Strengthened program's security posture by conducting deep-dive impact analyses and automated vulnerability scanning across containerized and virtualized environments, reducing attack surface through rapid remediation and strict compliance validation
Coordinated with DevOps to remediate critical software vulnerabilities identified by Fortify, Grype, XEOL, and OpenSCAP security scans
Developed comprehensive security testing suite for internal SDLC, identifying and remediating critical flaws in session management, error handling/info leakage, and cryptographic implementations prior to production deployment
MC DeanSecurity Engineer
Tysons, VA
Jul 2024 – Oct 2025
+
Achieved 95%+ DISA STIG compliance score across a mixed Windows, Linux, and Cisco infrastructure by systematically identifying, prioritizing, and remediating vulnerabilities via ACAS scans
Implemented a secure, high-performance testing environment leveraging Azure HCI on a Dell R740xd with NVIDIA 5090 GPU, containerizing 6 critical PSIM and AI workloads across 2 Kubernetes clusters
Built a 2nd PSIM platform infrastructure using Everbridge software, SQL, 2 camera subsystems, and 2 access control sub-systems for ISSC PFPA customer requirement testing and operator training
Configured Suricata IDS/IPS with ELK stack on a Dell R630 for logging and mitigation of malicious network traffic, resulting in a 20% reduction in firewall processing load
Deployed high availability solution by provisioning 3 $40,000 Dell PowerEdge R740xd servers in a fail-over cluster with Veeam backups, significantly improving disaster recovery capabilities
Drove security procurement for Google's corporate campus by evaluating 8 drone detection and 12 AI/ML-based physical security solutions, developing 3 BRDs and managing 12+ RFIs
CiscoSecurity Consulting Engineer Intern
Research Triangle Park, NC
May 2023 – Aug 2023
+
Conducted comprehensive security assessments (2 PDIs, 5 Big Scrubs) for Pfizer, NBCU, and JP Morgan Chase, identifying and mitigating 3 critical vulnerabilities
Engineered cyber defense with Cisco ISE & Active Directory for 802.1X (PEAP, EAP-TLS) with MAC Authentication Bypass (MAB) while implementing Guest Portal, Profiling, Posturing, and Logging
Created a Master Cisco ISE 3.1 Upgrade Method of Procedure (MoP) template for internal use within 3 weeks on Cisco's SCDP platform
XG Consultants GroupCybersecurity Analyst
New York City, NY
Jul 2022 – Nov 2022
+
Provided Cybersecurity advisory, crisis management, risk assessment, and resolution support to 6 Chubb's clients facing potential threats and suspicious activities
Implemented NIST CSF for compliance and matched CIS Critical Security Controls to baseline Identifying, Protecting, Detecting, Responding, and Recovering guidelines
Trained employees on Cybersecurity best practices, business continuity plan, and incident response for PBSA audit within 5 months
Certifications
AWS Solutions Architect – AssociateJan 2026
ISC2 Associate CISSPApr 2025
Cisco CCNAJul 2023
CompTIA CySA+ and Security+Mar 2022
Projects
Home LabOct 2023 – Present
Integrated Suricata IDS/IPS, Zenarmor NGFW, Crowdsec threat intelligence, and recursive Unbound DNS with 7 block lists as a network-wide DNS sinkhole for 15+ devices
Deployed and clustered 2 Proxmox nodes, using Wazuh SIEM/XDR to monitor 6 agents, Tailscale VPN & Cloudflare tunnels for remote access, Authentik for OAuth SSO & LDAP, and Nginx Reverse Proxy Manager
Built logging and monitoring for 5 VMs and 7 containers with Prometheus, InfluxDB, Uptime Kuma, Glances, and Grafana
Automated VM and LXC container configuration management using Ansible and Claude Code
Education
University at Buffalo — SUNYB.S. Information Technology and Management