👾 Welcome to My Portfolio!

Here, you’ll find a showcase of my journey through the world of cybersecurity, including hands-on projects, professional experiences, certifications, and blog-style posts sharing my thoughts and learning experiences.

About Me | Projects | Resume | Blog

👨🏽‍💻 About Me
📂 Projects
📄 Resume
✍🏽 Blog Posts
💬 Contact Information

👨🏽‍💻 About Me

My name is Justin Goncalves, and I am an aspiring cybersecurity professional with a diverse background in business management, data analysis, IT support, and web development. My strong curiosity and passion for solving complex challenges have driven my interest in information security, particularly in penetration testing and ethical hacking. I am currently focused on expanding my expertise in vulnerability management, threat detection, and incident response as I work toward becoming a Tier 1 Cybersecurity Analyst.

For me, cybersecurity isn’t just a job—it’s a chance to protect the future, make a meaningful impact, and contribute to a safer, more resilient digital world.

Get to know me a little better: More about me

Read my professional statement: Professional Statement

📖 Background

I started my career working in pharmacy and healthcare, where I developed a passion for helping others. However, I was drawn to the endless possibilities that technology offers. My curiosity pushed me toward web development, a field that offered the freedom to innovate and build solutions from scratch, all while learning new skills constantly.

As I honed my skills as a freelance web developer, my focus gradually shifted to cybersecurity. The growing threats of fraud, hacking, and cybercrime piqued my interest, and I became deeply committed to understanding how to mitigate risks and protect digital environments. With a passion for learning and my commitment to data protection, I am constantly driven to explore the rapidly changing world of cybersecurity.

🎓 Certifications

CompTIA Security+
ISC2 Certified in Cybersecurity
Google CyberSecurity Professional
Qualys Vulnerability Management, Detection, and Response (VMDR)
Qualys CyberSecurity Asset Management (CSAM)
Qualys Vulnerability Management Scanning (VMS)
United States Department of Homeland Security, National Incident Management System (NIMS)
- Incident Response & Command System Expertise
  - IS-100.C: Introduction to Incident Command System (ICS-100)
  - IS-200.C: Basic Incident Command System for Initial Response (ICS-200)
  - IS-700.B: National Incident Management System (NIMS)
  - IS-800.D: National Response Framework, An Introduction
  - IS-2200: Basic Emergency Operations Center Functions
- Critical Infrastructure Security & Risk Management
  - IS-860.C: National Infrastructure Protection Plan, An Introduction
  - IS-906: Workplace Security Awareness
  - IS-915: Protecting Critical Infrastructure Against Insider Threats
  - IS-916: Critical Infrastructure Security: Theft and Diversion
- Disaster Recovery & Continuity Planning
  - IS-230.E: Fundamentals of Emergency Management
  - IS-2500: National Prevention Framework
  - IS-1300.A: Introduction to Continuity

🎓 Education and Training

SANS Technology Institute (Feb. 2025 - October 2025)
- Selected for a prestigious and intensive cybersecurity program with courses designed to provide hands-on experience in offensive and defensive security techniques.
- Anticipated completion of industry-leading certifications such as GIAC Security Foundations (GFACT), GIAC Security Essentials (GSEC), and GIAC Certified Incident Handler (GCIH).
University of Massachusetts Dartmouth, North Dartmouth, MA (2019 - 2020, 2022-2023)
- Some education with a concentration in Finance and Financial Operations
- Completed coursework in _Business Statistics, Macro-Economics, Micro-Economics, Principles of Accounting, Operations Management, Financial Modeling, Investment Analysis, Financial Markets
Boston Latin School, Boston, MA (2013 - 2019)
- High School Diploma
- Graduated from a prestigious exam school, ranked #1 in Massachusetts and 33rd nationally at the time of graduation.

💡 Skills

🛡️ Technical Skills

Incident Detection & Response
Vulnerability Management
Penetration Testing
Network Security
Threat Detection
Cryptology
Python Scripting
Risk Assessment
CIA Triad (Confidentiality, Integrity, Availability)
Identity and Access Management (IAM)
Authentication, Authorization, and Accounting (AAA)
Governance, Risk, and Compliance (GRC):
- PCI DSS
- HIPAA
- GDPR
- ISO/IEC 27001
- NIMS (National Incident Management System)
- FEMA (Federal Emergency Management Agency)
- NIPP (National Infrastructure Protection Plan)
- SOC Type 1 / SOC Type 2
- FedRAMP
Cybersecurity Frameworks:
- MITRE ATT&CK
- NIST (SP 800-53, SP 800-61, SP 800-171)
- OWASP Top 10
- CIS Controls

💼 Professional Skills

Incident Response Leadership
Critical Thinking
Problem Solving
Risk Assessment & Mitigation
Ethical Decision Making
Communication & Reporting
Documentation & Presentation

🛠️ Tools/Languages

Splunk
Qualys
Wireshark
BurpSuite
Metasploit
Microsoft Azure + Sentinel
Linux
Chronicle
Python
Git
Suricata
TCPDump
SQL

📂 Projects

In this portfolio, you will find several projects that highlight my skills and practical experience. Here are a few of my most recent projects:

AIG Cybersecurity Engineering Program (September 2024)

Completed work as an Information Security Analyst to address the critical Log4j vulnerability, analyzing advisory resources and infrastructure to draft a detailed remediation plan and advisory email for affected teams.
Developed and executed a Python-based brute-force script to recover an encrypted file during a ransomware incident, demonstrating technical expertise in incident response and decryption methodologies.

Virtual Security Operations Center (SOC) Project (October 2024)

Established a cloud-based SOC using Microsoft Azure, focusing on real-time monitoring and incident response over the course of a month, monitoring over 7.6 million events and generating nearly 6,000 alerts.
Configured Microsoft Sentinel for real-time analysis and monitoring, setting up data connectors and custom alert rules while engaging with real-time security incidents to document responses and insights gained from the logs.

Telstra Cybersecurity Program (September 2024)

Served as an Analyst and Security Engineer in the Telstra Security Operations Center (SOC), leading efforts to respond to malware attacks and implementing a custom Python script for a firewall rule to block malicious traffic.
Analyzed firewall logs to detect malicious patterns and conducted postmortem analysis for root cause identification, improving overall system hardening.

Commonwealth Bank Intro to Cybersecurity Program (August 2024)

Worked as a Cybersecurity Generalist on Commonwealth Bank’s Fraud Detection and Response Team, leveraging Splunk to analyze fraud patterns and manage phishing and malware incidents.
Conducted penetration testing on web applications, identifying critical vulnerabilities and delivering remediation strategies.

More projects, labs, programs, and experiences will be added to my project portfolio as I continue to develop my skills and complete new work.

📄 Resume

My resume is available for download here

✍🏽 Blog Posts

I regularly publish blog-style posts that dive into current cybersecurity trends, personal reflections on my learning process, and how I’ve applied theoretical knowledge to real-world problems. Stay tuned for insights on emerging cybersecurity threats, best practices, and more!

Check out my blog!

💬 Contact Information

Feel free to reach out to me if you have any questions, opportunities, or just want to connect!

Email:
- personal: justingoncalves34@gmail.com
- work: justin@digitweb.solutions
LinkedIn: Justin Goncalves
Portfolio: @justingoncalves

I’m always open to networking, collaboration, and opportunities to contribute to the cybersecurity community. Thanks for visiting my portfolio!

Justin_Goncalves