Microsoft Word
Joseph Bruffee
Cypress Inn,TN
Summary
Dynamic Chief Technology Officer and Senior Security Architect with over 20 years of experience integrating executive strategy with hands-on engineering expertise. Specializes in designing global Zero Trust ecosystems, automating SOC operations using GenAI/n8n, and navigating complex compliance frameworks. Proven track record includes achieving SOC 2 Type II attestation and modernizing legacy infrastructures for prominent organizations such as Aspen Insurance and Bob's Discount Furniture. Renowned for driving technological advancements and business transformations while fostering strong team collaboration and adaptability to evolving business needs.
Quote
There is a powerful driving force inside every human being that, once unleashed, can make any vision, dream, or desire a reality.
Tony Robbins
Overview
27
27
years of professional experience
Skills
● Security Architecture: Zero Trust (Zscaler ZIA/ZPA), SASE, Network Segmentation, Defense-in-Depth
● Identity & Access: Microsoft Entra ID (Azure AD), Active Directory, Bomgar BeyondTrust PAM, Delinea SecretServer, Thales HSM, PKI, IAM, SAML, Auth0, Entra ID, MFA
● Threat Detection & Intelligence: Microsoft Sentinel, QRadar, EDR/XDR, Darktrace, Proofpoint, SIGMA/YARA, MISP, OpenCTI, OpenBAS
● DevSecOps & AI: Python, FastAPI, n8n, SCORCH, Azure Data Lake, Google Gemini Integration, SAST/DAST, SNYK
● GRC & Compliance: SOC 2 Type II, CMMC, HIPAA, PCI-DSS, GDPR, Microsoft Purview DLP, Data Classification, Varonis, Sailpoint, Force Point, KnowBe4, NIST
● Project Management: Jira, Smartsheet, Agile, Waterfall, DevOps, project sponsorship
● Vulnerability Management: Qualys, Tenable, Rapid7
● Endpoint Management: Intune, SCCM, JAMF, Automox, Ivanti EPM, SCCM, Footprints,
Work History
CTO & Sr Director of Security Architecture
ACCESS POINT TECHNOLOGY
08.2020 - 11.2025
- Organizational Compliance: Successfully achieved and maintained SOC 2 Type II attestation by leading the end-to-end design of security controls and defining policies aligned with industry standards.
- Threat Intelligence Automation: Reduced detection engineering time by 70% by architecting a bespoke threat intelligence platform using Python and n8n, integrating Google Gemini to consume MISP intel and auto-generate SIGMA queries.
- SOC Modernization: Significantly reduced Mean Time to Respond (MTTR) by deploying a "Self-Learning" SOC architecture integrating Darktrace, QRadar, and Microsoft Sentinel to normalize telemetry and automate triage.
- DLP & Compliance: Achieved full compliance with CMMC and HIPAA regulations by designing a data-centric security program using Microsoft Purview and implementing "Audit -> Block" policies.
- Email Security: Enhanced protection against advanced email threats and reduced manual remediation by architecting the migration from Mimecast to Proofpoint Enterprise and deploying TAP/TRAP.
- Led technology strategy development, aligning IT initiatives with business goals.
- Oversaw implementation of enterprise software solutions, enhancing operational efficiency.
- Drove cybersecurity initiatives, establishing protocols to protect sensitive data assets.
- Managed vendor relationships, negotiating contracts to optimize technology investments.
- Directed cross-functional teams in agile project management to deliver innovative products.
Senior Security Engineer
ASPEN INSURANCE GROUP
04.2017 - 07.2020
- Zero Trust Architecture: Eliminated lateral movement risks and modernized remote access for a global workforce by leading the global rollout of Zscaler (ZIA & ZPA) to replace legacy MPLS/VPNs based on Entra ID attributes.
- Cryptographic Infrastructure: Ensured the highest level of trust for PKI infrastructure by managing the lifecycle of Thales/Luna Hardware Security Modules (HSM) and migrating Microsoft Certificate Services (AD CS) to hardware-backed keys.
- Privileged Access Management (PAM): Mitigated insider threats by architecting a highly available Beyond Trust ecosystem featuring tamper-proof session recording and automated credential rotation.
- Endpoint Defense: Achieved real-time visibility into threats and automated the patching process by deploying Carbon Black EDR and overhauling vulnerability management using Tenable.sc, Qualys, and Ivanti EPM.
- Led security architecture design and implementation for enterprise-level applications.
- Developed and enforced security policies, ensuring compliance with industry regulations.
- Conducted risk assessments to identify vulnerabilities and implemented mitigation strategies.
- Mentored junior engineers, fostering a collaborative environment for knowledge sharing.
Sr. System Administrator
BOB'S DISCOUNT FURNITURE
04.2013 - 03.2017
- PCI-DSS Compliance: Drastically reduced PCI audit scope and secured customer financial data by leading the implementation of EMV Tokenization across all retail Point of Sale (POS) locations.
- Infrastructure Operations: Active Directory, Microsoft Exchange, Web filter, Improved system reliability and reduced manual server provisioning time by managing Citrix Netscaler and XenApp farms and implementing PowerShell and BMC Asset Core for automation.
- Managed IT infrastructure, ensuring optimal performance and reliability across systems maintaining >99.99% uptime.
- Implemented security protocols to protect sensitive data from cyber threats.
- Led system upgrades and migrations, enhancing overall operational efficiency.
- Mentored junior administrators, fostering skill development and knowledge sharing.
- Streamlined backup processes, reducing recovery time in disaster scenarios to under 1 hr and less than 15 minutes of data loss.
- Collaborated with cross-functional teams to align IT strategies with business objectives.
Systems Administrator / Supervisor
MANCHESTER PUBLIC SCHOOLS
05.2009 - 03.2013
- Migration Projects: Improved communication reliability and collaboration by executing the complex migration of the district's email infrastructure from Novell Groupwise to Microsoft Exchange.
- Managed server configurations and updates to enhance system performance.
- Implemented network security protocols to safeguard sensitive data.
- Managed Active Directory Domain, Microsoft Exchange, 10G Alcatel/Lucent network equipment
Windows Administrator (Engineering College)
UNIVERSITY OF MASSACHUSETTS AMHERST
10.2003 - 05.2009
- Academic Support: Maintained high availability for Engineering College labs and research systems by administering Linux and Windows environments and developing custom programming solutions.
- Administered Windows server environments, ensuring optimal performance and security compliance.
- Implemented system updates and patches to enhance functionality and mitigate vulnerabilities.
- Managed Active Directory, Microsoft Exchange, Unix/Linux/BSD, custom filtering bridge, NDR
Technician
ENTRE COMPUTER
03.1999 - 10.2003
- IT Services: Ensured operational continuity for diverse client environments through comprehensive IT support, server upgrades, and network design.
- Diagnosed and repaired hardware and software issues to ensure optimal system performance.
- Conducted routine maintenance on computer systems, enhancing reliability and user satisfaction.
Accomplishments
• Achieved SOC 2 Type II Attestation:
Situation: The organization lacked a formal security attestation required to win enter- prise-level trust and contracts.
Task: Lead the end-to-end design and implementation of security controls to achieve and maintain SOC 2 Type II compliance.
Action: I built engineering teams from the ground up and implemented a comprehensive control framework, aligning technical operations with audit requirements.
Result: Successfully achieved and maintained SOC 2 Type II attestation, modernizing legacy infrastructure and establishing a baseline for enterprise growth.
• AI-Driven Threat Intelligence Optimization:
Situation: Detection engineering was a manual, time-consuming process that struggled to keep pace with incoming threat data.
Task: Architect a modern threat intelligence platform to automate the ingestion of MISP intel and the creation of detection logic.
Action: I utilized Python and n8n to integrate Google Gemini, automating the consumption of intelligence feeds and the generation of SIGMA queries.
Result: Reduced detection engineering time by 70% and improved the organization’s overall speed to respond to emerging threats.
• Global Zero Trust Transformation:
Situation: A global insurance provider was relying on legacy MPLS and VPNs, which presented a significant attack surface and performance bottlenecks.
Task: Lead the global architectural rollout of a Zero Trust ecosystem to replace perimeter-based networking.
Action: I architected the migration to Zscaler (ZIA & ZPA) and implemented granular "User-to-App" segmentation based on Microsoft Entra ID attributes.
Result: Modernized the global estate, eliminating the need for legacy VPNs and significantly reducing the internal lateral movement risk
• Hardware-Backed Security: :
Situation: The organization required a more robust, hardware-backed security foundation for its global infrastructure to protect sensitive cryptographic keys.
Task: Manage the complete lifecycle of Thales/Luna HSMs and migrate the existing Microsoft Certificate Services (AD CS) from software-based storage to hardware-backed keys.
Action: I executed physical Key Ceremonies to establish root-of-trust and integrated the HSMs with the global PKI architecture.
Result: Successfully enhanced the security posture of the global estate by ensuring that all critical digital certificates and keys were stored in tamper-proof hardware, significantly reducing the risk of unauthorized key export or compromise
• HIPAA Compliant Data Governance:
Situation: The organization needed to align its data handling with strict HIPAA and CMMC regulatory requirements.
Task: Design and implement a data-centric security program to identify, classify, and protect sensitive information.
Action: Using Microsoft Purview, I defined Data Owners and deployed "Audit -> Block" policies to enforce data loss prevention
(DLP) across the environment.
Result: Achieved full compliance with HIPAA and CMMC frameworks while improving visibility into data movement across the organization.
Education
Associate of Science - Computer Information Science
Asnuntuck Community College
Enfield, CT05-2002
Certification
Luna HSM Certified System Engineer (Thales)
CompTia A+
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Work Preference
Work Type
Full TimeContract WorkLocation Preference
RemoteHybridImportant To Me
Company CultureWork-life balanceHealthcare benefitsSoftware
Microsoft PowerPoint
Microsoft Excel
Proofpoint
Qualys
Beyond Trust
Delinea Secret Server and PAM
Active Directory
Azure
Entra ID
Microsoft Purview
Varonis
Darktrace NDR and Email
N8N
AI Architecture and Compliance
Timeline
CTO & Sr Director of Security Architecture
ACCESS POINT TECHNOLOGY
08.2020 - 11.2025
Senior Security Engineer
ASPEN INSURANCE GROUP
04.2017 - 07.2020
Sr. System Administrator
BOB'S DISCOUNT FURNITURE
04.2013 - 03.2017
Systems Administrator / Supervisor
MANCHESTER PUBLIC SCHOOLS
05.2009 - 03.2013
Windows Administrator (Engineering College)
UNIVERSITY OF MASSACHUSETTS AMHERST
10.2003 - 05.2009
Technician
ENTRE COMPUTER
03.1999 - 10.2003
Associate of Science - Computer Information Science
Asnuntuck Community College