Brad Herrington

CyberArk & PAM: Sentry & Defender Certified | PAS Suite | CPM | PVWA | PSM | PACLI | REST API | Alero | Vault Admin | Safe Management | Onboarding Automation

Scripting & Automation: PowerShell | Bash | Python (basic) | CLI Tools | Task Scheduler | Reporting Automation | Linux Shell Navigation

Cloud & Infrastructure: AWS (IAM, EC2, S3, CloudWatch, Cost Explorer, Shared Responsibility Model) | Windows Server 2012–2019 | Active Directory | DNS | Group Policy | VMware | AWS GovCloud

Container & Orchestration: Docker (home use, Pi-Hole) | Kubernetes/EKS (lab exposure)

Full-Stack Development: React | TypeScript | Python

DevOps & CI/CD: GitLab Pipelines (build – S3 deploy) | Git | Jira | Confluence

Security & IAM: Privileged Access Management (PAM) | Identity Lifecycle | ITIL 4 Practices | Access Reviews | Firewall Segmentation | Network Protocols (TCP/IP, NAT, DNS, DHCP) | Vulnerability Scanning

Tools & Monitoring: Wireshark | tracert | nslookup | netstat | Event Viewer | CloudWatch | Cost Explorer | ITIL Ticketing Processes

• Raised PassM Cybersecurity Scorecard from 400 – 700 (Red to Green status).
• Completed ITP record rationalization, eliminating duplicate/obsolete entries and improving audit readiness.
• Developed bulk platform update and license recovery scripts that prevented the purchase of additional CyberArk licensing, delivering cost avoidance.
• Implemented Patchbot management for PassM Production, USTest, and EAD Servers.
• Streamlined and reduced 5+ years of legacy CPM rule sets, improving CyberArk performance and reducing system overhead.
• Developed a PowerShell script to update Vault Admin permissions across 7,500+ safes, improving audit readiness and consistency.
• Issued 60+ certificates for vulnerability scanners to meet evolving corporate security policy requirements.
• Supported PassM migration from Denver to Dallas data center, ensuring system continuity and minimal downtime.
• Conducted safes audit across Windows platforms, identifying misallocated entries and optimizing password automation coverage.
• Remediated critical security vulnerability in PassM, enhancing protection against unauthorized access.
• Led feasibility study for migrating PassM to AWS GovCloud; identified key cost benefits and technical constraints.

• ISS Tracker – Full-stack web app built with React + TypeScript (HTML5/CSS3) front-end and a Python-based AWS Lambda back-end behind API Gateway. Data is persisted in DynamoDB; the static site is hosted on S3 with CloudFront, secured by HTTPS and strict CORS policies. cloudcrafted.dev/iss-tracker
• Sleuthwork.app – Puzzle-game platform using the same stack (React + TypeScript UI, Python + Lambda API, DynamoDB, S3/CloudFront). Implements HTTPS, CORS, and least-privilege IAM roles for all AWS resources. sleuthwork.app

• CyberArk Sentry Certification
• CyberArk Defender Certification
• AWS Certified Cloud Practitioner
• CompTIA A+ Certification
• CompTIA Network+ Certification
• CompTIA Cloud+ Certification
• CompTIA Security+ Certification
• CyberArk Alero Remote Access Certification
• ITIL 4 Foundations by PeopleCert
• LPI Linux Essentials
• AWS Solutions Architect – Associate (in progress, expected Q2 2026)
• AWS SysOps Administrator – Associate (in progress, expected Q2 2026)

Bachelor of Science, Cloud Computing (Expected Apr 2026), Western Governors University (WGU)