Cybersecurity Analyst / GRC · SOC · Infrastructure
Security professional with 3+ years across security operations, GRC consulting, and infrastructure engineering. I bridge the gap between hands-on threat detection and governance frameworks — from triaging 500+ daily SOC alerts to leading multi-framework compliance audits for enterprise clients.
Security engineer who builds before auditing, and audits before recommending.
I started in IT infrastructure — administering VMware ESXi environments at BYU, managing 200+ virtual machines, and learning how enterprise systems actually break under pressure. That hands-on foundation shaped how I approach security: not as a policy exercise, but as an engineering problem with real operational consequences.
At Arctic Wolf, I operated inside a 24/7 SOC — triaging hundreds of alerts daily, running incident response across diverse customer environments, and building the runbooks that made the team faster. That experience taught me what threat detection looks like at scale, and why playbook quality matters as much as tooling.
Today at AARC-360, I lead multi-framework security audits spanning SOC 2, PCI DSS, HITRUST, ISO 27001, and ISO 42001. I work directly with client leadership to translate technical control gaps into clear remediation strategies — and I helped build a one-test, multi-audit methodology that cuts duplicate testing across overlapping compliance programs.
Outside of work, my home lab runs Proxmox VE, a segmented UniFi network, Docker-hosted services, and a self-hosted Wazuh SIEM. I learn by building — and I believe the best security professionals maintain that builder instinct throughout their careers.
A full-stack security skillset spanning detection, governance, infrastructure, and automation.
Security roles spanning enterprise SOC, GRC consulting, and IT infrastructure.
An active certification path targeting the highest levels of security expertise.
Real systems built to learn, test, and demonstrate production-level security and infrastructure engineering.
Designed and deployed a full Security Information and Event Management system from scratch in a home lab environment. The system centralizes log collection across the network, detects suspicious behavior in real time, and surfaces security events through a custom Kibana visualization layer.
Designed and deployed a self-hosted workflow automation platform using Docker to containerize n8n on a Linux server. The system automates system administration tasks, API-driven notifications, and scheduled operations — eliminating repetitive manual work across the home lab.
Built a cloud networking and identity management lab in Microsoft Azure to replicate enterprise cloud architecture patterns. The environment includes segmented virtual networks, security-hardened VMs, Network Security Groups, and an identity management simulation using Azure IAM.
A fully operational engineering lab used to build, break, and validate real security and infrastructure concepts.
Engineering contributions and professional milestones across SOC, GRC, and infrastructure roles.
Contributed to a unified one-test, multi-audit methodology at AARC-360 that eliminated duplicate control testing across overlapping compliance frameworks, reducing audit effort and improving delivery timelines.
Developed and refined incident response runbooks at Arctic Wolf that standardized triage workflows, improved escalation accuracy, and strengthened institutional knowledge management across the analyst team.
Operated at full production capacity in a 24/7 SOC — triaging 500+ daily security alerts using structured playbook analysis, maintaining consistent threat detection quality across diverse customer environments.
Resolved 100+ technical issues with security sensors and vulnerability scanners at Arctic Wolf, ensuring continuous monitoring coverage and eliminating blind spots in customer security environments.
Passed the ISACA CISA examination in 2025, validating expertise in IS auditing, governance, risk management, and information systems control — a globally recognized credential in security assurance.
Built and maintains a production-grade home lab environment running Proxmox VE, a segmented UniFi network across 5 VLANs, Docker containerized services, Wazuh SIEM, and an Azure cloud extension — all self-designed and self-operated.
Executing security audits across SOC 1, SOC 2, PCI DSS, HITRUST, ISO 27001, and ISO 42001 simultaneously — one of the broadest active compliance framework portfolios a consultant of this tenure can demonstrate.
Administered production VMware ESXi and vCenter environments at BYU supporting over 200 virtual machines — building the infrastructure depth that informs practical security assessments today.
Formal academic foundation in cybersecurity principles, information assurance, cryptography, network security, and digital forensics. Concurrent hands-on engineering experience as a Student Systems Engineer in BYU's IT infrastructure team.
Open to security roles, consulting engagements, and technical conversations.
I'm currently open to full-time security roles and consulting opportunities in security operations, GRC, cloud security, and infrastructure engineering. If you're building or growing a security team, let's talk.
Based in Anna, TX — available remotely and open to hybrid or on-site roles in the DFW area. Currently focused on opportunities in security operations, GRC consulting, cloud security, and infrastructure engineering.