Summary
Work History
Certification
Overview
Education
Skills
Projects
Timeline
SoftwareDeveloper
Stephen Portillo

Stephen Portillo

Cybersecurity Analyst | SOC Analyst
Los Angeles,CA

Summary

SOC Analyst with hands-on experience in alert triage, incident response support, endpoint investigation, and access reviews across small and mid-sized client environments. Monitored ~50 security alerts per day and responded to 10–20 emergency incidents daily across ~350 customers ranging from 200 to 1,000+ users and endpoints. Skilled in Microsoft Sentinel, Microsoft XDR, EDR workflows, KQL query development, Active Directory, Intune, and incident documentation, with a strong focus on improving detection, containment, and remediation outcomes. Currently completing a B.S. in Cybersecurity and Information Assurance at Western Governors University and building offensive skills through Hack The Box, TryHackMe, and OSCP-track study.

Work History

Cyber Security Analyst

Bridgehead IT
San Antonio, TX
08.2024 - 02.2026
  • Monitored and triaged an average of 50 security alerts per day in Microsoft Sentinel and XDR across ~350 client environments, ensuring timely detection, investigation, and escalation of high‑risk activity.
  • Investigated and responded to 10–20 emergency security incidents daily, isolating impacted endpoints and accounts in customer environments ranging from 200 to 1,000+ users and devices.
  • Executed endpoint isolation, forensic triage, and incident response support during phishing, malware, and account‑compromise events, reducing containment time and limiting lateral movement.
  • Developed and refined KQL queries and detection logic to improve proactive threat hunting and reporting, increasing visibility into suspicious logins and risky endpoint behavior.
  • Performed recurring access reviews and audit checks that reduced exposure to insider threats, excessive permissions, and compromised accounts.
  • Partnered with client IT teams and senior analysts to remediate findings, harden SaaS-first environments, and document incident response actions in line with internal playbooks.
  • Produced clear incident reports and post-remediation summaries for confirmed compromises, translating technical details into business‑focused remediation guidance.
  • Participated in a 24/7 emergency on‑call rotation, providing continuous support for critical incidents and urgent client security events.

Associate IS Technician - ASK IT Tech Help Desk

Providence Health St. Joseph
San Antonio, TX
09.2022 - 09.2024
  • Resolved 1,556 ServiceNow tickets while maintaining timely issue resolution and dependable end‑user support in a high‑volume environment.
  • Performed user verification and security checks during support interactions to identify suspicious behavior, malicious activity, and access issues before escalation.
  • Supported Active Directory, Group Policy Objects, Microsoft Authenticator, and MFA troubleshooting, helping employees regain secure access and strengthening identity and access controls.
  • Produced detailed service documentation and job logs to improve issue tracking, accountability, and continuity across shifts.
  • Maintained strong quality and customer satisfaction metrics while balancing technical troubleshooting with security‑minded support.

Computer User Support Specialist

ACI Learning
San Antonio, TX
06.2022 - 09.2022
  • Installed and supported Windows systems, provided command‑line and desktop support, and resolved device and network issues for end users.
  • Helped secure wired and wireless networks by reinforcing physical security practices and recognizing common attack patterns.
  • Built foundational cybersecurity knowledge through troubleshooting, exposure to compromise indicators, and early work with vulnerability scanning and penetration testing concepts.

Certification

IITIL 4 Foundations

Overview

4
4
years of professional experience
7
7
Certificates
3
3
years of post-secondary education

Education

Bachelor of Science - Cyber Security & Information Assurance

Western Governors University
Salt Lake City, UT
10.2023 - 12.2026

Technical School - Information Technology

ACI Learning
San Antonio, TX
06.2022 - 09.2022

Skills

SIEM monitoring (Microsoft Sentinel)

EDR investigation (Microsoft XDR and other EDR tools)

Alert triage and escalation

Incident response and containment

KQL query development and dashboards

Endpoint isolation and forensic triage

Vulnerability assessment basics

Active Directory and Group Policy

Identity and access management, MFA support

ServiceNow ticketing

Security awareness and user training

Python and PowerShell fundamentals

Projects

  • TryHackMe – Pre‑Security, Cyber Security 101
  • Hack The Box – Information Security Foundations, SOC Analyst, Junior Penetration Tester
  • Coursera – Python for Everybody, Practical Windows PowerShell, KQL Scripting

Timeline

Okta Certified Professional

12-2025

Microsoft Certified: Identity and Access Administrator Associate

10-2025

Microsoft Certified: Security Operations Analyst Associate

09-2025

CompTIA Sec +

06-2025

CompTIA Net +

02-2025

CompTIA A+

10-2024

Cyber Security Analyst

Bridgehead IT
08.2024 - 02.2026

Bachelor of Science - Cyber Security & Information Assurance

Western Governors University
10.2023 - 12.2026

IITIL 4 Foundations

03-2023

Associate IS Technician - ASK IT Tech Help Desk

Providence Health St. Joseph
09.2022 - 09.2024

Computer User Support Specialist

ACI Learning
06.2022 - 09.2022

Technical School - Information Technology

ACI Learning
06.2022 - 09.2022
Stephen PortilloCybersecurity Analyst | SOC Analyst