Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Norman Hag

Senior Cloud Security Consultant
Plainfield,IL

Summary

Accomplished Senior Security Consultant with over five years of focused expertise in cloud and endpoint security, specializing in Microsoft technologies such as Intune, Office 365, Azure, and the Microsoft Defender Suite. Demonstrated success in architecting and deploying Zero Trust frameworks, overseeing enterprise-scale endpoint protection strategies, and leading high-impact incident response operations. Skilled in aligning cybersecurity initiatives with organizational goals to minimize risk, ensure compliance, and strengthen operational resilience. Widely recognized for delivering measurable improvements in security posture, regulatory adherence, and cross-functional team performance across sectors including healthcare, finance, and government.

Overview

10
10
years of professional experience
4
4
years of post-secondary education
2
2
Certifications

Work History

Senior Cloud Security Consultant

Public Consulting Group, Inc.
Boston, Massachusetts
07.2022 - 03.2025
  • Microsoft Sentinel: Optimized Azure Sentinel, improving threat detection capabilities by 45% and reducing false positives by 60%, allowing the security team to focus on genuine threats.
  • Microsoft Defender for Endpoint: Deployment of Microsoft Defender for Endpoint on 5000+ workstations and servers. Automatically isolated infected endpoints from the network, triggered automated investigations, and provided remediation actions.
  • Microsoft Defender for Identity: Detected a Pass-the-Hash attack attempt in a large financial institution. Provided a detailed timeline of the attacker's activities and recommended immediate actions to isolate affected accounts.
  • Microsoft Cloud App Security: Implemented Cloud App Security for SaaS application protection, reducing breach incidents by 95% and saving the client $5M in potential losses.
  • Orca Security: Integrated Orca Security for comprehensive cloud security posture management, identifying and mitigating vulnerabilities across multi-cloud environments.
  • Abnormal Security: Addressed insider threats by deploying Abnormal Security's behavioral solution, detecting and preventing a potential data exfiltration attempt, saving the customer from a $10M lawsuit.
  • BlueVoyant Client Defense Platform: Integrated BlueVoyant Cyber Defence Platform, enhancing threat intelligence capabilities and reducing mean time to detect (MTTD) from 2 weeks to 2 hours for sophisticated threats.
  • - Led the design and execution of enterprise-wide cybersecurity strategies across multiple client environments, achieving a 40% reduction in security incidents and generating $2M in annual cost savings.
  • - Defined and tracked key performance indicators (KPIs) for security operations, enhancing operational efficiency by 30% and maintaining 99.9% uptime for critical systems.
  • - Remediated a persistent malware outbreak for a healthcare client by deploying Microsoft Defender for Endpoint and Abnormal Security, ensuring HIPAA compliance and avoiding $1.5M in potential penalties. Key actions included:
  • - Deploying Defender for Endpoint across 5,000+ endpoints
  • - Integrating Abnormal Security for advanced email threat protection
  • - Creating custom detection rules for healthcare-specific threats
  • - Enforcing application whitelisting and USB device control
  • - Automating incident response workflows
  • - Mitigated insider threat risks by implementing Abnormal Security’s behavioral analytics, preventing a $10M data exfiltration incident. This included:
  • - Behavioral baselining for 5,000+ users
  • - Automated response actions for high-risk behaviors
  • - Continuous tuning of detection algorithms
  • - Development of a comprehensive insider threat playbook
  • - Leveraged Microsoft Defender for Identity to detect and respond to a Pass-the-Hash attack at a financial institution, providing real-time alerts and forensic timelines to isolate compromised accounts.
  • - Responded to a sophisticated malware campaign at a global manufacturer using Defender for Endpoint to:
  • - Detect and isolate infected devices
  • - Launch automated investigations
  • - Remediate threats and prevent lateral movement
  • - Contained a targeted phishing campaign at a healthcare provider using Defender for Office 365 to:
  • - Block malicious emails and reset compromised accounts
  • - Remove phishing artifacts from user inboxes
  • - Automate investigation and remediation
  • - Coordinated a unified response to a multi-vector cyberattack using Microsoft Defender XDR, correlating identity, endpoint, and email telemetry to deliver a single-pane-of-glass incident view.
  • - Directed a team of three security analysts, fostering a culture of innovation and continuous improvement, resulting in a 25% boost in productivity and a 15% reduction in turnover.
  • - Integrated BlueVoyant’s Cyber Defense Platform to enhance threat intelligence and reduce mean time to detect (MTTD) from 14 days to under 2 hours.
  • - Delivered monthly security awareness training to 5,000+ employees, reducing phishing success rates by 75% within a year.
  • - Designed and implemented a Zero Trust architecture in Azure, reducing unauthorized access attempts by 80%.
  • - Tuned and optimized Microsoft Sentinel and Azure Security Center, improving threat detection accuracy by 45% and reducing false positives by 60%.
  • Environment: Azure, Microsoft Sentinel, Defender Suite (Endpoint, Identity, Office 365), Intune, Abnormal Security, BlueVoyant, Orca Security, Keep PAM, Windows Server 2016/2019, 0365 Security

Sr Cloud Consultant

Sentinel Technology Group
Downers Grove, Illinois
09.2019 - 04.2024
  • Managed all aspects of Azure, Intune, and O365 infrastructure, including IT strategy, system development, troubleshooting, and conflict resolution.
  • Evaluated customer environments and provided recommendations for MDM/MAM, Microsoft Information Protection (AIP), Microsoft Defender for Endpoints, and Cloud App Security (MCAS). Assisted with onboarding processes for Azure/O365 tenants.
  • Built a new Microsoft Intune infrastructure from the ground up, implementing Autopilot, Windows updates, Cloud PC infrastructure, app deployments, Windows Hello, and compliance policies tailored to customer needs.
  • Created SCCM/Intune policies to ensure device health, compliance, and optimized user experience.
  • Enhanced security posture through virtual desktop infrastructure (VDI), isolating applications and data from local hardware to reduce data leakage risks.
  • Upgraded and implemented MECM/Intune/Azure/O365 to deploy OS, software, updates, and security policies, ensuring a modern and secure IT environment.
  • Delivered endpoint protection solutions including Autopilot, co-management, antivirus, BitLocker encryption, and Windows updates.
  • Developed and executed strategies for mobile device management across hybrid environments.
  • Transitioned from legacy to modern management: ConfigMgr to cloud delivery, Win32 to modern apps, Kerberos to modern auth, GPO to MDM, and WSUS to Windows Update for Business.
  • Partnered with the Sentinel SOC team to design and deploy Microsoft Defender for Endpoint solutions, supporting secure onboarding and endpoint protection.
  • Integrated and managed endpoints aligned with customer strategies and deployment tools.
  • Identified and visualized sensitive data to drive adoption of information protection technologies.
  • Executed Azure migrations from on-premises infrastructure, auditing capabilities and providing centralized visibility across workloads.
  • Used Azure Migrate to track and manage migration efforts, delivering insights into dependencies and progress.
  • Configured Azure Sentinel with Azure Security Center, MCAS, Nessus, O365 ATP, Windows Defender, and Microsoft ATP for centralized threat detection.
  • Created and deployed Intune provisioning profiles, configurations, and security policies.
  • Researched and implemented new technologies to resolve issues while maintaining compliance with enterprise safety standards.
  • Designed and enforced Data Loss Prevention (DLP) policies in Microsoft 365.
  • Provided consultation and implemented security policies using Azure DLP/AIP and Microsoft ATP.
  • Replaced outdated technologies over a three-year period, modernizing IT infrastructure to support long-term business growth.
  • Environment: 4,000+ client seats, Microsoft Intune, SCCM, Azure, O365, Windows Server 2012/2016/2019

Senior Cloud Security Engineer

Concurrency
Chicago, Illinois
03.2019 - 06.2019
  • Redesigned and streamlined the incident response framework, reducing average resolution time from 48 hours to under 4 hours, significantly enhancing response agility and increasing client satisfaction by 40%.
  • Deployed a risk-based vulnerability management strategy, prioritizing remediation based on asset criticality and threat exposure, achieving a 98% patch compliance rate across a fleet of 15,000+ endpoints.
  • Conducted quarterly enterprise-wide risk assessments, identifying and mitigating over 50 high-risk vulnerabilities, proactively preventing potential financial losses exceeding $10M.
  • Resolved a high-impact security issue for a national retail chain experiencing frequent data breaches across 100+ locations. Delivered a comprehensive, multi-layered defense strategy that reduced breach incidents by 95% and saved the client an estimated $5M. Key initiatives included:
  • Deploying Microsoft Defender for Endpoint across 1,000+ endpoints to enhance endpoint detection and response (EDR) capabilities.
  • Implementing Microsoft Cloud App Security to monitor and secure SaaS applications.
  • Developing and enforcing custom security policies and real-time alerting mechanisms.
  • Integrating with the client’s existing SIEM platform for centralized visibility and correlation.
  • Conducting regular security posture reviews and continuous improvement cycles.
  • Environment: Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft Cloud App Security, Microsoft 365 Security, SCCM, SIEM, Windows Server 2016/2019, Azure AD, Intune

Senior Cloud Security Consultant

City of New York
New York, New York
01.2019 - 03.2019
  • Deployed and managed Microsoft Defender for Office 365 across 10,000+ mailboxes, reducing phishing incidents by 90% and preventing over $1M in potential fraud losses.
  • Led the Azure migration initiative, leveraging Azure Migrate to assess, plan, and track the full lifecycle of cloud migration. Delivered comprehensive visibility into application dependencies and infrastructure readiness.
  • Configured and integrated Azure Sentinel with Azure Security Center, Microsoft Cloud App Security (MCAS), Nessus, and other security tools to enable centralized threat detection and response.
  • Developed and deployed Intune provisioning profiles, configuration baselines, and security policies to streamline device management and enforce compliance across the enterprise.
  • Environment: Azure Sentinel, Azure Security Center, Microsoft Cloud App Security (MCAS), Microsoft Defender for Office 365, Microsoft Intune, Nessus, O365 ATP, Windows Defender, Microsoft ATP, Azure Migrate, Windows Server

Senior Endpoint Engineer

CDW
Vernon Hills, Illinois
09.2017 - 10.2018
  • Strengthened enterprise security posture by implementing virtual desktop infrastructure (VDI), ensuring applications and data remained isolated from local hardware and reducing the risk of data leakage.
  • Collaborated with the Sentinel SOC team to architect and deploy Microsoft Defender for Endpoint (MDO) solutions tailored to client environments, supporting secure onboarding and endpoint protection.
  • Led endpoint integration and remediation initiatives, aligning deployment strategies with clients’ existing configuration management frameworks and operational goals.
  • Designed and enforced Microsoft 365 Data Loss Prevention (DLP) policies to safeguard sensitive information across cloud and on-premises environments.
  • Delivered expert consultation on Azure Information Protection (AIP) and Microsoft Advanced Threat Protection (ATP), implementing policies to enhance data classification, labeling, and threat mitigation.
  • Modernized IT infrastructure by replacing legacy systems over a three-year transformation, including hardware, software, and application platforms, enabling scalability and supporting long-term business growth.
  • Partnered with CDW Operations to execute SCCM upgrade projects, including the migration from SCCM 2007 to SCCM 2012 and management server enhancements.
  • Environment: 50,000+ endpoints, 4,000+ servers, Windows Server 2012/2016, SCCM, SCOM, Active Directory, SQL Server, PolicyPak, AdminStudio, Hyper-V, VMware, Tivoli Storage Manager (TSM), 2,900-server provisioning infrastructure

Senior Endpoint Engineer

Chicago Transit Authority, CTA
Chicago, Illinois
05.2016 - 09.2017
  • Designed and deployed a robust SCCM infrastructure, including the development of software packages and a comprehensive patch management solution to support enterprise-wide endpoint security and compliance.
  • Participated in domain controller recovery and role transfer operations, ensuring seamless restoration and continuity of Active Directory services across Windows Server 2008 and 2012 environments.
  • Configured DNS stub zones and implemented two-way transitive forest trusts to support secure cross-domain authentication and resource sharing.
  • Upgraded and restructured server clusters and network infrastructure using VMware vSphere 5.1, enhancing performance and scalability for Active Directory and Exchange Server environments.
  • Standardized desktop imaging and deployment processes by creating baseline configurations for all new and reimaged workstations using SCCM.
  • Led the identification and migration of physical servers to virtual infrastructure (P2V), managing a 700-server environment and 300+ desktop/mobile endpoints.
  • Executed decommissioning of legacy systems, including inventorying and migrating end-of-life Windows servers to modern platforms, ensuring minimal disruption and improved operational efficiency.
  • Acted as a liaison between technical teams, vendors, and stakeholders, fostering strong communication and alignment across project deliverables and expectations.
  • Environment: 10,000+ endpoints, 800+ servers, 10 locations, NetApp Storage, Windows Server 2003/2008, Active Directory, VMware vSphere, SQL Server, SCCM, AdminStudio, PolicyPak, Group Policy Objects (GPOs)

IT Cunsultant

Tenneco Automotive
Lincolnshire, Illinois
05.2015 - 02.2016
  • Served as a Senior Systems Engineer consultant supporting multiple Wintel infrastructure projects across global Tenneco environments.
  • Led infrastructure management initiatives using ITIL, MOF, and MSF frameworks to ensure operational consistency and service delivery excellence.
  • Facilitated cross-functional collaboration to align project deliverables with business and technical objectives.
  • Architected and deployed enterprise-wide patch management solutions using IBM Tivoli BigFix, enhancing system compliance and reducing vulnerability exposure.
  • Conducted comprehensive testing and validation of server-side application migrations within virtualized environments.
  • Executed a large-scale upgrade of 1,800 Symantec Endpoint Protection clients across North America, Europe, and Asia using SCCM and IBM BigFix (TEM), improving endpoint security posture and standardization.
  • Environment: 35,000+ endpoints, 1,800+ servers, HP DL380/DL580 infrastructure, Tivoli Storage Manager (TSM), Windows Server 2003/2008/2012, Active Directory, SQL Server, SCCM, AdminStudio, VMware, Clusters, HBAs

Education

Bachelor of Science - Bachelor of Science in Information Technology

Western Governors University
Salt Lake City, UT
09.2015 - 09.2019

Skills

Cloud Security & Architecture

Endpoint Security & Management

Identity & Access Management

Threat Detection & Response

Data Protection & Compliance

Email & Collaboration Security

Security Operations & Monitoring

Leadership & Strategy

Project Management

Certification

Diploma in Computer Systems Technology

Timeline

Senior Cloud Security Consultant

Public Consulting Group, Inc.
07.2022 - 03.2025

Microsoft Certified: Azure Solutions Architect Expert

07-2020

Sr Cloud Consultant

Sentinel Technology Group
09.2019 - 04.2024

Senior Cloud Security Engineer

Concurrency
03.2019 - 06.2019

Senior Cloud Security Consultant

City of New York
01.2019 - 03.2019

Senior Endpoint Engineer

CDW
09.2017 - 10.2018

Senior Endpoint Engineer

Chicago Transit Authority, CTA
05.2016 - 09.2017

Bachelor of Science - Bachelor of Science in Information Technology

Western Governors University
09.2015 - 09.2019

IT Cunsultant

Tenneco Automotive
05.2015 - 02.2016

Diploma in Computer Systems Technology

09-2008

Similar Profiles

CREATE PROFILE
Norman HagSenior Cloud Security Consultant
Create your own profile for free at Zety.com