The Invisible Operator

Adrian
Vasile
Ciorba

IT Engineer. Builder of systems that shouldn't need to be built manually.

Paris, France

LinkedIn ↗ GitHub ↗ Contact
scroll
01 — The Arc

How I got here.

01

Zero to Helpdesk

I started unemployed. No network, no pedigree, no shortcuts. A Romanian in Paris figuring out how to land his first IT job. I did. That first L1 helpdesk role was the beginning of everything — not because it was glamorous, but because I treated every ticket as a system to understand rather than a problem to close.

Support teaches you what systems feel like from the user's side. Where documentation fails. Where access is confusing. Where a small friction quietly wastes hours every day. Most people start with a plan. I started with a ticket queue and figured out the rest.

02

Learning the Craft — Inside the Machine

I joined a fast-growing Paris AI biotech as L1 IT Support. At the time: a lean team, a company scaling fast, and a lot of problems that hadn't been systematised yet. Good conditions for someone who wanted to learn.

I stopped asking how do I fix this and started asking why did this happen in the first place. That question pushed me from closing tickets to understanding the systems behind them — identity, devices, onboarding, access, documentation, the full chain.

I moved to IT Engineer. Then to Information Technology Engineer. Same company, different scope — each step earned by making the previous one unnecessary.

Cutover Night

The company hired a network engineer for a firewall migration. Cutover night, he factory reset everything — Meraki switches, routers, the lot. VPN down. Wi-Fi down. Building access down. Two hundred people expected at nine.

I'd never opened a Fortinet console before that night. I stayed until 8 AM, worked through the documentation, and brought the network back online.

Not because I was the right person for the job — because I was the only one still in the building.

03

Running It All

Today I own the infrastructure that keeps a 200+ person AI biotech running: IAM, MDM, endpoint security, compliance, onboarding, offboarding, and the automations that make all of it less manual. ISO 27001 certified environment. Federated learning systems for clinical research. The kind of place where security isn't decorative.

Not a team of one — a team of one who built the systems so the team wouldn't need to be bigger.

04

The Builder Phase

Stopped waiting for tools that fit and started building them. Local LLM inference on Apple Silicon. Autonomous AI agents with approval gates and persistent memory. A personal OSINT framework. A SOC command centre dashboard integrating six security platforms. A voice-activated Mac automation system. A forensic investigation toolkit.

If it was inefficient and I had the skills to fix it, I fixed it.

05

AI Governance at the Frontier

The company builds AI for cancer diagnostics and drug discovery. I own the endpoint and enduser AI security layer — making sure AI agents running across employee machines and workflows are discovered, monitored, and governed using Geordie AI. Represented the Security pillar at a two-day leadership workshop in Edinburgh.

The intersection of AI capability and AI risk is where the interesting problems live right now. Most companies write governance policies to check a box. I built one that people actually follow.

Context

The ADHD note — because it makes the rest make sense

I was diagnosed with ADHD as an adult. In retrospect, it explains everything: the hyperfocus that produces in 48 hours what should take weeks, the drive to build systems that externalise structure instead of relying on internal organisation, the discomfort with maintenance and the gravitational pull toward new problems.

It is not a liability — it is the engine. The autonomous agents, the obsessive documentation, the comprehensive dashboards: these are coping mechanisms that became superpowers.

Right Now

What I'm working on.

Currently Building
Autonomous Task Agent
Multi-context task execution with Screenpipe, approval gates, and persistent memory. Teaching it to handle work and personal tasks autonomously.
Security Overwatch Dashboard
SOC command centre pulling live data from six security platforms into one drag-and-drop view.
Vanta Compliance Automation
Using Claude Code + MCP to turn manual compliance remediation into an autonomous pipeline.
Currently Learning
AI Governance & ISO 42001
Deepening the security pillar of the AI governance program. Building maturity roadmaps and risk taxonomies.
MCP Server Architecture
Designing bidirectional sync servers and compliance automation pipelines using the Model Context Protocol.
Local LLM Inference Optimization
Pushing what's possible with on-device inference on Apple Silicon — faster-whisper, qwen2.5-coder, Ollama pipelines.
03 — Capabilities

What I work with.

Using daily Actively learning Exploring
Identity & Access Management
  • Okta (admin, Workflows, ISPM, ITP)
  • Lifecycle management & SCIM provisioning
  • LDAP / directory services
  • Okta Identity Threat Protection
Endpoint & Device Management
  • CrowdStrike Falcon (EDR)
  • Kandji (macOS MDM)
  • Apple Silicon fleet management
  • macOS security hardening
Compliance & Security
  • Vanta (SOC 2 / ISO 27001 automation)
  • ISO 27001 framework
  • Security policy authoring
  • SOC 2 Type II controls
  • GDPR (French DPA context)
Cloud & SaaS Administration
  • Google Workspace (admin, Groups, Drive)
  • Atlassian suite (Jira, Confluence, JSM)
  • Slack administration
  • Notion workspace architecture
  • GCP
Programming & Scripting
  • Python (automation, data pipelines, APIs)
  • TypeScript / JavaScript (Node.js, MCP)
  • Bash · SQL (PostgreSQL)
  • Google Apps Script
  • PowerShell (Windows forensics)
AI & Automation
  • Claude API / Anthropic SDK
  • Claude Code (agentic coding)
  • Model Context Protocol (MCP) server design
  • Local LLM inference (Ollama, Apple Silicon)
  • Autonomous agent architecture
  • Vector databases (ChromaDB)
  • Screenpipe integration
CRM & ERP
  • Odoo 19 (admin, dev, custom fields)
  • Marketing automation & CRM pipelines
  • Large-scale data migration (3M+ records)
Infrastructure
  • Apple Silicon (UTM, APFS encrypted volumes)
  • Bot / messaging integration
  • Proxmox (home lab)
  • UniFi networking
  • Docker
Security Operations
  • Wiz (cloud security posture management)
  • Abnormal Security (email threat protection)
  • Dashlane (password manager fleet)
  • OSINT methodology & tooling
  • Digital forensics (Windows artefacts)
Leadership & Governance
  • AI Governance program design
  • Security policy & stakeholder communication
  • Contract analysis & vendor management
  • Cross-functional project delivery
  • Technical documentation (Notion, Confluence)
04 — Work

Things I've built.

Production — running in real environments

JSM → Okta Access Pipeline

Production

End-to-end access request automation. Employee submits ticket → Okta Workflow routes for manager approval → access provisioned automatically.

Jira Service Mgmt Okta Workflows Atlassian Assets
Employee submits a JSM ticket → Okta Workflow triggers → routes to the correct manager for approval using HR Directory data from JSM Assets (nearly 400 employees synced from Okta) → automatically provisions access on approval. Zero manual IT steps.

Contractor Lifecycle Automation

Production

Weekly automated pipeline that reads DocuSign CSV attachments and manages contractor Okta accounts — from creation to daily expiry deactivation.

Google Apps Script Okta Workflows DocuSign
Google Apps Script scans DocuSign CSV email attachments weekly, sanitises contractor names, and fires HTTP POSTs to Okta Workflows for create-or-update logic. A separate daily flow handles expiry deactivation.

JumpCloud → Okta SSO + Kandji MDM

Production

Solo migration of 50+ SSO-integrated apps and a full macOS device fleet. Near-zero downtime. Zero user-impacting outages.

Okta Kandji JumpCloud SSO SCIM Bash
JumpCloud was handling both MDM for the full device fleet and SSO for 50+ applications. The migration separated those two concerns: Okta took over SSO (with SCIM provisioning), Kandji took over MDM. Every single application had to be reconfigured without breaking access mid-transition.

The manager's summary: "You changed the pipes inside a house while people were living there, having their showers, doing their daily stuff."
Operational — built, deployed, working

Personal AI Agent System

Operational

AI agent running locally on Apple Silicon with persistent memory in Obsidian, accessible via messaging bot and exposed through a custom MCP server.

Claude API MCP Obsidian
A personal AI assistant running on Apple Silicon via the Anthropic API. Always-available through a messaging bot. Persistent memory stored in an Obsidian vault. Exposed through a custom MCP server for structured access to memory, tasks, and integrations.

Digital Forensic Toolkit

Operational

PowerShell-based forensic investigation toolkit covering 15 artefact categories across file system, browser, registry, and USB traces.

PowerShell Windows Forensics
Covers 15 artefact categories: browser history, clipboard contents, registry analysis, USB traces, file access logs, recently used documents, print spooler logs, and more. Written in PowerShell to run without installing external tools on the target machine.

Napta ↔ Notion Sync

Operational

MCP server enabling bidirectional sync between Napta (resource planning) and Notion (documentation and tracking).

TypeScript MCP SDK Napta API Notion API
Resource planning data lives in Napta; documentation and project tracking lives in Notion. This MCP server bridges them bidirectionally — changes in either system propagate correctly without manual copy-paste.

AI Governance Program

Operational

Endpoint and enduser AI security program for a Paris AI biotech. Geordie AI deployment for AI agent discovery, monitoring, and governance. Presented Security pillar at Edinburgh leadership workshop.

Geordie AI Policy Authoring Notion ISO 42001 Stakeholder Mgmt
Own the AI Tool & Endpoint Security pillar — discovering AI agents running across endpoints, establishing behavioral baselines, and governing how employees use AI tools. Deployed Geordie AI for visibility and runtime observability. Presented the Security pillar at a two-day leadership workshop in Edinburgh.

OSINT Toolkit & Dashboard

Operational

Reusable OSINT investigation framework: CLI tools + local web dashboard for structured searches across registries, databases, and public records.

Python CLI OpenCorporates OpenSanctions WHOIS/DNS ICIJ
Covers: French company registry, OpenCorporates, OpenSanctions, WHOIS and DNS lookups, email and domain checks, phone number parsing, social presence checks, ICIJ offshore leaks database, OCCRP Aleph. Outputs structured reports and auto-creates case folders.

OSINT Visualization — Mind-Map

Operational

Local browser-based mind-map for presenting investigation findings: entity relationships, timelines, source links, and evidence trails.

Browser-based Local-first Mind-map Case visualization
Investigation findings are only useful if the audience understands them. Presents entity relationships, timelines, source links, and evidence trails visually. Designed for clear handoff — not for analysts. Local-first so nothing leaves the machine.

Workspace Overwatch — DLP Engine

Operational

In-house DLP and email intelligence system. Queries the full Google Workspace to surface flagged emails and potential data leakage — including what standard tools miss.

Google Workspace APIs Python Custom DLP rules Email analysis
Built after Metomic wasn't flagging everything that needed attention. Custom system that queries the full Google Workspace — email, Drive, shared content — applies custom DLP rules, and surfaces leakage vectors the standard tools were missing.
Active Build — in development now

Autonomous Task Agent

Active Build

Autonomous task execution agent. Watches Screenpipe output, classifies tasks across work and personal contexts, executes with approval-gated flows.

TypeScript Screenpipe Claude API Okta Jira Slack
Watches Screenpipe output continuously. Classifies tasks across work and personal contexts. Routes tasks with a confidence threshold — anything below triggers a "teach protocol" so unknown tasks can be trained. Integrates with Slack, Jira, and Okta for execution. Includes a persistent memory layer and DRY_RUN mode for safe testing.

Security Overwatch

Active Build

SOC Command Centre dashboard integrating six security platforms into a single drag-and-drop operational view.

React Apache ECharts CrowdStrike Wiz Abnormal Okta Vanta
A React-based command centre pulling live data from CrowdStrike, Wiz, Abnormal Security, Okta, Dashlane, and Vanta. Features a real-time threat feed, a 3D threat globe, and a drag-and-drop widget system. One screen to tell you whether security is holding.

Vanta Compliance Automation

Active Build

Claude Code + MCP architecture for automated Vanta compliance control remediation. Turns a manual audit checklist into an autonomous remediation pipeline.

Claude Code Vanta API MCP
Phase 1 established the OAuth2 client credentials flow and mapped the phased control remediation roadmap. The agent reads failing controls, determines remediation actions, and executes them — with human review gates for anything destructive. Treating compliance as code.
Concept — designed, not yet built

Voice-Activated Mac Automation

Concept

Three-layer pipeline: faster-whisper for speech-to-text → Claude for intent classification → osascript for macOS execution. All local.

Python faster-whisper Claude API osascript
Spec complete. Layer one: faster-whisper locally for low-latency STT. Layer two: Claude API for intent classification. Layer three: osascript for macOS execution. Hands-free Mac automation without cloud dependencies for STT.

Glyde

Concept

Browser extension concept for local-first AI email intelligence. Security code review pipeline built on qwen2.5-coder:32b running on M4 Max.

Browser Extension Local LLM qwen2.5-coder
An email intelligence layer that runs inference locally to classify, summarise, and flag emails. Built a security code review pipeline as proof of concept using qwen2.5-coder:32b on an M4 Max. Architecture designed; implementation pending prioritisation.
05 — Cases & Investigations

Things I've investigated.

Real-world investigative work — OSINT, forensics, security incidents, and account recoveries. Names and identifying details are omitted. Methods and outcomes are not. The best investigation is the one where the other side never knows it happened.

OSINT

Corporate Fraud Mapping — Cross-Border Network

Entity mapping across a French-Israeli business network. Corporate registries, liquidation records, court and public records, cross-border activity analysis. Source grading between verified public evidence and unverified claims.

Company registries OpenCorporates Court records Entity relationship mapping Source grading Cross-border analysis
OSINT

Disputed Social Media Asset Recovery

Investigation around a contested social media page linked to an influencer's account. Page and profile metadata analysis, ownership trail reconstruction, evidence preservation, Meta recovery path mapping, and legal authorization requirements documentation.

Platform metadata Ownership analysis Evidence preservation Meta recovery paths Account security
Forensics

Data Destruction & Exfiltration Investigation

Security investigation into a company suspected of deliberate data deletion and potential exfiltration. Incident scoping, artefact analysis, and timeline reconstruction to determine what was deleted, when, and by whom.

Incident scoping Artefact analysis Timeline reconstruction Evidence documentation
Recovery

Hijacked Microsoft Account Recovery

Recovered a compromised Microsoft account using recovery path enumeration, OSINT-assisted identity verification, and escalation through Microsoft support channels.

OSINT-assisted verification Microsoft recovery paths Account hardening
Security Audit

Microsoft 365 Post-Incident Security Audit

Full security audit of a Microsoft 365 environment following an email scam. Found Defender disabled, MFA not enforced, and multiple misconfigured defaults — none of which the internal IT team had flagged. Delivered a full remediation roadmap.

M365 Security Center Microsoft Defender MFA audit Conditional Access Admin Center Remediation roadmap
06 — Credentials

Training & certifications.

Foundation

  • Certified Computer Network Administrator
    Link Academy Romania · 98% score
  • Google IT Support Certificate
    Google · Coursera
  • Google Cybersecurity Certificate
    Google · Coursera

Identity & Device Management

  • JumpCloud Core Certification
    JumpCloud
  • JumpCloud Advanced Certification
    JumpCloud
  • JumpCloud Certified Expert
    JumpCloud
  • Okta Identity Threat Protection (ITP)
    Okta · Training & Assessment · 2026
  • Okta Identity Security Posture Management (ISPM)
    Okta · Training & Assessment · 2026

Security & Compliance

  • Abnormal Security Essentials
    Abnormal Security
  • Abnormal Security — Google Workspace Tenant Integration
    Abnormal Security
  • XM Cyber Exposure Management Certification
    XM Cyber
  • Vanta Admin Certification
    Vanta

AI & Automation

  • Anthropic Skilljar — Multiple modules completed
    Anthropic · Claude, Claude Code, AI safety & workflow design

Events & Training

  • AI Safety & Governance Workshop
    Edinburgh, Scotland · May 2026 · Security pillar representative