Cyber Security SME & IT Specialist
A curiosity-driven enthusiast with a knack for investigating and solving problems. With 3 years of experience in Incident Response, Threat Intelligence Analysis, and Security Operations,
I'm passionate about building secure and resilient digital environments.
Hello there! ππ» I'm Derick Dmello, a Security Analyst with 3+ years of work experience and an educational background with over 6 years in Cyber Security, IT Infra, Network and Forensics. Looking for the next high stakes SOC & IRT gig to showcase my awesome/precise investigation capability and knowledge to tackle that head-scratching security incident. Be it on-site or on-call. I'll be there.
I am a self taught red teamer with a keen focus on cyber defense. So, root cause analysis and CTI is the base of all my high confidence reports. Having worked in securing State Agencies and Higher Education instutites, governance and compliance is my second forte. I have managed all this with strong risk and project management, with confident stakeholder management and quick turn around time. I am an avid learner and love to participate in CTFs to test my investigative instincts in a competitive environment.
Monitoring, analyzing, and responding to security incidents in real-time.
Securing network infrastructure and managing enterprise access controls.
Managing scalable cloud environments and virtualized systems with the lastest security AI.
Ensuring systems adhere to regulatory compliance to manage and mitigate risks.
Investigating breaches through artifact acquisition, preservation and analysis.
Bridging security and development practices for secure software delivery.
Information Security Analyst
Oversaw cybersecurity risk governance for 65+ multi-agency projects, improving statewide secure solution deployment and project compliance by 90%.
Cyber Security Analyst
- Led 200+ security investigations in a State level SOC environment, securing 3000+ employees and 35000+ endpoints.
- Led security audit for securing NY State central school districts, protecting student data and district infrastructure.
GS Cyber Security Researcher
Developed a robust framework to improve observability in cloud to detect and respond to threats.
Cyber SME - Exam Developer
As a cyber security SME exam developer, I presented expertise to refine ISC2 CC certification.
Cyber Security Associate
Improved detection and response maturity through ATT&CK-based threat modeling and Cortex XDR defensive analysis.
Security Blue Team Intern
Improved incident response effectiveness through root-cause analysis and network forensics.
DFCS Intern
Complete process owner for application and endpoint security through vulnerability discovery, exploitation, forensics analysis and hardening.
Information Security Analyst
Oversaw cybersecurity risk governance for 65+ multi-agency projects, improving statewide secure solution deployment and project compliance by 90%.
Cyber Security Analyst
- Led 200+ security investigations in a State level SOC environment, securing 3000+ employees and 35000+ endpoints.
- Led security audit for securing NY State central school districts, protecting student data and district infrastructure.
GS Cyber Security Researcher
Developed a robust framework to improve observability in cloud to detect and respond to threats.
Cyber SME - Exam Developer
As a cyber security SME exam developer, I presented expertise to refine ISC2 CC certification.
Cyber Security Associate
Improved detection and response maturity through ATT&CK-based threat modeling and Cortex XDR defensive analysis.
Security Blue Team Intern
Improved incident response effectiveness through root-cause analysis and network forensics.
DFCS Intern
Complete process owner for application and endpoint security through vulnerability discovery, exploitation, forensics analysis and hardening.
A collection of security research, tools, and documentation showcasing my work in offensive and defensive cybersecurity.
Small scale locally deployable Python projects for offensive and defensive security research and testing.
A modular Python framework to simulate normal employee behavior on Windows endpoints for EDR baseline research and testing.
A compact Command & Control Server and agent deployment package for red team operations and security research.
A home lab project on virtualization of infrastructure using Citrix Systems Solutions for enterprise environments.
Research project focusing on security vulnerabilities in modern wearable devices and IoT ecosystems.
In-depth CTI analysis on the threat landscape of the global shipping industry in accordance with ICD 302.
Designed and built a home laboratory to simulate enterprise-level IT infrastructure with AD, Cloud, and monitoring.
Showcases the 'arbitrary user input' problem through OWASP Top 10 vulnerabilities combined with threat actor TTPs.
Part one of a two-part thesis covering fundamentals and practical operations in Security Operations Center environments.
Part two of a two-part thesis covering Digital Forensics and Incident Response methodologies, artifact analysis, and investigation procedures.
Chief Information Security Officer
New York State Education Department
Manager ITS I
Chief Information Security Office
New York State Office of ITS
IT Specialist III (Information Security)
New York State Education Department
Manager ITS I
Chief Information Security Office
New York State Office of ITS
Cyber Security Analyst
Empire State Development (NYS)
IT Specialist III (Information Security)
Chief Information Security Office
New York State Office of ITS
IT Specialist II (Network Engineer)
New York State Office of ITS
Invited by ISC2 as a Subject Matter Expert (SME) to participate as an Exam Developer contributing to the development of;
- Certified in Cybersecurity (ISC2 CC)
Selected by EC Council as a cybersecurity career mentor to support and empower the next generation of cybersecurity professionals.
A Letter of Recognition from Dept. of AIM, Gujarat University for creating and leading a student organization focusing on Cybersecurity Research and Training (CRT).
I'm currently open to new opportunities and collaborations.
If you have a project in mind or just want to connect, feel free to reach out!
