Azoff Music Company
Information Security Specialist
Apr 2021 - Current
- Led the company’s cybersecurity program, prioritizing improvements based on data-driven risk assessments, industry specific attack patterns, and the NIST Cybersecurity Framework. Reduced IT spending while improving overall security posture.
- Led the design and development of a Bicep-based IaC framework to codify a hub-and-spoke topology and migrate legacy infrastructure to the new model. Implemented a Role Based Just-in-Time permissions model for all cloud resources.
- Enforced biometric sign in requirements and synced local hardware security tokens with Entra ID, enabling passwordless logins from compliant endpoints to all corporate resources. Deployed FIDO2 hardware tokens to a smaller group of highly privileged users. Achieved a 95% device compliance rate within 1 month of policy rollout.
- Fully automated the user onboarding process with Azure DevOps, PowerShell, and app-specific API integrations to streamline provisioning, reducing onboarding turnaround time by 80%.
- Developed highly customized Conditional Access Policy solutions for all identities, employee or otherwise. Maintained an average Identity Secure Score of 90%.
- Transitioned 99% of managed corporate applications to SAML/OIDC Single Sign-On (SSO).
- Served as the primary Intune and Jamf administrator, managing 400+ Windows, MacOS, iOS, and Android endpoints. Enforced hardened device configurations based on CIS Benchmark recommendations. Fully automated app provisioning and patch management across all endpoints.
- Deployed and managed Microsoft’s Defender Suite to unify vulnerability reporting across all IT and Development infrastructure. Integrated Microsoft and third-party services into Azure Sentinel with automated playbooks to streamline incident response.
- Designed and led a new hire security training program. Administered new phishing awareness and security training platforms with an emphasis on industry-specific attack patterns.
- Redesigned corporate office network, implementing port-based access controls across several VLANs.
- Deployed Azure Arc to all on-prem servers. Built unified monitoring and patching solutions with Azure Monitor and Update Manager.
- Worked cross departmentally on standardizing and updating company IT and Security policies. Formalized a company wide vendor management process.
- Administered a cloud CA and RADIUS Server (EZCA and EZRadius), enabling Entra ID Wi-Fi authentication for corporate networks.