Triston Line

Solutions Architect · Infrastructure Specialist

triston.line@lightyearlabs.ca Victoria, British Columbia LinkedIn GitHub lightyearlabs.ca

Professional Summary

Solutions Architect with 10+ years in IT and 7+ years in cyber security and risk assessment, currently architecting enterprise infrastructure for the Provincial Health Services Authority. Deep experience leading cyber assessment work in regulated environments (healthcare, public sector, PCI-DSS, SOX), hardening Microsoft Azure and hybrid cloud architectures, and assessing AI and SaaS platforms against Bank-grade data sovereignty and supply chain standards. Applied practitioner of NIST CSF, NIST SP 800-53 / 800-61 / 800-161, ISO/IEC 27001/27002, MITRE ATT&CK, and CIS Benchmarks. Trusted contributor to enterprise Architecture and Project Technical Review Boards, advising on reference architectures and security design patterns.

Core Competencies

Cloud & Cyber Security: Microsoft Azure (Sentinel, Defender for Cloud, Defender for Endpoint, Azure Policy, PIM, Purview, Conditional Access, WAF, Key Vault), AWS landing zones, hybrid cloud, Cloud Security Posture assessment, SaaS and AI procurement risk assessment, threat detection engineering (KQL, MITRE ATT&CK mapping), zero trust architecture, IAM / RBAC / ABAC / MFA, penetration testing.

Frameworks & Standards: NIST CSF, NIST SP 800-53 / 800-61 / 800-92 / 800-161, ISO/IEC 27001 / 27002, CIS Benchmarks, CSA Cloud Controls Matrix (applied), MITRE ATT&CK, ITIL v3/v4, PCI-DSS, SOX. Working knowledge of TOGAF and SABSA principles through enterprise architecture board engagement.

Solution Architecture: Reference architecture contribution, security pattern development, threat modelling (STRIDE-aligned, MITRE ATT&CK), current-state and target-state assessments, top-down and component-based design, architecture review board participation, vendor and procurement risk assessment, technical-risk-to-business-impact translation.

Work Experience

Solutions Architect

Provincial Health Services Authority (PHSA)

Victoria, BC

Jan 2024 – Present
  • Design and oversee implementation of advanced IT infrastructures across multiple BC health authorities
  • Perform strategic planning for enterprise-scale systems, aligning technology with organizational goals
  • Architect enterprise-wide solutions translating complex business needs into scalable, future-ready IT infrastructures
  • Sitting member of the Project Technical Review Board and Architecture Services Review Board; advise Security Architecture Services and Network Services on the development of enterprise Reference Architectures and security design patterns
  • Lead comprehensive risk assessments of external service procurements against healthcare security and compliance standards, evaluating data sovereignty, encryption posture, identity federation, and alignment with NIST SP 800-53 and ISO/IEC 27001 controls
  • Performed security assessments of emerging Microsoft AI and data tooling (including Copilot, Fabric, and Databricks) within enterprise procurement evaluations, with emphasis on data sovereignty and supply chain risk
  • Plan secure infrastructure for AWS landing zone deployments and hybrid cloud integrations supporting clinical applications; advise on IAM, network segmentation, logging and monitoring, and shared-responsibility implementation
  • Plan network requirements for DICOM modalities including CT, MRI, Ultrasound, LINAC, Mammography, Ophthalmology, and Flow Cytometry
  • Architect solutions involving BizTalk integration, Microsoft Exchange DAGs, DICOM/HL7/FHIR interoperability, and SSO/SAML
  • Support complex environments including Varian Aria/Eclipse, Syngo Dynamics, Citrix StoreFront, and in-house automation platforms
  • Design VoIP infrastructure including Session Border Controllers, Enterprise Connection Brokers, and SIP integration
  • Up to date production experience with SUN SPARC T8 servers alongside IBM/Lenovo, HPE, and Dell hardware within the HAs
  • Leveraged hyperconverged VMware + Nutanix infrastructure and VMware NSX firewall for new project implementations

Cyber Security Officer & Solutions Architect

BC General Employees' Union (BCGEU)

Victoria, BC

May 2022 – Nov 2023
  • Led design, planning, procurement, and project management of data centre and IT infrastructure for an 85,000-member union with SOX-regulated investment portfolio reporting
  • Co-managed a $3.2M budget ensuring efficient resource allocation
  • Doubled infrastructure team size through end-to-end hiring; restructured department and identified key missing resources
  • Led configuration, tuning, and day-to-day operation of Microsoft Sentinel as the organization's SIEM; engineered KQL detection queries, mapped detections to the MITRE ATT&CK framework, and responded proactively and reactively to live incidents over two years
  • Hardened the Microsoft 365 and Azure environment using Conditional Access, Azure WAF, Defender for Endpoint, Defender for Cloud, Azure Policy, Privileged Identity Management (PIM), and Microsoft Purview for data classification and DLP
  • Conducted current-state and target-state assessment of the legacy Hyper-V to Azure failover architecture; recommended and executed re-architecture to a sovereignty-compliant Proxmox VE platform after risk-based evaluation of cloud lock-in, data residency, and cost
  • Developed and renewed majority of department policies reinforcing cybersecurity practices, authoring 20+ standards covering acceptable use, identity, access control, vendor management, incident response, and supply chain
  • Led adoption of governance structures anticipating the evolution of NIST CSF, bolstering cyber resilience
  • Applied NIST SP 800-161 principles to identify and address supply chain vulnerabilities
  • Performed Cloud Security Posture assessments for SaaS and hybrid-edge procurements; evaluated vendors against NIST SP 800-53, ISO/IEC 27001, and CIS Benchmarks
  • Built proof-of-concept laboratories and taught staff new technologies including KVM and Ceph
  • Expanded off-site backups and data centre capacity for disaster recovery and business continuity
  • Performed penetration testing of internal applications and coordinated external vendor pentesting

Senior Systems, Storage, & Network Engineer

Synetic Inc.

Victoria, BC

Jul 2021 – Sep 2022
  • Designed and implemented VDI for High Performance Computing private cloud environments
  • Developed turnkey highly available backup appliance
  • Tested and developed proprietary HPC and storage solutions
  • Replaced core routing equipment with OPNsense; architected private cloud routing and switching infrastructure
  • Led recovery and rebuilding of two customer data centres after catastrophic data loss
  • Developed business strategy and solutions; extensive client engagement from brainstorming to implementation

IT Manager

IDM Youth Services Inc.

Victoria, BC

Feb 2021 – Dec 2021
  • Migrated core virtual infrastructure from Hyper-V to KVM/QEMU with hyperconverged HA stack
  • Managed IT requirements across 14 locations including networking, printing, phone, workstations, and VPN
  • Renegotiated contracts with Shaw & Telus; coordinated Shaw Smart Voice implementation
  • Designed and implemented in-house off-site backup solution and distributed managed wireless
  • Designed and operated cloud-hosted VPS workloads on Digital Ocean and OVH for in-house services
  • Produced and presented risk assessments to leadership team; maintained department budgets

Linux & Windows Systems Administrator

Andrew Sheret Limited

Victoria, BC

Jun 2019 – Apr 2020
  • Planned and executed start-to-finish renovation of company data centres; recabled multiple branch offices
  • Administered VMware vSphere & ESXi hypervisors
  • Architected new Windows Server 2019 domain and RDS infrastructure
  • Deployed Ubuntu and Debian based in-house services; updated and secured surveillance systems

Security & Network Specialist

Seaflora Skincare Inc.

Sooke, BC

Jan 2018 – Present
  • Architected centralized ZFS storage with tailored business permissions and off-site backup solution
  • Developed Proxmox cluster integrated with SAN and GlusterFS
  • Designed core networking infrastructure with open-source firewalls, virtualized access control, and secure zoning
  • Deployed Windows Server domain (WSUS, WAC, File Server) and MeshCentral remote management
  • Maintained PCI-DSS-aligned controls across the e-commerce and point-of-sale payment environment

Technical Advisor (Co-Op)

Health Emergency Management BC (PHSA)

Victoria, BC

Apr 2018 – Sep 2018
  • Developed and deployed iOS applications using Apple Xcode
  • Digitized and designed emergency management database for Island Health's Emergency Operation Centres
  • Maintained and tested radio communications equipment; monitored weather events via spatial satellite technology

Education

Computer Network Electronics

Camosun College

Victoria, BC

December 2018

Explorations in Technology

Camosun College

Victoria, BC

June 2016

Technical Skills

Cloud & Cyber Security

Microsoft Azure (Sentinel, Defender, PIM, Purview)Advanced
Microsoft 365 / Conditional Access / WAFAdvanced
Threat Detection (KQL, MITRE ATT&CK)Advanced
Cloud Security Posture / SaaS Risk AssessmentAdvanced
AWS (Landing Zones, IAM, Hybrid Cloud)Intermediate
Zero Trust ArchitectureAdvanced

Security & Compliance Frameworks

NIST CSF & SP 800-53 / 800-161Advanced
ISO/IEC 27001 & 27002Advanced
CIS Benchmarks & CSA CCMAdvanced
Threat Modelling (STRIDE-aligned, MITRE)Advanced
PCI-DSS & SOX ControlsIntermediate
ITIL v3 & v4 / TOGAF PrinciplesIntermediate

Virtualization & Containers

Proxmox VEExpert
VMware vSphere / ESXi / NSXAdvanced
Hyper-VAdvanced
Docker, LXC & CloudStackAdvanced

Storage Systems

ZFS & BTRFSExpert
Ceph (RBD, CephFS)Advanced
GlusterFSAdvanced
iSCSI / Fibre ChannelAdvanced

Operating Systems

Debian / UbuntuExpert
RHEL / Rocky / CentOSAdvanced
Windows Server (2008–2022)Advanced
FreeBSD / OpenBSDIntermediate

Networking

Routing (OSPF, BGP, EIGRP)Advanced
Firewalls (pfSense, OPNsense)Expert
VPN (OpenVPN, WireGuard, IPSec)Advanced
VoIP / SIP / SBCIntermediate

Healthcare IT & Integration

DICOM / HL7 / FHIRAdvanced
SSO / SAML / Identity FederationAdvanced
BizTalk / Integration PlatformsIntermediate
Citrix StoreFrontIntermediate

Security Tooling & Access

Security Auditing (Nessus, Nmap, Wireshark, Metasploit)Advanced
IAM / RBAC / ABAC / MFAAdvanced

Certifications

Proxmox VE Advanced

Croit Inc. (Germany)

2023

CompTIA CSSSP

CompTIA

2019

CompTIA Linux+

CompTIA

2019

CompTIA Security+

CompTIA

2018

Project Management v6

Island Health

2018

Certified Fibre Optic Technician (CFOT)

Fibre Optic Association

2018

Certified Premises Cabling Technician (CPCT)

Fibre Optic Association

2018

Cisco CCENT

Cisco Systems

2018

CompTIA A+

CompTIA

2017

ITIL v3 & v4 Foundations

Coursework

Volunteer & Community Work

IT Mentorship Program

Mentoring young adults entering IT careers. One mentee every two years for the past six years, providing guidance on technical skills, career development, and professional growth.

MentorshipEducationCareer Development

Technical Advisory Services

Volunteer technical advisor for local businesses in Sooke and Victoria, helping small organizations with infrastructure decisions and IT strategy.

ConsultingSmall BusinessCommunity

Distributed Computing & Archival

Contributing storage and compute resources to World Community Grid (top 0.01% contributor), Archive Warrior, FlightRadar24, and Anna's Archive (over 20TB) for nearly a decade.

BOINCDigital PreservationCitizen Science

Wikipedia Contributions

Primary author of the Walbran Valley article (~99%), the Jordan River Diversion Dam article (90%) and a major contributor to the Fairy Creek blockades article (~60%). Focus on environmental, infrastructure, and BC geography topics.

WikipediaEnvironmentalDocumentation

Languages

English
Native
French
Fluent