Projects – Ryan Scogna

Security & Infrastructure Projects

KnowBe4 Phishing Automation Framework – Developed a repeatable and automated phishing‑campaign architecture that combines smart groups, tiered difficulty levels (Beginner → Advanced), and a quarterly rollout cadence. Mermaid flowcharts were used to model the design structure, resulting in a nearly hands‑off system for campaign automation, scheduling, and reporting.
Cofense → KnowBe4 Platform Migration – Led transition from Cofense to KnowBe4 for phishing simulations and training. Migrated users from Entra ID, configured SCIM provisioning, SSO/SAML, admin MFA, deployed the Phish Alert Button, and validated campaign parity.
Abnormal Security Email Defense Deployment – Assisted in rollout of Abnormal Security as the primary email security platform while phasing out Proofpoint. Completed Abnormal Academy training and supported detection logic validation and user readiness.
CrowdStrike Sensor & Endpoint Validation – Supported Falcon sensor updates, host group changes, and policy validation. Coordinated ServiceNow changes, verified sensor health, and assisted with pre- and post-deployment checks.
Next-Gen SIEM Evaluation (CrowdStrike) – Participated in planning and evaluation of Falcon Next-Gen SIEM. Reviewed ingestion models, LogScale search, Charlotte AI, SOAR workflows, and identity/endpoint telemetry integration.

Internal API Mini-Project – Designed and tested a small internal API to support automation learning. Implemented authentication, data retrieval, JSON parsing, and structured error handling using Python.
Security Data Automation Scripts – Built PowerShell and Python scripts to process asset exports, generate Excel reports, and create pivot-based remediation tracking for vulnerability and endpoint investigations.

Security Lab Environment – Built a multi-VM lab using VirtualBox and Proxmox with Windows, Linux, and Kali systems. Used for API testing, CVE reproduction, and sensor evaluation.
TrueNAS SCALE & Container Experiments – Migrated from TrueNAS Core to SCALE to support Docker workloads. Tested Immich deployment, dataset tuning, and container behavior.