Brandon Bennett
USA | infosec.brandon@protonmail.com | https://www.linkedin.com/in/brandon-bennett~
Website: https://brandonbennett.org | GitHub: https://github.com/BBennett92

CYBER SECURITY ANALYST

Seasoned cybersecurity professional with extensive experience across multiple domains of cybersecurity and information security. Demonstrated expertise in systems administration, penetration testing, IT support, and risk management. Skilled in evaluating and developing robust security solutions that ensure business continuity and disaster recovery. Expert at problem-solving, documentation, networking, communication, and teamwork, ensuring seamless operations for a diverse client base. Proficient in planning, designing, and documenting compliance controls for frameworks such as NIST, CIS, SOC, GDPR, ISO 27001, and PCI-DSS, leading to adherence to regulations, successful audits, and certifications. Specializes in cloud security with hands-on experience in Microsoft 365, Amazon Web Services, and Apple Business Essentials. Adept at identifying vulnerabilities in GraphQL and REST API reliant web applications, enhancing client safety and security posture. Experienced in the acquisition and integration of new security technologies.

WORK EXPERIENCE

Security Overview                                                                                             August 2023 – July 2024

Dynamic cybersecurity startup focused on securing cloud environments with Microsoft 365 and Apple Business Essentials. Responsible for providing IT support, conducting risk assessments, and implementing industry-standard compliance controls to ensure regulatory adherence and successful audits.

Cybersecurity Analyst

• Delivered comprehensive systems administration, penetration testing, and helpdesk services across Windows, Linux, macOS, iOS, and Android platforms. Managed, evaluated, and maintained system performance, security configurations, and software updates, ensuring seamless daily operations and safety protocols. Provided technical support for 100+ end-users, troubleshooting issues ranging from network connectivity to software installation & troubleshooting.

• Managed client endpoints & inboxes across Microsoft 365 (e.g. Azure AD/Entra ID, Intune, Exchange, SharePoint, OneDrive, Defender, Teams, Purview), Amazon Web Servies (AWS) and Apple Business Essentials, enhancing Identity Access Management (IAM) by implementing SAML/SSO and MFA for 100+ users. Strengthened endpoint security with geo-restrictions, and by deploying BitLocker and FileVault encryption, protecting sensitive data for over 300 devices.

• Conducted contract-based and quarterly penetration tests, including REST API and GraphQL web applications. Utilized the OWASP Top 10 framework to identify and assess 30+ server and client-side vulnerabilities, such as DOM-based, stored, and reflected XSS, NoSQL injections, CSRF, open redirect, improper access controls, and other security misconfigurations. Produced detailed penetration test reports for clients, outlining findings, risk levels, and recommended remediation steps. Collaborated closely with clients to follow up on vulnerabilities, providing guidance on remediation and re-testing to ensure issues were effectively resolved.

• Developed and implemented compliance controls aligned with NIST, SOC2, PCI-DSS, GDPR, ISO 27001, and CIS frameworks, ensuring successful client audits and achieving necessary certifications. Strengthened governance, risk, and compliance (GRC) processes by enhancing cloud environments through data loss prevention strategies and the application of conditional access policies, significantly reducing potential vulnerabilities and ensuring regulatory adherence.

Proof of Reception                                                                                           May 2023 – September 2024

Internship focusing on leveraging prompt engineering for various artificial intelligence (AI) models to enhance application development, code quality, and vulnerability management. Utilized Python, Golang, and React Native for application development.

Prompt Engineer – Internship

• Collaborated with cross-functional teams in various phases of the Software Development Lifecycle (SDLC), contributing to the successful development of secure, high-quality code across Python, Golang, and React Native projects.

• Designed, tested, and iterated prompts for AI models like GPT-4 and DALL-E 3, improving AI content generation and automating workflows across projects. Built prompt libraries for future use, enhancing quality assurance.

• Developed and designed visual content with AI models (e.g., GPT-4, DALL-E 3, Copilot), contributing to enhanced safety in application development. Evaluate latest AI technology, design artwork using new models.

• Embedded AI prompts into cross-functional workflows, leveraging tools like GPT-4, Llama, and Google Gemini to optimize task automation, code quality, and vulnerability analysis, reducing time spent on manual processes.

EDUCATION

Woz-U, Cybersecurity

GPA: 4.0

Completed a comprehensive cybersecurity program, gaining in-depth knowledge and hands-on experience in penetration testing, cloud security, network security, vulnerability assessment, and secure systems administration. Setup a home lab utilizing pfSense with integrated Snort IDS and IPS for advanced network monitoring and intrusion prevention, and TCP/IP traffic analysis. Excelled in practical labs and projects. Created and participated in Capture the Flag (CTF) events, honing problem-solving and analytical skills. Actively supported fellow classmates, hosted workshops, and earned a place on the Director’s List multiple times for academic excellence.