Projects

Austin, TX Company Security Assessment – Typosquatting Email Compromise

An Austin-based company was targeted by a sophisticated cyber-fraud attack carried out by advanced persistent threat (APT) actors. Attackers used typosquatting to create a fraudulent email domain that closely resembled the company’s outsourced accounting firm. A key executive’s email account was compromise giving the actor insight into client financial communications. The actors created a fake invoice with a false embedded link redirecting payments to the attackers account.

Facing financial and reputational risk, I was engaged to conduct a detailed security breach analysis. I was able to identify the root causes; lack of multifactor authentication (MFA), delayed transfer of internal billing responsibilities, and reliance on manual processes. There were multiple contributing factors, including poor email verification practices and gaps in communication during billing handoffs.

A comprehensive remediation plan was delivered with key recommendations to improve employee awareness, phishing techiques, fraudulent domains, and strengthening communication protocols for invoicing.

By following NMC’s guidance, the company enhanced its cybersecurity posture, reduced future risk, and restored trust with its clients.

San Franciso Wastewater Treatment Plants – Network Upgrade – Security Expansion Project

The Network Upgrade – Security Expansion Project, established a comprehensive security network for San Francisco’s primary wastewater treatment plant. With a budget of $770,000, the project focused on protecting critical infrastructure through a combination of advanced Network Access Control (NAC)802.1x, secure wireless, upgraded switching, servers, storage, physical security door control, and surveillance systems. NAC ensures policy is enforced to detect and authenticate devices at the point of connection.

This project is just one of three sites that received this level of upgrades. All video suveillance feeds are transmitted to centralized servers enabling continuous monitoring and improved situational awareness. The design ensures only authorized devices access the network, reducing the risk of intrusion and enhancing protection of critical assets.

California Francise Tax Board – Digital VIdeo Surveillance Conversion Project

The Digital Video Surveillance Conversion Project for the State of California Franchise Tax Board (FTB) involved upgrading and modernizing an extensive security camera system. All cameras an supporting infrastructure was upgaded to enhance an existing 200 analog and digital cameras to a unifed system. The original Bosch analog recording system was replaced with IP-based Milestone, and AXIS Communications technologies.

The project was complete with no system downtime. Multiport amplifiers were used to duplicate camera signals, allowing thorough testing and validation before the final cutover. Axis Communications encoders were used to convert all analog camera feeds into IP-based video, effectively modernizing the entire surveillance network.

The upgraded system added 80 terabytes of storage failover enabling higher frame rates for improved image quality. The project was recognized with a Gold Star rating by the State of California, highlighting NMC’s technical expertise and successful delivery.

Sacramento Regional Water Treatment Plant – Fiber Optic Infrastructure Upgrade

The Sacramento Regional Water Treatment Plant “EchoWater” Project (Contract #4240) involved a major fiber optic infrastructure upgrade with project cost of $940,000. The project included designing new paths and deploying over 23,000 feet of new OM3 and OS1 shielded fiber optic backbone infrastructure. All cables were fusion spliced and certified.

Alternate routing had to be engineered to accomodate underground building structures. Over 9,000 feet of Galvanized and PGRS conduit was installed including explosion-proof passthroughs and mechanical seals to prevent chemical infiltration. Safety was critical due to the hazardous environment following OSHA standards and use of specialized detection equipment for confined or chemical-prone areas. The upgrades have improved the reliability, safety, and scalability of the plant’s network infrastructure.

San Mateo-Foster City School District – Bond Network Upgrade Expansion Project

The San Mateo-Foster City School District (SMFCSD) undertook a $3.79 million Network Upgrade Expansion Project to modernize and secure its IT infrastructure. THe project required a full network design to implement a comprehensive 802.1x solution with all new new switching equipment, district-wide wireless, firewalls, UPS systems, server virtualization, storage expansion, and migration to Microsoft Exchange Server. The project also involved deploying EMC backup and email archiving systems, as well as cleaning and upgrading all communications rooms and closets.

A complete network assessment was conducted and used to develope a remediation plan centered on the 802.1x – based architecture. A key focus was implementing a robust security framework with Network Access Control (NAC) and policy enforcement at the network edge. This allows the system to evaluate device type, user role, location, and access conditions before granting connectivity, ensuring highly granular and centralized control over both wired and wireless access.

THe project was conducted in collaboration with the district IT staff to deploy the upgrade. Core systems were upgraded with redundancy and performance optimization prior to cutover. Servers were virtualized into a VMware environment supported by EMC storage and centralized backup solution, improving efficiency, storage management, and data protection. Infrastructure upgrades also included new racks, enclosures, cabling, and power systems.

An Enterprise Management Suite was deployed to provide centralized network monitoring, policy management, asset tracking, and automated security responses. Active Directory was restructured to align with user roles and policy enforcement, enhancing security and operational predictability.

Additionally, Microsoft services such as RADIUS (NPS), Certification Authority, and Group Policies were configured to enable 802.1x authentication. The NAC system enforces device compliance with district standards, including patching, antivirus, and firewall requirements, redirecting non-compliant devices to remediation resources. This project resulted in a highly secure, scalable, and centrally managed network environment.

California Department of Corrections and Rehabilitation – Network Upgrade and Site Documentation

This $547K project with the CDCR, Division of Juvenile Justice (DJJ), included upgrade of network infrastructure and design of a secure enterprise architecture. All network infrastructure and underground pathways werer documented for all eleven sites statewide.

Enterprise Information Systems (EIS) staff coordinate access for this project ensuring strict adherence to security protocols and operational requirements. Core network equipment was staged and pre-tested to validate performance, redundancy, and failover prior to deployment.

Enterprise Network Design

The design featured a comprehensive IP addressing, routing, and Network Access Control (NAC) using 802.1x. Security policies were enforced at the switch port level, ensuring only authorized users and devices could access network resources.

Access levels were restricted based on authentication, with correctional staff, educators, and wards assigned appropriate permissions. Unauthorized devices were automatically denied access, strengthening overall network security.

An Enterprise Management Suite was configured to provide centralized control, enabling EIS to manage policy enforcement, asset tracking, automated security response, and access control across all sites.

Documentation and Site Implementation

Multiple teams were deployed to upgrade and document 11 DJJ sites. Work was carefully coordinated to comply with correctional facility protocols, including escorted access where required.

Detailed documentation included firewall and switch configurations, redundant firewall deployments, and logical network diagrams illustrating connectivity and security operations. Physical site diagrams identified equipment locations, cabling, and pathway capacities, produced in AutoCAD, with logical diagrams delivered in Visio.

Each site received a comprehensive report outlining infrastructure details and remediation recommendations. All deliverables—including diagrams, configurations, and as-built documentation—were provided in both electronic format and printed binders for EIS use.

California Emergency Management Agency (CalOES today) – Sequoia Pacific Ave Data Center & CalEMA Data Center Remediation Upgrades

These $1.5M combined data center projects focus on modernizing, securing, and scaling critical infrastructure through modular design, improved power and cooling systems, and enhanced cable and equipment management.

The Sequoia Pacific Avenue Data Center Retrofit established a scalable, modular foundation for future growth. Key improvements included the installation of high-density equipment enclosures, redesigned underfloor cable management, and optimized rack layouts to support hot and cold aisle containment. Power distribution was enhanced with dual-source vertical PDUs connected to both UPS and building power, while airflow efficiency was improved through organized cabling, sealed floor cutouts, and proper enclosure spacing. Additional upgrades included extending copper and fiber connectivity, installing patch panels, and relocating power infrastructure to align with the new layout. This phase delivered a cleaner, more efficient, and expandable data center environment.

The CalEMA Data Center Project was expanded into a multi-phase, enterprise-scale deployment. Initial phases introduced high-density enclosures, overhead cable management, modular power distribution, and improved cooling design with hot/cold aisle separation. Subsequent phases included adding enclosures to complete rows and enable hot aisle containment, expanding fiber and copper infrastructure, and extending power buss systems. Redundant UPS systems were introduced to ensure continuous operation of critical systems, while cooling systems were reconfigured for efficiency and longevity.

Across both projects, the emphasis was on modularity, redundancy, and operational efficiency. Together, they delivered highly organized, secure, and scalable data center environments that support future expansion, improve reliability, and reduce energy consumption, aligning with modern data center best practices.