th Quarter of 2019
Process to Rebuild Network

Lead a team rebuilding the network.

Replaced VPN, Firewall, Security, and ran Fiber cable in HQ.

Connected VPN to SSO requiring MFA to connect to network, the security was upgraded to TLS 1.2

Sent recurring emails to company employees, created articles showing how to connect to VPN

Rebuilt Citrix Environment

Why we weren't PCI Compliant

The Hardware was EOL

Lack of security

Specialized software running on Legacy servers

2018 - 2020
Processes to PCI Compliancy

Worked with Finance to increase IT budget, purchased newer servers that could be up-to-date

Setup GPO security policies, configured SSO with MFA, upgraded Antivirus, ran pentests and internal scans to fill security gaps

Lead a development team to build new software that would run on Azure servers

Migrated servers to AWS & Azure respective of the configuration

Rebuilt network

Secured every endpoint

Continually ran internal scans and pentests after becoming PCI compliancy to monitor any security risks

Rebuilt Network with SD-WAN

Problems with Original network

VPN: Less than 20 users could connect, the VPN was slow

Security: Lacked security & couldn't upgrade certificates

MPLS Tunnel: Slow connection for satellite offices and expensive

Firewalls: out of date, couldn't be updated

Physical: Upgraded HQ from Copper to Fiber

3rd & 4th Quarter of 2019
Process to Rebuild Network

Lead a team rebuilding the network.

Replaced VPN, Firewall, Security, and ran Fiber cable in HQ.

Connected VPN to SSO requiring MFA to connect to network, the security was upgraded to TLS 1.2

Sent recurring emails to company employees, created articles showing how to connect to VPN

Became PCI Compliant

Why we weren't PCI Compliant

The Hardware was EOL

Lack of security

Specialized software running on Legacy servers

2018 - 2020
Processes to PCI Compliancy

Worked with Finance to increase IT budget, purchased newer servers that could be up-to-date

Setup GPO security policies, configured SSO with MFA, upgraded Antivirus, ran pentests and internal scans to fill security gaps

Lead a development team to build new software that would run on Azure servers

Migrated servers to AWS & Azure respective of the configuration

Rebuilt network

Secured every endpoint

Continually ran internal scans and pentests after becoming PCI compliancy to monitor any security risks

Upgraded office phones

2nd & 3rd Quarter of 2019
Why we upgraded phones

The phones and service were expensive

The service lacked portability

The service was unreliable

Processes to upgrade phones

Found all current phone numbers being used, transferred them to new service

Sent articles to explain how to use the phone and softphones

Lead a team to add new phones to every desk and pushed software to pcs for soft phones.

Upgraded phone service

Added security to phone service integrating SSO which uses MFA

Migrated Email to O365

Why we Migrated to O365

The company was on Lotus Notes

Lotus Notes is an inferior product to either GSuite or O365

Part of becoming PCI compliancy

3rd & 4th Quarter of 2017
Process Migrating to O365

Worked with Finance and vendor to get licenses

Worked with team to send articles and teach employees how to use their email

Setup AD Directory Sync to O365

Configured Outlook on all employees pcs and phones

Integrated MDM

Why We Used a MDM

To become PCI compliant we needed to replace the legacy servers running a specialized software

2019
Process of setting up a MDM

In order to replace the legacy servers, we worked with an app developer to create a replacement app

Tested multiple MDMs including JAMF, Intune, Addigy, etc.

We decided on Hexnode

Connected Iphones to Hexnode via DEP and pushed apps via VPP

Tested the app with multiple users, once confirmed it was working deployed all iphones

Created separate policies depending on the employee's department

Decommissioned legacy servers become PCI compliant

Increased Cyber Security

1st Quarter 2018
Why We Increased Security

Before I started with the company:

They had lost over $300,000 to phishing attacks

There were multiple virus scares including WANNACRY

Company lacked a password policy

The company was trying to become PCI compliant

Process to Increase Security

Created a strict password policy

Purchased and configured OKTA

Purchased and configured KnowBe4

Purchased a better Anti-virus

Setup monitoring on all servers and services

Integrated all possible services to SSO

Started process to rebuild networks

Educated employees how to be more physically secure (avoid tailgating, etc.), use OKTA, and make stronger passwords

Ran monthly scans, quarterly phishing tests, quarterly password complexity tests

Upgraded & Migrated Servers

Why we Upgraded Servers

All servers were on premise

The VMWare software was EOL and couldn't be updated on the hardware

august 17th
Process to Upgrade Servers

The servers that had to be on premise were upgraded to newer, faster, servers that had more storage capacity

Migrated some servers to Azure and some to AWS

Upgraded Endpoints

Why We Upgraded Endpoints

The replacement policy was non-existent

The endpoints could not run the necessary software successfully

The computers were desktops which meant there was no option to work from home

3rd Quarter of 2019
Process to Upgrade Endpoints

Created a revolving door policy to replace endpoints every 4 years

Worked with Finance to create a lease with vendor

Replaced all desktops with higher performing laptops with docking stations

This was perfect timing for Covid-19

Hobby Projects

RC Car

RC Drone

Magic Mirror

Bluetooth Lamp

Website

VPN Site

Home NAS

Home Forest AD