~
/
hacker
/
resume
Gabriel Barrera
>Information Security Analyst II
Driven computer scientist skilled in problem-solving, software development, and building cloud solutions. Passionate about learning new emerging threats and techniques in cyber security, and implementing new and innovative mitigating controls and automations.
[ download resume.pdf ]$ cat barrera_gabriel.log | grep -E "MTTD|MTTR|Azure|KQL|Defender" [2019-11] ROLE: IS Analyst — Port of San Diego [2021-03] BUILD: Azure event pipeline — MTTD ↓70% MTTR ↓30% [2022-06] TOOL: MS Defender XDR + Azure Sentinel + Palo Alto + InfoBlox [2023-01] IMPL: Okta MFA + CBA policies + AD IAM audits + CIS hardening [2023-09] CODE: Graph API integrations via Logic Apps + PowerShell [2024-02] HUNT: KQL rules for emerging IOCs and critical CVEs [2025-11] SCAN: Rapid7 + Defender vuln assessments + SOC II reviews > █
01
/dev/experience
Information Security Analyst→IS Analyst II
Port of San Diego
Nov 2019 – Present
- Reduced MTTD by ~70% and MTTR by ~30% by building a centralized event collection and alerting system in Azure, bridging the gap until a formal SIEM was procured and implemented.
- Monitored security alerts and SIEM dashboards (Azure Sentinel, FireEye Helix) for suspicious activity; performed daily reviews of Palo Alto firewall and IDS/IPS logs; investigated and documented incidents involving phishing, malware, and unauthorized access.
- Led threat hunting operations using Defender XDR, Azure Sentinel, Palo Alto traffic analysis, and InfoBlox queries to identify, contain, and remediate confirmed or suspected compromises within defined SLAs.
- Hardened identity security by implementing Okta MFA, configuring Certificate-Based Authentication policies, managing user provisioning and deprovisioning across Active Directory and Azure Entra, and auditing IAM against CIS benchmarks.
- Automated detection and response workflows via Logic Apps, App Registrations, and PowerShell scripts leveraging the Graph API, reducing time-to-audit and addressing operational inefficiencies.
- Performed risk assessments of vulnerabilities surfaced by Defender and Rapid7, ensured timely patching and remediation, and reviewed SOC 2 / ISO 27001 reports from third-party vendors.
- Developed KQL detection rules in Defender and Sentinel based on emerging threat research, critical CVEs, and new IOCs; analyzed suspicious executables using Ghidra and ClamAV.
- Managed endpoint security monitoring across antivirus and EDR solutions; collaborated with sysadmin and network teams to enforce security controls and kept security policies and documentation current.
- Drove security awareness through phishing simulations, targeted email alerts, and quarterly interactive training campaigns.
Software Developer Intern
Port of San Diego
Jan 2018 – Nov 2019
- Aided recovery efforts of the Port of San Diego's Incident Response Team following a company-wide ransomware attack, collaborating across departments, validating recovery checkpoints, and verifying rebuilt systems met security and compliance baselines before reintegration.
- Developed and maintained PowerShell and Python scripts to automate deployment and incident response tasks, improving team efficiency and reducing workload against SLA targets.
- Contributed to full-stack features and bug fixes spanning UI/UX, back-end logic, and API integrations; conducted unit and integration testing to validate functionality and reliability.
- Participated in daily stand-ups, sprint planning, and code reviews; applied Git/GitHub version control best practices and maintained documentation for code changes and technical processes.
02
/dev/projects
> The Hunt
Implemented detection alerts, learned to read/write Russian, and investigated the chain of command to determine the legitimacy of a highly suspicious user.
> The Sentinel Unified System (SUS)
Integrated SolarWinds Service Desk, custom KQLs and Analytics Rules, Teams, and Logic Apps for a more efficient and robust security event detection and lifecycle management.