████████████ "NDTSec" █████████

Cyber Security Specialist | Offensive & Defensive Security | Vulnerability & Risk Management

ndtsec@tuta.com

███████, ██

linkedin.com/in/████████████████████

U.S. Citizen | Public Trust / BI

// SUMMARY

Cybersecurity specialist with 7+ years of federal experience across vulnerability management, incident response, secure systems engineering, and offensive security research. Currently serving as the acting technical security lead for ██████████████████████████████████████████████████, overseeing IT security for ██ units across ███████████████████████████████████—managing 4,500+ workstations, 650 servers, 30 Palo Alto firewalls, and 270+ network devices. Co-authored a national Secure Development Policy adopted across the U.S. Judiciary.

One of approximately 40 individuals to complete all 7 tasks of the 2025 NSA Codebreaker Challenge, finishing in 25 days across forensics, malware RE, cryptanalysis, and exploit development. Founder and manager of the CBC Skibidis CTF team—currently ranked 28th in the U.S. on CTFTime—composed of top NSA Codebreaker solvers.

// TECHNICAL SKILLS

Offensive

Penetration Testing, Exploit Development, Red Teaming, Reverse Engineering, Malware Analysis & Unpacking, Mobile (Android) Exploitation, Web App Exploitation, Cryptanalysis, C2 Development, Binary Instrumentation, API RE

Defensive

Vulnerability Management, SIEM Engineering (Splunk), Detection Engineering, Incident Response, Threat Hunting, Digital Forensics (Disk/Memory/Network), Insider Threat Detection, Phishing Campaigns, Tabletop Exercises

Leadership

Technical Training & Presentations, Policy Authoring, Security Program Management, Cross-Unit Coordination, Mentoring

Compliance

CIS Controls & Benchmarks (CSAT, IG1–IG3), NIST 800-53, MITRE ATT&CK, Secure SDLC

Tools

CrowdStrike, Tenable Nessus, Palo Alto, Fortify SCA, Sysmon, Trend Micro, Forcepoint, Forescout, KnowBe4, EnCase, GrayKey, Cellebrite, Ghidra, IDA Pro, Metasploit, Burp Suite

Infrastructure

Proxmox, VMware, AWS, LAN Segmentation, GPO Hardening, AppLocker, BitLocker, Golden Imaging, Cisco Switching/Routing, Crestron/BiAMP AV

Programming

Python, Rust, C++, C#, Go, Bash, Java, SQL, Django, PostgreSQL, Redis, WebSockets, Git

Languages

English (native), Korean (basic), German (basic)

// CERTIFICATIONS & TRAINING

CASP+ Equivalent Training — U.S. Courts / AO (2023) Security+ Equivalent Training — U.S. Courts / AO (2019) CCNA Training — Questar III BOCES (2011–2013)

// EXPERIENCE

Cyber Security Specialist (Acting Technical Security Lead)

May 2024 — Present

██████████████████████████████████████████████████ — Remote / Travel

  • Oversee IT security for ██ units across three states, managing 4,500+ Windows workstations, 350 Windows servers, 300 Linux servers, 30 Palo Alto firewalls, and 270 Cisco switches/routers. Lead weekly ISO meetings for project management, security enhancements, and threat intelligence dissemination.
  • Secure systems hosting high-profile ███████ data with national public interest implications, ensuring data integrity, access controls, and chain-of-custody protections.
  • Co-authored a national Secure Development Policy adopted by the U.S. Judiciary, establishing requirements for secure SDLC, code review, static analysis, and dependency control.
  • Built Splunk dashboards and automated workflows for insider threat detection (unauthorized data access, USB exfiltration alerting), employee misconduct investigations, vulnerability management, and real-time CVE exploitation detection.
  • Led enterprise-wide deployment of AppLocker, BitLocker, and CIS Benchmark hardening across Windows workstations, Windows servers, Linux servers, and macOS endpoints. Led security tooling migration and standardization across all units.
  • Perform circuit-wide technical audits mapped to CIS Controls, implementing GPO hardening, asset visibility improvements, and role-based access enforcement across ████████████████████████████████████████████████████ units.
  • Developed reusable GPO hardening templates and Sysmon configurations aligned to MITRE ATT&CK, feeding Splunk correlation searches for detection engineering.
  • Design and facilitate custom tabletop exercises: ransomware (Backdoors & Breaches) and telecom switch/router compromise scenarios tailored to ████████████ operations.
  • Provided security guidance and coordinated remediation across units in response to ██████ vulnerabilities with nation-state attribution, delivering updates and mitigation steps to local IT security staff.

IT Security Administrator

July 2018 — May 2024

████████████████████████████████████████████████████████████████, ██

  • Managed security operations for 1,000+ endpoints and 250+ users across ████████████████████████████████████. Deployed and administered Splunk, Tenable, Palo Alto, Trend Micro, Sysmon, AirWatch, and KACE.
  • Administered and secured core ████████████ applications including ██████ and ████████████████, including access control, patching, and vulnerability remediation.
  • Authored the full suite of IT security policies from scratch: patch management, asset management, backup and recovery, COOP plans, log management, and other operational security policies.
  • Increased CIS benchmark compliance from 30% to 85% via systematic GPO hardening, secure baselining, and vulnerability dashboarding.
  • Built secure forensic enclaves (EnCase, GrayKey, Cellebrite) supporting law enforcement on sensitive cases. Conducted phishing campaigns, malware triage, and forensic analysis.
  • Developed Sonorous, a VOIP-based call-in system and analytics dashboard for █████████████████████████, automating offender urinalysis check-ins and compliance tracking.
  • Created hardened golden images, automated deployment workflows, and internal dashboards for vulnerability/login/asset tracking. Authored escalation SOPs, PAM procedures, and TLS hardening policies.
  • Led COVID-19 response: mass laptop deployments, remote access provisioning, iPad/VTC integration in correctional facilities, and hybrid courtroom AV (Crestron/BiAMP, Cisco VOIP).
  • Collaborated with FBI, NSA, DHS, and AO to deliver training, develop policy, and execute tabletop exercises.

Lead Developer / Systems Administrator

June 2015 — March 2018

VFT Solutions Inc. — Ellenville, NY

  • Built an intelligence-driven anti-piracy platform for clients including Disney, NFL, UFC, and law enforcement. Reverse engineered mobile APIs (Periscope, YouTube, Instagram) to extract undocumented endpoints and bypass rate limits.
  • Designed a Python/Django platform with PostgreSQL + Redis backend tracking 300M+ piracy records. Orchestrated AWS infrastructure with auto-scaling EC2 for live event monitoring.
  • Engineered real-time disruption tools targeting pirate livestream channels and built DMCA takedown automation pipelines connecting threat intelligence feeds with enforcement workflows.

Computer Repair Technician

April 2011 — September 2014

Insight Computers — Chatham, NY

  • Performed advanced malware removal (rootkits, RATs, ransomware), data recovery from failing drives, and built/maintained small-scale networks for law firms and businesses.

// PROJECTS & COMPETITIONS

  • 2025 NSA Codebreaker Challenge — Full completion (~40 solvers). Completed all 7 tasks in 25 days spanning disk/memory/network forensics, malware unpacking, cryptanalysis, Mattermost authorization bypass, and Android APK exploitation with remote exploit delivery.
  • CBC Skibidis CTF Team (Founder/Manager) — Founded a competitive CTF team by recruiting the 15 fastest 2025 NSA Codebreaker solvers; team has since grown and is ranked 28th in the U.S. on CTFTime within 4 months of founding (Oct 2025). Active competitor across national and international CTF events.
  • Practical IT Security Training (Co-Author) — Co-authored a national training course for onboarding new IT staff on security expectations. Now delivered by a dedicated trainer at the AO in San Antonio, TX.
  • National IT Conference — Splunk Presentation — Delivered Splunk training to ~200 federal judiciary IT professionals at a national conference.
  • Red Team Homelab — Proxmox-based red team environment with custom cross-platform C2 framework (Rust), Acunetix, IDA Pro, Ghidra, Metasploit, and full media/automation stack for exploit development, binary instrumentation, and malware analysis.

// EDUCATION & VOLUNTEERING

Hudson Valley Community College — 2014–2015

CCNA Program — Questar III BOCES, 2011–2013

Kitchen Staff — Capital City Rescue Mission

DOCUMENT ID: NDT-████-██-PERSONNEL

DECLASSIFICATION DATE: ██/██/████