Angelo Frammartino

Cybersecurity Engineer | Security Operations & Incident Response | Vulnerability Management & Risk Analysis

Specializing in enterprise security solutions, SIEM monitoring, and privileged access management across multi-state environments

View My Work

About Me

Results-driven Cybersecurity Engineer with over 3+ years of experience in incident response, vulnerability management, and enterprise security operations across multi-state environments. Currently serving as the regional IT security representative for four offices at Eide Bailly LLP. Proven success in improving organizational security posture, having increased overall compliance and defense maturity from 50% to 85% at Apple Growth Partners. Recognized for efficient and proactive risk analysis and SIEM alert response, with a strong record of strengthening security frameworks and reducing risk across hybrid infrastructures.

Expertise in SIEM monitoring, risk management, malware analysis, privileged access management, and Microsoft 365 security operations. Experienced in managing enterprise-level threat detection, vulnerability assessment, and incident response workflows to ensure consistent protection across complex environments. Skilled in implementing and maintaining security controls through Microsoft Defender XDR, Intune, and Azure AD to strengthen endpoint protection and identity management. Adept at conducting proactive risk assessments, automating remediation processes, and improving overall security posture through data-driven analysis and continuous improvement. Certified in ISC2 SSCP, CompTIA SecurityX (CASP+), CySA+, Security+, and PenTest+, demonstrating a strong commitment to professional growth and cybersecurity excellence.

Security Operations

SIEM monitoring, incident response, threat detection, malware analysis

Vulnerability Management

Risk analysis, proactive assessments, patch management, security controls

Microsoft 365 Security

Defender XDR, Intune, Azure AD, Endpoint Manager, MDM

Privileged Access Management

BeyondTrust Bomgar, Delinea Secret Server, IAM solutions

Enterprise Protection

Multi-state security operations, hybrid infrastructure, compliance monitoring

Incident Response

Alert response, security workflows, automated remediation, continuous improvement

Identity Management

Azure AD, endpoint protection, identity security, authentication systems

Risk Management

Data-driven analysis, security posture improvement, defense maturity enhancement

Featured Projects

EntropyX - Hybrid File Compression Application Featured

Cross-platform desktop application built with Electron-Python hybrid architecture for enterprise-grade file compression and encryption. Developed modular Python backend integrating FFmpeg, Ghostscript, and Cryptography libraries with modern Electron frontend for seamless user experience.

Architecture & Development: Designed modular backend with compression.py handling FFmpeg/Ghostscript integration, encryption.py managing AES-256 encryption via Cryptography.Fernet, database.py implementing SQLite with encrypted storage, and config.py centralizing settings management. Built responsive Electron frontend with HTML/CSS/JavaScript interfacing with Python through child processes.

Security Implementation: Implemented comprehensive security framework including AES-256 encryption for file protection, path traversal detection and prevention, filename sanitization against injection attacks, tiered file size limits (25MB-500MB based on tier), encrypted SQLite database storage, and multi-layer input validation throughout the application stack.

Performance & Features: Achieved up to 70% file size reduction across 10+ formats (MP4, AVI, MOV, MP3, WAV, JPG, PNG, PDF, DOCX, ZIP). Developed intelligent compression strategies with configurable quality settings, real-time progress tracking, batch processing capabilities, and automatic format detection with appropriate compression algorithms.

Electron Python FFmpeg AES-256 Ghostscript SQLite

Technical Achievements

  • Built hybrid Electron-Python architecture with IPC communication between frontend and backend processes
  • Integrated FFmpeg for professional video/audio compression with configurable bitrate and codec settings
  • Implemented Ghostscript for PDF compression and optimization while maintaining document integrity
  • Developed AES-256 encryption system using Cryptography.Fernet for secure file protection
  • Created tiered access system with three user levels (Basic, Professional, Enterprise) with varying capabilities
  • Engineered encrypted SQLite database with role-based access control and audit logging
  • Built batch processing engine for handling multiple files with progress tracking and error handling
  • Designed modular codebase allowing easy integration of additional compression formats and algorithms
  • Implemented comprehensive input validation and sanitization to prevent security vulnerabilities
  • Developed cross-platform compatibility ensuring consistent performance across Windows, macOS, and Linux

Sangria Tempest Ransomware Analysis & Mitigation Incident Response

Detected, analyzed, and successfully contained a sophisticated ransomware campaign targeting enterprise users through a spoofed WSJ domain. Conducted comprehensive malware analysis in a sandboxed environment, documented MITRE ATT&CK tactics, and collaborated with Microsoft to add detection signatures to Defender definitions.

Incident Detection & Response: Identified malicious domain (wsj.pm) impersonating legitimate wsj.com through Microsoft Defender alert. Immediately isolated affected endpoint preventing network propagation. Conducted user interview and forensic analysis, confirming containment before ransomware deployment. Performed threat neutralization using Microsoft Defender, Malwarebytes, and HitManPro scanning.

Malware Analysis: Analyzed WSJ.msix package (1.02 MB containing 19 files) and embedded PowerShell script (TsxJNxhxMJfQTd.ps1) in isolated environment. Identified malicious domains (cdn41.space, netsupportsoftware.com), contacted IPs, and dropped files (Client32.ini). Documented complete MITRE ATT&CK framework mapping across 15+ techniques including defense evasion, credential access, persistence, and command & control.

Threat Intelligence & Remediation: Submitted malware samples to VirusTotal revealing 12/61 vendor detection rate initially. Provided comprehensive analysis to Microsoft Security Response Center including file hashes (MD5, SHA-1, SHA-256), behavioral analysis, registry modifications, and shell commands. Microsoft confirmed addition of detection signatures to next definition update, protecting global user base from this threat actor.

Incident Response Malware Analysis MITRE ATT&CK Forensics Threat Intelligence Microsoft Defender VirusTotal

Key Accomplishments

  • Prevented enterprise-wide ransomware outbreak through rapid detection and endpoint isolation within minutes of initial alert
  • Conducted comprehensive malware analysis identifying 15+ MITRE ATT&CK techniques across multiple tactics
  • Reverse-engineered PowerShell obfuscation revealing keylogging, credential theft, and C2 communication capabilities
  • Identified evasion techniques including VM detection, extended sleep timers (3+ minutes), and sandbox awareness
  • Documented complete infection chain from phishing domain through payload delivery and execution attempts
  • Collaborated with Microsoft Security Response Center resulting in global detection signature deployment
  • Created detailed 13-page technical report with IOCs, file hashes, network artifacts, and remediation procedures
  • Implemented organizational security improvements including enhanced email filtering and user security awareness training
  • Established repeatable incident response playbook for future malware threats based on this engagement

Enterprise Cybersecurity Home Lab & Gaming Network Capstone

Comprehensive cybersecurity capstone project combining network architecture, Active Directory implementation, penetration testing, and technical documentation. Built a fully functional private gaming network with enterprise-grade security testing and hardening.

Network Infrastructure: Designed and configured multi-tier network topology using 3 Cisco 1921 routers, 1 Cisco 2960 switch, with VLSM subnetting (Class B). Implemented static routing, DHCP services across multiple networks, and complete physical cable management for all hardwired connections.

Server Implementation: Deployed Windows Server 2012 with Active Directory Domain Services (ADDS), created domain forest (CIS.local), managed user accounts and authentication, and configured Minecraft gaming server with Java integration.

Security Testing: Conducted comprehensive vulnerability assessments using Kali Linux tools including OpenVAS for vulnerability scanning, Metasploit Framework for exploitation, nmap for network reconnaissance, and custom tools for DHCP starvation attacks.

Active Directory Networking Penetration Testing Windows Server VLSM Metasploit

Key Achievements

  • Successfully exploited MS17-010 (EternalBlue) vulnerability via SMB protocol using Metasploit psexec module
  • Demonstrated LDAP privilege escalation using noPac exploit to impersonate domain administrator
  • Executed and mitigated DHCP starvation attack using Yersinia, implementing port security on Cisco switch
  • Configured port-security with MAC address sticky learning and maximum connection limits
  • Implemented complete patch management cycle: vulnerability discovery → exploitation → remediation → verification
  • Documented entire project in 35-page technical manual with detailed CLI commands, network diagrams, and screenshots
  • Managed 4 networks (A, B, C, D) with proper subnetting and inter-VLAN routing
  • Created comprehensive instruction manual covering router configuration, VM setup, Active Directory deployment, and security testing procedures

Security Posture Improvement - Apple Growth Partners

Improved organizational security posture from 50% to 85%. Implemented vulnerability remediation, patch management, and comprehensive security monitoring using Microsoft Defender XDR and KnowBe4.

Vulnerability Management Security Admin Defender XDR

Industrial Control Systems (ICS) Network

Designed and configured multi-subnet ICS environment with SCADA systems, DMZ, and corporate network using VLSM. Implemented firewall policies, static routing, and network segmentation for critical infrastructure protection.

SCADA Network Architecture ICS Security

Snort IDS Implementation & Rule Development

Installed and configured Snort on Kali Linux for intrusion detection. Created custom detection rules for phishing, unauthorized SMB access, port scanning, and malicious IP communication across multi-tier network architecture.

Snort IDS Rule Writing

Digital Forensics with Autopsy

Conducted forensic analysis on Kali Linux VM using Autopsy. Performed data source ingestion, configured hash lookup and encryption detection modules, and analyzed file systems to identify artifacts and deleted files.

Digital Forensics Autopsy Evidence Analysis

MITRE ATT&CK Threat Advisory

Developed comprehensive threat advisory documenting 12 MITRE ATT&CK tactics with techniques and mitigations. Covered initial access through impact stages including persistence, privilege escalation, and defense evasion strategies.

MITRE ATT&CK Threat Analysis Security Research

Network Tunneling & VPN Security Analysis

Analyzed tunneling protocols (GRE, PPTP, L2TP) and IPsec security mechanisms. Researched encapsulation techniques, authentication headers, and TLS improvements over SSL for secure network communications.

VPN IPsec Network Protocols