Here, you'll find a showcase of my journey through the world of cybersecurity, including hands-on projects, professional experiences, certifications, and blog-style posts sharing my thoughts and learning experiences.
My name is Justin Goncalves, and I am an aspiring cybersecurity professional with a diverse background in business management, data analysis, IT support, and web development. My strong curiosity and passion for solving complex challenges have driven my interest in information security, particularly in penetration testing and ethical hacking. I am currently focused on expanding my expertise in vulnerability management, threat detection, and incident response as I work toward becoming a Tier 1 Cybersecurity Analyst.
For me, cybersecurity isn’t just a job—it’s a chance to protect the future, make a meaningful impact, and contribute to a safer, more resilient digital world.
Get to know me a little better: More about me
Read my professional statement: Professional Statement
I started my career working in pharmacy and healthcare, where I developed a passion for helping others. However, I was drawn to the endless possibilities that technology offers. My curiosity pushed me toward web development, a field that offered the freedom to innovate and build solutions from scratch, all while learning new skills constantly.
As I honed my skills as a freelance web developer, my focus gradually shifted to cybersecurity. The growing threats of fraud, hacking, and cybercrime piqued my interest, and I became deeply committed to understanding how to mitigate risks and protect digital environments. With a passion for learning and my commitment to data protection, I am constantly driven to explore the rapidly changing world of cybersecurity.
- CompTIA Security+
- ISC2 Certified in Cybersecurity
- Google CyberSecurity Professional
- Qualys Vulnerability Management, Detection, and Response (VMDR)
- Qualys CyberSecurity Asset Management (CSAM)
- Qualys Vulnerability Management Scanning (VMS)
- United States Department of Homeland Security, National Incident Management System (NIMS)
- Incident Response & Command System Expertise
- IS-100.C: Introduction to Incident Command System (ICS-100)
- IS-200.C: Basic Incident Command System for Initial Response (ICS-200)
- IS-700.B: National Incident Management System (NIMS)
- IS-800.D: National Response Framework, An Introduction
- IS-2200: Basic Emergency Operations Center Functions
- Critical Infrastructure Security & Risk Management
- IS-860.C: National Infrastructure Protection Plan, An Introduction
- IS-906: Workplace Security Awareness
- IS-915: Protecting Critical Infrastructure Against Insider Threats
- IS-916: Critical Infrastructure Security: Theft and Diversion
- Disaster Recovery & Continuity Planning
- IS-230.E: Fundamentals of Emergency Management
- IS-2500: National Prevention Framework
- IS-1300.A: Introduction to Continuity
- Incident Response & Command System Expertise
- University of Massachusetts Dartmouth, North Dartmouth, MA (2019 - 2020, 2022-2023)
- Some education with a concentration in Finance and Financial Operations
- Completed coursework in Business Statistics, Macro-Economics, Micro-Economics, Principles of Accounting, Operations Management, Financial Modeling, Investment Analysis, Financial Markets
- Boston Latin School, Boston, MA (2013 - 2019)
- High School Diploma
- Graduated from a prestigious exam school, ranked #1 in Massachusetts and 33rd nationally at the time of graduation.
- Incident Detection & Response
- Vulnerability Management
- Penetration Testing
- Network Security
- Threat Detection
- Cryptology
- Python Scripting
- Risk Assessment
- CIA Triad (Confidentiality, Integrity, Availability)
- Identity and Access Management (IAM)
- Authentication, Authorization, and Accounting (AAA)
- Governance, Risk, and Compliance (GRC):
- PCI DSS
- HIPAA
- GDPR
- ISO/IEC 27001
- NIMS (National Incident Management System)
- FEMA (Federal Emergency Management Agency)
- NIPP (National Infrastructure Protection Plan)
- SOC Type 1 / SOC Type 2
- FedRAMP
- Cybersecurity Frameworks:
- MITRE ATT&CK
- NIST (SP 800-53, SP 800-61, SP 800-171)
- OWASP Top 10
- CIS Controls
- Incident Response Leadership
- Critical Thinking
- Problem Solving
- Risk Assessment & Mitigation
- Ethical Decision Making
- Communication & Reporting
- Documentation & Presentation
- Splunk
- Qualys
- Wireshark
- BurpSuite
- Metasploit
- Microsoft Azure + Sentinel
- Linux
- Chronicle
- Python
- Git
- Suricata
- TCPDump
- SQL
In this portfolio, you will find several projects that highlight my skills and practical experience. Here are a few of my most recent projects:
- Completed work as an Information Security Analyst to address the critical Log4j vulnerability, analyzing advisory resources and infrastructure to draft a detailed remediation plan and advisory email for affected teams.
- Developed and executed a Python-based brute-force script to recover an encrypted file during a ransomware incident, demonstrating technical expertise in incident response and decryption methodologies.
- Established a cloud-based SOC using Microsoft Azure, focusing on real-time monitoring and incident response over the course of a month, monitoring over 7.6 million events and generating nearly 6,000 alerts.
- Configured Microsoft Sentinel for real-time analysis and monitoring, setting up data connectors and custom alert rules while engaging with real-time security incidents to document responses and insights gained from the logs.
- Served as an Analyst and Security Engineer in the Telstra Security Operations Center (SOC), leading efforts to respond to malware attacks and implementing a custom Python script for a firewall rule to block malicious traffic.
- Analyzed firewall logs to detect malicious patterns and conducted postmortem analysis for root cause identification, improving overall system hardening.
- Worked as a Cybersecurity Generalist on Commonwealth Bank's Fraud Detection and Response Team, leveraging Splunk to analyze fraud patterns and manage phishing and malware incidents.
- Conducted penetration testing on web applications, identifying critical vulnerabilities and delivering remediation strategies.
More projects, labs, programs, and experiences will be added to my project portfolio as I continue to develop my skills and complete new work.
My resume is available for download here
I regularly publish blog-style posts that dive into current cybersecurity trends, personal reflections on my learning process, and how I’ve applied theoretical knowledge to real-world problems. Stay tuned for insights on emerging cybersecurity threats, best practices, and more!
Feel free to reach out to me if you have any questions, opportunities, or just want to connect!
- Email:
- personal: justingoncalves34@gmail.com
- work: justin@digitweb.solutions
- LinkedIn: Justin Goncalves
- Portfolio: @justingoncalves
I’m always open to networking, collaboration, and opportunities to contribute to the cybersecurity community. Thanks for visiting my portfolio!