Gwyneth Van Meter

Sole security analyst responsible for threat detection, incident response, and compliance across six sensitive domains serving 193,000+ constituents. Built security infrastructure from the ground up and led investigations resulting in formal disciplinary action.

• Administered CrowdStrike XDR at full platform depth — prevention policies, detection sensitivity by asset class, alert triage, threat hunting, post-incident reporting, and automation using FQL and PSFalcon
• Conducted forensic log analysis across Netwrix Auditor, CrowdStrike, and WEF/WEC-streamed workstation and VDI logs; produced formal investigation reports that directly resulted in employee terminations and disciplinary action
• Performed sandbox analysis at scale for suspicious files using Palo Alto WildFire, CrowdStrike FalconX Sandbox, and Cuckoo Sandbox; used Microsoft Safety Scanner, Cisco ClamAV, and VirusTotal YARA for IOC-based malware identification
• Forensically scanned and cleared incoming electronic media for court proceedings, child support hearings, and probation case review; facilitated safe social media scraping and review for Probation department
• Led incident response with server, networking, and CISO teams — executing containment, eradication, and recovery using MITRE ATT&CK for attack categorization and remediation sequencing
• Correlated multi-source timelines (firewall, endpoint, AD, email, backup logs) to investigate security violations; documented findings with evidence chains suitable for HR and legal proceedings
• Used CrowdStrike Spotlight and Discovery for software inventory and compliance; identified unenrolled assets via ARP table and network neighbor analysis, actively closing EDR coverage gaps
• Developed automated PowerShell and PSFalcon workflows for malware remediation, alert enrichment, and asset tracking
• Owned the county's security posture assessment process across software procurement lifecycle — evaluated vendor questionnaires, built OWASP-scored risk profiles with spider graph visualizations
• Conducted security risk assessments and BIA using CVSS/CVE scoring; translated technical risk into business impact language for CISO and stakeholder reporting
• Authored county IT security policies adopted as formal EDC policy: no-external-USB policy with investigation, blocking, and reporting workflows; anti-public-content policy enforced at firewall level
• Administered Proofpoint TAP/TRAP, DLP policies (HIPAA/CJIS), PKI, and BitLocker fleet-wide with custom PowerShell tooling for USB device identification by VID, PID, and serial number
• Served as primary IT resource for election infrastructure — owned YubiKey PIV smart card logon with smart card removal policies for all vote center stations
• Maintained Netwrix Auditor as primary AD change auditing and logon event platform — built custom reports and alerting for access anomalies and configuration drift

Designed, administered, and maintained enterprise server environment of 500-1,300 virtual machines supporting ~1,800 employees. Led major cloud migration and implemented zero-trust architecture.

• Administered VMware Horizon VDI for ~1,700 concurrent users across 20+ departments; managed VMware AppVolumes for application layering and VMware UEM/DEM for user environment management
• Deployed and maintained VMware ESXi, vSphere, Hyper-V, Proxmox, QEMU/KVM, LXC, and Dell VxRail HCI; used VMware PowerCLI extensively for bulk infrastructure automation and reporting
• Administered multi-OS server fleet: Windows Server 2016/2019/2022 (Core & GUI), Ubuntu, Debian, RockyLinux/CentOS, VMware PhotonOS, and Dell VxRail Manager
• Maintained Active Directory, Group Policy, NAS, VPN infrastructure, and Synology solutions; managed enterprise MDM for mixed Windows/macOS fleets
• Led enterprise GSuite to M365 migration for 2,400 accounts; migrated 6,000 retained records from Google Vault into Microsoft Purview Compliance for legal hold and eDiscovery
• Architected and deployed Azure AD Connect for hybrid identity with seamless SSO; deployed full M365 E3/E5 stack with conditional access policy and Teams E2E encryption
• Modernized legacy plaintext unauthenticated email infrastructure by implementing a software adapter layer routing application mail through AWS SES with TLS encryption
• Built POS log redirection shims for Community Development and Permitting department to enable rapid troubleshooting of CardKnox/Fidelity Payments EMV reader connectivity
• Administered Azure Government sovereign cloud, bridging County on-premises infrastructure to high-assurance compliance regions
• Administered Rubrik enterprise backup platform — performed hundreds of restores spanning individual files, full VMs, and database-level recoveries; audited backup jobs and validated recovery integrity
• Executed SAN-based snapshot recovery using Nimble Storage volume clone-swaps: mounted snapshot clones, pulled failed originals offline, restored and validated in place for rapid major incident recovery
• Recovered persistent VDI machines broken by mid-install application failures using snapshot revert; consistently restored affected desktops within 30 minutes
• Administered LAPS across entire Windows fleet for privileged access hygiene; served as primary Jamf administrator for all County Apple devices
• Built PowerShell automation for BitLocker USB inventory — generated device identification strings from VID, PID, serial number, and metadata for reliable helpdesk key retrieval
• Managed HPDM for thin client fleet; built and deployed thin client images for non-persistent VDI environments
• Served as sole security resource for network segmentation across six compliance-sensitive domains: HIPAA, CJIS, Child Support, CPS, Jail Staff, and Probation
• Independently resolved Palo Alto NGFW alerts; created custom AppIDs. Administered VMware NSX for micro-segmentation with AD and Palo Alto data sharing integration
• Built SIEM infrastructure end-to-end: Palo Alto deep integration, CrowdStrike S3 log replication, WEF/WEC pipeline, Elastic Beats forwarding, and custom indicator development
• Implemented zero-trust architecture using Thycotic/Delinea Secret Server and Azure Just-In-Time access

• Deployed and maintained applications in non-persistent VDI environments; optimized VMware Horizon desktop pools
• Developed and deployed thin client images; authored technical documentation and led internal VDI change meetings
• Promoted to IT Analyst II after demonstrating independent capability

• Deployed and administered NAS infrastructure; redesigned network architecture
• Implemented hybrid on-site/off-site backup solution and administered VoIP systems

• Sole IT support for ~40 active users; implemented LAN, firewall, managed desktop fleet, and maintained Active Directory domain with Windows Server 2016 domain controllers
• Deployed Hyper-V-based VDI/RDS farm with RemoteFX 3D acceleration and HTML5 web access
• Supervised and trained 3 junior IT team members