Andrew Nakamura
About Me
andy@andynakamura.com
(423) 799-1999
Results-driven Cybersecurity Engineer with experience in planning, analysis and implementing security initiatives. Strong collaborator with success in owning technical engagements and guiding implementation projects. Point of contact for security-related issues and deployment of cloud and on-prem security solutions. Knowledgeable on security frameworks and requirements for policy development and risk assessments.
Work Experience
2021 - Present
System Administrator IV
California
This is where I started my cybersecurity career. It was here that I obtained my CISSP and took the lead role of Microsoft Defender and Microsoft Intune. I handle all the deployments, upgrades, policies, threat mitigation and vulnerability assessments. I am currently wrapping up our NIST assessment and soon will begin our ISO 27001 first stage audit later in January 2025.
2012 - Dec 2020
EDW Architect I Data Warehousing
Keck Medicine of USC, Los Angeles, California
I was the lead SQL Server database administrator maintaining all the sysadmin functions for the hospital. However, to be honest, I got burnt out and no longer want to do anything related to Data Engineering, unless it has a vulnerability! I enjoy tools like sqlmap, which I think are amazing.
Of course, this makes me understand the sql injections better, but after being heavily involved in SQL PASS and going to their annual conferences, I decided it was time to break from the database world and move to something more amazing:Â Cybersecurity.
Trainings
2024
Incident Response Foundations - Dec 2024
Antisyphon online
Verdict:Â 7.5
I wanted to give this a higher rating because I learned a lot. However, the labs were a bit of a disappointment. They didn’t really hammer the concepts we were learning so I think there was a bit of a disconnect.
Try Hack Me - Advent of Cyber - Dec 2024
online
Verdict:Â 9.0
I learned quite a bit from taking this year’s AoC. I really enjoyed the shellcode module which demonstrated how to get around Microsoft Defender. Now, I want to learn more about shell code!
I’ve had this account for a little more than a year and already rank at 13019 top 1% (if that means anything)
DEFCON 32 - 2024
Las Vegas Convention Center
Verdict:Â 9.0
I went in blind to this conference although I watched many YouTube videos for information nothing can really prepare you for the experience.
It is like an all night party with hackers 24 hours a day for 4 days straight. Unfortunately, I was coming off my second COVID exposure with a few days of being “recovered”. I had to take it easy and didn’t go to any evening networking events aside from the Toxic BBQ.
It is here where I thought my passion would start in Bug Bounty Village since this is where I hung out most of time. Â
I did win the Galaxy tablet and *almost* twice at that! I told the hosts I won it and volunteered it up for someone else.
Certifications
2023
ISO 27001 Lead Implementer
PECB
When I received my CISSP, I was still new to the GRC world. Management thought it best to go through the ISO 27001 training and push our organization to becoming ISO 27001 certified.
We will hit that goal in Q1 of 2025!
2022
CISSP
ISC2
My manager incentivized me to take this certification since he had also just recently passed back in 2021. He said he would cover the exam costs but really wanted me to take it. However, he needed me to take it in 4 months! I had to buckle down and forgo all my other responsibilities for a time. I still can not thank all the help from discord and everyone else in that journey.
Education
1991
Bachelors Of Political Science
University of California, Los Angeles (UCLA)
Yes, I actually have a degree from long ago. Although originally my thought was to go to law school after college, I was paying this by myself with my part-time job. I had to bail out once I saw that it would be difficult, or so I thought at the time to continue another 3 years of law school for something I wouldn’t enjoy.
In hindsight, I should have went to to the military and then got some cushy job with the government or with BIG tech, since they were small techs back then.
And yea, I can bring in a transcript if HR really wants it.
Skills & Expertise
Microsoft Defender
Expert at deploying, configuring and managing Defender for Endpoint
Deployed Defender to enterprise with 380 users and 800 devices.
Implmented Enterprise Mobile to 100 iOS and Android devices and built conditional access policies restricting personal devices. Â
Incident Response
Skills in responding to and managing security incidents using Microsoft Defender.
Responded quickly to several true positive incidents in executive account takeover. Mitigated threat by notifying management and end user and brought compromised asset back into asset inventory for analysis.Â
Threat Detection and Response
Experience in identifying and mitigating security threats using Microsoft Defender’s tools.
Ability to run KQL queries against Sentinel and Defender and investigate incidents and potential threats.
Breakin' Boxes
Divi Product Launch
Lorem ipsum dolor sit amet consectetur adipiscing.
Divi Product Launch
Lorem ipsum dolor sit amet consectetur adipiscing.
Divi Product Launch
Lorem ipsum dolor sit amet consectetur adipiscing.
Divi Product Launch
Lorem ipsum dolor sit amet consectetur adipiscing.