Summary
Overview
Certification
Work History
Education
Skills
Timeline
web
Dylan Duffy

Dylan Duffy

Lead Cybersecurity Engineer
Webster,NY

Summary

CISSP certified, experienced Lead Cybersecurity Engineer, specializing in incident response and vulnerability management, driving strategic security initiatives at LaBella Associates. Expert in cybersecurity policy and risk management, enhancing organizational security through effective stakeholder communication. Skilled in security auditing and technical reporting, consistently delivering impactful results.

Overview

8
8
years of professional experience
3
3

Certificates

Certification

  • ISC2 CISSP - Certified Information Systems Security Professional - 01/31/2026
  • CompTIA Security+ SY0-501 - 12/01/18
  • ISC2 CC - Certified in Cybersecurity - 12/01/22

Work History

Lead Cybersecurity Engineer

LaBella Associates
Rochester, United States
03.2025 - Current
  • Identified and contained an active ransomware intrusion on the first day of employment, owning incident response end-to-end from detection through recovery, reporting, and long-term remediation.
  • Owned high-severity security incidents in ambiguous, fast-moving environments, making risk-based decisions and driving resolution without predefined playbooks.
  • Led forensic investigations across endpoints, servers, and cloud services, transforming raw technical evidence into clear findings and actionable outcomes.
  • Conducted penetration testing, vulnerability assessments, and security reviews, translating results into developer-friendly remediation guidance.
  • Performed threat modeling and architectural reviews to proactively identify attack paths and systemic security weaknesses.
  • Operated, tuned, and validated security tooling (EDR, SIEM, network scanners), focusing on signal quality and actionable insights over alert volume.
  • Owned third-party SOC relationships, improving detection efficacy, escalation workflows, and response consistency.
  • Partnered closely with engineering, IT, and leadership teams to implement security controls that improved protection while minimizing friction for developers.
  • Balanced short-term incident containment with long-term security improvements, leaving systems measurably more resilient after each engagement.
  • Communicated complex security risk clearly across technical and non-technical audiences through concise reporting, post-incident reviews, and metrics.

Lead Cybersecurity Engineer

GRC Insights
Penfield, United States
12.2024 - 03.2025
  • Led penetration testing, security reviews, and vulnerability assessments across diverse client environments, owning findings from discovery through remediation.
  • Conducted threat modeling and risk analysis to identify systemic security weaknesses and long-term improvement opportunities.
  • Translated complex vulnerability and assessment data into clear, prioritized guidance for engineers and executive stakeholders.
  • Balanced immediate remediation needs with long-term security maturity goals using pragmatic, risk-based decision making.
  • Advised leadership on security architecture, control design, and incident response strategy in high-ambiguity environments.
  • Produced metrics-driven reporting on security posture, risk trends, and program maturity to support informed decision making.

Cyber Security Engineer 1 & 2

LMT Technology Solutions
Webster, United States
04.2022 - 10.2024
  • Analyzed and triaged high volumes of security alerts across multiple production environments, identifying high-impact threats amid significant noise.
  • Performed vulnerability scanning, malware analysis, and hands-on remediation across Windows and Linux systems.
  • Automated security operations and reporting using scripting to improve efficiency, consistency, and response time.
  • Conducted security reviews of client environments, identifying architectural and configuration weaknesses.
  • Partnered directly with IT teams and end users to explain security risk and remediation in clear, actionable terms.
  • Supported incident response efforts for account compromise, data exposure, and malware events from detection through resolution.

Information Technology Specialist Level 2

University of Rochester
New York, United States
01.2022 - 04.2022
  • Routinely imaged and managed Windows OS, MacOS, and iOS systems.
  • Configured, managed, and troubleshooted network and end-user devices.
  • Administered user and computer accounts through Active Directory and ensured strict compliance with HIPAA standards to secure patient information.

Cyberdefense and Network Operations

United States Air Force
Texas, United States
06.2018 - 01.2022
  • Served as lead responder for cybersecurity incidents, owning investigation, containment, and system recovery.
  • Operated and secured large-scale enterprise environments supporting thousands of endpoints and users.
  • Used scripting and data analysis to streamline operations and improve visibility into system health and security posture.
  • Acted as communications focal point during security events, translating technical risk into clear operational guidance.
  • Collaborated with engineering and infrastructure teams on secure system design and network operations.
  • Maintained systems in high-availability, mission-critical environments where reliability and security were non-negotiable.

Education

Bachelor of Science - Cybersecurity

Purdue University, Global Campus
West Lafayette, IN
06-2026

High School Diploma - General Studies

Dansville High School
Dansville, NY
06.2018

Skills

Cybersecurity Policy Development

Cybersecurity frameworks

IT Security Management

Threat analysis

Disaster recovery planning

Business Impact Analysis

Business Continuity Planning

Compliance management

Access control

Incident response

Cloud security

Threat Intelligence

Compliance Auditing

Cloud Security

Security Auditing

Cryptography

Technical Reporting

Information Security

Risk Management

Vulnerability Assessment

Penetration Testing

Malware analysis

Intrusion detection

Patch management

Vulnerability assessment

Network security

Timeline

Lead Cybersecurity Engineer

LaBella Associates
03.2025 - Current

Lead Cybersecurity Engineer

GRC Insights
12.2024 - 03.2025

Cyber Security Engineer 1 & 2

LMT Technology Solutions
04.2022 - 10.2024

Information Technology Specialist Level 2

University of Rochester
01.2022 - 04.2022

Cyberdefense and Network Operations

United States Air Force
06.2018 - 01.2022

Bachelor of Science - Cybersecurity

Purdue University, Global Campus

High School Diploma - General Studies

Dansville High School

Similar Profiles

  • Brendan MartineauBrendan Martineau

    Cybersecurity & Implementation Lead (Purple Team) at Infinity Technologies IncCybersecurity & Implementation Lead (Purple Team) at Infinity Technologies Inc

  • Sidrat MehreenSidrat Mehreen

    Senior Cybersecurity Analyst at ACET Solutions LLCSenior Cybersecurity Analyst at ACET Solutions LLC

  • LAURA JOHNSONLAURA JOHNSON

    Cybersecurity Manager, Facility Security Officer (FSO) & Insider Threat Program Senior Official (ITPSO) at Fortress Information & Government SolutionsCybersecurity Manager, Facility Security Officer (FSO) & Insider Threat Program Senior Official (ITPSO) at Fortress Information & Government Solutions

  • OLATUNDE.O OGUNDELEOLATUNDE.O OGUNDELE

    Cybersecurity Resilience Manager - OT/IoT/ET at Emirates AirlinesCybersecurity Resilience Manager - OT/IoT/ET at Emirates Airlines

CREATE PROFILE
Dylan DuffyLead Cybersecurity Engineer