IT Manager · Orange County, CA
16 years of infrastructure depth — cloud, security, SOC2 compliance, and email deliverability. I architect it, implement it, and own it.
About
I'm a hands-on IT Manager in Orange County, CA. For 16 years I've owned infrastructure at a marketing services company — starting from help desk and working up through servers, virtualization, cloud, security, and compliance.
In 2024 I was promoted to IT Manager, taking full ownership of strategy, SOC2 compliance, cloud infrastructure, email deliverability, and all vendor relationships. I'm the person who can sit in a leadership meeting and present the roadmap, then go implement it myself.
What makes my background unusual: I own the email deliverability infrastructure for a marketing company's client campaigns — SendGrid, AWS Route 53, CloudFront, DMARC end-to-end. That's a niche most IT people don't touch, and it's business-critical.
"Not because I stopped learning — because the scope kept growing."
Architected n8n multi-tenant automation on AWS ECS Fargate, Aurora Serverless, and Terraform — independently learned and shipped in production.
Not just familiar with SOC2 — I own it. Gap analysis, policy authorship, tooling procurement, and audit management for 2 consecutive years.
SendGrid, subdomain delegation, CloudFront CDN, DMARC p=reject, SNDS monitoring. Business-critical for client campaigns.
Built cafegalang.com and deployed Ubiquiti UniFi for a local coffee shop — outside my day job.
Projects
Production-critical projects — personally architected or executed.
Cloud
Architected and deployed a self-hosted n8n AI automation platform from scratch. Independently learned ECS Fargate, Aurora Serverless v2, EFS, ALB, and Terraform — shipped in production for the first time.
Business-owned AI automation, zero MSP involvement
Migrated SendGrid to AWS Route 53, configured CloudFront + ACM for HTTPS tracked links, hardened SPF/DKIM/DMARC to p=reject. Monitor sender reputation via SNDS. Business-critical for client campaigns.
Zero deliverability outages since taking ownership
Infrastructure
Zero-downtime IIS migration consolidating 46 sites and 50 app pools. All 23 domains moved to Cloudflare with WAF, DDoS, Full Strict SSL, and DMARC p=reject. Prevented an active client NS outage mid-migration.
Prevented outage + avoided $7,500 in MSP fees
Cloud Cost
Migrating email campaign image hosting from Azure Front Door to Cloudflare CDN. Eliminates per-GB egress charges on high-volume marketing image delivery.
Projected $30,000–$36,000/year in savings
Security
Full gap analysis, all IT policies authored, 50+ technical controls deployed across CC4–CC8. Passed 2024 and 2025 audits. 2026 audit in progress.
2 consecutive audit passes, solo
Side Project
Built the website and full Ubiquiti UniFi network for a local Vietnamese coffee shop — from bare hardware to live production, outside my day job.
cafegalang.com — live and running
What I Do
Available for IT leadership roles and project-based consulting in Orange County and remote.
Own your IT roadmap, vendor relationships, budget, and MSP partnerships. I run IT like a business function — with full accountability for outcomes, not just tickets closed.
AWS architecture, cost optimization, and migrations. ECS Fargate, RDS, Lambda, CloudFront, Terraform — deployed in production, not just in theory.
Gap analysis, policy authorship, control deployment, and audit management. Passed SOC2 Type 2 twice as sole internal owner — I know what auditors actually look for.
SendGrid infrastructure, subdomain delegation, DNS hardening, DMARC/SPF/DKIM, CDN for tracked links, and sender reputation monitoring.
Stack
Technologies I use regularly in production environments.
Contact
Open to IT Manager and Director roles, plus consulting in cloud infrastructure, SOC2 readiness, and email deliverability. Orange County, CA.