zac@milla:~$

zac@milla: ~ — bash — 80x24

00:00:00 UTC

Senior IT Systems Administrator

Endpoint Security & Identity Engineering · Degreed

Identity & Endpoint Security Threat Intelligence & OSINT Incident Response Lifelong Learner

ABOUT

I have a habit of pulling on threads until I understand exactly what happened and why. That tendency — useful in IT, essential in security — is what pushed me from managing infrastructure toward investigating threats.

Outside of work, I volunteer with Guardian Group on Project 1591® — doing passive OSINT investigations to help identify underage trafficking victims for U.S. law enforcement. It's painstaking, sometimes heavy work, and it's the work I'm most proud of. It's also shaped how I think about investigations, evidence, and what it actually means to find something hidden in plain sight.

I'm also neurodivergent and I've spent a long time figuring out how to make that work for me in a high-pace technical career rather than against me. I write about that too, because it doesn't get talked about enough in this industry and it probably should.

This site is where I document what I'm learning: IR walkthroughs, OSINT research, homelab builds, tools I actually use, and occasional honest writing about what it's like to do this work as a human being. If you're a practitioner, I hope something here is useful. If you found your way here for the other stuff — you're welcome here too.

CAREER

Degreed Salt Lake City, UT

Senior IT Systems Administrator May 2026 – Present

Led full investigation of a macOS infostealer (InstallFix malvertising campaign) — reconstructed a 6-phase attack chain from EDR telemetry within 96 seconds of initial execution, including credential exfiltration and cloud token theft
Architect and enforce Zero Trust identity controls across 300+ endpoints: Conditional Access, SSO (SAML/OIDC), Windows Hello for Business, passkeys, and PSSO via Microsoft Entra ID
Drive SOC 2 Type II, ISO 27001, and TISAX compliance — owning technical controls, audit evidence, and policy documentation end-to-end

IT System Administrator April 2021 – May 2026

Selected, deployed, and operationalized Automox and SentinelOne as the organization's patch management and EDR stack — still running both today
Built the identity governance foundation: initial Zero Trust CA policies, SSO integrations, and lifecycle automation that cut provisioning time by 40%

IT Service Desk Representative November 2018 – April 2021

Promoted twice in 7.5 years — from Service Desk to Sysadmin to Senior — for technical excellence and ownership of security initiatives beyond the role

SKILLS

Security &
Compliance

SentinelOne Conditional Access Zero Trust SOC 2 ISO 27001 TISAX

Identity &
Access Mgmt

Microsoft Entra ID SAML/OIDC SSO Google Workspace Windows Hello for Business Passkeys PSSO MFA

Endpoint
Management

Microsoft Intune Jamf Pro Automox MDM/MAM Config & Compliance Profiles

Automation &
Scripting

PowerShell Bash Python BetterCloud

Threat Intel
& OSINT

Maltego SpiderFoot Shodan VirusTotal CSI Linux Google Dorks Indicator Pivoting

Platforms
& OS

macOS Windows Linux Windows Server AVD

CERTIFICATIONS

CompTIA Security+

CompTIA

Certified in Cybersecurity (CC)

ISC2

Cloud Systems Administration (CWCT)

Ivy Tech Community College

Cybersecurity Virtual Experience

Mastercard · Forage

FOCUS AREAS

Threat Intelligence & OSINT

Passive investigations, indicator pivoting, and open-source intelligence collection — applied to real cases through volunteer work with Guardian Group's Project 1591®, and documented here as research and methodology writeups.

Incident Response

Endpoint IR via SentinelOne — from routine alert triage to full attack chain reconstruction. I write up the interesting ones, including a recent macOS infostealer investigation that went from initial execution to credential exfiltration in under two minutes.

Identity & Endpoint Security

Zero Trust architecture, Conditional Access, SSO integrations, and MDM at scale — the day job, done seriously. Ten years of keeping infrastructure locked down and documented.

WHAT I'M LEARNING

Cyber Threat Intelligence

CTI frameworks, MITRE ATT&CK, IOC correlation, adversary attribution

Active — Homelab

Malware Analysis

Air-gapped sandbox detonation, EDR telemetry analysis, behavioral indicators

Active — Homelab

OSINT Methodology

Passive collection, pivot techniques, PAI sourcing via Maltego, SpiderFoot & CSI Linux

Active — Guardian Group

Zero Trust & Endpoint Compliance

Entra ID Conditional Access, Intune configuration profiles, and compliance policy enforcement at scale

Active — Degreed

AI-Assisted Security Workflows

LLM-assisted IR triage, automated patch management, and MDM workflows via SentinelOne, Automox, and Intune

Active — Degreed

Scripting & Automation

Python and Bash for security tooling, OSINT workflows, and IT automation — built and tested in the homelab

Active — Degreed & Homelab

BLOG

2026-06-04 96 Seconds to Pwned: Dissecting an InstallFix Mac Compromise A real-world incident response walkthrough: how an infostealer weaponized macOS system binaries to exfiltrate dev credentials under two minutes. 2026-06-04 Building This Portfolio with Claude How I went from a single HTML file to a proper Astro site — and why the terminal aesthetic made it worth it. cat /blog/index →

CONTACT

hello@zacmilla.com

linkedin.com/in/zac-milla

GitHub

github.com/zacmilla

zac@portfolio ~ $

SYSTEM READY TYPE HELP