I work where security meets operations: access control, incident response, and automation that gives analysts more time to investigate. I hold a B.S. in Cyber Security Systems and an M.B.A. in Information Systems from St. John's University, which gave me both the technical foundation and a working view of how security decisions land on a business. Security+ is in progress.

The operational side of security is where I have spent the most time so far: access controls that scale, incident response that matches written policy, and automation for the repetitive work so attention goes where it matters. The lesson I keep relearning is that good security is less about any one tool and more about processes people can follow consistently.

As co-captain of the St. John's CyberTeam, I helped lead a first-place finish at the 2024 ISC2 tournament and competed at NECCDC 2026 in Lowell. Both taught me that technical skill is only the starting point. Documentation, communication, and explaining business impact to non-technical stakeholders counted just as much as the work itself.

Outside of work I keep a home lab for the technologies and processes I want to understand before I meet them in production: segmented networks, centralized logging, inline monitoring, and formal change management. Every configuration change starts with a written change request. That is more discipline than a home lab strictly needs, and that is the point: I want the habit before a job depends on it. It proved useful when an alert investigation traced back to a misconfigured backup agent, and the documentation came out ready to hand to a security team.

NECCDC was the most valuable education I have had in this field. Defending live Active Directory against a professional red team showed me that technical response is only part of the job. Keeping documentation current, communicating with leadership, and understanding business priorities shaped the outcome as much as any fix. It also taught me to keep validating assumptions, because adversaries do not stop when the workday ends. I wrote the whole thing up, lessons and mistakes included.

Right now I am preparing for the Security+ exam and expanding the lab into hybrid identity: Active Directory joined to Entra ID, with Okta brokering SAML and OIDC. The specialty can come later. Right now I am focused on fundamentals that hold up anywhere in the field.