David Cardoso

I’m a CISSP-certified cybersecurity professional with 6+ years in Incident Response, Cyber Defense Operations, and SOC operations. I’ve built hands-on, operational defenses that focus on rapid containment, eradication, and recovery—especially when the business can’t afford delays.

At Amgen (Tier 3 Incident Response), I led critical work that drastically reduced production downtime from 6 months to 1 day. I served as a key IR liaison during a global Swimlane to Turbine SOAR migration, automating playbooks for Cyber Defense Operations, and I led post-incident reviews and forensic analysis to drive vulnerability remediation.

I bring measurable outcomes to detection quality and threat discovery. My work reduced false-positive events from 40% to 10%, and I spearheaded threat hunting using Microsoft Copilot to uncover and remediate internal credential exposures, while also creating internal phishing campaigns to strengthen email security and employee awareness.

Earlier, I supported SOC teams at OutSystems and Multicert by implementing AWS security controls, building Splunk dashboards and metrics (improving detection by 33%), and using Microsoft Defender 365 for forensic investigations and email security enhancements. I also leveraged MISP threat intelligence, developed automation scripts and a vulnerability scraper for early warning, and supported security monitoring architecture with ArcSight and FortiSIEM—plus I founded CyberPlay to develop the D.A.V.I.D Engine, an AI system for adaptive incident response simulations in healthcare.