TE
Trever Ehrfurth
Accomplishments
  • May 2025
    Secure Remote Access for Distributed Engineering Teams
    Deployed Tailscale and IPsec tunnels between Azure and HQ to protect internal systems and enable compliant, zero-trust access for engineers across three countries.
    Network Security Azure Zero Trust Remote Access

    Replaced ad hoc remote access with a structured, secure architecture:

    • Deployed Tailscale for zero-trust network access across distributed engineering and IT teams
    • Established IPsec tunnels between Azure infrastructure and HQ to protect development systems
    • Enabled compliant access for remote and offshore teams without exposing internal systems to the public internet

    Result: internal systems are protected behind authenticated, encrypted access paths — no more open firewall rules or VPN exceptions.

  • Apr 2025
    Centralized Identity & Access Management Across a Global Organization
    Eliminated shared accounts, expanded SSO and SCIM provisioning, and enforced MFA company-wide — reducing manual access overhead and closing lifecycle gaps across the U.S., India, and Brazil.
    Security IAM Microsoft Entra

    Inherited a fragmented access environment with shared credentials, inconsistent provisioning, and no automated lifecycle management. Led a full IAM overhaul:

    • Expanded SSO across core platforms and implemented SCIM-based automated provisioning
    • Transitioned teams off shared user accounts to individual accounts with functional shared mailboxes
    • Enforced company-wide MFA and deployed identity threat detection and response (IDTR)
    • Implemented dynamic security groups to eliminate access drift
    • Removed high-risk third-party and AI applications through policy enforcement

    Result: meaningfully reduced manual IT overhead, improved audit posture, and tightened access accountability across three countries.

  • Mar 2025
    Enterprise Endpoint Management with Microsoft Intune
    Deployed Intune across the organization to standardize device compliance and security enforcement, enabling all employees to operate on fully managed, policy-driven devices.
    Microsoft Intune Endpoint Security Compliance

    Stood up Microsoft Intune (Unified Endpoint Management) from scratch:

    • Architected device configuration profiles and compliance policies for Windows and macOS
    • Automated provisioning of compliant workstations for onshore and offshore employees
    • Enforced security baselines, disk encryption, and patch management at scale
    • Reduced manual IT onboarding overhead significantly

    Result: every managed device now operates under consistent security enforcement — no manual exceptions, no unmanaged endpoints.

  • Jan 2022
    HIPAA-Compliant ETL Pipelines Powering 90% of Audit Reporting
    Built and automated Informatica ETL pipelines that became the backbone of reporting and compliance operations at a PBM, while implementing PHI/PII encryption to meet HIPAA, CMS, and financial standards.
    Data Engineering HIPAA ETL Informatica

    At Navitus Health Solutions, inherited a largely manual reporting environment and rebuilt it on a reliable, automated foundation:

    • Designed and automated Informatica ETL pipelines that powered 90% of reporting and audit readiness
    • Implemented PHI/PII encryption in collaboration with the security team to meet HIPAA, CMS, and financial compliance requirements
    • Developed API-driven pipelines to load CMS exports directly into the enterprise warehouse
    • Improved SQL and ETL workflow performance, reducing processing times and improving reliability

    Result: audit teams went from manual data pulls to automated, compliance-ready reporting pipelines.