Hi, I’m David Alonso

I’m a cybersecurity professional with a passion for protecting systems, networks, and applications from ever-evolving threats. Currently pursuing my Bachelor of Science in Cybersecurity at Full Sail University, I focus on developing hands-on skills in vulnerability analysis, penetration testing, and threat modeling.
 
My goal is to identify weaknesses before attackers do, helping organizations implement robust security solutions to protect their most valuable assets. I’m particularly interested in frameworks like MITRE ATT&CK, PCI DSS, and tools such as Nmap, Burp Suite, and Wireshark.
 
What I Bring to the Table
✅ Skills:
  • Penetration Testing & Vulnerability Scanning
  • Threat Modeling and Incident Response
  • Proficiency with tools like Nmap, Nessus, Wireshark, and Burp Suite
 
✅ Certifications (In Progress):
  • CompTIA Security+
  • CompTIA PenTest+

Featured projects

OWASP Juice Shop

Completed OWASP Juice Shop challenges for web app vulnerability testing.

Data Breach Analysis

Conducted data breach analysis to identify root causes and trends.

Security Risk Assessments

Developed security risk assessments aligned with PCI DSS compliance.

Other Projects

Security Plan

This comprehensive Security Plan was developed and refined over the course of multiple projects to address the security needs of a growing organization. The plan outlines key security controls, policies, and implementation strategies, aligning with industry frameworks such as NIST 800-53 and PCI DSS. It focuses on safeguarding assets, ensuring compliance, and mitigating risks while supporting the organization’s growth and operational needs.

Change Control Management Policy

This Change Control Management Policy establishes guidelines for managing IT changes within SnowBe Online’s environment. It includes a comprehensive framework to evaluate, approve, and implement changes to ensure operational stability, security, and compliance. Key features include:

  • Defined roles and responsibilities for stakeholders.
  • Approval processes for routine, high-priority, and emergency changes.
  • Steps for testing, roll-back plans, and post-implementation reviews.
  • Enforcement mechanisms to maintain policy adherence and ensure accountability.

This policy aligns with industry standards such as NIST and demonstrates best practices for structured IT change management.

Simple Maturity Spreadsheet and Prioritization

This project involves the creation of a maturity assessment and prioritization plan using the CMMC v1.0 (Cybersecurity Maturity Model Certification) framework. The spreadsheet evaluates compliance across critical domains, such as Access Control, Incident Response, and System Integrity, identifying gaps in processes and practices.

Key Features:

  • Comprehensive scoring for process maturity and practice implementation.
  • Clear visualizations, including compliance per domain and maturity levels.
  • Prioritization of tasks to address vulnerabilities and align with organizational goals.

The deliverable serves as a strategic roadmap for achieving targeted cybersecurity maturity levels, ensuring compliance and enhanced security posture.

Case Study

Case Study: Enhancing Cybersecurity Through Vulnerability Management in Healthcare

This case study, sourced from Security Hive, demonstrates the importance of vulnerability management in protecting critical healthcare systems. The study focuses on:

  • Problem: A healthcare organization facing increasing cybersecurity risks due to unpatched systems and outdated security measures.
  • Solution: Implementation of a robust vulnerability management program leveraging tools like Nessus and Metasploit to identify and mitigate risks.

Results:

  • 80% reduction in vulnerabilities within 6 months.
  • Improved compliance with HIPAA and industry security standards.
  • Strengthened overall cybersecurity posture.

Relevance to My Expertise:

This case study aligns with my hands-on experience in vulnerability scanning, penetration testing, and implementing security controls using tools such as Nessus and Metasploit. It highlights the critical role of proactive vulnerability management, a key area of focus in my cybersecurity journey.

Let’s Connect

I’m actively seeking opportunities to apply my skills and contribute to an organization’s security initiatives. If you’re looking for a detail-oriented cybersecurity professional with a passion for securing systems, I’d love to connect.