Where I've operated at depth.
Twenty years of enterprise IT work, mostly in regulated or operationally sensitive environments, teaches you where the real edges are. The list below is not a resume dump — it's the set of domains where I've spent enough time to have opinions that survive contact with production.
Infrastructure Architecture
Designing and running hybrid-cloud estates that don't fall over. This covers the boring-but-essential work: network segmentation, datacenter and colo footprint, directory services, hypervisor strategy, capacity planning. The thing I've learned most often is that elegant architectures fail to survive acquisitions; resilient ones absorb them.
Cybersecurity Strategy
Building security programs around the reality of what attackers actually do, rather than around a compliance checklist. Zero-trust network and identity design, threat intelligence integration, incident response runbooks, and standing up SOC capability — both in-house and co-managed. MITRE ATT&CK as a shared vocabulary with the team has made more difference than any tool purchase.
Vulnerability & Patch Management
Patching is the least glamorous part of the job and the one most correlated with not having a bad year. I'm a strong believer in KEV-driven prioritization — patch what's actually being exploited, not what has the highest theoretical CVSS score. The scanner is the easy part; the workflow between finding and fixing is where most programs stall.
Identity & Access Management
Identity is the new perimeter, which is now such a cliche that people forget it's also true. Federated SSO, strong MFA, least-privilege for human and machine accounts, and PAM for the small set of accounts that can actually hurt you. Most breaches I've read forensics on traced back to an identity control that should have been there and wasn't.
AI in IT Operations
Using machine learning where it actually helps — anomaly detection in observability data, LLM-assisted triage for tier-1 SOC work, automation of repetitive incident classification — and being honest about where it doesn't. AIOps is real, but most vendor pitches are selling a dashboard with a chatbot bolted on. The useful question is always "what decision does this make faster or better?"
Automation & Infrastructure-as-Code
Terraform for the provisioning layer, Ansible for configuration, GitOps for change control. The point isn't "automation" as a virtue — it's reducing the variance between what you designed and what is actually running. When the code is the source of truth, audits stop being archaeology.
Program & Team Leadership
Leading global teams across time zones, running cross-functional delivery where IT is one stakeholder among many, and managing the vendor relationships that enterprise IT can't avoid. Also: M&A IT integration, which is a category of pain all its own. The most portable skill is learning to make good decisions with incomplete information and to write them down.
Regulatory & Compliance
Designing controls that satisfy auditors without strangling operators. SOC 2, HIPAA, SOX-aware architecture — working in regulated environments teaches you that compliance is a floor, not a ceiling, and that the best programs treat audits as a byproduct of good hygiene rather than the goal.
Where I've written about this
The blog is where the practice meets the page. A few entry points, grouped by theme: