Cybersecurity graduate with a strong interest in offensive security & network security. A hard-working, personable, and technically-minded multitasker with exceptional customer service and communication skills.
Experienced in Python & Bash scripting and toolkits such as Kali Linux, Metasploit, and Burp Suite with a diverse resourcefulness of OSINT tools. Excellent task management skills and ability to handle multiple projects simultaneously. Proficient in translating information from technical to executive and management friendly terminology, both in English & Spanish.
β’ Built and automated cloud-based attack infrastructure in AWS, GCP, and
Azure using Terraform, deploying Cobalt Strike servers, redirectors, and
Windows/Linux machines with Apache Guacamole for seamless remote
access.
β’ Configured and secured Cobalt Strike C2 operations, deploying HTTPS
redirectors, TLS certificates, IP whitelisting, and domain fronting via Azure
CDN, Google Cloud CDN, and AWS Lambda to evade detection.
β’ Executed advanced post-exploitation and network pivoting, leveraging
SMB/TCP Beacons, SOCKS proxy tunneling, beacon chaining, process
injection, and SQL exploitation for stealthy lateral movement.
β’ Compromised Active Directory environments, executing Kerberoasting,
NTDS.dit extraction, ADCS misconfigurations, DCSync, and password
spraying to escalate privileges and gain domain control.
β’ Bypassed EDR and antivirus defenses, deploying in-memory payloads, AMSI
bypasses, BOFs, and custom Cobalt Strike profiles to maintain operational
stealth.
β’ Harvested credentials and exploited file upload vulnerabilities, leveraging
Cobalt Strike, Impacket tools, and misconfigurations to capture domain
credentials, escalate privileges, and establish persistence.
A 20-week immersive cybersecurity training academy and apprenticeship program focused on
Conducting a web application vulnerability assessment for a non-profit organization, following OWASP standards, and created a detailed security report with findings, mitigation recommendations, and improved assessment ROI.
Performing threat intelligence analysis, OSINT gathering, and social engineering exercises to identify security weaknesses and enhance penetration testing strategies.
Developing and executing phishing simulations using GoPhish and Python automation with HIBP to assess employee security awareness, audit AUP compliance, and test organizational responsiveness.
Implementing security best practices by aligning assessments, penetration testing methodologies, and SOC monitoring with frameworks such as NIST SP 800, ISO 27001:2, and CIS Top 18 while utilizing Nessus, Nmap, and SSL scanning for vulnerability detection.
Built an Active Directory lab in AWS with a domain controller and two clients, performing LLMNR poisoning, SMB relay, MITM6 attacks, and lateral movement.
Executed various exploitation techniques, including SQLi, XSS, MFA bypass, IDOR, XXE, WPA2 cracking, Credential Dumping, GPP abuse, Kerberoasting, Token Impersonation, Golden/Silver Ticket attacks, NTDS.dit extraction, Buffer Overflows, and ZeroLogon.
Utilized offensive security tools, including BloodHound, Maltego, Plumhound, PingCastle, Covenant, Empire, Impacket, PowerSploit, Responder, ldapdomaindump, CrackMapExec, and NetExec.
β’ Provided technical support to 1,000+ users and managed high-volume IT
inventory in a Fulfillment Center, optimizing procurement and storage while
troubleshooting and provisioning Windows/Linux desktops, HP thin clients,
Honeywell scanners, Kindle tablets, Motorola radios, Zebra handhelds, and
HP/Zebra printersβboosting team workflow by 33%.
β’ Optimized asset ordering, audits, and inventory management by 41% using
MS Office, ServiceNow, and T.Corp SIM, streamlining documentation and
reporting.
β’ Administered RMA processes and supported IT projects, increasing IT team
productivity by 30% while reporting directly to the IT manager.
β’ Utilized Cisco AnyConnect VPN, Slack Enterprise, PowerPoint, and Google
Docs for secure communication and collaboration.
β’ Provided IT support for 50+ users, handling 30 daily inbound calls for MFA
troubleshooting, password resets, and Active Directory access.
β’ Monitored logins and password status with LOCKOUT STATUS, used Smart
IT for documentation, and escalated Level 2/3 issuesβimproving efficiency by
35%.
β’ Worked with Cisco AnyConnect VPN, Jabber, MS Teams, OneNote, and
Outlook to support remote and on-site users.
Diagnosing, troubleshooting, and repairing hardware/software issues on
printers, laptops, desktops, and network connectivity (Xerox, HP, Zebra,
HCL), while advising clients on security best practices to enhance system
reliability and reduce cyber risks.
Jobicy
541 subscribers are already enjoying exclusive, experimental and pre-release features.
Free
USD $0/month
For people just getting started
Plus
USD $8/month
Everything in Free, and: