Professional Summary
Information Assurance and CMMC compliance professional with CMMC Registered Practitioner certification, CompTIA Security+ in progress, and 15+ years of enterprise technology experience. Specializes in defense supply chain cybersecurity — NIST 800-171, CUI handling, DFARS compliance, and FCA liability for the Connecticut defense industrial base. Combines hands-on network security lab work, published threat analysis, and the ability to translate complex compliance requirements into actionable guidance for non-technical leadership.
Most compliance professionals understand the frameworks. Few can analyze a live Lumma Stealer pcap, identify C2 beaconing, and write a threat brief a program manager will act on. I bridge that gap.
Professional Experience
Founder & CMMC Compliance Consultant
2023 – Present
SiteWave Studio · Milford, CT
- Developed 14-module CMMC cybersecurity awareness training covering all CMMC 2.0 domains — scenario-based quizzes, real case studies, and completion certificate designed for defense contractor workforce onboarding
- Published professional-grade threat analysis reports on Volt Typhoon, CMMC supply chain FCA liability, and coordinated infrastructure attack scenarios as independent contributions to the defense community
- Built open-source security tools: browser-based pcap analyzer, CVSS calculator, Glassworm detector, and zeek_triage.py automated IOC detection script with zero external dependencies
- Conducted hands-on malware traffic analysis using Wireshark and Zeek — identified Lumma Stealer C2 infrastructure, confirmed 2.27MB credential exfiltration, and mapped TLS-encrypted domains invisible to standard filters
Senior UI/UX Designer
2022 – 2024
SylvanRoad Capital · Remote
- Rebuilt core rental application experience for national housing platform, increasing application completion rates ~30%
- Led end-to-end UX design across custom web and mobile applications collaborating with product managers, developers, and C-suite stakeholders
Lead UI/UX Designer
2019 – 2022
605 · Media Analytics · Remote
- Accelerated project delivery 30%+ by establishing reusable design framework adopted across full product team
- Led complex B2B analytics product design from discovery through developer handoff for media measurement clients making multi-million dollar advertising decisions
- Translated technical constraints into user decisions — directly transferable to making CMMC and NIST requirements actionable for non-technical stakeholders
Senior UX/UI Designer & Consultant
2013 – 2019
Housing Tech, SaaS & E-Commerce Clients · New York / Remote
- 15 years designing enterprise web and mobile applications across housing tech, media analytics, and e-commerce sectors
- Extensive C-suite and VP-level communication — presenting risk tradeoffs and strategic recommendations directly transferable to compliance and advisory roles
- Early adoption of AI-assisted workflows; experimented with GPT-2 for form intelligence in 2018
Published Research & Security Tools
Volt Typhoon — Living Off the Land
yana-ivanov.github.io/cybersecurity-portfolio/analysis/Volt_Typhoon_Analysis.html
China's APT campaign: years-long LOTL persistence inside US critical infrastructure. Attack chain analysis, detection gaps, and defensive recommendations.
The Weakest Link — CMMC Supply Chain Analysis
yana-ivanov.github.io/cybersecurity-portfolio/analysis/CMMC_Supply_Chain.html
MORSECORP $4.6M FCA settlement analysis, C3PAO cost data, 50/50 cost-sharing model, mandatory training recommendation for CT defense subcontractors.
Lab Log 004 — Lumma Stealer Malware Analysis
yana-ivanov.github.io/cybersecurity-portfolio/labs/lab_log_004.html
Custom Wireshark SOC profile. Browser fingerprinting, TLS credential exfiltration to .su C2 domain. 2.27MB confirmed exfiltrated. Zeek ssl.log revealed 4 additional C2 domains.
zeek_triage.py — Automated IOC Detection
yana-ivanov.github.io/cybersecurity-portfolio/labs/lab_log_006.html
Python automation for pcap triage. DHCP/Kerberos/HTTP/TLS analysis, KNOWN_BAD_DOMAINS matching, severity scoring. Zero external dependencies.
CMMC Cybersecurity Awareness — 14-Module Training Tool
yana-ivanov.github.io/cybersecurity-portfolio/training/CMMC_Training.html
Interactive employee training covering all CMMC 2.0 awareness domains. Scenario-based quizzes, real case studies, completion certificate.