-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcase-study-hipaa.html
More file actions
345 lines (323 loc) · 24.4 KB
/
case-study-hipaa.html
File metadata and controls
345 lines (323 loc) · 24.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>HIPAA Security Program Build-Out - Lafontaine Security</title>
<link rel="preconnect" href="https://fonts.googleapis.com" />
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
<link href="https://fonts.googleapis.com/css2?family=Syne:wght@400;600;700;800&family=IBM+Plex+Mono:wght@300;400;500&family=Inter:wght@300;400;500&display=swap" rel="stylesheet" />
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
:root {
--bg: #080C10; --surface: #0D1117; --border: #1C2330;
--accent: #00D4FF; --green: #00FF94; --muted: #4A5568;
--text: #E2E8F0; --dim: #8892A4;
--fh: 'Syne', 'Arial Black', sans-serif;
--fm: 'IBM Plex Mono', 'Courier New', monospace;
--fb: 'Inter', 'Helvetica Neue', sans-serif;
}
html { scroll-behavior: smooth; }
body { background: var(--bg); color: var(--text); font-family: var(--fb); font-size: 16px; line-height: 1.6; overflow-x: hidden; }
body::after { content: ''; position: fixed; inset: 0; background-image: linear-gradient(rgba(0,212,255,0.025) 1px, transparent 1px), linear-gradient(90deg, rgba(0,212,255,0.025) 1px, transparent 1px); background-size: 64px 64px; pointer-events: none; z-index: 0; }
nav { position: fixed; top: 0; left: 0; right: 0; z-index: 200; display: flex; align-items: center; justify-content: space-between; padding: 1.25rem 4rem; background: rgba(8,12,16,0.9); backdrop-filter: blur(14px); border-bottom: 1px solid var(--border); }
.logo { font-family: var(--fh); font-weight: 800; font-size: 1.1rem; letter-spacing: -0.02em; color: var(--text); text-decoration: none; }
.logo span { color: var(--accent); }
.nav-links { display: flex; gap: 2.5rem; list-style: none; }
.nav-links a { font-family: var(--fm); font-size: 0.75rem; color: var(--dim); text-decoration: none; letter-spacing: 0.06em; text-transform: uppercase; transition: color .2s; }
.nav-links a:hover, .nav-links a.active { color: var(--accent); }
.nav-btn { font-family: var(--fm); font-size: 0.75rem; letter-spacing: 0.08em; text-transform: uppercase; color: var(--accent); border: 1px solid var(--accent); padding: 0.5rem 1.25rem; text-decoration: none; transition: background .2s, color .2s; }
.nav-btn:hover { background: var(--accent); color: var(--bg); }
main { position: relative; z-index: 1; padding: 9rem 4rem 6rem; max-width: 1100px; margin: 0 auto; }
.breadcrumb { font-family: var(--fm); font-size: 0.72rem; color: var(--dim); margin-bottom: 2rem; display: flex; align-items: center; gap: 0.5rem; }
.breadcrumb a { color: var(--dim); text-decoration: none; transition: color .2s; }
.breadcrumb a:hover { color: var(--accent); }
.breadcrumb span { color: var(--muted); }
.case-header { margin-bottom: 3.5rem; }
.tag-line { font-family: var(--fm); font-size: 0.72rem; color: var(--green); letter-spacing: 0.15em; text-transform: uppercase; display: flex; align-items: center; gap: 0.75rem; margin-bottom: 1rem; }
.tag-line::before { content: ''; width: 1.5rem; height: 1px; background: var(--green); }
h1 { font-family: var(--fh); font-weight: 800; font-size: clamp(2rem, 4vw, 3rem); letter-spacing: -0.03em; line-height: 1.1; margin-bottom: 1.5rem; }
.case-meta-bar { display: grid; grid-template-columns: repeat(4, 1fr); border: 1px solid var(--border); margin-bottom: 3.5rem; }
.meta-cell { padding: 1.25rem 1.5rem; border-right: 1px solid var(--border); }
.meta-cell:last-child { border-right: none; }
.meta-label { font-family: var(--fm); font-size: 0.66rem; color: var(--dim); text-transform: uppercase; letter-spacing: 0.12em; margin-bottom: 0.4rem; }
.meta-val { font-family: var(--fh); font-size: 1rem; font-weight: 700; color: var(--text); }
.meta-val.green { color: var(--green); }
.meta-val.accent { color: var(--accent); }
.layout { display: grid; grid-template-columns: 1fr 320px; gap: 3rem; align-items: start; }
.content h2 { font-family: var(--fh); font-size: 1.4rem; font-weight: 700; margin: 2.5rem 0 1rem; padding-bottom: 0.5rem; border-bottom: 1px solid var(--border); }
.content h2:first-child { margin-top: 0; }
.content p { color: var(--dim); line-height: 1.8; margin-bottom: 1rem; font-size: 0.97rem; }
.content ul { list-style: none; display: flex; flex-direction: column; gap: 0.5rem; margin-bottom: 1.5rem; }
.content ul li { font-size: 0.92rem; color: var(--dim); display: flex; align-items: flex-start; gap: 0.6rem; line-height: 1.6; }
.content ul li::before { content: '->'; color: var(--accent); flex-shrink: 0; font-family: var(--fm); font-size: 0.8rem; margin-top: 0.1rem; }
.callout { background: var(--surface); border: 1px solid var(--border); border-left: 3px solid var(--accent); padding: 1.25rem 1.5rem; margin: 1.5rem 0; font-size: 0.92rem; color: var(--dim); line-height: 1.7; }
.callout strong { color: var(--text); font-weight: 600; }
.phase-block { border: 1px solid var(--border); margin-bottom: 1rem; }
.phase-header { padding: 0.9rem 1.25rem; background: var(--surface); display: flex; align-items: center; justify-content: space-between; }
.phase-name { font-family: var(--fh); font-size: 0.95rem; font-weight: 700; }
.phase-status { font-family: var(--fm); font-size: 0.68rem; letter-spacing: 0.1em; text-transform: uppercase; padding: 0.2rem 0.65rem; border: 1px solid; }
.phase-status.done { color: var(--green); border-color: var(--green); }
.phase-status.partial { color: #FEBC2E; border-color: #FEBC2E; }
.phase-body { padding: 1rem 1.25rem; display: flex; flex-direction: column; gap: 0.4rem; }
.phase-item { font-family: var(--fm); font-size: 0.76rem; color: var(--dim); display: flex; align-items: flex-start; gap: 0.6rem; }
.phase-item.done::before { content: '[OK]'; color: var(--green); flex-shrink: 0; }
.phase-item.partial::before { content: '[>>]'; color: #FEBC2E; flex-shrink: 0; }
.sidebar { position: sticky; top: 7rem; display: flex; flex-direction: column; gap: 1.5rem; }
.sidebar-card { border: 1px solid var(--border); background: var(--surface); padding: 1.5rem; }
.sidebar-title { font-family: var(--fm); font-size: 0.68rem; color: var(--accent); letter-spacing: 0.12em; text-transform: uppercase; margin-bottom: 1rem; }
.sidebar-title::before { content: '// '; }
.stat-row { display: flex; align-items: baseline; justify-content: space-between; padding: 0.5rem 0; border-bottom: 1px solid var(--border); }
.stat-row:last-child { border-bottom: none; }
.stat-key { font-family: var(--fm); font-size: 0.74rem; color: var(--dim); }
.stat-val { font-family: var(--fh); font-size: 1rem; font-weight: 700; color: var(--green); }
.doc-list { display: flex; flex-direction: column; gap: 0.4rem; }
.doc-item { font-family: var(--fm); font-size: 0.72rem; color: var(--dim); display: flex; gap: 0.5rem; align-items: flex-start; }
.doc-item::before { content: '#'; color: var(--accent); flex-shrink: 0; }
.tech-tags { display: flex; flex-wrap: wrap; gap: 0.4rem; }
.ttag { font-family: var(--fm); font-size: 0.68rem; color: var(--dim); border: 1px solid var(--border); padding: 0.2rem 0.6rem; }
.before-after { display: grid; grid-template-columns: 1fr 1fr; gap: 1px; background: var(--border); border: 1px solid var(--border); margin: 1.5rem 0; }
.ba-col { padding: 1.25rem; background: var(--surface); }
.ba-label { font-family: var(--fm); font-size: 0.66rem; letter-spacing: 0.12em; text-transform: uppercase; margin-bottom: 0.85rem; }
.ba-label.before { color: #FF4D6D; }
.ba-label.after { color: var(--green); }
.ba-item { font-family: var(--fm); font-size: 0.75rem; color: var(--dim); display: flex; gap: 0.5rem; margin-bottom: 0.4rem; line-height: 1.5; }
.ba-item.before::before { content: 'x'; color: #FF4D6D; flex-shrink: 0; }
.ba-item.after::before { content: 'v'; color: var(--green); flex-shrink: 0; }
.cta-block { background: var(--surface); border: 1px solid var(--border); border-top: 3px solid var(--accent); padding: 2rem; margin-top: 3rem; display: flex; align-items: center; justify-content: space-between; gap: 2rem; flex-wrap: wrap; }
.cta-text h3 { font-family: var(--fh); font-size: 1.15rem; font-weight: 700; margin-bottom: 0.4rem; }
.cta-text p { font-size: 0.9rem; color: var(--dim); }
.btn-fill { font-family: var(--fm); font-size: 0.82rem; letter-spacing: 0.08em; text-transform: uppercase; background: var(--accent); color: var(--bg); padding: 0.9rem 2rem; text-decoration: none; font-weight: 500; transition: opacity .2s; display: inline-block; white-space: nowrap; }
.btn-fill:hover { opacity: .85; }
footer { position: relative; z-index: 1; border-top: 1px solid var(--border); padding: 2.25rem 4rem; display: flex; align-items: center; justify-content: space-between; gap: 1rem; flex-wrap: wrap; }
.foot-logo { font-family: var(--fh); font-weight: 800; font-size: 1rem; color: var(--text); }
.foot-logo span { color: var(--accent); }
.foot-copy { font-family: var(--fm); font-size: 0.7rem; color: var(--muted); }
.foot-links { display: flex; gap: 1.5rem; }
.foot-links a { font-family: var(--fm); font-size: 0.72rem; color: var(--muted); text-decoration: none; transition: color .2s; }
.foot-links a:hover { color: var(--accent); }
.reveal { opacity: 0; transform: translateY(18px); transition: opacity .55s ease, transform .55s ease; }
.reveal.show { opacity: 1; transform: none; }
@media (max-width: 960px) {
nav { padding: 1rem 1.5rem; } .nav-links { display: none; }
main { padding: 6rem 1.5rem 4rem; }
.layout { grid-template-columns: 1fr; }
.sidebar { position: static; }
.case-meta-bar { grid-template-columns: 1fr 1fr; }
.before-after { grid-template-columns: 1fr; }
footer { flex-direction: column; align-items: flex-start; }
}
</style>
</head>
<body>
<nav>
<a href="index.html" class="logo">Lafontaine<span>Sec</span></a>
<ul class="nav-links">
<li><a href="index.html#services">Services</a></li>
<li><a href="about.html">About</a></li>
<li><a href="case-studies.html" class="active">Work</a></li>
<li><a href="index.html#contact">Contact</a></li>
</ul>
<a href="index.html#contact" class="nav-btn">Get a Quote</a>
</nav>
<main>
<div class="breadcrumb reveal">
<a href="index.html">Home</a>
<span>/</span>
<a href="case-studies.html">Case Studies</a>
<span>/</span>
HIPAA Security Program Build-Out
</div>
<div class="case-header reveal">
<div class="tag-line">Healthcare - Compliance Program</div>
<h1>HIPAA Security Program<br/>Build-Out — Zero to Operational</h1>
</div>
<div class="case-meta-bar reveal">
<div class="meta-cell"><div class="meta-label">Industry</div><div class="meta-val">Healthcare - Radiology</div></div>
<div class="meta-cell"><div class="meta-label">Duration</div><div class="meta-val accent">5 Months</div></div>
<div class="meta-cell"><div class="meta-label">Secure Score</div><div class="meta-val green">40% to 96.34%</div></div>
<div class="meta-cell"><div class="meta-label">Scope</div><div class="meta-val">6 Sites / 83 Users</div></div>
</div>
<div class="layout">
<div class="content">
<div class="reveal">
<h2>Situation</h2>
<p>A multi-site diagnostic imaging organization handling ePHI across 6 locations had no formal security documentation, no governance structure, and no implemented controls when this engagement began in October 2025. The organization operated on Microsoft 365 Business Premium with no prior security engineering ownership.</p>
<p>The starting state represented significant HIPAA exposure: no incident response capability, no MFA enforcement, no vulnerability management, no logging posture, and AI automation servers with unauthenticated APIs accessible on the internal network.</p>
<div class="before-after">
<div class="ba-col">
<div class="ba-label before">Starting State — Oct 2025</div>
<div class="ba-item before">0 security policies or governance documents</div>
<div class="ba-item before">No formal incident response capability</div>
<div class="ba-item before">No MFA enforcement or Conditional Access</div>
<div class="ba-item before">No vulnerability management program</div>
<div class="ba-item before">No logging or monitoring posture</div>
<div class="ba-item before">AI servers with unauthenticated APIs exposed</div>
<div class="ba-item before">No firewall hardening across 8 sites</div>
<div class="ba-item before">Microsoft Secure Score: ~40%</div>
</div>
<div class="ba-col">
<div class="ba-label after">5-Month Checkpoint — Mar 2026</div>
<div class="ba-item after">16-document security and governance library</div>
<div class="ba-item after">Full IR program: IRP, severity matrix, 7 runbooks</div>
<div class="ba-item after">MFA enforced tenant-wide via Conditional Access</div>
<div class="ba-item after">VA complete — 3 critical findings same-day</div>
<div class="ba-item after">Azure Log Analytics operational, Entra logs forwarded</div>
<div class="ba-item after">AI server APIs bound to localhost, Duo MFA on VPN</div>
<div class="ba-item after">2 of 8 sites fully hardened, template replicated</div>
<div class="ba-item after">Microsoft Secure Score: 96.34%</div>
</div>
</div>
</div>
<div class="reveal">
<h2>Approach</h2>
<p>The program was structured into four sequential phases, each with defined deliverables and exit criteria. All work was performed by a single security engineer operating within the constraints of Microsoft 365 Business Premium licensing — no Sentinel, no Entra P2, no Defender for Identity.</p>
<div class="phase-block">
<div class="phase-header"><div class="phase-name">Phase 0 — Stabilization</div><div class="phase-status done">Complete</div></div>
<div class="phase-body">
<div class="phase-item done">Define program roadmap and phase structure</div>
<div class="phase-item done">Freeze new tool deployment — prevent scope sprawl</div>
<div class="phase-item done">Establish weekly security engineering cadence</div>
<div class="phase-item done">Executive sign-off on self-insurance security model</div>
</div>
</div>
<div class="phase-block">
<div class="phase-header"><div class="phase-name">Phase 1 — Identity, Platform and Governance</div><div class="phase-status partial">Partial</div></div>
<div class="phase-body">
<div class="phase-item done">Entra ID deployed as sole identity authority — no hybrid model</div>
<div class="phase-item done">MFA enforced tenant-wide; phishing-resistant for admins</div>
<div class="phase-item done">Conditional Access: legacy auth blocked, device compliance required</div>
<div class="phase-item done">Break-glass governance — offline credential, excluded from CA, monitored</div>
<div class="phase-item done">Intune MDM — all endpoints enrolled, compliance policies enforced</div>
<div class="phase-item done">Defender for Business EDR in block mode, ASR rules deployed</div>
<div class="phase-item done">BitLocker enforced via Intune, recovery keys escrowed to Entra</div>
<div class="phase-item done">Purview DLP, sensitivity labeling, retention governance</div>
<div class="phase-item done">Azure Log Analytics — Entra diagnostic logs forwarded</div>
<div class="phase-item done">Governance library: 16 documents across all HIPAA safeguard domains</div>
<div class="phase-item partial">Google Workspace audit and SSO consolidation — migration path defined</div>
</div>
</div>
<div class="phase-block">
<div class="phase-header"><div class="phase-name">Phase 2 — Resilience and Incident Readiness</div><div class="phase-status partial">Partial</div></div>
<div class="phase-body">
<div class="phase-item done">Incident Response Plan v1.0 authored</div>
<div class="phase-item done">Incident Severity and Classification Matrix</div>
<div class="phase-item done">7 IR runbooks covering primary threat scenarios</div>
<div class="phase-item done">Post-Incident Review Template and HIPAA Breach Worksheet</div>
<div class="phase-item done">Internal VA completed — 15 findings, 3 critical remediated same-day</div>
<div class="phase-item done">Beazley cyber insurance application completed</div>
<div class="phase-item partial">Cyber Incident Reserve Fund — proposal built, executive funding pending</div>
</div>
</div>
</div>
<div class="reveal">
<h2>Technical Controls Implemented</h2>
<ul>
<li>Entra ID Conditional Access with named location policies, device compliance requirements, and legacy authentication blocking across all users</li>
<li>Windows LAPS deployed via Intune — eliminated standing local admin privileges across all managed endpoints</li>
<li>Defender for Business in EDR block mode with Attack Surface Reduction rules and tamper protection enforced</li>
<li>Microsoft Purview sensitivity labeling aligned to HIPAA data classification requirements; DLP policies active across Exchange, SharePoint, and OneDrive</li>
<li>Azure Log Analytics workspace configured for Entra sign-in, audit, and risk log centralization</li>
<li>M365 Backup covering Exchange, SharePoint, and OneDrive with validated restore capability</li>
<li>Cisco Duo RADIUS MFA for VPN — Auth Proxy deployed on production Ubuntu server; Meraki MX75 authentication migrated from native auth to RADIUS</li>
</ul>
<div class="callout"><strong>Licensing constraint note:</strong> All controls were implemented within Microsoft 365 Business Premium. No Entra P2, Sentinel, or Defender for Identity. Architecture decisions reflect real-world budget constraints common in SMB healthcare environments.</div>
</div>
<div class="reveal">
<h2>Governance Library — Built from Zero</h2>
<p>All 16 documents were authored from scratch with no prior templates or frameworks in place. Each document is mapped to the relevant HIPAA Security Rule safeguard section.</p>
<ul>
<li>Security and Compliance Governance Summary — §164.308(a)(1) Risk Management</li>
<li>Identity and Access Security Architecture — §164.312(a)(1) Access Control</li>
<li>Endpoint Security and Device Governance — §164.312(a)(2) Workstation Controls</li>
<li>Network and Physical Infrastructure Security — §164.310 Physical Safeguards</li>
<li>Cloud Monitoring, Logging and Incident Readiness — §164.312(b) Audit Controls</li>
<li>Data Protection and Compliance Architecture — §164.312(a)(2)(iv) Encryption</li>
<li>2026 Security Program Roadmap — Administrative Safeguards Governance</li>
<li>Incident Response Plan v1.0 — §164.308(a)(6) Security Incident Procedures</li>
<li>Incident Severity and Classification Matrix — §164.308(a)(6) Companion Reference</li>
<li>Post-Incident Review Template — §164.308(a)(6) Documentation</li>
<li>HIPAA Breach Determination Worksheet — 45 CFR §164.402 4-Factor Risk Assessment</li>
<li>Incident Response Playbook — 7 runbooks covering primary threat scenarios</li>
<li>Vulnerability Assessment Report v1 and v2 — §164.308(a)(8) Evaluation</li>
</ul>
</div>
<div class="reveal">
<h2>Outcomes</h2>
<ul>
<li>Microsoft Secure Score driven from approximately 40% to 96.34% — 100% Data, 97.54% Apps, 92.15% Identity</li>
<li>HIPAA/HITECH Compliance Manager score achieved above 80%</li>
<li>Beazley cyber insurance application completed end-to-end with full technical evidence documentation</li>
<li>3 critical vulnerability findings remediated within 24 hours of discovery</li>
<li>100% MFA coverage across all users including legacy systems via Duo RADIUS</li>
<li>Full audit-defensible governance posture established across all HIPAA administrative safeguard domains</li>
<li>Program on track for July 2026 self-insurance transition target</li>
</ul>
</div>
<div class="cta-block reveal">
<div class="cta-text">
<h3>Need a HIPAA compliance program?</h3>
<p>This engagement is available as a structured Tier 3 engagement or Full Stack program. Scoped to your environment and licensing.</p>
</div>
<a href="index.html#contact" class="btn-fill">Start a Conversation</a>
</div>
</div>
<div class="sidebar reveal">
<div class="sidebar-card">
<div class="sidebar-title">Engagement Stats</div>
<div class="stat-row"><span class="stat-key">Duration</span><span class="stat-val">5 months</span></div>
<div class="stat-row"><span class="stat-key">Sites</span><span class="stat-val">6</span></div>
<div class="stat-row"><span class="stat-key">Users</span><span class="stat-val">83</span></div>
<div class="stat-row"><span class="stat-key">Endpoints</span><span class="stat-val">39</span></div>
<div class="stat-row"><span class="stat-key">Secure Score</span><span class="stat-val">96.34%</span></div>
<div class="stat-row"><span class="stat-key">Docs authored</span><span class="stat-val">16</span></div>
<div class="stat-row"><span class="stat-key">IR runbooks</span><span class="stat-val">7</span></div>
</div>
<div class="sidebar-card">
<div class="sidebar-title">Tech Stack</div>
<div class="tech-tags">
<span class="ttag">M365 Business Premium</span>
<span class="ttag">Entra ID</span>
<span class="ttag">Intune</span>
<span class="ttag">Defender for Business</span>
<span class="ttag">Purview</span>
<span class="ttag">Azure Log Analytics</span>
<span class="ttag">Cisco Duo</span>
<span class="ttag">Cisco Meraki</span>
<span class="ttag">KQL</span>
<span class="ttag">Nessus Essentials</span>
</div>
</div>
<div class="sidebar-card">
<div class="sidebar-title">Frameworks</div>
<div class="tech-tags">
<span class="ttag">HIPAA Security Rule</span>
<span class="ttag">NIST CSF</span>
<span class="ttag">CIS Controls</span>
<span class="ttag">NIST 800-53</span>
<span class="ttag">MITRE ATT&CK</span>
</div>
</div>
<div class="sidebar-card">
<div class="sidebar-title">Related Service</div>
<p style="font-size:0.85rem; color:var(--dim); margin-bottom:1rem; line-height:1.6;">This work maps to the Tier 3 Compliance Program and Full Stack engagement offerings.</p>
<a href="index.html#services" style="font-family:var(--fm); font-size:0.75rem; color:var(--accent); text-decoration:none; letter-spacing:0.08em; text-transform:uppercase;">View Services -></a>
</div>
</div>
</div>
</main>
<footer>
<div class="foot-logo">Lafontaine<span>Sec</span></div>
<div class="foot-copy" id="foot-copy"></div>
<div class="foot-links" id="foot-links"></div>
</footer>
<script>
document.getElementById('foot-copy').textContent = '\u00A9 2026 Lafontaine Security LLC \u00B7 Puerto Rico \u00B7 EIN registered';
var links = [{ text: 'contact@lafontainesec.dev', href: 'mailto:contact@lafontainesec.dev' }, { text: 'LinkedIn', href: 'https://www.linkedin.com/in/yeraylafontaine/', target: '_blank' }, { text: '(787) 988-0646', href: 'tel:+17879880646' }];
var fc = document.getElementById('foot-links');
links.forEach(function(l) { var a = document.createElement('a'); a.textContent = l.text; a.href = l.href; if (l.target) a.target = l.target; fc.appendChild(a); });
var obs = new IntersectionObserver(function(e) { e.forEach(function(x) { if (x.isIntersecting) x.target.classList.add('show'); }); }, { threshold: 0.06 });
document.querySelectorAll('.reveal').forEach(function(el) { obs.observe(el); });
</script>
</body>
</html>