Who I Am
Hello! I'm Nathan Santiago, a professional IT consultant specializing in information security, IT risk compliance, and penetration testing. With over three years of experience in the field, I have a proven track record of helping businesses enhance their operations and security through innovative technology solutions. I am now seeking to leverage my expertise and experience to improve your and your clients' security posture, ensuring a safer and more resilient digital environment.
I have developed extensive hands-on experience in cybersecurity, with a focus on vulnerability management, network engineering, and cloud architecture. Throughout my career, I’ve worked with a range of technologies, including AWS, Azure, Linux, Windows, PowerShell, and Cisco network security tools. In my role as a Technology Risk Consultant, I conducted comprehensive IT risk assessments, identified vulnerabilities, and collaborated with external audit teams to ensure compliance with industry standards such as NIST, ISO 27001, and RMF. This experience has sharpened my skills in both offensive and defensive cybersecurity, enabling me to provide expert recommendations for strengthening security measures.
I gained valuable hands-on experience in penetration testing during my academic and professional projects, including performing a full penetration test against a real company as part of my final project in college. This involved identifying and exploiting vulnerabilities, testing network security measures, and providing detailed reports on security weaknesses with recommendations for remediation. I utilized tools like Nessus, Burp Suite, and Metasploit to conduct these tests, which allowed me to develop a strong understanding of offensive security tactics and defensive countermeasures. This experience enhanced my ability to assess and secure systems, ensuring they meet industry standards and effectively mitigate cyber threats.
In addition to my cybersecurity expertise, I have a strong background in web development and process automation. I designed and developed web applications using SQL Server and Java, integrated Google’s API for credential management, and automated Linux server hardening in compliance with CIS standards. I am passionate about improving efficiency and security through automation and have demonstrated this in various roles by streamlining processes, reducing risks, and presenting actionable intelligence to senior leadership. These efforts resulted in measurable improvements, such as optimizing privileged account management, enhancing security protocols, and increasing organizational efficiency.