Cybersecurity Analyst based in Olathe, KS. I specialize in identity security, SOC automation, and cloud security operations — mostly in Microsoft/Azure environments. I script to solve real problems I run into at work, so everything here has been used in production.
| Area | Tools & Tech |
|---|---|
| Identity & Threat Detection | Azure AD, Microsoft Graph, Identity Protection API |
| SOC Automation | PowerShell, Python, Ansible |
| Patch & Vulnerability Management | MSRC API, Intune, ConnectWise Control |
| Cloud Infrastructure | Azure, Cloudflare, Terraform (aztfexport) |
| Incident Response | Active Directory, Microsoft 365, AbuseIPDB |
Map CVEs → KBs → devices. Bridges the MSRC Security Updates API, Microsoft Graph/Intune, and ConnectWise Control to answer the question every security team dreads: "Are we patched?" — with actual proof from live machines.
Three-script Python toolkit for detecting the axios user agent in Azure AD risky user sign-ins — a near-certain indicator of compromise. Includes interactive console mode, automated email reporting, and an Outlook inbox watcher that triggers automated response when Azure sends risk alerts.
PowerShell automation for SOC response playbooks. Currently includes phishing response: notify user, CC manager, disable AD account, rotate credentials, and revoke Azure sessions — all in one run.
🖥️ ansible
Ansible playbooks for automating Linux machine administration at scale.
☁️ azure-export
Exports Azure resource groups via aztfexport and dumps all conditional access policies into human-readable format in a single script.
Bulk-migrates domains from DNSimple to Cloudflare. Adaptable to any similar DNS migration.