CrowdStrike Falcon SME for Amazon's 1.8-million-device Windows, macOS, and Linux corporate fleet. Served as Amazon's primary SME during the July 2024 Channel File 291 global outage — the biggest IT incident in industry history.
For seven years I've been the primary CrowdStrike Falcon SME for Amazon's 1.8-million-device corporate fleet — Windows, macOS, and Linux, all the way down to the kernel. I served as Amazon's primary SME during the July 2024 Channel File 291 global outage. On a quieter week I'm the engineer the team calls when the platform misbehaves at scale.
I write the runbook, ship the script that fixes the thing, then write the KB article so nobody has to page me again. Looking for a senior endpoint or client-platform role closer to product decisions — shipping tooling that keeps the fleet invisible to the people using it.
Primary SME for CrowdStrike Falcon operations across a 1.8-million-device corporate fleet. Triage, vendor engagement, module rollouts, incident response, production tooling.
Served as Amazon's primary SME during the July 2024 Channel File 291 global outage — the biggest IT incident in industry history. Primary SME for Falcon operations across the 1.8M-device fleet: sensor deployment and policy tuning, exclusions, custom IOA and IOC authoring, Spotlight vulnerability management, agent lifecycle, and cross-platform incident response. Partnered on rolling out five new Falcon modules at scale (F4IT, Firewall, Spotlight, Device Control, Installation Tokens). Shipped the Windows repair script that cut team escalations by 90%, and reduced high-CPU ticket intake by 90%+ through KB articles and runbook documentation that moved routine investigations to self-service.
Joined the Endpoint Platform team as a Falcon operator to learn the stack end-to-end. Earned CrowdStrike Certified Falcon Administrator (CCFA) to formalize the platform knowledge, then expanded into sensor deployment, policy tuning, exclusions, and vendor case management. Investigated fleet-impacting EDR regressions across Linux, macOS, and Windows — kernel-level performance issues, sensor conflicts with other security agents, and host-visibility bugs — coordinating fixes directly with CrowdStrike engineering.
Tier-2 endpoint support for Amazon corporate users. Built the grounding in Amazon's corporate endpoint stack that led straight into the Endpoint Platform team.
Front-line IT operations for Cal Poly SLO — enterprise environment before Amazon.
System administration and on-prem infrastructure at a global instrumentation manufacturer.
Production infrastructure maintenance for a SaaS serving tens of thousands of businesses — OS patching, batch-job monitoring, hardware diagnostics, proactive health.
Started on the help desk and grew into the Senior System Administrator role over four years, ending with two engineers reporting in. Scaled the infrastructure 10× alongside the company — from 20 employees to 200+ — while keeping PCI DSS audits passing on a twice-yearly cadence. Shipped the company's first ticketing system, monitoring stack, desktop imaging for rapid new-hire provisioning, and a Microsoft Exchange → Office 365 migration that was its first production cloud workload. First role where I learned that good ops is invisible.
Served as Amazon's primary SME during the worldwide Falcon Channel File 291 outage — the biggest IT incident in industry history. Supported triage across the fleet, authored the post-incident runbook for pausing channel-file updates, and filed the feature request that CrowdStrike shipped back into the product.
Primary SME for CrowdStrike Falcon across Amazon's Windows, macOS, and Linux corporate fleet. Triage, root-cause, policy, vendor escalation, module rollouts — the full surface area of EDR at a scale very few engineers get to touch.
Shipped a Windows repair script and FixAll package that replaced a 6 GB legacy remediation payload with a consumable “Repair Lite” build. Integrated into the enterprise software distribution catalog and deployed across the Windows fleet.
Caught a telemetry script generating 3 billion daily events on macOS devices. Partnered with the data-ingestion team on a 99% reduction — 3 billion down to 30 million per day — materially cutting downstream cost.