Cyber Security SME & IT Specialist
A curiosity-driven enthusiast with a knack for investigating and solving problems. With 3 years of experience in Incident Response, Threat Intelligence Analysis, and Security Operations,
I'm passionate about building secure and resilient digital environments.
Hello there! 👋🏻 I'm Derick Dmello, a Security Analyst with 3+ years of work experience and an educational background with over 6 years in Cyber Security, IT Infra, Network and Forensics. Looking for the next high stakes SOC & IRT gig to showcase my awesome/precise investigation capability and knowledge to tackle that head-scratching security incident. Be it on-site or on-call. I'll be there.
I am a self taught red teamer with a keen focus on cyber defense. So, root cause analysis and CTI is the base of all my high confidence reports. Having worked in securing State Agencies and Higher Education instutites, governance and compliance is my second forte. I have managed all this with strong risk and project management, with confident stakeholder management and quick turn around time. I am an avid learner and love to participate in CTFs to test my investigative instincts in a competitive environment.
Monitoring, analyzing, and responding to security incidents in real-time.
Securing network infrastructure and managing enterprise access controls.
Managing scalable cloud environments and virtualized systems with the lastest security AI.
Ensuring systems adhere to regulatory compliance to manage and mitigate risks.
Investigating breaches through artifact acquisition, preservation and analysis.
Information Security Analsyt
Oversaw cybersecurity risk governance for 65+ multi-agency projects, improving statewide secure solution deployment and project compliance by 90%.
Cyber Security Analyst
- Led 200+ security investigations in a State level SOC environment, securing 3000+ employees and 35000+ endpoints.
- Led security audit for securing NY State central school districts, protecting student data and district infrastructure.
GS Cyber Security Researcher
Developed a robust framework to improve observability in cloud to detect and respond to threats.
Cyber SME - Exam Developer
As a cyber security SME exam developer, I presented expertise to refine ISC2 CC certification.
Cyber Security Associate
Improved detection and response maturity through ATT&CK-based threat modeling and Cortex XDR defensive analysis.
Security Blue Team Intern
Improved incident response effectiveness through root-cause analysis and network forensics.
DFCS Intern
Complete process owner for application and endpoint security through vulnerability discovery, exploitation, forensics analysis and hardening.
Information Security Analsyt
Oversaw cybersecurity risk governance for 65+ multi-agency projects, improving statewide secure solution deployment and project compliance by 90%.
Cyber Security Analyst
- Led 200+ security investigations in a State level SOC environment, securing 3000+ employees and 35000+ endpoints.
- Led security audit for securing NY State central school districts, protecting student data and district infrastructure.
GS Cyber Security Researcher
Developed a robust framework to improve observability in cloud to detect and respond to threats.
Cyber SME - Exam Developer
As a cyber security SME exam developer, I presented expertise to refine ISC2 CC certification.
Cyber Security Associate
Improved detection and response maturity through ATT&CK-based threat modeling and Cortex XDR defensive analysis.
Security Blue Team Intern
Improved incident response effectiveness through root-cause analysis and network forensics.
DFCS Intern
Complete process owner for application and endpoint security through vulnerability discovery, exploitation, forensics analysis and hardening.
Developed a suite of Python security tools following a full Software Development Life Cycle (SDLC) for offensive and defensive security research and testing.
View Details →
This research project focuses on the security vulnerabilities in modern wearable devices.
Request Report →
An in-depth CTI analysis and report on the threat landscape of the global shipping industry in accordance to the Intelligence Community Directive (ICD) 302.
Request Report →
Designed and built a home laboratory to simulate an enterprise-level IT infrastructure.
(Github repo in progress)
This project showcases the core problem ‘arbitrary user input’, on how it affects web applications through the OWASP Top 10 vulnerabilities and how it can be broken combined into using threat actor TTPs.
Request Report →
A research project on creating, deploying and managing Citrix virtualization technologies.
(Github repo in progress)
A two-part thesis covering the fundamentals and practical operations in cyber defense scenarios.
Request Report for SOC →Chief Information Security Officer
New York State Education Department
Manager ITS 1
Chief Information Security Office
New York State Office of ITS
IT Specialist 3 (Information Security)
New York State Education Department
IT Specialist 4 (DevSecOps)
Chief Information Security Office
New York State Office of ITS
IT Specialist 2 (Information Security)
Chief Information Security Office
New York State Office of ITS
Invited by ISC2 as a Subject Matter Expert (SME) to participate as an Exam Developer contributing to the development of;
- Certified in Cybersecurity (ISC2 CC)
Selected by EC Council as a cybersecurity career mentor to support and empower the next generation of cybersecurity professionals.
A Letter of Recognition from Dept. of AIM, Gujarat University for creating and leading a student organization focusing on Cybersecurity Research and Training (CRT).
I'm currently open to new opportunities and collaborations.
If you have a project in mind or just want to connect, feel free to reach out!
