Aaron Hays
$ cat summary.txt
Cybersecurity professional with 15+ years of experience spanning threat hunting, intrusion analysis, security operations, and AI-driven automation. Currently building agentic AI solutions and Python-based analysis platforms to automate threat intelligence workflows, OSINT collection, and gray-space analysis for government cybersecurity assessments. Combines deep technical expertise in endpoint security, network defense, and attack surface analysis with hands-on development of LLM-powered reasoning pipelines. Holds OSCP and multiple security certifications with active TS/SCI clearance.
$ cat skills.txt
Threat Hunting & Analysis: Endpoint intrusion analysis · Gray-space/netflow analysis (Augury) · Attack surface mapping · MITRE ATT&CK · Threat intelligence correlation · OSINT · IOC analysis
Platforms & Tools: Splunk · Recorded Future · Shodan · Censys · DomainTools · URLScan · Spur · NexusXplore · ACAS/Nessus · HBSS · eMASS · DISA STIGs
Development & AI: Python · Streamlit · Agentic AI workflows · LLM-powered analysis pipelines · Local model deployment · Automation scripting · Data aggregation tooling
Security Operations: Vulnerability assessment · RMF/DIACAP compliance · Incident response · Security accreditation (DoD/Army) · SCAP auditing · Network/host-based IDS
$ ls certifications/
OSCPBTL2Security+Linux+CEHCHFIAI-300(In Progress)
$ cat experience.log
Senior Advisory Information Security Consultant
July 2022 - PresentFrontier Technology Inc
- →Architect and develop agentic AI workflows and Python/Streamlit applications that automate multi-phase cybersecurity assessments, reducing manual analysis time and increasing threat detection coverage across customer engagements
- →Conduct gray-space analysis using Augury public internet flow sampling data, correlating netflow patterns with attack surface data and threat intelligence to identify adversary activity beyond customer network boundaries
- →Build AI-powered OSINT automation pipelines leveraging local LLMs to enrich analysis with contextual reasoning, accelerating intelligence gathering and threat actor attribution across complex datasets
- →Perform attack surface mapping and threat intelligence correlation using Shodan, Censys, Recorded Future, DomainTools, Spur, URLScan, and NexusXplore (adtech data) to deliver comprehensive risk assessments
- →Develop custom data aggregation and analysis tooling in Python to parse and visualize Zeek logs, netflow data, and multi-source intelligence feeds, enabling rapid identification of anomalous behaviors and threat indicators
- →Create interactive Streamlit dashboards providing dynamic visualizations for threat hunts, assessment reporting, and cross-team collaboration on findings
Cybersecurity Engineer / Splunk Engineer
August 2020 - July 2022OASYS-INC
- →Administered Splunk deployment supporting the Security Operations Center, building custom queries and dashboards to detect and investigate suspicious activity across enterprise endpoints
- →Configured dashboards visualizing security metrics for customer-facing incident response investigations and real-time threat monitoring
- →Developed and maintained Standard Operating Procedures for threat hunting practices aligned to the MITRE ATT&CK framework, improving consistency and coverage of detection methodologies
Senior Cybersecurity Analyst
March 2019 - August 2020Scientific Research Corporation
- →Conducted research and analysis of current and emerging cyber threats in a team environment, producing actionable intelligence reports for DoD stakeholders
- →Analyzed how cyber threats apply to test and evaluation events from both offensive and defensive perspectives, defining data collection requirements for testing U.S. weapon systems
- →Developed high-level briefings, papers, and concepts of operation to support testing and training needs of future DoD systems
Information Systems Security Engineer
August 2016 - August 2017Harris Corporation
- →Performed system hardening via DISA STIG implementation, patch management, IAVM tracking, and ACAS/SCAP vulnerability scanning with remediation across classified environments
- →Managed network security operations including switch/router administration, compliance monitoring, and Windows 10 migration across the enterprise
FSO / Information Systems Security Engineer
June 2010 - April 2016EpiQ, Inc. · Huntsville, AL
- →Served as Facility Security Officer managing DoD Security Clearance matters; conducted successful DSS initial and periodic inspections
- →Analyzed and implemented cybersecurity requirements into accreditation packages meeting DoD/Army standards using DIACAP, RMF, and NIST frameworks
- →Maintained eMASS accreditation database, conducted vulnerability audits via ACAS/SCAP, and generated security documentation including POA&Ms and system security plans
$ cat education.txt
M.S. Cybersecurity and Information Assurance · Western Governors University
December 2017Bachelor of Business Administration · Faulkner University, Huntsville, AL
February 2014$ echo $CLEARANCE
TS/SCI
This resume is available at aaron-hays.com/resume
Use Ctrl/Cmd+P to save as PDF