Cybersecurity & AI Practitioner

Security-minded ops leader turning AI into a practical tool — not a buzzword.

I help small teams harden their systems, tune monitoring, and layer in AI responsibly: from Network and System Admin to M365 hygiene and workflow automations.

Download my resume (PDF)

Book a quick intro call Email me your question

Hands-on security, AI-Enthusiast

CompTIA Security+
Top of Cohort
NCL Top 15%

MY APPROACH

From operations to security, without the buzzword fluff.

I come from the world of restaurant operations and training, where uptime, clear communication, and usable checklists mattered more than jargon. I bring that same mindset to security: reduce noise, surface what actually matters, and translate it into actions small teams can take this week.

Whether it’s tightening SSH on a single host, tuning detections in Wazuh/Splunk, or wiring in a local AI assistant to make triage less painful, I focus on measurable before/after improvements and artifacts you can reuse: runbooks, templates, and clean diagrams.

What I do

Security, monitoring & AI that small teams actually use.

I like sitting at the intersection of ops, security, and AI — taking noisy dashboards and scattered docs and turning them into something calmer and more predictable.

Locking down SSH and network exposure on critical hosts.
Building visibility with Wazuh, Security Onion, Splunk, and pfSense.
Hardening M365 / Entra ID environments for small organizations.
Prototyping local AI assistants for triage, knowledge lookup, and playbooks.

Core skills, tools & platforms

Platforms: Windows, Ubuntu, RHEL/CentOS, Kali, macOS.

Network & monitoring: pfSense, Security Onion, Wazuh, Splunk, Wireshark, Nmap.

Identity & access: Entra ID/Azure AD, Intune, M365 security baselines.

AI & automation: local LLM stacks (Ollama + OpenWebUI), RAG for playbooks.

SHORT STORY

A builder who came back to security.

I am a cybersecurity professional and AI practitioner who has always been drawn to building things and understanding how systems work. My path took me through leadership, operations, and real world responsibility before I returned to my original passion for technology and security.

Today I build hands on labs, help new professionals grow, and continue shaping my journey through AaronJohnson dot tech.

Read my full story

Portfolio teasers

Recent hands on results.

Detection engineering lab

Wazuh alerting for SSH brute force on Windows

Built a small home soc layout with Wazuh, Windows, and Kali to turn noisy SSH failures into a clear alert for a tier one analyst.

Custom AJT rule wraps the base Wazuh content for Windows event 4625.
Threat hunting view shows the full burst of attempts against a single account.

Outcome: End to end path from attack traffic to analyst ready alert with clear story and screenshots.

View the full lab write up and video

Local AI soc experiment

Private RAG stack for soc notes

Cloud LLMs introduced cost, latency, and data concerns. I built a local RAG stack for playbooks and tickets instead.

Docker Compose stack with Ollama, OpenWebUI, and Qdrant on Ubuntu.
Vector search across private procedures and past triage notes.

Outcome: Fast local lookups, no customer data leaves the host, smoother triage.

Next: Add access control and separate namespaces per playbook set.

Risk and governance walkthrough

CISSP inspired mini risk assessment

A small team lacked a clear view of which assets and threats mattered most, so I led a focused risk session.

Mapped assets, threats, likelihood, and impact into a simple matrix.
Delivered a short executive brief with concrete next steps and owners.

Outcome: Leadership gained a reusable template and a clear starting point for a living risk register.

Next: Formalize a register and schedule regular reviews.

Contact

Let’s talk about your environment.

If you’re curious how these kinds of labs and experiments could apply to your stack, send me a note with a few details about your environment and goals.

Email aj@aaronjohnson.tech View my resume (PDF) Download my contact card (vCard)

Availability: 7am–6pm Pacific • Las Vegas & Remote