Cybersecurity Fellow | Detection & Response | Cloud Security | Creative Technologist

I design, document, and defend systems at the intersection of cloud security, automation, and creative thinking. Current focus: building real-world SOC workflows and documented AWS security labs that hiring managers can actually read, understand, and trust.

• Advanced projects in cloud security, SIEM, and incident response
• Emphasis on documented labs, reproducible workflows, and team-based architectures
• Hands-on experience with CloudTrail, CloudWatch Logs, S3, Athena, GuardDuty, Security Hub, Lambda, and incident-driven automation

A unified cloud security, detection engineering, and automated containment project inspired by real-world healthcare incident response and HIPAA-driven operational requirements.

The team developed a full-scale, end-to-end crisis simulation modeled after a healthcare research environment under active cyberattack — similar in spirit to the narrative style of Contagion. The project combines cloud-native SOC operations, forensic investigation, and automated containment into one cohesive capstone.

Healthcare organizations operate high-value, high-risk environments where the impact of unauthorized access, data exfiltration, or operational disruption can be catastrophic. Under HIPAA, breaches involving electronic health records (ePHI) trigger strict reporting, containment, and verification requirements.

The project mirrors this reality by simulating how a cloud-based research center (GVRDC) would:

• Detect early indicators of compromise
• Contain an active threat before data exposure
• Maintain auditability and documentation for compliance
• Demonstrate that automated response (“the cyber vaccine”) can drastically reduce breach impact

This context grounds the technical work in a mission-critical, regulated industry—a domain where strong security design truly matters.

The capstone is structured as a crisis narrative:

• GVRDC (Global Viral Research Defense Center) provides the environmental and architectural backbone
• SOC it to ’EM SIEMlessly provides the detection, enrichment, and automated response pipeline

Together, they simulate how a healthcare research organization responds to a cyber “pathogen outbreak” in real time.

Engineering a production-inspired ingestion and analysis workflow:

• CloudTrail → CloudWatch Logs → S3 → Athena
• Structured queries for threat hunting and timeline reconstruction
• Evidence tagging and log normalization for triage and forensic review

Building rules and correlations that uncover:

• IAM misuse
• Lateral movement attempts
• Suspicious API activity
• Unauthorized access signatures
• MITRE ATT&CK mapping to classify “strain behavior”

This forms the investigative backbone of the documentary-style middle section of the presentation.

Designing IR automation aligned with HIPAA principles:

• EventBridge triggers
• Lambda-based containment actions
• Automated isolation of compromised IAM identities
• Verification steps to ensure containment was successful

Just as a medical response contains a biological pathogen, automation acts as the cyber vaccine that neutralizes threats before they spread.

• My role — Data Quarantine Architect

  • Presented the “Patient Zero Files”
  • Analyzed CloudTrail + GuardDuty evidence
  • Established the initial compromise vector
  • Demonstrated how logs told the story of the outbreak
  • Supported automated containment design with data flow verification

• Team roles (summarized)

  • Triage, SIEM analysis, threat mapping, and live containment demo
  • All integrated into a realistic incident-response narrative

This capstone demonstrates that I can:

• Operate within regulated industries (HIPAA context)
• Build real detection and response pipelines
• Implement cloud-native security automation
• Work effectively in a SOC-style team structure
• Produce documentation and evidence that leadership, auditors, and engineers all understand

For hiring managers, it signals readiness for roles in:

• Cloud SOC
• Detection & Response
• Security Operations
• Cloud Security Analysis
• Healthcare Security / Compliance-adjacent roles

Translating a background in fashion, costume design, and brand storytelling into:

• Clear, human-centered technical documentation
• Accessible security explanations for non-technical audiences
• Long-term brand development for The Pawtier House, a luxury pet-care and wellness concept

Security & Cloud

• AWS: VPC, S3 (logging & versioning), CloudTrail, GuardDuty, Security Hub, Lambda
• Logging & Detection: CloudTrail logs, VPC Flow Logs, Athena queries, basic detection use cases
• Identity & Access: IAM roles/policies, least privilege mindset, basic security baselines

Dev & Automation

• Infrastructure-as-Code concepts (Terraform basics for AWS resources)
• Git & GitHub: branching, pull requests, README-driven documentation, evidence folders
• Basic scripting and CLI usage to support repeatable lab setups

Foundations

• CIA Triad (Confidentiality, Integrity, Availability)
• Defense-in-Depth thinking (layers: network, identity, logging, training, process)
• Email & domain protection concepts (MFA, filters, DMARC at a conceptual level)

Repo: [aws-cyberrange-lab] (https://github.com/ldodson10/cyber-range-lab-aws)

A guided AWS lab where I:

• Simulated a compromised EC2 instance using controlled scenarios
• Enabled CloudTrail, GuardDuty, and Security Hub to surface findings
• Practiced triage, documentation, and cleanup with AWS Free Tier in mind

Highlights

• Focused on cost-aware security – enabling services for the lab, then disabling to avoid surprise bills
• Produced step-by-step screenshots and README sections for:
  • Environment setup
  • Attack simulation
  • Detection & remediation
  • Cleanup & lessons learned

Repo: [aws-s3-lambda-ingestion] (https://github.com/ldodson10/aws-s3-lambda-ingestion)

A small but practical serverless pattern:

• S3 used as an ingestion point
• Lambda automatically triggered by new objects
• Designed for scalable log or data processing

What I practiced

• Event-driven design (S3 → Lambda)
• Writing clear, reproducible instructions for others to clone and deploy
• Highlighting security considerations: IAM roles, least privilege, environment variables

Repo(s):

• SOC it to 'EM SIEMlessly: https://github.com/ldodson10/SOC-it-to-EM-SIEMlessly
• GVRDC AWS Infra: https://github.com/nyahhepburn/gvrdc-aws-infra

A single end-to-end, multi-phase capstone project simulating a cyber crisis inside a healthcare research environment, inspired by real HIPAA regulatory pressure and the crisis narrative of films like Contagion.
The project unifies detection engineering, log ingestion, cloud forensics, and automated containment into one integrated system.

How can a small cloud-based SOC (or MSSP) detect, investigate, and automatically contain high-risk security events in a healthcare research environment—without drowning in manual work or violating compliance expectations?

Healthcare organizations face strict regulatory requirements and higher consequences for breaches.
This project models a research center (GVRDC) where:

• Logs represent “patient zero evidence”
• Attacks simulate pathogen spread
• Containment automation functions as a “cyber vaccine”
• Documentation supports auditability and HIPAA-aligned investigation

This creates a realistic, high-impact crisis narrative that demonstrates why security automation matters.

• Designed and reasoned through the AWS-native log ingestion flow:
  CloudTrail → CloudWatch Logs → S3 → Athena
• Conducted forensic analysis of “patient zero” activity
• Wrote detection logic aligned with real cloud misuse patterns
• Produced evidence-driven architecture documentation
• Collaborated with team roles to pair technical setup with clear write-ups
• Identified IAM permission blockers and documented intended architecture, constraints, and recovery steps

• Detection rule development
• Timeline reconstruction using Athena + CloudTrail
• EventBridge → Lambda automated containment
• VPC + S3 logging foundations for evidence preservation
• Clear, repeatable documentation for engineering + executive audiences

This is the team’s flagship project and represents the bulk of my Sprint 6 deliverables.

Repo:
Windows Server 2022 enterprise deployment lab – VirtualBox environment simulating Active Directory, DNS, and domain configuration: https://github.com/ldodson10/windows-server-2022-deployment-lab

A standalone VirtualBox lab simulating a small enterprise Active Directory environment used to build foundational on-premise IT and security skills.

• Windows Server 2022 configuration
• Active Directory Domain Services
• DNS, user/group creation, and basic domain hardening
• Enterprise-style network segmentation concepts

This lab demonstrates understanding of traditional IT infrastructure—knowledge still required for real SOC and IR roles, especially when hybrid cloud environments are involved.

Before and alongside cybersecurity, I’ve worked in:

• Fashion & Costume Design – Peabody & Satellite Award–winning productions
• Art Direction & Visual Storytelling
• Pet-Care & Luxury Service Branding – The Pawtier House (concept in progress)

What this adds to my security work:

• Strong visual communication (diagrams, flows, layouts)
• High standard for how documentation looks and reads
• Empathy for non-technical stakeholders who need security explained in plain language

• CompTIA Security+ vs. AWS Certified Security (deciding the best first move and aligning with my AWS background)
• Deeper SIEM workflows: enrichment, correlation rules, and practical dashboards
• More robust Terraform usage to fully codify my AWS labs
• How to merge cybersecurity, branding, and pet-care into a sustainable, multi-stream career

I’m open to:

• Entry-level and apprenticeship-style roles in Security Operations, Cloud Security, or Detection Engineering
• Projects where I can:
  • Stand up or document security labs
  • Clean up chaotic GitHub repos & READMEs
  • Help teams tell a clear, compelling story about their security posture

Let’s connect:

• LinkedIn: (https://www.linkedin.com/in/latdod/)
• GitHub: @ldodson10
• Email: ([email protected])

If you’re building security programs, training pathways, or creative tech projects and need someone who can own both the work and the documentation, I’d love to talk.