Summary
Endpoint engineer with 16 years across enterprise fleet operations and seven years as the primary CrowdStrike Falcon SME for Amazon's 1.8-million-device Windows, macOS, and Linux corporate fleet. Served as Amazon's primary SME during the July 2024 Channel File 291 global outage — the biggest IT incident in industry history. Deep experience across EDR, vulnerability management, device control, agent lifecycle, cloud migration, and PCI-compliance environments.
Core Skills
CrowdStrike Falcon (EDR, Spotlight, Device Control, Firewall, Falcon for IT) · FortiDLP / Reveal · Windows / macOS / Linux at fleet scale · Incident response & root-cause analysis · AWS (Lambda, S3, SQS, CloudWatch, IAM, SSM) · Python, PowerShell, Bash · SCCM, JAMF, Tanium · MITRE ATT&CK-aligned detection review · Vendor & TAM management · Runbook & KB authoring
Experience
Amazon Web Services — Corporate Security · Endpoint Platform Team
Jan 2019 – Present
San Luis Obispo, CA · Primary SME for CrowdStrike Falcon operations across Amazon's corporate fleet — triage, policy, rollouts, and vendor engagement across Windows, macOS, and Linux.
Systems Engineer II (L5)
Apr 2024 – Present
- Channel File 291 response (July 2024). Served as Amazon's primary CrowdStrike subject-matter expert during the worldwide Falcon Channel File 291 outage — the largest IT outage in industry history. Supported triage and remediation guidance across affected Windows hosts, authored the post-incident runbook for pausing channel-file updates, and filed the feature request for channel-file update controls that CrowdStrike subsequently shipped.
- Fleet responsibility at 1.8M-device scale. Primary SME for CrowdStrike Falcon operations across Amazon's 1.8-million-device corporate fleet spanning Windows, macOS, and Linux. Covers sensor deployment and policy tuning, exclusions, custom IOA and IOC authoring, Spotlight vulnerability management, agent lifecycle, triage, root-cause analysis, and vendor escalation for every fleet-impacting EDR issue.
- Platform expansion — five Falcon modules. Partnered on end-to-end evaluation and rollout of Falcon for IT, Falcon Firewall, Spotlight (vulnerability management), Device Control, and Installation Tokens at Amazon scale. Authored test plans across 30+ categories per module, risk assessments, deployment strategies, permission models, and onboarding documentation.
- Shipped production tooling. Designed and maintain a Windows repair script and FixAll package that reduced platform-team escalations by 90% after deployment. Replaced a 6 GB legacy remediation package with a consumable “Repair Lite” build and integrated it into the enterprise software distribution catalog.
- Documentation as platform leverage. Authored runbooks, KB articles, and self-service documentation for the platform team — reducing high-CPU ticket intake by over 90% by moving the most common investigations to self-serve.
- Cost and data-pipeline impact. Identified a telemetry pipeline generating 3 billion daily events on macOS devices; partnered with the data-ingestion team to achieve a 99% reduction to 30 million events per day, materially cutting downstream processing cost.
- DLP agent expansion. Assumed ownership of FortiDLP / Reveal agent operations across the macOS and Windows fleet; resolved memory-leak and sustained-high-CPU regressions and consolidated 25+ operational runbooks covering deployment, troubleshooting, labeling, and alarm response.
- Vendor & product partnership. Primary Amazon point of contact to CrowdStrike TAM and engineering. Coordinated resolution of 13 vendor cases spanning sensor bugs, API outages, performance regressions, and product defects; multiple product feedback items accepted via the CrowdStrike IDEAS program.
Systems Engineer I (L4)
Mar 2020 – Apr 2024
- Joined the Endpoint Platform team as a Falcon operator to learn the stack end-to-end. Earned CrowdStrike Certified Falcon Administrator (CCFA) to formalize the platform knowledge, then expanded responsibilities across sensor deployment, policy tuning, exclusions, and vendor case management.
- Investigated and resolved fleet-wide EDR regressions across Linux, macOS, and Windows — kernel-level performance issues, sensor conflicts with other security agents, and host-visibility bugs. Coordinated fixes directly with CrowdStrike engineering.
- Managed CrowdStrike sensor deployment and release lifecycle across all three OS platforms — early-adopter validation, version tracking, and production rollout for Windows, macOS, Ubuntu, and Amazon Linux. Validated the Windows on ARM platform pilot.
IT Support Engineer II
Jan 2019 – Mar 2020
- Tier-2 endpoint support for Amazon corporate users; built the foundation in Amazon's corporate endpoint stack that led into the Endpoint Platform team.
California Polytechnic State University, San Luis Obispo·IT Operations Specialist
Sep 2018 – Feb 2019
AMETEK·System Administrator
Nov 2016 – Apr 2017
MINDBODY, Inc.·Senior Operations Center Specialist
May 2014 – Dec 2015
Conversio Health — Senior System Administrator
Apr 2010 – May 2014
San Luis Obispo County, CA · Joined on the help desk and grew into the Senior System Administrator role over four years at a health-tech company scaling from 20 to 200+ employees. By the end, responsible for two engineers, the corporate infrastructure, endpoint lifecycle, compliance program, and the company's first cloud migration.
- 10× scale from 20 to 200+ users. Scaled the company's IT footprint 10× over four years. Responsible for resource provisioning, storage architecture, production system management, and disaster recovery as the company grew.
- Cloud migration. Planned and executed migration of all internal Microsoft Exchange users to Office 365 — the company's first production cloud workload.
- PCI DSS compliance. Ran PCI compliance scans and audits end-to-end on a twice-yearly cadence; coordinated remediation across the environment.
- Platform tooling & team. Built the company's first ticketing and monitoring system, desktop imaging for rapid new-hire provisioning, and automation for routine administration tasks. By role's end, running the help-desk function with two engineers reporting in — mentoring, training, and scaling the support practice alongside the company.
Certifications
CrowdStrike Certified Falcon Administrator (CCFA) · CrowdStrike University
GIAC Information Security Fundamentals (GISF) · Global Information Assurance Certification
Education
Allan Hancock College · Computer & Information Sciences coursework
2007 – 2008
Santa Barbara City College · Computer & Information Sciences coursework
2006 – 2007