~/connstruct$cat resume.md

Connor Maddox

Principal Security Architect — Cloud · Zero Trust · Network & Automation

connor@connstruct.techgithub.com/connstructorconnstruct.tech

Summary

Security architect with 15+ years securing regulated, global-scale environments — major banks, Fortune-class brands, and the U.S. military. Designs Zero Trust, SD-WAN, and cloud security architectures across AWS, Azure, and hybrid, turning NIST / FFIEC / PCI DSS requirements into codified, working controls — hardened baselines, Terraform guardrails, and SOAR automation that has cut SOC analyst workload by ~90%. Hands-on from threat model to IaC to audit evidence, with a measurable record of reducing risk and cost.

Core Skills

Cloud & Hybrid Security
AWS & Azure architecture (IaaS/PaaS/SaaS), secure workload design, cloud-migration governance, hardened/configuration baselines, Kubernetes & container security, cloud security posture management (CSPM/CNAPP — Wiz)
Zero Trust & Network
Zero Trust architecture, SD-WAN, segmentation & microsegmentation, trust boundaries, defense-in-depth, WAF, NGFW, DDoS mitigation, DNS & CDN security
Automation & IaC
Terraform (IaC), Python, CI/CD pipeline security (DevSecOps), SOAR design & playbooks, REST/JSON APIs, detection-engineering requirements
Identity & Access (IAM)
SAML/SSO, Entra ID, Okta, PingFederate/PingOne, identity-centric segmentation, privileged-access boundaries
Threat & Detection
threat modeling (STRIDE), MITRE ATT&CK, SIEM integration, SOAR automation, endpoint strategy, vulnerability management, DLP, secure web gateway/proxy
Data Protection & Crypto
PKI design & migration, encryption gateways, tokenization, HSM, certificate lifecycle
Frameworks & Compliance
NIST CSF, NIST SP 800-53, FFIEC, PCI DSS, CSA CCM, ISO 27001

Professional Experience

Lead Technology Engineer — Security Architecture & Migration Oversight @ Valley National Bank

  • Own security architecture for an enterprise on-prem→cloud migration across AWS and Azure, embedding security-by-design as IT engineering re-platforms 280+ applications.
  • Packaged the migration’s guardrails — trust boundaries, Zero Trust access, hardened baselines — as reusable reference patterns, so teams provision compliant workloads without per-app security review.
  • Codified FFIEC / NIST CSF expectations into concrete platform standards (logging, monitoring, identity, access, config baselines), reducing per-workload security rework.
  • Embedded control validation and audit-evidence capture into design reviews and CI/CD pipelines, cutting audit findings ~20% across migration waves.

Cloud Security Architect @ Valley National Bank

  • Architected and validated the bank’s cloud and on-prem control set against NIST CSF, CSA CCM, and FFIEC — the baseline later inherited by migrated workloads.
  • Operationalized cloud security posture management (CSPM/CNAPP via Wiz), surfacing and driving down misconfigurations across AWS and Azure.
  • Automated control validation and audit-evidence collection in Python, cutting manual audit prep ~40% and improving consistency.
  • Led architecture reviews for cloud adoption, digital banking, and payments — hands-on guidance on WAF, firewall, identity integration, logging, and encryption.

Security Solutions Architect (Contract) @ Santander Bank

  • Designed and reviewed security architectures across business lines to NIST SP 800-53.
  • Led security architecture for migrating credit-card payment processing to a cloud platform — application security, network segmentation, data protection, and PCI DSS scope.
  • Delivered risk-based guidance balancing regulatory requirements against delivery timelines.

SVP, Managing Security Architect @ Truist

  • Owned enterprise security-architecture standards and review practices across 800+ applications, leading a team of nine architects.
  • Drove a new endpoint security strategy end-to-end (evaluation → selection → deployment), improving detection coverage while reducing cost ~30%.
  • Automated distribution of security guidance and reference patterns so a nine-person team could advise the entire $550B bank without becoming the bottleneck.

Security Architect (Contract) @ Credit Suisse

  • Designed and deployed a global SOAR platform, automating triage and response and cutting SOC analyst workload ~90%.
  • Ran market evaluation and integration of SIEM, endpoint, and gateway tooling aligned to NIST and ISO.

Security Solutions Architect @ Dimension Data

  • Designed global SD-WAN and Zero Trust network architecture for a worldwide consumer brand, bringing its global payment estate into PCI DSS scope.
  • Led security solution design across 14 major global enterprise accounts, aligning architecture and controls to each client’s business and compliance objectives.

VP, Security Engineering & Architecture @ Credit Suisse

  • Redesigned enterprise vulnerability management, expanding coverage while cutting effort ~30%.
  • Realigned security products and processes to NIST CSF, establishing a stronger architecture baseline for program maturity.

Infrastructure & Security Solutions Architect (Progressive Roles) @ Agio

  • Designed enterprise PKI migration ensuring trust continuity, minimal downtime, and clean certificate-lifecycle management.
  • Led Tier 3 engineering and hands-on vulnerability assessment and remediation in client environments.
  • Shifted client engagements to security-first delivery, catching issues pre-deployment and cutting remediation cost ~80%.

Earlier Career

Senior Systems Administrator @ Putnam City School District

Overhauled the network core (switches, firewalls), deployed a fiber-channel three-tier SAN, and implemented defense-in-depth (~$145K/year saved); rolled out a 1:1 student iPad program and built an automated Minecraft-for-Education cluster with a custom teacher-facing web UI.

Network Operations Supervisor / Systems Programmer @ U.S. Air Force

Held a second-level management role (manager of managers, multiple teams) as a Staff Sergeant (E-5/NCO); directed secure network operations and built mission-critical software; >$1M combined annual savings; former TS/SCI clearance (expired).

Certifications

CISSP (ISC2, 2016) · CNDA (EC-Council, 2017) · CEH (EC-Council, 2016)

Education

B.S., Information Technology Security @ Western Governors University

A.A.S., Computer Science @ Community College of the Air Force