Building a safer internet, one project at a time.

A cybersecurity awareness brand I founded for everyday home users with no technical background — scam alerts, internet-safety basics, and step-by-step tutorials across web, YouTube, TikTok, Instagram, and Facebook. I built and run the whole stack: a production website on Cloudflare Pages with enforced SSL/TLS and layered HTTP hardening (CSP, HSTS, X-Frame-Options), SPF/DKIM/DMARC email authentication, a privacy-first cookieless analytics setup, and a human-led, AI-augmented content pipeline — now reaching 2,000+ cross-platform views.

A complete cybersecurity framework I built for a hypothetical 1,000-employee company under a high-visibility CISA contract, written from the seat of the company's security analyst. I used the NIST Cybersecurity Framework as the backbone — authoring 15 organizational policies and 10 supporting standards, then mapping 7 controls from NIST SP 800-53 Rev. 5 to each of the seven IT infrastructure domains, from user security-awareness training to encryption across the LAN, WAN, and remote-access domains.

A ground-up redesign of a hypothetical enterprise's network, focused on security, redundancy, and secure remote access. I removed the original single points of failure with redundant next-generation firewalls (Fortinet & Palo Alto), redundant departmental switches, and dual ISPs for failover. From there I segmented the network into VLANs, stood up a DMZ for the public-facing Linux/Apache web server, added host-based firewalls on Windows endpoints, centralized authentication, and deployed an SSL/TLS VPN so remote employees could reach internal resources over encrypted connections.

Across a virtualized enterprise network, I deployed IDS/NIDS with Snort and Zeek and wrote a custom Zeek script that detects and blocks brute-force SSH attempts, backed by centralized logging and automated email alerts. I configured and hardened firewalls across VyOS, IPtables, and pfSense (ingress/egress filtering, stateful inspection, DMZ isolation), and stood up an OpenVPN server with a full Certificate Authority (PKI) for authenticated, encrypted remote access. I finished all 8 labs at 100% — the enterprise lab was authored by the RIT Global Cybersecurity Institute.

I ran a complete attack lifecycle against an unknown lab network — host discovery and OS/service fingerprinting with Nmap, vulnerability analysis with OpenVAS/Greenbone, and exploitation of MS17-010 (EternalBlue) via Metasploit to land a Meterpreter session. From there I performed post-exploitation — system enumeration, credential and hash extraction, and file exfiltration — then cracked the recovered hashes with John the Ripper, pivoted to GUI access over RDP, and documented every step in a full written engagement report.

In a controlled academic lab, I developed a buffer-overflow exploit in Ruby — established EIP control in GDB, found the offset with a cyclic pattern, generated bad-character-free shellcode with msfvenom, landed execution through a NOP sled, and ported the whole thing into a custom Metasploit module. I also built supporting tooling: a Ruby HTTP server-fingerprinting tool (Apache/IIS/NGINX/LiteSpeed), a Python SSH brute-forcer with rate-limiting, and a Bash TCP port scanner with reachability checks.

I configured Burp Suite as an intercepting proxy — including HTTPS interception via a CA certificate — and demonstrated Proxy, Intruder, Repeater, Sequencer, and Decoder for analyzing and modifying live web requests, presented to the class.