Jesus Vazquez

Placeholder Case Studies

1) Secure SDLC Guardrails for a Product Team

• Role: Product Security Engineer (placeholder)
• Problem: Engineering teams were shipping quickly, but security checks were inconsistent across repositories.
• What I built: Added security-by-design checkpoints to planning, PR templates, and CI policy checks for common web/API risks.
• Threats addressed: Injection paths, authentication gaps, insecure defaults, and secrets exposure.
• Impact (placeholder):
  • 35% reduction in repeat security findings across two release cycles
  • 50% faster triage by standardizing severity and ownership
  • 90% of new services launched with baseline security controls enabled

2) Cloud Hardening + Identity Control Baseline

• Role: Cloud/Network Security Contributor (placeholder)
• Problem: Cloud resources had drift in IAM permissions, network segmentation, and logging coverage.
• What I audited and improved: Reviewed IAM roles, tightened security groups/network paths, and expanded centralized logging/alerting.
• Framework alignment: CIS-style hardening controls and least-privilege access patterns.
• Impact (placeholder):
  • Reduced high-risk IAM bindings by 60%
  • Closed public exposure paths on internal-only services
  • Improved investigation readiness with consistent audit trails

3) Practical Offensive Testing for Defensive Fixes

• Role: Security Tester / AppSec Partner (placeholder)
• Problem: Teams needed realistic attack simulation tied directly to actionable remediation.
• What I tested: Web app and API auth flows, input handling, session controls, and configuration weaknesses.
• What I delivered: Reproducible findings with proof-of-concept steps, fix guidance, and retest validation.
• Impact (placeholder):
  • Identified and remediated critical auth and access-control issues before release
  • Improved developer secure-coding confidence through fix walkthroughs
  • Established a repeatable pre-release security testing checklist

Placeholder Writing & Playbook Roadmap

• Secure Code Review Playbook (Draft): How I prioritize findings for developer adoption and risk reduction.
• Threat Modeling in Practice (Draft): Lightweight model for fast-moving product teams.
• API Security Testing Checklist (Draft): Practical tests for auth, authorization, and input trust boundaries.
• Cloud Hardening Notes (Draft): IAM, segmentation, and logging controls I validate first.
• Security Automation Snippets (Draft): Small scripts/workflows that reduce repetitive AppSec toil.

Core Focus Areas

Education & Credentials

• B.S. in Computer Science — University of Wisconsin–Madison
• CCNA — Cisco Networking Academy
• CyberOps Associate — Cisco Networking Academy
• Cisco Emerging Talent Mentorship Program (2022)

Organizations

• ColorStack
• CyberSecurity UW (CSEC)
• Google Developer Student Club (GDSC)

How This Portfolio Is Evolving