Cybersecurity specialist and DevSecOps practitioner with 10+ years across federal agencies, financial services, and international environments. I build security into the places most teams skip: CI/CD pipelines, cloud identity, and developer workflows. Currently interning at Decyda SRLS in Poland, where I deploy Cloud Custodian on AWS and integrate AI-based guardrails into pipelines. Previously at the Department of the Interior, where I automated phishing triage, integrated SAST/SCA into Azure DevOps and GitHub Actions, and built Splunk queries that improved anomaly detection by 30%. Pursuing a Master’s in Information Security Engineering at SANS Technology Institute, with active research into how NIST SP 800-204D maps to real federal CI/CD pipeline risks. GIAC-certified across five domains.
• Engineered cloud security governance by deploying Cloud Custodian on AWS, writing custom Python-based policies to enforce compliance and auto-remediate risks.
• Executed penetration testing on web applications, identifying critical vulnerabilities and partnering with developers to patch code before production deployment.
• Deployed AI-based security guardrails within CI/CD pipelines, automatically blocking risky code changes and reducing manual code review time.
• Developed and integrated automated security scanning tools into Azure and GitHub pipelines, successfully detecting and mitigating 40+ critical vulnerabilities during the build phase.
• Scripted automation for phishing analysis and document processing, which increased team efficiency by 60% and reduced mean time to respond (MTTR).
• Programmed custom Splunk queries to correlate data sources, improving anomaly detection rates by 30% across the enterprise environment.
• Conducted comprehensive identity audits and engineered stricter access controls (IAM) to harden the environment against unauthorized entry.
• Developed comprehensive technical documentation for internal threat management controls and monitoring systems
• Created detailed process maps identifying business partner workflows and technology integration points
• Analyzed control effectiveness and identified opportunities for refinement and improvement
• Collaborated with cross-functional teams to enhance security posture and threat detection capabilities
• Developed and deployed custom Microsoft PowerApps solutions, automating business processes and creating data visualization dashboards
• Managed Azure cloud infrastructure for 200+ users, including VM deployment, storage configuration, and network resource maintenance
• Enhanced organizational productivity through streamlined workflows and improved decision-making capabilities
• Implemented security best practices and ensured system scalability and reliability
• Managed critical infrastructure including Windows systems, LAN networks, and cloud backup solutions
• Supervised application maintenance and computing infrastructure activities ensuring 99.9% uptime
• Provided technical support to 200+ employees across the United States with <2-hour response times
• Implemented robust backup and disaster recovery procedures ensuring data resilience and availability
• Provided Tier 1/2 technical support for over 500 personnel, resolving an average of 200+ helpdesk tickets monthly with a 87% satisfaction rating
• Managed user accounts, permissions, and group policies within Active Directory to ensure compliance with strict Department of Defense (DoD) security protocols
A collection of projects demonstrating expertise in cybersecurity, software development, and data analysis. These projects showcase practical applications of security principles, automation, and analytical thinking.
Threat Management, Security Auditing, Compliance Frameworks (NIST, ISO 27001), Vulnerability Assessment, Incident Response, Security Controls, OWASP ZAP, Penetration Testing, Risk Assessment, Security Scanners, IntelliJ
Microsoft Azure, AWS, Cloud Security, Infrastructure Management, Virtual Machines, Network Security, Azure Active Directory, Microsoft Entra ID, Cloud Backup Solutions, Disaster Recovery
Python, Java, JavaScript, SQL, PowerShell, REST APIs, Microsoft Power Platform, PowerApps, Power Automate, HTML/CSS, Git, Version Control
Data Analysis, Data Visualization, Pandas, Jupyter Notebooks, MongoDB, SQLite, Business Intelligence, Dashboard Creation, Statistical Analysis
Windows Systems Administration, LAN/WAN Management, Technical Support, System Maintenance, User Training, Documentation, Process Automation, Change Management
Strategic Planning, Project Management, Team Leadership, Stakeholder Communication, ROI Analysis, Digital Marketing, Business Process Optimization
Sharing insights on cybersecurity, technology trends, and professional development.
View All Posts →How my hands-on experience building CI/CD pipelines turned into a formal research whitepaper mapping federal security guidance against real-world pipeline vulnerabilities.
Read More →Exploring the challenges and time-intensive nature of web application security testing, even with professional tools like Burp Suite.
Read More →Exploring effective strategies for integrating automated security scanning into modern development pipelines.
Read More →This site is scanned weekly for secrets, vulnerabilities, and code security issues using open-source tools. View scan history on GitHub