Summary
Security-minded and technically curious IT professional with a hands-on, problem-solving approach to technology. CompTIA Security+ certified, with experience across networking, systems, and cybersecurity through real-world labs and practical training. Known for adaptability, attention to detail, and a strong interest in understanding how systems work and how to make them more reliable and secure. Motivated by continuous learning and contributing to effective, resilient technical environments.
Technical Skills
- Security Monitoring: Log analysis, triage, and escalation
- Networking: Routers, switches, VPNs, firewalls, wireless infrastructure
- Troubleshooting: Hardware (PCs, laptops, printers), software, remote diagnostics
- Operating Systems: Windows, Linux (Ubuntu, Kali)
- Security Tools: Wireshark, Nmap, Metasploit, Nessus, Burp Suite, Splunk, Elastic Stack, Suricata, Snort, Autopsy, FTK Imager
- Programming/Scripting: Python, Bash, PowerShell
Certifications
- CompTIA Security+ (SY0-701) - Issued July 2024
Security Case Study
While conducting independent, passive OSINT research using publicly available tools, I identified multiple internet-exposed Automated Tank Gauge (ATG) systems associated with fuel infrastructure.
To remain within ethical and legal boundaries, all activity was limited to non-intrusive observation. No authentication attempts, exploitation, or interaction with live systems was performed. Exposure was validated through publicly observable indicators only, with care taken to avoid any action that could impact system availability or behavior.
After documenting more than ten exposed systems, I analyzed common misconfigurations and assessed potential operational and safety risks associated with publicly accessible ICS/OT components. Findings were compiled into a structured report designed to clearly communicate risk to non-technical stakeholders.
Following responsible disclosure practices, the findings were submitted to CISA through a coordinated disclosure process. The focus was on highlighting broader infrastructure risk trends rather than identifying individual organizations.
This case study reflects my approach to security work: careful scoping, ethical restraint, clear documentation, and effective communication of real-world risk.
Experience
- Identified and documented 10+ exposed ICS/OT Automated Tank Gauge (ATG) systems through OSINT tools such as Shodan, demonstrating passive reconnaissance and critical infrastructure risk assessment.
- Submitted a coordinated vulnerability disclosure to CISA, following industry-standard responsible disclosure practices and highlighting systemic misconfigurations affecting multiple critical infrastructure sites.
- Investigated Windows-based endpoint and network threats by analyzing logs in Splunk and Elastic Stack.
- Built and managed a virtual home lab environment simulating enterprise networks to practice incident response and detection workflows.
- Configured and fine-tuned Suricata and Snort for IDS/IPS use cases; analyzed alerts and improved rule sets based on threat behavior.
- Developed and tested YARA rules for identifying malicious files and anomalous patterns during malware analysis exercises.
- Conducted hands-on adversary emulation to better understand lateral movement and credential attacks.
- Provides excellent customer service in a fast-paced environment, demonstrating strong communication and interpersonal skills.
- Manages cash and credit transactions accurately, ensuring accountability and attention to detail.
- Trains new staff on company policies and procedures, showcasing leadership and teamwork abilities.
- Troubleshot computers and computer peripherals for store operations.
- Provided guidance to customers on printing, graphic design, and shipping services.
- Used Adobe Creative Cloud (Photoshop) and Microsoft 365 programs daily.