Hi, I'm Derick Dmello
Cyber Security SME & IT Specialist
A curiosity-driven enthusiast with a knack for investigating and solving problems. With 3 years of experience in Incident Response, Threat Intelligence Analysis, and Security Operations,
I'm passionate about building secure and resilient digital environments.
About Me
Hello there! 👋🏻 I'm Derick Dmello, a Security Analyst with 3+ years of work experience and an educational background with over 6 years in Cyber Security, IT Infra, Network and Forensics. Looking for the next high stakes SOC & IRT gig to showcase my awesome/precise investigation capability and knowledge to tackle that head-scratching security incident. Be it on-site or on-call. I'll be there.
I am a self taught red teamer with a keen focus on cyber defense. So, root cause analysis and CTI is the base of all my high confidence reports. Having worked in securing State Agencies and Higher Education instutites, governance and compliance is my second forte. I have managed all this with strong risk and project management, with confident stakeholder management and quick turn around time. I am an avid learner and love to participate in CTFs to test my investigative instincts in a competitive environment.
Core Competencies
Security Operations & SIEM / MDR
Monitoring, analyzing, and responding to security incidents in real-time.
Network Security & IT Infra Admin
Securing network infrastructure and managing enterprise access controls.
Cloud, Virtualization & Gen AI
Managing scalable cloud environments and virtualized systems with the lastest security AI.
Governance, Risk & Compliance
Ensuring systems adhere to regulatory compliance to manage and mitigate risks.
Digital Forensics & Analysis
Investigating breaches through artifact acquisition, preservation and analysis.
DevSecOps
Bridging security and development practices for secure software delivery.
I Have Worked With
NYS Office of ITS
Information Security Analyst
Core Skills
Key Impact
Oversaw cybersecurity risk governance for 65+ multi-agency projects, improving statewide secure solution deployment and project compliance by 90%.
NY State Education Department
Cyber Security Analyst
Core Skills
Key Impact
- Led 200+ security investigations in a State level SOC environment, securing 3000+ employees and 35000+ endpoints.
- Led security audit for securing NY State central school districts, protecting student data and district infrastructure.
National Security Agency
GS Cyber Security Researcher
Core Skills
Key Impact
Developed a robust framework to improve observability in cloud to detect and respond to threats.
ISC2
Cyber SME - Exam Developer
Core Skills
Key Impact
As a cyber security SME exam developer, I presented expertise to refine ISC2 CC certification.
Virtually Testing Foundation
Cyber Security Associate
Core Skills
Key Impact
Improved detection and response maturity through ATT&CK-based threat modeling and Cortex XDR defensive analysis.
Virtual Cyber Labs
Security Blue Team Intern
Core Skills
Key Impact
Improved incident response effectiveness through root-cause analysis and network forensics.
Cyber Secured India
DFCS Intern
Core Skills
Key Impact
Complete process owner for application and endpoint security through vulnerability discovery, exploitation, forensics analysis and hardening.
NYS Office of ITS
Information Security Analyst
Key Impact
Oversaw cybersecurity risk governance for 65+ multi-agency projects, improving statewide secure solution deployment and project compliance by 90%.
core Skills
NYS Education Department
Cyber Security Analyst
Key Impact
- Led 200+ security investigations in a State level SOC environment, securing 3000+ employees and 35000+ endpoints.
- Led security audit for securing NY State central school districts, protecting student data and district infrastructure.
Core Skills
National Security Agency
GS Cyber Security Researcher
Key Impact
Developed a robust framework to improve observability in cloud to detect and respond to threats.
Core Skills
ISC2
Cyber SME - Exam Developer
Key Impact
As a cyber security SME exam developer, I presented expertise to refine ISC2 CC certification.
Core Skills
Virtually Testing Fonundation
Cyber Security Associate
Key Impact
Improved detection and response maturity through ATT&CK-based threat modeling and Cortex XDR defensive analysis.
Core Skills
Virtual Cyber Labs
Security Blue Team Intern
Key Impact
Improved incident response effectiveness through root-cause analysis and network forensics.
Core Skills
Cyber Secured India
DFCS Intern
Key Impact
Complete process owner for application and endpoint security through vulnerability discovery, exploitation, forensics analysis and hardening.
Core Skills
My Projects
A collection of security research, tools, and documentation showcasing my work in offensive and defensive cybersecurity.
ResolvX GRC Program
End-to-End Compliance & Audit Readiness
Complete GRC program for a fictional fintech. Including risk register, control mapping, policy library, TPRM assessments, and Trust Center. ISO 27001, SOC 2, NIST CSF aligned.
Mini-PySec Projects
Small scale locally deployable Python projects for offensive and defensive security research and testing.
The Employee Simulator
A modular Python framework to simulate normal employee behavior on Windows endpoints for EDR baseline research and testing.
Project HIKE
CLASSIFIEDHybrid Infrastructure Kill-chain Evaluation lab simulating adversary TTPs across segmented red and blue team subnets.
Homelab Enterprise IT
Designed and built a home laboratory to simulate enterprise-level IT infrastructure with AD, Cloud, and monitoring.
Cyber Defence: SOC Operations
Part one of a two-part thesis covering fundamentals and practical operations in Security Operations Center environments.
Cyber Defence: DFIR Methodologies
Part two of a two-part thesis covering Digital Forensics and Incident Response methodologies, artifact analysis, and investigation procedures.
Achievements & Certifications
Certifications
(CSA)
(CEH Master)
(CC)
(Sec+)
ISO/IEC 27001:2022 Lead Auditor
PCI Compliance Specialist
Recommendations From
Marlowe Cochran
Chief Information Security Officer
New York State Education Department
Livia Hendrickson
Manager ITS I
Chief Information Security Office
New York State Office of ITS
George Ventura
IT Specialist III (Information Security)
New York State Education Department
Ujjwal Tripathi
Manager ITS I
Chief Information Security Office
New York State Office of ITS
Tom Vaselekos
Cyber Security Analyst
Empire State Development (NYS)
Nabin Sapkota
IT Specialist III (Information Security)
Chief Information Security Office
New York State Office of ITS
Melpomeni "Mel" Doutsis
IT Specialist II (Network Engineer)
New York State Office of ITS
Recognitions
ISC2 Cybersecurity Exam Developer
Invited by ISC2 as a Subject Matter Expert (SME) to participate as an Exam Developer contributing to the development of;
- Certified in Cybersecurity (ISC2 CC)
EC Council Cybersecurity
Career Mentor
Selected by EC Council as a cybersecurity career mentor to support and empower the next generation of cybersecurity professionals.
Student Organization Founder & President, CipherCodeX
A Letter of Recognition from Dept. of AIM, Gujarat University for creating and leading a student organization focusing on Cybersecurity Research and Training (CRT).
Get In Touch
I'm currently open to new opportunities and collaborations.
If you have a project in mind or just want to connect, feel free to reach out!