CompTIA Security+ | Cybersecurity Analyst | Accessibility-Integrated Security | VanLUG Board
I'm a CompTIA Security+ certified cybersecurity analyst with hands-on lab training in incident response, digital forensics, and vulnerability assessment through Lighthouse Labs bootcamp. I bring practical IT and security experience from a small business role, plus a full-stack web development background.
What I Do:
- π Incident Response & Digital Forensics β Trained in DFIR methodology through 30+ bootcamp labs (Volatility, Autopsy, Wireshark)
- π‘οΈ Vulnerability Management β Lab experience with OpenVAS scanning, CVE analysis, CVSS scoring, and remediation planning
- π Application Security β Full-stack developer background (Node.js, React, PostgreSQL) with OWASP Top 10 awareness
- π SIEM & Log Analysis β Bootcamp training with Splunk and QRadar for alert triage, log correlation, and detection rules
- π₯ Security Awareness β Taught basic security practices to a small business team; created accessible documentation
What Sets Me Apart:
- β Practical security experience β Deployed endpoint protection (Malwarebytes), password management (Bitwarden), and firewall rules for a small assistive-device business
- β Taught basic security hygiene to a non-technical team and created training materials
- β Reviewed PIPEDA and GDPR requirements and created privacy policies for an ecommerce business
- β Accessibility-integrated security β Experience making security controls work for users of assistive technologies
- β Full-stack developer + security analyst β Understand the software development lifecycle for secure code review and AppSec work
- β Mission-driven values β Passionate about open-source, digital privacy, right-to-repair, and sustainable technology
SIEM & Log Analysis: Splunk (lab), QRadar (lab), log correlation and alert triage
Forensics & Memory Analysis: Volatility (lab), Autopsy (lab), Wireshark (lab), chain-of-custody procedures
Vulnerability Assessment: OpenVAS (lab), CVSS scoring, remediation prioritization
Web Application Security: BurpSuite (lab), OWASP ZAP (lab), secure code review
Network Security: Nmap (lab), Windows Firewall, VPN, routing & switching, Wi-Fi security
Threat Intelligence: MITRE ATT&CK mapping, threat analysis
Standards & Frameworks: NIST 800-53, ISO 27001, CIS Controls, OWASP Top 10, PCI DSS (basic), GDPR, PIPEDA, TLP classification
Languages: Python, Bash, JavaScript (ES6+), SQL, HTML5, CSS3
Backend: Node.js, Express, REST APIs, JSON processing
Frontend: React, responsive design, accessibility (WCAG 2.1)
Databases: PostgreSQL, parameterized queries (SQL Injection prevention)
Systems: Linux (Debian/Kali), Windows, macOS
DevOps: Docker, Git, CI/CD integration, GitHub Actions
Incident Response Lifecycle: Preparation β Detection β Analysis β Containment β Eradication β Recovery β Post-Incident
Communication: Technical concepts translated for non-technical audiences; security training for small business team
Documentation: Incident reports, playbooks, policies, forensic reports, threat assessments
Community Leadership: VanLUG board member, informal guidance to people exploring cybersecurity careers
Accessibility Advocacy: WCAG 2.1 compliance, neurodivergent-inclusive security practices
| Project | Focus | Highlight |
|---|---|---|
| Premium House Lights: The Heist | Full-scope DFIR investigation | Simulated ransomware attack response, root cause analysis, actionable recommendations |
| Intellectual Property Theft Investigation | Digital forensics case study | Memory analysis (Volatility), disk forensics (Autopsy), network traffic analysis, malware deployment timeline |
| LifeLabs Data Breach Audit | Real-world breach analysis | Governance audit, PIPEDA compliance assessment, breach timeline reconstruction |
| P7: IR Plan, Playbook & Policy | Incident response framework | Complete IR plan, playbooks for phishing/ransomware, escalation paths, TLP classification |
| Project | Focus | Highlight |
|---|---|---|
| P11: Secure Architecture Report | Defense-in-depth architecture | Enterprise network design, security control recommendations, attack surface mitigation |
| P6: Cat's Company Vulnerabilities | Vulnerability assessment | CVE identification, CVSS prioritization, remediation roadmap, control implementation |
| P5: Risk Management Case Study | ISO 27001 compliance | Risk matrix, controls mapping, regulatory gap analysis, compliance audit |
| P2: Report on Risks & Vulnerabilities | Security posture baseline | Risk and vulnerability assessment, prioritized remediation, management reporting |
| Project | Focus | Highlight |
|---|---|---|
| LogHawk β Security Log Monitoring Tool | Log automation & analysis | Python/Bash log parsing, anomaly detection, threat identification automation, open-source |
| P1: Network Administration | Network infrastructure security | Nmap/Wireshark analysis, network topology documentation, security baseline, audit compliance |
| Project | Security Focus | Technology |
|---|---|---|
| TinyApp | A07: Identification & Authentication Failures | bcrypt, cookie-session, secure authentication |
| Tweeter | A03: Injection / XSS Prevention | Input validation, output encoding, DOM sanitization |
| LightBnB | A03: SQL Injection Prevention | Parameterized queries, prepared statements |
| Interview Scheduler | Testing & Reliability | Jest/Cypress, CI/CD integration, security testing |
| Project | Purpose | Impact |
|---|---|---|
| Resume Automator | ATS optimization + cover letter generation | Python/Jinja2, role-specific resume customization, PII protection |
| Perplexport | AI conversation backup tool | TypeScript/Puppeteer, API automation, data sovereignty |
| Knowledge Pipeline | Self-hosted secure infrastructure | Docker, Nextcloud, local LLM integration, secure development environment |
π CompTIA Security+ (SY0-701) | Expires August 2028
Comprehensive cybersecurity certification covering threat management, vulnerability management, incident response, and compliance.
- Cyber Security Bootcamp Diploma β Lighthouse Labs (Completed May 2025) | 30+ hands-on labs, strong performance across cohort
- Advent of Cyber 2025 β TryHackMe Challenge Series
Accessible Places | Remote, Vancouver | Sept 2022 β Jan 2024
Key Achievements:
- π― Sole technical resource for a small assistive-device ecommerce business (~5 people), handling web development, IT support, security hardening, and social media management
- π Migrated organization from plaintext password storage to Bitwarden password manager; deployed Malwarebytes anti-malware across business devices
- β Configured Windows Firewall rules, set up MFA on business accounts, and conducted 3 security reviews (website, business operations, social media) using self-directed learning
- π Reviewed PIPEDA and GDPR requirements and created privacy and cookie policies for the ecommerce storefront
β
Incident Response Training β 30+ hands-on bootcamp labs covering the complete DFIR lifecycle, from detection through post-incident analysis
β
Practical Security Experience β 1.5 years of hands-on IT and security work at a small business, 10+ years freelance IT, CompTIA Security+ certified
β
Cross-Domain Skills β Full-stack developer + security analyst = understanding of AppSec, OWASP, secure coding practices
β
Communication Strength β Comfortable explaining technical concepts to non-technical audiences; created accessible documentation and training materials
β
Accessibility Advocacy β Create inclusive security solutions that work for neurodivergent practitioners and assistive technology users
Explore My Work:
- π Portfolio: violetfigueroa.github.io
- πΌ LinkedIn: linkedin.com/in/violet-figueroa
- π GitHub: github.com/VioletFigueroa
- π§ Email: violet@violetfigueroa.com
Last Updated: February 20, 2026
Topics: cybersecurity, incident-response, digital-forensics, application-security, owasp, vulnerability-assessment, iso-27001, nist, siem, accessibility, security-operations
Passionate about making cybersecurity more accessible, sustainable, and inclusive. Let's build secure systems together! π