Professional Projects

Disclaimer: all projects listed here have some details withheld to protect sensitive info, myself, and my past employers. For the same reason, I decided to avoid naming specific technologies, brands, or products where possible.

Business Acquisition

I engineered and implemented an acquisition of a company from both ends. I transitioned some existing infrastructure into the new parent organization's environment, brought in new infrastructure to meet requirements for the parent org, and rebuilt the entire IAM structure in the new parent org's email solution and machine access solution.

This project entailed the following, across three segregated campuses, with several segregated sites each:

  • Migrating hypervisor infrastructure to new platforms on new host machines.
  • Decommissioning existing backup infrastructure while phasing in new backup infrastructure. This entailed learning about air-gapped and tape backups, which was really fun!
  • Replacing every switch, firewall, and access point with brand new hardware from a different OEM. Re-IP-ing every host on the network, building out new firewall rules from scratch, rebuilding custom DNS entries, and scripting host file modifications. This is where I cut my teeth on fiber deployments.
  • Migrating all user data to new domain profiles, and migrating all user inboxes to a new tenant (some mailboxes had emails dated back to the mid 90's!).
  • Trained and onboarded every user with new systems, access controls, and software.
  • Building a new VoIP infrastructure - this was *not* fun!
  • Rebuilding Active Directory / Entra and M365 roles and groups in compliance with new policy.

Active Directory Organization

I engineered and implemented a brand new Active Directory scheme for an organization that had over 15 campuses, with no security and almost no access controls. Each generically named host had a username of the same name with matching passwords, this provided no reliable auditing trails, which was unacceptable. There were no restrictions, polices, or access controls pushed to any host, which lead to personal employee information traveling over and inside a sensitive network.

Here is what that process entailed:

  • Designing new access controls based on current (at the time) NIST and HIPAA guidelines.
  • Preparing a project presentation for business leadership, explaining concepts, scope, impact, and a timeline.
  • I developed brand-new OUs, and crafted new GPOs to tighten the wrench on the company's machines and establish auditing rules. This was also partly due to an issue I diagnosed with the company's resource hungry database application -- employees were putting excess strain on the network and machines via video streaming and other personal activities. (This company operated with a very small overhead.)
  • I created a script to rename all hosts on the network to coincide with their assigned user and physical location, replacing the existing arbitrary names. (this was critical for remote support operations for this business.)
  • I created a script to make new, name-based user accounts for every employee to be used at each machine, and automated the process of transferring files from one user to another. I also created distributable documentation explaining the new process, and assisted in training new users on new processes when needed.
  • The next phase of this process was to tie user logins to keycards with biometric 2FA, but this was not able to be completed due to cost. I was able to engineer a working example of this system, and hope to have an opportunity to use it in the future, it's really cool and was super fun to put together.
built from scratch by rfdink | 2025