About

Background

I'm a detection engineer and senior security analyst supporting federal SOC operations at Bonneville Power Administration through UltraViolet Cyber Federal. My day-to-day is building and maintaining a library of 200+ Splunk correlation searches mapped to MITRE ATT&CK, developing PowerShell automation that cuts phishing/malware triage time from 20 minutes to under 5, and performing deep log analysis across 100+ log source types to reconstruct attack timelines and drive incident response.

Before that, I was a security analyst and penetration tester at Anitian, an MSSP, where I ran network and web app pen tests, managed Splunk and ELK environments in client production, and built detection dashboards for a portfolio of FedRAMP and PCI-regulated clients.

I started in the Marine Corps as a Military Police Supervisor and 911 Dispatcher — where I learned how to manage high-stakes incidents, communicate clearly under pressure, and document everything.

Detection Work

Most of my detection content is built around a simple principle: start with adversary behavior (ATT&CK TTPs, threat intel reports), work backward to the log sources that would capture it, write the search, then tune aggressively. A detection that fires constantly and gets ignored is worse than no detection at all.

I write about this process on the blog — SPL walkthroughs, ATT&CK coverage analysis, threat hunting methodology, and the occasional post on breaking into detection engineering from a SOC analyst background.

Community

I mentor military veterans entering cybersecurity through VetSec, helping them navigate the field, build technical skills, and find their footing in the industry. If you're a vet transitioning into cyber and want to talk shop, find me on LinkedIn.