Resume

Principal Consultant | JB Management

November 2025 – Present

Technical and business consulting for SME and non-profit clients across secure web architecture, workflow automation, AI integration, and digital infrastructure.

• Secure Full-Stack Development: Architect and deploy high-performance Next.js applications for SME clients. Implemented Defense-in-Depth strategy using Content Security Policies, Zod/TypeScript strict validation, and NextAuth.js, achieving zero high-risk vulnerabilities at deployment.
• DevSecOps & CI/CD Integration: Standardized security across the SDLC by integrating GitHub Advanced Security; CodeQL for SAST scanning and Dependabot for dependency management, reducing vulnerability remediation time by 50%.
• Workflow Automation & AI: Architect and deploy custom AI-driven automation workflows using n8n and content pipelines to streamline lead generation, data entry, and operational monitoring. Reduced manual lead-processing time by 40% for service-based clients.
• Secure Infrastructure: Design and maintain secure self-hosted virtualization environments (Proxmox). Cloudflare Zero-Trust tunnels and Google OAuth secure administrative interfaces; 99.9% availability for business-critical client services.
• Digital Transformation: Direct modernization of digital footprints for client brands (e.g., Lure Kitchen & Bath, dnfdesign.ca), delivering SEO-optimized web architectures and automated monitoring; 25% increase in organic search visibility.
• Technical Stakeholder Management: Translate complex technical requirements across structural, regulatory, and security domains into actionable, executive-ready project roadmaps.

Project Manager | Newfore Inc.

April 2024 – July 2025

Construction project management at a commercial and residential general contractor. Owned end-to-end project delivery, client relationships, and trade coordination.

• Project Delivery: Managed end-to-end delivery of $2M+ in commercial and residential construction projects, coordinating engineering teams, trades, suppliers, and inspectors against fixed schedules and budgets.
• Client & Stakeholder Management: Acted as primary client liaison from preconstruction through closeout. Maintained 100% client satisfaction across active project portfolio through structured communication and proactive issue management.
• Regulatory & Permitting: Managed municipal zoning, permitting, and site-specific regulatory requirements across multiple jurisdictions. Used data-driven status reporting to maintain project velocity through inspection cycles.
• Trade & Field Coordination: Coordinated up to 10 field staff and multiple subcontracted trades across concurrent active sites. Managed scope changes through formal change-order processes.
• Risk Management: Conducted project-wide risk assessments to identify and mitigate single points of failure across site safety, supply chain logistics, and project data handling.
• Digital Workflow Refinement: Worked within the existing Buildertrend deployment to tighten project workflows, refine feature usage across the team, and improve consistency of project tracking and reporting.

Owner / Operations Manager | Bram Weitzman Renovations

2005 – April 2024

Founded and operated a specialized custom renovation business for 19 years. Managed scope, schedule, budget, and client relationships across 300+ residential renovation projects.

• Business Operations: Owned full client lifecycle: discovery, requirements gathering, design iteration, contract negotiation, delivery, and warranty. Managed cross-functional teams of subcontractors and internal staff under fixed-budget constraints.
• Regulatory Compliance: Managed all required municipal building permits and 300+ inspection cycles across the company's lifecycle. Reduced first-pass code violations by 20% through structured pre-audit inspections.
• IT & Infrastructure: Designed and maintained the company's networked office systems, remote access VPN, and multi-tier backup protocols. Zero data loss over two decades. Operated cloud databases, CAD tooling, and project management software as core operational infrastructure.
• Change Management: Managed project scope shifts through formal change-control processes including signed change orders. Investigated on-site failures using root-cause analysis methodology, prioritizing long-term remediation over temporary fixes.
• Quality Assurance: Led structured client walkthroughs at project completion to verify alignment between deliverables and original requirements. Managed subcontractor teams across multiple trades under fixed-budget constraints.

AI, Automation & Workflow Engineering

• Enterprise Integration Workflows (n8n): Architected self-hosted n8n instances connecting disparate business applications (CRMs, email platforms, databases). Built custom automation pipelines processing webhooks and API integrations to route business logic securely.
• RAG Chatbot Architecture (ISC2 Toronto): Led development of an AI-powered chatbot using Rasa and Ollama to automate member Q&A. Integrated a vector database for context-aware responses; scripted Python/JSON pipelines for telemetry. Established governance protocols for secure data ingestion and member privacy.

Secure Application Development & Architecture

• Modern Web Architectures (Next.js): Built and deployed responsive web applications for commercial clients using React and Next.js with strict data validation via TypeScript and Zod.
• Threat Modeling & Secret Management: Performed architectural decomposition of legacy authentication systems to identify broken trust boundaries. Re-architected solutions using Machine Identity and cloud-native Secrets Managers, eliminating persistent credentials in source code.

Enterprise Network Simulation & Security Homelab

• Zero Trust Network Design: Designed network topology based on a Zero Trust threat model assuming breach at the perimeter. Implemented micro-segmentation (VLANs) via pfSense and Cisco ASA 5520 to prevent lateral movement between IoT, user, and server subnets.
• Secure Access & Identity: Deployed Cloudflare Tunnels to securely expose internal services without opening inbound firewall ports. Integrated Microsoft Entra ID (OIDC) and Google OAuth to enforce MFA on all web-facing administrative logins.
• Network Security Monitoring: Deployed Graylog SIEM with Elasticsearch to simulate enterprise-grade log analysis and threat detection. Ingested syslog from firewalls and web servers; configured custom alerts and stream rules to identify potential security anomalies.
• Packet Analysis: Validated network configurations and ACLs through packet-level analysis across VLANs using Wireshark and TCPDump to ensure traffic flow adhered to least-privilege principles.