Skip to main content

Cybersecurity Manager

Network Admin to Cybersecurity Manager

Lexington Medical Center was the start to my “official” cybersecurity career. I’d always been “security-minded” in all the administrative work I did - ensuring systems were configured in secure manners as they were deployed and when performing routine work on them as well, but LMC led to my first fulltime cybersecurity role.


I started at the hospital as primarily the Exchange email administrator, as well as the primary administrator for the web filtering and email filtering systems - so already a security-focused role. Two of my first projects at LMC were to upgrade the Exchange servers to a new version with minimal downtime, and to replace both the web and email filtering systems with new technology. (Since those technologies may still be in place there, I’m not going to mention what they are). In addition, I designed and built a custom PowerShell GUI for the helpdesk team to use for simple AD account management tasks (renames, password changes, role modifications, etc - all before more automated methods were implemented).


After working on the server admin team for about 2-3 years, I transitioned into the expanding cybersecurity team and was responsible for day-to-day operations of security logging systems, the email/web filtering systems (which the cybersec team took ownership of), as well as escalated security-related tickets, incident response, and threat hunting. In my time in that role, I implemented an MDM system, established multifactor authentication (and migrated from RSA SecurID to another platform), and managed Azure cloud security policies.


As the team continued to grow, I proposed to senior leadership a new role of Cybersecurity Manager, since at the time everyone worked directly for the InfoSec Director and the cyber side of the team needed a bit more focus and attention. After that process completed, I started my new role as the Cybersecurity Manager with 4 analysts reporting directly to me. In that role, I continued some of my previous responsibilities, but also added on policy design and updates, and designing a new security awareness program for the organization.