About Me

My name is Mike, also known by my handle “Rem” in most internet circles. I am a SANS Technology Institute graduate, with a focus on digital forensics and incident response. I am also involved in the Python Software Foundation as a supporting member, and dedicate a large portion of time towards open source security.

Professionally, I work at Huntress as a Principal Security Analyst by day and run a cybersecurity organization of my own called Vipyr Security by night.

I can also be found on the Python Discord, where I contribute frequently towards cybersecurity-related discussions and internal projects.

Experience

  • Huntress

    Present

    Security operations and tactical response leadership across enterprise detection and incident response workflows.

    • Principal Security Analyst

      Jul 2026 - Present

      • Develop agentic AI systems for incident response, focused on evidence synthesis, case acceleration, and analyst-directed investigative workflows.
      • Provide stakeholder guidance during significant intrusions, translating technical findings into remediation priorities, containment strategy, and executive clarity.
      • Analyze emergent CVEs for broad applicability, perform targeted threat hunts, and author detection logic to expand coverage across exposed attack surfaces.
      • Drive product improvements as a security subject matter expert across the Huntress product catalog, connecting field investigations to durable detection and response capabilities.
    • Staff Tactical Response Analyst

      Jan 2026 - Jul 2026

      • Led Tactical Response escalations for ransomware, BEC, and enterprise compromise by reconstructing root cause from incomplete telemetry and guiding partner containment, scoping, and recovery decisions.
      • Performed forensic and Azure/M365 intrusion analysis across managed identities, hosts, and entities to scope malicious logins, data exfiltration, insider theft, and tenant compromise.
      • Built analyst-steered AI investigation workflows used to drive cases from evidence development through timeline reconstruction, blast-radius scoping, and response planning.
      • Built a Windows Event Log normalization pipeline for large case datasets and KQL detections covering lateral movement, malware execution, and credential theft.
      • Developed topology-based SSLVPN authentication anomaly research that surfaced confirmed malicious logins and became high-priority detection coverage.
    • Senior Hunt & Response Analyst

      May 2025 - Jan 2026

      • Conducted threat hunting and incident investigation across multiple environments.
      • Translated real-world incidents into documented threats and advisories for technical audiences.
      • Collaborated with engineering and SOC teams to operationalize threat findings.
    • Senior Security Operations Analyst

      Oct 2024 - May 2025

      • Monitored security telemetry and escalated verified threats to response teams.
      • Supported SOC playbook improvements informed by detection efficacy and adversary behavior.
    • Security Operations Analyst

      Apr 2024 - Oct 2024

      • Maintained vigilance across security alerting systems and assisted with incident escalations.
      • Assisted in tuning detection systems and documenting investigative procedures.
  • Vipyr Security

    Present

    Founder and detection engineer leading practical supply-chain security operations.

    • Founder, Detection Engineer

      Mar 2023 - Present

      • Implement hand-written YARA schemas for at-scale Python Package Index malware detection.
      • Design and evolve program specifications for a cluster-based code security engine.
      • Drive incident triage and mitigation workflows for open-source package threats.
  • Wells Fargo

    Risk analyst supporting financial controls through data validation and reporting.

    • Risk Management Analyst

      Apr 2023 - Jun 2023

      • Performed data reconciliation and deviation analysis using SQL and Python.
      • Authored secure, maintainable tools for internal data pipelines.
      • Supported PowerBI and Excel workflows with Python, PowerShell, M, and SQL.
  • United States Air Force

    Program analyst supporting secure systems operations and compliance.

    • Program Analyst

      2015 - 2023

      • Performed software testing, IT asset management, and configuration management.
      • Supported software distribution lifecycle operations and physical penetration testing.
      • Managed secure systems and oversaw unit-level IT compliance auditing.

Certifications and Education

  • GIAC Enterprise Penetration Tester (GPEN)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Python Coder (GPYC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Security Essentials (GSEC)
  • GIAC Information Security Fundamentals (GISF)
  • GIAC Foundational Cybersecurity Technologies (GFACT)

Publications and Referenced Work

See the blog section for full write-ups and referenced technical work.

Accolades

  • Deans List - SANS Institute Fall 2024
  • Deans List - SANS Institute Spring 2024
  • PicoCTF 2024 - 138/6957, Global Leaderboard
  • NCL Spring 2024 - 33/7412, Individual
  • NCL Spring 2024 - 7/4199, Team (Team Captain)
  • GIAC Advisory Board

Getting in Touch

The simplest way to contact me is through @sudo_Rem.