Embedded Files
Martin
Information Security Engineer specializing in defense-sector cyber operations, threat intelligence, and data protection across complex multi-cloud and on-premises environments. Experienced interfacing directly with government agencies and Defense Industrial Base partners, with a strong foundation in incident response, IRM/DLP architecture, compliance, and automation across the Microsoft security stack. Equally comfortable owning technical execution and communicating risk to stakeholders at every level — from end users to executive leadership.
Education
Michigan Technological University
M.S. Cybersecurity, Network Security Management
Overall GPA: 3.93
Michigan Technological University
B.S. Cybersecurity, System and Network Security
Overall GPA: 3.77 Departmental GPA: 3.90
Professional Experience
American Systems
Remote
Information Security Engineer
June 2025 – Present
Associate Information Security Engineer
July 2024 – June 2025
Serves as a primary Cyber Operations engineer securing 1,400+ endpoints and 2,200+ employees across Azure GCC, GCC-H, AWS, and on-premises enclaves; primary team contact for threat intelligence, partner information sharing, reporting requirements, DLP, and data protection
Leads TI operations across deep, dark, and open web sources with a focus on APT groups and nation-state actors — tracking adversary infrastructure, TTPs, and campaigns targeting the DIB; translates intelligence directly into threat hunting campaigns via Microsoft Sentinel and Defender XDR using custom KQL detection rules and SOAR playbooks aligned to MITRE ATT&CK
Serves as a primary incident responder, contributing to full-scope IR during breach-level events — including containment, investigation, and forensic analysis across hybrid Windows/Linux and multi-cloud environments through to resolution
Engineers and maintains Insider Risk Management (IRM), DLP, communication compliance, and data exfiltration controls within Microsoft Purview; architected an information classification scheme enabling default encryption across all organizational data, leading the rollout for 2,200+ employees through training and briefing sessions from end users up to director level
Develops and maintains automation across Cyber Operations workflows using Python, Bash, Azure Function Apps, and Logic Apps — reducing manual overhead and accelerating response across the incident lifecycle
Works cross functionally with IT and Compliance — and with stakeholders from executive leadership down to end users — to ensure adherence to NIST SP 800-171 (CUI), ITAR, CMMC 2, ISO 27001, NIST CSF/RMF, FedRAMP Moderate, and other applicable DoD frameworks; contributed to the organization achieving CMMC Level 2 certification; interfaces directly with government agency partners and DIB members through active ND-ISAC membership
Michigan Technological University
On-site
Research Assistant, Cybersecurity
Jan 2024 – May 2024
Utilized Node.js, Javascript, CSS, and HTML to develop and implement a secure training platform for cybersecurity students
Developed training modules by analyzing prior real-world cybercrime incidents
Utilized Docker, MySQL, and Google’s OAuth Identity Authentication API to create a secure user management solution for the platform
Universal Music Group
Remote
Intern, Identity Access Management
May – Aug 2023
Worked with Microsoft Azure SSO utilizing SAML and OAUTH
Worked with various departments/applications of Universal Music Group to implement and enforce SSO for security
Collected information and risk criteria from application teams to prioritize SSO implementations
Level Data
Remote
Intern, IT Technician
May – Aug 2020/21/22
Worked directly with customers on urgent, time-sensitive tickets and issues
Utilized Microsoft’s Active Directory, Bitbucket repositories, DBeaver SQL database administration tool, and the IntelliJ IDE
Worked with production code to make changes to connectors and plugins written in Groovy, SQL, YAML, & XML that managed Customers' Student Information Systems* and associated software
Worked on Customers’ servers with access to their SIS* containing production software and confidential student and customer information
Certifications
Additional Relevant Experience
Home Lab
Operates a dynamic, resilient home lab environment integrating virtualization, containerization, network security, and automation to support secure infrastructure management, cybersecurity operations, and service deployment. An 8-node Raspberry Pi cluster runs a high-availability Docker Swarm with GlusterFS for distributed storage and Keepalived for automatic failover, ensuring redundancy and load balancing across all production services. At its core, Proxmox manages multiple physical servers with ZFS-backed storage for data integrity and high-speed performance, supporting a range of virtualized systems from Linux and Windows VMs to lightweight LXC containers.
Network security is built in layers. A zone-based firewall with VLAN segmentation and a dedicated DMZ handles perimeter enforcement, while a layered IPS architecture combines Suricata at the gateway with CrowdSec fed by centralized syslog ingestion from all production nodes — with custom bouncers for UniFi, Cloudflare, and application-layer enforcement to catch threats that evade gateway-level detection. All external traffic is required to traverse Cloudflare through authenticated origin pulls and mTLS, where production-ready DNS-level WAF rules, geo-fencing, rate limiting, automatic bot blocking, and DDoS mitigation are applied and maintained. Internal services are routed through a Traefik reverse proxy integrated with Authelia, enforcing SSO with passkey authentication across all internal access points.
Security monitoring runs through Wazuh as the central SIEM, with logs collected via agents and ingested into a centralized syslog server for correlation, anomaly detection, and forensic analysis. Custom scripts in Python, Bash, and PowerShell automate log analysis, system health monitoring, and routine administrative tasks. A strict 3-2-1 backup strategy — two independent local backups on separate storage media plus one offsite remote backup — is enforced across all production systems. A UPS ensures power redundancy and continuous uptime monitoring, establishing a secure, fault-tolerant environment purpose-built for cybersecurity operations and infrastructure management.
Capture The Flag Cybersecurity Competitions
Regularly participates in Capture The Flag-styled competitions such as the National Cyber League and JerseyCTF as a part of Michigan Technological University's RedTeam and individually.
Utilizes offensive security tools such as Kali Linux and actively practices a wide variety of penetration testing and vulnerability analysis techniques.
Extracurriculars
Michigan Technological University
Security Team, Networking and Computing Student Association (NCSA)
Michigan Technological University
Member, RedTeam@MTU
Teaching / Lab Assistant Experience:
Michigan Technological University
Cybersecurity, Teaching / Lab Assistant
Information Governance and Risk Management, Teaching / Lab Assistant
CyberHusky, Teaching / Lab Assistant
Server Cluster for Michigan Technological University's College of Computing
As a Graduate Project, led the design, configuration, and implementation of a high-performance, highly available server cluster to support the Cybersecurity and CNSA programs
Utilizing the Proxmox Hypervisor and TrueNAS Scale, successfully clustered and configured 21x servers, using management tools like TrueCommand, NetBox, Ansible, and Cloud-Init to automate tasks and optimize cluster performance
Created comprehensive documentation for cluster maintenance, ensuring long-term reliability
Significantly improved the Cybersecurity and CNSA program's capabilities through the development of a robust and scalable server infrastructure, resource optimization, and high availability
Technical Skills
Security Operations & Threat Management:
SIEM (Wazuh, Microsoft Sentinel) • EDR/XDR (Microsoft Defender XDR) • SOAR & Playbook Automation • IDS/IPS (Suricata, CrowdSec) • Firewall Management • Threat Hunting (KQL, MITRE ATT&CK) • Threat Intelligence (APT & Nation-State Tracking, Deep/Dark/Open Web OSINT, IOC Analysis) • Vulnerability Analysis & Scanning • Penetration Testing & Exploitation • Incident Response & Digital Forensics • Insider Risk Management (IRM) • DLP & Data Exfiltration Controls • Communication Compliance
Network & Infrastructure Security:
Network Security & Configuration (TCP/IP, Routing) • DNS Management & Proxies • Single Sign-On (SSO) & Identity Management (OAuth 2.0, SAML 2.0) • Reverse Proxy Security (Traefik + Authelia SSO, NGINX Proxy Manager) • Passkey & MFA Enforcement • mTLS & Authenticated Origin Pulls • DDoS Mitigation & Web Application Firewall (WAF) • Cloudflare Security (DNS protection, bot blocking, geo-fencing, rate limiting, WAF rules) • VLAN Segmentation & Zone-Based Firewalling
Cloud, Compliance & Identity:
Microsoft Azure • AWS • Entra ID / Azure Active Directory • Azure Function Apps & Logic Apps • Microsoft Purview (DLP, IRM, Communication Compliance, Information Classification) • KQL • Cloud Security & Concepts (Azure, GCP) • Compliance & GRC (NIST SP 800-171/CUI, ITAR, CMMC 2, ISO 27001, NIST CSF/RMF, FedRAMP Moderate) • MITRE ATT&CK & OWASP • ND-ISAC / Defense Industrial Base (DIB) Community • Windows & Linux Security • Active Directory Security
Virtualization & Containerization:
Proxmox Virtualization & Clustering • Docker Swarm • LXC Containers • GlusterFS Distributed Storage • Keepalived & High Availability Failover • ZFS Storage • Hypervisors & Server Security
Automation & Scripting:
Python • Bash • PowerShell • KQL • Azure Function Apps • Logic Apps • GitHub Enterprise • Azure DevOps
Offensive Security & Analysis:
Nmap • Burp Suite (PortSwigger) • Wireshark & PCAP Analysis • Kali Linux • Active Directory Exploitation & Enumeration • Capture The Flag (CTF) Competitions & Red Teaming • Open Source Intelligence (OSINT) • Steganography & Cryptography
Monitoring, Logging & Documentation:
Log & Data Analysis • SIEM (Wazuh, Microsoft Sentinel) • Syslog Server Integration & CrowdSec Correlation • Centralized Log Ingestion & Forensic Analysis • Uptime & Downtime Monitoring • 3-2-1 Backup Strategy • Technical Documentation
References
Norman Banks Jr.
American Systems
2025
"Andrew was an incredible person to work with. I would define Andrew as someone who is hard-working, takes initiative, and can solve problems. There have been numerous times when Andrew went out of his way to see a problem and then fix it accordingly without anyone directing him to do so. His technical skills, alongside of these intangibles make him incredibly easy to work with. When working alongside Andrew, he always has fresh ideas on how to tackle different issues. One of the qualities that made Andrew special, was that he not only came up with ideas, but every idea could be broken down into logical and actionable steps. Additionally, he has shown a proven capability in incident response and a mastery in scripting (Automation included). I have meet very few people with the technical skills and intangibles that Andrew possesses.
Lastly, I would like to say that Andrew's character is second to none. His attitude is always positive and did an excellent job working with others. He is a team player and puts others first. Skills aside, his priority is always on improving the team he is a part of and this made him an invaluable member of the Security Operations Center Team. It was an absolute privilege to work alongside him."
Jay Moreno
American Systems
2025
"I hired Andrew right out of College with a need for someone to come and hit the ground running. Andrew exceeded all expectations and quickly learned many different tools we used in the CyberOps. As the CyberOps Manager, I was able to give him task and know they would get done on time and get done efficiently. I started given him IT projects to manage and he excelled by staying on top of the projects and keeping management updated on status. Andrew contributions significantly improved the Cyber Security of the company. I would gladly work with Andrew again and highly recommend him for any Cyber Security position."
Alex Taube
Universal Music Group, Senior Manager - Identity & Access Management
2023
"Andrew worked for me during his summer internship in 2023. He was a consummate professional, always looking for more ways to contribute to the team. He delivered requests quickly and took on tasks that were sometimes challenging and/or tedious without hesitation or complaint. I truly enjoyed working with Andrew over the last several months and would recommend him for virtually any entry-level position in Cybersecurity."
Matt Betts
Level Data Inc., President
2022
"Andrew worked for us at Level Data. He is very bright, talented, curious, and eager to learn. He was always willing to take on new projects. He is a perfectionist who loves new challenges. Andrew’s fantastic communication and interpersonal skills make him exceptional and allow him to stand out from his peers. Andrew has an incredibly bright future and will be a great asset to any organization lucky enough to have him as an employee."
Google Sites
Report abuse