Infrastructure Engineer
Tyler Higgins
Multi-site networks · virtualization · security operations
I keep infrastructure fast, secure, and documented. Most recently the sole security-focused engineer on a Tier 3 team running a 38-building, 23,000-user environment — the WAN, the switching backbone, the virtualization, and the automation that holds it together.
Available for infrastructure & security rolesAbout
I'm an infrastructure and security engineer with an MS in Cybersecurity and a BS in Network Security from an NSA-designated program, graduated magna cum laude. Seven-plus years across enterprise network administration, multi-site infrastructure, and hands-on security operations.
I'm comfortable owning the whole stack — WAN and switching across dozens of sites, VMware clusters, next-gen firewalls, endpoint and managed detection, and the Ansible automation that keeps configuration consistent instead of drifting. I like the unglamorous parts: clean documentation, repeatable deployments, and incidents that get a real root-cause instead of a reboot.
Projects
Systems I've built and run
Each card is a short spec sheet — stack, scale, and the role I played. Real work, not a wall of logos.
District-wide infrastructure
Owned reliability for a 38-building district — VMware clusters, multi-site WAN, and the switching backbone underneath, with Ansible eliminating configuration drift across the Cisco stack.
Multi-site WAN & switching
Designed and maintained WAN connectivity and the multi-vendor switching layer across every site; diagnosed cross-site incidents and cut user-impacting latency and outages.
Endpoint, MDR & firewalls
Sole security engineer for the district's full stack — endpoint detection, 24/7 managed detection & response, and next-gen firewalls — including the incident response when something tripped.
CyberVault
UAT Student Innovation Project: a password manager that swaps the master password for an RSA key pair — auto-generate a key, or bring your own from hardware like a Nitrokey.
tylerhigginssip.weebly.comSelf-hosted AI platform
A retrieval-augmented AI platform running entirely on owned hardware — local models answering from a private document corpus, with nothing leaving the machine by default. Privacy-first and bound to localhost, with config and knowledge base recoverable from backup; doubles as an infrastructure copilot over ingested network and systems documentation.
Self-architected security lab
A defense-in-depth lab built from bare metal to mirror enterprise architecture. Identity on Active Directory; a two-tier PKI whose Root CA stays air-gapped while an issuing CA auto-enrolls device and user certificates through Group Policy; certificate-based 802.1X (EAP-TLS) network access control via RADIUS. Wazuh XDR and Security Onion add endpoint and network detection on top.
Home infrastructure, versioned
The whole environment as version-controlled code: over a dozen containerized services behind a Traefik reverse proxy with Authentik SSO and zero exposed inbound ports (Cloudflare Tunnel), NetBox as the IPAM source of truth, and Uptime Kuma for health. A GitHub Actions workflow validates every change, decisions are captured as ADRs, and a Python netops toolkit pulls live UniFi state to generate network documentation and flag configuration drift.
Experience
Where I've done it
Sole security-focused engineer on a 4-person Tier 3 team. Owned the security stack (SentinelOne, Arctic Wolf, Palo Alto), WAN and switching across 38 sites, VMware clusters, and Ansible automation for the Cisco fleet.
Built network infrastructure for surveillance and video-management systems, managed AWS resources, and caught a critical security vulnerability during testing before it shipped.
Ran campus IT and network operations across a multi-building site; redesigned the campus network in the first week and partnered with corporate IT on upgrades and firewall work.
Contact
Let's talk
Open to infrastructure and security roles — healthcare especially. Send a note and I'll get back to you.