Cybersecurity Portfolio

WILLIAM
LOTTES

Ethical hacker. CTF competitor. Security-minded builder.
The only crime is how fast I find the bug.

96th
NCL Percentile
Top 1%
NCL Team Rank
🥇 1st
Web App (Gasparilla CTF)
Request a Sit-Down View the File
Field Intel

WHO IS
THIS GUY?

I'm a cybersecurity student at the University of Tampa, graduating May 2026, with a minor in Management Information Systems. My focus areas are web application exploitation, digital forensics, and building secure, repeatable workflows.

I don't just study security, I compete in it. Top 1% nationally in NCL team competition, 1st place Web App at Gasparilla CTF, and actively leading Root@UT's red team club. I'm calm under pressure, team-first, and relentlessly curious.

Web AppSec Digital Forensics Password Cracking Log Analysis Blue Team Cloud Security SIEM / ELK Network Defense
B.S.
Cybersecurity
University of Tampa
May '26
Expected
Graduation
7K+
NCL Individual
Field Size
4K+
NCL Teams
Competed Against
Operations

WHERE I'VE
DONE THE WORK

Jun 2025 – Present
Remote
Active
Software & Data Analyst
Data Annotations
  • Evaluate AI/ML outputs across text, image, and code to identify vulnerabilities and reasoning gaps.
  • Review and debug AI-generated code to enforce secure development practices and strengthen model reliability.
  • Produce structured annotations improving model reasoning and consistency at scale.
Aug 2022 – Jan 2025
Summerfield, FL
Poker Host / Brush
Oxford Downs Poker Room
  • Protected confidential patron data using GDPR-aligned procedures and strict access controls.
  • Maintained audit-ready transaction logs and documentation to ensure compliance and traceability.
  • Assisted 100+ patrons per shift in a high-stakes environment demanding accuracy and operational precision.
Physical Evidence

EXHIBIT A,
B, AND C

Cloud Security · IaC
Cloud Security & IaC Workshop
Designed and delivered a hands-on Terraform lab in AWS demonstrating secure Infrastructure as Code. Modified IAM roles to enforce least privilege, implemented custom security groups, enabled VPC Flow Logs and CloudTrail, and presented real-world cloud misconfiguration case studies.
TerraformAWSIAMVPC Flow LogsCloudTrail
Blue Team · Forensics · SIEM
AWS Blue Team & Digital Forensics Lab
Deployed EC2 instances for SIEM, OSINT (OpenCTI), and forensic environments. Analyzed Suricata, Zeek, and syslog data to detect brute-force and web attacks. Conducted memory forensics with Volatility and disk forensics with Autopsy.
ELK StackSuricataZeekVolatilityAutopsy
Network Security · SIEM · IDS
Raspberry Pi Home Lab
Engineered a Pi-based home lab simulating enterprise network monitoring. Deployed Suricata IDS for real-time packet inspection and JSON logging, centralized into a SIEM pipeline for event correlation. Tuned rules to reduce false positives and documented repeatable deployment steps.
Raspberry PiSuricataSIEMIDSEVE JSON
Authorized Heists

LEGAL
BREAK-INS

1ST PLACE
Gasparilla CTF · Web App Exploitation
Took first in Web App Exploitation while helping the team finish 3rd overall. Led recon, exploitation, documentation, and handoff. Give me an HTTP request and I'll find you a flag.
3rd Overall 1st Web App Team Lead
Web Exploit
1st
Overall
3rd
96th %
NCL Fall 2025 · Individual Game
Ranked 353 out of 7,873 competitors nationwide.
Forensics
98th
Pwd Cracking
97th
Web Exploit
97th
Overall
96th
Top 1%
NCL Fall 2025 · Team Game (Root@UT)
Placed 54th out of 4,214 teams. Solved forensics, enumeration, exploitation, and log analysis challenges.
Team Rank
Top 1%
54 / 4,214 Teams Root@UT
NCAE CYBER GAMES
2026 Regional · Blue Team Competition
Live blue team defensive CTF against a professional red team. Maintained availability and security of critical infrastructure under active attack.
  • Hardened and defended Apache, DNS, SSH/SMB services across a segmented network.
  • Blacklisted malicious IPs, configured firewall rules, managed port forwarding.
  • Monitored live network activity and reinforced compromised systems under pressure.
  • Balanced availability vs. security tradeoffs in a real-time adversarial environment.
The Arsenal

WHAT'S
IN THE BAG

Languages

  • Python
  • Bash
  • JavaScript
  • PowerShell
  • SQL
  • C++

Security Tools

  • Burp Suite
  • Nmap
  • Wireshark
  • Metasploit
  • Suricata / Zeek
  • ELK Stack

Forensics

  • Volatility
  • Autopsy
  • RegRipper
  • Eric Zimmerman Tools
  • pypykatz
  • OpenCTI

Cloud & Systems

  • Linux (Kali, Ubuntu)
  • AWS Security
  • Terraform
  • VMware
  • Windows Server
  • VPC / IAM / CloudTrail
SEC+
CompTIA Security+
CompTIA · Active
PJPT
Practical Jr. Pen Tester
TCM Security · Active
GRC
GDPR · PCI DSS · ISO 27001
Compliance Frameworks
The Crew

WHO I
RUN WITH

Secretary
Root@UT / Red Team Club
Dec 2025 – Present
Organize competitive CTF teams, including role assignments, scheduling, and lineup development. Support skill growth through labs, walkthroughs, and guided practice sessions.
CTF Competitor
Cyber Spartans / University of Tampa
Dec 2025 – Present
Compete in collegiate CTF events focused on forensics, cryptography, enumeration, and web exploitation. Develop reusable methodologies for future competition performance.
President
Phi Gamma Delta (FIJI)
Dec 2024 – Dec 2025
Managed operations for 100+ members including budget oversight, event compliance, and risk mitigation. Directed executive board and maintained alignment with university and national guidelines.
The Sit-Down
LET'S
TALK.

Open to SOC, Security Engineering, Penetration Testing, and Application Security roles, as well as CTF collaborations and general security conversations. I'm based in Tampa but willing to relocate for the right opportunity. Feel free to send me a message and we can set something up.

LinkedIn
William-Lottes
Email
lotteswill@gmail.com