Navigation
AboutExperienceBlogResourcesMerchContact

inquiries@ctijen.com

Experience

Real-world CTI impact

Senior Threat Intelligence Analyst with 8+ years in cybersecurity and 6+ years focused on CTI, specializing in full-lifecycle intelligence programs, AI-assisted automation, and translating threat intelligence into measurable defensive outcomes.

Impact Highlights

What I deliver

Operationalized ThreatConnect workflows and LLM-assisted filtering that reduced low-signal OSINT analysis by 3-5 hours per week.
Led ATT&CK integration and coverage maturity work across 200+ detections with multi-quarter remediation planning.
Implemented cross-functional incident process improvements, including an Andon Cord mechanism that reduced incident creation time by 20%.
Delivered intelligence reports and threat briefings to director and C-staff audiences with business impact framing.
Professional Timeline

Roles and responsibilities

Senior Threat Intelligence Analyst - Zendesk (Remote)

March 2017 - Present
  • Own full CTI lifecycle: stakeholder planning, collection, analysis, dissemination, and iterative feedback loops.
  • Partner across Detection Engineering, Incident Response, Red Team, Compliance, and Vulnerability Management to operationalize intelligence.
  • Built and maintained TIP workflows to evaluate feeds, automate triage, and route high-fidelity findings into defensive actions.
  • Translate intelligence into ATT&CK-aligned guidance for detection, hunting, and simulation teams.
  • Track high-risk actor landscape with recurring reporting and leadership-ready impact summaries.

IT Global Service Desk Specialist - Zendesk

March 2017 - 2018
  • Resolved enterprise endpoint, SaaS, telephony, and collaboration platform issues in high-volume environments.
  • Partnered with IAM to support identity provisioning and access control workflows across Okta and OneLogin.

Genius (Hardware and Software Technician) - Apple - Madison, WI

January 2014 - March 2017
  • Performed certified hardware diagnostics and repair for macOS and iOS devices.
  • Built strong customer communication habits that now inform clear executive and stakeholder security reporting.
Open Source Work

Built for CTI teams

AI-Assisted CTI OSINT Pipeline

Open-source Python workflow for CTI triage combining feed ingestion, adversary-aware filtering, LLM validation, deduplication clustering, and analyst-ready outputs (HTML/JSON/Markdown/STIX 2.1).

  • Supports configurable RSS/JSON sources and threat actor-focused triage logic.
  • Includes substantive validation and confidence scoring to improve analyst signal quality.
  • Originally built as ThreatConnect automation and later open-sourced as a portable community tool.
View project on GitHub ↗
Tools and Credentials

Execution stack

Tools and Frameworks

  • ThreatConnect, Recorded Future, TruSTAR, Pulsedive, ZeroFox, MISP
  • Splunk, DataDog, Anvilogic
  • CrowdStrike, Carbon Black, Umbrella, Netskope, Mimecast, AWS
  • Python, Terraform, Atlantis, GitHub, XSOAR, Torq, Cursor, MCPs, Anthropic/OpenAI models
  • VirusTotal, DomainTools, Shodan, Talos, URLScan, Jira, Zendesk
  • MITRE ATT&CK, MITRE DeTT&CT, MITRE INFORM, Diamond Model, Cyber Kill Chain, NIST, CIS, OWASP

Certifications and Trainings

  • GIAC GSEC
  • Recorded Future Certified Analyst
  • Mandiant Cyber Intelligence Production
  • SANS FOR578 Cyber Threat Intelligence Class Challenge Coin Recipient
  • Splunk User Certified
  • AWS Cloud Practitioner
  • Zendesk Support Administrator
  • Python3 - Codecademy
Education: B.S. Rehabilitation Psychology - University of Wisconsin-Madison (December 2013)
View speaking and community work