Senior Systems & Security Professional | CISSP · CCISO
15+ years in IT and cybersecurity. Bridging technical depth and security leadership — from enterprise infrastructure and identity management to detection engineering and threat intelligence. Based in Durham, NC.
// capabilities
// threat intelligence
915 connection attempts in 24 hours. Extensive hardware enumeration: CPU model, core count, GPU via lspci, uptime collection, login history. Checks cat/ls help output as honeypot detection technique. Intent: evaluate host resources for cryptominer deployment. ASN AS14061 DigitalOcean — 5th DO IP observed this week suggesting shared botnet infrastructure.
17 vendor detections spanning phishing, malware, and malicious categories. Historical artifacts include SharePoint credential harvesting lures and voicemail social engineering emails consistent with Business Email Compromise campaigns. Hosted on AS47890 Unmanaged Ltd — known bulletproof hosting. Abuse contact is Gmail address. Multiple shell companies registered at same London address indicating layered obfuscation infrastructure.
DMZHOST Netherlands infrastructure. 17 vendors malicious. 571 sessions/day against honeypots. Multi-purpose campaign: SSH brute force + phishing. Recommend blocking entire /24 subnet.
373 connection attempts, 370 successful logins. Single payload per session: uname -s -v -n -r -m. Pure inventory building — cataloging targets for later exploitation. Coordinated with 170.64.192.224.
Custom SSH-2.0-Go scanner targeting mysql system accounts. HASSH fingerprint 2ec37a7cc8daf20b10e1ad6221061ca5. Post-auth GPU/CPU recon consistent with cryptominer staging. Flagged by Cluster25, Criminal IP, GreyNoise.
OpenSSH Windows client targeting ubuntu/123456. Automated CPU/GPU/architecture enumeration consistent with cryptominer deployment staging. 0/93 VirusTotal but flagged Suspicious by GreyNoise.
// background
CISSP and CCISO-certified security professional with 15+ years of hands-on experience across enterprise infrastructure, identity management, and cybersecurity operations. I bridge the gap between technical depth and security leadership — designing defensible systems, investigating real threats, and translating risk into business outcomes.
Currently operating a home lab with a Cowrie SSH honeypot exposed to the internet, Wazuh SIEM with custom detection rules, automated threat intelligence feeds, and AWS canary credential traps — generating and analyzing real attacker data daily.
My background spans MSP engineering, systems administration, SOC operations, and security architecture — with client-facing experience managing complex infrastructure across multiple industries simultaneously.
// get in touch
Open to Senior Systems Administrator, Security Engineer, Security Architect, and cybersecurity consulting opportunities.
Based in Durham, NC. Available for remote and hybrid roles in the Raleigh-Durham area.
Portfolio and threat intel research: techysec.com