teodorm

Lead threat hunting and incident response for global OT/ICS critical infrastructure, defending against state-sponsored and APT actors. Conduct proactive hunt campaigns across SCADA, DCS, PLC environments using MITRE ATT&CK for ICS ensuring comprehensive coverage of priority adversary TTPs and threat scenarios. Monitor industrial networks using Dragos, Claroty, Nozomi; distinguish operational anomalies from malicious activity. Engineer and tune detections in Splunk and Taegis XDR, improving MTTD and reducing false positives. Perform forensic investigations across Modbus, DNP3, CIP, BACnet, delivering RCA while prioritizing safety and uptime. Produce executive intelligence reports and provide strategic risk advisory to critical infrastructure stakeholders.

Provided 24/7 OT/ICS threat monitoring and triage for critical infrastructure clients. Investigated alerts using Dragos, Claroty, Nozomi and correlated telemetry via Taegis XDR. Escalated confirmed incidents with MITRE ATT&CK–mapped analysis and detailed technical reporting. Conducted PCAP analysis and firewall log review of industrial protocols to identify anomalous and C2 activity.

Designed and deployed secure OT architectures across Purdue Levels 3, 3.5 (DMZ), and 4 using VMware ESXi. Implemented and optimized network & endpoint security (Trellix/ePO, Symantec, Carbon Black), and (Check Point, Cisco, Fortinet) for legacy OT systems. Owned global WSUS patching for 400+ industrial clients, balancing risk mitigation and uptime. Deployed and optimized endpoint security sensors (Trellix, Carbon Black, CrowdStrike) and network firewalls (Check Point, Fortinet) to ensure robust log ingestion for SIEM platforms.

Architected and sustained a high-availability, multi-tenant network ecosystem supporting classified and unclassified education modules. Implemented Zero Trust principles and air-gapped enclaves to ensure strict data sovereignty and compliance with NATO STANAG and National Defense Standards. Directed the end-to-end lifecycle of a $1M+ mission-critical data center, overseeing the procurement, hardening (CIS Benchmarks), and deployment of Hyper-Converged Infrastructure (HCI) to support 24/7 military education operations. Engineered Python/Bash automation for IAM and self-healing services, reducing administrative overhead by 60% and sustaining 99.99% uptime.

Conducted web application penetration testing aligned with OWASP Top 10. Used Burp Suite Pro, Metasploit, Nmap, Wireshark for exploitation and analysis. Delivered remediation-focused reports reducing client risk exposure. Built Python/Bash automation for OSINT and reconnaissance