Embedded Files
Case Studies in Cybersecurity, Architecture, and Transformation
“A living record of the places I’ve walked through fire—leaving clarity, trust, and structure in my wake.”
📁 Engagement #1 – More Than a Breach: Precision Infiltration at a National Data Center
Challenge:
This breach didn’t begin with a spoofed invoice. It began with admin access quietly taken. The attacker infiltrated the company’s Office 365 environment, escalated privileges, and then moved laterally and deliberately—assigning themselves access to specific mailboxes with titles like accounting@, billing@, and admin@.
That’s how they discovered a real debt: $250,000 owed to a partner firm.
Using that intel, they registered a domain nearly identical to the architecture firm—altering just one character—and sent a message demanding payment.
No one questioned it. The money was wired.
But the true breach was psychological: “They were inside. Watching. Planning.”
Action Taken:
• Mapped the attacker’s entire lateral movement through audit logs and delegated mailbox access
• Revoked unauthorized access, enforced MFA on all admin accounts, and disabled legacy auth protocols
• Reconfigured mail security stack (partnered with vendor) to implement:
- Geofencing
- Attachment/link sandboxing
- DMARC/DKIM hard enforcement
• Renamed high-value accounts (e.g., accounting@) to obscure role identifiers
• Implemented admin account separation:
- Every admin was issued two accounts: one standard user, one elevated-only
- Admin accounts were to be used strictly for admin tasks, and logged out afterward
• Created admin login alerting system: every privileged login triggered a log routed to a designated lead, presented in a clean, human-readable format
• Configured mailbox auditing and login anomaly detection across all high-value users
Impact:
• Removed attacker persistence and closed lateral access paths
• Re-established internal control and significantly reduced privilege abuse risk
• Shifted admin behavior from habitual privilege use to disciplined escalation
• Gave executives a clear path to reclaim trust—in their systems and in themselves
• The company avoided disclosure and emerged with a hardened IAM and email security architecture
Reflection:
The most dangerous breach isn’t always the one that hits the press—it’s the one that sits in silence.
They didn’t just lose money. They lost confidence.
My job was to give them a system—and a mindset—that made that confidence real again.
And this time, resilient.
🏗️ Engagement #2 – Post-Acquisition IT Merger
Challenge:
An energy construction firm bought multiple companies but had no unified IT identity. Teams were fractured, fearful of layoffs, and lacked security cohesion.
Action Taken:
• Migrated all entities into one M365 tenant with domain preservation
• Appointed internal leader from acquired company to build trust
• Hosted week-long IT summit to unify vision and culture
• Rebuilt DR/BCP plans and enforced Defender, MDM, and security layers
Impact:
• Built a collaborative IT team from rival companies
• Reduced support load by 25%
• Created scalable, secure infrastructure that reflected their new size
🌐 Engagement #3 – Network Design with VXLAN
Challenge:
Flat L2 networks, inconsistent routing, and no east-west visibility across multiple sites.
Action Taken:
• Implemented VXLAN + BGP EVPN over spine-leaf design
• Integrated hybrid AD and Office 365
• Standardized provisioning with golden image and MDM
• Established visibility through NetFlow + SIEM integration
Impact:
• Zero-trust-ready architecture
• Simplified operations and hardened internal lateral security
• Future-proofed for cloud and compliance
💻 Coding as Compass
While I haven’t monetized it fully yet, I build code that reflects my thinking. From automation scripts for recon to backend tools for internal use—I create with intention.
• Recon automation for bug bounty toolkit
• Terminal dashboard that breathes with heartbeat animations
• Defender incident parser that groups alerts by priority
Report abuse