Senior Infrastructure & Security Leader

Infrastructure,
at scale.

14+ years driving enterprise modernisation, leading multi-disciplinary technical teams, and aligning infrastructure strategy with organisational goals — most recently in healthcare IT.

View the lab → Experience
$3.2M
infrastructure modernisation led
~300
VMs migrated VMware → Nutanix
$1M+
assets recovered via audit controls
40+
team members led at peak
About

Builder.
Leader.
Practitioner.

I'm a Systems Engineering Manager with deep roots in enterprise infrastructure and a record of delivering programmes that move the needle financially and operationally — not just technically.

At Kennedy Krieger Institute I led a $3.2M infrastructure modernisation, migrating ~300 VMs from Broadcom VMware to Nutanix across three data centres — on time, avoiding an estimated $1.2M+ in near-term costs. Before that, eight years at Maryland Judiciary managing statewide VDI, Active Directory, and end-user computing across 60+ locations.

I hold an M.S. in IT Management (WGU, 2026) and am currently studying for CISSP. My home lab — Mad Miller Labs — is a working enterprise merger simulation built to demonstrate what I'd bring to your environment.

Virtualisation & Compute
Nutanix AHV VMware vSphere Horizon VDI Hyper-V
Identity & Security
Active Directory Group Policy DFS Least-Privilege PKI
Cloud
Microsoft Azure AWS AVS / Landing Zones Cloudflare
Endpoint & Ops
Intune PDQ Deploy PowerShell ITIL v4
Portfolio Project

Mad Miller Labs

An enterprise merger simulation in a home lab — two independent Active Directory forests, purpose-built to demonstrate real-world infrastructure, identity, and security skills across every layer of the stack.

01 / COMPUTE

Nutanix HCI cluster

Dell PowerEdge R640, 384GB RAM, 80 threads running Nutanix CE 6.8.1 on AHV — the same platform I migrated ~300 VMs onto at KKI.

02 / IDENTITY

Dual-forest AD design

Forest A with tiered account model (.da / .sa / .wa separation), gMSA service accounts, PAW jumpbox with Credential Guard, and break-glass procedures with automated alerting.

03 / NETWORK

13-VLAN architecture

Cisco Catalyst 2960X, pfSense firewall, fully segmented across Management, Forest A/B, App Servers, Security, and Red Team VLANs with explicit inter-VLAN ACLs.

04 / REMOTE ACCESS

OpenVPN + DDNS

Certificate-based VPN with per-user static IP assignment and Cloudflare DDNS auto-update. Accessible and secure from anywhere.

05 / SECURITY

Defense-in-depth stack

Wazuh SIEM, Suricata IDS via pfSense, Velociraptor EDR, and Sysmon across endpoints. Break-glass accounts monitored with automated alerts.

06 / DESIGN

Documentation-first

Five versioned architecture documents covering shared reference, per-forest design, switch config, shared tools, and lessons learned — built to show how production environments should be run.

Nutanix CE Windows Server 2025 pfSense Cisco IOS Active Directory OpenVPN Wazuh Suricata Velociraptor Cloudflare PowerShell
Experience
Manager, Systems Engineering May 2025 – Present
Kennedy Krieger Institute · Baltimore, MD · Paediatric rehabilitation hospital & research centre
  • Lead an 8-person engineering team responsible for enterprise infrastructure operations across a HIPAA-regulated healthcare environment.
  • Led on-time migration of ~300 VMs across three data centres from Broadcom VMware to Nutanix, delivering a $3.2M infrastructure modernisation that extended platform lifecycle by five years and avoided an estimated $1.2M+ in near-term costs.
  • Implemented secure access governance based on least-privilege principles; deployed Bitwarden enterprise password management to establish organisation-wide credential hygiene standards.
  • Developed formal on-call policies and escalation procedures; aligned infrastructure strategy with institutional goals and managed vendor performance to maximise ROI.
  • Mentored engineers and administrators to build a high-performing team with clear development pathways.
Manager, Desktop Support Services Mar 2022 – May 2025
Maryland Judiciary · Annapolis, MD · Statewide court administration serving 6M+ residents
  • Directed enterprise-wide end-user services team of 20 technicians and up to 20 contractors across 60+ locations statewide.
  • Reduced service backlog by 40% through operational restructuring and KPI alignment.
  • Recovered $1M+ in missing assets through audit controls and lifecycle tracking.
  • Implemented enterprise-wide technical refresh programme; managed vendor relationships and aligned operations with organisational priorities.
End User Computing Engineer Mar 2019 – Mar 2022
Maryland Judiciary · Annapolis, MD
  • Administered enterprise-wide VDI platform supporting thousands of endpoints across 60+ locations statewide.
  • Automated provisioning and patching workflows using PowerShell, reducing manual work by 30%.
  • Strengthened endpoint security using PDQ Deploy; achieved "No Findings" in government compliance audit through rigorous documentation and governance.
Systems Administrator Apr 2014 – Mar 2019
Maryland Judiciary · Annapolis, MD
  • Ensured availability and recoverability of enterprise systems supporting court operations across 60+ locations statewide.
  • Administered Active Directory, GPO, DFS, and Exchange/O365; provided Tier III support.
  • Led transition from legacy Novell systems to modern Windows Server environments.
Earlier experience 2009 – 2015
NACDS · MPR Associates · Ciber / World Bank
  • Network Administrator — NACDS, Arlington, VA · 2011–2015
  • Help Desk Analyst — MPR Associates · 2011
  • Help Desk Analyst (Contractor) — Ciber / World Bank · 2009–2011
Certifications

Credentials

Linux Professional Institute
LPIC-1
Active
Amazon Web Services
AWS Cloud Practitioner
Active
(ISC)²
CISSP
In progress

Also hold: CompTIA A+ · Net+ · Sec+ · Azure Fundamentals (AZ-900) · ITIL v4

Writing

Field notes

March 28, 2026 Gotcha
VLAN 99 is reserved in Nutanix CE — and it will ruin your day silently
AHV reserves VLAN 99 internally for CVM traffic. Guest VMs on VLAN 99 receive packets fine but TX is silently dropped — zero bytes out, MAC never appears on the switch, ARP never resolves. Here's how I found it and what to do instead.
Read →