Enterprise Security Engineering • AI Security • Detection Automation

I design practical security systems that turn technical risk into operational clarity and executive action.

Cuellar Cyber Consulting helps organizations improve threat visibility, reduce analyst friction, govern AI adoption, automate repeatable security work, and communicate cyber risk in a way leaders can act on.

Fictional portfolio demonstration. No employer, client, proprietary, or confidential materials are used.

About

About Cuellar Cyber Consulting

Andrew approaches cybersecurity as a practical system of technical detection, operational workflow design, governance, automation, risk communication, and executive decision support. The work is designed to help teams move from unclear security signals to repeatable processes, documented decisions, and measurable outcomes.

Consulting perspective

Strong security work should be technically defensible, operationally usable, and safe to discuss with leadership. These fictional case studies show how Andrew thinks through architecture, analyst workflow, control ownership, validation, documentation, and executive reporting without exposing confidential information.

Core expertise

Capability groups

Organized around the work a client can hire Andrew to deliver: security workflows, AI governance, detection design, guarded automation, and executive reporting.

Security Operations

  • SOC workflow design
  • Incident triage
  • Case handoff
  • Evidence collection

AI Security & Governance

  • GenAI governance
  • AI usage monitoring
  • NIST AI RMF concepts
  • Exception lifecycle

Detection & Investigation

  • Detection lifecycle
  • Threat hypothesis
  • MITRE ATT&CK mapping
  • False-positive tuning

Automation & Engineering

  • PowerShell automation
  • API enrichment
  • Least privilege
  • Audit logging

Risk & Executive Reporting

  • KPI/KRI design
  • Board scorecards
  • Control maturity
  • Decision roadmaps

Selected case studies

How the work is structured

Each case study is a fictional, NDA-safe consulting artifact with business risk, technical approach, workflows, controls, deliverables, success measures, and next-phase recommendations.

Fictional Enterprise AI Security Monitoring & Governance dashboard thumbnail

Fictional Case Study

Enterprise AI Security Monitoring & Governance

AI usage visibility, governance workflows, DLP-informed risk scoring, and executive reporting for responsible GenAI adoption.

Challenge
A fictional regulated enterprise lacked centralized visibility into approved and unapproved AI usage, creating governance blind spots, inconsistent exception handling, and limited evidence for audit and risk reporting.
Business outcome
Modeled an AI security operating system that connects telemetry, risk scoring, exception workflows, and executive reporting without blocking responsible adoption.
AI SecurityGenAI GovernanceDLPSIEMNIST AI RMFExecutive Reporting
View Case Study
Fictional Security Investigation Dashboard dashboard thumbnail

Fictional Case Study

Security Investigation Dashboard

Unified SOC workflow for entity context, alert chronology, evidence collection, analyst decisions, and case handoff.

Challenge
A fictional enterprise SOC had analysts pivoting across identity, endpoint, cloud, network, and collaboration tools during time-sensitive investigations.
Business outcome
Modeled a single investigation workspace that reduces tool switching while preserving analyst judgment, escalation criteria, and evidence quality.
SOC WorkflowThreat InvestigationSIEMEDRCase ManagementIncident Response
View Case Study
Fictional Detection Engineering & Threat Investigation dashboard thumbnail

Fictional Case Study

Detection Engineering & Threat Investigation

A detection lifecycle from hypothesis to telemetry mapping, validation, tuning, deployment, runbooks, and retirement decisions.

Challenge
A fictional technology company needed repeatable detection engineering for suspicious PowerShell, identity abuse, and unusual administrative behavior instead of one-off noisy rules.
Business outcome
Modeled an explainable detection lifecycle with ownership, test data, quality scoring, analyst runbooks, and tuning feedback loops.
Detection EngineeringThreat HuntingMITRE ATT&CKSIEMKQL/SPL ConceptsRunbooks
View Case Study
Fictional PowerShell Security Automation dashboard thumbnail

Fictional Case Study

PowerShell Security Automation

Guarded automation patterns for evidence collection, enrichment, configuration validation, logging, approvals, and rollback planning.

Challenge
A fictional security team needed repeatable PowerShell automation for investigation support without introducing unsafe scripts or unreviewed privileged actions.
Business outcome
Modeled secure automation as an auditable workflow with validation, least privilege, approval gates, logging, error handling, and human-in-the-loop decisions.
PowerShellSecurity AutomationSOC AutomationLeast PrivilegeAudit LoggingRunbooks
View Case Study
Fictional Executive Cybersecurity Metrics Dashboard dashboard thumbnail

Fictional Case Study

Executive Cybersecurity Metrics Dashboard

Leadership reporting that separates operational metrics, KPIs, KRIs, and executive decisions for security program accountability.

Challenge
A fictional enterprise needed cybersecurity reporting that moved beyond vanity metrics and showed risk trend, control maturity, response readiness, investment priorities, and decisions required.
Business outcome
Modeled an executive dashboard and reporting cadence that links technical security data to business risk, action ownership, and 30/60/90-day roadmap decisions.
Executive ReportingCyber RiskKPI/KRIBoard ScorecardControl MaturityRoadmaps
View Case Study

Consulting methodology

Repeatable process, not one-off artifacts

Discovery

Clarify business goals, environment assumptions, stakeholders, and confidentiality boundaries before designing anything.

Risk and Requirements Analysis

Separate operational pain from business risk, define success measures, and document constraints.

Threat Modeling

Identify relevant threat behaviors, abuse paths, data sensitivity, and control expectations.

Architecture and Workflow Design

Translate requirements into data flows, governance checkpoints, dashboards, detections, or automation workflows.

Implementation Planning

Create build backlog, owners, dependencies, validation plan, and rollout sequence.

Validation and Testing

Use representative fictional or client-approved test data to validate logic, usability, and control behavior.

Operational Handoff

Document runbooks, decision points, maintenance owners, and escalation paths.

Metrics and Executive Reporting

Connect technical evidence to leadership decisions, trend visibility, and accountability.

Continuous Improvement

Review false positives, stale exceptions, changing threats, and dashboard usefulness over time.

Engagement lifecycle

What clients receive

Depending on scope, deliverables may include architecture diagrams, security workflows, detection designs, dashboard mockups, risk assessments, governance frameworks, runbooks, implementation roadmaps, executive summaries, or technical documentation.

Discovery Call

Discuss the security problem, environment, constraints, timeline, and desired business outcome.

Scope and Success Criteria

Define what will be delivered and how success will be evaluated.

Current-State Review

Review approved artifacts, data sources, workflows, dashboards, or detection inventory.

Design and Build

Create diagrams, mockups, workflows, rule designs, automation plans, or documentation.

Validation

Test assumptions, review edge cases, confirm technical feasibility, and refine outputs.

Documentation

Deliver editable artifacts, runbooks, metric definitions, and implementation guidance.

Knowledge Transfer

Walk through how to use, maintain, and adapt the deliverables.

Executive Readout

Summarize decisions, risks, next steps, and recommended roadmap.

Why clients hire Cuellar Cyber Consulting

Technical work with decision-ready communication

Technical depth with business translation

The case studies show telemetry, detection, governance, and automation designs that end in leadership decisions.

Enterprise security mindset

Designs include ownership, handoff, validation, evidence, and reporting—not isolated artifacts.

AI governance specialization

The flagship case study connects AI usage monitoring, DLP, exceptions, control coverage, and NIST AI RMF concepts.

Maintainable solutions

Deliverables emphasize runbooks, quality scorecards, approval gates, and lifecycle management.

Confidentiality-first portfolio

Every artifact is fictional and explicitly avoids employer-specific materials, dashboards, data, terminology, and code.

Contact / Upwork CTA

Need an AI governance design, detection review, security dashboard, or automation engagement?

Start with an Upwork conversation. Share the business problem, approved non-confidential context, desired timeline, and what decision the final deliverable should support.

Start on Upwork

NDA-safe portfolio disclaimer

Fictional portfolio demonstration. No employer, client, proprietary, or confidential materials are used. The organizations, data, metrics, incidents, dashboards, diagrams, workflows, and examples are fictional. They do not reproduce, approximate, or visually imitate employer-specific or client-specific materials.