Resume Defense Guide

"I took Windows System Administration at UW-Tacoma where we covered AD from the ground up — setting up domain controllers, managing users and groups, applying Group Policy. After graduating I wanted to keep those skills sharp so I built a home lab running Windows Server 2022. I've got a domain set up, configured DNS and DHCP, created OUs to organize users, and practiced applying GPOs to push settings across machines. It's basically a scaled-down version of what you'd see in a real environment."

"A user account represents a person who logs in — it has credentials, group memberships, and gets Group Policy applied based on where it sits in the OU structure. A computer account represents a machine that's joined to the domain. It authenticates to the domain separately, and you can also apply GPOs to computer accounts to control things at the machine level regardless of who logs in."

"In Active Directory Users and Computers, I'd find the user, right-click, and go to Properties. Under the Account tab there's an 'Unlock account' checkbox if it's locked. I'd also reset the password there if needed and make sure 'User must change password at next logon' is checked so they set their own. Then I'd check the event logs to see what caused the lockout — could be a service running with old credentials or a phone still trying the old password."

"A GPO is basically a set of rules you push from the domain controller to users or computers. Instead of configuring each machine individually you define the policy once and it applies automatically. Common uses are enforcing password complexity, mapping network drives, controlling screensaver lock times, or restricting what users can access. It's a huge time saver in any environment with more than a handful of machines."

"Sure — it's a 7-layer framework for how network communication works. Bottom up: Physical (cables, signals), Data Link (MAC addresses, switches), Network (IP addresses, routing), Transport (TCP/UDP, ports), Session (managing connections), Presentation (encryption, data formatting), Application (what the user interacts with — HTTP, DNS, FTP). In practice when you're troubleshooting you usually work bottom-up — is it a cable issue, is it getting an IP, can it reach the gateway, can it resolve DNS."

"TCP is connection-oriented — it does a handshake, guarantees delivery, and retransmits if packets are lost. Good for anything where data integrity matters, like file transfers or web pages. UDP is connectionless — it just fires packets and doesn't check if they arrived. Much faster, used for things like streaming video, gaming, or DNS lookups where a little loss is acceptable but speed matters."

"Subnetting is dividing a network into smaller logical segments. It matters for a few reasons — security (you can isolate departments so accounting can't talk directly to engineering without going through a firewall), performance (smaller broadcast domains means less noise), and efficient use of IP addresses. A subnet mask tells devices which part of an IP address is the network and which part identifies the host."

"DNS translates domain names to IP addresses. Without it you'd have to memorize IP addresses for every website or server. When it fails, users typically can't reach anything by name — browsers say 'site can't be reached' — but if you ping the IP directly it still works. That's usually the tell. Troubleshooting steps: check if the DNS server is reachable, try nslookup to test resolution, check if the DNS service is running on the server."

"Confidentiality, Integrity, and Availability — the three core goals of information security. Confidentiality means only authorized people can access data. Integrity means data hasn't been tampered with. Availability means systems are up and accessible when needed. Most security decisions come back to balancing these three — sometimes you tighten confidentiality in a way that impacts availability, and you have to weigh that tradeoff."

"InfraGard is an FBI public-private partnership focused on infrastructure protection. The internship was part of a structured two-quarter academic program through UW-Tacoma. I got exposure to how public and private sector organizations collaborate on security threats, critical infrastructure protection, and information sharing. It reinforced the organizational side of security — not just the technical controls but the policies and communication structures around them."

"Least privilege means users and systems only get the access they absolutely need to do their job — nothing more. It limits the blast radius if an account gets compromised. If a standard user account gets phished, the attacker only has that user's permissions. If that same user had admin rights, you've got a much bigger problem. It's a foundational principle — in AD you'd apply it by not making regular users local admins and using separate admin accounts for elevated tasks."

"Start simple — is it plugged in, is the power strip on, is the outlet working? Check the power cable and try a known-good one. If the machine powers on but nothing displays, check the monitor connection. If there's no POST at all, could be a PSU issue, a RAM seating problem, or a dead CMOS battery. I'd reseat the RAM first since that's quick and common. From there it's checking if the PSU is delivering power — using a multimeter or a PSU tester. Systematic, start cheap and easy before assuming major component failure."

"I worked helpdesk where I handled first-line support — password resets, software installs, hardware issues, and escalating anything that needed a deeper look. You get good at reading people in that role — someone calls in frustrated and your job is to solve the problem and leave them feeling heard. I got comfortable with ticketing workflows and documenting what I did so the next tech isn't starting from scratch."

"First — let them finish. Don't interrupt. Once they've said their piece, acknowledge it: 'I understand this is affecting your work, let's get it sorted.' Then take control of the conversation by asking focused questions. People calm down when they feel like someone competent is handling it. I don't take the frustration personally — they're not mad at me, they're mad that their computer isn't working. My job is to be the calm one in the room."

"I set up a home lab running Windows Server 2022 to keep my skills current after graduating. I've got a domain controller configured, AD DS running with users and OUs, DNS and DHCP set up, and I use it to practice things like Group Policy, user management, and backup configurations. It's hands-on practice that goes beyond what you can learn in a classroom — you run into real issues and have to figure them out. Currently also in the middle of building a water-cooled PC which has been a deep dive into hardware."

"Backup is copying data so you can restore it if something goes wrong — a file gets deleted, a drive fails. Disaster recovery is the bigger picture plan for how you get an entire system or organization back online after a major event — fire, ransomware, data center outage. Backup is a component of DR, but DR also covers things like failover systems, recovery time objectives, and communication plans. One is the tool, the other is the strategy."

"Most breaches exploit known vulnerabilities that already have patches available — patching is one of the highest-return security tasks. My approach would be to test patches in a non-production environment first when possible, then roll out in batches rather than everything at once so you can catch issues. In a Windows environment you'd use WSUS or Intune to manage and schedule updates centrally rather than touching every machine manually."

"I have a B.S. in IT Networking from UW-Tacoma and an A.A.S. from Green River — the program had a strong hands-on focus, everything from networking and Windows administration to security and infrastructure. I did an internship with InfraGard through the program, which was an FBI public-private partnership focused on infrastructure security. After graduating I dealt with a health matter that's now resolved, and I've been actively re-skilling — I've got a home lab running Windows Server 2022, I'm currently building a water-cooled PC, and I'm working toward my Network+ certification. I'm bilingual in English and Spanish, and I'm ready to bring that background into an IT role."

"I dealt with a personal health matter that took priority for a period — it's resolved now. During that time I didn't stop engaging with technology. I kept up with the field, and more recently I've been actively building back — home lab, studying for certifications, and working on personal projects. I'm in a good place now and focused on getting into the right role."

"Customize this per company — but the structure is: [something specific about what they do or their mission] + [how your background connects] + [what you want to contribute]. For xAI for example: 'I want to be part of an organization that's building something genuinely new. The IT infrastructure supporting that work is critical, and I want to be part of the team keeping it running. My background in Windows administration and networking gives me a solid foundation to contribute from day one.'"

"I want to grow into a systems or network administrator role. Right now I'm focused on building strong fundamentals in IT support and infrastructure — earning my Network+ and Security+ certifications is part of that plan. In five years I'd like to be the person who owns the infrastructure, not just supports it. I see this role as the right starting point for that trajectory."

"A hub broadcasts everything to all ports — dumb device, creates a lot of noise. A switch is smarter — it learns which device is on which port and sends traffic only where it needs to go, using MAC addresses. A router connects different networks together and routes traffic between them using IP addresses — it's what connects your LAN to the internet."

"DHCP automatically assigns IP addresses to devices on the network. If it goes down, new devices can't get an IP and will fall back to an APIPA address (169.254.x.x) which means they can't communicate properly on the network. Devices that already have a lease keep it until it expires. Fix: restart the DHCP service, check if the server is reachable, or temporarily assign static IPs if it's urgent."

"It clears the local DNS cache. Windows caches DNS lookups to speed things up, but sometimes that cache has stale or incorrect entries — a site moved to a new IP, or a domain change hasn't propagated fully. Flushing the cache forces Windows to do a fresh DNS lookup next time. It's a common first step when someone says a website is loading the wrong thing or timing out."

"RAID stands for Redundant Array of Independent Disks — it's a way to combine multiple drives for redundancy or performance. RAID 1 mirrors data across two drives — if one fails you don't lose anything. RAID 5 stripes data with parity across three or more drives — good balance of performance and redundancy. RAID 0 stripes for speed but has no redundancy — one drive fails, you lose everything. Important note: RAID is not a backup strategy, it just protects against drive failure."

"HTTP is unencrypted — data travels in plain text, anyone intercepting the traffic can read it. HTTPS adds TLS encryption, so the data is encrypted in transit. The server has an SSL/TLS certificate that the browser verifies. Any site handling logins, payments, or sensitive data should be HTTPS — and honestly at this point everything should be."

"Not in a production environment, but I've been building that knowledge actively. I understand the core concept — you take a configured, Sysprep'd base image, capture it as a WIM file, and deploy it to new machines so every device ships with the same baseline config. In enterprise environments that's usually managed through tools like Intune, SCCM, or WDS. I've been exploring Intune through a dev tenant to get hands-on with the enrollment and policy deployment side."

"Intune is Microsoft's cloud-based MDM and MAM platform. MDM — Mobile Device Management — lets you enroll devices and push policies to them remotely. You can enforce encryption, require PINs, push software, and wipe a device if it's lost or stolen. MAM — Mobile Application Management — lets you control apps on devices, even personal ones, without full device control. In a helpdesk context, Intune is how you'd image a laptop remotely, enroll it into the org's device management, and push the standard config before it ever reaches the user."

"Sysprep — System Preparation Tool — strips a Windows machine of its unique identifiers before you capture the image. Specifically it removes the SID (Security Identifier), the computer name, and resets activation. This is critical because if you clone a machine without Sysprep, every device on the network would have the same SID — which causes identity conflicts in Active Directory. Sysprep puts the machine into OOBE (Out-of-Box Experience) so the next boot triggers first-time setup and generates fresh unique IDs."

Practice plan:

1. WDS in your home lab — Install Windows Deployment Services on your Windows Server 2022 VM. Set up PXE boot so client VMs can pull an image over the network. Capture a base Windows 11 image.

2. Microsoft 365 Dev Tenant — Sign up free at developer.microsoft.com. This gives you access to Intune. Create a test device, enroll it, and push a compliance policy.

3. Windows ADK + DISM — Use the Assessment and Deployment Kit to practice capturing and applying WIM images manually from the command line. Get comfortable with: dism /capture-image and dism /apply-image.

"I'd go into the M365 Admin Center, create a new user account — name, username, assign a license so they get their apps (Exchange, Teams, etc.). Then I'd set up their mailbox, add them to the right groups and distribution lists, configure MFA, and make sure they're in the right Entra ID groups so Conditional Access policies apply correctly. Then I'd hand off credentials, walk them through setting up their authenticator app, and confirm everything is working — email, Teams, access to the shared drives they need."

"On-prem AD is the traditional domain controller running in your datacenter — it manages computers and users on the local network using LDAP and Kerberos. Entra ID (formerly Azure AD) is Microsoft's cloud-based identity platform — it handles authentication for cloud services like M365, Teams, and third-party SaaS apps using OAuth and SAML. Many orgs run both in a hybrid setup where on-prem AD syncs to Entra ID via Azure AD Connect, so users have one login for everything. Entra ID doesn't replace on-prem AD for managing local machines — that's still what you'd do with Group Policy."

"Conditional Access is Entra ID's policy engine — it lets you set rules for when and how users can access resources. For example: require MFA when signing in from outside the corporate network, block access from non-compliant devices, or restrict certain apps to managed devices only. It's essentially 'if this, then that' logic applied to authentication. From a helpdesk perspective, it's relevant because when a user can't access something, Conditional Access policy is one of the first things to check — their device might not be enrolled or compliant."

Practice plan (free):

1. M365 Developer Program — Sign up at developer.microsoft.com/microsoft-365/dev-program. Get a free 90-day M365 E5 sandbox (renewable if active). Full admin access, 25 user licenses, everything.

2. Create and license users — Practice the full onboarding flow: create user → assign license → verify mailbox → add to groups → enable MFA.

3. Explore Entra ID — Set up a Conditional Access policy (e.g., require MFA for all sign-ins). Create security groups and dynamic groups.

4. Exchange Admin Center — Create shared mailboxes, set up mail flow rules, practice adding aliases.

"An incident is an unplanned interruption — something broke and needs to be fixed now. A problem is the root cause investigation — why did it break, and how do we make sure it doesn't happen again. In a helpdesk context: a user can't log in is an incident — you fix it fast, get them back to work. If ten users are all getting locked out every week, that pattern becomes a problem record you investigate to find the underlying cause, like a service account using stale credentials."

"SLA — Service Level Agreement — is the agreed response and resolution time for different ticket priorities. A P1 (critical) incident might have a 15-minute response SLA. A P3 (low) might be 24 hours. For a helpdesk tech it means you need to triage tickets by priority and not let high-priority ones sit. If you're going to breach an SLA, you escalate early and communicate — you don't let it expire without warning."

"A Change Request is a formal proposal to modify something in the production environment — installing new software, changing a firewall rule, updating a server. Changes go through approval (often a CAB — Change Advisory Board) because uncontrolled changes are one of the biggest sources of outages. You need documentation of what's changing, why, what the rollback plan is, and who approved it. At the L1 level you're mostly submitting change requests, not approving them — but understanding the process means you document properly and don't make unauthorized changes."

Free study resources:

1. Axelos ITIL 4 overview — axelos.com has free introductory material on ITIL 4 Foundation concepts.

2. YouTube — Search "ITIL 4 Foundation free course" — there are full 4-6 hour courses. DION Training has solid free content.

3. Practice tickets — When you use ServiceNow or any ticketing system, practice categorizing every action as: Incident, Problem, Service Request, or Change. Building that mental habit matters more than memorizing the ITIL lifecycle.

4. Glossary focus — Know the core definitions cold: Incident, Problem, Change, Service Request, SLA, OLA, CMDB, CI. That covers 80% of what comes up in interviews.

"Same methodology as Windows — start simple. Check they're on the right SSID. Turn Wi-Fi off and back on. If no luck, forget the network and reconnect. Check System Settings → Network → Wi-Fi for IP info — if they've got a 169.254.x.x address, it's a DHCP issue. Try renewing the DHCP lease from the network details panel. If it's still not working, open Terminal and run networksetup -listallhardwareports to confirm the adapter is recognized, then ping 8.8.8.8 to test connectivity. If other devices on the same network are fine, reset the Mac's network preferences — delete the Wi-Fi plist file from /Library/Preferences/SystemConfiguration/."

"FileVault is Apple's full-disk encryption for macOS — it encrypts the entire drive with XTS-AES-128. For IT it matters for two reasons: security (if a laptop is stolen, the data is unreadable without the login credentials), and compliance (many orgs require encryption on all endpoints). When you're imaging or decommissioning a Mac, you need to know whether FileVault is enabled, who holds the recovery key (ideally stored in Intune or your MDM), and how to decrypt it for a wipe. Enabling FileVault is often enforced via MDM policy so it's automatic on enrollment."

"Activity Monitor — it's in Applications → Utilities, or just Spotlight search for it. Shows CPU, memory, energy, disk, and network usage per process. If a user says their Mac is running slow, open Activity Monitor, sort by CPU — usually something obvious is pegged at 99%. You can force-quit a process right from there. For more detail from the command line, top in Terminal gives you a real-time process list, same as on Linux."

Study strategies:

1. Apple Support documentation — support.apple.com is thorough. Search any setting or error — Apple documents everything clearly.

2. macOS in VMware (gray area) — Technically possible with a macOS VM in VMware on a Mac host. If you don't have a Mac, skip this.

3. YouTube walkthroughs — Search "macOS Ventura/Sonoma admin tips" — there's a ton of helpdesk-focused content showing the UI flows.

4. Focus on parallels — macOS and Linux share a Unix foundation. Terminal commands, file permissions, and networking tools (ping, traceroute, netstat) behave nearly identically. Your Linux/Ubuntu knowledge transfers directly.

5. Know the common calls — Password reset, Wi-Fi issues, printer setup, app won't open (Gatekeeper), Zoom/Teams audio issues. These are 80% of Mac helpdesk volume.

"Every device gets a record — serial number, model, assigned user, purchase date, warranty expiration, location, and current status. In a mature environment that lives in a CMDB (Configuration Management Database) — tools like ServiceNow, Snipe-IT, or even Intune's device inventory. When a device is deployed you assign it to a user. When someone leaves, the device goes back to inventory — you wipe it, log it, and it's ready for the next person. The goal is always being able to answer: what do we have, where is it, and who has it."

"First, confirm the user has transferred anything they need — no data left on the machine they want to keep. Then unenroll it from MDM (Intune) so it's no longer managed. Wipe the drive — on Windows that's a full reset with drive cleaning enabled, which does multiple overwrites. On a Mac, Erase All Content and Settings from Recovery mode. Update the asset record to show it's decommissioned. If it's going to e-waste, use a certified ITAD vendor — you want documentation that the data was destroyed, especially for compliance. If it's being redeployed internally, image it fresh and assign to the new user."

"Most orgs replace laptops on a 3–5 year cycle. After that window the hardware is typically out of warranty, slower, and increasingly incompatible with current software. Planning a refresh means knowing which devices are aging out — which is why your asset database needs purchase dates. You batch replace them in waves, typically timed around budget cycles. From an IT support perspective, you're responsible for imaging the new hardware, transferring the user's data and profile, collecting the old device, and updating the asset records."

Practice plan:

1. Snipe-IT — Free, open-source asset management platform. Self-host it on a VM in your home lab (runs on Linux + Apache). Track your own lab equipment as practice. It's the same workflow as enterprise tools.

2. Build an asset spreadsheet for your home lab — Document every device you own: serial number (if applicable), specs, OS, purpose. Practice the tracking discipline even at small scale.

3. Intune device inventory — In your M365 dev tenant, enroll a VM as a managed device. Explore the device record Intune creates — hardware info, compliance status, last check-in. This is what enterprise asset tracking looks like in a cloud-managed environment.