I didn't start in security — I started as a sysadmin, which turned out to be the best possible foundation. While others learned Active Directory from documentation, I was already deep in Windows environments watching WMI, RPC, SMB, Kerberos, and NTLM behave in real production systems. That hands-on depth is what eventually pulled me into security — because I understood the systems attackers target better than most defenders do.
I'm a blue teamer at heart. I love the puzzle of hardening systems and finding gaps before someone else does. I've worked in resource-constrained environments where creative engineering wasn't optional — it was survival. That's made me good at building solutions that are practical, repeatable, and don't require an enterprise budget to be effective.
I particularly enjoy engineering automation that makes security teams faster — whether that's SOAR playbooks, PowerShell pipelines, or detection logic that fires on the right things and not everything else.
| Area | Proficiency | Details |
|---|---|---|
| SIEM / SOAR | Detection engineering · alert triage · automation pipelines · playbook development · log correlation |
|
| Windows Internals | WMI · RPC · SMB · Kerberos · NTLM · Active Directory · Group Policy · event log forensics |
|
| PowerShell | Security tooling · Graph API integration · remediation automation · AD management · custom reporting |
|
| Email Security | Phishing analysis · header forensics · DMARC/DKIM/SPF · Defender for O365 · attachment analysis |
|
| Azure Security | Defender for Cloud · Sentinel · Entra ID · Conditional Access · PIM · Identity Protection |
|
| Threat Hunting / IR | KQL · log analysis · IOC development · lateral movement detection · forensic triage |
|
| Intune MDM/MAM | Device compliance · endpoint hardening · app protection policies · Conditional Access integration |
|
| Microsoft Purview | DLP policies · data classification · sensitivity labels · insider risk · information barriers |
|
| Vuln Management | Scanning · prioritization · risk-based remediation · Defender for Endpoint · exposure scoring |
| Credential | Full Name | Issuer | Status |
|---|---|---|---|
Security+ |
CompTIA Security+ — threat analysis, network security, cryptography, risk management |
CompTIA | Verified |
AZ-900 |
Microsoft Azure Fundamentals — cloud concepts, core services, security and compliance |
Microsoft | Verified |
AZ-400 |
Microsoft Azure DevOps Solutions — CI/CD pipelines, IaC, security in DevOps workflows |
Microsoft | Verified |
SC-900 |
Microsoft Security, Compliance & Identity Fundamentals — zero trust, Microsoft security solutions |
Microsoft | Verified |
SecurityX |
CompTIA SecurityX (formerly CASP+) — advanced security architecture, enterprise risk, integration |
CompTIA | In Progress |