David Kountz
Information Security | CompTIA Security+ | SOC & GRC
About Me
BS Information Systems | CompTIA Security+ | Aspiring Security Engineer
I'm an Information Security professional based in Jacksonville, FL, with a BS in Information Systems from the University of North Florida (GPA: 3.8) and a CompTIA Security+ certification. My background spans both GRC and hands-on technical security work, and I'm actively transitioning into a security engineering or SOC analyst role.
At CSX, I worked on the Information Security GRC team where I built Python automation tooling for SOX compliance workflows, integrated with tools like Selenium, Pandas, and ldap3, and contributed to AI agent evaluation for compliance use cases. That experience gave me a strong foundation in enterprise security operations, IAM, and audit processes.
Outside of work, I've built and operate a multi-VM SOC home lab using Wazuh, Sysmon, and Kali Linux. I simulate real attack scenarios — SSH and RDP brute force, credential attacks — investigate the resulting alerts, and produce formal incident reports mapped to MITRE ATT&CK. This hands-on practice keeps my detection and investigation skills sharp.
I'm currently pursuing CySA+ and continuously expanding my knowledge in threat detection, incident response, and security tooling. I'm excited to bring both my automation background and security fundamentals into a role where I can make a real impact.
Projects
SOC Home Lab
A multi-VM isolated SOC environment using Wazuh, Sysmon, and Kali Linux for threat detection and incident investigation.
SCOTT1E
A cybersecurity blog made using Node.js, React, and utilizing a PostgreSQL database for the back end.
Personal Portfolio Site
The site you are currently on.
WeDa
A full-stack weather dashboard with real-time data and 5-day forecasts.
SOC Home Lab — Threat Detection & Incident Investigation
A fully isolated, multi-VM Security Operations Center lab environment built to simulate real-world attack scenarios, practice alert investigation, and produce formal incident reports mapped to MITRE ATT&CK.
Tech Stack: Wazuh 4.7.2, Sysmon (SwiftOnSecurity ruleset), auditd, Hydra, Nmap, VirtualBox, Kali Linux, Ubuntu 22.04, Windows 11, PowerShell
Lab network diagram: Wazuh Manager (10.0.2.10), Windows 11 Target (10.0.2.20), Ubuntu Target (10.0.2.30), and Kali Attacker (10.0.2.50) on an isolated VirtualBox NAT network.
Lab Architecture:
- Designed and deployed a 4-VM isolated SOC environment on VirtualBox using a custom NAT network (10.0.2.0/24)
- Wazuh all-in-one deployment (manager, indexer, dashboard) on Ubuntu 22.04
- Windows 11 target with Sysmon (SwiftOnSecurity ruleset) for host-based telemetry
- Ubuntu target with auditd for syscall-level logging
- Kali Linux attacker workstation with Hydra, Nmap, smbclient, and Mimikatz
- Host port forwarding to access Wazuh Dashboard at https://localhost:8443
Completed Exercises:
- Network Reconnaissance: Conducted Nmap scans from Kali against target VMs; established baseline telemetry behavior and identified detection gaps for pure network scanning
- SSH Brute Force (INC-2026-001): Simulated SSH brute force attack using Hydra against Ubuntu target; investigated Wazuh alerts (rules 5760, 5503), captured alert JSON as evidence, and produced a formal incident report mapped to MITRE ATT&CK T1110.001
- Windows Authentication Attacks (INC-2026-002 — In Progress): RDP and SMB brute force simulations against Windows 11 target; investigating Windows Event IDs 4625 (failed logon) and 4624 (successful logon) via Wazuh rule 60122, correlating with Sysmon telemetry
Investigation Methodology:
- Identify Wazuh rule ID and corresponding OS Event ID for each alert
- Extract and preserve alert JSON from Wazuh as formal evidence
- Correlate host telemetry (Sysmon / auditd) with network-layer data
- Map observed TTPs to MITRE ATT&CK framework
- Produce structured incident reports with timeline, impact assessment, and remediation recommendations
Roadmap:
- Phase 3 (Planned): Multi-stage attack scenarios, Mimikatz credential dumping detection via Sysmon, response playbook development
- Phase 4 (Planned): Custom Wazuh detection rules, dashboard development, threat intel integration, and alert tuning
SCOTT1E
A cybersecurity blog site that features a fully workable faux Linux terminal for its UI.
Tech Stack: Node.js, React, PostgreSQL. Utilizing AWS EC2 instance for hosting and RDS for the PostgreSQL database.
Faux Linux terminal interface with 10+ commands for article navigation, theme swapping, and information on site author, Scotty.
Admin dashboard for site maintenance, article management, and analytics. Prioritizing security, utilizing data encryption, access control, and database security practices to ensure that sensitive data is protected and secure.
This project consisted of a team of 4 individuals and was part of the Senior Project capstone course for my degree at UNF.
For this project I had the following responsibilities:
- Acted as Scrum Master
- Created the admin dashboard where the article authors could manage the articles and view analytics
- Implemented account management tools (Password management and account creation)
- Hosted the web app on AWS using an EC2 instance and PostgreSQL database using AWS RDS
- Designed the database which held the articles, sensitive account data, and analytics
Personal Portfolio Site
The website you are currently on.
Utilizes Terraform as a CI/CD pipeline for automated updates to the Azure Web App.
GitLab repository for added automation integration.
WeDa - Weather Dashboard
A full-stack weather application providing real-time weather data and forecasts with an intuitive user interface.
Tech Stack: React, Spring Boot, OpenWeatherMap API, Java, JavaScript, Responsive Design
The main dashboard displays current weather conditions, temperature, humidity, wind speed, and sunrise/sunset times for the searched location.
Key Features:
- Intuitive search functionality with city name lookup
- Real-time weather data including temperature, conditions, wind speed, and humidity
- 5-Day forecast with daily high/low temperatures and weather conditions
- Dynamic backgrounds that change based on current weather conditions
- Temperature unit conversion between Celsius and Fahrenheit
- Sunrise and sunset time display for the selected location
Technical Implementation:
- React frontend for responsive and interactive user interface
- Spring Boot backend handling API requests and data processing
- RESTful API integration with OpenWeatherMap
- Implemented caching to reduce API calls and improve performance
- Error handling for invalid city names and network issues
- Mobile-responsive design that works across all device sizes
Development Process:
This project started as a way to practice frontend-backend integration while creating something practical that users would find valuable. I designed the application to be intuitive, with a clean interface that prioritizes the most important weather information.
The biggest challenge was optimizing API usage to stay within rate limits while ensuring users always have access to current data. I implemented a backend caching system that stores weather data for 30 minutes, significantly reducing API calls while maintaining data freshness.