Cybersecurity Engineer
Dedicated cybersecurity professional with hands-on expertise across penetration testing, vulnerability management, cloud security, and governance frameworks. Committed to the principle of ‘secure-by-default’ in every technical decision.
Core principles that guide my approach to cybersecurity.
Building systems with security as the foundation, not an afterthought. Every layer is hardened from day one.
Implementing multiple overlapping security controls so no single point of failure compromises the system.
Staying ahead of evolving threats through ongoing research, certifications, and hands-on lab work.
Capabilities organized by security domain — from offensive operations to governance and tooling.
Penetration Testing & Exploitation
Detection, Response & Hardening
Governance, Risk & Regulatory
Rapid7 Ecosystem & Infrastructure
Applied cybersecurity projects showcasing hands-on security engineering, analysis, and governance.
Designed a secure merged network for a financial-medical company acquisition. Conducted vulnerability assessments, replaced end-of-life infrastructure, migrated servers to Microsoft Azure, and implemented zero-trust architecture with defense-in-depth controls. Ensured compliance with PCI-DSS, HIPAA, and GLBA within a $50K budget.
Migrated a shipping company's on-premises infrastructure to Azure IaaS. Implemented department-specific RBAC, Key Vault access policies with soft delete and purge protection, encryption for data at rest and in transit, and automated backup configurations. Addressed insider threat risks and ensured compliance with FISMA, PCI-DSS, and NIST SP 800-53.
Assessed a healthcare IT company's security posture against NIST SP 800-53 controls. Identified critical gaps in access control, continuous monitoring, and risk management. Developed remediation plans for least-privilege enforcement, SIEM deployment, and structured risk response. Designed PCI-DSS compliance strategy for payment card processing with role-based responsibilities.
Designed and validated a centralized Identity and Access Management solution using Microsoft Entra ID for a university with 40,000+ students. Deployed 25 simulated identities, configured four Conditional Access policies enforcing MFA, and built a PowerShell bulk provisioning template for full-scale rollout. Achieved 100% policy enforcement with zero failures. Aligned with NIST CSF 2.0, ISO/IEC 27001:2022, and NIST SP 800-207 Zero Trust Architecture.
Documenting the journey — certifications, labs, and continuous skill development in cybersecurity.
Completed AD attack chains including Kerberoasting, AS-REP roasting, and Pass-the-Hash. Documented enumeration methodology using BloodHound and PowerView for lateral movement in lab environments.
Designed and validated a centralized IAM solution for 40,000 identities. Achieved 100% Conditional Access policy enforcement across all test scenarios. Published full documentation to GitHub.
Configured custom detection rules in InsightIDR for identifying suspicious PowerShell execution and lateral movement patterns. Reduced false positive rate by tuning alert thresholds.
Studied the updated NIST Cybersecurity Framework 2.0 including the new Govern function. Applied framework mapping to real-world scenarios in capstone preparation.
Certifications earned, in progress, and on the horizon.
Committed to contributing meaningfully to cybersecurity teams where technical expertise and a security-first mindset drive organizational resilience. Open to opportunities in penetration testing, vulnerability management, threat analysis, and security research.
Whether you have an opportunity, a question, or just want to talk security — I'd love to hear from you.
jm18306@gmail.com
Location
United States — Open to Remote
Availability
Open to full-time security roles