8+ years leading technology operations, currently at Synchrony as a Systems Engineer while completing my M.S. in Cybersecurity at NYU. I build production AI tools, database systems, and security workflows — bridging hands-on technical depth with senior leadership communication.
Production systems across AI, security, intelligence analytics, and databases. Each one is real, documented, and linked.
Full-stack helpdesk with a 7-table normalized MySQL database, role-based agent management, SLA enforcement, audit-trail status history, and an Analytics dashboard. Includes stored procedures, triggers, views, and functions — all running live on production hosting.
A Retrieval-Augmented Generation chatbot for SOC analysts. Ask questions in plain English — it searches your knowledge base using FAISS vector search and responds with structured triage guidance. Knowledge packs cover Splunk SPL, SOC playbooks, AWS security, IAM, and MITRE ATT&CK.
Real-time IP intelligence and threat analysis tool built with React. Enter any IP address or domain to instantly surface geolocation, ISP, ASN, and timezone data alongside live threat scoring from AbuseIPDB — abuse confidence score, report history, and categorized attack vectors. Bulk mode processes up to 20 IPs simultaneously, plotting color-coded risk markers on an interactive Mapbox dark map. Results export to CSV for analyst workflows.
Linear regression model predicting building heating and cooling loads from structural features. Full pipeline: data cleaning, feature engineering, model training, residual analysis, and performance evaluation. Built and deployed on GitHub.
Provisioned a live Microsoft Sentinel workspace, authored custom KQL detection rules mapped to MITRE ATT&CK Initial Access tactics, and triaged real triggered incidents through a full end-to-end SOC workflow — detection engineering, scheduled analytics every 5 minutes, and structured incident response.
Interactive graph-based fraud investigation tool modeling entity relationships across persons, devices, emails, and accounts. Surfaces shared device clusters, transaction loops, and duplicate application patterns — producing prioritized investigative leads through graph traversal and anomaly scoring. Directly aligned with JSOC fraud detection methodology.
Apple Watch + iPhone app leveraging HealthKit and optional Dexcom CGM integration. Four-layer architecture with a Claude API-powered coaching feature for personalized health prevention guidance.
Live AWS threat detection environment using GuardDuty, CloudTrail, and SNS alerting. Simulates real attack scenarios — credential stuffing, S3 exposure, IAM abuse — and maps each finding to a MITRE ATT&CK technique with a documented triage runbook.
Deception-based detection system using planted IAM credentials, S3 objects, and EC2 keypairs as honeytokens. Any access attempt triggers CloudTrail → Lambda → immediate SNS alert with full context — IP, user-agent, region, and timestamp. Includes a response playbook for each tripwire type.
Infrastructure-as-code that provisions a secure AWS environment from scratch — VPC with private/public subnets, least-privilege IAM roles, locked-down S3 buckets, CloudTrail logging, and GuardDuty enabled by default. Fully version-controlled and redeployable in minutes.
Automated Python tool that queries AWS APIs and benchmarks your account against CIS AWS controls — S3 policies, IAM password policy, MFA enforcement, root account usage, open security groups, and CloudTrail status. Outputs a scored HTML report with pass/warn/fail per control and remediation steps.
SOC intelligence tool unifying physical identity (LenelS2 OnGuard PACS) with digital identity (SSO/Active Directory). Features real-time identity resolution, automatic SIEM alert enrichment with physical context, and cross-correlation anomaly detection — flagging impossible travel, off-hours access, and credential anomalies.
Live demonstrations of the AI tools I've built — from SOC analyst assistants to RAG pipelines and agentic workflows.
SOC RAG Assistant — powered by LangChain · FAISS · HuggingFace all-MiniLM-L6-v2 · GPT-4o-mini. Running live on Streamlit Cloud.
Ask anything about phishing triage, Splunk SPL hunting queries, MITRE ATT&CK mapping, AWS CloudTrail events, or IAM fundamentals — answers pulled from curated SOC knowledge packs, not general training data.
▶ Launch Live App →Opens in new tab · Selectable knowledge packs · Evidence sources · Conversation history
How the SOC RAG Assistant processes your question — from raw text to structured analyst guidance:
KNOWLEDGE PACKS LOADED
RAG pipeline architecture — from analyst query to structured SOC output:
The key innovation: instead of relying on the LLM's general knowledge, it only answers from your curated documents — making responses accurate, auditable, and domain-specific.
8+ years across IT operations, enterprise security, and AI enablement in regulated and high-volume environments.
Technical depth across security operations, AI engineering, development, and infrastructure.
Active certifications and completed training programs.
Strong academic record across three institutions.
Open to senior leadership conversations, full-time roles in Security or AI engineering, and collaboration on security tooling or GenAI projects.