SANS Cyber Academy, Scholarship Recipient, 09/24 - 05/25

GIAC: GSEC, GFACT, and Expected 05/2025: GCIH

CompTIA: Security+

Azure, CLI (Linux/Unix, Bash, Powershell, MacOS), SIEMs (Sentinel, Splunk), Firewalls, Entra ID, Incident Response, Documentation, Private Endpoints, Defender for Cloud, Log Ingestion, VMs, Burp Suite, Packet Analysis (Wireshark, tcpdump), Scripts, Python, SQL, Data Analysis, Data Visualization, Incident Triage, Security Awareness, Web Application Vulnerabilities, OWASP, KQL, SPL, metasploit Standards/Regulations and Frameworks (e.g. NIST CSF, RMF, 800-53, PCI DSS, HIPAA, MITRE ATT&CK), Nessus, DeepBlueCLI, Volatility, ZAP, Bluespawn, Log Analytics, Vulnerability Management, PowerShell & more

• WiCyS Conference 2025
• RSA Conference 2024, WiCyS Scholarship Recipient
• BSides Harrisburg 2024
• BSides San Diego 2024
• SANS New2Cyber 2024
• Authentic8 OSINT 2024
• MWise 2023

• NCL @ WiCyS Conference 2025, April 2025 (placed 14/632, top 2.2%)
• KC7 SANS New2Cyber (Log Intrustion Analysis via KQL), March 2024 (placed 11/298, top 3.7%)
• Cyber Defense CTF by Level Effect, June 2024 (I didn't document results; I believe it was top 10%)
• Correlation One & DoD Cyber Sentinel Challege, May 2024 (placed 453/~5000, top 10%)
• MetaCTF RSA - Capture the Container, May 2024 (placed 3/6)
• MetaCTF, April 2024 (placed 38/938, top 5%)
• Trace Labs, BSides Harrisburg, April 2024 (placed 2/Unknown)
• KC7 SANS New2Cyber, April 2024 (placed 6/182, top 4%)
• SANS Holiday Hack Challenge, Dec/Jan 23-24 (completed 13 challenges, including challenges completed by less than 6% of participants)

Created a Honeynet, set up log analytics & Sentinel, monitored attacks, responded to incidents, hardened environment

• Tools/Skills Worked On: Azure Cloud, Sentinel, Log Analytics, Firewalls, Security Hardening, NIST 800-53, KQL, Entra ID/Active Directory, Incident Response, Incident Investigation, Incident Documentation, Alert Creation, Private Endpoints, NSGs, Defender for Cloud, Private Link, Workbooks, Log Ingestion, Storage Blob, Key Vault, VMs, Resource Groups

• Tools/Skills:
  • Python Scripting - Cybersecurity, Scripting, Python - Data Science, SQL, matplotlib, pandas, numpy
  • Bash Scripting

Researched a reported vulnerability, drafted an email to guide teams on vulnerability remediation, created a python script to brute force password for encrypted files.

• Tools/Skills: Vulnerability Analysis, Python Scripting, Email Documentation

Designed a Splunk dashboard to present potential fraud data, detailed an incident response plan to a phishing attack and potential ransomware attack, created an infographic to raise awareness for creating stronger passwords, identified vulnerabilities in a web application and presented possible remediation steps.

• Tools/Skills: Splunk, Data Analysis, Data Protection, Data Visualization, Incident Response, Detection and Response, Incident Triage, Password Security, Penetration Testing, Fraud-Related Data, Security Awareness, Web Application Vulnerabilites, OWASP

Splunk Workshop - Based on weblogs data from a fictional instance, I setup an app and a dashboard within it

• Tools/Skills: Splunk, adding an app, exploring/searching data, creating dashboards, extracting fields

• Tools/Skills: Azure, Linux, Phishing, Burp Suite, HTTP Traffic, Certificates, Web Application Security, HTML, Javascript, Command Injection, KQL, Incident Investigation, Log Analysis

• Tools/Skills: Linux CLI

• Types of Documentation: Incident Journals/Reports (technical & non-technical), Risk Assessment
• Tools/Skills: Playbooks, Wireshark, Splunk, Chronicle, VirusTotal, Incident Response Post-Incident Analysis, Logs, Linux CLI, tcpdump