Tyler Higgins

Infrastructure Engineer

Tyler Higgins

Multi-site networks · virtualization · security operations

I keep infrastructure fast, secure, and documented. Most recently the sole security-focused engineer on a Tier 3 team running a 38-building, 23,000-user environment — the WAN, the switching backbone, the virtualization, and the automation that holds it together.

Available for infrastructure & security roles

About

I'm an infrastructure and security engineer with an MS in Cybersecurity and a BS in Network Security from an NSA-designated program, graduated magna cum laude. Seven-plus years across enterprise network administration, multi-site infrastructure, and hands-on security operations.

I'm comfortable owning the whole stack — WAN and switching across dozens of sites, VMware clusters, next-gen firewalls, endpoint and managed detection, and the Ansible automation that keeps configuration consistent instead of drifting. I like the unglamorous parts: clean documentation, repeatable deployments, and incidents that get a real root-cause instead of a reboot.

MSCybersecurity — UAT, 2024
BSNetwork Security — magna cum laude, NSA-designated
CertsCompTIA A+ · Network+ · Security+
CompWRCCDC 2020–21 — 4th, regional

Projects

Systems I've built and run

Each card is a short spec sheet — stack, scale, and the role I played. Real work, not a wall of logos.

Enterprise Infrastructure

District-wide infrastructure

Owned reliability for a 38-building district — VMware clusters, multi-site WAN, and the switching backbone underneath, with Ansible eliminating configuration drift across the Cisco stack.

stackVMware · Cisco/HP/Fortinet · Ansible
scale38 sites · 23,000+ users
roleTier 3 infrastructure
VirtualizationWANAutomation
Networking

Multi-site WAN & switching

Designed and maintained WAN connectivity and the multi-vendor switching layer across every site; diagnosed cross-site incidents and cut user-impacting latency and outages.

stackCisco · HP · Fortinet · Palo Alto
scope38-site WAN
focusReliability · latency · RCA
Routing/SwitchingTroubleshootingOSI
Security Operations

Endpoint, MDR & firewalls

Sole security engineer for the district's full stack — endpoint detection, 24/7 managed detection & response, and next-gen firewalls — including the incident response when something tripped.

stackSentinelOne · Arctic Wolf · Palo Alto
rolePrimary security engineer
focusEDR · MDR · incident response
EDRMDRFirewall
Applied Cryptography

CyberVault

UAT Student Innovation Project: a password manager that swaps the master password for an RSA key pair — auto-generate a key, or bring your own from hardware like a Nitrokey.

typeRSA key-pair vault
originUAT capstone
RSAKey management
tylerhigginssip.weebly.com
Local-First AI

Self-hosted AI platform

A retrieval-augmented AI platform running entirely on owned hardware — local models answering from a private document corpus, with nothing leaving the machine by default. Privacy-first and bound to localhost, with config and knowledge base recoverable from backup; doubles as an infrastructure copilot over ingested network and systems documentation.

stackOllama · Open WebUI · Qdrant · Docker/WSL2
scopeLocal-first · localhost-only
buildSolo — design, deploy, document
RAGLocal LLMsVector DB
Security Architecture

Self-architected security lab

A defense-in-depth lab built from bare metal to mirror enterprise architecture. Identity on Active Directory; a two-tier PKI whose Root CA stays air-gapped while an issuing CA auto-enrolls device and user certificates through Group Policy; certificate-based 802.1X (EAP-TLS) network access control via RADIUS. Wazuh XDR and Security Onion add endpoint and network detection on top.

stackAD · AD CS (2-tier PKI) · NPS · Wazuh · Security Onion
access802.1X EAP-TLS · GPO autoenrollment
scopeHome lab · enterprise patterns
PKI802.1X / NACSIEM / NSM
Infrastructure as Code

Home infrastructure, versioned

The whole environment as version-controlled code: over a dozen containerized services behind a Traefik reverse proxy with Authentik SSO and zero exposed inbound ports (Cloudflare Tunnel), NetBox as the IPAM source of truth, and Uptime Kuma for health. A GitHub Actions workflow validates every change, decisions are captured as ADRs, and a Python netops toolkit pulls live UniFi state to generate network documentation and flag configuration drift.

stackDocker Compose · Traefik · Authentik · NetBox
ciGitHub Actions validation · ADRs
automationPython netops toolkit · drift detection
DockerCI/CDAutomation

Experience

Where I've done it

2023 — 2025
IT Administrator — Network & Security Engineer
Rochester Public Schools · Rochester, MN

Sole security-focused engineer on a 4-person Tier 3 team. Owned the security stack (SentinelOne, Arctic Wolf, Palo Alto), WAN and switching across 38 sites, VMware clusters, and Ansible automation for the Cisco fleet.

2022 — 2023
Network Engineer
Safety Vision · Houston, TX

Built network infrastructure for surveillance and video-management systems, managed AWS resources, and caught a critical security vulnerability during testing before it shipped.

2018 — 2022
Campus Technology Administrator
AIM Houston · Houston, TX

Ran campus IT and network operations across a multi-building site; redesigned the campus network in the first week and partnered with corporate IT on upgrades and firewall work.

2024MS, Cybersecurity — University of Advancing Technology
2022BS, Network Security — UAT · Magna Cum Laude · NSA-designated program

Contact

Let's talk

Open to infrastructure and security roles — healthcare especially. Send a note and I'll get back to you.