> |
I specialize in defending modern digital infrastructures through threat monitoring, cloud security, vulnerability management, and compliance-driven security operations.
I'm a cybersecurity enthusiast specializing in defending modern digital landscapes. From analyzing traffic in a SOC environment to securing cloud infrastructure and aligning systems with GRC frameworks, I enjoy solving complex security challenges.
My approach blends an analytical mindset with hands-on tooling — I study the anatomy of every alert, instrument what can be measured, and treat compliance as code, not paperwork. Continuous learning is the only real perimeter that lasts.
Expected Graduation · 2027
Foundational coursework across systems, networks, and software engineering, with self-directed deep dives into security architecture and operations.
Self-directed track
Hands-on work in SIEM analysis, cloud security posture, GRC tooling, and offensive web security — turning theory into deployable skill.
A working stack across detection, cloud, compliance, and automation.
Continuous review of security events across endpoints, network, and cloud sources.
Triage suspicious activity, enrich indicators, and surface actionable detections.
Scan, prioritize, and report on weaknesses across infrastructure and applications.
Posture management and runtime visibility on AWS and Azure workloads.
Deep-dive into incidents with packet captures, timelines, and root-cause analysis.
Align operations with NIST CSF, ISO 27001, SOC 2, and PCI-DSS expectations.
Python and Bash tooling to eliminate repetitive triage and reporting work.
A research-focused, lightweight monitoring solution that watches critical configuration files for unauthorized change — designed for low-resource environments where heavy FIM agents aren't viable.
No formal title yet — but the muscle memory is real. Here's where I've been training.
Hands-on log review using Splunk and open-source SIEM datasets; built detection logic for common attacker TTPs.
Configured AWS Security Hub and Microsoft Defender for Cloud across lab environments to study misconfiguration patterns.
Authenticated and unauthenticated scans with Nessus, prioritization workflows, and remediation tracking.
Recreated phishing and lateral-movement scenarios in isolated labs to practice analyst response.
Security-focused course projects in cryptography, web app security, and network defense.
The control libraries and frameworks shaping how I think about defense and compliance.
Identify · Protect · Detect · Respond · Recover. Risk-based framework for measurable security maturity.
Information security management systems — controls, risk treatment, and continuous improvement.
Trust services criteria covering security, availability, and confidentiality for SaaS providers.
Payment card data protection — segmentation, access control, monitoring, and secure development.
Open to SOC, cloud security, and GRC opportunities. I usually reply within a day.
Pick the one that works for you.