About

About Me

Josh
Josh Strickland
Threat Hunter • Incident Handler
Location South Carolina
Current Role Threat Hunter
Company Secnap Network Security
GitHub NovaSky0x1

How I Got Here

I started at the help desk. Moved through systems engineering and network security, then into the SOC. I love all of it. Working alerts, hunting through telemetry for things that automated tools miss, handling incidents from first alert to resolution. Threat hunting and incident handling feed each other and I want to be good at both.

At Red Canary I hunted full time across major EDR platforms. Found a threat actor with a 2-month undetected VPN compromise running AD brute force. Identified malicious LNK files pointing to C2 and infostealers like Chihuahua Stealer. I got to take real hunts and work with the detection engineering team to convert them into production rules.

Now I'm at Secnap Network Security where I wear a lot of hats. I'm the threat hunter, digging through raw EDR telemetry across customer environments to find what the automations miss. I handle incidents end-to-end, from triage and investigation through containment and customer communication. I've also built the entire customer portal, SOC dashboard, workflow system, and response processes from the ground up.

I've also been developing agentic AI agents for the SOC and threat hunting teams. Agents that triage incoming threats and baseline identity activity to support hunts. It's still early, but it's already changing how we work.

I'm not a developer by background, but I've gotten hands-on building the tools our team needs. I like solving problems and I like building things that make security operations better.

Experience

Career Timeline

AUG 2025 - PRESENT
Threat Hunter
Secnap Network Security
  • Threat hunting across customer environments in LimaCharlie using Jupyter Notebooks, Pandas, and DataWrangler
  • Converting hunts into recurring hunts or detection rules as feasible
  • Building deterministic agentic AI agents in PHP and MySQL for SOC triage and identity baselining
  • Incident handling end-to-end: triage, investigation, containment, escalation
  • Detected ClickFix attack via callstack analysis, prevented NetSupport RAT deployment
  • Built the entire customer portal, SOC dashboard, workflow system, and response processes from scratch
  • Direct customer communication during declared incidents
  • Customer-facing product demos and support
APR 2025 - AUG 2025
Threat Hunter
Red Canary
  • Hunted across SentinelOne, CrowdStrike, MDE, Carbon Black, Palo Alto Cortex
  • Found 2-month undetected VPN compromise with AD brute force
  • Identified malicious LNK files pointing to C2, Chihuahua Stealer
  • Surveyor + Jupyter notebooks + Pandas for cross-environment queries at scale
  • Converted threat hunts into production detections with the DE team
  • Primary customer contact during declared incidents
AUG 2024 - APR 2025
SOC Analyst
Secnap Network Security
  • 24/7 SOC for small businesses and MSPs: triage, blocking, isolation
  • Threat hunting with Velociraptor and Fibratus for kernel-level detection
  • Built ransomware detection rules using File I/O patterns from Windows kernel events
  • Built unified MDR agent as a Windows service
  • Automated MDR build process using PowerShell and Bash scripting
DEC 2023 - AUG 2024
Cybersecurity Analyst
Intelli-NET
  • Fortinet firewalls, Ubiquiti, ThreatLocker, Huntress EDR
  • NIST 800-171/800-61 alignment, IR policies, DR plans
  • PowerShell automation for security configs (SMB Signing, LLMNR/NetBIOS)
AUG 2023 - DEC 2023
System Engineer
Intelli-NET
  • Domain Controllers, Azure Cloud Sync, hybrid identity management
MAR 2023 - AUG 2023
Help Desk Specialist
EIT Networks
  • Where it all started. AD, O365, vulnerability assessments.
Certifications

Certs

Security+
CompTIA
Network+
CompTIA
Blue Team Level 1 (BTL1)
Security Blue Team
Security Analyst Level 1 (SAL1)
CyberExam

Want to connect?

Happy to talk about threat hunting, incident handling, or whatever's on your mind.

Get In Touch