Hey, I’m Daniel

I’m a cybersecurity analyst based in Winston-Salem, NC. I graduated from UNC Pembroke in December 2025 with a BS in Computer Science (Cybersecurity concentration) and hold CompTIA Security+ and CySA+ certifications.

I’m not a purely academic candidate. Last summer I interned at North Carolina’s Electric Cooperatives — a NERC CIP-regulated utility — where I worked on real security operations: monitoring SIEM alerts via CrowdStrike Falcon and ArcticWolf MDR, deploying Tenable Nessus across the fleet, co-authoring security policies, and responding to an active Tycoon2FA phishing campaign that targeted employees. That response involved pulling affected users from SIEM, reverse-engineering the obfuscated HTML payload, tracking how the attack evolved across multiple waves, and recommending full containment — laptop disposal, account deletion, and rotating the company’s email format to block the attacker from re-targeting.

That’s the kind of work I want to keep doing.

What I work with

Security platforms: CrowdStrike Falcon, Tenable Nessus, ArcticWolf MDR, KnowBe4, Microsoft Defender, Checkpoint, Mosyle MDM

Threat analysis & IR: Wireshark, Splunk, VirusTotal, AbuseIPDB, Cisco Duo

Infrastructure & identity: Microsoft Entra, Azure, Google Workspace, Unifi, Meraki

Frameworks: NIST CSF, CIS Controls, MITRE ATT&CK, NERC CIP (regulated environment)

Languages: Python, Bash, Java

What I’ve built

CVE Severity Prediction — Pulled 1,996 CVEs from the NIST NVD API across Windows 7, XP, and 11 and built a severity prediction pipeline comparing Random Forest, XGBoost, and Linear Regression. Landed at R² = 0.83 on CVSS score prediction.

PawPal Ultra — A RAG pipeline built on the Gemini API with semantic indexing over internal markdown knowledge bases. Designed a multi-mode response router with three answer strategies so users have explicit control over whether the answer comes from internal docs, Gemini, or a synthesis of both.

Network Traffic Analysis — CICIDS2017 Capstone — Analyzed 500K+ network events from PCAP files with a team of five using Wireshark and Splunk. Identified a confirmed malicious IP conducting nmap reconnaissance over TCP port 444 and applied a structured IR playbook across DoS, brute force, and infiltration attack patterns.

Background

Alongside my internship, I spent two years as the sole system administrator at a regional nonprofit — handling everything from firewall rule management, VLAN segmentation, and an internal honeypot to full MDM deployment (Mosyle for Apple, Defender for Windows) and a domain migration with zero data loss. I also detected and terminated an unauthorized live stream during a ticketed event in real time, preventing over $15,000 in estimated revenue loss.

That role taught me what it means to own a security posture end-to-end with no team to fall back on.

Certifications

  • CompTIA Security+ (SY0-701)
  • CompTIA CySA+ (CS0-003)
  • Google Technical Support Fundamentals
  • Emerging Leaders Certificate — Truist
  • CodePath Cybersecurity Certificate
  • CodePath Technical Interview Prep Certificate

Let’s connect

I’m actively looking for SOC Analyst and Security Analyst roles — remote or in the NC/Southeast area.