Cybersecurity Engineer · Cloud Security · Incident Response

I came to cybersecurity through a reinvention — not a straight line. Two decades leading organizations taught me how decisions get made and where they fail. Now I apply that lens to cloud security, investigating the incidents that matter most across global environments. I build things on the side. I write when I have something worth saying.

Resume

Experience

2023 — 2026

Amazon Web Services

Security Engineer · Cloud Security / SecOps

2021 — 2023

New York University

Lead Cybersecurity Instructor

2020 — 2023

Infosight

SOC Analyst II

2018 — 2020

Global Trust Management

Director of Operations

2014 — 2018

GMMI Inc.

Senior Account Manager

2000 — 2014

Sociedad Anticancerosa de Venezuela

Executive Vice President · Board Member

Credentials

Certification

GIAC GCIL

Certification

AWS Security — Specialty

Certification

AWS Solutions Architect

Certification

AWS AI Practitioner

Certification

AWS Cloud Practitioner

Certification

CompTIA Security+

Education

Cybersecurity Professional Program · University of Miami

Labs & Projects

Detection Engineering · AI Security

AI-Assisted SecOps Stack

An MCP-powered security operations stack built with VS Code, Cline, and Claude API — mirroring the production AI tooling used at AWS. Three custom MCP servers expose SIEM queries, vulnerability scanning, and IR runbook generation as callable tools, with human approval required on every action.

MCP ServersClaude APIAWS EC2TrivyMITRE ATT&CKNode.jsDocker
github.com/lguillex ● Complete

Architecture

Click diagram to open full screen ↗

LAPTOP VS Code Remote SSH thin client only SSM TUNNEL HTTPS only zero open ports EC2 t3.large · Amazon Linux 2023 VS Code Server Cline extension · Claude API (claude-sonnet-4-6) IAM ROLE: secops-portfolio-agent ssm:GetParameter on /secops-portfolio/* only AWS SSM Parameter Store secrets never on disk · never in git · KMS encrypted MCP SERVERS · stdin/stdout · no network ports siem-mcp query_alerts get_alert search_alerts 12 MITRE ATT&CK alerts readOnly · non-destructive vuln-scan-mcp scan_filesystem scan_container Trivy + Bandit execFile() · no shell inject path traversal blocked runbook-mcp list_templates generate_runbook 4 IR templates allowlist validated no path traversal audit.log · JSON Lines · append-only · credentials redacted ⚠ human approval on every tool call

Key Security Controls

Network

Zero open inbound ports

SSM Session Manager over HTTPS only

Credentials

Zero secrets in git or on disk

SSM Parameter Store · KMS encrypted

Containers

Non-root containers

USER mcp in all Dockerfiles · read-only filesystem

Human in the Loop

Approval before every AI action

Cline approval prompt on every MCP tool call

AI Trading · AWS · Automation

Autonomous AI Trading System

A fully autonomous 3-layer trading system running 24 automated jobs per day. Claude AI generates market analysis, scores options candidates using a VRP composite model, and sends trade proposals to Telegram for one-tap execution via Tastytrade’s live API. Runs 24/7 on a $7/month AWS Lightsail instance.

Not financial advice. All trade decisions are made by the user.

Claude APIPython 3.12FastAPIAPSchedulerAWS LightsailReact + ViteTastytrade APITelegram BotSQLiteCloudflare Tunnel
github.com/lguillex ● Live

Architecture

Click diagram to open full screen ↗

AWS Lightsail · Ubuntu 24.04 · $7/month trading-scheduler APScheduler 24 automated jobs 8:30am morning brief hourly L2 scan EOD digest 4:30pm trading-api FastAPI · Port 8000 REST endpoints position sync alert registry reconciliation trading-dashboard React + Vite · Port 3001 TradingView widgets live P&L view Tastytrade reconcile position management SQLite Database · trading.db positions · options_trades · alert_rules · watchlist EXTERNAL APIS Anthropic API claude-sonnet 12+ pipelines/day Tastytrade API OAuth2 · live orders CONFIRM to execute Market Data yfinance · Finnhub prices · IV · technicals Cloudflare Tunnel + Access · OTP · zero open ports trading.yourdomain.com secure dashboard access from anywhere Telegram Bot your phone SLAM DUNK alerts CONFIRM to execute morning / EOD digest 3-LAYER STRATEGY L1 · Fidelity ETFs + blue chips · $25K L2 · Tastytrade Options premium · $6K L3 · Fidelity Swing trades · $5K Layers fully isolated

Key Features

VRP Scoring

Options ranked 0–100

SLAM DUNK ≥88 triggers Telegram proposal

CONFIRM Flow

One-tap trade execution

Reply CONFIRM via Telegram → live Tastytrade order

24 Scheduled Jobs

Fully automated daily workflow

Morning brief · hourly scans · EOD digest · Sunday refresh

Risk Rules

Non-negotiable guardrails

Max 3 L2 positions · 50% profit close · 15% drawdown stop

Articles

Coming Soon

Writing on cloud security, incident response, and the craft of investigation.

Guides

Digital Safety · Coming Soon

Protect Your Parents Online

A practical guide for recognizing fraud, fake support calls, and digital scams — written for the people we love most, who are most at risk. Available in English and Spanish.

PDF · EN / ES · $9

Family & Teens · Coming Soon

The Teen & Parent Digital Safety Guide

The tools that exist for parental controls, how teens learn to bypass them, and how to have the real conversation. A bilingual guide for families navigating the digital world together.

PDF · EN / ES · $9

Contact

Open to conversations about security, cloud architecture, new opportunities, and collaborations.

Email lguillermo@me.com LinkedIn linkedin.com/in/luisaguillermo