Security Infrastructure Migrations (“Lift and Shifts”)

I’ve worked extensively on security infrastructure migrations, helping organizations transition from legacy or limited solutions to more mature and scalable security platforms. Whether supporting endpoint protection or SOC/SIEM transformations, I focus on understanding each environment in depth, executing migrations with precision, and ensuring the end state delivers stronger visibility, better protection, and long-term value.

Endpoint Detection & Response (EDR) Tooling Migrations

I led and supported end-to-end EDR migration and onboarding efforts, taking projects from initial discovery through final implementation and validation by working closely with multiple teams across my company. Under tight timelines, I helped conduct comprehensive environmental audits to map asset inventories and analyze application usage, enabling accurate scoping and planning. I helped ensure complete EDR coverage across all in-scope endpoints, maintaining continuous protection and achieving full compliance with organizational security baselines. This was made possible through the following:

Scoping & Pre-Migration Planning

I was big on establishing the scope of EDR migration initiatives. This helped all teams remain on track and understand their role in the migrations. This was done by:

  • Accurately identifying and accounting for all in-scope assets, including workstations and servers, prior to offboarding legacy tooling.

  • Performing detailed assessments to understand application usage and dependencies across environments, ensuring migrations were properly planned and executed.

  • Identifying and validating exclusions which required collaboration with clients, leveraging vendor guidance, and applying prior migration experience to define necessary exclusions, minimizing the risk of operational disruption.

All of this was performed while balancing speed with risk management. My team and I operated effectively under tight timelines, ensuring thorough analysis while maintaining continuous security coverage throughout the transition.

Post-Migration Configuration & Security Alignment

Once clients were properly migrated and onboarded to the new EDR tooling, the work didn’t stop there. Much of the project scoping included post-migration configurations and security alignments. This was done through:

  • Aligning to security standards to ensure newly deployed EDR tooling met or exceeded established security baselines following migration.

  • Optimizing attack surface reduction, which focused on configuring and tuning attack surface reduction (ASR) policies to strengthen preventative controls and reduce exposure. (Much of those ASR rules we looked to implement are described above)

  • Enhancing overall security posture by configuring and optimizing policies to improve threat prevention capabilities, enforce consistency across environments, and ensure adherence to organizational security requirements.

Overall, I worked extensively with tools such as Carbon Black and Microsoft Defender for Endpoint, including Defender for Servers via Microsoft Defender for Cloud and Azure Arc onboarding.

Security Operation Center / Security Information and Event Management Migrations 

I supported the migration (“lift and shift”) of SOC/SIEM platforms across a variety of clients, ranging from small organizations with a handful of users and endpoints to large, multinational enterprises with over thousands of users and assets. These projects often included clients transitioning from their prior SOC/SIEM solutions, as well as those with little to no existing security monitoring capabilities at all. 

Regardless of the starting point, I successfully helped onboard each environment into centralized SOC/SIEM platforms, significantly enhancing visibility and strengthening the overall security posture.

These projects required a wide range of skills and cross-team collaboration to ensure success for the client and us.

I was able to achieve great success in these projects through:

Collaboration Across Multiple Teams

The scope of these projects generally expanded beyond the Information Security team that I was a part of. I often worked closely with a number of teams in order to see the projects through. This included teams like:

  • Systems Engineering 

  • End-user Computing

  • Tooling

  • Engineering Operations

  • Project Engineering

  • Network Engineering

  • Project Managers

  • End User Trainers

  • Client Stakeholders

This collaboration was necessary to ensure there was an alignment on scope, dependencies, and execution timelines.

Establishing Visibility into Environments 

I worked with my team to conduct thorough discovery efforts to identify and document all relevant data sources across client environments, including network infrastructure, identity providers, endpoint telemetry, on-prem telemetry and SaaS platforms.

  • This would include documenting data sources like firewalls, DUO Security, Umbrella, Mimecast, Entra, and on-prem sources like DHCP, LDAP, DNS and Active Directory.

Ensuring Complete Security Coverage

Following that documentation and discovery phase, we worked meticulously to onboard and verify that all in-scope systems and data sources were successfully integrated and actively reporting, reducing blind spots and strengthening monitoring capabilities.

  • This would include utilizing the information gathered in the discovery audits and working to onboard all relevant data sources.

Maintaining Stakeholder Communications

Keeping client stakeholders involved in the process was important for a variety of reasons. Not only to ensure change management was properly followed by keeping clients informed on all changes, but also to acquire the necessary approvals to do so, and ensure those changes go through the change management process. 

It was also important to me and I was often responsible for communicating progress, risks, and milestones throughout the migration lifecycle, ensuring transparency and alignment with both technical teams and business stakeholders.

Post-Onboarding Tuning Efforts

Following onboarding, I helped support post-onboarding tuning efforts to enhance log fidelity, reduce noise, and improve the effectiveness of detection use cases.