Enterprise and Solution Architecture
Translating business strategy into target-state architectures, roadmaps, and standards that engineering teams can actually deliver.
Explore capability
Houston, Texas, United States
Helping organizations design secure, scalable, resilient, and well-governed technology environments.
20+ years of enterprise IT experience
From hands-on network engineering to enterprise architecture leadership across regulated environments.
Architecture and cybersecurity leadership
Target-state design, security architecture, and governance for complex infrastructure programs.
CCIE ×2, CISSP, CCSP, CISM, PMP, and Microsoft credentials
Deep, verified expertise across networking, security, cloud, and technical program delivery.
Financial services, cloud, and managed services
Experience where compliance, availability, and confidentiality are non-negotiable.
Capabilities
Six of the areas where organizations most often engage me — each backed by hands-on delivery experience, not just advisory slides.
Translating business strategy into target-state architectures, roadmaps, and standards that engineering teams can actually deliver.
Explore capability
Designing layered security architectures that reduce real-world risk while remaining operable by the teams who run them.
Explore capability
Building secure, well-governed Azure and Microsoft 365 environments — landing zones, identity, data protection, and cost-aware design.
Explore capability
Architecting enterprise networks and data center environments — from campus and branch to SD-WAN, segmentation, and facility migrations.
Explore capability
Putting identity at the center of security — conditional access, privileged access, device trust, and pragmatic Zero Trust adoption.
Explore capability
Helping organizations adopt AI services with the same discipline applied to any enterprise platform — governed, monitored, and risk-assessed.
Explore capability
Selected Work
Sanitized case studies from enterprise engagements — the business problem, the architecture, and what changed.
Led the architecture and migration planning for consolidating aging data center environments onto a modern, resilient platform for a large regulated enterprise.
Designed an identity-centered Zero Trust architecture — conditional access, device trust, and privileged access — replacing implicit network trust for a distributed workforce.
Architected the migration from legacy MPLS-centric branch connectivity to a secure SD-WAN design with centralized policy, segmentation, and direct cloud access.
Designed an Azure landing zone with subscription structure, identity integration, policy guardrails, and network topology enabling teams to deploy quickly within safe boundaries.
How I Work
A consistent approach refined over two decades of enterprise programs.
Every engagement starts with requirements, constraints, risk appetite, and what success means to the organization — before any technology choice.
Design a secure, scalable target architecture with explicit trade-offs, standards, and a transition path that respects production reality.
Identity, segmentation, data protection, and monitoring are part of the architecture from day one — not a review gate at the end.
Decision records, design reviews, and honest status keep delivery aligned with the architecture as vendors and teams execute.
Cutovers are rehearsed, results are validated against objectives, and operations teams receive documentation they can live with.
Architectures are revisited as the business, threat landscape, and platforms evolve — improvement is planned, not accidental.
Research and Writing
Published research and professional writing on cybersecurity and enterprise technology.
Research interests span cybersecurity architecture, cloud security, Zero Trust, and AI governance. The authoritative record of academic work lives on Google Scholar.
View Google Scholar Profile (opens in a new tab)Insights
Practical writing on architecture, security, cloud, and AI governance.
AI services are entering organizations through every door at once. Treating them as enterprise platforms — with identity, data boundaries, logging, and governance — is the difference between adoption and exposure.
3 min read
Landing zone security is mostly decided before the first workload arrives. The guardrails, identity boundaries, and logging defaults that matter — and the ones that just add friction.
3 min read
Governance earns its keep when it speeds decisions up, not when it slows them down. A working model for architecture governance inside large infrastructure programs.
2 min read
Architecture, cybersecurity, cloud, networking, AI governance, or technical transformation — if it needs to be secure, scalable, and governed, I can help.