Resume

Xavier Santana

Cybersecurity Professional

Contact: https://www.linkedin.com/in/xaviersantana

Profile

Experienced professional and cybersecurity enthusiast, graduated from
an intensive cybersecurity certificate program at the University of Central
Florida. Developing robust network hardening and analysis skills through
hands-on experience in real-world simulations, with a focus on enhancing
network security. Committed to leveraging technical expertise to contribute
effectively to cybersecurity initiatives.

Certifications

  • CompTIA Network+
  • CompTIA Security+
  • University of Central Florida 

Technology Summary

  • Operating Systems: Windows 10-11, Windows Server 2016, Ubuntu Linux, Debian Linux, Kali Linux, FreeBSD
  • Networking:  Cisco IOS, DNS Filtering, Router Configuration, Firewall Configuration
  • Programming Languages: HTML, CSS, Python, PowerShell, C#
  • Tools: Wireshark, Packet Tracer, Active Directory, PowerShell, PyCharm, Visual Studio Code, Splunk Network Monitoring, Nagios Monitoring

Work Experience

UX/UI DESIGNER

May 2021 ‑ Dec. 2023

Freelance

Remote ‑ Ocoee, FL

Led user research initiatives to gather insights and inform design decisions, resulting in intuitive and user‑centered interfaces tailored to meet diverse
user needs.
Executed the end‑to‑end design process, from wireframing and prototyping to user testing and iteration, ensuring seamless digital experiences and
high user satisfaction.
Collaborated closely with cross‑functional teams including developers and product managers, fostering effective communication and alignment to
deliver impactful design solutions.
Championed usability and accessibility principles throughout the design process, resulting in intuitive navigation, clear information architecture,
and enhanced user engagement.

COMPUTER NUMERICAL CONTROL (CNC) MACHINE/PRE‑SET SAW OPERATOR

July 2018 ‑ Aug. 2020

Cues, Inc

Orlando, FL

Increased department efficiency by 30% within the first 3 months by strategically offloading and centralizing tasks among machine shop personnel,
demonstrating effective leadership in optimizing processes.
Identified and flagged engineering drawings and instructional documentation for revision, addressing issues such as incorrect formatting, outdated
information, and suboptimal process outcomes.
Created a comprehensive technical training document outlining a standardized tool setting procedure, employing industry‑standard machining
terminology to ensure clarity and consistency in training materials.
Managed machine tooling inventory and formulated procedural guidelines to ensure consistent installation of tools in holders, optimiz

EDITOR

July 2014 ‑ Jan. 2018

Freelance

Remote ‑ Ocoee, FL

Revitalized content quality by meticulously editing and refining diverse written materials, enhancing clarity, coherence, and adherence to style
guidelines for various clients.
Demonstrated adaptability and versatility in editing a wide range of content genres, from articles and blog posts to academic papers, ensuring
consistency and excellence across all projects.
Utilized effective communication and organizational skills to manage multiple editing projects concurrently, meeting strict deadlines while main‑
taining high editorial standards.
Independently acquired understanding of Unreal Engine 3 development tools via software documentation to create technical training document
for Firaxis XCOM 2 Software Development Kit audio component.
Maintained strict client confidentiality at all times.

STAFF WRITER

Jan. 2013 ‑ July 2014

WhatCulture.com

Remote ‑ Ocoee, FL

Generated original ideas and concepts for articles, leveraging in‑depth industry knowledge and trend analysis to produce compelling and shareable
content.
Adapted writing style to suit various content formats and platforms, including articles and listicles, maintaining consistency and relevance across all
publications.
Uploaded completed articles through WordPress content management systems.

Professional Projects

Cybersecurity Project: Pi‑Hole Network Protection

Jan. 2022 ‑ PRESENT

CONFIGURATION AND MAINTENANCE

Ocoee, FL

Description:
Implemented and currently maintain Pi‑Hole, an open‑source network‑wide ad blocker, to enhance cybersecurity measures within the home network.

Key Responsibilities and Achievements:
Configured and customized Pi‑Hole settings to actively block malicious domains and ads, significantly reducing the risk of phishing and malware
attacks, enhancing network security.
Consistently monitored and updated Pi‑Hole to maintain the latest security features and blocklists, bolstering overall network defense.
Conducted periodic security assessments to proactively identify and address potential vulnerabilities, demonstrating a proactive stance in cyberse‑
curity.
Integrated Pi‑Hole logs into network monitoring tools to track and analyze traffic, enabling the identification of anomalous or suspicious activities,
enhancing network security.
Utilized Wireshark packet sniffer to analyze network traffic, identifying potential blocklist additions and enhancing network security measures.
Educated family members and associates on the importance of ad‑blocking for online security and privacy, fostering awareness and promoting safe
browsing practices.
Documented the Pi‑Hole implementation process, configurations, and maintenance procedures, ensuring comprehensive reference material for
future use and troubleshooting
Proactively backed up Pi‑Hole configuration before updating the Raspberry Pi OS, ensuring all settings were retained and avoiding potential down‑
time or configuration loss.

Technologies Used:
Pi‑Hole, Wireshark, Network Monitoring Tools, Security Assessment, Raspberry Pi.

Impact:
Strengthened cybersecurity posture by implementing an effective ad‑blocking solution, reducing exposure to online threats and enhancing privacy
across all connected devices.

Cybersecurity Lab: Network Foundations

Sep. 2023 ‑ Oct. 2023

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Performed simulated network setup for a small business network engineer.

Key Responsibilities and Achievements:
Designed and implemented basic networks comprising two routers and switches each, seamlessly integrating devices into larger networks, demon‑
strating proficiency in network architecture and configuration.
Utilized Wireshark to analyze network traffic, accurately identifying sources and types of data transmission, enabling proactive monitoring and swift
resolution of network anomalies.
Executed basic switch and endpoint configuration tasks using Packet Tracer, honing skills in network device management and setup for optimal
performance.
Configured and validated port security measures on Cisco switches, safeguarding network integrity and mitigating unauthorized access risks through
meticulous verification procedures.
Demonstrated expertise in basic router and switch configuration by successfully connecting routers to two distinct networks, ensuring seamless
communication and network interoperability.
Effectively configured static IPv4 routes between multiple LANs and external networks, optimizing network traffic flow and facilitating efficient data
transmission.
Implemented Routing Information Protocol (RIP) across multiple routers, diagnosing and resolving connectivity issues through dynamic routing
strategies, enhancing network reliability and performance.
Configured OSPFv2 in a single area, optimizing network routing and scalability while ensuring seamless communication between network segments.
Created VLANs and trunk connections for two networks, meticulously analyzed endpoint connectivity issues, and fine‑tuned trunk configurations,
optimizing network efficiency and performance.
Implemented Access Control Lists (ACLs) on Cisco routers, enhancing network security by regulating traffic flow and mitigating potential security
threats.
Deployed router‑on‑a‑stick VLAN routing, efficiently segmenting network traffic and optimizing resource utilization for enhanced network perfor‑
mance.
Conducted server troubleshooting by monitoring behavior and managing logs, swiftly identifying and resolving server‑related issues to ensure un‑
interrupted network services.
Utilized Command Prompt to identify network settings and employed the Ping command to test connectivity, ensuring network functionality and
troubleshooting potential issues.
Investigated PCAP packet captures of network attacks using Wireshark, enabling swift detection and mitigation of security breaches, bolstering
network resilience and integrity.

Technologies Used:
Cisco IOS, Cisco Packet Tracer, Command Prompt, Wireshark, Ethernet.

Impact:
Successfully configured network and devices, ensuring client internet connectivity and reduced threat surface.

Cybersecurity Lab: Network Security Foundations

Dec. 2023 ‑ Jan. 2024

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Performed simulated network management and hardening.

Key Responsibilities and Achievements:
Set up and configured AAA server (RADIUS and TACACS+), verifying AAA functionality on network devices to ensure secure authentication and access
control.
Implemented 802.1X authentication on switches, enhancing network security by requiring authentication for network access.
Conducted hash strength testing using RainbowCrack, assessing password security to preempt potential vulnerabilities.
Ensured file integrity and authenticity by identifying hashes and comparing hash values, enhancing data security and trustworthiness.
Established SNMP on a router and managed router operations through MIB from PC, facilitating efficient network monitoring and management.
Deployed and utilized Nagios network monitoring, enabling proactive network performance monitoring and issue detection.
Conducted network traffic analysis and file extraction utilizing Wireshark, NetworkMiner, tcpdump, and Zeek, enhancing network security and trou‑
bleshooting capabilities.
Configured OpenVPN on Windows, enabling secure remote access to network resources for enhanced data protection.
Set up ActiveDirectory for L2TP/IPSec deployment from Windows Server to Client, ensuring secure and efficient communication.
Enhanced Cisco switch security by enabling port security and configuring VLANs to disable CDP and other defaults, mitigating potential security
risks.
Established pfSense firewall rules to selectively block or allow ICMP traffic as required, enhancing network security and control.
Implemented pfSense firewall port forwarding, facilitating efficient and secure routing of network traffic.
Installed Suricata add‑on package for pfSense, utilizing ETOpen Emerging Threats rules, configuring pass lists and interface monitoring, and verifying
with Nmap scan for enhanced network threat detection.
Configured custom Snort rules for Suricata, detecting non‑FTP traffic to a specific port, strengthening network security against specific threats.
Configured Windows Firewall to block ICMP, Google Chrome, and communications from specific IP addresses, bolstering system security and access
control.
Implemented Iptables on Ubuntu to block traffic from ICMP, HTTP, and HTTPS, enhancing Ubuntu system security against specific network threats.
Manually added Snort ICMP detection rule to Ubuntu installation in local.conf, further enhancing Ubuntu system security against specific network
threats.
Utilized HTML source inspection, decryption of an encrypted .PNG file, and Snort log analysis to enhance network security and detect potential
threats.

Technologies Used:
Cisco IOS, Cisco Packet Tracer, AAA, RADIUS, TACACS+, 802.1x authentication, RainbowCrack, Linux, md5sum, sha1sum, SNMP, Nagios, Wireshark,
NetworkMiner, tcpdump, Zeek, OpenVPN, IPSec, L2TP, Cisco Discovery Protocol, pfSense, Port Forwarding, Nmap, Windows Firewall, Iptables, Snort.

Impact:
Successfully configured network and devices, ensuring client internet connectivity and reduced threat surface.

Cybersecurity Lab: Microsoft Security System Administration

Oct. 2023 ‑ Nov. 2023

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Performed simulated configuration of Windows Server and Active Directory installations.

Key Responsibilities and Achievements:
Set up and configured Windows Server with Active Directory Domain Services, promoting the server to a domain controller, ensuring efficient network management and user authentication.
Created, configured, and managed Active Directory objects, optimizing organizational structure and facilitating streamlined user management.
Configured Group Policy Objects to manage user experience and enhance domain security, ensuring consistent policy enforcement across the network.
Utilized policy templates to configure and manage applications for domain users, customizing application policy by department to meet specific organizational needs.
Implemented logon scripts in group policies for automated processes, enhancing user productivity and network management efficiency.
Configured DNS setup, configuration, and record management for the Windows Server domain, ensuring reliable and efficient domain name resolution.
Installed, configured, and managed DHCP services, ensuring efficient IP allocation and reservation management for network devices.
Utilized generative AI to develop PowerShell scripts automating Active Directory object creation, streamlining administrative tasks and improving workflow efficiency.
Managed sharing permissions for Windows network, enabling discreet resource sharing and secure data access for authorized users, enhancing data security.
Installed DHCP, Simple‑TCPIP, and IIS Web Server in Windows Server via PowerShell, ensuring robust network infrastructure and web services functionality.
Enabled BitLocker encryption in the Windows Network environment, safeguarding data integrity and confidentiality.
Configured Windows Firewall rule blocking ICMP connections to the domain controller, enhancing network security by restricting potentially harmful traffic.
Implemented strong password and account lockout policies within Active Directory, bolstering network security and mitigating unauthorized access risks.
Configured Active Directory to restrict remote login, enhancing network security by controlling access to critical resources.
Configured Audit Policy and Event Viewer logs in Active Directory, enabling comprehensive monitoring and analysis of network activity for security and compliance purposes.
Created Windows Firewall rules blocking program access, enhancing network security by preventing unauthorized application usage.

Technologies Used:
Windows Server 2016, Active Directory, Remote Desktop Protocol, Windows Client, DHCP server, IP address scheme, Group Policy (GPO), Command
Prompt, PowerShell, AppLocker, BitLocker, Windows Firewall, Domain Name Service.

Impact:
Significantly enhanced network security, streamlined user management processes, and optimized network performance, ensuring robust protection
against potential security threats.

Cybersecurity Lab: Integrating Infrastructure Security

Nov. 2023 ‑ Dec. 2023

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Performed simulated configuration of Linux and Amazon Cloud virtual machines. Compiled basic Python scripts to automate tasks.

Key Responsibilities and Achievements:
Demonstrated proficiency in manipulating files and folders through the Linux Command Line Interface, facilitating efficient file management and system navigation.
Efficiently obtained Linux system properties, enabling comprehensive system analysis and troubleshooting.
Identified and modified user and file permissions, and managed groups effectively, ensuring secure access control and user management.
Enhanced security measures by utilizing chown and chmod to control file access, mitigating potential security vulnerabilities and unauthorized access risks.
Configured SSH client and server on Linux, including port updates and login permissions, ensuring secure remote access and data transmission.
Identified and rectified misconfigured Cron settings, utilizing them to access file contents, enhancing system security through proactive vulnerability management.
Configured Iptables to block network traffic from specific IP addresses/ranges, enhancing network security and access control.
Successfully created Windows Server 2016 EC2 instance with Remote Desktop Protocol connectivity, facilitating efficient remote server management and administration.
Developed Single Page Application in an AWS S3 bucket, leveraging cloud services for scalable and reliable web hosting.
Created Amazon ecsFargate container, optimizing application deployment and management in a containerized environment.
Engineered interactive Python script executing operations on user‑inputted variables and providing feedback based on results, enhancing user experience and workflow efficiency.
Developed interactive Python script with conditional statements processing user inputs and displaying messages based on results, ensuring accurate and user‑friendly script execution.
Crafted Python scripts incorporating ’while’ loops, ’try/except’ format, and OS command modules, facilitating robust error handling and versatile script functionality.

Technologies Used:
Linux, Terminal, Command Line Interface, Bash, chown, chmod, SSH, Cron, Iptables, Amazon Web Services, EC2, S3, ecsFargate, Python, PyCharm.

Impact:
Successfully configured network and devices, ensuring client internet connectivity and reduced threat surface.

Cybersecurity Lab: Designing Cybersecurity Infrastructure

Feb. 2024 ‑ Mar. 2024

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Performed malware detection, analysis, and threat investigation, as well as secure network architecture design, network configuration, endpoint
detection, and cloud environment management.

Key Responsibilities and Achievements:
Utilized Virus Total to detect malware in .ZIP archive file, enhancing malware detection capabilities.
Utilized ClamAV to scan executable file for viruses, analyzed executable using HxD to generate YARA blocking rule for ClamAV, effectively targeting executable’s hex data.
Configured WSUS patch approval and deployment on Active Directory, implemented Group Policy Object for controlling Windows Updates, ensuring timely and efficient client system updates.
Installed ClamAV on Ubuntu, updated signature database, executed filescan of executable files, extracted string keywords, and updated ClamAV database to detect malicious files.
Configured Wazuh Ubuntu server and Windows client, verified functionality of directory integrity monitoring through File Integrity Monitoring web interface, ensuring system integrity.
Configured Wazuh EDR capabilities by creating active response countermeasure script triggered by suspicious file modification, enhancing threat detection and response.
Utilized nslookup to identify IP addresses, MX servers, and authoritative name servers for websites, automating the process with a bash script.
Used telnet to connect to POP3 mail server and retrieve message, facilitating email server diagnostics and troubleshooting.
Installed Splunk on Ubuntu, configured file and directory monitoring, verified log functionality, and installed Splunk Forwarder on Windows client, ensuring comprehensive log management.
Configured Splunk on Ubuntu, monitored UDP traffic via pfsense, and generated nmap traffic to verify monitoring effectiveness, ensuring robust network monitoring.
Utilized Splunk dashboards to examine records of SQL Injection and XSS attacks, facilitating comprehensive analysis of cybersecurity threats.
Examined Splunk event logs of suspicious login attempts, determined attack details, including time, IP addresses involved, and user agents, enabling swift incident response.
Created Splunk alerts based on aggregated search results to detect suspicious behavior, enhancing proactive threat detection.
Developed Splunk dashboard to track 404 errors, streamlining error monitoring and resolution.
Utilized Shodan to identify exposed IoT Programmable Logic Controller and Remote Terminal Unit devices, enhancing vulnerability assessment capabilities.
Utilized Binwalk and QEMU to analyze OpenWRT firmware package, extracting contents and verifying behavior through emulation, facilitating firmware analysis.
Accessed SIEM logging data with Splunk to uncover source, machines involved, and cyber attack types, enabling comprehensive threat investigation.
Investigated domain‑related attack using SIEM, Wireshark, and PowerShell to obtain information on attack type, source, and outcome, facilitating incident response.
Diagrammed network architecture featuring demilitarized zone and VLANs for servers, security management, and individual departments, enhancing network visualization and management.
Managed AWS IAM policies and users, generated MFA application app codes, ensuring secure user authentication.
Managed Virtual Private Cloud (VPC) in AWS, including VPC creation, ACL setup, subnet creation, and enabling VPC Flow Logs, optimizing AWS network security and monitoring.

Technologies Used:
Virus Total, YARA, ClamAV, HxD, Windows Server Update Services, Active Directory, Wazuh, nslookup, telnet, Splunk, Shodan, Binwalk, QEMU, SIEM, Wireshark, PowerShell, Draw.io, AWS IAM, Authenticator app.

Impact:
Effectively identified, analyzed, and responded to cybersecurity threats, while implementing robust security measures across different network environments.

Cybersecurity Lab: Social Engineering and Ethical Hacking

Mar. 2024 ‑ Apr. 2024

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Performed open source intelligence gathering, studied and replicated social engineering and phishing attack methodologies to understand and test
for vulnerabilities exploited by threat actors.

Key Responsibilities and Achievements:
Gathered intelligence on OWASP, utilizing whois.com and builtwith.com to obtain site creation date, registrant country, and framework, enhancing threat assessment.
Investigated malware using Jotti’s Malware Scan, Filescon.io, and VirusTotal to find IP address indicators of compromise, analyzing target system and generating MD5 hash for further investigation.
Utilized Nmap to scan network for open ports and backdoors, conducting comprehensive network reconnaissance and detecting potential vulnerabilities.
Installed Recon‑ng, explored features, and integrated Nmap results for domain and network analysis, enhancing reconnaissance capabilities and data collection.
Simulated phishing attack using HiddenEye to harvest credentials, validating functionality and gaining insights into phishing techniques and user vulnerabilities.
Conducted offline brute force attacks on NTLM and MD5 hash types using John the Ripper and Hashcat, demonstrating vulnerabilities of cryptographic hash functions.
Performed basic Pen Testing using Nmap, crunch, and Hydra to identify accessible services, accessing target systems to uncover security weaknesses.
Detected open ports using Nmap, initiated SSH and Hydra brute‑force attacks to uncover credentials, accessing target systems for further analysis.
Initiated nmap full port scan of target server, imported results into MSFconsole workspace, and exploited target system using Metasploit, demonstrating exploit techniques.
Generated reverse TCP payload using msfvenom, deployed payload to target machine, and verified execution, demonstrating remote code execution capabilities.
Redirected traffic through foreign proxy server using Plain Proxies, configured OpenVPN on Ubuntu, and compared IP addresses using curl, enhancing anonymity.
Scanned target system with Nmap via ICMP and TCP, utilized Metasploit to hack FTP service, accessing target system for analysis and exploitation.
Configured Apache server for minimal data leakage and security headers, enhancing server security and protecting against common vulnerabilities.
Set up temporary Burp Suite project, intercepted HTTP request, and executed Brute Force attack to access target site control panel, demonstrating web application testing.
Utilized Copilot to generate XSS payloads, executed XSS attacks in XSS Playground environment, exploring various attack vectors and techniques.

Technologies Used:
Open source intelligence gathering, md5sum, Nmap, Recon‑ng, HiddenEye, John the Ripper, Hashcat, crunch, Hydra, Remmina, Metasploit, MSFconsole, msfvenom, Plain Proxies, OpenVPN, Apache Server, Burp Suite, Microsoft Copilot.

Impact:
Effectively mitigated web facing vulnerabilities exploited by phishing and other social engineering attacks to obtain access to sensitive data.

Cybersecurity Lab: Digital Forensics and Incident Response

Apr. 2024

CONFIGURATION AND DATA ANALYSiS

Ocoee, FL

Description:
Generated and analyzed digital forensic artifacts to gather information on simulated attacks by threat actors.

Key Responsibilities and Achievements:
Comprehended hash comparison process and data extraction from images, utilizing PhotoRec for image recovery and HashMyFiles for file hashes comparison, enhancing forensic skills.
Utilized Cyber Triage for initial triage on Windows system, inspected malicious items, and generated comprehensive report of analyzed image, showcasing proficiency in digital investigation.
Compared hash values with HashCalc, analyzed PDF files with FileAlyzer and PDFStreamDumper, and determined packer used on .EXE file with Exeinfo PE, enhancing malware analysis capabilities.
Practiced static malware analysis investigation by checking strings, examining hexadecimal code, and comparing hash to known malware, demonstrating proficiency in malware analysis.
Extracted systeminfo query, user group memberships, running processes, and network connections to text files, examining for suspicious activity and enhancing investigative skills.
Executed basic Linux commands and tasks, dumping system information and examining file access times, showcasing proficiency in Linux environment.
Utilized Autopsy to examine case file, analyzed images and log files, and generated HTML report, showcasing proficiency in digital forensics.
Analyzed web browser data using various tools to uncover user activities, examining browser history, cookies, downloads, and add‑ons, enhancing web forensic skills.
Examined image file in HxD, manipulated file signature, showcasing proficiency in file manipulation and forensic techniques.
Created Autopsy case file, extracted files, examined multimedia documents, and generated timeline, demonstrating proficiency in Autopsy.
Acquired Windows Registry files, analyzed using Registry Viewer, and extracted user account information, showcasing proficiency in registry analysis.
Utilized OpenStego to generate steganography, embedded encrypted text data, compared file hashes, and extracted content, showcasing proficiency in steganography analysis.
Investigated attack on Linux web server using logs, extracted IP addresses and tracked attacker’s actions, demonstrating proficiency in log analysis.
Examined Windows Event Viewer log, discovered new users, detected brute force attacks, and identified user activities, showcasing proficiency in event log analysis.
Utilized NetworkMiner in Kali Linux to analyze and investigate suspicious data from an email, obtaining email address, credentials, and MD5 hash of attachments, enhancing email forensic skills.
Investigated network data using Wireshark, identified target device MAC address, User‑Agent string, and accessed media content pricing, showcasing proficiency in network traffic analysis.
Utilized Volatility Framework to investigate volatile memory related to Zeus malware, obtained active processes, network connections, and examined registry keys, showcasing proficiency in memory forensics.
Utilized FTK Imager to collect hard drive and RAM content, accessing evidence from logical and physical drives, showcasing proficiency in evidence acquisition.
Investigated virtual memory dump file using Volatility, examining running processes, hidden processes, and network activity, demonstrating proficiency in memory dump analysis.
Applied advanced digital forensics techniques to analyze memory dump from potentially compromised system, identifying malicious activity, examining process tree, and detecting code injection, showcasing proficiency in advanced memory analysis.

Technologies Used:
PhotoRec, HashMyFiles, Cyber Triage, HashCalc, FileAlyzer, PDFStreamDumper, Exeinfo PE, HxD, SysInternalsSuite, Virus Total, PowerShell, Autopsy, Registry Viewer, OpenStego, Windows Event Viewer, NetworkMiner, Wireshark, Volatility Framework, FTK Imager, Kali Linux.

Impact:
Successfully generated artifacts and recovered data for future threat analysis and mitigation.

Cybersecurity Lab: Threat Hunting and Intelligence

May 2024

CONFIGURATION AND DATA ANALYSiS 

Ocoee, FL

Description:
Gathered information on cyber threats and leveraged threat intelligence to find vulnerabilities and harden systems against threats and vulnerabilities.

Key Responsibilities and Achievements:
Installed and configured ELK, including Elasticsearch, Logstash, and Kibana, and activated Packetbeat service, enhancing network monitoring capabilities.
Investigated logged network traffic using Kibana, identifying various attacks, creating Elasticsearch index pattern, and filtering packets, demonstrating proficiency in network analysis.
Interacted with cyber threat intelligence platforms, utilized Python and STIX formats, and generated STIX file and visualization, showcasing proficiency in threat intelligence analysis.
Analyzed network traffic using tcpdump, constructed Snort rules, and verified rule configuration in Snort console, enhancing network security.
Utilized Kibana with Webhose.io data feed, examined log entries, and utilized enriched categories, enhancing data search capabilities.
Created, obfuscated, and deployed reverse shells on target machines, analyzed code obfuscation effects on detection, showcasing proficiency in offensive security techniques.
Installed and managed Wazuh security monitoring environment on Linux, deploying agents and configuring Wazuh web interface, enhancing system monitoring capabilities.
Utilized PowerBI’s Q&A feature to query data and customize visualizations, importing Excel breach report into PowerBI and defining natural language terms, enhancing reporting capabilities.
Leveraged PowerShell and Sysinternals tools to explore persistence techniques in Windows environment, identifying suspicious activities and enhancing threat detection.
Explored DNS tunneling with Iodine and Wireshark, setting up a tunnel and analyzing resulting traffic, demonstrating proficiency in network analysis.
Configured Wazuh agent connectivity, edited agent configuration, and configured File Integrity Monitoring with Wazuh, enhancing system security and monitoring.
Installed and configured Cowrie honeypot, scanned ports, initiated brute‑force attacks, and examined Cowrie logs for attack activities, enhancing intrusion detection capabilities.
Configured and executed a simulated cyber attack using the CALDERA automated adversary emulation system, monitoring attack execution and outputs, showcasing proficiency in adversary simulation.
Simulated an error condition in an AWS Lambda function, observed CloudWatch alarms’ response to function execution metrics changes, enhancing cloud security monitoring capabilities.

Technologies Used:
ELK (Elastisearch, Logstash, Kibana), STIX Visualization Tool, Python, AbuseIPDB, CriminalIP, ClamAV, msfvenom, Wazuh, Power BI, PowerShell, Sysinternals Autoruns, Cowrie, CALDERA, Iodine, AWS Lambda.

Impact:
Successfully performed intelligence gathering and adversary simulation as part of proactive threat hunting procedures.

Cybersecurity Lab: One of Us

May 24, 2024

THREAT ASSESSMENT AND ANALYSiS

Ocoee, FL

Description:
Simulated threat hunter utilizing web‑based tools to identify and analyze malicious files obtained from a compromised system.

Key Responsibilities and Achievements:
Reviewed ClamAV Web UI scan history to establish a baseline and familiarize myself with previously executed actions, ensuring a reference point for the investigation.
Took screenshots of the scan history to preserve data and ensure continuity of information for ongoing analysis.
Accessed ClamAV API documentation to search for bulk upload capabilities, discovering that the ClamAV Web UI does not support this feature.
Shifted to VirusTotal for its bulk upload feature after ClamAV Web UI was found lacking this capability.
Conducted a search for commands to create a ZIP archive and navigated to the suspicious‑files folder, preparing the files for bulk scanning.
Attempted to create the ZIP file but encountered permission issues, identifying a roadblock in the file compression process.
Used Files2Zip.com to compress the entire suspicious‑files folder into a ZIP file for scanning in VirusTotal, successfully preparing it for upload.
Uploaded the ZIP file to VirusTotal and reviewed the Relations tab, identifying specific malicious EXE files for further analysis.
Isolated file0.exe and file176.exe from the ZIP archive, uploaded them to ClamAV Web UI, and obtained MD5 hashes for each file.
Reviewed the properties of the malicious files within ClamAV Web UI, acquiring additional details and hashes for comprehensive analysis.

Technologies Used:
ClamAV Web UI, Files2Zip.com, VirusTotal.com.

Impact:
Successfully identified malicious files and documented data for future threat analysis and mitigation.

Cybersecurity Lab: Pig Rules

May 27‑28, 2024

THREAT ASSESSMENT AND ANALYSiS

Ocoee, FL

Description:
Simulated SOC analyst engaging in network traffic analysis to uncover hacktivist activity.

Key Responsibilities and Achievements:
Logged into Snorby GUI with provided credentials, noting that no high, medium, or low severity detections were recorded within the last 24 hours.
Cycled through all dashboard duration options to ensure no possible detections were missed, confirming that no events were recorded.
Obtained system IP address through the hostname ‑I command to prepare for network traffic monitoring.
Initiated tcpdump to capture a baseline of network traffic, and Googled additional tcpdump commands to craft more refined packet capture.
Used tcpdump ‑D to identify available devices (eth0, any, lo, nflog, nfqueue) for packet capture.
Consulted reference material on crafting Snort rules to learn best practices for alert creation.
Created a new Snort rule to capture RDP traffic and tested its validity, which was not triggered, prompting further research.
Configured a new Snort rule to capture RDP traffic and validated it in console mode.
Created various rules to filter out legitimate traffic and iterated to reduce noise, enhancing the effectiveness of Snort.
Created a rule to filter for TCP traffic over port 3389, based on reexamined TCPdump data.
Adjusted Snort capture duration after noticing a low detection rate, improving capture effectiveness.
Found the target hash displayed on the dashboard after sufficient Snort capture duration, confirming successful detection and configuration.

Technologies Used:
TCPDump, Snort, Snorby.

Impact:
Successfully identified suspicious network traffic and created Snort rules that captured data for future threat analysis and mitigation.

Cybersecurity Lab: Imperial Memory

May 28‑29, 2024

CONFIGURATION AND TROUBLESHOOTING

Ocoee, FL

Description:
Analyzed memory dump associated with archive file to obtain access to hidden media.

Key Responsibilities and Achievements:
Uploaded suspicious 7z file to VirusTotal to determine if the contents were malicious.
Researched the strings function as an alternative means of searching the memory dump for a password due to nonfunctioning Volatility framework.
Utilized the strings command to obtain human‑readable strings from the Emperor.vmem file and obtained 7z file password.
Successfully extracted the file suspicious.docx to the Desktop using the obtained password.
Uploaded suspicious.docx to VirusTotal to determine if the contents were malicious.
Ran the strings command on suspicious.docx to avoid potential malware execution, uncovering embedded text file secrets.txt.
Researched the method to extract secret.txt from suspicious.docx and examined the content with modified unzip command.
Used the standard unzip command to extract secrets.txt from suspicious.docx.
Analyzed the properties of secrets.txt to obtain hashes and file details.

Technologies Used:
VirusTotal.com, Strings, Unzip.

Impact:
Successfully extracted data from 7z archive for future analysis.

Education

CYBERSECURITY CERTIFICATE

Aug. 2023 ‑ June. 2024

University of Central Florida

Remote

Network Fundamentals ‑ IP addressing, subnetting, routing, DNS, DHCP, Cisco IOS.
Network Security ‑ Access Control Lists, redundancy techniques, secure network design and systems.
Microsoft Security System Administration ‑ Windows Server 2016, Active Directory.
Integrating Infrastructure Security ‑ Linux, Amazon Web Services, Python.
Designing Cybersecurity Infrastructure ‑ Windows Server Update Services, Splunk, SIEM.

UX/UI DESIGN CERTIFICATE

University of Central Florida

Remote

User Research methodologies.
Usability Testing methodologies.
UX/UI prototyping methodologies.

CNC MANUFACTURING CERTIFICATES

Valencia College

Kissimmee, FL

Manual milling & lathing.
Computer Numerical Control (CNC) milling and lathing.
G‑Code programming.

B.A. IN CREATIVE WRITING

Florida State University

Tallahassee, FL

Graduated Summa Cum Laude