I currently serve as Senior IT Officer at Scholastic Asia, leading regional infrastructure strategy, cloud modernization, and cross-country security and operations programs spanning Malaysia, Singapore, India, China, and the Philippines.
Disciplines#
The Work#
AWS Modernization
A platform-wide restructuring of Scholastic Asia’s AWS environment — network segmentation, least-privilege IAM, and policy-driven deployment pipelines. Infrastructure moved from reactive, ad-hoc operations to a structured, Terraform-backed delivery model with a full audit trail on every change.
AWS Resource Migration
End-to-end migration of a business-critical application from deprecated Windows Server EC2 instances to Windows Server 2022 — covering fresh IIS and SQL Server provisioning, security hardening, and a three-environment promotion pipeline with zero unplanned downtime.
Cost Governance
Sustained cost reduction through instance rightsizing, lifecycle policy enforcement, and intelligent storage tiering — delivering measurable savings on recurring AWS operational spend.
Five-Country Network Overhaul
Full network modernization across all five Scholastic Asia locations — Cisco switching, Palo Alto NGFW deployment, FortiNAC for network access control, and SOC-ready telemetry integration into SolarWinds and IBM QRadar.
CIS Controls v8 Enforcement
Led enterprise-wide CIS Controls v8 implementation across cloud, network, identity, and endpoint control domains — establishing a measurable, auditable security baseline across the Asia region, with audit-ready evidence packages delivered for US InfoSEC validation.
88TB Enterprise File Migration
Full migration of 88TB of enterprise content from AWS-hosted Citrix ShareFile StorageZone to Dropbox Business — delivered within two months under active production load, with zero data integrity issues.
GitOps-Driven Kubernetes
A single-node Talos Linux cluster running as a production-discipline platform: Flux continuously reconciles all cluster state from Git, sealed secrets committed to the repository, wildcard TLS automated via cert-manager, and a unified Prometheus/Loki/Grafana observability stack covering the full stack.
The homelab is where patterns are validated before they reach enterprise infrastructure — GitOps workflows, security controls, and operational runbooks are tested here first.
Digital Privacy as Practice
Privacy is not a product or a setting — it is an operational discipline applied consistently across tooling, communication, and infrastructure choices. The same principles that govern enterprise security posture apply to personal digital hygiene: least-privilege access, minimal data exposure, and deliberate control over identity and communication channels.
The Privacy Advocacy page covers the reasoning, the tools, and the practical steps in detail.
Operating Principles#
| Principle | Application |
|---|---|
| Security by design | Controls are built into architecture from the start — not layered on after the fact |
| Code over console | Every infrastructure change goes through a pipeline — no undocumented manual state |
| Documentation as a deliverable | Runbooks, architecture diagrams, and procedures are part of the work, not an afterthought |
| Outcomes over activity | Success is measured by what the team can own and sustain, not by hours or deliverables shipped |
Professional Journey#
Senior IT Officer
2021 – Present
Scholastic Asia
Leading regional IT infrastructure across five Asia-Pacific markets, with accountability for cloud architecture, security posture, and operational continuity at enterprise scale.
- Architect and maintain AWS environments with security, resilience, and cost governance as core design principles.
- Direct cross-country network modernization, firewall migration, and SOC enablement programs.
- Drive CIS Controls v8 enforcement and deliver audit-ready compliance evidence for US InfoSEC validation.
- Lead major migrations and infrastructure transitions under active production load with zero service impact.
IT Manager / System Integrator
2019 – 2021
PilotTV Philippines
Shaped long-term IT strategy and unified a fragmented technology environment into a coherent, interoperable platform aligned to business operations.
- Assessed infrastructure maturity and planned future-state capabilities across the organization.
- Integrated disparate systems and applications to eliminate operational silos and improve reliability.
- Managed end-to-end integration projects from requirements through delivery, on scope and on schedule.
IT Specialist
2016 – 2019
FocusMedia Audiovisual Inc.
Owned day-to-day IT operations, maintaining endpoint performance, security compliance, and user account governance across the organization.
- Delivered technical support across hardware and software installation, configuration, and fault resolution.
- Administered user account lifecycle controls aligned with security policy and access governance standards.
- Managed software rollouts and system updates to sustain endpoint consistency and operational uptime.
IT Field Engineer
2014 – 2016
eMechanics Computer & Peripherals Inc.
Delivered on-site technical execution for mission-critical deployments across financial services infrastructure, where precision and uptime were non-negotiable.
- Installed, configured, and network-integrated ATM and POS platforms at client sites nationwide.
- Executed preventive maintenance and system updates to maximize reliability and minimize service disruption.
- Coordinated with technical teams to triage and resolve field incidents within SLA windows.
Remote Desktop Specialist
2013
Accenture
Provided enterprise-grade remote technical support, building early foundations in structured problem-solving, security response, and end-user communication under pressure.
- Resolved complex software issues remotely, reducing end-user downtime and escalation rates.
- Detected, removed, and remediated malware and cybersecurity threats across managed endpoints.
- Optimized system performance and stability through targeted diagnostics and tuning protocols.