About Me

Security operations specialist and builder

Open to new opportunities

I am a security operations specialist and builder with experience across SOC operations, incident response, threat hunting, detection engineering, and customer-facing security partnerships. My work centers on turning messy telemetry, ambiguous investigations, and operational pain points into clear detections, repeatable processes, and safer systems.

My approach is shaped by hands-on SOC operations: I have seen what breaks, what analysts, customers, and engineering teams trust, and what actually works under operational constraints. That operator's perspective informs every guardrail architecture I design.

Experience

The throughline in my career is simple: I walk into ambiguity, find the operational pain point, and build something that makes the environment more secure, repeatable, or easier to run. A pandemic response program needed secure technology operations from zero. A nonprofit cyber program needed a production SOC without enterprise licensing. A 60-client MSSP needed faster triage without sacrificing evidence or trust.

THE CHAOS: T2 analysts buried in high-volume triage across 60+ enterprise clients
Cybersecurity Analyst II
11:11 Systems · Feb 2024 – Apr 2026

Supported security operations across 60+ enterprise MSSP clients and 3,000+ endpoints spanning US, APAC, and EU environments. Work included Tier 2/3 triage, incident response, threat hunting, email security, detection tuning, and customer-facing remediation support.

The pain point was scale: repetitive T1 investigation work consumed time that should have gone toward deeper analysis, customer guidance, and response quality. I engineered and operationalized ThreatPrism within Swimlane SOAR to automate IOC extraction, MITRE ATT&CK mapping, severity and confidence scoring, next-step generation, and structured analyst context. ThreatPrism contributed to a 48% MTTR reduction while keeping production details proprietary.

THE CHAOS: Build a production SOC with no enterprise budget and no existing infrastructure
Director of Cybersecurity
Cyber Defense & Intelligence Center (CDIC) · Aug 2023 – Sep 2024

Built a production SOC from the ground up under nonprofit constraints where open-source and nonprofit licensing were the design requirements. Integrated BitDefender EDR, Wazuh EDR/SIEM, Splunk SIEM, TheHive SOAR, Action1 RMM, and a Software Defined Perimeter to support detection, monitoring, response, and operational repeatability.

Led a 30+ member team spanning SOC operations, detection engineering, incident response, insider threat, GRC, and project management. Developed threat hunting playbooks, detection runbooks, IR procedures, and security policy to make operations repeatable across a growing team. Worked cross-functionally with other divisions to align security capabilities with organizational goals.

THE CHAOS: A pandemic response environment with no playbook, no baseline, and distributed teams handling HIPAA/PII data
First Responder — Technology Operations | Co-Lead
Co-Lead PDA · Feb 2020 – Feb 2021

Helped stand up secure technology operations for a COVID-19 rapid-response environment where distributed teams needed reliable systems, secure access, and clear procedures immediately. Supported endpoint provisioning, authentication controls, account management, collaboration tooling, and secure connectivity for teams handling sensitive HIPAA/PII data.

Built foundational operating processes for technology use, data handling, security practices, and staff support. Implemented baseline cybersecurity controls such as endpoint protection, patching, secure configuration, and monitoring. Supported phishing investigation and mitigation, escalated suspicious activity, and coordinated with leadership and external partners to align technical capabilities with operational needs.

My Approach

AI security isn't just about preventing hallucinations — it's about Defense-in-Depth, treating AI as untrusted, and preventing unsafe behaviors. I build multi-layer guardrail systems that combine deterministic validation, semantic analysis, and policy enforcement to ensure AI-augmented tools and agentic systems fail safely in production environments.

Key Principles:

  • Guardrails must be composable and layered
  • Auditability matters more than raw accuracy for security tools
  • Production systems need deterministic safety controls
  • Operational trust determines adoption — analysts, customers, and engineering teams need systems that are explainable, auditable, and safe under pressure

My Mission

Build AI security systems that enable innovation without compromising safety. Security should not block progress; it should reinforce systems so they can stay in production. I architect guardrail systems that help teams deploy AI confidently, knowing their systems are designed to fail safely when the unexpected happens.

Education

Postgraduate — AI & ML Engineering
University of Texas at Austin (McCombs) · 2025
Applied Cybersecurity
SANS Technology Institute · 2024
B.S. — Cybersecurity & Information Assurance
Western Governors University · 2023

Tech Stack

SIEM / EDR / SOAR

Sentinel
Defender XDR
FortiEDR
FortiSIEM
Wazuh
Splunk
Swimlane
TheHive

LANGUAGES / TOOLS

Python
KQL
REST APIs
Postman
Docker
Git
LangGraph
FastAPI

CLOUD / AI / ML

AWS
Azure
GCP
Hugging Face
PyTorch
scikit-learn
Pydantic
SQLite

Core Expertise

AI Security

  • ▹ LLM Guardrail Architecture
  • ▹ Adversarial ML & Red Teaming
  • ▹ OWASP LLM Top 10
  • ▹ AI Agent & MCP Security
  • ▹ Model Security & Hardening

Security Operations

  • ▹ Detection Engineering
  • ▹ Threat Hunting
  • ▹ Incident Response
  • ▹ SIEM / SOAR / EDR / XDR
  • ▹ MITRE ATT&CK

Builder

  • ▹ Python / REST APIs
  • ▹ LLM Integration
  • ▹ SOC Automation
  • ▹ Docker / Git / CI-CD

Certifications

CYBERSECURITY

  • ▹ GSEC · GCIH · GCIA
  • ▹ SecurityX · CySA+ · PenTest+
  • ▹ Security+ · SSCP · CCNA · ITIL
  • ▹ SC-200 & SC-300 (In Progress)

AI / ML ENGINEERING

  • ▹ CAISS
  • ▹ Ready Tensor: Agentic AI & LLM
  • ▹ ProtectAI: MLSecOps
  • ▹ Hugging Face: Agents, MCP
  • ▹ CAIS · CAISP (In Progress)