San Jose, CA · Available for Consulting

Suresh
Chand

Director of IT · Cloud · Security

20+ years building, securing, and operating enterprise infrastructure across Microsoft and Linux environments. Deep hands-on expertise in hybrid cloud architecture, identity management, PCI DSS 4.0.1, and DevOps.

View Experience GitHub Portfolio
20+
Years Experience
20
GitHub Repos
PCI
DSS 4.0.1 Certified
Enterprise IT Infrastructure — circuit board abstract
🛡️
PCI DSS 4.0.1
Fully led · Audit passed
☁️
Hybrid Cloud
Azure · OCI · On-Prem
🔑
Microsoft Entra ID
Conditional Access · MFA
🐳
Docker · Linux
Production-grade stacks
Background

Built for both the boardroom
and the terminal.

I'm a Director-level IT leader with 20+ years of hands-on experience designing, securing, and operating enterprise infrastructure across Microsoft and Linux environments. My background spans fintech, SaaS, healthcare, and SMB — from a 9-year Unix systems lead at a risk analytics SaaS company to building out an entire IT and security function at a fintech startup from the ground up.

I led Paynuity through a full PCI DSS 4.0.1 certification cycle — gap analysis, remediation, documentation, audit, done. I'm not just a manager who delegates it; I wrote the PowerShell scripts, mapped the controls, built the evidence repository, and sat in the audit room.

On Upwork I take on consulting work across M365 administration, email deliverability, Entra ID / Intune configuration, Linux infrastructure, and Docker-based stack deployments. I build things that actually run in production.

PCI DSS 4.0.1 — Full Lifecycle
Gap analysis → remediation → SOPs → audit evidence → certification. All applicable requirements passed at Paynuity.
Resolved a Company-Wide Email Outage
Root-caused and fixed a sensitivity label encryption misconfiguration that took down all outbound email. Full Exchange Online + OME diagnosis.
Fractional IT Director · Upwork Consulting
Available for M365, Entra ID, Intune, email security, Linux infrastructure, and compliance engagements. Remote · Bay Area.
Technical Stack

Core Competencies

Azure, Linux, Docker, Security — technology ecosystem
🪟
Microsoft 365 & Identity
Microsoft Entra ID Conditional Access MFA Microsoft Intune Exchange Online SharePoint Teams Microsoft Defender Microsoft Purview Active Directory PowerShell Graph API
🐧
Linux & DevOps
Ubuntu 22.04 / 24.04 Fedora CoreOS Docker Docker Compose Podman NGINX Prometheus Grafana Alertmanager Loki Wazuh Elasticsearch WSL2 systemd
🔒
Security & Compliance
PCI DSS 4.0.1 CIS Benchmarks NIST CSF DKIM / DMARC / SPF OME Kali Linux Penetration Testing Vulnerability Assessment FreeRADIUS SSH Hardening fail2ban
🖥️
Virtualization & Hypervisors
VMware ESXi VMware vSphere vCenter Server vMotion HA / DRS Microsoft Hyper-V Hyper-V Clustering Proxmox VE VM Templates Snapshots Storage vMotion VM Backup & Recovery
🏗️
Infrastructure & Networking
Windows Server Azure OCI Cisco ASA FortiGate Juniper DNS / Cloudflare Technitium DNS NGINX Proxy Manager Portainer SQL Server MariaDB
Career History

20+ Years of Hands-On IT Leadership

DEC 2022 – SEPT 2025 Fintech Most Recent
Director of IT
Paynuity, Inc. · Remote / San Jose, CA
PCI DSS 4.0.1 Readiness & Certification
PCI DSS compliance — shield and vault
✓ PCI DSS 4.0.1 — ALL REQUIREMENTS PASSED
  • Led organization through full PCI DSS 4.0.1 certification — all applicable requirements passed.
  • Owned complete compliance lifecycle: gap analysis, remediation, SOPs, evidence repository, and audit readiness.
  • Built PowerShell automation scripts for CIS benchmark checks and PCI control validation.
  • Authored all audit documentation and compliance trackers used during the certification cycle.
Identity & Security Architecture
  • Designed and enforced Microsoft Entra ID Conditional Access policies — MFA, session controls, risk-based access.
  • Hardened endpoint security via Intune and Defender for Endpoint.
  • Conducted internal penetration testing using Kali Linux to validate security controls for PCI certification.
  • Resolved complex authentication and session issues across the M365 tenant.
Infrastructure, Virtualization, Monitoring & M365
  • Architected hybrid infrastructure spanning On-Prem, Microsoft Azure, and Oracle Cloud Infrastructure (OCI).
  • Managed VMware ESXi/vSphere and Hyper-V environments; deployed and maintained VMs for production and lab workloads.
  • Used Proxmox VE for internal lab virtualization, containerization testing, and Fedora CoreOS deployments.
  • Built containerized IT stack: NGINX Proxy Manager, Portainer, Technitium DNS (Docker Compose).
  • Designed full observability stack: Prometheus, Grafana, Alertmanager with Telegram alerting.
  • Root-caused and resolved a company-wide email outage caused by sensitivity label encryption misconfiguration.
  • Implemented DKIM, DMARC, and SPF across all sending domains.
PCI DSS 4.0.1 Entra ID Intune Kali Linux VMware ESXi Hyper-V Proxmox VE Docker Prometheus Azure OCI PowerShell DKIM/DMARC/SPF Exchange Online
JUL 2014 – NOV 2022
Senior Cloud & Systems Administrator
SignMySigns · San Jose, CA
  • Managed hybrid infrastructure across Windows Server and Linux systems for 8+ years.
  • Administered Microsoft 365: Exchange Online, SharePoint, Entra ID, full lifecycle ownership.
  • Implemented SPF, DKIM, and DMARC for all company domains.
  • Designed and maintained backup and disaster recovery strategy.
  • Managed VMware ESXi/vSphere environment from initial company deployment — built out and maintained the full virtual infrastructure stack including vCenter, vMotion, and HA/DRS configurations.
  • Administered Microsoft Hyper-V alongside VMware; managed VM provisioning, snapshots, templates, and storage.
  • Managed DNS, Cloudflare integrations, and domain administration.
  • Owned full IT lifecycle: procurement, deployment, maintenance, and asset refresh.
Microsoft 365 VMware ESXi vSphere Hyper-V Windows Server Email Security Cloudflare
NOV 2007 – JUL 2014 SaaS
Senior IT & Services Manager
Unix Systems Administrator Lead
Nomis Solutions · San Bruno, CA
  • Managed hybrid on-prem + AWS infrastructure supporting enterprise SaaS pricing platforms.
  • Led Unix/Linux system administration for production systems serving major financial institutions.
  • Played cross-functional role across IT support, sales engineering, and DevOps.
  • Supported deployments and production systems for enterprise applications.
  • Implemented monitoring, patching, and operational runbook processes.
  • Owned full infrastructure lifecycle: procurement, deployment, upgrades, and refresh.
Unix / Linux AWS SaaS Infrastructure Sales Engineering
JUN 2004 – NOV 2007 MSP
Senior Windows / Linux Consultant
Allcovered (Konica Minolta IT Services) · Various Client Sites
  • Independently managed 10+ client environments across Windows and Linux platforms.
  • Led migrations, upgrades, and security remediation across diverse client environments.
  • Delivered solutions for clients including Genentech, BioMarin Pharmaceutical, CareDx, Intersect ENT, Pacific BioLab, and Clinimetrics (Omnicare).
  • Provided advanced troubleshooting for production systems with SLA accountability.
Multi-Client MSP Windows Linux Life Sciences Clients
FEB 2001 – JUN 2004
Director of IT
KnowNow · Sunnyvale, CA
  • Led IT operations and infrastructure for a real-time messaging technology company.
  • Supported engineering teams with scalable, reliable systems.
  • Managed network, server, and application infrastructure end-to-end.
  • Owned procurement, vendor management, and IT strategy.
APR 1992 – FEB 2001
Windows / Linux Consultant
EDS (Electronic Data Systems) · Various Locations
  • Delivered enterprise consulting across Windows and Unix/Linux systems for 9 years.
  • Performed deployments, upgrades, and troubleshooting across large enterprise environments.
  • Supported networking and server infrastructure projects for major EDS clients.
Open Source

GitHub Portfolio

Code and circuit board — projects background
20 PUBLIC REPOSITORIES github.com/suresh-1001 ↗
🛡️
M365 CIS Assessor
Automated Microsoft 365 security assessment aligned to CIS Foundations Benchmark v6.0.1. Certificate-based auth, 65 controls across Entra ID/Exchange/Teams/SharePoint, HTML dashboard output.
PowerShell GitHub Actions
📊
Prometheus + Grafana Stack
Production-ready observability stack — Docker Compose + bare metal installer. Prometheus, Grafana, Alertmanager, Loki, Promtail, cAdvisor. Pre-wired dashboards and 17 alert rules with Email + Slack.
Shell YAML
💻
Intune Device Management Baseline
Full Intune deployment for a 14-device SMB — Azure AD Join, device restriction policies, app control, USB blocking, Edge lockdown. Includes PowerShell audit script and staged rollout playbook.
PowerShell JSON Policies
🔒
Linux CIS Audit
CIS Benchmark audit and remediation for Linux servers. 68+ controls across Level 1 & 2. Markdown report with pass/fail scoring and letter grade. Optional --fix mode. Ubuntu/Debian + RHEL/Alma/Rocky.
Shell
🔐
Linux Server Onboarding Baseline
One script to harden a fresh Linux server in under 5 minutes — hostname, SSH, firewall, fail2ban, NTP, auto-updates, MOTD. Includes rootkit scanner with email reporting. Fully idempotent.
Shell SSH Config
📋
PCI DSS Certification Automation
PowerShell automation framework for PCI DSS 4.0.1 control validation, evidence collection, and audit-ready documentation generation. Built from a real certification engagement.
PowerShell
🗄️
Database Admin Toolkit
Install, administer, backup, and audit SQL Server, MySQL, and PostgreSQL — one toolkit, all three engines. Bash + PowerShell + SQL scripts. Auto-detection, health checks, S3 backup support.
Shell PowerShell TSQL
☁️
Azure IT Admin Baseline
Complete Azure administration engagement — RBAC, Conditional Access, Microsoft Defender (42% → 81% Secure Score), NSG configuration, network troubleshooting playbook, and support ticket automation.
PowerShell JSON
🩺
Linux Auto-Debug & Self-Heal
Portable Bash triage script for production Linux servers. Read-only diagnostics or --apply self-healing mode. Covers disk, services, DNS, NTP, logs. Plain-English verdict output. Zero external dependencies.
Shell
📧
Email Authentication Audit Toolkit
Comprehensive audit and validation toolkit for SPF, DKIM, and DMARC configurations. Identifies misconfigurations, Cloudflare DNS conflicts, and deliverability gaps with actionable remediation guidance.
PowerShell Shell
🔰
Secure Windows Baseline Framework
Security hardening framework for Windows Server environments. CIS-aligned configurations, GPO templates, registry settings, and audit checklist for enterprise Windows deployments.
PowerShell GPO
📁
IT Case Studies
Documented case studies from real consulting engagements — M365 migrations, email outage diagnosis, Intune deployments, and PCI compliance projects. Redacted for client confidentiality.
Markdown
View All 20 Repos on GitHub ↗
Academic

Education & Training

🎓
Business Administration
Evergreen Valley College
San Jose, CA
🎓
Machine Learning & Artificial Intelligence
Foothill College
Los Altos Hills, CA
📚
Planned Transfer
San José State University
San Jose, CA
Let's Work Together

Available for
Consulting Engagements

Open to Upwork contracts, fractional Director of IT engagements, and direct project work across M365, Azure, Linux, and security/compliance.

suresh@echand.com LinkedIn GitHub (408) 420-7085