This page connects what I claim to actual work in the portfolio.
It is not meant to list every tool I have ever touched. It is meant to answer a simpler question:
Capability
Evidence
Best Fit
ServiceNow SecOps / Vulnerability Response
My most career-aligned work. The
ServiceNow SecOps Lab Hub focuses on vulnerable item triage, ownership, remediation tracking, validation, exceptions, and closure. The
VR Triage Checklist shows how I think through the workflow.
Primary Focus
Incident Response and Investigation
CYBER 440 is the strongest investigation page: phishing, malware activity, forensic images, memory artifacts, logs, impact, and remediation.
CYBER 342W adds the planning side: NIST 800-61, CSIRT, communication, DR/BC, and lessons learned.
IR
Digital Forensics
IST 454 covers forensic imaging, mounting, hash verification, registry analysis, data carving, deleted file recovery, and AI/IoT forensics research.
CYBER 440 shows how forensic evidence fits into a broader incident story.
Forensics
Malware Analysis and Reverse Engineering
CYBER 366 covers static analysis, dynamic analysis, UPX unpacking, FLOSS, PEiD, ProcMon, RegShot, IDA Pro, Ghidra, Binary Ninja, anti-debugging, and keylogging indicators.
IST 451 Malware-Based Attack Investigation adds a defensive investigation angle.
Malware
Security Operations and SIEM Thinking
IST 456 shows Enigma Glass SIEM-style investigation around ransomware, compromised credentials, and data exfiltration.
SRA 221,
CYBER 262, and
CYBER 362 add Splunk, Wireshark, IDS/SIEM, packet analysis, and anomaly detection foundations.
SOC-Relevant
GRC, Risk, Privacy, and Decision-Making
IST 456 covers risk management and policy.
IST 432 adds cyber law and privacy.
SRA 311 adds source credibility, analytic confidence, risk treatment, and threat modeling.
SRA 231 is the decision-theory foundation underneath that work.
GRC
Cloud Security and Emerging Technology
IST 402 covers Hyper-V, OpenStack, Docker, Docker Compose, secure cloud architecture, mTLS, zero trust concepts, shared responsibility, Wazuh/OpenSCAP exposure, and SECaaS strategy.
Cloud
OT/ICS Security
Specialty Interest
Application Development
#The software path is strongest when read as progression: IST 240 → IST 242 → IST 261 → IST 311.
This covers Java, OOP, inheritance, interfaces, GUI work, MVC, persistence, task queues, testing, data structures, Big-O, and Git workflow.
Software Foundation
HCI and Workflow Design
#IST 331 is the academic evidence behind my usability focus. It covers user research, prototypes, Figma collaboration, usability testing, and iterative redesign.
This also connects directly to how I have been shaping this portfolio.
HCI
Networking and Technical Documentation
#IST 495 is professional experience with Penn State College of IST. It involved networking lab modernization, technical research, lab validation, documentation, rubrics, teamwork, and supervisor updates.
Internship
Web and Portfolio Engineering
#IST 250 shows early web design work. The sudoRunner Portfolio Website shows the live version of that skill: Hugo, Cloudflare Pages, DNS, custom CSS, mobile fixes, favicon branding, and guided review paths.
Web
AI-Assisted SecOps Ideas
#The AI-Powered Vulnerability Ownership Recommender is not a production system. It is a concept for how AI could support analyst-reviewed assignment routing and remediation decision support in ServiceNow SecOps.
Concept
Security Foundations
#SRA 221, CYBER 262, and IST 451 show the earlier hands-on foundation behind the larger incident response, malware, forensics, and GRC pages.
Foundation
This is not a claim of expert-level mastery in every tool. It is a practical map of tools I have used in coursework, labs, projects, or portfolio work.
Area
Tools / Platforms
Evidence
ServiceNow / SecOps
ServiceNow SecOps, Vulnerability Response concepts, vulnerable item workflow, assignment ownership, remediation, validation, closure, requirements, UAT, and process documentation.
Primary
Forensics / IR
FTK Imager, WinHex, RegRipper, Registry Viewer, forensic imaging, memory artifacts, Windows logs, event timelines, and evidence handling concepts.
Hands-On
Malware / Reverse Engineering
PEiD, UPX, FLOSS, strings, ProcMon, Process Explorer, RegShot, IDA Pro, Ghidra, Binary Ninja, Windows API interpretation, and debugger-aware behavior.
Hands-On
Security Operations
Splunk, Enigma Glass, Wireshark, Snort, Wazuh, OWASP ZAP, SPARTA, OpenVPN, pfSense, Active Directory, and SIEM-style investigation workflows.
Foundational
Cloud / Infrastructure
Hyper-V, OpenStack, Docker, Docker Compose, Wazuh, OpenSCAP, mutual TLS concepts, zero trust concepts, and shared responsibility.
Cloud
Software / Web
Java, OOP, MVC, JUnit-style testing, Git, HTML, CSS, JavaScript, Hugo, Blowfish, GitHub, Cloudflare Pages, DNS, and custom CSS.
Development
HCI / Design
Figma, user research, low-fidelity prototypes, high-fidelity prototypes, usability testing, workflow modeling, and mobile usability review.
HCI
I prefer evidence over claims.
#A resume can say “incident response” or “risk analysis.” The portfolio is meant to show where those claims come from.
Evidence
I care about workflow, not just tools.
#Most of the stronger projects are about connecting steps: triage, ownership, investigation, validation, reporting, and closure.
Workflow
I publish carefully.
#A lot of the work involves malware, forensics, security labs, academic material, or simulated environments. I summarize the learning without exposing raw evidence or full solutions.
Security First
ServiceNow / Vulnerability Response
#Start with the ServiceNow SecOps Lab Hub, then review IST 456 and the AI ownership recommender.
SecOps Path
Cybersecurity Analyst
#Start with CYBER 440, CYBER 366, IST 454, CYBER 362, CYBER 262, and IST 456.
Analyst Path
GRC / Risk
#Start with IST 456, IST 432, SRA 311, SRA 231, and CYBER 342W.
Risk Path