I'm a cybersecurity analyst with 4+ years of hands-on experience across threat hunting, digital forensics, network defense, and cyber infrastructure management. Most of that came through the U.S. Marine Corps as a Cyber Warfare Operator before transitioning to the federal civilian side.
Today I'm a Shift Lead at the Defense Finance and Accounting Service — running detection workflows in Microsoft Sentinel, building automated toolsets, authoring SIEM rules, and performing digital forensics in support of investigations. I hold an active TS/SCI clearance with CI Polygraph.
Tooling is where I spend my best time. The right scripts amplify what an analyst can do, turning a manual checklist into a single keystroke so the analyst can focus on the investigation itself. The SOC Dashboard project on this site is built around that idea — a self-contained lab environment where you can drill on hunting queries against realistic data without spinning up a production Sentinel tenant.
Currently pursuing a B.S. in Applied Cybersecurity at SANS Technology Institute (expected 2027-01).
Lead detection and response on a federal civilian SOC. Identify suspicious traffic patterns through Microsoft Sentinel, drive incident investigations, and process 30,000+ alerts while establishing baseline behavior. Built automated toolsets, authored SIEM rules, and performed digital forensics in support of active investigations.
Conducted advanced threat hunting using Splunk and Security Onion with custom dashboards and queries to surface anomalous traffic. Led digital forensic investigations using Autopsy and FTK. Architected and maintained virtual infrastructure supporting 100+ users and enforced STIG compliance across legacy and modernized systems.
A self-contained lab environment built around realistic Sentinel-shaped sample data. Includes a KQL translator (Invoke-KqlPS), threat-intel enrichment wrappers (AbuseIPDB, urlscan.io, NIST NVD, Team Cymru, NSRL), MITRE ATT&CK lookups, and a daily CVE/KEV/EPSS brief generator.
An interactive home for the SOC Dashboard's portable pieces. Working KQL playground (sql.js + 16 sample tables), full MITRE ATT&CK explorer, CVE/KEV/EPSS browser, KQL Builder. All static, no API calls.
97th percentile in the Fall 2025 Individual Game across OSINT, cryptography, password cracking, log analysis, network traffic analysis, scanning, web exploitation, and forensics.
Awarded for analyzing 3.5M+ daily packets across critical networks and leading defensive cyberspace operations in Okinawa, JP.
Recognized for exemplary leadership of 75 Marines during the Joint Cyber Analysis Course.