Twenty-plus years in IT, ten of them in healthcare, including four as Chief Information Officer of a HIPAA-compliant healthcare service. I built that company’s IT and security function from nothing, scaled it 5×, and kept it audit-ready across a fully remote, regulated environment. A hands-on leader who sets the strategy and does the work.
And what an employer gets from each.
I design the system, then I own it in production: the one who builds it, runs it, and is accountable when it has to work at 2 a.m.
Seven-plus years operating HIPAA controls in production. Environments built audit-ready from day one; the same operator discipline that maps straight to SOC 2.
I turn technical risk and trade-offs into language leadership and stakeholders can act on.
A few representative problems I owned end-to-end, where the judgment mattered as much as the technology.
I put production AI voice systems (GoHighLevel, ElevenLabs) into a regulated healthcare environment, but only behind a shadow-testing methodology I designed: AI responses scored in parallel against live human calls under augmented BAAs, building a failure-case taxonomy for PHI exposure, workflow misrouting, and hallucination before anything reached a patient.
I designed and developed a 1,341-line React/Babel internal analytics platform from scratch: a custom “True Answer Rate” methodology, multi-location aggregation, and AI-generated narrative reporting that adapted to real-time context.
I stood up the service-desk function end-to-end: an eight-form ticketing taxonomy with SLA-driven workflows, escalation paths, and root-cause classification (preventable versus unpredictable), plus RMM and mobile-device management across a mixed Windows and Mac fleet. Blameless incident reviews turned recurring tickets into permanent fixes.
I selected, vetted, and administered the contact-center platform, then led its migration to a modern UCaaS stack. The result: recurring telephony cost cut 33%, surplus licensing eliminated, and transition terms that paid for the migration itself.
Seven-plus years operating HIPAA controls in production: Microsoft 365 and Entra identity governance, organization-wide MFA, vendor BAA management, and audit-ready documentation. The same operator discipline maps directly to SOC 2.
I owned, hardened, and scaled a Citrix Gateway and Windows Server environment for a fully distributed workforce, including a controlled multi-image maintenance pipeline that isolated patching and policy changes from production so the whole fleet updated with zero disruption. As Microsoft 365 Global Admin, I ran identity governance, organization-wide MFA, endpoint protection, and audit-ready documentation.
client organizations, no dedicated IT function, reactive support.
client organizations and 100+ healthcare practices, on infrastructure built to stay audit-ready.
The technology changes. These don’t.
I build systems to be secure and audit-ready from day one. Compliance bolted on after the fact leads to gaps that become liabilities.
When a problem recurs, I treat it as a process problem: I automate it, fix it at the root, and document it so the next person doesn’t inherit the same fire.
I believe AI augments people; it doesn’t replace the human in the room. The best systems make good people faster, not redundant.
If I can’t explain the risk and the trade-off in language stakeholders can act on, I don’t understand it well enough yet.
My career in technology started in 2003 at Best Buy’s Geek Squad and continued at Circuit City, first in its flagship home audio and video department, then in Firedog, its IT services arm. When Circuit City closed its doors in 2009, I kept the clients who trusted me and went independent for three years, supporting their IT and A/V needs on my own. The entrepreneurial instinct never left; it just got sharper. Microsoft, healthcare IT, and eventually the CIO seat turned the technician into a leader. The title kept changing. The habit of being hands-on never did.
Built the IT and security function from zero and scaled it 5× (8 to 45+ client organizations, 100+ healthcare practices). Sole IT architect; owner of HIPAA controls; led a team of up to six across the U.S. and the Philippines.
Architected a Citrix-based ITaaS environment from the ground up with RapidScale and ran a managed IT services practice: vendor contracting, customized cybersecurity and cloud solutions, and direct client consulting. Three years operating HIPAA controls for healthcare clients.
Network architecture, Microsoft 365 migration, identity and SSO deployment, and security and compliance advisory for SMB and healthcare clients.
Opened four healthcare facilities from conception through launch with full HIPAA and Texas Department of Health compliant IT buildout; established a centralized data center.
Enterprise help-desk support across Windows and Mac, where I learned to translate technical complexity into language anyone could act on.
Retained my Circuit City client base and supported their IT and home audio/video needs independently. My first taste of running the whole thing.
Where it began: computer repair and consumer-tech support at Best Buy’s Geek Squad, then home A/V and IT services at Circuit City through its final day in 2009.
Available for IT & Security Director roles and fractional or contract engagements: healthcare-adjacent, or any environment where security and compliance depth matter.