nulltype

$whoami

Hi, I'm John Thiell, a cybersecurity professional and enthusiast with deep experience in incident response, security operations, and automation across enterprise environments. My passion for cybersecurity started when I was a kid, during a time where 1337 AIM screennames and email handles were the prime target for most hackers. This passion has taken me from military service to leading incident response efforts for some of the most challenging post-breach scenarios that enterprises could face.


[professional background]

CrowdStrike (Oct 2022 - Present)
Senior Security Analyst, Falcon Complete/Active Defense Services/Endpoint Recovery Services

  • Lead remedial incident response and active defense efforts for post-breach customers utilizing CrowdStrike EDR, Identity, NG-SIEM, and forensic data
  • Develop internal tooling and scripts in Python and PowerShell to automate remediation across enterprise environments and enhance response efforts
  • Design and fine-tune detection logic to identify novel attacker behavior, collaborating with internal incident response, intel, and threat hunting teams
  • Mentored junior analysts and led technical knowledge sharing sessions to expand overall team knowledge and effectiveness

Dematic (Apr 2021 - Oct 2022)
Cyber Security Engineer

  • Designed and implemented defensive playbook actions using Python, Java, and PowerShell within Palo Alto's XSOAR platform
  • Led comprehensive incident response efforts including client triage and forensic analysis
  • Developed security use cases and automation strategies
  • Analyzed log correlations using Splunk SIEM for threat detection and hunting

United States Navy (Aug 2012 - Jun 2018)
Machinist Mate/Fire Controlman


[education & certifications]

B.S. Information Technology - Computer Systems Security, Colorado Technical University (2021)

Graduate Certificate in Incident Response, SANS Institute (2024)

Key certifications include GIAC Cloud Forensics Responder (GCFR), GIAC Network Forensic Analyst (GNFA), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), GIAC Certified Security Essentials (GSEC), and multiple CrowdStrike certifications.


[technical contributions]