Gerard Vince Lillo

Security - Automation - Cloud - Offensive & Defensive

Gerard Vince Lillo

Building practical security through clean automation.

Security Engineer at Cloud Ready Technologies Corp. Focused on CI/CD security, cloud posture, detection automation, and hands-on testing.

View projects Download resume

Focus

What I do best

  • Detection automation and response acceleration
  • Security automation for CI/CD workflows
  • Cloud and detection engineering for posture and remediation
Python AWS Bitbucket Jira

400+ Endpoints Secured

Deployed and protected Windows endpoints at scale.

Automated CI/CD Triage

Converted scan findings into actionable remediation workflow.

Accelerated Response

Reduced handling time through detection-to-ticket automation.

About

I build security systems that are simple to run, easy to maintain, and hard to break.

My approach

I optimize for signal: reduce noise, automate repetitive workflows, and deliver clear remediation paths.

If there is something I do not know yet, I learn it quickly and apply it in production-grade workflows.

Core skills

Vulnerability pipelines Parsing & reporting Cloud posture Pentesting SOC automation Endpoint tooling SIEM tooling

Strong preference for clean designs, predictable systems, and measurable improvements.

Arsenal

Tools and areas I use in real work.

Automation

Python & Pipelines

Parsers, integrations, reporting, CI/CD security flows.

PythonBitbucketJira

Security

Testing & Review

Security validation, misconfiguration analysis, and remediation-focused reporting.

ValidationMisconfigurationsReporting

Cloud

AWS Posture

Prowler/Plerion findings, remediation research, guardrails.

AWSProwlerPlerion

Services

How I can help teams ship securely and respond faster.

Service

Security Automation

Build Python-driven security automation for scanning, parsing, triage, and reporting workflows.

Service

Cloud Security Review

Assess AWS posture, prioritize risk, and provide practical remediation roadmaps.

Service

SOC & Detection Workflows

Improve detection-to-response flow using SIEM/SOAR integrations and operational playbooks.

Projects

Case studies plus latest repositories from GitHub.

GuardSweep EDR project screenshot

Case study

GuardSweep | EDR

Python-based endpoint monitoring tool for process, file, and network activity visibility.

  • Problem: lightweight detection for suspicious endpoint behavior.
  • Build: real-time monitors and reporting flow in Python.
  • Outcome: faster triage visibility for suspicious activities.
Python EDR Threat detection
View case repo
Veda crypto tracker screenshot

Case study

Veda | L1 Crypto Tracker

Real-time dashboard to track Layer-1 assets, charts, and market activity.

  • Problem: clear and fast L1 market tracking in one dashboard.
  • Build: API-fed frontend with charting and comparative metrics.
  • Outcome: better visibility for monitoring signals and trends.
JavaScript APIs Dashboard UI
View live site

Loading projects...

Experience

Cloud Ready Technologies Corp. - roles and impact.

Security Engineer

Cloud Ready Technologies Corp.

May 2025 - Present

Highlights

  • Deployed Trend Micro Vision One FSS for detection monitoring, investigation support, and response coordination.
  • Designed and implemented a CI/CD security pipeline using Bitbucket Pipelines to automate vulnerability scanning with Trivy.
  • Built a Python parser for Trivy JSON to identify critical misconfigurations and de-duplicate findings.
  • Automated remediation workflow by creating Jira tickets directly from pipeline findings.
  • Performed SaaS API pentesting and reported issues like CORS misconfigurations and token replay vulnerabilities.

Security ops & cloud

  • Conducted cloud posture assessments using Prowler and Plerion; researched remediation strategies.
  • Configured CrowdStrike Falcon SOAR to create Jira tickets from detections, improving response time.
  • Deployed Bitdefender BEST to 400+ Windows endpoints via Active Directory integration.
  • Led design of managed backup service; created SOW and cost analysis for Commvault/AWS backups.
  • Resolved domain reputation issue by coordinating with VirusTotal and vendors to clear false positives.
Trivy Bitbucket Pipelines Jira Trend Micro Vision One CrowdStrike SOAR Prowler AWS

Security Analyst

Cloud Ready Technologies Corp.

July 2024 - April 2025
  • Monitored and triaged security alerts using Splunk, documenting incidents by severity and escalation protocol.
  • Analyzed Indicators of Compromise (IoCs) to identify and neutralize threats across client environments.
  • Authored weekly health check reports on endpoint malware detection, agent status, and policy compliance.
  • Provided tailored security recommendations including upgrade advisories and mitigation plans.
Splunk Incident triage IoC analysis Reporting

Software Engineer

Cloud Ready Technologies Corp.

Jan 2024 - July 2024
  • Developed Python log parsers to automate alert processing and integrate output with Jira for SOC analysts.
  • Used AWS Lambda for serverless execution, CloudWatch for debugging, S3 for storage, and EC2 for hosting Wazuh/Graylog.
  • Implemented SQS for delayed processing and improved automation reliability.
  • Configured VPCs and security groups to restrict access and secure Wazuh and Graylog instances.
Python AWS Lambda SQS Wazuh Graylog

Certifications

Professional credentials relevant to security engineering and operations.

Certifications

Junior Penetration Tester INE Security - Issued on October 20, 2024 GravityZone Cloud MSP Security Technical Specialist Bitdefender - Issued on June 20, 2025 ICSI | CNSS Certified Network Security Specialist ICSI - Issued on July 10, 2020 IBM Cybersecurity Analyst IBM - Issued on February 23, 2023

Contact

Open to new opportunities and security consulting engagements.