Cybersecurity Analyst | Pen Tester | Blue-Siem
Protecting digital assets through proactive security research and ethical hacking
Protecting digital assets through proactive security research and ethical hacking
I'm a passionate cybersecurity professional with expertise in both offensive and defensive security operations. With a strong foundation in penetration testing, vulnerability assessment, and threat intelligence, I help organizations strengthen their security posture through comprehensive security analysis and strategic recommendations.
I believe in a holistic approach to cybersecurity that combines technical expertise with business understanding. Every security challenge is an opportunity to learn and improve. I focus on practical, actionable solutions that balance security requirements with operational efficiency.
Download ResumeTo bridge the gap between complex cybersecurity concepts and practical business solutions. I'm committed to continuous learning in this ever-evolving field, staying ahead of emerging threats while mentoring the next generation of security professionals.
My work is driven by the belief that proactive security measures and ethical hacking practices are essential for building resilient digital infrastructures in our interconnected world.
Comprehensive security assessment of a Fortune 500 company's internal network infrastructure, identifying critical vulnerabilities and providing strategic remediation guidance.
The client required a thorough security assessment of their complex multi-segment network hosting critical business applications, with minimal disruption to operations.
Conducted a phased approach starting with external reconnaissance, followed by internal lateral movement simulation. Utilized advanced persistence techniques and privilege escalation methods to demonstrate potential attack paths.
Identified 15 critical vulnerabilities including domain admin compromise vectors. Delivered comprehensive remediation roadmap, resulting in 90% vulnerability reduction within 3 months.
Security assessment and hardening of a multi-account AWS environment supporting microservices architecture with PCI DSS compliance requirements.
Client needed to achieve PCI DSS compliance while maintaining operational efficiency in their containerized microservices environment across multiple AWS accounts.
Implemented infrastructure-as-code security controls, designed secure CI/CD pipelines, and established comprehensive logging and monitoring using CloudTrail, GuardDuty, and custom Lambda functions.
Achieved full PCI DSS Level 1 compliance certification. Reduced security incidents by 85% and improved incident response time from hours to minutes through automated threat detection.
Multi-month advanced persistent threat simulation targeting a healthcare organization to test incident response capabilities and security awareness programs.
Healthcare client needed to validate their security posture against sophisticated nation-state level attacks while ensuring HIPAA compliance and minimal patient care disruption.
Executed a 90-day APT campaign using custom malware, social engineering, and living-off-the-land techniques. Simulated data exfiltration attempts and established covert communication channels.
Successfully maintained persistence for 45 days undetected, accessing sensitive patient data repositories. Provided detailed attack timeline and improved security awareness training reducing phishing susceptibility by 70%.
This live SIEM dashboard connects to my personal Wazuh instance running on AWS, demonstrating real-time security monitoring capabilities.
I'm always interested in discussing new opportunities, collaborating on security research, or sharing insights about the latest cybersecurity trends. Feel free to reach out!