Marcin Duchnicki

1935 N Logan, Denver, CO 80203│mduchnicki@gmail.com│Tel.

7085393737 linkedin profile: www.linkedin.com/in/marcin-duchnicki-27711b167

Overview of Qualifications and Certifications

• CISSP
• Azure Solutions Architect Expert
• Azure Cyber Security Architect Expert
• Azure security engineer, Identity and Access Admin, Azure administrator
• CySA+
• LogRhythm Platform Administrator
• MCSA, MCSE
• CCNA R & S, CCNA Security.
• Cloud Zero Trust design, implementation, configuration and security.
• Excellent troubleshooting and technical skills based upon years of
experience.
Employment History:

Decision Point
Azure Cloud Security Engineer/Architect Sep 2021 – till present
 Providing security guidance on cloud migration efforts for Department of
Interior Bureau of Reclamation. Assisting enterprise towers in moving and
securing large amount of computer systems (over 1000) with multiple
applications and databases in to the commercial and government cloud.
 Design and implement Azure security model based upon Microsoft Cyber
security reference architecture. Help design and configure Azure Defender
solution based on requirements.
 Overview Azure Identity and access management deployment and integration–
MFA, Group management, SSO, Application Proxy, Azure AD entitlement
management.
 Help enterprise achieve acceptable level of least privilege assignment with Azure
implementation of PIM (Privilege Identity Management) and Just in Time Access.
 Setup and manage Zero Trust conditional access for identities and devices.
Export risk detection data from endpoints into on-prem SIEM (Splunk) to gain
visibility and understanding into enterprise security posture.
  Lead ISO Cloud Migration team in providing comprehensive System Security Plan
based on FedRAMP framework and SP800-53 control baseline to obtain new
ATO for cloud operations.
 Establish functional Azure governance that incorporates hybrid environment
using Azure policies to drive compliance and audit requirements. Use Azure
Blueprints to create versioning and integrate packages with CI/CD pipeline.
 Help enterprise organization move away from monolithic design and embrace
DevOps solutions. By establishing secure practices for code development using
Github and Azure DevOps.
PBCM
Azure Cloud Security Engineer/Architect May 2020 – Sep 2021
Azure:
• Leading a team of system and network admins in designing comprehensive
plan to migrate entire system infrastructure to the government cloud
according to strict government compliance regulation (FedRAMP & DOD
STIG’s)
• Design, deploy & configure a network hybrid infrastructure to support server
workload. That includes vents & subnets, a custom routing, Radius
Authentication, NSG’s, both virtual appliance and azure firewall, on-prem AD
integration (ADConnect) with point-to-point VPN and primary ExpressRoute.
• System integration and automation - Replacing old terminal servers with
highly scalable, cost-efficient, and secure VDI implementation.
• Office 365 administration. Design and implement a migration plan to move
exchange, share point and Office 365 to new government cloud form
commercial space.
• Move on prem SQL Database to Azure SQL instance. Maximize efficiency and
minimize cost.
• Implement AD connect sync. The IAM, conditional access and MFA for secure
user access.
Information Security/Backup recovery:
• Developed and implemented a highly modular and comprehensive cloud
disaster recovery plan suited for financial institutions bound by complex
regulation.
• Help maintain Vulnerability Management Program performing continuous
scanning using Tenable IO of corporate cyber security posture. Patch and
Remediation management and Exploit protection.
• Performing Security Assessment per Government specification. Oversee
annual security policy and procedure review.
 • Implement LogRhythm SIEM. Set Up an entire infrastructure of agents and
collectors. Create a custom AI Engine and Alarm rules set. Create custom
reports for compliance.
• Maintain PKI infrastructure. Generate custom certificates for various
applications, network devices and services both Win and Linux.
• Provide recommendations for defense in depth security architecture.
Hardening systems and services using NIST security guidelines to fulfill
regulatory compliance needs of PCI DSS and GLBA.

US Money Express CO
Network Security Administrator May 2003 – May 2020
• Maintain infrastructure of over 100 Win servers physical & virtual Hyper-V
hosts.
• Maintain GPO & Security Policy for all login servers and applications.
• Manage Win infrastructure using SCCM – deploy software, manage clients
• Install & configure AD Federation Services, claims, relying party trusts.
• Manage and tune hardware and software IDS and IPS systems ex. Cisco ASA
Firepower, Snort and file integrity Tripwire for regulatory compliance.
• Define, implement, and maintain corporate security policies and procedures.
• Active involvement in security incident response. All phases of detection,
analysis, containment, eradication and recovery.
• Manage and configure RADIUS policies. AAA and 802.1x network access
control.
• Setup and maintain SEIM for data aggregation, correlation, and trend and
history analysis. Configure rules, alerts, set thresholds for notifications and
generate reports for management.
• Design and implement network access, Site to Site VPN, MPLS, Client Site
VPN.
• Implement highly available Active-Active clustering for MS SQL Servers.
• Designing, implementing and testing disaster recovery site in compliance to
current standards.
• MS SQL database backup and recovery – SQL transactional replication.

Education B.S. in Computer Science from Roosevelt University in Chicago Graduated

May 2000