The bridge between IT and OT

From signal
to governed systems.

Tony Malott is a mission-critical systems leader who grew from Air Force communications and electronics into Fortune 500 regulated infrastructure, global operational technology workstation engineering, cyber posture, automation, and enterprise AI architecture.

The through-line is not tools. It is consequence: make complex systems visible, governed, recoverable, testable, and safe enough for others to rely on.

25+years in regulated life sciences IT / operational technology
18k±global operational endpoints under current platform scope
$10–15Mtypical annual platform P&L / budget influence range
150+manufacturing, labs, logistics, and R&D sites touched by the platform model
Career arc

Five moves, one operating model.

The story is best understood as a progression of operating environments where hidden failure has real consequences.

1985–2000

Mission-critical communications and electronics

UHF, VHF, HF, air traffic control radio systems, tactical long-haul communications, NATO-aligned operating environments, strategic communications, and base infrastructure readiness. The work trained the reflex: black boxes are risk until proven otherwise.

1990s transition

Computer systems before the job title caught up

Moved from communications electronics into networked computing, Linux / Unix shell culture, small computer shop leadership, base-level Y2K infrastructure readiness, and practical infrastructure problem solving when “computer guru” still meant you could solder, script, cable, troubleshoot, and teach.

2001–2018

Regulated infrastructure and service leadership

Hands-on manufacturing and laboratory support grew into site leadership, regional responsibility, North America service delivery, supplier governance, process leadership, regulated infrastructure, and large team accountability inside a major Fortune 500 healthcare and life sciences enterprise.

2018–present

Global operational technology workstation engineering

Current global responsibility for Manufacturing, Labs, and Logistics Workstation Engineering Services: lifecycle, operating-system baselines, cyber posture, telemetry, provisioning, qualification evidence, hardening, backup, and continuity across regulated operational environments.

2026

Corporate Business Technology AI Enterprise Architecture

Concurrent enterprise AI architecture assignment supporting corporate-function technology teams such as HR, Legal, Finance, Procurement, Quality, Risk, and related domains. The work applies engineering discipline to agent strategy, source authority, evaluation, human accountability, and safe adoption.

Current role in plain English
Workstation Engineering Services is the bridge between enterprise IT control and operational technology reality.

It is not commodity endpoint management. It is regulated platform engineering for manufacturing, laboratories, logistics, supply chain, and R&D environments where workstations connect to instruments, applications, production processes, lab systems, and validated business operations.

Global accountability

Responsible for the global engineering service model across a large Fortune 500 healthcare and life sciences enterprise, with operational responsibility extending across manufacturing, labs, logistics, and R&D technology environments.

Global platform ownershipFortune 500People + process + technology

Financial and delivery leadership

Manages a large annual platform budget that varies with capital and hardware cycles, typically in the $10M–$15M range, while coordinating full-time employees, contractors, offshore support, depot functions, suppliers, and regional execution.

$10M–$15M P&L rangeSupplier governanceLean global execution

Regulated operating posture

Supports qualified and non-qualified operational systems under regulated infrastructure expectations: GxP, GAMP 5, Annex 11, 21 CFR Part 11, 21 CFR Part 211, NIST-aligned cyber posture, audit evidence, and controlled change.

GxPGAMP 5Annex 11 / CFRNIST-aligned cyber posture
Systems depth

Specific enough to be real. Plain enough to be understood.

The vocabulary is expanded intentionally. Acronym soup is what happens when experts forget readers are not trapped in their meetings.

Manufacturing, Labs, and LogisticsThe current operational technology service domain
Manufacturing, Labs, and Logistics replaces older laboratory/manufacturing/warehouse language with a broader supply-chain and R&D posture. The core work is engineering the workstation layer that operational teams depend on.
Workstation Engineering ServicesGlobal service, not a single tool
The service governs Windows and Linux operational workstations through hardware standards, operating-system baselines, provisioning, lifecycle, patch posture, hardening, backup, telemetry, and evidence-ready operations.
Windows and Linux estateEnterprise IT controls meet OT constraints
Windows LTSC and Windows IoT LTSC support long-lifecycle operational workloads. Ubuntu Linux LTS supports specialty and engineering contexts. The work is less about desktop convenience and more about stability, compatibility, and lifecycle predictability.
Operational dependenciesInstrument, lab, manufacturing, and logistics context
The endpoints often sit near laboratory instruments, manufacturing applications, serialization, labeling, robotics, data acquisition, and vendor-bound equipment. A workstation failure can become a process failure, not just a help-desk ticket.
Qualified and non-qualified systemsDifferent validation posture, same operational discipline
The platform supports systems that may be GxP qualified, non-qualified, vendor-bound, or business-owned. Tony’s lane is infrastructure engineering and evidence posture, while validation scope and business application ownership remain bounded.
Regulated frameworksInfrastructure alignment, not legal theater
Work aligns with GxP expectations, GAMP 5 practices, Annex 11, 21 CFR Part 11, 21 CFR Part 211, change control, data-integrity expectations, audit trails, and risk-based infrastructure governance.
Automation Qualification FrameworkAudit-safe automation at scale
A controlled automation framework verifies workstation build/configuration state and generates qualification evidence. The point is not “automation because fast.” The point is speed without sacrificing repeatability, traceability, or audit posture.
Regulated Workstation Configuration PortalRequest intake and configuration control
A configuration request/intake surface ties business needs to standardized workstation build patterns. This keeps demand, configuration, evidence, and downstream engineering work aligned.
Cyber posture in operational technologySecurity controls under production constraints
The work connects enterprise cyber expectations to OT reality: segmented networks, constrained maintenance windows, validated applications, vendor dependencies, and systems that cannot be treated like ordinary office laptops.
Tanium, Defender, Zscaler, and policy controlsVisibility and enforcement stack
Security posture includes endpoint management, policy enforcement, endpoint protection, certificate/proxy posture, privileged access boundaries, and lockdown controls, while respecting quality, business, and vendor ownership boundaries.
OS hardening and lockdownData integrity and controlled behavior
Controls may restrict administrative tools, scripting surfaces, USB behavior, system utilities, and interactive changes. The goal is stable, inspectable behavior, not user convenience cosplay.
NIST-aligned thinkingRisk, control, visibility, response
The security model is aligned to risk-aware cyber disciplines: know the asset, manage exposure, detect drift, preserve recovery, and document control decisions so they survive audit and incident scrutiny.
Post-build provisioning automationConfiguration after the base image
Post-build automation applies standard configurations, aligns toolsets, and supports evidence-ready workstation readiness. It belongs with qualification automation, not as a mysterious acronym living rent-free in the document.
Acquisition and divestiture transition processPreserve validated state during business change
The “Lite Touch” pattern is a controlled acquisition/divestiture process: add or strip identity, domain, security, management, monitoring, and backup components while preserving complex installed configurations and avoiding unnecessary rebuild/requalification.
Backup and bare-metal recoveryContinuity as a platform feature
Recovery is part of the regulated platform model: image-based recovery, reporting, audit support, regional storage posture, and lifecycle integration. Restoration is not a prayer; it is an engineered capability.
Patch and lifecycle governanceStable change over random heroics
Patch rings, testing windows, pilot/production waves, hardware refresh, decommissioning, exception handling, and lifecycle funding are treated as an operating system for the platform, not one-off projects.
Telemetry-first operationsNexthink, Tanium, configuration data, and health signals
Endpoint observability turns fleet operation from anecdotes into signals: client health, patch posture, disk health, reboots, tool presence, configuration drift, and risk indicators.
ServiceNow and operational recordsIncidents, requests, change, inventory, and evidence flow
Supporting systems connect service management, asset records, configuration state, workflows, and execution accountability. Good architecture is visible in the records it leaves behind.
Data engineering and dashboardsManagement systems need trustworthy instrumentation
The platform depends on data pipelines, dashboards, automation outputs, source records, and telemetry views that help leadership see what changed, where risk lives, and what needs action.
Supporting systems thinkingThe hidden machinery matters
The career arc is full-stack in the practical sense: endpoint engineering, server/infrastructure history, network reality, data plumbing, operational workflows, automation, and leadership accountability.
Current corporate AI architecture assignment

AI governance is not magic. It is engineering under uncertainty.

Tony’s Corporate Business Technology AI Enterprise Architect work sits beside his day role, not instead of it.

Corporate Business Technology

Corporate Business Technology supports enterprise corporate functions such as HR, Legal, Finance, Procurement, Quality, Risk, and related business domains. The assignment brings engineering discipline into AI and agent strategy for teams that need help moving from ambition to controlled implementation.

Enterprise AI strategyCorporate functionsArchitecture guidance

Agent building without fairy dust

The work helps teams understand what agentic systems need before they become a mess: source authority, test cases, evaluation, escalation paths, human accountability, bounded actions, permissions, logging, and rollback thinking.

Probabilistic tools need rails

AI is useful because it can explore, synthesize, and accelerate thinking. It is risky because fluency can impersonate truth. The architecture answer is not blind trust. It is source grounding, validation, review, monitoring, and clear decision boundaries.

Why operational technology makes this stronger

Manufacturing and lab systems teach humility. If you learn architecture where failure has operational consequence, you do not treat AI as a magic text box. You treat it as a system under test.

Pattern work as engineering

The work is fun because every task is a puzzle: sometimes the pattern exists, sometimes the pattern has to be invented. That is where Tony’s systems instinct becomes enterprise AI architecture.

Proof points

Not just technology. People, process, finance, cyber, and evidence.

The career signal gets stronger when the technical scope is paired with leadership and operating accountability.

Audit-safe automation

Conceived and delivered automation that compresses regulated workstation qualification from weeks to hours while preserving evidence and repeatability.

  • Configuration verification
  • Qualification evidence
  • Controlled post-build automation
  • Audit-ready outputs

Business-scale transition

Developed acquisition/divestiture patterns that preserve validated state across complex operational workstations instead of forcing unnecessary rebuilds.

  • Identity and domain transition
  • Security stack removal/addition
  • Backup and monitoring handoff
  • Installed configuration preservation

Global platform governance

Owns a platform model that connects endpoint engineering, cyber controls, lifecycle, continuity, supplier governance, financial accountability, and regulated operations.

  • Global site footprint
  • Large annual budget range
  • Lean leadership with contractor/depot leverage
  • Operational escalation and incident posture
Operating philosophy
Tony does not believe in magic boxes.

Black boxes are tolerable only after they become visible enough to test, govern, recover, and explain. That applies to radios, servers, operational workstations, regulated automation, data pipelines, cyber controls, and AI systems. The method changes. The instinct does not.

For employers

This profile fits roles where technology cannot be separated from operating consequence: regulated platforms, operational technology, infrastructure governance, cyber posture, automation, service ownership, enterprise AI architecture, and executive-scale transformation.

For teams

The leadership model is direct: document the work, expose the assumptions, preserve accountability, automate what should be repeatable, escalate what requires judgment, and make the system easier for the next person to operate.

Disclosure posture: employer names and private project names are intentionally minimized. This offline page is designed for professional review and should still be checked against the latest verified records before external distribution.