Senior Incident Response Analyst at Elastic
DFIR · Threat Hunting · Threat Intelligence · Detection Engineering

7+ years across digital forensics and incident response (DFIR) from delivering breach investigations at Kroll, CrowdStrike, KPMG, and Unit 42 to serving as incident commander at Elastic. I've responded to 200+ enterprise-scale engagements involving ransomware, nation-state APT activity, and zero-day attacks for Fortune 500 organizations, and I build community resources to help other practitioners sharpen their craft.

• Forensic Platforms: Cellebrite, Magnet AXIOM, X-Ways Forensics, KAPE, EZ Tools, Velociraptor, Binalyze AIR, MemProcFS, Volatility, SIFT Workstation
• Detection & Telemetry: CrowdStrike Falcon, Microsoft Defender XDR, Cortex XDR/XSIAM, SentinelOne, Elastic, Splunk, Microsoft Sentinel, Google SecOps
• Detection Engineering: KQL, Sigma, YARA
• AI & DFIR: MCP (Model Context Protocol)

• Incident Response: Leading complex, multi-host investigations across Windows, Linux, macOS, cloud (AWS, Azure, GCP), SaaS, and CI/CD environments from initial triage through containment and remediation.
• Forensic Analysis: Deep artifact work across various Windows, Linux, and macOS artifacts to reconstruct attacker timelines with precision.
• Threat Hunting: Developing IOC extraction workflows and hunting techniques across large EDR datasets to surface ransomware operators, C2 frameworks, and credential theft activity.
• Applied AI for DFIR: Leveraging local and cloud LLMs to accelerate investigation workflows, automate artifact parsing, and reduce time-to-finding on complex engagements.

• 🌐 Personal Blog: DFIRDominican.com - A DFIR technical blog, resource hub, and global jobs board built to give back to the practitioner community.
• 📝 Independent Research: How to Break Into DFIR (5-part series), Anti-Forensics: Timestomping (5-part series), GX-FE & GX-FA Exam Guides, PsExec key identification, and more.
• 🎙️ Guest Speaker: University of Arkansas at Little Rock - A Day In The Life: Incident Response (Apr 2025)
• 👨‍🏫 SANS Institute Virtual Teaching Assistant: FOR500: Windows Forensic Analysis & FOR608: Enterprise-Class Incident Response & Threat Hunting (Nov 2024 - Feb 2026)
• 🏛️ GIAC Advisory Board Member: Subject-matter expertise on exam content, curriculum development, and certification standards (Jan 2021 - Present)

• GIAC: GSP, GX-FE, GX-FA, GEIR, GCFR, GCFA, GCIH, GCFE, FOR563: Applied AI for DFIR
• 13Cubed: Gold 3x (Linux, Windows Endpoints, Windows Memory)
• AZ-900
• SentinelOne SIREN
• KAPE Proficiency
• CCNA Routing and Switching

• LinkedIn - DM me to talk on all things DFIR.