Hi, my name is

Jeff

I defend systems and organizations from cyber threats

I’m a cybersecurity analyst with a background in systems and network administration, driven to stay ahead of the ever-evolving threat landscape. I specialize in identifying threat actor TTPs and containing breaches before impact. I also have experience in threat research, threat hunting, and uncovering opportunities to enhance detection engineering.

Resume

About Me

I began my tech career six years ago as a helpdesk technician at a local MSP in Austin, TX. Over the next four years, I advanced into Systems Administrator and Network Engineer roles, gaining hands-on experience with the infrastructure I now analyze as a Security Analyst. Having configured and maintained the very systems and network devices I monitor for threats gives me a practical edge in my current work.

Two years ago, I transitioned into cybersecurity with a managed security service provider (MSSP) and discovered a passion I didn’t expect — stopping the bad guys is genuinely rewarding. I spend much of my free time learning in my homelab, and I’m currently focused on sharpening my skills in threat hunting, detection engineering, and scripting languages such as PowerShell, Bash, and Python.

Some areas that I consider myself skilled and knowledgeable in from a cybersecurity perspective are:
  • SentinelOne EDR
  • Ransomware Operator TTPs
  • Incident Response - Containment
  • Phishing Email Analysis
  • Business Email Compromise Response & Remediation
  • Microsoft Active Directory Attack Techniques
  • Windows OS Persistence Mechanisms
  • Active Directory Certificate Services Abuse Techniques
  • OSINT & Malware Sandbox Tool Usage
  • Fortigate Firewalls
  • VPN & Remote Access Security
  • Network Recon and Discovery Indicators
  • Azure/Entra ID Conditional Access Policies
  • Log Analysis - Windows, EDR, Firewall, Identity
  • Threat Hunting by TTPs

Experience

  • Perform triage, log analysis, and initial investigations for SIEM and SentinelOne EDR alerts.
  • Provide recommendations to LevelBlue clients for containment and remediation strategies for user compromises, business email compromises, malware incidents, VPN compromises, data exfiltration events, lateral movement activity, and ransomware incidents.
  • Daily collaboration with internal threat hunters, incident responders, and client teams to ensure timely containment & remediation.
  • Conduct threat research, perform threat hunts, and provide recommendations for new detection rules based on emerging TTPs and observed threat actor behaviors.
  • Participated in multiple IR engagements and have played a key role in identifying early-stage attacks that were successfully contained prior to impact on multiple occassions.
  • Created and delivered multiple internal presentations on topics such as identifying Windows persistence mechanisms, adversary-in-the-middle phishing techniques, Oauth application consent phishing, and Active Directory Certificate Services attacks.
Network Engineer - IT Freedom
July 2019 - May 2023
  • Progressed from Tier 1 Helpdesk Technician to Systems Administrator and subsequently to Network Engineer.
  • Planned and executed complex network projects for clients, including Fortigate NGFW deployments, FortiClient Cloud EMS administration, MFA VPN deployments, VMware ESXi server installations, and wireless network rollouts (Aruba, Fortinet).
  • Designed and maintained detailed technical documentation, including project network diagrams and internal procedure guides.
  • Conducted a biweekly technical review to mentor Systems Administrators and address emerging technical challenges.

Certifications

  • SentinelOne SIREN IR Engineer
  • Blue Team Level 1 (BTL1)
  • Fortinet Certified Professional - Network Security
  • CompTIA CySA+
  • CompTIA Security+
  • CompTIA Linux+
  • CompTIA Server+
  • CompTIA Network+
  • CompTIA A+

Feel free to reach out!

I’m always open to chat about cybersecurity or new opportunities!
Mail me