// PROFILE
Operations Security Engineer with deep expertise in DLP, AI-driven security automation, endpoint security, and incident response across large-scale enterprise environments. Experienced operating across on-prem and cloud/SaaS platforms, with a track record of designing and implementing security programs that reduce risk, improve response times, and scale across the organization.
Current work spans DLP investigation and escalation frameworks, security policy creation and enforcement, AI-powered automation pipelines, and fleet-wide security initiatives including device lifecycle management and enterprise data governance programs. Brings a full-stack perspective from detection engineering and behavioral analysis to cross-functional collaboration with HR, Legal, and executive leadership.
Prior experience in critical infrastructure security includes on-prem deployment and administration of Splunk, CyberArk, Carbon Black, and Aruba ClearPass across Linux RHEL and Windows Server environments, with compliance alignment to NERC CIP, NIST, and additional regulatory frameworks.
Combines technical depth with strong analytical thinking and clear communication to solve complex security challenges. Stays ahead by actively applying emerging AI technologies to security operations — not as an experiment, but as a standard part of how the work gets done.
// INCIDENT RECORD
Operations Security Engineer
Beyond Finance
·
Chicago, IL (Hybrid)
·
July 2025 – Present
- FINDING: Leads daily DLP incident response as primary analyst and incident commander — coordinates 20+ analyst triage reviews across CyberHaven, Teramind, Datadog, Google Admin, Absolute, CrowdStrike, CyberArk, and Abnormal
- FINDING: Cut report drafting from 60–90 min to <10 min by automating end-to-end DLP report generation via Claude and Gemini — 200+ reports at 0% failure rate, recovering an estimated 150–200+ analyst hours/month
- FINDING: Engineered DLP-specific AI agentic agents and /skill prompts for real-time CyberHaven user activity reviews, automated Datadog log analysis, automated Teramind footage user review timelines, and several browser-based investigation skills that self-improve upon each output
- FINDING: Created an Analyst Action Hub via Claude Cowork — a daily dashboard analysts work from inside Cowork to check off daily review tasks, pull ticket requests, and log completions; serves as a live monitor for the entire DLP program
-
CRITICAL: Eliminated unauthorized post-termination device access across 1,000+ terminations and counting by architecting the Dead Man Switch (DMS) — a multi-layer lockdown system built following a P0-Critical incident
Layer 1 — Absolute OS Freeze: auto-bricks offline devices after 30 days via embedded offline timer. Automated 7-day and 24-hour device warning emails so users are never caught off guard.
Layer 2 — Cached credential clearing via NinjaOne + JumpCloud MDM heartbeat scripts (3–5 day inactivity). Seamless login resumes after heartbeat syncs with JumpCloud.
Layer 3 — 20+ additional blocking controls and monitors via CyberHaven, Teramind, and Datadog to detect any post-termination activity across high-turnover users.
- FINDING: Owns High Risk User Monitoring (HRUM) — PIPs, suspected IP theft, disgruntled employees, anomalous behavior; drafted and implemented entry/exit reviews spanning weeks to months to monitor risky users
- FINDING: Surfaced 80,000+ GB of stale data risk across 4,500+ devices via custom Mac/Windows discovery scripts; drove automated deletion pipeline with tiered rules per department — measurably reducing attack surface from large local file depositories
- FINDING: Authored official incident playbooks, escalation procedures, incident report structure, and overall incident response plan covering a full range of security incident types
- FINDING: Data custodian for legal/HR — e-discovery via Google Vault, Looker, Teramind, CyberHaven, and Logikull; compliance with NIST CSF, ISO 27001, GDPR, PCI-DSS, HIPAA, SOX, SOC 2
Cybersecurity Analyst
Exelon Corporation
·
Chicago, IL
·
2023 – 2025
- FINDING: Investigated security incidents using Splunk, CyberArk, and Carbon Black for threat detection, log analysis, and incident response
- FINDING: Assisted in deploying security tooling to 1,000+ endpoints across Linux RHEL 7/8, Windows Server 2016–22, and EMS environments
- FINDING: Developed Splunk SPL queries and dashboards for real-time endpoint activity monitoring; optimized Carbon Black detection policies
- FINDING: Managed privileged access via CyberArk; identity-based NAC via Aruba ClearPass; NERC CIP compliance
- FINDING: Authored SOPs, incident handling workflows, and troubleshooting guides for cross-team knowledge sharing
// TOOL CONSTELLATION
Tap or hover any node to see context.
// CREDENTIALS
B.S.
Cybersecurity
Bellevue University
GPA: 4.0 · 2023
Intrusion Detection & Response · Threat Intelligence · Incident Response · Investigations & Forensics · Cryptography · Web Application Security · Access Control · Threat/Vulnerability Assessments & Audits · PCI-DSS · HIPAA · SOX · NIST 800-171 · ISO 27001/2 · NERC CIP
A.S.
Cybersecurity
Joliet Junior College
2021
General IT & Troubleshooting · Networking · OSINT · Cryptography · Password Cracking · Log Analysis · Network Traffic Analysis · Scanning & Reconnaissance · Forensics · Web Application Exploitation · Enumeration · CCNA · NIST · SOC 2 · GDPR · FISMA · OWASP
CERT
Certificate of Achievement
Joliet Junior College
Issued May 2021 · Valid through 2033
Cybersecurity
COMPLIANCE COVERAGE
NIST CSFISO 27001NERC CIPGDPR
PCI-DSSHIPAASOXSOC 2
FISMAOWASP
