system: available_for_hire
resume / sean ball

Sean Ball.
VP of IT looking for
VP, Infra & Ops in Denver.

Sixteen-plus years building, leading, and modernizing IT for community-focused credit unions. Currently leading infrastructure and operations at Direct FCU; previously VP IT Operations & Infrastructure at CapEd. Independently designed and built a per-tenant identity governance platform purpose-built for mid-market credit unions, after watching the same gap surface across two operations roles.

01 · Infrastructure
DR, backup, network, M365, AD/Entra
02 · Governance
AI, vendor, examiner-readiness, SoD
03 · Identity
HRIS→AD→Entra lifecycle, IGA, UAR
04 · Leadership
Team of 4–15; vendor & budget ownership
Ask the resume See experience
01 / outcomes

What I've moved.

6 headline metrics
DR
60 → 10 min
Worst-case core RTO
CapEd · 2021–2022 · DR redesign + runbook

Redesigned core-system recovery; RPO held under 5 min. Documented and tested quarterly with the same team that runs production.

SecOps
−98%
Internal alert noise
CapEd · MDR partnership

Reclaimed ~4 hours/week of analyst work. Baseline shifted from 'investigate every alert' to 'investigate what survives MDR triage'.

Modernization
18 → 9 min
Average member call wait
CapEd · phone modernization

Cut average wait time by >50% through contact-center modernization and routing redesign.

FinOps
$36K/yr
Microsoft licensing savings
CapEd · 150+ users

License-tier rationalization across CapEd's M365 estate without removing any capability staff actually used.

AI Strategy
$0 → $5–15K
Phased AI budget ask
Direct FCU · current

Zero-cost Phase 0 governance earns the right to request Phase 1b platform budget — sequencing, not optimism.

Identity
4 tiers
App integration model
Independent IGA project

Entra Managed / AD Linked / Importable / Attestation — pragmatic answer to 'what about apps that don't have SSO?'

02 / experience

Where I've done it.

Click any role to expand

VP of Information Technology

— current
Direct Federal Credit Union · Needham, MA
Mar 2025present

Leading IT for a cloud-forward Massachusetts credit union mid-modernization across phone, backup, endpoint, SASE, and infrastructure.

scope · ownership
  • Team of 4 (direct)
  • Contact center: RingCentral → Glia
  • Org-wide phone: RingCentral → MS Teams Phone
  • Backup: Veeam-on-Data Domain → Veeam + Scality ARTESCA S3
  • Endpoint: VDI → traditional desktops with ManageEngine Endpoint Central
  • Network: Cisco firewall → Cato Networks SASE
  • Infrastructure: on-prem virtual servers → hosted private cloud
headline outcomes
  • Authored and presented the AI strategy now executing across the credit union
  • Sequenced governance-first to make Phase 1 budget asks credible

VP of IT Operations and Infrastructure

CapEd Credit Union · Meridian, ID
Apr 2021Mar 2025

Owned IT capital and operating budget. Led the team that rebuilt DR, modernized the contact center, and rolled out MDR.

IT Manager → IT Specialist → Help Desk → Teller

CapEd Credit Union · Meridian, ID
Aug 2008Apr 2021

Sixteen-plus year tenure climbing from a member-facing teller role to IT Manager, owning progressively larger pieces of CapEd's technology stack.
03 / case studies

Three projects worth a closer look.

Tabs ↓
AI StrategyDirect Federal Credit Union · 2025–2026

AI as a Capacity Multiplier

Strategy presented to Direct FCU leadership · VP of Information Technology

A governance-first AI strategy framing capacity (not headcount) as the win, sequenced so zero-cost Phase 0 governance work earns the right to request Phase 1 platform budget.

"The risk is not adopting AI; the risk is un-governed AI."
what shipped
  • 01Zero-cost Phase 0: governance framework, Microsoft DPA review, Customer Lockbox, 8-stage use-case lifecycle
  • 02Phase 1a: Copilot Studio knowledge agent grounded on bounded SharePoint, capped under $2K/yr
  • 03Phase 1b: Azure Golden Path + AI-Assisted Builder Program, $5–15K, gated on Phase 0 evidence
  • 04Phase 1c: 12 weeks of stabilization before any Phase 2 scoping — measurement, not optimism
  • 05AI-Assisted Builder Program: 4 approved surfaces, hard cap on review queue, no shadow tooling
deliberately excluded
  • No member-facing AI features
  • No autonomous decision-making
  • No member PII in external AI services
  • No core write-back
  • No role eliminations
04 / skills

The toolkit, with depth honestly labeled.

Filter ↓
practiced
proficient
expert
Infrastructure & Operations

The day-to-day stack — what runs the business, who owns it, and what breaks.

Microsoft 365
Active Directory / Entra ID
Veeam
Azure
AWS CCP certified; Azure-equivalent in progress
VMware / Hyper-V
Cisco / Cato SASE
AI strategy & governance

Authoring and executing AI strategy in regulated environments — governance frameworks, use-case lifecycles, vendor evaluation, and the discipline to sequence governance before deployment.

Executive AI strategy authoring
Authored and presented Direct FCU's AI strategy to executive leadership; full document set + change log in `ai-capacity-multiplier` repo.
AI governance framework design
8-stage use-case lifecycle, separation of concerns across R/C/S, IT, and coordinator roles.
Microsoft Copilot Studio
Phase 1a knowledge agent design grounded on bounded SharePoint, deployed in Teams.
AI vendor evaluation
DPA review, Customer Lockbox, M365 E7/Frontier Suite + Agent 365 evaluation.
AI-assisted development governance
Distinguishing AI features in products from AI tools used to build them; review queues, surface limits, sustainment ownership.
Anthropic API integration
Pluggable provider pattern in the IGA platform's AI connector layer.
Identity, lifecycle & IGA

Identity governance and joiner-mover-leaver automation across Active Directory, Entra ID, M365, and the long tail of credit-union applications that don't fit a clean SSO story.

Active Directory & Entra ID lifecycle
Operationally at two credit unions; designed and built an automation platform around it.
HRIS → IdP → app provisioning
Webhook-driven automation with workflow engine including SYNC_WAIT polling for AD Connect.
User Access Reviews (UAR)
Periodic certification campaigns; designed app-owner attestation workflow for non-integrated systems.
Separation of Duties
Toxic combination definitions, scanning, and pre-check on provisioning.
NCUA/FFIEC examiner evidence
Termination revocation, new-hire provisioning, privileged user inventory, asset custody, audit trail — both as a VP under exam and as the platform author.
Application access cataloging
Four-tier classification: Entra Managed, AD Linked, Importable, Attestation.
05 / philosophy

How I think about the work.

essay

How I pick a vendor

Three questions I ask before any line item over $25K.

Placeholder. Sean will replace this in M3 with a real essay.

The three questions

  1. Who, specifically, will I call when this breaks at 11pm on a Sunday?
  2. Will this still be the right product two renewals from now?
  3. What’s the exit cost if the answer to (2) becomes “no”?

These aren’t trick questions. They are the questions whose answers should already exist in writing before the contract goes to legal — not after.

essay

Governance as foundation, not a tax

Why I sequence governance before deployment on emerging-tech adoption — and why 'the risk is not adopting AI; the risk is un-governed AI' is the right framing for regulated environments.

Placeholder. Full piece to come during Milestone 3, drawing on the Direct FCU AI strategy and operational experience at CapEd.

The argument in three lines

  1. BCG’s research keeps showing ~70% of AI outcomes are people and process, ~20% infrastructure, ~10% algorithms. Governance is where the value lives.
  2. AI is entering the organization whether or not anyone governs it — staff subscriptions, vendor-embedded features, regulator attention. The choice is governed front door or un-governed back door.
  3. Zero-cost governance work earns the right to request platform budget with evidence. It’s not bureaucracy — it’s how you make the budget ask credible.

Why this isn’t slow

The strategy that frames this work runs Phase 0 (governance) and Phase 1a (pilot knowledge agent) in parallel. Governance-first is a sequencing argument about budget asks, not a freeze on delivery.

06 / credentials

Education and certifications.

education
  • MBA, Information Technology
    Western Governors University · 2024
  • BS, Data Management & Data Analytics
    Western Governors University · 2021
certifications
  • AWS Certified Cloud Practitioner 2022
  • CIW Data Analyst 2021
  • CompTIA Project+ 2019
  • CompTIA A+ 2016
  • CompTIA Network+ 2016
07 / live ops

This site, instrumented.

Mock data — M6 swaps in /api/metrics
GET /api/metrics· region=East US
tick: 0
uptime (30d)
99.987%
p50 latency
142ms
p95 latency
380ms
chat req (24h)
47
indexed docs
11
indexed chunks
138
deploys (7d)
3
azure cost (30d)
$4.21
request_rate · 24hlast deploy: 2 days ago

On the deployed site this panel will read from a real Azure App Insights endpoint provisioned via Bicep — public observability is part of the proof-of-craft. Here it's mocked, but the schema is real.

08 / ask the resume

Talk to a model that's read all of this.

Backend lands in M5
POST /api/chat· grounded · M5
// suggested questions