01. about

I'm Michelle Duell, transitioning from military intelligence to cybersecurity with a focus on defensive security and threat intelligence.

I work as an intelligence analyst, where I've spent years analyzing patterns, tracking adversaries, and turning complex data into actionable insights. Those same skills translate directly to what I'm passionate about now: blue team operations, incident response, and threat hunting. I also co-presented at the WiCyS 2026 Conference in Washington, DC on reverse engineering with Ghidra for DNS exfiltration detection, covering static binary analysis from novice to professional level. More recently, I've been volunteering with the KC7 Foundation as an AI Workflow Engineer and Threat Content Analyst, where I contributed to a published threat scenario and built a content pipeline that cuts scenario production time from 2-3 months down to about 2 weeks.

As a SANS Cyber Academy Scholar and GIAC Advisory Board member, I've earned GCIH (98%), GSEC (95%), and GFACT (100%) certifications, along with a Trusted AI Safety Expert (TAISE) certification from the Cloud Security Alliance. I've put those skills to the test in competition, placing 1st in the Tenable x WiCyS CTF, 1st Overall and 1st Industry Professional at the WiCyS 2026 Conference CTF, 1st in the WiCyS Cyber Quest Tournament, 2nd in the SANS Women's History Month BootUp CTF, 2nd in the WiCyS x Target Cyber Defense Challenge, and earning Runner-Up Most Creative Report and 5th place in the SANS Holiday Hack Challenge.

Outside of competitions, I'm building practical experience through my homelab and independent research. The GCP honeypot is complete, 96 million events across 28 days documented in a 14-report research series. AeroLab v2 is the current focus: a full rebuild across two physical Proxmox nodes with five segmented networks and a detection stack built around Elastic SIEM 9.x, Velociraptor for endpoint forensics, and MITRE Caldera for ATT&CK-mapped adversary emulation against a Windows Server 2022 domain controller. The goal is simple: run an attack, see what the SIEM catches, write a Sigma rule, repeat. I'm also working through the Cisco CCNA 200-301 curriculum via the NetworkChuck Summer of CCNA to sharpen the networking fundamentals that sit underneath all of it.

Currently open to cybersecurity opportunities, collaboration on security research, and speaking engagements.

02. achievements

Competitive Achievements

CTF 2026

Tenable x WiCyS Exposure Quest CTF

1st place finish in the Tenable x AWS Capture the Flag: Exposure Quest Edition, hosted by Women in CyberSecurity (WiCyS). Competed across three days navigating Tenable's Nessus platform and cloud dashboards, hunting flags through scan data, plugin IDs, audit findings, asset data, and vulnerability reports with no prior platform experience.

Nessus Vulnerability Management Log Analysis Cloud Security
CTF 2026

WiCyS 2026 Conference CTF

1st place Industry Professional and 1st place Overall in the NCL-hosted CTF at the WiCyS 2026 Conference in Washington, DC. Competed across OSINT, password cracking, log analysis, network traffic analysis, cryptography, web application exploitation, and forensics challenges.

OSINT Log Analysis Web Exploitation Forensics
CTF 2026

WiCyS Cyber Quest Tournament

1st place finish out of ~325 competitors in the Women in CyberSecurity (WiCyS) Cyber Quest Tournament powered by SANS Institute Cyber Ranges. Competed across network forensics, web exploitation, SIEM analysis, assembly programming, and multi-stage exploitation challenges.

Network Forensics Web Exploitation SIEM
CTF 2026

SANS Women's History Month BootUp CTF

2nd place finish in a free, 72-hour global CTF hosted by SANS Institute, open to beginner and intermediate competitors worldwide. Competed across web exploitation, network forensics, pwn, log analysis, and password cracking.

Web Apps Log Analysis Password Cracking Network Forensics Pwn
CTF 2025

SANS Holiday Hack Challenge

5th place finish solving all 26 challenges and Runner-Up for Most Creative Report. Built custom technical writeup webpage with interactive elements and comprehensive documentation covering router exploitation, web application attacks, privilege escalation, cloud security misconfigurations, and protocol analysis.

5th Place Runner Up Most Creative Web Exploitation Technical Writing
COMPETITION 2025

Target x WiCyS Cyber Defense Challenge

2nd place overall finish in national cyber defense competition. Successfully defended infrastructure against red team operations while maintaining critical services.

Blue Team Incident Response Defense

Speaking Engagements

"Reverse Engineering with Ghidra for DNS Exfiltration"

February 2026

WiCyS San Diego Virtual Speaker Series

Co-presenting 45-minute technical session covering novice to professional reverse engineering methodologies using Ghidra for static binary analysis.

"Reverse Engineering with Ghidra for DNS Exfiltration"

March 2026

WiCyS 2026 Conference | Washington, DC

Co-presenting 45-minute technical session covering novice to professional reverse engineering methodologies using Ghidra for static binary analysis.

Technical Writing

Author of technical reports and analysis documenting CTF challenge solutions, honeypot deployment findings, blockchain security research, and homelab infrastructure. Published 8 articles at medium.com/@aeronique

03. certifications & training

certifications.sh

$ cat active_certifications.txt

  • → SANS Cyber Academy Scholar
  • → Trusted AI Safety Expert (TAISE) | March 2026
  • → GIAC Certified Incident Handler (GCIH) | February 2026
  • → GIAC Security Essentials (GSEC) | December 2025
  • → GIAC Foundational Cybersecurity Technologies (GFACT) | October 2025
  • → ISC2 Certified in Cybersecurity (CC) | June 2025
  • → Google Cybersecurity Professional Certificate | 2025
  • → Google IT Support Professional Certificate | 2025
  • → Google AI Essentials | 2025

04. education

Undergraduate Certificate, Computers and Networking

2022

American Military University

Associate of Applied Science, Intelligence Operations

2019

Cochise College

Master of Music Education

2010

Lamar University

Bachelor of Music Performance

2007

Lamar University

05. professional affiliations

GIAC Advisory Board
Military Cyber Professionals Association
Women in CyberSecurity (WiCyS)
VetSec
Military Intelligence Corps Association

06. professional experience

AI Workflow Engineer & Threat Content Analyst (Volunteer)

KC7 Foundation | Remote

2026 - Present
  • Contributed to a published investigation, authoring a threat scenario and investigative workflow released on KC7's free cybersecurity education platform
  • Designed an agentic content pipeline using LLM-powered agents that takes a human-authored scenario concept and generates the full game, including threat narrative, datasets, and KQL queries, with projected production time dropping from 2-3 months to approximately 2 weeks
  • Review threat scenarios, datasets, and investigative workflows for technical accuracy, validating TTP realism, identifying gaps before scenarios reach learners, and providing structured feedback to the KC7 team to maintain consistent quality standards

[REDACTED] Intelligence Analyst

U.S. Army Reserve | [REDACTED] Clearance

June 2018 - Present
  • Conduct intelligence analysis operations supporting [REDACTED] missions
  • Lead cross-functional teams in multi-source intelligence production
  • Author detailed intelligence reports and briefings for senior leadership requiring clear technical writing and complex information synthesis
  • Analyze imagery and geospatial data using pattern recognition techniques directly applicable to network traffic analysis and threat hunting
  • Apply intelligence cycle methodologies (collection, analysis, dissemination) mirroring the threat intelligence lifecycle
  • Identify adversary tactics, techniques, and procedures (TTPs) and correlate indicators across multiple data sources

OSINT Researcher (Volunteer)

National Geospatial-Intelligence Agency GEMINI Program

May 2020 - Present
  • Maintain and enhance open-source intelligence maps using research approaches aligned with cyber threat intelligence collection and OSINT reconnaissance

Band Director

Nederland Independent School District | Nederland, TX

2010 - 2015
  • Led highly successful band program of approximately 500 students, earning multiple regional and state recognitions for performance excellence
  • Developed curriculum, managed student performances, and coordinated community outreach programs
  • Applied strong leadership, organizational skills, and cross-functional collaboration with administrators, parents, and community stakeholders

07. legacy systems

Before pivoting to cybersecurity, I spent over a decade as a professional musician. Mastering complex systems is kind of my thing.

Professional Orchestral & Jazz Performance

  • → Assistant Principal Clarinet in three professional symphonies
  • → Multi-woodwind specialist in professional musical pit orchestras
  • → Jazz saxophonist in big band ensembles

Music Education & Leadership

  • → Graduate Assistant: Conducted university concert band
  • → Rebuilt university marching band program from the ground up
  • → Assistant Band Director managing 500+ student program
  • → M.M. in Music Education, B.M. in Clarinet Performance

$ echo "Fun fact: I was a Blockbuster Video manager in college. Yes, I'm that old."