Ryan Bertulfo

Ryan Bertulfo

Security and Network Operations

EMAIL ryanbertulfo@gmail.com
CV Download ↓
LOCATION Singapore 📍
STATUS Open to Work ▲

About Me

Security Operations Specialist with 6+ years of experience supporting government and enterprise environments in Singapore across network, server, endpoint, and security monitoring. Strong background in SIEM alert triage, malware investigation, incident escalation, compliance reporting, and operational leadership in 24×7 critical environments.

Hands-on experience with Google Chronicle, Elastic SIEM, Splunk, AWS CloudWatch, Sysmon, ELK Stack deployment, Windows/Linux log analysis, and vulnerability scanning tools such as Nessus and Qualys. Experienced in handling GCSOC (Gov SOC) tickets, security detections, and acting as the bridge between internal L2 SecOps, Infra, and Network teams.

Actively developing a SIEM-centered portfolio through Elastic, Chronicle, Splunk, and cloud monitoring projects. Building detections, dashboards, log pipelines, and IR reports to strengthen Blue Team and SIEM engineering capability. Progressing through free SOC/SIEM learning paths and planning Blue Team Level 1 (BTL1) in 2026 if required.

Core Competencies

Security Operations & IR

SIEM alert triage (Chronicle, Elastic, Splunk) Malware validation, false-positive analysis Trend Vision One incident review GCSOC alert handling for agency cloud workloads Security incident documentation & escalation

SIEM & Detection Engineering

ELK Stack deployment Log ingestion (Windows, Sysmon, Linux) Field extraction & parsing Detection rule development (Elastic, Splunk, Chronicle) Basic correlation logic

Cloud & Infra Monitoring

AWS CloudWatch alarms (EC2 CPU, memory, disk, logs) EC2 onboarding & alert creation CloudFormation WAF & Shield AWS AMS

Ops Leadership

6-person 24/7 monitoring team lead Escalation matrix ownership and SOPs SLA compliance, RCAs, and availability reporting Monthly GCSOC compliance reporting

Observability Platform

CA Spectrum SolarWinds eG Monitoring CloudWatch ELK Stack Cisco Prime

Government Compliance

GCC GCSOC GASSP SOAR CTP & GITSIR

Resume

Professional Experience

Senior Infra Executive, Security & Network Operations - Team Lead

NCS Group Singapore / APBA TG Pte Ltd

Jul 2018 - Present
Security Operations
  • Triaged and analyzed GCSOC (Gov SOC) alerts for cloud-hosted systems across multiple agencies.
  • Reviewed malware alerts, identified repeated detections, validated false positives, and escalated confirmed security events to L2 SecOps.
  • Performed attack surface analysis using event logs and Trend Vision One telemetry.
  • Conducted coordination with pentesters for red-team exercises and flagged expected vs unexpected detections.
  • Authored monthly security compliance reports summarizing incident types, trends, and SOC case volumes.
SIEM Monitoring & Detection
  • Used Elastic SIEM for log ingestion, dashboards, and basic detection rule creation (PowerShell anomalies, process injections, user behavior anomalies).
  • Conducted Splunk alert setup via home lab and tested EC2 log ingestion, validating rule triggers and false positives
  • Built preliminary correlation rules and dashboards for endpoint activity using Sysmon and Windows logs.
  • Utilized Chronicle SIEM workflows in lab for alert investigation and rule testing.
Ops & Infra
  • Acting team lead for an 8-member monitoring team across day/night shifts.
  • Managed real-time monitoring of servers, network devices, UPS/critical systems, and endpoint workloads.
  • Generated availability reports, operational KPIs, and incident summaries for management.
  • Configured AWS CloudWatch alarm thresholds and monitored EC2 performance.
Key Achievements
  • ✓ Automated EC2 CloudWatch alarms, reducing manual errors
  • ✓ Documented and improved shift handover protocols
  • ✓ NLB Service Excellence Best Vendor Award (2022-2025)

Help Desk Specialist (Assistant Team Lead)

NCS Group Singapore

Jun 2012 - Jun 2018
  • Provided first-level support for 500+ employees with 98% satisfaction rate
  • Administered user accounts, VPN, Citrix, SharePoint for 200+ new hires annually
  • Collaborated with IT vendors to resolve infrastructure issues
  • Generated weekly reports achieving 95% SLA compliance

Education

Bachelor of Science in Information Technology

South Western University

Cebu City, Philippines

Portfolio

featured
CompTIA Security +

CompTIA Security +

CompTIA

Verify Certificate
Certificate
ISC2 CC

ISC2 Certified in Cybersecurity

ISC2

Verify Certificate
Badge
IBM Cybersecurity Fundamentals

IBM Cybersecurity Fundamental

IBM

Verify Badge
Badge
Google Chronical Technical Training

Security Practices with Google Security Operations - SIEM

Google Skills Build

Verify Badge
ITIL v4

ITIL v4 Foundation

IT Service Management AXELOS

Latest
Greatlearning

Elastic Stack

Great Learning

elearning
Qualys

Qualys Vulnerability Management

Qualys

CDFOM

Data Center Facilities Operations Manager

EXIN CDFOM Certified

eLearning
Splunk

Splunk Security OPerations and the Defense Analyst

SPLUNK

AWS SAA

AWS Solutions Architect Associate - AWS SAA

AWS

Verify Certificate
CCNA

Certified Cisco Network Associate - Routing & Switching - CCNA

CISCO

Verify Certificate
Badge
Cisco200

Cisco Verified Level 200

CISCO

Verify Badge

My Cloud Resume Challenge

A hands-on, multi-step resume project which helps build and demonstrate fundamental skills in cloud environment, particularly AWS

CloudFront CloudFormation CloudWatch Certificate Manager DynamoDB
View Project

Elastic ELK with Win, Ubuntu & Sysmon Set Up

My project for setting up ELK for security monitoring with Windows and Ubuntu Agents for practicing log events and security alert detection

ELK Kibana Blue Team Security Monitoring
View Project

Splunk Set Up alerts with Linux and AWS CloudWatch

Basic guide on how to forward Ubuntu machine logs to Splunk using the Universal Forwarder and email alerts for critical events like CPU spikes and multiple login attempts.

Splunk Automation Security Incident Response
View Project

Get In Touch

Feel free to reach out for collaborations, opportunities, or just to connect!

Email

ryanbertulfo@gmail.com

Phone

+65 81219509

LinkedIn

Let's Connect!

Github

View my projects