Angel Ramirez is an independent IT security contractor with hands-on experience deploying and hardening infrastructure across multi-site enterprise environments. FortiGate NGFW · SentinelOne EDR · M365 Zero Trust · Active Directory · Incident Response.
Specialized security engagements for SMBs, MSPs, and mid-market organizations. Each engagement is scoped, documented, and delivered with measurable outcomes.
FortiGate NGFW deployment and policy management via FortiManager. Multi-site VLAN segmentation, IPS/IDS tuning, site-to-site IPsec VPN, and legacy appliance migrations from SonicWall and Cisco ASA.
SentinelOne Singularity deployment and operational tuning across Windows environments. Staged rollout via Datto RMM, policy architecture, false-positive remediation, and MDR integration.
Microsoft 365 tenant hardening and Entra ID Conditional Access architecture. MFA enforcement, legacy authentication blocking, Privileged Identity Management (PIM) just-in-time elevation, and Intune device compliance.
End-to-end breach investigation, threat triage, containment, and eradication. Documented IR playbook development and executive-ready incident reports with MITRE ATT&CK mapping. Proven MTTR improvement from 48 hours to 6 hours.
AD environment hardening, privileged account audit, Group Policy hardening, and attack path remediation. Kerberoasting and AS-REP roasting vulnerability mitigation, tiered admin model implementation, and BloodHound-based attack path analysis.
Structured vulnerability assessments, firewall policy reviews, and AD privilege audits. Deliverables include professional findings reports with prioritized risk ratings, executive summaries, and actionable remediation guidance.
Before contracting, Angel Ramirez spent two years as the sole security practitioner responsible for an entire multi-site manufacturing environment — managing over 100 endpoints, owning firewall infrastructure across three locations, hardening a Microsoft 365 tenant from scratch, and responding to five security incidents with no team to fall back on.
That background informs every engagement. The work documented here isn't lab theory — it's production infrastructure that had to work, had to be documented, and had to hold up under real threat conditions. Alongside defensive work, ongoing offensive lab research through Offsec (OSCP+) provides the attacker perspective that makes remediation recommendations more precise.
Based in Hamilton, Ontario. Available for remote engagements across Canada and the United States.
Technical write-ups from real defensive deployments, IT management engagements, and offensive lab research.
100-endpoint EDR deployment for a multi-site manufacturing environment. Staged rollout via Datto RMM, policy architecture, Vigilance MDR integration, and MTTR improvement from 48 hours to 6 hours.
Full SonicWall-to-FortiGate migration across 4 production sites. FortiManager centralized policy management, VLAN segmentation, IPS tuning, and IPsec VPN mesh configuration.
12 Conditional Access policies, 100% MFA coverage, legacy authentication blocked, PIM just-in-time elevation, and Intune device compliance enforcement across the full tenant.
Low-privilege domain user to DCSync and full domain takeover. Documented attack path: Kerberoasting, offline credential cracking, privilege escalation, and post-exploitation methodology.
Solo contractor delivering complete network and security stack deployments across multiple dental clinic sites. Unifi infrastructure, Datto RMM, EDR rollout, zero unresolved issues at handoff.
Full Windows Server and Active Directory environment build from scratch. GPO architecture, M365 tenant migration, DLP policy rollout, and ongoing systems administration for a manufacturing organization.
Verified technical credentials supporting the work documented in these engagements.
Use the form to describe your environment and what you're looking to accomplish. I review every inquiry personally and respond within one business day.