Angelo Frammartino

Cybersecurity Engineer | Security Operations & Incident Response | Vulnerability Management & Risk Analysis

With over three years of experience in incident response, vulnerability management, and SIEM-based threat analysis from my work at Apple Growth Partners, I helped raise the firm’s security compliance from 50 percent to 85 percent through malware remediation, alert investigation, and root cause analysis.

In my current role at Eide Bailly, I serve as the primary local IT and end-user computing representative for the Great Lakes region, supporting four offices across Ohio and Illinois. I handle laptop deployment and decommissioning, ensure vulnerability remediation and patch compliance for regional devices, manage Active Directory objects, provide remote and onsite support, and use Delinea Secret Server and Connection Manager to manage and secure privileged access.

Outside of work, I continue building practical security tools, including EntropyX, my enterprise compression suite and identity governance platform.

View My Work

About Me

Results-driven Cybersecurity Engineer with over 3+ years of experience in incident response, vulnerability management, and enterprise security operations across multi-state environments. Currently serving as the regional IT security representative for four offices at Eide Bailly LLP. Proven success in improving organizational security posture, having increased overall compliance and defense maturity from 50% to 85% at Apple Growth Partners. Recognized for efficient and proactive risk analysis and SIEM alert response, with a strong record of strengthening security frameworks and reducing risk across hybrid infrastructures.

Expertise in SIEM monitoring, risk management, malware analysis, privileged access management, and Microsoft 365 security operations. Experienced in managing enterprise-level threat detection, vulnerability assessment, and incident response workflows to ensure consistent protection across complex environments. Skilled in implementing and maintaining security controls through Microsoft Defender XDR, Intune, and Azure AD to strengthen endpoint protection and identity management. Adept at conducting proactive risk assessments, automating remediation processes, and improving overall security posture through data-driven analysis and continuous improvement. Certified in ISC2 SSCP, CompTIA SecurityX (CASP+), CySA+, Security+, and PenTest+, demonstrating a strong commitment to professional growth and cybersecurity excellence.

Security Operations

SIEM monitoring, incident response, threat detection, malware analysis

Vulnerability Management

Risk analysis, proactive assessments, patch management, security controls

Microsoft 365 Security

Defender XDR, Intune, Azure AD, Endpoint Manager, MDM

Privileged Access Management

BeyondTrust Bomgar, Delinea Secret Server, IAM solutions

Enterprise Protection

Multi-state security operations, hybrid infrastructure, compliance monitoring

Incident Response

Alert response, security workflows, automated remediation, continuous improvement

Identity Management

Azure AD, endpoint protection, identity security, authentication systems

Risk Management

Data-driven analysis, security posture improvement, defense maturity enhancement

Featured Projects

EntropyX - Compression Suite & Identity Governance Platform Featured

Dual-platform enterprise software solution combining cross-platform file compression technology with a full-stack multi-cloud identity governance system. Built with Electron-Python hybrid architecture for the compression suite and FastAPI-React stack for the governance platform.

Compression Suite: Cross-platform desktop application using Electron frontend with modular Python backend integrating FFmpeg, Ghostscript, and Cryptography libraries. Achieves up to 70% file size reduction across 10+ formats (MP4, AVI, MOV, MP3, WAV, JPG, PNG, PDF, DOCX, ZIP) with AES-256 encryption, batch processing, and tiered access control.

Identity Governance Platform: Full-stack web application integrating with Google Workspace, AWS IAM, and Azure Active Directory for unified identity management. Features real-time user/group/permission syncing, automated access review campaigns, AI-powered vendor risk assessment using Claude API, and comprehensive compliance reporting across all three cloud platforms.

Security Implementation: Implemented comprehensive security framework including AES-256 database encryption with Fernet, encrypted credential storage using PBKDF2-HMAC-SHA256 key derivation, credential auto-migration from plaintext to encrypted format, SQL injection prevention, input validation, and secure API authentication. Built GUI-based encryption management tool for database protection.

Python FastAPI SQLite3 SQLAlchemy Electron + React AWS IAM Azure AD Google Workspace AES-256 Encryption Typescript Javascript Ghostscript Tiered Access Control Secure & Local Compression

Technical Achievements

  • Built hybrid Electron-Python architecture with IPC communication for cross-platform desktop deployment
  • Integrated FFmpeg for video/audio compression achieving up to 70% file size reduction
  • Implemented Ghostscript integration for PDF compression and DOCX to PDF conversion
  • Developed AES-256 file encryption using Cryptography.Fernet for secure file protection
  • Created batch processing engine supporting 10+ formats (MP4, AVI, MP3, WAV, JPG, PNG, PDF, DOCX, ZIP)
  • Designed tiered access system with configurable file size limits per user tier (Basic, Professional, Enterprise)
  • Built async FastAPI backend with SQLAlchemy ORM and SQLite database for governance platform
  • Integrated AWS IAM, Azure Active Directory, and Google Workspace APIs for unified identity sync
  • Implemented AES-256 database encryption using Fernet with automatic plaintext detection on startup
  • Created secure credential storage with PBKDF2-HMAC-SHA256 key derivation (100,000 iterations)
  • Developed AI-powered vendor risk questionnaire analysis using Anthropic Claude API
  • Engineered access review campaign system with reviewer assignment and audit event logging
  • Built automated compliance reports including access summary, risk assessment, and privileged access reports
  • Designed React frontend with real-time sync status and user/group/permission dashboards
  • Implemented credential auto-migration from plaintext JSON to encrypted format on first read
  • Created GUI-based database encryption manager with plaintext backup and restore functionality
  • Built IOC enrichment service integrating VirusTotal, AbuseIPDB, and AlienVault OTX APIs
  • Implemented natural language database query interface powered by Claude AI

Sangria Tempest Ransomware Analysis & Mitigation Incident Response

Detected, analyzed, and successfully contained a sophisticated ransomware campaign targeting enterprise users through a spoofed WSJ domain. Conducted comprehensive malware analysis in a sandboxed environment, documented MITRE ATT&CK tactics, and collaborated with Microsoft to add detection signatures to Defender definitions.

Incident Detection & Response: Identified malicious domain (wsj.pm) impersonating legitimate wsj.com through Microsoft Defender alert. Immediately isolated affected endpoint preventing network propagation. Conducted user interview and forensic analysis, confirming containment before ransomware deployment. Performed threat neutralization using Microsoft Defender, Malwarebytes, and HitManPro scanning.

Malware Analysis: Analyzed WSJ.msix package (1.02 MB containing 19 files) and embedded PowerShell script (TsxJNxhxMJfQTd.ps1) in isolated environment. Identified malicious domains (cdn41.space, netsupportsoftware.com), contacted IPs, and dropped files (Client32.ini). Documented complete MITRE ATT&CK framework mapping across 15+ techniques including defense evasion, credential access, persistence, and command & control.

Threat Intelligence & Remediation: Submitted malware samples to VirusTotal revealing 12/61 vendor detection rate initially. Provided comprehensive analysis to Microsoft Security Response Center including file hashes (MD5, SHA-1, SHA-256), behavioral analysis, registry modifications, and shell commands. Microsoft confirmed addition of detection signatures to next definition update, protecting global user base from this threat actor.

Incident Response Malware Analysis MITRE ATT&CK Forensics Threat Intelligence Microsoft Defender VirusTotal

Key Accomplishments

  • Prevented enterprise-wide ransomware outbreak through rapid detection and endpoint isolation within minutes of initial alert
  • Conducted comprehensive malware analysis identifying 15+ MITRE ATT&CK techniques across multiple tactics including evasion, credential access, discovery, collection, and command & control
  • Reverse-engineered PowerShell obfuscation revealing keylogging, credential theft, web session cookie stealing, and C2 communication capabilities
  • Identified advanced evasion techniques including VM detection, extended sleep timers (3+ minutes), sandbox awareness, disk information queries, and guard page creation to prevent reverse engineering
  • Documented complete infection chain from phishing domain (wsj.pm) through MSIX package delivery, PowerShell execution, and NetSupport RAT deployment attempts
  • Identified malicious infrastructure including cdn41.space domain, netsupportsoftware.com callbacks, and C2 IPs (104.18.20.226, 104.18.21.226)
  • Revealed detection gaps with major vendors (Microsoft, McAfee, Malwarebytes, Avast, Fortinet, CrowdStrike initially undetected) while Google, Kaspersky, and BitDefender flagged the threat
  • Documented 12+ shell commands for persistence including PowerShell execution policy bypass, Internet Explorer SCODEF parameters, and SecurityHealthService interaction
  • Collaborated with Microsoft Security Response Center (Submission ID: d6a9379c-5b3c-41bd-b578-a8a570574c7) resulting in global detection signature deployment
  • Created detailed 13-page technical report with IOCs, file hashes, network artifacts, MITRE framework mappings, and remediation procedures
  • Identified NTFS file attribute manipulation and hidden file/directory creation for stealth persistence on compromised endpoints
  • Implemented organizational security improvements including enhanced email filtering, DNS blacklisting, and user security awareness training on phishing indicators
  • Established repeatable incident response playbook including containment procedures, forensic collection, sandbox analysis workflow, and vendor coordination

Enterprise Cybersecurity Home Lab & Gaming Network Capstone

Comprehensive cybersecurity capstone project combining network architecture, Active Directory implementation, penetration testing, and technical documentation. Built a fully functional private gaming network with enterprise-grade security testing and hardening.

Network Infrastructure: Designed and configured multi-tier network topology using 3 Cisco 1921 routers, 1 Cisco 2960 switch, with VLSM subnetting (Class B). Implemented static routing, DHCP services across multiple networks, and complete physical cable management for all hardwired connections.

Server Implementation: Deployed Windows Server 2012 with Active Directory Domain Services (ADDS), created domain forest (CIS.local), managed user accounts and authentication, and configured Minecraft gaming server with Java integration.

Security Testing: Conducted comprehensive vulnerability assessments using Kali Linux tools including OpenVAS for vulnerability scanning, Metasploit Framework for exploitation, nmap for network reconnaissance, and custom tools for DHCP starvation attacks.

Active Directory Networking Penetration Testing Windows Server VLSM Metasploit

Key Achievements

  • Successfully exploited MS17-010 (EternalBlue) vulnerability via SMB protocol using Metasploit psexec module
  • Demonstrated LDAP privilege escalation using noPac exploit to impersonate domain administrator
  • Executed and mitigated DHCP starvation attack using Yersinia, implementing port security on Cisco switch
  • Configured port-security with MAC address sticky learning and maximum connection limits
  • Implemented complete patch management cycle: vulnerability discovery → exploitation → remediation → verification
  • Documented entire project in 35-page technical manual with detailed CLI commands, network diagrams, and screenshots
  • Managed 4 networks (A, B, C, D) with proper subnetting and inter-VLAN routing
  • Created comprehensive instruction manual covering router configuration, VM setup, Active Directory deployment, and security testing procedures

Security Posture Improvement - Apple Growth Partners

Improved organizational security posture from 50% to 85%. Implemented vulnerability remediation, patch management, and comprehensive security monitoring using Microsoft Defender XDR and KnowBe4.

Vulnerability Management Security Admin Defender XDR

Industrial Control Systems (ICS) Network

Designed and configured multi-subnet ICS environment with SCADA systems, DMZ, and corporate network using VLSM. Implemented firewall policies, static routing, and network segmentation for critical infrastructure protection.

SCADA VLSM Configuration Network Architecture ICS Security

Snort IDS Implementation & Rule Development

Installed and configured Snort on Kali Linux for intrusion detection. Created custom detection rules for phishing, unauthorized SMB access, port scanning, and malicious IP communication across multi-tier network architecture.

Snort Kali Linux IDS Rule Writing

Digital Forensics with Autopsy

Conducted forensic analysis on Kali Linux VM using Autopsy. Performed data source ingestion, configured hash lookup and encryption detection modules, and analyzed file systems to identify artifacts and deleted files.

Digital Forensics Autopsy Evidence Analysis

MITRE ATT&CK Threat Advisory

Developed comprehensive threat advisory documenting 12 MITRE ATT&CK tactics with techniques and mitigations. Covered initial access through impact stages including persistence, privilege escalation, and defense evasion strategies.

MITRE ATT&CK Threat Analysis Security Research

Network Tunneling & VPN Security Analysis

Analyzed tunneling protocols (GRE, PPTP, L2TP) and IPsec security mechanisms. Researched encapsulation techniques, authentication headers, and TLS improvements over SSL for secure network communications.

VPN IPsec Network Protocols