Dylan Duffy
Webster,NY
Summary
Dynamic Lead Cybersecurity Engineer with a proven track record at LaBella Associates, excelling in incident response and vulnerability assessments. Expert in cybersecurity policy development and risk management, I effectively communicate complex security concepts to stakeholders, driving compliance and enhancing organizational security posture. Skilled in technical reporting and security auditing, I deliver impactful results.
Overview
8
8
years of professional experience
2
2
Certifications
Work History
Lead Cybersecurity Engineer
LaBella Associates
Rochester, United States
03.2025 - Current
- Led incident response and containment of a ransomware attack on first day, including forensic analysis and recovery actions.
- Led enterprise-wide implementation and ongoing management of CrowdStrike and Arctic Wolf, enhancing endpoint detection and response.
- Owned endpoint alert triage and hands-on remediation in CrowdStrike, serving as primary escalation point for security incidents.
- Owned SIEM operations using ManageEngine Log360 and CrowdStrike to drive detection, investigation, and response workflows.
- Directed vulnerability assessments, penetration testing, and remediation of critical security risks.
- Led risk assessments and security control testing across enterprise systems.
- Developed and maintained security policies, standards, and documentation supporting compliance, audits, and disaster recovery.
- Managed security compliance audits and reporting aligned with organizational and regulatory requirements.
- Evaluated and onboarded new security technologies to strengthen defensive capabilities.
- Produced executive and technical reporting on security posture, incidents, and risk trends.
Lead Cybersecurity Engineer
GRC Insights
Penfield, United States
12.2024 - 03.2025
- Led and oversaw penetration testing, vulnerability assessments, and security gap analyses for clients, translating findings into prioritized remediation roadmaps and plans of action (POA&M).
- Advised clients and executive stakeholders on regulatory requirements, risk management, incident response strategy, and cost-effective security investments.
- Implemented and managed compliance management platforms, overseeing control tracking, evidence collection, and audit readiness.
- Guided clients through implementation of security controls, policies, and procedures to meet regulatory and contractual obligations.
- Compiled and reviewed audit evidence, vulnerability results, and control documentation to support external compliance audits.
- Led enterprise risk assessments across digital assets and business processes, identifying and quantifying security risk.
- Developed and maintained comprehensive information security policies, standards, and governance documentation.
- Provided executive leadership with regular reporting on security posture, compliance status, risk trends, and program maturity.
Cyber Security Engineer 1 & 2
LMT Technology Solutions
Webster, United States
04.2022 - 10.2024
- Managed Microsoft 365 and Azure AD environments, developing and enforcing cybersecurity policies and guidelines in compliance with industry standards such as CMMC, HIPAA, and PCI.
- Spearheaded the implementation and management of Zero-Trust software, ThreatLocker, across all client environments and led the management of the software and implementation of policies.
- Led, created, and managed targeted phishing simulations, annual cyber awareness training, and remedial training programs.
- Orchestrated swift and effective responses to email compromises and data breaches, securing affected accounts and communicating to stakeholders and end-users to prevent future incidents and legal requirements.
- Conducted daily security audits, analyzing up to 40,000 alerts, and performed malware analysis and remediation to uphold system integrity and security.
- Reviewed and optimized client cybersecurity infrastructures, including firewall and Anti-virus configurations to enhance environment security.
- Maintained and managed Windows and Linux environments, Domain Controllers, and terminal servers, enhancing system security and reliability.
Information Technology Specialist Level 2
University of Rochester
New York, United States
01.2022 - 04.2022
- Routinely imaged and managed Windows OS, MacOS, and iOS systems.
- Configured, managed, and troubleshooted network and end-user devices.
- Administered user and computer accounts through Active Directory and ensured strict compliance with HIPAA standards to secure patient information.
Cyberdefense and Network Operations
United States Air Force
Texas, United States
06.2018 - 01.2022
- Served as a lead on cybersecurity incidents to secure and sanitize machines.
- Lead communications focal point for the entire base.
- Managed, installed, and supported a network of over 6000 computers, including a wide range of hardware and software. Utilizing an SQL-based ticketing system and PowerShell scripting to streamline operations and increase system autonomy.
- Performed configuration, management, and troubleshooting of network and end-user devices.
- Advised engineering teams, contributed to facility design and military construction planning, and managed projects as a project manager and Exchange administrator.
Education
Bachelor of Science - Cybersecurity
Purdue University, Global Campus
West Lafayette, IN06-2026
High School Diploma - General Studies
Dansville High School
Dansville, NY06.2018
Skills
- Information Security
- Vulnerability Assessment
- Risk Management
- Secure Network Design
- Cybersecurity Policy Development
- Security Auditing
- Compliance Auditing
- Technical Reporting
- IT Management
- Communication
Certification
- CompTIA Security+ SY0-501, 12/01/18
- ISC2 Certified in Cybersecurity (CC), 12/01/22
Timeline
Lead Cybersecurity Engineer
LaBella Associates
03.2025 - Current
Lead Cybersecurity Engineer
GRC Insights
12.2024 - 03.2025
Cyber Security Engineer 1 & 2
LMT Technology Solutions
04.2022 - 10.2024
Information Technology Specialist Level 2
University of Rochester
01.2022 - 04.2022
Cyberdefense and Network Operations
United States Air Force
06.2018 - 01.2022
Bachelor of Science - Cybersecurity
Purdue University, Global Campus
High School Diploma - General Studies
Dansville High School