MATT KEITH // SYSTEMS & SECURITY

// OPERATOR AUTHENTICATED — PORTFOLIO INITIALIZED //

MATT KEITH

TECHNOLOGY SERVICES MANAGER · SECURITY ENGINEER

PENETRATION TESTING DETECTION ENGINEERING AZURE / M365 FULL-STACK DEV HOME LAB OPS

VIEW PROJECTS GET IN TOUCH

▼ SCROLL ▼

// 01

ABOUT

MK

I'm a Technology Services Manager at the North Carolina Association of County Commissioners — primary helpdesk resource, internal developer, and the person who built the security awareness infrastructure from scratch.

My work lives at the intersection of systems engineering, cybersecurity, and automation. I build tools that actually get used: production Azure portals with Entra ID auth, MITRE ATT&CK-mapped detection engines, secrets scanners, and raw-socket recon tooling.

Outside of work I run a Dell PowerEdge T430 / Proxmox home lab and am actively building toward a cybersecurity engineering career.

5+

YRS EXPERIENCE

35+

TOOLS SHIPPED

2

CERTS EARNED

∞

TICKETS CLOSED

// 02

SKILLS & CERTS

◈

CYBERSECURITY

Penetration Testing
Detection Engineering
Security Awareness Training
Phishing Simulation Design
Log Analysis & SIEM
Vulnerability Assessment

AAS — CYBERSECURITY · WAKE TECH

CERT — PENETRATION TESTING

CERT — PYTHON

◈

CLOUD & INFRASTRUCTURE

Microsoft Azure
Microsoft 365 / SharePoint
Power Apps / Power Automate
Entra ID / SSO / OAuth
Azure App Service
Barracuda Email Security

◈

DEVELOPMENT

Python / FastAPI
HTML / CSS / JavaScript
SQLite / REST APIs
GitHub Actions CI/CD
APScheduler / Webhooks
pytest / ruff

◈

HOME LAB & SYSTEMS

Proxmox VE
Linux (Ubuntu / Debian)
Windows Server
Pi-hole / Cloudflare Tunnel
Ollama (Local AI)
NSSM / Systemd Services

// 03

PROJECTS

DETECTION ENGINEERING

EVTXPLORER

● LIVE

Windows Event Log analyzer with 21 YAML-driven MITRE ATT&CK detection rules. Threshold-based brute force, password spray, and Kerberoasting detection. Shannon entropy analysis, JSON/CSV/HTML reporting. CI tested across Python 3.10–3.12.

PythonMITRE ATT&CKYAMLpytestCI/CD

CREDENTIAL SECURITY

PORTCULLIS

● LIVE

Secrets and credential scanner for git repos and file trees. Shannon entropy analysis, YAML detection rules, git history auditing. Covers AWS keys, PEM certs, JWTs, .env secrets, database connection strings. Maps to MITRE T1552.

PythonSecrets ScanningGitEntropyMITRE T1552

NETWORK RECON

NETRECON

● LIVE

Network reconnaissance CLI built from raw sockets — no nmap wrappers. TCP port scanner with threading and CIDR support, service banner grabbing, DNS A/MX/TXT/NS enumeration, WHOIS via raw socket on port 43.

PythonSocketsDNSWHOISReconBlue Team

CYBER WARFARE SIM

BLACKSITE

● LIVE

Red vs Blue Team War Room with live scoring, ransomware kill chain visualizer, OSINT terminal with 9 commands, and solvable CTF arena with 13 challenges.

JSCanvasGitHub Pages

INCIDENT RESPONSE

PHANTOM::RESPONSE

● LIVE

IR command center — NIST SP 800-61r2 playbook engine, OSINT/attack surface mapper, malware sandbox with 6 malware families and MITRE ATT&CK mapping.

JSCanvasGitHub Pages

THREAT INTELLIGENCE

NEXUS::SENTINEL

● LIVE

Threat intel workstation — IP analysis, password auditing, hash identification, subnet calculator, port scanner, encoder/decoder, JWT decoder, security header checker.

JSCanvasGitHub Pages

PRODUCTION — IT OPS

NCACC COUNTY CONNECT

● PROD

Production CRM for a statewide government association. Entra ID SSO, Leaflet.js county/district map, automated daily Teams digest, Mailchimp sync, role-based access, CSV export.

FastAPIAzureSQLiteEntra ID

SECURITY AWARENESS

PHISHCRAFT

◈ WIP

Enterprise phishing simulation platform — 10 HTML templates, Jinja2 rendering, Graph API mailer, campaign analytics dashboard, Entra App Registration integration.

FastAPIGraph APIAzureJinja2

EVTXPLORER

● LIVE

YAML-driven MITRE ATT&CK log analyzer — 21 rules, threshold detection, brute force/spray/Kerberoasting

PythonMITREYAML

PORTCULLIS

● LIVE

Secrets scanner — entropy analysis, git history audit, AWS/JWT/PEM/env coverage. MITRE T1552

PythonEntropyGit

NETRECON

● LIVE

Raw-socket recon CLI — TCP scanner, banner grab, DNS enum, WHOIS. No nmap wrappers.

PythonSocketsDNS

BLACKSITE

● LIVE

Red/Blue war room, ransomware sim, OSINT terminal, CTF arena

JSCanvas

PHANTOM::RESPONSE

● LIVE

IR command center, NIST playbook, malware sandbox, MITRE mapping

JSCanvas

NEXUS::SENTINEL

● LIVE

Threat intel workstation — IP, hash, password, subnet tools

JSCanvas

PHISHCRAFT

◈ WIP

10 templates, Graph API mailer, campaign analytics, Entra integration

FastAPIGraph APIAzure

VOIDTERM CTF TOOLKIT

● LIVE

Base64/Hex/ROT13, hash cracking, JWT inspector, cipher tools

PythonFastAPIJS

NCACC COUNTY CONNECT

● PROD

Production CRM — Entra ID SSO, county map, Teams digest, Mailchimp sync

FastAPIAzureSQLite

FLOWSTATE

● LIVE

Visual automation workflow builder — 16 nodes, conditional logic, 4 exports

JSCanvas

NETFORGE

● LIVE

Network topology mapper — 20 devices, VLANs, 4 exports

JSCanvas

CLOUDCRAFT

● LIVE

Azure architecture planner — 21 resources, cost estimation, Terraform export

JSCanvas

RUNBOOK

● LIVE

IT runbook builder — checklists, code blocks, 6 templates

JSlocalStorage

PASSIVE RECON TOOLKIT

● LIVE

WHOIS/RDAP, DNS enumeration, CT subdomains, headers

JSRDAPDoH

IP INTELLIGENCE LOOKUP

● LIVE

GeoIP, ASN, reverse DNS, BGP, risk scoring, DNSBL

JSipapiBGPView

CVE EXPLORER

● LIVE

NVD API vulnerability lookup — CVSS gauges, severity filters

JSNVD API

LIVE THREAT FEED

◈ WIP

AbuseIPDB dashboard — confidence tiers, country stats

JSNetlifyAbuseIPDB

RETROWAVE THREAT MAP

◈ WIP

3D globe with live attack arcs via Three.js

Three.jsWebGLNetlify

NEONCAST

● LIVE

Broadcast control — SSE overlays, Stream Deck, OBS

FastAPISSEOBS

JARVIS SITUATION MONITOR

● LIVE

Real-time events dashboard — RSS, voting, CF Tunnel

FastAPIRSSSSE

SYNTHWAVE RESUME TERMINAL

● LIVE

Interactive retro terminal resume — boot sequence, 15+ Easter eggs

JSCanvas

SYNTHSTRIKE

● SHIPPED

Guitar Hero-style rhythm game — procedural synthwave chiptune

CanvasWeb Audio

CONTROLLER OFFICE

● LIVE

Windows productivity via Scuf controller — radial menu, Ollama AI

PythonOllama

SQUAD::STATS

● LIVE

3-player Fortnite stats dashboard — real Ch7 S2 data, trend charts

JSCanvas

LOOT::ROULETTE

● LIVE

Loadout randomizer — 5 maps, BR/Reload loot pools, squad roles

JSCanvas

DROP::ZONE

● LIVE

Squad drop planner — 5 real maps, POI ratings, custom markers

JSCanvas

TRASH::TALK

● LIVE

AI squad roast generator — Claude-powered stat-specific burns and awards

JSAnthropic API

BOUNTY::BOARD

● LIVE

Squad challenge tracker — post bounties, claim completions, leaderboard

JSHTML5

CLUTCH::REPLAY

● LIVE

Match storyteller — animated timeline, kill feed, hype commentary

JSCanvas

GLITCH::TYPE

● LIVE

Cyberpunk text effects — 7 animated modes, PNG export

JSCanvas

VIBE::CHECK

● LIVE

Ambient mood visualizer — 6 particle presets, click-to-burst

JSCanvas

FNLOG

● LIVE

Fortnite session tracker — CLI + vaporwave dashboard, K/D trends

FastAPIFortnite API

// 04

EXPERIENCE

2025 — PRESENT

Technology Services Manager

NC ASSOCIATION OF COUNTY COMMISSIONERS · RALEIGH, NC

Primary helpdesk resource and internal developer for a statewide government association. Built and maintain multiple internal platforms on Azure. Architected a security awareness program including a custom phishing simulation platform, Barracuda email security policies, and staff training materials. Manage M365, SharePoint, Power Apps, and Azure infrastructure.

AzureM365PythonFastAPISecurity Awareness

PRIOR ROLE

Customer Success Manager

MSP / MANAGED SERVICES

Client-facing technical account management for SMB and mid-market customers. Transitioned into engineering and infrastructure work during tenure, accelerating the pivot to a full technical career path.

Client MgmtIT SupportMSP

AUGUST 2025

AAS — Cybersecurity

WAKE TECHNICAL COMMUNITY COLLEGE

Associate of Applied Science in Cybersecurity alongside a Penetration Testing certificate program. Foundations in ethical hacking, network security, vulnerability assessment, and security operations. Additional Python certification.

Ethical HackingNetwork SecurityPen TestingPython

// 05

CONTACT

Open to cybersecurity engineering, detection engineering, and senior technical roles. Always down to talk home lab setups, tooling, or weird side projects.

✉ EMAIL in LINKEDIN ⌥ GITHUB ◈ JARVIS

// TRY THE KONAMI CODE //

// SYNTHSTRIKE MINI //