Skills
What I use day to day, what I can pick up, and what's on the shelf.
Five-dot scale, calibrated against actual production use. Each skill links to the projects on this site that exercise it; project pages link back here for context.
Microsoft hybrid infrastructure
Where I've spent the most time. Hybrid Azure + on-prem identity, network, endpoint, and ITSM at enterprise scale.
- Microsoft Azure •••••
Hybrid architecture, automation, security, monitoring
- Microsoft 365 administration •••••
Launched M365 / Exchange Online at a prior employer in 2014; 12+ years total. Exchange, SharePoint, Teams, OneDrive, governance
Used in: Enterprise AI rollout, policy, and governance · Microsoft 365 tenant architecture and governance · Client Services activity report (serverless) · Client Manager distribution list automation · Microsoft 365 PowerShell Admin Library · Freshservice implementation · HPSCAT vendor data ingestion pipeline · Acowin rollout & field digital transformation
- Hybrid AD + Entra ID •••••
AD Connect, dynamic groups, Conditional Access, PIM, Privileged Identity Management
Used in: IT operating-model standardization · Office 365 → Snowflake user sync · Internal IT Documentation Library (Python-generated) · Microsoft 365 tenant architecture and governance · Microsoft 365 PowerShell Admin Library · Service catalog and onboarding/offboarding automation · Darwinbox HRIS integration via Entra ID SCIM · Employee SMS broadcast platform
- Intune device management ••••◦
Windows + macOS (paired with Apple Business Manager federation)
Used in: IT operations runbook library · Intune fleet management and proactive remediations · Service catalog and onboarding/offboarding automation
- MDM across four platforms ••••◦
Meraki Systems Manager + Verizon MDM (prior employer), Intune for Windows and macOS (current employer), Apple Business Manager federated with Entra ID (current employer)
- Windows Server + Hyper-V virtualization ••••◦
Hyper-V hosts, AD, file/print, virtual networking, VHDs
Used in: Internal IT Documentation Library (Python-generated) · Multi-site Remote Desktop Services platform · Home lab and home automation
- Windows Server RDS / RemoteApp ••••◦
Connection Broker, Session Host, Gateway, Licensing. TLS-fronted Gateway with cert lifecycle.
- Multi-vendor networking •••••
Cisco Meraki MX/MR/SM across 80+ sites; Ubiquiti EdgeMax + EdgeRouter X; Aruba Instant On switching and Wi-Fi; Ubiquiti NanoStation point-to-point bridges; CommandLink managed SD-WAN/NaaS migration across per-office ISPs (in flight).
Used in: IT Ops MCP server · IT operating-model standardization · Multi-site Remote Desktop Services platform · Multi-site network architecture refresh (2023) · Managed SD-WAN / ISP standardization (multi-region) · Home lab and home automation
- Site-to-site VPN architecture ••••◦
Cross-vendor mesh (Meraki MX terminating against Ubiquiti EdgeRouter X)
Used in: Multi-site network architecture refresh (2023) · Managed SD-WAN / ISP standardization (multi-region)
- Telephony / UC migrations ••••◦
Tadiran Coral → OnSIP → Zoom Phone (prior employer, published OnSIP case study, 37% cost reduction). Microsoft Teams Phone via BCMOne (current employer).
- Line-of-business app hosting ••••◦
QuickBooks Desktop self-hosted, Right Networks, RDS / RemoteApp publishing
- ITIL Framework •••••
Incident, problem, change, request, asset, knowledge; 14,168 lifetime tickets
Used in: IT Ops MCP server · Support channel centralization on Freshservice · IT operating-model standardization · IT operations runbook library · Freshservice implementation · Service catalog and onboarding/offboarding automation
Automation, scripting, and AI augmentation
The default response to a repeatable problem. PowerShell-first for IT; Python for data and integration; the AI-augmentation layer is the next compounding step.
- PowerShell •••••
Advanced scripting, module dev, Graph API. 70+ script internal M365 admin library plus the PowerShell toolkit from a prior employer that predated it
Used in: IT operating-model standardization · Multi-site Remote Desktop Services platform · Client Services activity report (serverless) · Client Manager distribution list automation · Microsoft 365 PowerShell Admin Library · Intune fleet management and proactive remediations · HPSCAT vendor data ingestion pipeline · M&A IT Integration Toolkit
- Python ••••◦
Data pipelines, FastAPI, SQLAlchemy, dbfread, automation. stdlib-first style; idempotent and resumable jobs
Used in: AI-augmented IT operations platform · IT Ops MCP server · Freshservice reporting infrastructure · Office 365 → Snowflake user sync · Internal IT Documentation Library (Python-generated) · After Hours Data Systems: EPA 608 Practice · Reddit → Spotify playlist sync
- Microsoft Graph API ••••◦
Identity, M365, transitive group membership, extension attributes
Used in: AI-augmented IT operations platform · IT Ops MCP server · IT operating-model standardization · Office 365 → Snowflake user sync · Client Services activity report (serverless) · Microsoft 365 PowerShell Admin Library · HPSCAT vendor data ingestion pipeline · Employee SMS broadcast platform · M&A IT Integration Toolkit
- Power Automate ••••◦
User lifecycle, approval routing, SMS, vendor data ingest, on-premises data gateway bridges to on-prem PowerShell
Used in: Client Manager distribution list automation · Service catalog and onboarding/offboarding automation · Darwinbox HRIS integration via Entra ID SCIM · Employee SMS broadcast platform
- On-premises data gateway ••••◦
Bridges cloud Power Automate to on-prem file shares and PowerShell jobs
- Azure Logic Apps •••◦◦
- Git + GitHub (PRs, issues, Actions) ••••◦
PR-per-feature workflow, GitHub Issues as the work queue, branch-based development; repo/org administration across 20+ repos
- GitHub Actions + Azure Pipelines ••••◦
Scheduled multi-workflow data feed plus auto-deploy on push to main on the internal AI-ops platform; five cron workflows running the volleyball league's GroupMe communications hands-off; multi-stage CI/CD, matrix builds, secrets management
- Webhook-driven automation ••••◦
Used in: AI-augmented IT operations platform
- Azure Functions ••••◦
Unattended autonomous-agent host: webhook to queue to agent, auto-deployed from main
Used in: AI-augmented IT operations platform
- Claude skill plugin authorship ••••◦
Custom skill ecosystem for the IT team
Used in: AI-augmented IT operations platform · Enterprise AI rollout, policy, and governance · Freshservice reporting infrastructure
- Claude API in production ••••◦
Live conversational triage agent: whole-ticket reasoning, subject-person resolution, vision-based screenshot reading, prompt caching, confirm-gated actions, deterministic fallback
Used in: AI-augmented IT operations platform · Enterprise AI rollout, policy, and governance · Freshservice reporting infrastructure
- LLM reasoning + model routing ••••◦
Haiku→Sonnet→Opus escalate-on-low-confidence cascade with surfaced confidence bands; judgment-led routing with guardrails kept at the write layer
Used in: AI-augmented IT operations platform
- MCP server authorship (FastMCP) ••••◦
Deployed FastMCP server on Azure Container Apps exposing Freshservice, ScreenConnect, Meraki, Dell warranty, and Microsoft Graph as one namespaced connector of 35 tools; write tools gated at the identity layer via an Entra OAuth connector and delegated Graph on-behalf-of scoping
Used in: IT Ops MCP server · Enterprise AI rollout, policy, and governance
Observability and systems platforms
SRE-flavored breadth at SMB scale: multi-tool stacks combining vendor monitors, custom collectors, time-series databases, and visualization. Plus the storage and backup architecture that backs it all up.
- PRTG Network Monitor ••••◦
Primary infrastructure monitor across Meraki / Ubiquiti / Aruba / Synology / Hyper-V / Windows / SQL / LOB
- InfluxDB time-series ••••◦
Local TSDB backend on a prior employer's observability stack
- Grafana ••••◦
Dashboards over InfluxDB for server, hypervisor, network, and storage telemetry
- Custom SNMP collectors (bash) ••••◦
Authored synology.sh polling the Synology NAS via SNMP into InfluxDB
- Telegraf-style Windows agent (Influx Capacitor) •••◦◦
Per-role XML profiles (Hyper-V health, network, SQL, DCs)
- Veeam Backup & Replication ••••◦
Servers, endpoints, Hyper-V VMs at both employers; primary backup engine
- Synology NAS (DSM) ••••◦
On-prem file platform (prior employer) and Veeam backup target (both employers)
- Backblaze B2 (S3-compatible) •••◦◦
Off-site backup tier in the Veeam → Synology → Backblaze 3-2-1 pattern
- Azure Monitor / Log Analytics / Application Insights •••◦◦
- Home Assistant automation at scale ••••◦
370+ devices, 3,578 entities, 96 automations across Zigbee, Z-Wave, and MQTT on a self-run home lab
Used in: Home lab and home automation
Web and app development
Where the side businesses live. Modern web on Astro and Next.js; mobile via cross-platform tooling, not native Swift or Kotlin.
- Astro ••••◦
afterhoursds.com, mattsvolleyball.com, acquired-company marketing sites
Used in: Matt's Volleyball League / VolleyballEngine · matt-taylor.tech
- Next.js + TypeScript ••••◦
VolleyballEngine on Cloudflare Workers via OpenNext
- React ••••◦
- Tailwind CSS ••••◦
- Cloudflare Pages / Functions / Workers / R2 ••••◦
Acquired-company sites + VolleyballEngine + internal Worker projects; Pages Functions API endpoints with edge caching on mattsvolleyball.com
Used in: Employee SMS broadcast platform · M&A IT Integration Toolkit · Matt's Volleyball League / VolleyballEngine · matt-taylor.tech
- FastAPI + SQLAlchemy •••◦◦
Listige Clone, Acowin DBF exploration, internal AI-augmented IT ops platform
- Supabase Postgres + RLS ••••◦
Schema design, migrations, RLS policies, audit columns, multi-source data lake patterns
Used in: AI-augmented IT operations platform · Matt's Volleyball League / VolleyballEngine
- WordPress (Porto theme) •••◦◦
Brand-distinct sites for three HVAC companies under one ownership umbrella
- Flutter / Dart •••◦◦
Current AfterHoursDS stack (cross-platform mobile)
- Visual / low-code mobile builders •••◦◦
App Inventor (2014), Thunkable (2018); historical
Data and analytics
Database, warehouse, and BI work that ties IT and business reporting together.
- SQL Server / T-SQL ••••◦
- Snowflake (with Python runtime) ••••◦
Snowflake-native Python stored procedures with EXTERNAL ACCESS INTEGRATION, Snowflake Tasks scheduling
Used in: Office 365 → Snowflake user sync
- Microsoft Fabric F64 ••••◦
Capacity, semantic models, RLS, external sharing, Copilot in Fabric
- Power BI ••••◦
DAX, capacity, semantic models, RLS
Used in: Freshservice reporting infrastructure · Freshservice implementation
- SQLite (operational cache) ••••◦
OneDrive-aware /tmp build + atomic move pattern; read-only immutable consumer access
Used in: Freshservice reporting infrastructure · Reddit → Spotify playlist sync
- Data formats (JSON / XML / CSV / DBF) ••••◦
Security and identity
Identity-first, platform-controls-first. Defender stack plus the discipline that comes from running authorized pentests on your own ecosystem.
- Conditional Access + MFA + PIM •••••
- Defender XDR suite ••••◦
Defender for Endpoint, Identity, Cloud Apps, Office 365
Used in: Authorized penetration testing
- Bitdefender GravityZone (AV/EDR) •••◦◦
Endpoint AV/EDR reads in the IT ops platform; confirm-gated scan/isolate
- Action1 patch management •••◦◦
Patch-state reads in the IT ops platform; confirm-gated deploy/reboot
- CISA ScubaGear M365 baseline ••••◦
- Microsoft Purview •••◦◦
Information Protection, sensitivity labeling, retention, eDiscovery
- Unified Audit Log forensics ••••◦
Used in: Authorized penetration testing
- Authorized web-app pentesting •••◦◦
External assessments under written authorization. nmap, subfinder, SecLists.
Used in: Authorized penetration testing
- PhishMe (Cofense) security awareness ••••◦
Topical training on BEC, ransomware, malicious macros
- Physical security platforms •••◦◦
AxTraxNG (Rosslare) door access at a prior employer; SEMAC Web at the current employer; Ubiquiti UniFi Video and Reolink NVR; self-pulled Cat6 runs
- Bitwarden secrets administration ••••◦
- Group Policy baselines ••••◦
Cross-cutting operations
The non-code parts that make the code parts work in real organizations.
- ITIL Framework •••••
Incident, problem, change, request, asset, knowledge
- Cross-tenant M&A migration toolkit ••••◦
PowerShell migration runners + 26-page operating playbook generated from a docx codebase
Used in: IT operating-model standardization · M&A IT Integration Toolkit
- Documentation pipelines •••••
Ten-domain IT framework + 52-file Python-generated Internal IT Documentation Library + automated PowerShell-to-markdown into SharePoint
Used in: Internal IT Documentation Library (Python-generated) · IT operations runbook library · Freshservice implementation · M&A IT Integration Toolkit
- Naming-standards design •••••
Interlocking standards anchored on Entra ID Department: account, computer, and server naming; AD, Entra ID, M365 group, and shared-mailbox taxonomy; region codes; and IP address assignment. Drives dynamic groups, licensing, Conditional Access scoping, and Intune targeting.
Used in: Internal IT Documentation Library (Python-generated) · Microsoft 365 tenant architecture and governance · Darwinbox HRIS integration via Entra ID SCIM
- IT policy and governance authorship •••••
Company-wide AI policy (with HR and Business Intelligence), AI-assisted development policy, IT code of conduct, plus the developer handbook and repo template that operationalize them
- Operational runbooks and procedures •••••
User lifecycle, deployment, patching, backup and recovery, purchasing, and escalation procedures written for repeatable execution by the team and offshore helpdesk
Used in: IT operations runbook library
- Technical evaluation of vendors and platforms ••••◦
Where the alternative is rolling our own; when the answer is build, this informs that too
Used in: Support channel centralization on Freshservice · Managed SD-WAN / ISP standardization (multi-region)
Other systems experience
Differentiators that round out the resume.
- Legacy Unix (SCO OpenServer) •••◦◦
Self-taught SCO OpenServer admin to keep a prior employer's pre-Acowin ACOMARC environment running; decommissioned after the 2014 Acowin cutover
- Linux server administration •••◦◦
Debian (3CX evaluation), Ubuntu, CentOS
- Visual FoxPro / DBF data extraction ••◦◦◦
Python + dbfread, ad-hoc; exploratory not production
- PKI / SSL/TLS lifecycle ••••◦
CSR generation, cert lifecycle, private-key handling, DNS / domain ownership across internal and public-facing infrastructure
Mechanical / HVAC trade credentials
From a decade in the trade before IT. Maintained current because the discipline that earned them is the same discipline I bring to systems work.
- NC H-3-I Mechanical Contractors License •••••
Held current. Acted as the mechanical-contractor qualifier for a BPI Gold Star HVAC division.
- NATE Service Technician (multi-specialty) •••••
Heat Pump, Gas, Oil, Air Distribution
- EPA Section 608 Universal •••••
All three certification types (I, II, III)
- BPI Building Analyst + Envelope Professional ••••◦
Building performance, blower door, duct blaster, thermal imaging
- ACCA Manual J / D / S / N / Q ••••◦
Residential and commercial load, duct, sizing, and design calcs
- Wrightsoft + AutoCAD mechanical layout ••••◦
- Cross-trade fluency ••••◦
Gas piping, low and high voltage electrical, sheet metal duct fab