████████╗ █████╗ ██████╗ ███████╗██╗  ██╗
 ╚══██╔══╝██╔══██╗██╔══██╗██╔════╝██║ ██╔╝
    ██║   ███████║██████╔╝█████╗  █████╔╝
    ██║   ██╔══██║██╔══██╗██╔══╝  ██╔═██╗
    ██║   ██║  ██║██║  ██║███████╗██║  ██╗
    ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝

Security · Infrastructure · AI @ Harvard

tarek@portfolio ~
[email protected]:~$
$ open terminal
AVAILABLE FOR CONSULTING & INTERESTING PROJECTS

Tarek Aloch

Senior Microsoft platform engineer. 10+ years across M365, Entra ID, Defender, and Jamf. Currently building AI governance at Harvard Business Publishing and consulting on M365 security for CBS Medical Billing. Open to senior platform or AI governance roles.

Current
Oct 2025 — Present
Harvard Business Publishing

Power Platform & AI Governance Administrator

Sole owner of the Power Platform and Copilot governance function for the global editorial and executive-learning nonprofit under Harvard University. Deployed the Microsoft CoE Starter Kit and Copilot Studio Kit; built an agent-review pipeline shipping 46 governed production agents and 8–10 generative-AI projects across seven departments; enrolled HBP in Microsoft's Frontier Firm program. Rated 90% aligned with Microsoft best practices by Pragmatic Works in an external governance review.

46
Governed agents
207+
Makers onboarded
200+
Flows managed
Copilot StudioCoE Starter KitPower PlatformFrontier FirmAgent ReviewEntra ID
Feb 2025 — Present
CBS Medical Billing

IT Security Consultant

Rebuilt infrastructure from scratch. A+ SSL rating. 100 Lighthouse score on cbsworcester.com. Ongoing M365 security advisory.

Visit → GitHub

Most Recent
Jun — Oct 2025
UKG (contract)

Endpoint Automation — ServiceNow & Tanium

Led UKG's company-wide Dell laptop driver automation initiative via Tanium. Contributed ServiceNow configurator work across ITSM request and incident processes, plus a Tanium-to-ServiceNow integration with a human-in-the-loop exception pattern for BIOS update reboots.

Track Record
2020 — 2023 · 3+ years
Patient Funding Alternatives

IT Security & Infrastructure Lead

Built enterprise security from zero for a healthcare-finance firm. Secure Score 35% to 85%+. HITRUST audit readiness ~90%. Defender for Endpoint, Microsoft Sentinel SIEM, Jamf Pro for ~100 macOS devices. KnowBe4 program cut phishing susceptibility by 70%. Managed $250K+ in vendor contracts.

100%
Phishing eliminated
35→85%
Secure Score
~90%
HITRUST ready
Zero TrustMicrosoft SentinelJamf ProIntuneConditional AccessDKIM/SPF/DMARC
Earlier
Skunk Works R&D · 2023 — 2025
T-Pot honeypot deployment · Project ChronoView · infrastructure + automation work.
Visit →
CBS Medical Billing · 2016 — 2020 · 4+ years
Led the help desk team. Developed technical training materials for end users.
Bose · 2013 — 2015
macOS / iOS / Wi-Fi support. Terminal-level diagnostic work across Mac + Windows.
Projects

honeypot.tarek.ai

T-Pot honeypot deployment for threat intelligence research. Live attack visualization.

Oracle Cloud · Docker · T-Pot · ELK Stack

Project ChronoView

Visual anomaly detection for browser automation. Puppeteer + eBPF system monitoring.

Puppeteer · eBPF · Node.js · Computer Vision

cbsworcester.com

Live deliverable for CBS Medical Billing. A+ SSL, 100 Lighthouse.

Astro · Cloudflare · M365 Security
Education
H

Harvard Extension School

ALB, Computer Science

Connect
LinkedIn GitHub Email: reach via LinkedIn