Sam Gresty
Cybersecurity Analyst
Cybersecurity • Threat • Operations

I'm Sam, a Cybersecurity Analyst focused on threat detection, response, and cloud security.

I work across Microsoft Security and Arctic Wolf tooling to reduce potential compromise, enhance incident response, and manage vulnerabilities. I enjoy turning noisy alerts and raw data into clear, actionable decisions.

This portfolio showcases selected projects, practical write-ups, and case studies that reflect my approach to cybersecurity challenges in real environments.

View Projects Contact me Download CV
Note:

This site is actively being refined as I expand my case studies and increase my HTML knowledge.

Projects & Case Studies

KQL • Defender • Microsoft Excel

Vulnerability Reporting Using KQL

Produced a vulnerability report outlining weaknesses across the business.

Weaknesses Vulnerability Management Collaboration
1 Hour
Plan • Document • Microsoft Word

Incident Response Plan (IRP)

Documenting what would happen if we have an incident,

Weaknesses Vulnerability Management Collaboration
2 Hour
Malware • IR • Future Prevention

Malware Handling

I have produced a document that informs us what we need to do if we have a malware attack or attempt

Alert Reactive Write-up
3 Hours GitHub
Pen-Test • IR • Testing

Pen-Test Scope

Put together documentation of a scope for a 3rd party pen test to test our externally facing IPs etc

3rd Party Pen-Test vulnerabilites
1 day
Infrastructure • Cloud • On-Prem

Hybrid Infrastructure

Designed and documented a hybrid infrastructure layout covering on-premise servers and cloud integration.

Infrastructure Cloud Servers
6 Hours
Awareness • IR • SOP

Standard Operating Procedure

Was created after a false possitive that was raised, documented the findings and how to resolve quickly next time

information Knowledgebase Microsoft Word
5 Hours GitHub
Training • Security • Awareness

Awareness Training

Developed cybersecurity awareness material for staff, improving understanding of threats and best practice.

Training Staff Awareness Cyber Safety
5 Hours
Policy • Governance • Security Standards

Cybersecurity Policy

Produced a comprehensive cybersecurity policy setting out expectations, responsibilities, and minimum standards.

Governance Policy Security
5 Hours
Risk • Impact • CIA

Risk Appetite Statement

Created a risk appetite statement to showcase the business has 0 tollerance to risk and must be protected at all times

Governance Security Frameworks Cyber Essentials
2 Hours
Risk • Governance • CIA

Risk Register Template

Created a reusable template for capturing, reviewing, and managing organisational risks.

Risk Management Governance Assessment
2 Hours
Design • UI • Branding

Portfolio Rebuild

Rebuilt the entire portfolio with a cleaner structure, improved accessibility and brand consistency.

Design Branding Front-End
3 Months
Python • Coding • Security

Password Strength Script

Created a Python script that evaluates password strength and flags weak entries.

Python Security Password Testing
5 Hours

Tools & Technologies

Microsoft Sentinel
Microsoft Defender
Cisco Umbrella
Mimecast
Nessus
Ivanti Neurons
Patch My PC
AnyRun
Wireshark
Azure AD / Entra ID
Intune
AD Manager
KeePass
Barracuda WAF
Arctic Wolf
1Password
Graph API
CyberChef
MX Toolbox
DNSDumpster
KnowBe4
TeamViewer
PowerShell
Kali Linux

Skills

Threat Detection & Response

  • SOC operations & SIEM monitoring
  • Alert triage & escalation
  • Incident response lifecycle
  • Threat investigation & IOC analysis
  • MITRE ATT&CK mapping
  • Log correlation & event analysis
  • False‑positive reduction & tuning
  • Security operations documentation

Detection Engineering & KQL

  • KQL query development & optimisation
  • Custom detection rules in Sentinel
  • Vulnerability reporting automation
  • Device isolation & health checks
  • Sensor health state analysis
  • AVD/WVD log analysis
  • Defender email routing queries
  • Dashboards & reporting for stakeholders

Endpoint Security & Defender

  • Defender for Endpoint configuration
  • Device isolation & remediation workflows
  • Antivirus & full system scans
  • ASR rule creation & testing
  • Defender for Identity sensors
  • Suspicious file analysis (AnyRun)
  • Threat blocking & IOC importing
  • Exclusions management & tuning

Cloud & Identity Security

  • Entra ID / Azure AD administration
  • Conditional Access & MFA troubleshooting
  • Risky sign‑in investigation
  • Cloud app permissions review
  • Identity theft & pass‑the‑ticket investigation
  • Access reviews & least‑privilege thinking

Network & Email Security

  • Cisco Umbrella policy management
  • Domain, URL & IP blocking
  • Decryption exceptions & routing troubleshooting
  • Mimecast policy creation & modification
  • DKIM, DMARC & SPF troubleshooting
  • Held/bounced email investigation
  • WAF log review & analysis

Governance, Risk & Automation

  • Policy creation & review
  • Risk registers & appetite statements
  • Cyber Essentials alignment
  • SOP creation & knowledge base building
  • Audit preparation & evidence gathering
  • PowerShell scripting for workflows
  • KQL‑driven reporting automation

Certifications

Microsoft Security Fundamentals (SC-900)
Actively studying: AZ-900
Future focus: AZ-104

Contact

I'm happy to discuss collaboration, open roles, or provide feedback on security projects. If you'd like to request a redacted case study or confirm certifications, feel free to send a message or email me directly.




Email directly