Harold E. Poling Jr. Resume

Senior IT Infrastructure and Security professional with over 25 years of progressive experience supporting enterprise, government, education, and financial environments. Deep expertise in Windows Server (2000-2025), CrowdStrike, Fortinet, and Nutanix. Specialized in security tooling, digital forensics, and incident response. Proven leader in high-visibility investigations, lab architecture, and secure environment design. Trusted contributor to California State Security Initiatives.

Core Technical Competencies

Virtualization: Nutanix AHV, VMware ESXi, Hyper-V, KVM, ProxMox
Operating Systems: Windows Server 2000-2025, XP-11, Ubuntu, Oracle, SUSE, NetWare
EDR / IR: CrowdStrike Falcon, FireEye, Velociraptor, Vectra, Security Onion
SIEM / Visibility: Splunk, Elastic, Arkime
Forensics: Autopsy, FTK Imager, Memory & Packet Capture
IAM: Active Directory, Group Policy, DNS, DHCP
Networking: HP & Cisco Switching, VLANs, Layer 2/3
Firewalls: Fortinet, Palo Alto, Cisco ASA, PfSense, OpenSense
Management: SCCM, WSUS
Backup / DR: CommVault, Avamar, Networker
Scripting: PowerShell, Bash
Leadership: IR Training, Tabletop Exercises, Mentorship

Professional Experience

1TECH4U (Owner Non-Profit)

01/2018 - Present

Cybersecurity Architecture: Engineered and deployed comprehensive security frameworks across 50+ sites, utilizing Fortinet NGFW, pfSense, and OPNsense to enforce rigorous security policies.
Security Operations & SIEM: Architected a centralized ELK Stack (Elasticsearch) ecosystem for real-time security event analysis, log aggregation, and open-source SIEM capabilities across all Chursh environments.
Incident Response Leadership: Spearheaded critical Incident Response (IR) actions, utilizing Velociraptor and Arkime to mitigate threats and restore mission-critical operations for high-availability community organizations.
Identity & Access Management (IAM): Hardened remote access protocols by deploying Apache Guacamole (v1.6) with mandatory Multi-Factor Authentication (MFA/2FA) to secure distributed charity endpoints.
Network Engineering: Modernized aging infrastructure through VLAN segmentation POE and Quality of Service (QoS) optimization, resulting in significant improvements to network security posture and traffic reliability.
Full-Stack Infrastructure: Directed the design and physical build-out of MDF/IDF distribution points, integrating Layer-3 switching, Ubiquiti Mesh Wi-Fi, and CAT-6 standards to support modern VOIP and IoT ecosystems.
Talent Development: Mentors and manages a high-performance team of 12 aspiring technologists, providing structured work experience through complex infrastructure upgrades and physical security projects.
Community Social Responsibility (CSR): Spearheads technical outreach initiatives, including the total restoration of computer labs and the provisioning of sanitized systems for veterans transitioning via Nations Finest.
Technical Instruction: Delivers advanced technical training in hardware assembly and OS maintenance across Windows 11 and Linux (Ubuntu 24.04/Mint/Minux/Debian), empowering community members with essential digital literacy.

California Office of Technology Services - IT Specialist III Security Architect

01/2022 - Present

Forensic Ecosystem Design: Engineered a high-security Test Lab and Forensics Containment Area, integrating Nutanix, CrowdStrike, and Security Onion for isolated threat analysis and incident simulation.
Large-Scale Data Observability: Deployed Elastic Stack with Arkime to index and analyze massive PCAP datasets, providing critical deep-packet inspection and forensic capabilities for state-level agencies during emergency IR engagements.
Cross-Platform Telemetry Integration: Architected unified security pipelines on Ubuntu, aggregating Windows Event Logs, Linux system logs, and firewall traffic into Elasticsearch to accelerate investigative insights.
Zero Trust Network Design: Designed segmented network architectures using Palo Alto Firewalls, strictly enforcing Least Privilege and Risk-Based Controls in alignment with California State security requirements.
Strategic IR Leadership: Spearheaded end-to-end Incident Response operations, overseeing digital forensics and data recovery while delivering policy-aligned executive briefings to secure stakeholder buy-in.
EDR & Identity Remediation: Directed CrowdStrike EDR deployments to investigate and remediate sophisticated identity compromise incidents, providing technical leadership to cross-functional remediation teams.
Operational Readiness: Facilitates complex tabletop and live-fire lab exercises, simulating real-world attack vectors to validate response playbooks and team technical proficiency.
Military Technical Training: Delivered specialized Cyber Defense instruction to military personnel at William Jessup University (Cyber Dawn), teaching standalone Elastic Stack deployment and advanced network traffic analysis.
Secure Educational Infrastructure: Developed a secure remote-learning lab using Apache Guacamole (2FA), integrated with Elastic Stack dashboards to monitor student engagement and audit access logs for compliance.
Presales & Consultative Strategy: Combines deep technical expertise with a consultative mindset to articulate the ROI of advanced observability and security platforms to State of California partners and customers.
Solution Engineering: Architects complex, mission-critical security solutions that drive measurable outcomes, solving multifaceted technical challenges while building long-term organizational trust.

California Office of Technology Services - IT Specialist II (SOC, SIEM, ATP)

01/2020 - 01/2022

Multi-Agency Forensics: Spearheaded complex digital forensics investigations in direct collaboration with the California Highway Patrol (CHP), ensuring evidentiary integrity and technical precision.
Chain-of-Custody Governance: Engineered a high-security forensics containment area featuring two-person integrity (TPI) controls, 24-hour surveillance, and rigorous hardware intake protocols to meet forensic standards.
Enterprise EDR Stewardship: Served as the **Technical Lead** for a large-scale CrowdStrike Falcon enterprise deployment, architecting the sensor rollout and response policies for mission-critical assets.
Lifecycle Management: Visualized and audited complex enterprise environments using **Microsoft Visio**, identifying critical end-of-life (EOL) hardware and architecting multi-year replacement strategies to mitigate operational risk.
Security Stack Integration: Engineered integrated telemetry pipelines using Security Onion and Elastic Stack to correlate network IDS, host-based logs, and threat intelligence for rapid incident detection.
Full-Packet Investigation: Architected Arkime + Elastic solutions to index and query high-volume **Full-Packet Capture (PCAP)** data, enabling deep-dive forensic analysis for sophisticated network intrusions.
Network Hardening: Designed and implemented Zero-Trust-ready environments using Palo Alto Firewalls, enforcing micro-segmentation and risk-based access controls to protect sensitive data enclaves.
Force Multiplication: Developed and executed comprehensive training frameworks for **Tier 1 and Tier 2 SOC analysts**, accelerating the adoption of California Department of Technology (CDT) security tools.
Advanced IR Simulation: Facilitated high-fidelity tabletop and physical lab exercises utilizing a premier toolset, including **FireEye, CrowdStrike, Splunk, and Vectra**, to sharpen team response maneuvers.
Defense Instruction: Delivered specialized Cyber Defense training to Military Personnel during the Cyber Dawn exercise, focusing on the rapid deployment of standalone Elastic environments and forensic data analysis.
Identity Threat Remediation: Directed the strategic application of CrowdStrike EDR to isolate and remediate identity-based compromises, effectively neutralizing lateral movement within the enterprise.

California Office of Technology Services - IT Specialist II

01/2017 - 01/2020

Forensic Integrity: Directed high-profile digital forensics investigations in coordination with the California Highway Patrol (CHP), applying rigorous Military Police-standard chain-of-custody protocols to ensure evidentiary admissibility.
Mission-Critical Support: Orchestrated centralized log ingestion and security event analysis via Wazuh & Elastic Stack to support Cal OES (California Governor's Office of Emergency Services) across 20+ active incident response operations.
Governance & Policy Design: Authoritative lead for CrowdStrike Deployment Policies, establishing formal User Role & Responsibility frameworks aligned with L1, L2, and L3 operational tiers.
Automated IR Workflows: Architected specialized CrowdStrike instances for testing and rapid response, automating device onboarding to significantly reduce manual intervention for IR responders.
Custom Security Tooling: Developed mission-critical PowerShell automation for L1/L2 data acquisition, enabling CIO-authorized automated packet capture from local endpoints during active investigations.
Cross-Generational Infrastructure: Engineered a massive air-gapped security environment comprising 40+ desktops and 10 servers, managing legacy-to-modern compatibility from Windows XP/Server 2008 to Server 2022.
Active Directory Hardening: Executed comprehensive Blue Team defense strategies for Windows ecosystems, utilizing Group Policy, Regedit, and SCAP (Security Content Automation Protocol) to enforce system hardening.
Enterprise EDR Rollout: Managed the end-to-end technical project lifecycle for the Office of Technology Services (OTech) CrowdStrike deployment, ensuring 100% uptime through meticulous planning and Change Control.
Advanced Threat Detection: Directed the installation and testing of Vectra appliances for lateral movement detection, later spearheading the enterprise-wide deployment via formal Change Management procedures.
Simulation & Training Excellence: Deployed BOTS (Boss of the SOC) Splunk servers and Elastic Stack lab environments to provide high-fidelity training for personnel on advanced search syntax and forensic analysis.
Architecture for Speed: Architected high-performance lab environments that integrate CrowdStrike, SIEM, and Elastic Stack, cutting down the "time-to-insight" for forensic investigations and threat-hunting exercises.

California Office of Technology Services - Systems Software Specialist II

01/2012 - 01/2017

Massive-Scale Operations: Orchestrated the lifecycle management and patch compliance for an enterprise fleet of 1,500+ Windows Servers, maintaining 99.9% security uptime across legacy (2008/2012) and modern (2016/2022) environments.
Strategic OS Migration: Directed comprehensive lifecycle analysis and migration roadmaps to transition critical workloads from Legacy Windows 2003/2008 platforms to hardened Server 2016/2022 architectures.
Patch Team Leadership: Spearheads "Super Tuesday" patching operations, managing a rigorous Two-Week Lifecycle (Week 1: UAT/Validation; Week 2: Enterprise Deployment) to ensure zero-day vulnerability remediation.
MECM/SCCM Engineering: Architected specialized SCCM 2012/Current Branch deployment packages and custom SQL reporting to automate software distribution and resolve complex client-to-site communication bottlenecks.
DR Architecture: Engineered high-availability Disaster Recovery (DR) solutions utilizing CommVault, leveraging deduplication and off-site replication to guarantee data integrity and minimize Recovery Time Objectives (RTO).
Business Continuity Planning: Designed resilient backup architectures that ensure 24/7 operational continuity for mission-critical enterprise applications.
Virtualization Standardization: Authored master training documentation and multimedia video libraries for VMware 5.1/6.x deployments, standardizing virtual machine provisioning for global IT staff.
Solution Blueprinting: Utilizes Microsoft Visio to architect and visualize complex customer environments, streamlining the rollout of new roles and services for improved operational efficiency.
ITSM Governance: Managed workload balancing and change governance via BMC Remedy, ensuring all modifications to the enterprise environment followed strict Change Request (CR) and Work Order protocols.
Continuous Knowledge Excellence: Mentors and onboards new engineering staff by producing a persistent library of HTML-based training modules and MP4 instructional content for proprietary enterprise software stacks.

California Department of Justice - Systems Software Specialist II

01/2010 - 01/2012

HL-TECH - Owner & Business Manager

01/2003 - 01/2010

Western Sierra Bancorp - IT Manager

01/1996 - 01/2003

Teaching & Instructional Experience

Lead Incident Response Instructor | Cyber Dawn Program (01/2025 - Present)

Directs high-intensity tabletop and live-fire lab exercises for military and technical personnel, covering the full NIST Incident Response Lifecycle: Detection, Containment, Eradication, and Recovery.
Delivers hands-on masterclasses in Network Forensics, utilizing Security Onion and Arkime to analyze full-packet captures (PCAP) and identify malicious lateral movement.
Instructs on Host-Based Digital Forensics, teaching the use of Autopsy and FTK Imager for secure evidence acquisition, disk imaging, and deep-dive artifact analysis.
Spearheads the deployment of Elastic Stack (ELK) within a lab environment to demonstrate centralized log correlation and real-time threat hunting during active intrusion scenarios.
Mentors participants on the integration of enterprise and open-source ecosystems, ensuring students can effectively leverage a diverse security stack in high-pressure, mission-critical environments.

Certifications, Clearance & Professional Development

★ Active Security Clearance: SECRET (Verified via Cal OES)

Academic Foundations:

California Dept. of Technology (CDT): Information Security Leadership Academy (ISLA)
Community College of the Air Force: Specialized Military Technology Studies
Cisco Junior College: Collegiate Technical Foundations

Elite Industry Training:

SANS Institute: SANS 504 (Hacker Tools & Exploits) & SANS 501 (Enterprise Defender)
CrowdStrike: FHT 202 (Intermediate Falcon for Hunters), FHT 120, & FHT 101
Elastic Stack (ELK): Certified Specialist in Security Data Analysis & Installation
CompTIA: Security+ Certified (Verified through 2026)

Technical Mastery & Continuous Learning:

VMware Expert: Version 3.5 to 8.03 (Specializing in HA & Clustering)
MECM/SCCM: Advanced Architecture & Deployment (2019/Current Branch)
Security Operations: Splunk Machine Data Analysis, Security Onion (NSM), and Ethical Hacking
Microsoft Ignite: 2012, 2016, and 2025 Delegate