Cybersecurity Portfolio | Brian Toback – Security & Governance

I am an early-career cybersecurity and IT operations professional with hands-on experience in security analysis, vulnerability assessment, risk evaluation, and operational security workflows. This portfolio showcases structured investigations, governance-oriented security projects, and remediation strategies aligned with enterprise security operations and NIST frameworks.

Skills

I hold CompTIA Security+ and CySA+ certifications and have completed multiple hands-on cybersecurity labs focused on security operations, risk assessment, vulnerability analysis, and governance-oriented security practices.

My technical experience includes log analysis, incident documentation, qualitative risk assessment using NIST SP 800-30, and security control evaluation aligned with the NIST Cybersecurity Framework (CSF). I also have foundational experience with Windows environments, authentication concepts, and operational security workflows.

I bring a structured, analytical approach to security investigations and am comfortable translating technical findings into clear, business-relevant recommendations.

Experience

Cybersecurity Operations & Governance Projects

Independent / Self-Directed Experience

• Conducted internal security audits and risk assessments for simulated organizations, identifying control gaps, compliance issues, and security risks using the NIST Cybersecurity Framework (CSF).

• Analyzed and documented security incidents, including denial-of-service (DoS) attacks, by identifying root causes, impacted systems, and response actions, while developing recommendations to improve detection and prevention.

• Performed vulnerability assessments on exposed systems by evaluating threat sources, likelihood, and business impact, and proposing remediation and mitigation strategies to reduce organizational risk.

• Worked with operational security concepts including log review, incident documentation, alert analysis, and communicating findings to stakeholders.

• Developed structured incident reports, remediation recommendations, and security documentation suitable for stakeholder review and portfolio presentation.