Threat Hunter: Detecting tools like Netcat, Evasion techniques, Standard Exploitation tools like Meterpreter, initial access and pivoting maneuvers, Malware analysis (static vs. dynamic), Log investigations, Scanning techniques and mapping, Web Attacks and procedures, Reconnaissance (DNS, ports, IPs, IAM, ), Password attacks/techniques, Exploitation (initial access), Command and control detection, Payloads, Windows and Linux Situational Awareness, WMIC, Cloud: Detection of Host discovery and active reconnaissance, limitations on Cloud infrastructures, Mass IP scanning vs. targeted scanning, Vulnerability scanning internally, Authentication types and key material, AWS/Azure IAM, Azure infrastructure, AWS infrastructure, Entra ID/Cognito, Microsoft Graph, File/Storage system, CLI tools and usage, Red team operations and preparation, Containers (native, dockers, Kubernetes) vulnerabilities, Container Backdoors, Terraform Vulnerabilities, Control Plane vs. Data plane vs. Mission Plane, Deployment Pipeline vulnerabilities, MiTTRE ATTACK (Cloud Matrix), Serverless functions, database exposure, Cloud Priv/lateral escalation, VM/Computer vulnerabilities, permissions and roles based attacks. Operating Systems: Cisco, Linux, Windows, Palo Alto, Logic controllers. Tools: SolarWinds, ePO, trellis, SIEM (Sentinel and Splunk), Entra ID, Eyewitness, NMAP/Massan, sliver, Empire, Kali Linux, Socat, Azure/AWS ClI Tools. Python/PowerShell, CI/ID code analysis.

Security Operations Center: Incident response alerts vs. threshold, Permissions Structure, KQL and SPL proficiency, Construct Data Models and tagging system, reduce alerts fatigue and noise, Parsing structured vs unstructured data based on required architecture means, MITTRE ATTACK reference, Cyber Kill Chain Process, Regex Capture, Asset, Application, and user health monitoring, create easy to use visualizations for leadership, analyst, and incident responder. Understand Vulnerabilities and their management, Research and development on required specifics, correlate and build Security tools to work in conjunction with SIEM, SOAR and Sentinel Runbook, design and lead security structure for programs/information system, understanding projects against resource management/budgets, help analyst understand data, bridge the gap between analyst, tools, automation, and policy. Automation. Aggregate and collect information based on a single incident. i.e., collect all alerts that may be related to an incident. Provide proper visualization for Audits and assessments. Provide networking team with real time analysis and alerts of informational logs processed by networking devices. Form unstructured data into easy-to-use information for lower tier individuals to understand. Search for random information audits or specifications on the entire system regarding outside or insider risk. i.e., formulate an IP expression and provide conditions to proper IP traffic versus approved Ip ranges.

Threat Hunting: Identify Security incidents, Search for gaps and constraints in Security System Architecture, Provide analysis to leverage Security vs. production, Monitor Network traffic through Syslog ingestion, Monitor endpoints, applications, and System activity, understanding Architecture policy and regulations, Understand program Operations and Development, Understand Trends in private and public sector, Understand Application/hardware behavior, understand user/developer behavior, testing alerts and their effectiveness, Development: Build Splunk Dashboards and Panels, Capture triggers against policy and regulations, build queries capturing Techniques, Tactics, and procedures. Ensure SIEM platform is aligned with specific needs (insider threat, Cloud Matrix, Standard Framework), understand expected anomalies vs. unusual anomalies, SolarWinds Monitoring, Train and maintain Security Awareness training for general/Priv users, prepare mitigation and Security plan for specific tactics and techniques, build resilience between internal and external (perimeter vs. internal) system, yearly review of assets, hardware, software, and required capabilities. Understanding thresholds for malicious activities, dashboard automation.Security Tools: Sentinel, Splunk, McAfee, Tenable Security Center, Panorama, SolarWinds, ePO, python/PowerShell scripting.

Build and maintain Risk Management Packages for Government and Local sectors: Provided System Security Plans, Architecture diagrams and Standard Operating Procedures, obtain and conserved Authorization to operate, Adhere to NIST 800-53 documentations and control consistently met annual goals and Plans of action, Operated JSIG rev 4 version, provided baseline and built security policy regulations per requirements, implemented and assessed security controls. Continuous Monitoring: Vulnerability search and management through Tenable Security center (ACAS, SCAP, STIGs), ComSec maintenance and operations, Configuration Change board approvals and assessments, monitoring latest threats and intel, Assured File transfers and procedures, System Disposal, Incident Response, Security analysis: Provided in depth mitigation plans, conducted security review against intel requirements, network traffic analysis through Wireshark, Splunk, and Elastic Search, User, hardware, software baseline and maintenance, Supply chain management.

Attended Air Force Cyber Warfare Operations course consisting of the following requirements. Linux comprehension: File system structure and management, Operating System distro, Unix/Linux, Basic Commands and CLI navigation. Permissions in linux, user and group management, and Linux networking, light shell scripting. Networking fundamental: Network architectures, Network Components, IPv4 vs IPv6, IP address and subnetting, Wireless Principles and protocols, Switching concepts, VLAN configurations, Cisco device managment (Telnet, SSH, HTTP, HTTPS, Console, Security settings), routing table and forwarding decisions, OSPF and other autonomous systems, Syslog, Key Security concepts, access control, password policies, VPNs structures, AAA system, WAN and LAN Security matters.Windows fundamental: Operating System Structure, Windows File System, Permissions management, Windows services, Processess, Task Manager, Security, Microsoft management Console, Subsystem for linux.Ethical Hacking: Understanding laws and ethics, enumerating and Open source intel, internal information gathering, information characteristics in computers, DNS footprinting, Scanning networks (masscan vs. nmap), Initial access, lateral and escalation attepmts, persistence, and exfiltration, malware analysis, evasion techniques (subsystem process vs. internal detection devices). General Topics: Analysis and reporting, communication network Security, Cyber law and Ethics, Intelligence, Reconnaissance, Programming Scripting (Python and Powershell), Public Key management,

-Ensured careful planning to execute goals on long term projects (4-5months) while supervising a team and millions in assets.-Created, instructed, developed technical diagrams/blueprints to ensure quality completion.-Inspected and analyzed over 2.2 billion dollars in assets through accounting (Finance Analysis), time compliance, and physical asset for errors and operations enhancement.-Followed and upheld Environmental and safety regulations through Air Force, OSHA, and MSDS regulations.

-Strong verbal and written communication skills. -Concentration skills and situational awareness under any environment -Delivered and revised technical information for federal publications and training documents-Perform accurate and quick arithmetic, compute speed, time, and problems efficiently. Provide organized and timely information at all time while providing critical problem skill