Angelo F Signature

Angelo Frammartino

Security Analyst | Access Control & Data Loss Prevention | Threat Monitoring & Response

With over three years of experience in incident response, vulnerability management, and SIEM-based threat analysis from my work at Apple Growth Partners, I helped raise the firm’s security compliance from 50 percent to 85 percent through malware remediation, alert investigation, and root cause analysis.

In my current role as a Security Analyst at The Timken Company, I focus on information security operations including threat detection, access control, data loss prevention, and security monitoring across the enterprise environment.

Outside of work, I continue building practical security tools, including The EntropyX Platform, my enterprise compression suite, identity governance platform and home network security application.

View My Work

About Me

Results-driven IT Analyst with over 3+ years of experience in incident response, vulnerability management, and enterprise security operations across multi-state environments. Currently serving as an IT Analyst at The Timken Company, focused on information security and security operations. Proven success in improving organizational security posture, having increased overall compliance and defense maturity from 50% to 85% at Apple Growth Partners. Recognized for efficient and proactive risk analysis and SIEM alert response, with a strong record of strengthening security frameworks and reducing risk across hybrid infrastructures.

Expertise in SIEM monitoring, risk management, malware analysis, privileged access management, and Microsoft 365 security operations. Experienced in managing enterprise-level threat detection, vulnerability assessment, and incident response workflows to ensure consistent protection across complex environments. Skilled in implementing and maintaining security controls through Microsoft Defender XDR, Intune, and Azure AD to strengthen endpoint protection and identity management. Adept at conducting proactive risk assessments, automating remediation processes, and improving overall security posture through data-driven analysis and continuous improvement. Certified in ISC2 SSCP, CompTIA SecurityX (CASP+), CySA+, Security+, and PenTest+, demonstrating a strong commitment to professional growth and cybersecurity excellence.

Security Operations

SIEM monitoring, incident response, threat detection, malware analysis

Vulnerability Management

Risk analysis, proactive assessments, patch management, security controls

Microsoft 365 Security

Defender XDR, Intune, Azure AD, Endpoint Manager, MDM

Privileged Access Management

BeyondTrust Bomgar, Delinea Secret Server, IAM solutions

Enterprise Protection

Multi-state security operations, hybrid infrastructure, compliance monitoring

Incident Response

Alert response, security workflows, automated remediation, continuous improvement

Identity Management

Azure AD, endpoint protection, identity security, authentication systems

Risk Management

Data-driven analysis, security posture improvement, defense maturity enhancement

Experience

IT AnalystCurrent

The Timken Company — North Canton, OH
2026 – Present

Support Engineer

Eide Bailly LLP — Akron, OH
06/2024 – 02/2026

Served as the primary local IT and end-user computing representative for the Great Lakes region, encompassing 5 offices across Ohio, Illinois, and Virginia. Managed laptop deployment, provisioning, and decommissioning for new hires and terminations.

Ensured vulnerability remediation and patch management for regional laptops and network devices. Managed Active Directory objects for seamless onboarding, access control, and inventory accuracy. Utilized BeyondTrust Bomgar for remote support, and leveraged Delinea Secret Server and Connection Manager to secure privileged access and monitor remote sessions. Used ServiceNow to manage incidents and user requests.

IT Support Specialist

Apple Growth Partners — Akron, OH
01/2022 – 06/2024

Acted as cybersecurity administrator, monitoring Microsoft Defender SIEM, responding to alerts, performing malware remediation and analysis, conducting root cause analysis, and producing executive documentation. Raised firm-wide security compliance from 50% to 85%.

Managed KnowBe4 cybersecurity awareness and training programs. Used FreshService to respond to helpdesk tickets and worked within a small team to maintain day-to-day applications. Deployed, provisioned, updated, and maintained user laptops across the firm.

IT Support Desk (Internship)

Crum and Forster Pet Insurance — Akron, OH
03/2021 – 11/2021

Responded to ServiceNow tickets with clear and effective end-user communication. Collaborated with a team of 8 and cross-departmental staff to resolve technical issues. Managed Active Directory objects on-prem and assisted users with account access. Set up, maintained, and decommissioned desk hardware for office users.

College of Business, Lab Assistant

The University of Akron — Akron, OH
08/2018 – 06/2021

Worked independently and collaboratively as part of a 7-member lab assistant team supporting five labs. Maintained up-to-date computer systems by implementing the latest security updates and best practices. Diagnosed and resolved PC issues, selecting and applying the most effective solutions.

Featured Projects

EntropyX Essentials - Secure Desktop Security Suite New Release

A comprehensive desktop security application combining password management, encrypted notes, secure file vault, and powerful PDF tools into a single offline-first solution. Built with Electron and React, featuring AES-256 encryption with 100K PBKDF2 iterations for maximum security.

Password Vault: Military-grade password manager with AES-256 encryption, secure password generator, category organization, favorites system, and password health monitoring. Features clipboard auto-clear, strength analysis, and duplicate/weak password detection across your entire vault.

Encrypted Notes: Secure note-taking for sensitive information including API keys, recovery phrases, and confidential documents. All notes are encrypted at rest and only decrypted in memory when accessed.

PDF Toolbox: Complete suite of PDF tools including compression, merging, splitting, page extraction, rotation, password protection, and DOCX/image to PDF conversion. All processing happens locally without uploading to third-party services.

File Vault & Directory Mapper: Encrypted file storage with drag-and-drop interface plus advanced folder structure scanning with filtering, size analysis, and export to JSON/CSV/TXT formats.

Electron React AES-256 Encryption PBKDF2 PDF Processing Password Management Local Storage Gumroad License
Learn More & Purchase →

Key Features & Accomplishments

  • AES-256 encryption with 100,000 PBKDF2 iterations for unbreakable security
  • Complete offline functionality after initial license activation
  • 8 PDF tools: compress, merge, split, extract, rotate, protect, DOCX convert, images to PDF
  • Password health dashboard with weak, reused, and old password detection
  • 12-word recovery key system for secure account recovery
  • Auto-lock protection with configurable timeout (1-60 minutes)
  • Clipboard auto-clear for copied passwords (30 seconds)
  • Multiple themes: Dark, Light, Midnight Blue, Emerald
  • Machine-bound licensing with 7-day offline grace period
  • One-time $25 purchase with lifetime updates included
  • Zero cloud dependencies - your data never leaves your device
  • Directory mapper with advanced filtering and export options
  • Rate-limited vault unlock (5 attempts) with progressive lockout protection
  • Secure memory handling - sensitive data cleared from memory after use
  • Built-in password generator with customizable length and character sets
  • Import/export functionality for password vault backup
  • Real-time password strength meter with entropy calculation

EntropyX Paladino - Network Security Monitor New Release

Desktop application that monitors home networks in real-time, identifying every connected device, flagging security vulnerabilities, and alerting you to unauthorized access. Integrates with major router brands, checks IPs and URLs against threat databases, and generates actionable security reports — all without subscription fees or cloud dependencies.

Network Monitoring: Real-time device discovery using ARP scanning with 500+ MAC vendor fingerprints for automatic identification of phones, TVs, cameras, gaming consoles, and IoT devices. Multi-brand router integration pulls connected clients, traffic stats, and logs directly from ASUS, Netgear, TP-Link, Linksys, and Ubiquiti routers. Interactive network map displays your entire topology at a glance with bandwidth monitoring and hourly/daily traffic breakdowns per device.

Threat Intelligence: IP reputation checking via AbuseIPDB to identify addresses flagged for malicious activity. URL and link safety scanning catches phishing attempts before you click. Password breach verification using Have I Been Pwned's database of billions of compromised credentials. Domain scanning against DNS blocklists and Google Safe Browsing for comprehensive protection.

Security & Alerting: Security score calculated from real findings including open ports, default credentials, firmware status, and encryption settings. Actionable recommendations tell you not just what's wrong, but how to fix it. Email alerts via SMTP integration (Gmail, Outlook) notify you when new devices join your network. Scheduled scanning keeps you protected without lifting a finger.

Advanced Features: Port scanning across 31 common ports with risk assessment and service detection. Syslog listener parses router logs for suspicious events in real-time. Full reporting in HTML, CSV, or JSON formats for documentation or further analysis.

Electron React ARP Scanning Network Discovery Threat Intelligence Router Integration Port Scanning Local Processing
Learn More →

Key Features & Capabilities

  • Real-time ARP scanning with 500+ MAC vendor fingerprints for device identification
  • Automatic device categorization: phones, TVs, cameras, gaming consoles, IoT devices
  • Multi-brand router support: ASUS, Netgear, TP-Link, Linksys, Ubiquiti
  • Interactive network topology map with drag-and-drop visualization
  • Bandwidth monitoring with hourly and daily traffic breakdowns per device
  • Port scanning across 31 common ports with risk assessment scores
  • IP reputation checking via AbuseIPDB threat intelligence
  • URL safety scanning to catch phishing and malicious links
  • Password breach verification using Have I Been Pwned database
  • Domain scanning against DNS blocklists and Google Safe Browsing
  • Security score based on open ports, credentials, firmware, and encryption
  • Actionable remediation recommendations for every finding
  • Email alerts via SMTP when new devices join your network
  • Scheduled scanning with configurable intervals
  • Syslog listener for real-time router log parsing
  • Export reports in HTML, CSV, or JSON formats
  • Zero subscription fees — one-time purchase with lifetime updates
  • Complete offline operation — no cloud dependencies

EntropyX - Compression Suite & Identity Governance Platform Featured

Dual-platform enterprise software solution combining cross-platform file compression technology with a full-stack multi-cloud identity governance system. Built with Electron-Python hybrid architecture for the compression suite and FastAPI-React stack for the governance platform.

Compression Suite: Cross-platform desktop application using Electron frontend with modular Python backend integrating FFmpeg, Ghostscript, and Cryptography libraries. Achieves up to 70% file size reduction across 10+ formats (MP4, AVI, MOV, MP3, WAV, JPG, PNG, PDF, DOCX, ZIP) with AES-256 encryption, batch processing, and tiered access control.

Identity Governance Platform: Full-stack web application integrating with Google Workspace, AWS IAM, and Azure Active Directory for unified identity management. Features real-time user/group/permission syncing, automated access review campaigns, AI-powered vendor risk assessment using Claude API, and comprehensive compliance reporting across all three cloud platforms.

Security Implementation: Implemented comprehensive security framework including AES-256 database encryption with Fernet, encrypted credential storage using PBKDF2-HMAC-SHA256 key derivation, credential auto-migration from plaintext to encrypted format, SQL injection prevention, input validation, and secure API authentication. Built GUI-based encryption management tool for database protection.

Python FastAPI SQLite3 SQLAlchemy Electron + React AWS IAM Azure AD Google Workspace AES-256 Encryption Typescript Javascript Ghostscript Tiered Access Control Secure & Local Compression

Technical Achievements

  • Built hybrid Electron-Python architecture with IPC communication for cross-platform desktop deployment
  • Integrated FFmpeg for video/audio compression achieving up to 70% file size reduction
  • Implemented Ghostscript integration for PDF compression and DOCX to PDF conversion
  • Developed AES-256 file encryption using Cryptography.Fernet for secure file protection
  • Created batch processing engine supporting 10+ formats (MP4, AVI, MP3, WAV, JPG, PNG, PDF, DOCX, ZIP)
  • Designed tiered access system with configurable file size limits per user tier (Basic, Professional, Enterprise)
  • Built async FastAPI backend with SQLAlchemy ORM and SQLite database for governance platform
  • Integrated AWS IAM, Azure Active Directory, and Google Workspace APIs for unified identity sync
  • Implemented AES-256 database encryption using Fernet with automatic plaintext detection on startup
  • Created secure credential storage with PBKDF2-HMAC-SHA256 key derivation (100,000 iterations)
  • Developed AI-powered vendor risk questionnaire analysis using Anthropic Claude API
  • Engineered access review campaign system with reviewer assignment and audit event logging
  • Built automated compliance reports including access summary, risk assessment, and privileged access reports
  • Designed React frontend with real-time sync status and user/group/permission dashboards
  • Implemented credential auto-migration from plaintext JSON to encrypted format on first read
  • Created GUI-based database encryption manager with plaintext backup and restore functionality
  • Built IOC enrichment service integrating VirusTotal, AbuseIPDB, and AlienVault OTX APIs
  • Implemented natural language database query interface powered by Claude AI

Sangria Tempest Ransomware Analysis & Mitigation Incident Response

Detected, analyzed, and successfully contained a sophisticated ransomware campaign targeting enterprise users through a spoofed WSJ domain. Conducted comprehensive malware analysis in a sandboxed environment, documented MITRE ATT&CK tactics, and collaborated with Microsoft to add detection signatures to Defender definitions.

Incident Detection & Response: Identified malicious domain (wsj.pm) impersonating legitimate wsj.com through Microsoft Defender alert. Immediately isolated affected endpoint preventing network propagation. Conducted user interview and forensic analysis, confirming containment before ransomware deployment. Performed threat neutralization using Microsoft Defender, Malwarebytes, and HitManPro scanning.

Malware Analysis: Analyzed WSJ.msix package (1.02 MB containing 19 files) and embedded PowerShell script (TsxJNxhxMJfQTd.ps1) in isolated environment. Identified malicious domains (cdn41.space, netsupportsoftware.com), contacted IPs, and dropped files (Client32.ini). Documented complete MITRE ATT&CK framework mapping across 15+ techniques including defense evasion, credential access, persistence, and command & control.

Threat Intelligence & Remediation: Submitted malware samples to VirusTotal revealing 12/61 vendor detection rate initially. Provided comprehensive analysis to Microsoft Security Response Center including file hashes (MD5, SHA-1, SHA-256), behavioral analysis, registry modifications, and shell commands. Microsoft confirmed addition of detection signatures to next definition update, protecting global user base from this threat actor.

Incident Response Malware Analysis MITRE ATT&CK Forensics Threat Intelligence Microsoft Defender VirusTotal

Key Accomplishments

  • Prevented enterprise-wide ransomware outbreak through rapid detection and endpoint isolation within minutes of initial alert
  • Conducted comprehensive malware analysis identifying 15+ MITRE ATT&CK techniques across multiple tactics including evasion, credential access, discovery, collection, and command & control
  • Reverse-engineered PowerShell obfuscation revealing keylogging, credential theft, web session cookie stealing, and C2 communication capabilities
  • Identified advanced evasion techniques including VM detection, extended sleep timers (3+ minutes), sandbox awareness, disk information queries, and guard page creation to prevent reverse engineering
  • Documented complete infection chain from phishing domain (wsj.pm) through MSIX package delivery, PowerShell execution, and NetSupport RAT deployment attempts
  • Identified malicious infrastructure including cdn41.space domain, netsupportsoftware.com callbacks, and C2 IPs (104.18.20.226, 104.18.21.226)
  • Revealed detection gaps with major vendors (Microsoft, McAfee, Malwarebytes, Avast, Fortinet, CrowdStrike initially undetected) while Google, Kaspersky, and BitDefender flagged the threat
  • Documented 12+ shell commands for persistence including PowerShell execution policy bypass, Internet Explorer SCODEF parameters, and SecurityHealthService interaction
  • Collaborated with Microsoft Security Response Center (Submission ID: d6a9379c-5b3c-41bd-b578-a8a570574c7) resulting in global detection signature deployment
  • Created detailed 13-page technical report with IOCs, file hashes, network artifacts, MITRE framework mappings, and remediation procedures
  • Identified NTFS file attribute manipulation and hidden file/directory creation for stealth persistence on compromised endpoints
  • Implemented organizational security improvements including enhanced email filtering, DNS blacklisting, and user security awareness training on phishing indicators
  • Established repeatable incident response playbook including containment procedures, forensic collection, sandbox analysis workflow, and vendor coordination

Enterprise Cybersecurity Home Lab & Gaming Network Capstone

Comprehensive cybersecurity capstone project combining network architecture, Active Directory implementation, penetration testing, and technical documentation. Built a fully functional private gaming network with enterprise-grade security testing and hardening.

Network Infrastructure: Designed and configured multi-tier network topology using 3 Cisco 1921 routers, 1 Cisco 2960 switch, with VLSM subnetting (Class B). Implemented static routing, DHCP services across multiple networks, and complete physical cable management for all hardwired connections.

Server Implementation: Deployed Windows Server 2012 with Active Directory Domain Services (ADDS), created domain forest (CIS.local), managed user accounts and authentication, and configured Minecraft gaming server with Java integration.

Security Testing: Conducted comprehensive vulnerability assessments using Kali Linux tools including OpenVAS for vulnerability scanning, Metasploit Framework for exploitation, nmap for network reconnaissance, and custom tools for DHCP starvation attacks.

Active Directory Networking Penetration Testing Windows Server VLSM Metasploit

Key Achievements

  • Successfully exploited MS17-010 (EternalBlue) vulnerability via SMB protocol using Metasploit psexec module
  • Demonstrated LDAP privilege escalation using noPac exploit to impersonate domain administrator
  • Executed and mitigated DHCP starvation attack using Yersinia, implementing port security on Cisco switch
  • Configured port-security with MAC address sticky learning and maximum connection limits
  • Implemented complete patch management cycle: vulnerability discovery → exploitation → remediation → verification
  • Documented entire project in 35-page technical manual with detailed CLI commands, network diagrams, and screenshots
  • Managed 4 networks (A, B, C, D) with proper subnetting and inter-VLAN routing
  • Created comprehensive instruction manual covering router configuration, VM setup, Active Directory deployment, and security testing procedures

Security Posture Improvement - Apple Growth Partners

Improved organizational security posture from 50% to 85%. Implemented vulnerability remediation, patch management, and comprehensive security monitoring using Microsoft Defender XDR and KnowBe4.

Vulnerability Management Security Admin Defender XDR

Industrial Control Systems (ICS) Network

Designed and configured multi-subnet ICS environment with SCADA systems, DMZ, and corporate network using VLSM. Implemented firewall policies, static routing, and network segmentation for critical infrastructure protection.

SCADA VLSM Configuration Network Architecture ICS Security

Snort IDS Implementation & Rule Development

Installed and configured Snort on Kali Linux for intrusion detection. Created custom detection rules for phishing, unauthorized SMB access, port scanning, and malicious IP communication across multi-tier network architecture.

Snort Kali Linux IDS Rule Writing

Digital Forensics with Autopsy

Conducted forensic analysis on Kali Linux VM using Autopsy. Performed data source ingestion, configured hash lookup and encryption detection modules, and analyzed file systems to identify artifacts and deleted files.

Digital Forensics Autopsy Evidence Analysis

MITRE ATT&CK Threat Advisory

Developed comprehensive threat advisory documenting 12 MITRE ATT&CK tactics with techniques and mitigations. Covered initial access through impact stages including persistence, privilege escalation, and defense evasion strategies.

MITRE ATT&CK Threat Analysis Security Research

Network Tunneling & VPN Security Analysis

Analyzed tunneling protocols (GRE, PPTP, L2TP) and IPsec security mechanisms. Researched encapsulation techniques, authentication headers, and TLS improvements over SSL for secure network communications.

VPN IPsec Network Protocols