Janice Aliten

Full-lifecycle deployment of Microsoft 365 security, compliance, and governance capabilities as sole owner of the company's production Microsoft 365 environment.

• Designed sensitivity-label classification scheme and deployed labels across Microsoft 365 workloads
• Configured DLP policies with scoped rollout across Exchange Online, SharePoint, OneDrive, and Teams
• Staged validation, user-impact review, and audit-ready operational documentation

• Deployed Defender for Endpoint P2 in passive mode alongside ESET as the primary endpoint protection platform
• Configured Defender portal, security posture review, alert visibility, and future transition planning toward full Defender EDR

• Implemented Microsoft Sentinel workspace readiness supporting alert visibility and incident-review workflow development
• Enabled Microsoft Priva for privacy-risk visibility and governance readiness
• Implemented Microsoft Fabric / Power BI governance and controlled user enablement

• Set up, configured, and manages Power Platform access for the online Sales CRM including user access administration, service-health review, and operational support
• Tenant administration across Entra ID, Exchange Online, SharePoint, OneDrive, and Teams

Sole owner of the CRA compliance programme covering EU customer markets.

• Component-level SBOM analysis of a production .NET component set (201 NuGet components, CycloneDX 1.7)
• Active CVEs with CVSS severity scoring; third-party dependency and compliance risks
• Identified end-of-support component risk, third-party SDK compliance considerations, and legacy component visibility gaps not fully detected by standard scanning tools

• Deployed Dependency-Track on Ubuntu 24.04 LTS via Docker with PostgreSQL and nginx reverse proxy
• Azure DevOps pipeline integration for automated SBOM ingestion and ongoing vulnerability monitoring

• Designed vulnerability disclosure workflow and CSIRT notification procedures
• Researched EU authorised representative options and documented readiness considerations for CRA compliance planning
• 13-folder evidence repository aligned to December 2027 full CRA conformity deadline

• Built a sanitised control-mapping workbook linking example identity, vulnerability-management, data-protection, incident-response, backup/DR, supplier, infrastructure, secure-development, and customer-assurance controls to EU CRA readiness themes, ISO/IEC 27001:2022 Annex A, NIST CSF 2.0, and SOC 2 Trust Services Criteria
• Used status, maturity, evidence-sensitivity, risk-addressed, and gap-tracking fields to avoid overclaiming certification, audit completion, or formal compliance attestation

• On-premises Active Directory to hybrid Microsoft 365 / Entra ID transition: design, implementation, and ongoing administration
• Directory synchronisation setup and validation; enterprise app registrations; Conditional Access policy design; MFA enforcement
• Exchange Online migration: mailboxes, mail flow, recipients, and email security configuration
• SharePoint Online and OneDrive migration with content governance controls
• Dynamics 2016 to Dynamics 365 and Power Platform CRM transition
• Ongoing hybrid identity operational administration and access troubleshooting

• Windows Server cumulative-update encryption changes affected legacy Kerberos authentication behaviour for an ADFS-dependent service path
• ADFS token issuance failed across SSO-dependent services until the affected service-account configuration and encryption attributes were corrected

• Root-caused through ADFS event-log analysis, Kerberos error review, and service-account attribute validation
• Affected services migrated to a corrected dedicated service account with appropriate encryption attributes
• SSO restored; preventive controls documented and implemented

• Owns and administers Azure DevOps Server for the production software build and release pipeline
• Resolved high-volume code-signing constraint supporting thousands of signatures per day
• Evaluated DigiCert and Sectigo EV certificate options and associated enterprise-tier costs
• Implemented USB-over-network hardware token signing path for the Hyper-V-hosted DevOps Server VM
• Maintained full build workflow continuity while avoiding materially higher enterprise signing costs
• Reviewed Azure DevOps Server licensing and supportability constraints to maintain compliant, cost-effective build-platform operations

• Designed and led full infrastructure migration from on-premises office to co-location datacenter: provider evaluation, rack layout, physical deployment, and operational handover
• Sophos Firewall implementation, policy design, IPS, web/application/email controls, and zero-day protection
• Sophos RED configured for dual-WAN failover; MikroTik Router deployed for main office and branch office
• Routing, switching (Aruba, Cisco), VLAN, and NAT topology design and implementation
• Controlled migration with rollback planning, post-migration validation, and ongoing perimeter security operations

• Managed multi-generation Dell PowerEdge platform lifecycle including R710 to R730XD to R740XD to R650-class production hardware refreshes, covering migration planning, workload movement, validation, rollback awareness, and post-migration operational support
• Deployed and maintained Hyper-V / Windows Server virtualisation platforms across 2016, 2019, 2022, and 2025 generations, supporting production, DR replica, and test workloads
• Managed Windows Server Standard and Datacenter lifecycle across supported Microsoft versions, including file server, domain controller, application, database, management, and supporting infrastructure workloads
• Modernised domain controller estate from Windows Server 2008 through later supported generations including 2012, 2016, 2019, and 2022

• Managed Exchange Server lifecycle from Exchange 2013/2016/2019 through Exchange Server Subscription Edition planning and transition readiness, alongside Exchange Online and Microsoft 365 hybrid administration
• Modernised SharePoint platform from SharePoint 2013/2019 toward SharePoint Online, supporting content migration, access control, governance, and user transition requirements
• Supported Microsoft Dynamics / CRM transition from on-premises CRM to Dynamics 365 / CRM Online, including platform administration, access management, and operational support
• Managed business-support platform transition from FogBugz / Manuscript to Freshdesk, including service transition, user enablement, and operational handover

• Managed ESET endpoint security lifecycle from earlier ERA / ESMC platforms through current ESET PROTECT operations, including upgrades, endpoint policy administration, operational monitoring, and coexistence with Defender for Endpoint P2 in passive mode
• Managed communications platform evolution from Cisco PABX and Cisco VoIP phone administration through Zoom Phone adoption, covering voice-platform support, user readiness, device/service transition, and ongoing operational administration
• Maintained software currency and upgrade readiness across Microsoft partner-aligned infrastructure and business platforms, requiring recurring review of supported versions, renewal impacts, licensing considerations, security posture, compatibility, and operational change planning

• SCOM deployment and operational health monitoring across the full infrastructure stack
• Veeam backup platform administration across production and DR environments
• Daily restore verification checks, failed-job review, and escalation procedures
• Hyper-V passive replica management on DR host; ongoing replication health monitoring
• Disaster recovery readiness testing, DR documentation, and rollback-aware maintenance planning

• Auckland college environment (1,000+ users): Full Google Workspace to Office 365 migration — email, calendar, documents, and user account readiness
• Auckland intermediate school environment (700+ users): Full Google Workspace to Office 365 migration with post-migration support and handover documentation
• Account readiness validation, data migration execution, and ongoing-administration handover

• Auckland college and primary school environment (600+ users): Physical-to-virtual server migration (Windows Server 2012 R2); school administration package migration
• Auckland intermediate school environment (700+ users): Windows Server 2008 to 2012 R2 migration
• Auckland primary school environment: Windows Server 2008 to 2016 migration (700+ users); domain controller and full domain rebuild (500+ users)
• MDT, WDS, and SCCM used for Windows 7/8/8.1/10 mass deployment across primary schools and colleges

Delivered government-funded School Network and Wireless School Network Upgrade Projects across multiple Auckland schools.

• College (1,000+ users) & Primary School (600+ users) — SNUP: 20 Allied Telesis switches, 55 Ruckus access points; switching, routing, VLAN, and wireless configuration
• Primary School (200+ users) — WSNUP: 18 Aerohive access points with full wireless network configuration
• Intermediate School (700+ users) — WSNUP: 23 Ruckus access points with full wireless network configuration
• Papercut Print Management Software: primary, secondary, and sandbox server configuration in a 1,000+ user school environment

• Deployed and administered Apple iPad fleets across school environments of 500–1,000+ users, managing the full device lifecycle from configuration and enrolment through policy enforcement and troubleshooting
• Configured Cisco Meraki MDM for Apple iOS supervised device management: DEP enrolment, configuration profile creation, app deployment via volume purchasing, content filtering, and policy enforcement across iPad fleets
• Lightspeed MDM deployment and ongoing management for iOS and Android device administration across primary schools and colleges
• iOS hardware troubleshooting: fault diagnosis, restore and reset procedures, enrolment recovery, and connectivity issue resolution
• App catalogue administration: app deployment, update management, restriction enforcement, and user support across large-scale iOS environments

• Deployed Symantec SEPM and ESET Remote Administrator across primary schools and colleges; validated endpoint security policy enforcement and client application deployment
• Deployed Veeam and ShadowProtect backup solutions across multiple school environments

• Investigated and traced policy-breaching network activity (Tor Browser, unauthorised tools) to specific devices and users; produced remediation documentation

Primary on-site and remote engineer for approximately 30 Singapore client environments across Finance, Shipping, Logistics, Hotel, Pharmaceuticals, Automobile, Food & Beverage, and Manufacturing industries.

• VMware ESXi, Windows Server 2003/2008/2012 R2, Exchange 2010, Office 365, SQL Server, VPN, NAS, CPanel/Hosting
• SonicWall, Cisco, Fortinet firewall administration; routing, switching, and network maintenance
• DNS, domain, SSL/TLS certificate management, and hosted-service dependency administration across Cloudflare, GoDaddy, and upstream providers

• Blacklist and reputation investigation and remediation; SPF/DKIM configuration; spam-delivery and email-flow troubleshooting across multi-industry client environments
• After-hours urgent support and vendor/provider escalation; incident documentation across approximately 30 concurrent client environments