System Security Engineer & Penetration Tester
I help individuals and organizations strengthen their resilience to cyber threats. Drawing on both knowledge of system administration and offensive security practices, I help people understand risk, improve detection, and enhance their response.
// 01 — about me
Start with your origin story — what got you into your field? A compelling personal anecdote works great here. The more specific and human, the more memorable.
Continue with where you are today. Talk about the scale of your work, the types of problems you solve, and the kinds of organizations or people you've served. Mention what makes your approach unique.
Close with your philosophy. What do you believe about your craft? What drives you beyond just the paycheck? Authenticity here builds trust.
// 02 — expertise
Secure and maintain systems across Windows and Linux environments. Provision servers, apply patches, implement backup strategies, and troubleshoot complex infrastructure issues.
Design and enforce secure access controls that protect systems and data from unauthorized use. Manage identity, restrict privileges, and implement layered security controls.
Build and manage resilient network architectures that support secure and scalable system communication. Strong understanding of routing, segmentation, and traffic analysis.
Ensure systems meet regulatory and security standards through structured risk management and compliance practices. Apply major frameworks, including HIPAA for healthcare, PCI-DSS for financial systems, and NIST/ISO standards for broader security governance.
Leverage automation to streamline infrastructure management and reduce manual overhead. Proficient in scripting, configuration management, and CI/CD pipeline integration.
Conduct penetration tests to identify and remediate vulnerabilities before they are exploited. Test web applications, employ exploitation techniques, and analyze post-exploitation scenarios.
// 03 — career path
Responsible for Office 365 administration, including user account management, license allocation, security settings, and troubleshooting. Managed virtual server infrastructure using VMware vCenter, handling provisioning, routine maintenance, and performance monitoring. Monitored and verified daily backups to ensure data integrity and system recoverability. Trained support service technicians in technical tasks concerning Office 365 or system-related issues to improve the quality of support . Created and maintained comprehensive technical documentation covering system configurations, internal processes, and training materials.
Conducted internal penetration tests of both Active Directory (AD) and Linux environments. Completed both internal and external vulnerability assessments of select client systems. Carried out security awareness campaigns for client personnel. Compiled assessment results, common security standards, industry best practices, and recommendations for remediation in comprehensive reports that were presented to both technical and managerial members of client organizations. Worked with supervisors and colleagues to manage deadlines and workload for concurrent client engagements.
Assisted the Director of Information Security with tasks related to the maintenance of devices, software, and security initiatives. Primarily responsible for setting up new devices and handling device repairs/warranties when necessary. Played a crucial role in managing the inventory of technology resources. Conducted vulnerability assessments, suggesting remediations for found vulnerabilities.
Utilized up-to-date research correlating the use of cryptocurrency with illegal activity to create lab and lesson materials. Developed scenario for Utica University Cyber Forensics Competition, implementing compiled cryptocurrency research. Assisted the supervisor with the competition server setup and creation of team virtual machines. Managed the running of the Utica Cyber Forensics Competition, setting up registration, supporting teams in troubleshooting, and reviewing team answers/reports.
Provided individual and group tutoring for students in mathematics, computer science, and cybersecurity. Assessed students’ preferred learning methods and understanding of content to tailor tutoring sessions for more efficient use of time. Assisted students with test preparation, studying techniques, and class assignments. Maintained session notes to track and report student progress, communicating with faculty to ensure student success.
Assisted with general information security practices, an organization-wide access control review, and other various tasks assigned. Actively performed research and wrote and reviewed documentation. Exposed to incident response, auditing, and other cybersecurity processes.
// 04 — credentials
// 05 — writing
A short teaser for the article — what will the reader learn? Why should they click? Keep it to two or three sentences.
A short teaser for the article — what will the reader learn? Why should they click? Keep it to two or three sentences.
A short teaser for the article — what will the reader learn? Why should they click? Keep it to two or three sentences.
// 06 — contact
I am always happy to connect and discuss security assessments, offensive security engagements, or opportunities to help an organization strengthen their overall security posture.
✉ hlohmann.security@proton.me