Weekly blog series featuring real-world IT solutions, cloud security strategies, automation projects, and development tutorials to help professionals build resilient, scalable environments.
Excerpt Quick, repeatable way to see CPU/RAM/vSAN headroom across hosts and choose where to place the next VM. Today it pointed us to vsan2.
Intro Before cloning a new Windows VM, I ran a fast PowerCLI sweep across three vSAN hosts to compare free CPU, free memory, and vSAN free space. All three had identical vSAN capacity; vsan2 had the most free RAM, so that’s the landing spot.
Straight line (what I did) • Pulled CPU and memory usage per host (MHz/MB) and calculated free. • Queried each host’s vSAN datastore(s) and summed free/total GB. • Printed a compact table to compare vsan1/2/3 at a glance. • Chose the host with the highest Mem_Free_GB (tie-break on vSAN free).
Result today • vsan2 showed the most free RAM, with CPU headroom similar across all three and identical vSAN free space. • Suggested placement: vsan2.
Pocket I’m keeping • Check host headroom before every clone—30 seconds now saves hours later. • Prefer RAM headroom for Windows VDI/worker VMs; CPU is usually similar across nodes. • Keep a one-liner that prints the table and the suggested host.
What I hear now Clone to vsan2, power up, then let DRS/vMotion rebalance after the build window. Repeat this check whenever adding workloads or after maintenance.
Saratoga Springs Utah Temple with a rising waxing gibbous moon.
Excerpt None of us is immune from trial. Elder Neal A. Maxwell teaches that if we endure well, today’s struggles are shaped into tomorrow’s blessings. Here’s my mark-in-time takeaway and how I’m applying it.
Intro I listened again to Elder Neal A. Maxwell’s devotional “If Thou Endure Well.” The sentence that stayed with me: None of us can or will be immune from the trials of life. However, if we learn to endure our struggles well, they will be turned into blessings in eternity. That’s both bracing and kind—God doesn’t waste pain when we place it in His hands.
Straight line (what he’s saying) • Mortality guarantees opposition; surprise is optional. • Enduring well ≠ grim hanging-on; it’s faithful submission, patience, and continuing to choose light. • Timing is part of God’s tutoring—deliverance sometimes tarries so discipleship can deepen. • Gratitude and meekness change how trials shape us. They don’t shorten the storm, but they change the sailor. • The Lord consecrates affliction to our gain when we refuse cynicism and keep covenant routines (scripture, prayer, sacrament, service).
Final reflection Enduring well is a decision repeated—quietly—over and over. It’s choosing not to narrate my trial as abandonment, but as apprenticeship. It’s trusting that God is doing more with my life than I can see from the shoreline.
Pocket I’m keeping • Expect opposition; practice patience on purpose. • Pair prayers with small, durable acts (keep the next covenant, serve the next person, take the next right step). • Measure “progress” by faithfulness, not by ease.
What I hear now Tonight’s images—reflections, a quiet bench, a waxing gibbous over the spire—feel like a lesson in waiting. I can’t rush the moon to its mark, but I can keep framing, steady my hands, and choose light again. If I endure well, God will finish the alignment.
When a partner emailed our all-hands list, they got an NDR: “the group only accepts messages from people in its organization or on its allowed senders list… sender not allowed.”
We’d solved this once before and didn’t capture the steps. This time we did.
the group required authenticated (internal) senders only, and
the external wasn’t on the group’s allowed-senders list
gotcha we hit: New-MailContact failed with ProxyAddressExists — an existing MailUser already owned the external SMTP, so we reused it instead of creating a new contact
Straight line (what fixed it)
identify group by SMTP and check whether it’s a DL or a Microsoft 365 Group
locate the external as an existing MailContact/MailUser (include soft-deleted objects)
add that object to the group’s AcceptMessagesOnlyFromSendersOrMembers list
allow the group to accept external senders (keeps the allow-list in effect)
test and confirm with Message trace
Reusable runbook (PowerShell, redacted)
# 0) Connect
Connect-ExchangeOnline
# 1) Variables (edit these)
$GroupSmtp = "all@[corp-redacted].com"
$ExternalAddresses = @("firstname.lastname@[partner-redacted].com")
# 2) Resolve the group (works for DL or M365 Group)
$grp = Get-EXORecipient -Filter "PrimarySmtpAddress -eq '$GroupSmtp'"
$grp | fl Name,RecipientTypeDetails,PrimarySmtpAddress,Identity,ExternalDirectoryObjectId
# 3) Ensure each external exists as a recipient we can allow (MailContact/MailUser).
# If already present (or soft-deleted), reuse it.
$recips = @()
foreach ($addr in $ExternalAddresses) {
$r = Get-EXORecipient -ResultSize Unlimited -IncludeSoftDeletedRecipients `
-Filter "PrimarySmtpAddress -eq '$addr'"
if (-not $r) {
try { New-MailContact -Name $addr -ExternalEmailAddress $addr | Out-Null
$r = Get-EXORecipient -Filter "PrimarySmtpAddress -eq '$addr'" }
catch { Write-Host "Contact already exists somewhere: $addr" }
}
$recips += $r
}
$recips | ft Name,RecipientTypeDetails,PrimarySmtpAddress -AutoSize
# 4) Add externals to allow-list AND allow external senders
if ($grp.RecipientTypeDetails -eq "GroupMailbox") {
# Microsoft 365 Group (Unified Group)
foreach ($r in $recips) {
Set-UnifiedGroup -Identity $grp.ExternalDirectoryObjectId `
-AcceptMessagesOnlyFromSendersOrMembers @{Add=$r.Identity}
}
Set-UnifiedGroup -Identity $grp.ExternalDirectoryObjectId -AllowExternalSenders:$true
Get-UnifiedGroup -Identity $grp.ExternalDirectoryObjectId |
fl DisplayName,PrimarySmtpAddress,AllowExternalSenders,AcceptMessagesOnlyFromSendersOrMembers
} else {
# Distribution Group / Mail-enabled Security Group
foreach ($r in $recips) {
Set-DistributionGroup -Identity $grp.Identity `
-AcceptMessagesOnlyFromSendersOrMembers @{Add=$r.Identity}
}
Set-DistributionGroup -Identity $grp.Identity -RequireSenderAuthenticationEnabled:$false
Get-DistributionGroup -Identity $grp.Identity |
fl DisplayName,PrimarySmtpAddress,RequireSenderAuthenticationEnabled,AcceptMessagesOnlyFromSendersOrMembers
}
# 5) Message trace (adjust window)
Get-MessageTrace -SenderAddress $ExternalAddresses[0] -RecipientAddress $GroupSmtp `
-StartDate (Get-Date).AddHours(-2) -EndDate (Get-Date) |
ft Received,Status,RecipientAddress,MessageId
Common pitfalls we saw (and how we handled them)
ProxyAddressExists on New-MailContact → an existing MailUser/Contact already holds that SMTP; reuse it (or permanently remove the soft-deleted recipient first).
group can’t be found by display name → target by SMTP with Get-EXORecipient -Filter "PrimarySmtpAddress -eq '...'".
delivery still blocked after allow-list → the DL still required authenticated senders; set RequireSenderAuthenticationEnabled:$false (DL) or AllowExternalSenders:$true (M365 Group).
Click-path (EAC, if you don’t want PowerShell)
Recipients → Contacts → add/find the partner’s contact
Recipients → Groups → open the group → Delivery management → “Accept messages from” → add the contact
For DLs: turn off “Require sender authentication”
For M365 Groups: enable “Allow external senders”
Prevention / hygiene
keep an “Authorized External Senders — all” mail-enabled security group; allow that group on the DL/M365 Group, then just add/remove partner contacts over time
document the NDR verbatim and the message trace ID when you close an incident
Redaction note
All addresses and names are redacted. Replace with your real SMTPs when running the script.
Outbox (1) and a red error banner—typical signs Outlook can’t send because the local data file (OST/PST) hit the size limit or the client is Working Offline.
Intro
When mail matters, guessing hurts. This is the quick way I fix the three big Outlook problems—won’t send, can’t search, won’t connect—with steps for employees and deeper checks for admins.
The straight line
Rule #1: Prove if it’s your Outlook, your profile, or the service—then act. Don’t change ten things; follow the flow.
For employees (5 fixes you can do safely)
Compare with Outlook on the web
Open your browser → sign in to outlook.office.com.
If web mail works, your account is fine; the issue is this device/Outlook app.
Check the basics
Make sure Work Offline isn’t turned on.
Restart Outlook (fully exit from the tray), then restart the computer.
Trim the Outbox: very large attachments (>20–25 MB) can block the queue.
Search not finding results?
Windows: Outlook → File → Options → Search → Indexing Options → Rebuild. Give it time.
Mac: System Settings → Siri & Spotlight → ensure Mail & Messages are allowed. If needed, add then remove your Outlook profile folder from Spotlight Privacy to force a re-index.
Disable add-ins (quick test)
Windows: File → Options → Add-ins → COM Add-ins → Go… → uncheck all (especially meeting/CRM add-ins).
Mac (New Outlook): Get Add-ins → My add-ins → disable. Re-test.
Free up mailbox space
Empty Deleted Items and Junk, clear Sync Issues folders, and archive old Sent Items. Low free space = slow Outlook.
If mail works on the web but not in the app after these steps, it’s a profile or device issue—hand off to IT or continue with the admin flow below.
For IT pros (targeted triage)
1) Scope & signal
Service or client? If OWA works and multiple users in the site are fine, it’s local.
Status bar messages matter: “Trying to connect…”, “Updating this folder…”, “Need password”, “Limited connectivity”—write them down.
2) Profile & connectivity
New profile (Windows): Control Panel → Mail (Microsoft Outlook) → Show Profiles… → Add → set Prompt for a profile and test.
Connection Status (Windows): Ctrl + right-click the Outlook tray icon → Connection Status; confirm Auth/Protocol and server round-trip.
Cached Exchange setting: File → Account Settings → Account → Change… → move the mail to keep offline slider down (e.g., 6–12 months) and retest.
3) Search
Windows Search service running? Rebuild from Indexing Options and ensure Outlook is in the index list.
OST health: If search is corrupt or folders are out of sync, close Outlook, rename the OST, reopen to rebuild.
4) Add-ins & startup
Safe mode test (Windows): Start Outlook while holding Ctrl (you’ll be asked to start in safe mode). If that works, remove add-ins (Teams/Zoom/CRM are usual suspects).
Reset the navigation pane (Windows): Run command box and reset the nav pane if views are corrupted (as an IT step).
5) Credentials & auth
Windows Credential Manager: remove stale Office/Outlook creds; relaunch and re-auth.
Modern Auth prompts stuck? Close all Office apps; kill background “Office” processes; try again.
6) Calendar & send issues
Delegate/Shared mailbox problems:** verify Full Access/Send As and re-map the mailbox.
Rules causing loops: export, disable all, re-test send/receive.
Stuck meetings: clear Outbox, switch to Online Mode briefly, send, switch back to Cached.
7) Tools that save time
Microsoft Support and Recovery Assistant (SaRA): excellent for profile, activation, and connection repairs.
Message Trace (Exchange/Defender portals): confirm delivery path before blaming the client.
8) When to rebuild or repair
New profile fixed it? Keep it and retire the old one.
Office repair (Quick Repair, then Online Repair) if multiple Office apps are unstable.
60-second decision tree
OWA works?
No → service/network issue; escalate.
Yes → client/device issue → continue.
Safe mode works?
Yes → disable add-ins until stable.
No → new profile.
Still failing after new profile?
Check Credentials, Cached slider, OST rebuild.
If send only fails for shared/delegate mailbox → permissions or transport rules.
Search still blank?
Rebuild index (Windows), verify Spotlight (Mac), rebuild OST.
Prevent the repeat (settings that help)
Mailbox hygiene: retention/archiving for Sent & large attachments.
Keep add-ins lean: only what the team truly uses.
Known-good profile image: for kiosk/reimaging scenarios.
Network indicators: if Wi-Fi is flaky, Outlook shows it first—fix the Wi-Fi.
One place for help: a short “How to open OWA + report exact error text + timestamp” guide pinned for staff.
Final reflection — why this approach won’t go away
Clarity beats tinkering. OWA tells you if it’s the account or the app.
Profiles are perishable. Rebuilding is faster than endless registry spelunking.
Add-ins are the usual villains. Test in safe mode first.
Search takes time. Reindex once, then let it finish; don’t keep poking.
Document the path. The same steps teach juniors and calm frustrated users.
For employees — Data file full? (PST/OST ~50 GB default)
Symptoms: messages stuck in Outbox, sync never finishes, warnings about “data file reached maximum size.”
Fix (Windows Outlook):
Outlook → File → Info → Tools → Mailbox Cleanup
Empty Deleted Items / Junk.
View Mailbox Size → delete/archive biggest folders (Sent Items is usually #1).
Search for big attachments: in the search bar choose Size → Huge (> 1 MB) or Very Large (> 5 MB) and delete/move.
Data file compact:File → Account Settings → Account Settings → Data Files (tab) → select your account’s Outlook Data File → Settings → Compact Now.
If you use Exchange/Business account: File → Account Settings → Account Settings → Change → slide “Mail to keep offline” down to 6–12 months, then restart Outlook (older mail stays available in OWA).
If OWA sends fine but the app still can’t after this, hand it to IT (profile rebuild or archive needed).
For IT pros — PST/OST limits & remediation
Default limit: modern Outlook uses ~50 GB per PST/OST (configurable via policy). Near the cap (there’s a warn threshold), send/receive fails and users see “data file has reached maximum size.”
Triage: confirm the user’s Data Files size (File → Account Settings → Account Settings → Data Files), and whether the profile caches shared mailboxes (common OST bloat).
Remediation options (prefer in this order):
Mailbox hygiene / archiving: enable Online Archive (Exchange Online) and apply retention to move old items automatically.
Reduce cache depth: set Mail to keep offline to 3–12 months; leave older mail online.
Shared mailbox strategy: uncheck Download shared folders (Account Settings → More Settings → Advanced) for very large shared mailboxes, or add them as additional mailboxes without caching.
Compact / rebuild OST: after cleanup, compact; if corruption suspected, close Outlook, rename the OST, relaunch to rebuild.
Policy keys: you can raise the max size via policy/registry (also set the warn threshold) but Microsoft guidance is to favor Online Archive over very large OST/PST files.
Tell-tale errors/messages: send stuck in Outbox, “Data file reached maximum size,” frequent sync loops; OWA sends normally.
What I hear now
Start with service vs. client (OWA).
Safe mode, then add-ins.
If in doubt, new profile.
Index once, wait.
Be kind: Outlook issues feel personal to users—steady process helps them breathe.
Tech-support scam pop-up mimicking Microsoft Defender with a bogus support line 877-415-4519 — DO NOT CALL.
Intro
Tonight’s “video call” looked like it came from a friend. The moment you tapped Accept, your browser flipped full-screen: “Microsoft has shut down your internet. Do not turn off your computer. Call now.” That’s a classic tech-support scam—built to scare, not to help.
─────────────────────────────────────────
What’s really happening
It’s only a web page (often opened by the call link) that abuses pop-ups, full-screen mode, and fake Windows/Defender art.
Microsoft/Apple/your ISP never lock your device through a browser or post a phone number to call.
If you call, they’ll try to remote in, install “fixers,” and charge you—or steal data.
─────────────────────────────────────────
Do this immediately (quick exit)
Do not call. Do not click.
Kill the browser.
Windows:Ctrl+W (close tab). If stuck, Alt+F4 or open Task Manager (Ctrl+Shift+Esc) and End task on the browser.
Mac:⌘+W (close tab). If stuck, Force Quit with ⌥+⌘+Esc.
iPhone/iPad/Android: swipe up and force-close the browser app.
Reopen safely (prevents the bad tab from restoring):
Windows/Mac: hold Shift while launching the browser to block session restore.
iPhone Safari: Settings ▸ Safari ▸ Clear History and Website Data.
Chrome mobile: Chrome ▸ ⋮ ▸ History ▸ Clear browsing data (Time range: All time).
─────────────────────────────────────────
Clean up (2–5 minutes)
Run a scan. Windows: Windows Security ▸ Virus & threat protection ▸ Quick scan (then a Full scan later). Mac/mobile: update OS; run your trusted AV if installed.
Top memory consumers at a glance—captured with PowerShell to diagnose a sluggish system.
TL;DR: Check Task Manager → close the hog → restart apps/PC → free space → trim startup apps → update → quick scan. If it’s still slow, capture a screenshot and call IT.
1) Is it one app or everything?
Press Ctrl+Shift+Esc → Task Manager → Processes.
If CPU / Memory / Disk sits >90% for a minute, note the top app.
Right-click → End task (only on apps you opened). If speed returns, you found the culprit.
2) Quick reset (fastest real fix)
Save work → Restart the PC (not Shut down). Restarts clear memory leaks and stuck updates.
3) Free up space
Open File Explorer → This PC. If your C: drive has <10 GB free, Windows will crawl.
Settings → System → Storage → Storage Sense → Run cleanup now.
Empty Downloads and Recycle Bin if safe.
4) Trim startup apps (the slow-boot killers)
Ctrl+Shift+Esc → Startup apps.
Set non-essentials to Disabled (music updaters, PDF helpers, “helper” launchers, etc.). Leave security/backup tools enabled.
5) Browser bloat check
Close tabs you don’t need.
Disable heavy extensions (Edge/Chrome → … → Extensions).
Consider “Continue running background apps” Off (Chrome → System).
6) Updates (do it once, then restart)
Settings → Windows Update → Check for updates.
Install → Restart outside your busiest hour.
7) Quick malware scan
Windows Security → Virus & threat protection → Quick scan.
8) Network ≠ computer
If only web/video is slow, run a quick speed test. If speed is normal but the PC lags, it’s local; if speed is bad on all devices, it’s the network.
Stand up a fresh Azure landing zone with a minimal but secure baseline: Entra ID (Azure AD) hardening, management structure, logging, networking, a Windows/Linux VM without public exposure, and safe access (Bastion + Entra sign-in).
# Public IP for Bastion
az network public-ip create -g RG_NET -n pip-bastion -l LOCATION --sku Standard --zone 1 2 3
# Bastion host
az network bastion create -g RG_NET -n bas-VNET_NAME -l LOCATION \
--public-ip-address pip-bastion --vnet-name VNET_NAME
7) VM (managed identity, no public IP, Entra login)
Windows example:
# NIC (no public IP)
az network nic create -g RG_VM -n nic-VM_NAME \
--vnet-name VNET_NAME --subnet SUBNET_APP
# VM
az vm create -g RG_VM -n VM_NAME \
--image Win2022Datacenter --size VM_SIZE \
--nics nic-VM_NAME --assign-identity \
--admin-username "localadmin" --admin-password "GENERATE-STRONG-PASSWORD" \
--enable-agent true --os-disk-size-gb 128
# Enable AAD login extension (Windows)
az vm extension set -g RG_VM -n AADLoginForWindows --publisher Microsoft.Azure.ActiveDirectory \
--vm-name VM_NAME
# Grant Entra groups the VM login roles
VM_ID=$(az vm show -g RG_VM -n VM_NAME --query id -o tsv)
az role assignment create --assignee-object-id ADMIN_GROUP_OBJECTID \
--role "Virtual Machine Administrator Login" --scope $VM_ID
Linux example (SSH keys + AAD login):
az vm create -g RG_VM -n VM_NAME \
--image Ubuntu2204 --size VM_SIZE \
--nics nic-VM_NAME --assign-identity \
--authentication-type ssh --ssh-key-values ~/.ssh/id_rsa.pub
# Enable AAD SSH login (Linux)
az vm extension set -g RG_VM -n AADSSHLoginForLinux --publisher Microsoft.Azure.ActiveDirectory \
--vm-name VM_NAME
# RBAC for login
az role assignment create --assignee-object-id ADMIN_GROUP_OBJECTID \
--role "Virtual Machine Administrator Login" --scope $VM_ID
Accessing the VM (no public IP):
Portal → Resource → Connect → Bastion → Open session (RDP for Windows, SSH for Linux).
Optionally enable Just-In-Time in Defender for Cloud; keep NSG closed otherwise.
8) Backup, Patching, and Keys
# Recovery Services vault + VM backup
az backup vault create -g RG_CORE -n rsv-core -l LOCATION
az backup protection enable-for-vm -g RG_CORE -v rsv-core --vm VM_NAME --policy-name "DefaultPolicy"
# VM guest patching (Update Manager) – enable in portal for the RG/VM
Store secrets/keys in Azure Key Vault; use managed identity from the VM to fetch secrets.
Use Server-side encryption (SSE) with platform-managed keys (default) or customer-managed keys (CMK) via Key Vault if required.
9) Monitoring (Guest + Platform)
# Enable VM Insights / Diagnostics to LAW
az monitor diagnostic-settings create \
--name "vm-to-law" \
--resource $VM_ID --workspace $LAW_ID \
--metrics '[{"category":"AllMetrics","enabled":true}]' \
--logs '[{"categoryGroup":"allLogs","enabled":true}]'
10) Cost Guardrails
Create a Budget in Cost Management with email alerts at 50/80/100%.
Consider Reservations and Auto-shutdown on dev/test VMs.
11) Access Patterns to Prefer
Bastion or Private endpoints; avoid public RDP/SSH.
Entra sign-in to VMs with RBAC (Virtual Machine User/Administrator Login).
PIM + MFA for privileged roles.
JIT for any temporary inbound need.
Minimal Tear-down (lab)
# Danger: deletes resources
az group delete -n RG_VM -y
az group delete -n RG_NET -y
az group delete -n RG_CORE -y
Notes & Deviations
For domain-join scenarios, use Entra ID DS (managed domain) or a full AD DS in Azure; keep DCs on a separate subnet with restricted NSG.
For Intune/MDM of servers, consider Azure Arc + Defender for Endpoint.
Replace all placeholders and remove screenshots/IDs before publishing externally.
For more info: Microsoft Entra ID overview/service description. Microsoft Learn • Connect to a VM using Azure Bastion (private IP). Microsoft Learn • Private Endpoint / Private Link overview & quickstart. Microsoft Learn+1
This guide covers hot cloning a Windows 11 VM in vSphere with PowerCLI…
Goal. Create a new Windows 11 jump VM (WIN11-Jumpbox-6) by cloning a running source (WIN11-Jumpbox-2) in vCenter—without interrupting the source—and bring the clone up with a fresh identity (Sysprep), correct name, and domain join.
Applies to. vCenter/vSphere with vSAN (or any datastore), Windows 11 guest, PowerCLI.
Redaction note: All names below are placeholders. Replace the ALL_CAPS parts with local values. vCenter: VCENTER.FQDN Source VM: WIN11-Jumpbox-2 New VM: WIN11-Jumpbox-6 Target ESXi host: esxi-03.example.local Datastore: vsanDatastore Domain (optional): corp.local Join account: corp.local\joinaccount
Constraints & safety
No source outage. Clone while the source is powered on (vCenter snapshots and clones from it).
Fresh identity. Use guest customization (Sysprep) so the clone receives a new SID and hostname.
Parameter sets. When cloning with -VM, avoid -NetworkName/-NumCPU/-MemoryGB in the same New-VM call; set those after the clone boots.
VMware Tools must be running in the guest for customization to apply.
Reserved variable.Cannot overwrite variable Host… appears when assigning to $host (PowerShell reserved). Use $targetHost.
Missing spec.Get-OSCustomizationSpec … ObjectNotFound indicates the named spec didn’t exist. The runbook creates a NonPersistent spec on the fly.
Ambiguous parameter set.New-VM : Parameter set cannot be resolved… occurs when mixing clone parameter -VM with -NetworkName/-NumCPU/-MemoryGB. Clone first, then adjust CPU/RAM/NIC after boot.
Method B — Fallback: clone now, join inside the guest
If guest customization is blocked (e.g., Tools not running, limited join rights), clone without customization, then rename/join inside the guest.
Cannot overwrite variable Host… Cause: attempted $host = Get-VMHost … (PowerShell reserved). Fix: rename the variable to $targetHost.
Get-OSCustomizationSpec … ObjectNotFound Cause: referenced a non-existent customization spec. Fix: create a NonPersistent spec in-line.
New-VM … Parameter set cannot be resolved… Cause: mixed -VM (clone) with create-new switches. Fix: keep New-VM to the clone parameter set; tune CPU/RAM/NIC after boot.
Security & privacy guardrails
No real hostnames, domains, IPs, or identifying screenshots in public artifacts.
Least-privilege join accounts or pre-staged computer objects in AD.
When publishing logs, hash or redact VM names and datastore paths.
Summary
Hot-cloning a Windows 11 VM in vSphere is reliable for a jump host when the process (1) allows vCenter to snapshot and clone a powered-on source, (2) applies Sysprep guest customization for a clean identity, and (3) keeps New-VM to a single parameter set. The runbook above is deterministic, quiet, and free of sensitive fingerprints.
PIMCO (Newport Beach HQ, CA) 🌍 — Global financial services supporting regions in NA, EMEA, APAC. Church (Riverton Office Building, UT) ⛪ — Worldwide infrastructure with 200k employees and over 80k missionaries. Monster Energy (Corona HQ, CA) ⚡ — Global enterprise IT operations across NA, EMEA, APAC. City National Bank (Downtown LA, CA) 🏙️ — U.S. banking systems at scale.
Every IT career tells a story, and mine has moved through three different scales of impact:
Company-Level Foundations → At PayForward, I migrated an entire OnPrem environment into AWS. That meant setting up VPCs, building HA Exchange clusters with load balancers, and proving the power of cloud for a fast-moving startup.
Regional / Global Scale → At Monster Energy and PIMCO, the work stretched across North America, EMEA, and APAC. The systems never slept. VMware clusters and M365 tenants had to function as one, even though users were scattered across time zones and continents.
Worldwide Reach → At the Church, the scale expanded beyond regions. Over 200,000 employees and over 80,000 missionaries, connected by systems that had to reach every corner of the globe, demanded both technical precision and spiritual responsibility.
This journey shows that the “cloud above us” isn’t just AWS, Azure, or GCP — it’s the ability to design, secure, and sustain systems at every possible scale.
A colleague once told me: “Automate, or eliminate.” In IT, that isn’t just a clever saying — it’s survival. At the scale of hundreds or even thousands of VMs, EC2 instances, or mailboxes, doing things manually is not just unrealistic — it’s risky. What automation can finish in under 10 minutes might take days or weeks by hand, and even then would be prone to errors.
That’s why Python, PowerShell, Bash, and automation frameworks became part of my daily toolkit. Not to flaunt, but because without automation, no single engineer could handle the demands of environments as large as PIMCO, Monster Energy, or the Church.
Snippet 1: AWS (My PayForward Days)
import boto3
# Connect to AWS S3
s3 = boto3.client('s3')
# List buckets
buckets = s3.list_buckets()
print("Your AWS buckets:")
for bucket in buckets['Buckets']:
print(f" {bucket['Name']}")
From racks of servers to a few lines of Python—that’s the power of AWS.
Snippet 2: PowerShell + Azure (My Church Years, CNB)
One line, and you can see every Azure resource group spread across the world. A task that once required data center visits and clipboards is now just a command away.
Snippet 3: PHP + GCP (Expanding Horizons)
use Google\Cloud\Storage\StorageClient;
$storage = new StorageClient([
'keyFilePath' => 'my-service-account.json'
]);
$buckets = $storage->buckets();
foreach ($buckets as $bucket) {
echo $bucket->name() . PHP_EOL;
}
# Connect to vCenter and list VMs across data centers
Connect-VIServer -Server vcenter.global.company.com -User admin -Password pass
Get-VM | Select Name, PowerState, VMHost, Folder
# Quick check of licensed users in M365 (global tenants)
Connect-MgGraph -Scopes "User.Read.All"
Get-MgUser -All -Property DisplayName, UserPrincipalName, UsageLocation |
Group-Object UsageLocation |
Select Name, Count
One script, and suddenly you’re seeing footprints of users spread across the globe — NA, EMEA, APAC, or even worldwide. That’s the reality of modern IT infrastructure.
The “cloud above us” is both a literal technology — AWS, Azure, and GCP that I’ve worked across — and a metaphor. It represents resilience, scalability, and unseen support. Just as automation carries workloads we could never handle by hand, life has storms we cannot carry alone.
From startups making their first move to the cloud, to global financial institutions, to worldwide organizations with hundreds of thousands of users, the lesson is the same: we are not meant to fight every battle manually.
We are given tools, teammates, and even unseen strength from above to keep moving forward. The same way a script can manage thousands of servers or accounts without error, trust and preparation help us navigate the storms of life with less fear.
☁️ Above every storm, there’s always a cloud carrying potential. And above that cloud, always light waiting to break through.
Before my cloud journey, I also spent nine years in forensic IT supporting law enforcement — a grounding reminder that technology isn’t only about systems and scale, but about accountability and truth.
Introduction: In enterprise environments, automation is only as secure as the credentials it uses. Hardcoding passwords into scripts is a security disaster waiting to happen. Enter PowerShell SecretManagement — a cross-platform module that allows IT professionals to store, retrieve, and manage credentials securely while keeping scripts clean, compliant, and automation-ready.
Description & Guide:
What is SecretManagement? The SecretManagement module provides a unified way to work with secrets across different vaults like Windows Credential Manager, Azure Key Vault, KeePass, or HashiCorp Vault — without locking you into a single storage provider.
Works seamlessly with CI/CD pipelines and scheduled tasks
Conclusion: Security and automation don’t have to be enemies. With PowerShell SecretManagement, you can protect sensitive credentials without sacrificing automation speed or flexibility. For IT pros managing hybrid environments, this module is a must-have in your PowerShell toolbox.
If you’d like to go beyond this post and see what Microsoft officially recommends, here are my go-to resources:
Introduction The AzureAD PowerShell module has served IT administrators for years, but it’s now officially deprecated in favor of the Microsoft Graph PowerShell SDK. While the change may feel like another “cloud shuffle,” migrating your scripts is not just a compliance move — it’s your ticket to a more powerful, secure, and future-proof automation toolkit. In this post, I’ll walk you through the essentials of converting your Azure AD scripts to Microsoft Graph, with clear side-by-side examples.
Why Migrate?
Future Support: Microsoft Graph is actively developed; AzureAD is on life support.
Unified Endpoint: Graph covers Azure AD, Intune, Exchange Online, Teams, and more in one API.
Security: Better authentication methods, including secure app registrations and least-privilege scopes.
Step 1 – Install Microsoft Graph PowerShell
# Install the module
Install-Module Microsoft.Graph -Scope CurrentUser
# Update if already installed
Update-Module Microsoft.Graph
# Connect with interactive sign-in
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"
# Confirm connection
Get-MgContext
Only request the scopes you actually need — this aligns with least privilege best practices.
Step 4 – Testing and Verification Before replacing scripts in production, run them in a test tenant or a non-production environment. Compare outputs from AzureAD and Graph to ensure parity.
Conclusion Migrating from AzureAD to Microsoft Graph PowerShell is more than just a rewrite — it’s a forward-looking investment. Once you adapt, you’ll unlock richer APIs, cross-service automation, and security benefits that AzureAD simply can’t match. My advice? Start small: pick one script, convert it, and test until you’re confident. Once you see the gains, the rest will follow naturally.
For official guidance and best practices from Microsoft, check out these resources:
Gate A21, Salt Lake City Airport — Just before takeoff to my destination, one last act of service: a restored VM and an unlocked account.
Right before boarding at Gate A21 for a flight to the Big Apple, I found myself once again doing what I do best—helping quietly behind the scenes. With minutes to spare, I had just unlocked a user account and ensured a critical VM was restored. Even in transit, purpose doesn’t clock out. Some of the best service happens when no one sees it.
Before Takeoff
Poem by Jet Mariano A final ping, a task complete, Between the rows of outbound seats. Not all flights take off with wings— Some soar when hearts do faithful things.
A gate, a call, the engine’s song, But even then, I can’t be gone. For hands that serve and souls that stay, Are never truly far away.
Some journeys begin long before wheels lift from the ground. On that late July afternoon, it wasn’t just about reaching a destination—it was about leaving no soul behind. Service, even from Gate A21, has a way of grounding us in purpose.
Minutes before boarding at Salt Lake City International Airport, I received an urgent text about a disabled Azure AD account. I opened my laptop, tethered to my phone’s hotspot, connected to Cisco VPN, and got to work—resolving the issue securely without relying on public Wi-Fi
Introduction: Last Friday, just as I was getting ready to board my flight to JFK from the Salt Lake City airport, I received a message from an end user:
“I think I’m blocked. I can’t access Outlook, Teams, or OneDrive.”
Time was limited, and I was already seated at the gate with my laptop ready. Instead of panicking, I tethered through my phone’s personal hotspot and launched Cisco AnyConnect VPN. I deliberately avoided the airport’s public Wi-Fi to reduce the risk of a security breach.
Once I authenticated and connected securely, I logged into Azure. I discovered that the user’s account in portal.azure.com was disabled. Fortunately, there are two ways to quickly resolve this kind of issue:
✅ Method 1: PowerShell (Quickest & Most Efficient)
If you have the AzureAD or Microsoft Graph PowerShell module installed and proper permissions, this method is the fastest.
Step-by-step using Microsoft Graph PowerShell:
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.ReadWrite.All"
# Re-enable the disabled account
Update-MgUser -UserId [email protected] -AccountEnabled $true
Note: Replace [email protected] with the actual UPN or Object ID of the affected user.
Advantages:
Fast (under 30 seconds)
No GUI needed
Can be scripted for multiple accounts
🧭 Method 2: Azure Portal (GUI Approach)
If you’re not ready to run PowerShell or don’t have the module available, the Azure Portal offers a visual way to fix it.
Both approaches—PowerShell and the Azure portal—get the job done. However, for IT professionals constantly on the move, PowerShell is king. It’s fast, efficient, and doesn’t rely on a graphical interface.
That said, having the flexibility to switch between GUI and scripting tools is essential. Some situations demand precision and speed; others might call for a visual confirmation or audit trail.
In the end, what matters most is being prepared. Whether you’re at your desk or at an airport gate, the ability to jump in and resolve an issue on the fly is what defines a reliable IT Engineer.
Intro: When internal emails from trusted coworkers suddenly stop showing up in your focused inbox or fail to trigger your Outlook rules, it’s easy to miss critical messages. In my case, one sender was previously blocked due to a spoofing incident, and although removed from the block list, her messages were still bypassing my folder rules—buried in the inbox. Message Trace confirmed the emails were delivered, but not filtered correctly. Here’s how I resolved the issue using PowerShell.
🔍 Problem Recap:
Despite the sender being trusted and allowed, her emails:
Skipped my Outlook inbox rules
Did not show up in Focused Inbox or designated folders
Were confirmed delivered via Message Trace
Were previously on the Blocked Sender List, but later removed
The Exchange Admin Center (EAC) didn’t offer the flexibility I needed to create an accurate spam bypass rule. So I switched to PowerShell.
🛠️ Solution: Create a Transport Rule via PowerShell
Instead of struggling with the limited dropdowns in the modern Exchange portal, I used the New-TransportRule cmdlet to create a spam filter bypass rule in just a few lines.
Conclusion: PowerShell remains the most powerful tool in any IT administrator’s arsenal—especially when the GUI can’t keep up. If you ever run into stubborn mail delivery or spam issues, consider creating targeted transport rules using PowerShell. It’s fast, clean, and gets the job done without frustration.
Jordan 4s laced, knee braces locked, and 20s in hand—another stair session. I train to stay ready, not just fit.
I train to stay rooted in purpose, faithful in service, and prepared for life’s demands. Fitness clears my mind and sharpens my focus. The goal isn’t just strength—it’s being able to make a difference.
That’s why I wear McDavid knee braces, elbow support, and back support. My workouts are non-stop—compound, high-rep, and uninterrupted. You have to train smart. No shortcuts. No injuries.
Tonight’s training flow?
30-minute stair run (1st floor to basement, non-stop)
120 reps each of:
Pushups
Sit-ups
Leg raises
Abs crunches
Bird/Dog exercise for balance and core control
Crab-walks to engage hip and glute strength
20-minute plank rotation
All while my laundry spins in the background
Tilapia fillets thawed and ready for a clean dinner
Playlist? Pure Church music, filling the air with purpose
This is a multi-tasked project of body, spirit, and home.
During sacrament, the hymn “Because I Have Been Given Much” played softly—but its message roared inside me.
It asked me: What are you giving in return?
I reflected:
👉🏼 I give my focus to study—choosing AZ-104 over passive scrolling 👉🏼 I give my energy to fitness—choosing movement over comfort 👉🏼 I give my rest to quality sleep—choosing recovery over distraction 👉🏼 I give my time to the Lord—choosing temple service over idle time 👉🏼 I give my work my best—choosing to document, secure, and improve
This isn’t boasting. This is realignment. When you’ve been preserved, protected, and placed where you are for a purpose— you can’t just sit still.
You move. You give. You train. You serve. Because you’ve been given much.
I love Integral Calculus. In today’s digital world, I revisited that concept and expressed it in three ways: JSON, PHP, and Python. Below are the format:
Introduction Ransomware is a digital hostage situation—and it’s getting worse. It can freeze hospitals, paralyze billion-dollar businesses, and devastate small IT shops. I’ve survived multiple ransomware attacks in my career, and I’ll tell you how: I never put all my eggs in one basket. This blog explains what ransomware is, how it spreads, and how I protected myself. My defense? Layered backups. Not just the cloud—Veeam, Commvault, and old-school external drives.
What is Ransomware? Ransomware is a form of malware that encrypts files and demands payment for the decryption key. It comes in two common forms:
Locker Ransomware: Locks you out of your device or system.
Crypto Ransomware: Encrypts your files and threatens to destroy or leak them if payment isn’t made.
It often arrives silently—via phishing emails, malicious downloads, or exposed ports—and acts fast. In just minutes, entire systems can be taken hostage.
Real-World: How I Survived Ransomware
At Tarzana Medical Center, ransomware struck without warning. Medical data became inaccessible in minutes. I’ve seen even global giants like Ingram Micro fall victim to attacks.
Yet every time, my systems stayed intact. Why? My systems always stayed intact—because I followed one simple rule: diversify your backups.
Here’s how I stayed ahead of attackers:
I never relied solely on cloud backups (they can be corrupted or locked by the same attack).
I used Veeam for virtualized workloads, giving me granular recovery options.
I ran Commvault for enterprise-grade backup and disaster recovery.
I manually created offline backups to external drives and physically disconnected them to avoid remote encryption.
This multi-layered approach allowed me to recover in hours—not days—and saved thousands in downtime and potential ransom.
How Ransomware Spreads
Phishing emails with malicious attachments or links
Weak RDP access without MFA
Unpatched vulnerabilities in apps or OS
Rogue websites and drive-by downloads
How to Prevent Ransomware Attacks
Educate Your Team Train staff on email safety, suspicious links, and phishing red flags.
Patch Everything Keep OS, firmware, and all third-party software up to date.
Lock Down RDP & Admin Access Use MFA and limit RDP access with strict firewall rules.
Deploy EDR or XDR Tools Use behavior-based endpoint protection—not just signature-based antivirus.
Segment Your Network Don’t allow lateral movement. Use VLANs and access controls.
Adopt a Backup Strategy That’s Offline-Friendly
Veeam for VM and application backup
Commvault for large-scale environment coverage
External drive backups add a final safety layer against data loss.
Test Your Backups Frequently A backup that isn’t tested is a gamble. Run simulations regularly.
Responding to a Ransomware Incident
Isolate the infected systems
Notify your incident response team or external partner
Do not pay the ransom—this only fuels more attacks
Restore from offline or clean backups
Report to authorities (FBI, IC3)
Conclusion Conclusion Ransomware attacks are relentless—but with the right strategy, you can stay ahead. A strong backup routine, tested regularly, makes all the difference.
Avoid relying on just one cloud backup. Use multiple layers—offline, cloud, and local. Act now—before a breach locks you out.
Confidence is earned — often forged in quiet moments when no one’s watching. Often, it’s forged in quiet moments when no one’s watching. Whether I’m at a blank PowerShell console or gripping a loaded barbell, the principle is the same: discipline, consistency, no shortcuts.
I’ve Always Been an ABC Person
I’ve always lived by three words: Always Be Curious.
That curiosity pulled me into IT. I lacked credentials, but I had grit and a drive to learn. I’ve never believed in shortcuts — not in spiritual growth, troubleshooting IIS, or transforming your body. Temporary fixes cover symptoms — but they rarely solve the root cause.
You don’t fix problems with assumptions, Google, and a quick prayer. You fix them with logs, tools, and patience. That’s what I’ve learned — the hard way — through years of trial, error, and persistence.
Why I Don’t Believe in Band-Aid Fixes
Quick fixes fade fast. They treat symptoms, not root problems. Take IIS, for example — a broken SSL binding or 503 error might vanish temporarily, but it usually comes back with greater risk.
That’s why I value discipline over speed. Precision over panic.
It’s the same principle my son applies as he preps for his first fitness competition. He doesn’t rely on shortcuts or crash diets. And definitely no “quick fixes” to look lean. Just clean eating, consistent training, and unwavering focus — day in and day out.
Watching him chase excellence reminds me of my early days — hungry, overlooked, and determined to make noise through results, not volume.
I didn’t wait for permission—I made my own path. I spoke up when others stayed silent, dove into neglected technologies…, and taught myself to harden and scale IIS in real-world, high-pressure environments. I wasn’t the loudest voice in the room, but I became the go-to problem solver—delivering solutions that worked the first time.
Triple D: Discipline. Dedication. Determination.
Tonight’s fuel: Baked Atlantic salmon with lemon, garlic, and power greens — topped with walnuts and 42g of clean protein. Discipline doesn’t stop at the keyboard — it continues at the dinner table.
Confidence isn’t found. It’s forged — through repetition, patience, and precision. Knowledge doesn’t come overnight. Much like getting fit, it takes what I call the Triple D: Discipline. Dedication. Determination.
Tonight’s early dinner? Fresh Atlantic salmon baked with lemon, garlic, and a bed of power greens. To boost nutrients, I topped it with walnuts and washed it down with 42g of Fairlife protein. I eat twice a day — every bite calculated, nutrient-packed, and designed for peak performance..
As for training, I’m in the zone six days a week — no shortcuts. Mostly bodyweight: push-ups, sit-ups, glute bridges, crab walks, planks, and shadow boxing. I train with intensity — until the burn says I’m done..
That’s how I’ve kept my edge for decades — by showing up, sweating, and sticking to the plan.
You train your body the way you train your mind. Log files are your feedback loop. Errors are your instructors. Study. Adapt. Try again.
That mindset shapes how I approach IT and life.
Bruce Lee Said It Best
“If you always put limits on everything you do — physical or anything else — it will spread into your work and into your life. There are no limits. There are only plateaus, and you must not stay there, you must go beyond them.” — Bruce Lee
I carry that with me daily. In both IT and fitness, mastery is a moving target — the moment you think you’ve arrived, growth demands a new challenge.
My Son’s Grit, My Quiet Pride
24 days out from competition.
“Starvation is at its highest for me… it feels like I’m crawling my way to survive all day long. This is the toughest sport I’ve ever experienced.”
Those are the words my son texted me as he prepares for his upcoming debut at TheFitExpo in Anaheim on August 2, 2025.
His commitment to clean eating, intense workouts, and honest prep — no shortcuts — mirrors the way I built my IT career: with sweat equity.
He used to dominate dance stages as a four-time All-Male hip-hop champion with West Covina High School. After college, he became a CNA and now works as a gym personal trainer — turning his passion for fitness into purpose. He’s carrying the torch of discipline — and I couldn’t be prouder.
From IIS to Iron: A Shared DNA
Take IIS — often dismissed as legacy tech, yet it powers critical internal systems beneath the buzzwords. But the reality is, it still powers critical internal applications..
When it breaks — when HTTP 500 errors fill your logs — assumptions won’t fix it. First, trace the issue. Dig through the logs. Slow down. Understand the root cause — then take action.
That’s the same mental muscle my son flexes in the gym. He logs his intake. Monitors results. Makes adjustments.
We train differently — I with bodyweight and discipline, he with prep meals and physique goals. The goals differ — but the grit is the same.
Here’s a script I wrote to search the most recent IIS log file for errors — the same kind of tool I use to avoid assumptions and find the real issue:
🧰 PowerShell Script: Digging Through IIS Logs
# Find the latest IIS log and search for error codes
$LogPath = "C:\inetpub\logs\LogFiles\W3SVC1"
$LatestLog = Get-ChildItem -Path $LogPath -Filter *.log | Sort-Object LastWriteTime -Descending | Select-Object -First 1
Select-String -Path $LatestLog.FullName -Pattern " 500 " | Select-Object LineNumber, Line
If it’s worth fixing, it’s worth fixing the right way.
Conclusion: Carry On
This week’s Church hymn, “Carry On,” stirred something quiet in me — It reminded me that sometimes, the holiest thing we can do is simply hold our ground. It reminded me:
It reminded me:
“Firm as the mountains around us, Stalwart and brave we stand…”
We don’t walk this path alone. Others cleared the way — now it’s our turn to keep going.
This isn’t about spotlighting effort. It’s for the ones working in silence. In server rooms. In waiting rooms. In small spaces where no one claps.
The message doesn’t seek attention — it invites action: carry on.
They say when you see a man on top of the mountain, he didn’t fall there.
He planned the climb, stumbled on jagged trails, and kept going even when the sky turned gray.
This post isn’t just about photography, or starting a new role, or PowerShell scripts. It’s about finding your footing again when life shakes your routine—whether you’re debugging a script, chasing stars at 2AM, or collecting a laptop that brings back a hundred memories.
You’ll find stories about IT challenges, career shifts, Milky Way photography, emotional storms—and most of all, how to rise above the blues when everything feels heavy.
Carrying the gear, chasing the stars—because purpose isn’t found at the summit, it’s carried every step.
⛰️ New Job, New Mountain
They say starting a new job is like standing at the foot of a mountain. The view is exciting—but the climb? Uncertain.
No one really tells you what it feels like to start over. You’re learning people, process, and pace all at once. Even if you’re an expert, you’re blind on day one. And if you’re in IT, like me, the terrain can feel like a minefield.
Pros:
A fresh start
The chance to sharpen or add new skills
A clean slate to prove your value again
Cons:
Culture shock
Pressure to perform quickly
Emotional whiplash, especially when you’re still letting go of the last place
I’ve lived this cycle more than ten times—moving from job to job, project to project. From my first IT gig where I got fired after just a few days (yes, really), to roles in telecom, manufacturing, finance, education, government, and now infrastructure engineering—every restart brought unexpected lessons.
That early firing? It broke me. But it built me too. It taught me to expect the unknowns. It made this scripture real to me:
“For of him unto whom much is given much is required.” – Luke 12:48
And that’s what they don’t tell you: Starting a job doesn’t just mean you’re on probation— it means you’re learning the language, the culture, the personalities, and the systems. Sometimes you’re expected to run before you even learn where the shoes are.
So how do I handle it?
Soft skills. Empathy. Active listening. And above all, humility.
The technical side is always tough, but people are the real challenge. Knowing how to adapt, how to read the room, and when to ask versus when to figure it out—those are the survival tools.
“If ye are prepared ye shall not fear.” – D&C 38:30 That verse? It’s more than a motto. It’s how I show up—every first day, every new login, every fresh deployment.
I’ve seen people not make it past the 90-day mark. Sometimes they didn’t fit. Sometimes the job was the problem. Sometimes—let’s be honest—they oversold their résumé, got lucky at the interview, and then the real work revealed the truth.
Others just get carried by the blues—barely holding it together until their tank runs empty.
That’s why preparation matters. You don’t go to war without gear. You don’t climb a mountain without checking your boots. And you don’t start a new role without anchoring your mindset.
Finally, land where you love. A job shouldn’t just pay the bills — it should fuel your purpose. When you love what you do, it’s a win-win: You rise, and so does the company.
But if you’re stuck in a rut just to make ends meet… eventually, it drains more than your energy — it drains your spirit.
So don’t just look for a job. Climb toward work that gives you life.
A glimpse of the heavens through earthly shadows—chasing the Milky Way isn’t just about light, it’s about learning to see in the dark.
🌌 Chasing the Milky Way
There’s something sacred about standing in the desert with the Milky Way overhead.
I’ve chased it from Joshua Tree in California to Grand Canyon in Arizona, Monument Valley in Utah, and Moab—and every time, I feel the same awe.
My process is disciplined and deliberate. I survey the area in daylight, using the PhotoPills app to map the galactic core. Then I visualize my composition, mark the safest route from the car, and prep all my gear.
Primary lens: Nikon 14-24mm f/2.8G
Backup: Nikon 24mm f/1.4G
Tripod, remote shutter, red LED headlamp
Pre-focus and manual mode to avoid lens hunting
ISO, shutter speed, aperture—all dialed in
Everything is anticipated—just like in IT. One missed step, and the whole shot—or system—can fail. Just seeing the Milky Way with your own eyes is breathtaking—but to compose it meaningfully, that takes skill.
A great Milky Way shot is not just about stars— it’s about how you prepare in the dark.
🛠 When PowerShell Becomes Armor
It’s Monday morning. Your inbox is full. A user can’t log in, the SQL service is down, and your boss wants answers.
If you’re not ready, it feels like going to war without armor.
That’s where PowerShell becomes your weapon.
Let’s say you’re troubleshooting remote system uptime across 50 servers. Instead of logging in one by one:
📊 Real-time uptime scan across multiple servers using PowerShell – one script, instant clarity.
In just 10 seconds, you’ve got eyes on the entire server fleet. Who’s up. Who’s down. Who’s silent. The sharp tech doesn’t panic—he pinpoints, isolates, and executes. Fast. Focused. Fix deployed.
PowerShell isn’t just a tool—it’s your recon drone.
Like photographing the Milky Way, the best troubleshooting happens when everything is ready before chaos begins.
🎈 Rise Above the Blues
You’re not a machine. You weren’t built to be immune to fear, fatigue, or failure.
Unlike AI, we can’t predict everything. Life throws us emotional landmines—doubt, loneliness, weariness, fear and grief. And sometimes, it hits out of nowhere. A memory. A song. A walk past an empty office.
But here’s what I’ve learned:
You don’t need to erase the blues— you rise above them.
Just like launching a balloon skyward, it takes intention:
You eat clean even when you feel messy.
You work out even when your spirit is sore.
You create even when motivation lags.
And yes, you kneel—asking God for strength.
Whether you’re debugging a failed script, standing under a galaxy of stars, or simply trying to make it through a quiet night…
💪 The Endurance Factor
Endurance isn’t just for the gym — it’s a mindset I carry into every part of my life. Whether I’m hammering out code at 2AM or waiting patiently for the perfect light in photography, the principle is the same: lasting through the grind matters more than talent alone. Battle rope training reminds me that breakthroughs come after fatigue — in the gym, in IT, and behind the lens. Those who endure, evolve. Those who push past comfort zones, create lasting impact.
Each battle rope rep runs 180 seconds — just like a boxing round. I push through up to 6 rounds, simulating the intensity of a 12-round fight. It’s not just training — it’s conditioning for IT, for life, for the moments when quitting is easier. Endurance is the quiet strength behind every breakthrough.
🎯 Precision Under Pressure: Shooting, Striking, and Showing Up
Whether I’m at the range or on the mat, the ritual is the same: Prepare. Focus. Repeat.
When I train with my pistols, I practice daily with dummy rounds—loading, unloading, chamber checks, slide control. I break them down, clean them, reassemble them blindfolded—until every movement is instinctive.
It’s the same with MMA and air punching drills. My body is conditioned not just for strength, but discipline. Every strike, every stance, is deliberate. I don’t train to show off—I train to be ready.
You see, when it’s Monday morning and something breaks at work—your system is down, a PowerShell script fails, a teammate’s counting on you—that’s your moment. That’s your live fire.
You don’t rise to the occasion. You fall back on your training.
Whether I’m troubleshooting a crashed server, hiking a steep trail for that perfect Milky Way shot, or helping someone start their climb—discipline is the thread. I’ve learned that showing up prepared is half the victory.
Just like the range:
No second chances if you’re not ready.
Precision comes from practice.
And calm comes from confidence.
🏁 Conclusion
There are mountains I’ve climbed—in IT, in life, and in silence.
From my early days as a PC Support Specialist at USC, through roles in telecom (Verizon), manufacturing (Alcoa), local government (City of West Covina), law firms, education (The Claremont Colleges), our Worldwide Church, regional banking (City National Bank), fintech (Payforward), retail (Monster Energy), global finance (PIMCO), and now as an Infrastructure Engineer in Utah—none of those summits came easy.
Even when I chase the stars with my camera, it’s the climb that makes the view meaningful.
So to anyone out there starting over, picking up the pieces, or doubting their path:
You don’t fall on a mountaintop. You climb it. And you keep climbing. Even when you’re tired. Especially when you’re tired.
