Cloud security engineer in training, SOC analyst co-op, and Computing Science student at Simon Fraser University.
I build cloud security labs that connect identity, detection engineering, and incident response. My work is mostly around Microsoft Sentinel, Microsoft Entra ID, AWS IAM, CloudTrail, GuardDuty, Terraform, and KQL.
Current focus:
- Investigating identity and endpoint alerts in Microsoft Sentinel.
- Building hybrid Active Directory and Entra ID security labs.
- Testing AWS IAM privilege escalation paths and writing guardrails.
- Turning cloud audit logs into detections, workbooks, and response workflows.
| Area | Tools and topics |
|---|---|
| Cloud security | AWS IAM, Organizations, S3, EC2, Lambda, GuardDuty, CloudTrail, CloudWatch, Config, IAM Access Analyzer |
| Microsoft security | Microsoft Sentinel, Defender, Entra ID, RBAC, Conditional Access, PIM, AD DS, GPO, Kerberos |
| Detection and response | KQL, log correlation, alert triage, CloudTrail analysis, identity investigation |
| Infrastructure and automation | Terraform, PowerShell, Bash, Python, GitHub Actions |
| Systems and network | Windows, Linux, switch configuration, firewall rules, backup and recovery |
| Programming | Python, Java, SQL, KQL, Bash, PowerShell, Terraform |
Hybrid identity security lab connecting Active Directory Domain Services with Microsoft Entra ID.
- Validated OU-based user and group sync, password hash sync, domain-joined Windows management, GPO baselines, and least-privilege admin groups.
- Integrated Entra audit logs, sign-in logs, AD administrative events, Azure Activity Logs, and Defender for Cloud findings into Microsoft Sentinel.
- Wrote KQL detections and Logic App workflows for privilege changes, failed sign-in spikes, policy drift, and suspicious identity activity.
AWS IAM lab for testing privilege escalation paths and least-privilege controls.
- Tested escalation paths across
sts:AssumeRole,iam:CreateAccessKey,iam:AddUserToGroup, andiam:PassRole. - Built AWS Organizations SCP guardrails in a Sandbox OU to restrict sensitive IAM changes and admin role passing.
- Collected audit evidence with CloudTrail, AWS Config, GuardDuty, and IAM Access Analyzer.
AWS CloudTrail detection lab using the flaws.cloud dataset and Microsoft Sentinel.
- Built a CloudTrail ingestion path with Log Analytics, S3, SQS, and IAM OIDC.
- Analyzed 2.34M CloudTrail events across 9,310 source IPs and 172 AWS event sources.
- Detected failed authentication, role assumption, access key creation, S3 activity, IAM privilege escalation, and network security changes.
Developer tool for turning source repositories into readable architecture and implementation notes.
- Built with Python and repository parsing workflows.
- Designed for faster codebase orientation during project handoffs, reviews, and security analysis.
| Period | Role |
|---|---|
| May 2026 - Dec 2026 | Cybersecurity SOC Analyst Co-op, WorkSafeBC |
| Sept 2024 - Present | Director of Events and CTF Member, SFU Cybersecurity Club |
| June 2022 - Feb 2024 | IT Operations Technician, Republic of Korea Navy |
| Certification | Date |
|---|---|
| AWS Certified Solutions Architect - Associate | Sept 2025 |
| AWS Knowledge: Security Champion - Training Badge | Jan 2026 |
| AWS Cloud Quest: Security - Training Badge | Jan 2026 |
| Cisco Certified Network Professional Security (CCNP Security) | July 2023 |
| Cisco Certified Network Associate (CCNA) | June 2022 |
| Stats | Languages |
|---|---|
| Streak | Git Animals |
|---|---|