Sunny Nguyen
Open to Opportunities

Sunny Nguyen

Security Engineer

Microsoft 365 Security & Detection Engineering

English · Vietnamese

Microsoft 365 Security·Detection Engineering·Sentinel·Defender XDR·Entra ID·KQL·Incident Response·Threat Hunting·PowerShell
View My WorkGet In TouchResume
GitHub·LinkedIn·sunnyitsolutions.com

About Me

Target Role

SOC / IR / DFIR

Education

MS Cybersecurity

MS GPA

4.0

Clearance

Eligible (US)

Currently
MS Cybersecurity Management @ University of UtahIT Security Consultant @ Sunny IT SolutionsOpen to Security Engineer & SOC / IR roles

I'm a security professional pursuing a Master of Science in Cybersecurity Management at the University of Utah, with a background in Information Systems and hands-on experience in Incident Response and Digital Forensics.

My work centers on detecting, analyzing, and responding to security threats — from investigating endpoint anomalies and dissecting malware behavior, to applying frameworks like NIST and MITRE ATT&CK in real-world environments. I've operated in HIPAA-compliant healthcare settings where data protection, regulatory compliance, and accurate escalation are non-negotiable.

I also have hands-on experience across Azure, Microsoft 365, Entra ID, Microsoft Sentinel, and Defender XDR for identity, endpoint, and cloud security operations.

Beyond the day-to-day, I stay sharp through CTF competitions, HackTheBox and TryHackMe labs, and personal security projects. I'm bilingual in English and Vietnamese, and I bring a collaborative, detail-oriented mindset to every team I work with.

I'm actively seeking roles in SOC analysis, incident response, and DFIR where I can contribute immediately and continue growing as a defender.

Technical Skills

Incident ResponseDigital ForensicsThreat DetectionVulnerability AssessmentSecurity MonitoringLog AnalysisSIEM (Splunk / Microsoft Sentinel)Defender XDRRBAC & Auth SystemsNetwork SecurityWiresharkNmapBurp SuiteKali LinuxAzureMicrosoft 365Entra IDActive DirectoryPythonTypeScript / Next.jsClaude APIOllamaAWSn8nLinuxGit / GitHub

Work Experience

IT Security Consultant & Software Developer

Sunny IT Solutions

Sep. 2025 – Present
  • Conducted network assessments and vulnerability scans for small business clients — identified misconfigurations, unpatched systems, and authentication weaknesses; delivered remediation reports and implemented fixes.
  • Designed and deployed secure internal web applications with RBAC, SMS 2FA with device trust, bcrypt hashing, OTP rate limiting, account lockout, and tamper-evident audit logging.
  • Built custom internal tooling replacing manual workflows (inventory tracking, sales analytics, order management) — deployed as live operational systems for active clients.

Digital Forensics / Incident Response Mentee

Ensign Services, Inc.

Mar. 2025 – Aug. 2025
  • Completed weekly security department mentorship covering malware analysis fundamentals, digital forensic methodology, and incident escalation protocols; applied learnings to real escalations from the help desk role.
  • Walked through MITRE ATT&CK and NIST framework application against real incident scenarios with the SOC; gained exposure to the team's threat intelligence enrichment workflows.

Help Desk Analyst

Ensign Services, Inc.

Jan. 2025 – Aug. 2025
  • Operated as tier-1 within a 300+ facility HIPAA-regulated M365 tenant, investigating Entra ID sign-in anomalies and escalating identity incidents to the security team.
  • Used Entra ID to investigate sign-in anomalies, account lockouts, and access issues; coordinated with the security team on cross-domain escalations and documented findings consistently for handoff.
  • Resolved Intune enrollment, compliance, and device-based Conditional Access issues across the M365 fleet; documented recurring compliance failures for security team review and policy tuning.
  • Supported account and access work across clinical systems during ongoing M&A onboarding, including handling stale or over-permissioned accounts surfaced through routine support tickets.

Software Engineer Intern

Tongues: Language Games

Nov. 2023 – Apr. 2024
  • Developed and maintained backend systems using Python, ensuring efficient and scalable code.
  • Implemented AI prompting techniques to enhance user interactions; conducted code reviews and debugging to maintain high-quality software standards.

Education

Jan. 2026 – Mar. 2027

Master of Science in Cybersecurity Management

University of Utah

GPA: 4.0

Relevant Courses

Networking & Servers · Cybersecurity Management · Web-Based Applications · Cloud Computing · Secure Network Operations · Vulnerability Management · Cybersecurity Risk and Compliance · Project Management

2020 – 2025

Bachelor of Science in Information Systems

Minor in Management

University of Utah

Relevant Courses

Data Structures & Java · Programming with Python · Business Data Mining · A.I. for Business Processes · Database Fundamentals · Strategic Management · International Management · Managing and Leading

Summer 2023

Eccles Global Study Abroad

Japan & Korea

University of Utah

Relevant Courses

Systems Analysis & Design · Strategy and A.I.

Program Info ↗

Projects

Synthetic Microsoft 365 E5 Detection Lab

Security

Built a Microsoft 365 E5 tenant with 75 synthetic users, realistic privilege tiers, and repeatable attack-day scenarios. Authored and tuned Sentinel analytics rules and KQL hunting queries for password spray, impossible travel, malicious inbox rules, BEC activity, and SharePoint/OneDrive exfiltration paths.

Microsoft SentinelDefender XDREntra IDExchange OnlineIntuneKQLPowerShell
GitHub

AI SOC Agent

Security

Built an AI agent that triages security alerts, queries logs, enriches with threat intelligence, and posts analyst-ready summaries to Slack and Jira. Uses MCP, Notion runbooks, and persistent agent memory. Implements the read-only investigation, staged response pattern for safe automation.

PythonClaude APIn8nMCPWazuh / OpenSearch

Secure Internal Operations Platform

Security

Production-grade internal business platform built for a confidential client. Features 3-tier RBAC, SMS 2FA with device trust, bcrypt hashing, OTP rate limiting, account lockout, tamper-evident audit logging, and Stripe webhook signature verification. Includes a full analytics suite and staff management.

Next.js 15TypeScriptSupabaseStripeTwilio Verify

AI Healthcare Request System

Software Dev

Hackathon project built around a real Intermountain Health workflow. Replaced a manual Microsoft Form → email → spreadsheet process with an AI-powered intake and classification system. Features a public requestor form and admin dashboard with automated AI triage.

ReactTailwind CSSClaude API

ElderShield

Security

Accessibility-focused web app that prompts A.I. to help seniors spot phishing, scams, and fraud in messages and calls — with simple explanations and actionable tips.

PythonOllamaFlaskReact
GitHubDemo ↗

Enterprise Security Homelab

Security

Simulated real-world attacks and defenses across virtual machines. Gained hands-on experience in incident detection, response, log analysis, and system hardening.

SplunkKali LinuxWindows ServerWiresharkActive Directory
Writeups

Cyberpunk Portfolio

Software Dev

A mobile-friendly retro-cyberpunk themed personal portfolio website built with React and Vite, featuring animated UI effects and a hacker-style loading sequence.

ReactViteStyled ComponentsFramer Motion
GitHub

Freaky Foodies

Software Dev

A full-stack food review web application. Users can browse, submit, and manage restaurant and dish reviews through a clean, interactive interface.

ReactNode.jsSQLExpress
GitHub

Girlfriend Texter

Software Dev

A scripted automation tool for generating and sending contextual replies. Built for fun — demonstrates practical use of Python scripting and text processing.

Python
GitHub

Game Day Analytics

Data Analytics

Analyzed the effectiveness of Super Bowl advertisements using data mining techniques. Explored engagement metrics, brand sentiment, and viewership trends.

PythonPandasMatplotlibJupyter
GitHub

Certifications

Defensive Security

SOC & analyst-track certifications

CTFs & Labs

TryHackMe

Active participant in TryHackMe challenges and learning paths focused on defensive security, SOC analysis, and incident response skills.

View Profile ↗

HackTheBox

Regular participant in HackTheBox labs and learning paths covering a wide range of cybersecurity topics, from web exploitation to Active Directory attacks.

Love At First Breach CTF 2026

Red team focused capture-the-flag competition. Applied offensive techniques including enumeration, exploitation, and privilege escalation across a range of challenges.

Writeups ↗

LA CTF 2026

Annual cybersecurity competition hosted by ACM Cyber at UCLA. Competed across web, forensics, and cryptography challenge categories.

Writeups ↗

DoD Cyber Sentinel Skills Challenge 2025

DoD-sponsored competition assessing skills across Forensics, Malware/Reverse Engineering, Networking & Reconnaissance, OSINT, and Web Security.

Certificate ↗

Industrial Intrusion CTF 2025

Simulated an ICS/OT industrial control systems intrusion. Solved 30+ tasks spanning OSINT, web exploitation, reverse engineering, Node-RED, and Modbus protocol challenges to bypass authentication and gain control of a security gate.

Certificate ↗

Let's Connect

Open to security analyst, SOC, and IR/DFIR opportunities. Feel free to reach out — I'd love to connect.

BlogConnect on LinkedInEmail MeGitHubsunnyitsolutions.com

© 2026 Sunny Nguyen · sunnyitsolutions.com · Built with Next.js