Selected Projects & Coursework

Baseline for FortiGate, Windows Server, and Azure AD environments, including MFA enforcement, firewall templates, and rollback plans that MSP teams can actually follow.

• Created opinionated but practical hardening checklists for new client onboardings.
• Documented “before/after” policy states so changes are traceable, not mystery configs.
• Focused on fast wins: lock down external exposure without breaking business-critical flows.

Hands-on lab series walking through simulated phishing, malware, and data loss scenarios in Microsoft 365, focusing on detection, investigation, and documentation.

• Threat hunting exercises across Defender for Endpoint and Sentinel to trace lateral movement.
• Purview DLP rules tuned for realistic MSP tenants instead of “turn on everything and hope”.
• Runbook templates for triage, escalation, and customer updates.

Exploit breakdown and secure-coding checklist from a web exploitation challenge, focusing less on “tricks” and more on what defenders and engineers should fix.

• Step-by-step notes of enumeration, exploitation, and post-exploitation.
• Mapped findings to concrete mitigations (headers, input validation, logging).
• Presented in a format that both security and dev teams can use.

Template-driven SOPs, severity matrices, and communication checklists designed for MSP incidents so customers always know what’s happening and why.

• Standardized severity levels and response expectations for security vs. availability events.
• Timeline-oriented note-taking format that feeds directly into post-incident reports.
• Built to be reused across clients with room for tenant-specific quirks.