status: defending Quad Graphics · Sussex, WI

Shaun Halverson

$ whoami

Cybersecurity Engineer II at Quad. I hunt threats, harden networks, and ship AI-powered tooling that makes security teams faster.

View Work Contact
7+
yrs in security
~/identity.png
Shaun Halverson
cybersecurity engineer II
01

About

I'm a cybersecurity engineer with a software background — which means I don't just respond to threats, I build the tooling that finds them first. My day-to-day spans EDR administration, threat hunting, network micro-segmentation, and shipping AI-powered apps that automate the boring parts of security operations.

Started at Quad as an intern in 2019 and grew into an Engineer II role, helping lead programs that scale across the entire company: EDR rollout, threat hunting, zero-trust segmentation, and a vulnerability management pipeline that actually closes tickets.

cat profile.json
{
  "role":  "CyberEng II",
  "org":   "Quad",
  "loc":   "Sussex, WI",
  "edu":   "BSc SwEng,
            UW-Milwaukee",
  "focus": [
    "EDR",
    "Threat Hunting",
    "AI for Security",
    "Zero Trust"
  ]
}
02

Stack & Skills

SentinelOne EDR
Threat Hunting
Illumio / Zero Trust
AI / ML Models
Kubernetes
PowerShell
Full-Stack Dev
Vuln Management
$ cat ~/skills.txt
  • EDR (Deployment, Engineering, Forensic Investigations, Threat Triage)
  • Illumio Micro-Segmentation (Local OS Firewall Management)
  • Forensic Investigations
  • Threat Hunting
  • Splunk SIEM
  • Splunk SOAR
  • JavaScript Web Development (Full Stack, React JS, Node JS)
  • Vulnerability Management
  • Python
  • PowerShell Automation
  • Kubernetes Deployments
  • MSSQL
  • Zscaler Proxy Management/Policies
  • Corporate Firewall Management/ACL buildout (CheckPoint)
  • VPN tunnels
  • Fine Tuned AI Models
  • Red Team Exercises
03

Experience

Cybersecurity Engineer II @ Quad

Jun 2026 — Present
  • Org-wide SME for SentinelOne EDR — own forensic investigations, EDR rule authoring, blocklist & exclusion management, and platform tuning across 10,000+ endpoints.
  • Designed and deployed AI-powered web apps and chatbots to automate security workflows.
  • Built custom ML models — including specialized threat-hunting models — for investigations.
  • Architected Kubernetes-based deployments for scalable, secure cloud-native workloads.
  • Led vulnerability management with automation for ticketing, prioritization, and remediation.
  • Implemented Illumio micro-segmentation to enforce zero-trust network controls.

Cybersecurity Engineer I @ Quad

May 2024 — Jun 2026
  • Designed and maintained department-wide full-stack web applications.
  • Led the company-wide deployment of SentinelOne EDR to 10,000+ endpoints and became the org's ongoing SME for the platform.
  • Co-launched a threat hunting program integrating SOC, SOAR, and correlation rules.
  • Spearheaded redesign and automation of vulnerability management processes.

Cybersecurity Administrator @ Quad

May 2022 — Sep 2024
  • Administered firewalls, proxy, VPN, and AV across the enterprise.
  • Performed proactive threat hunting (Red/Blue Team) and forensic investigations.
  • Built automation scripts and internal tooling for the security team.
  • Drove vulnerability management and compliance initiatives.

Cybersecurity Intern @ Quad

Jun 2019 — Jun 2022
  • Built automation scripts to improve company-wide efficiency.
  • Designed web pages and SQL database schemas with automation.
  • Supported enterprise IT, networking, and security operations.
04

Selected Work

Multi-Agent Threat Hunting System

7 agents · orchestrated · production

Agent orchestration map — 7-agent pipeline topology.

A multi-agent threat hunting system I designed and built — seven specialized agents coordinated by an orchestrator to triage, enrich, and verify security events end-to-end.

  • NormalizationIntakes new events, normalizes and extracts artifacts.
  • EDREDR enrichment & telemetry context.
  • HostFinderFinds all information possible about a given host.
  • UserFinderFinds all available information about a user.
  • OrgKnowledgeEnriches events with context from internal SOPs / documents.
  • HistoricalKnowledgeEnriches events with context from past closed cases.
  • VerifierCombines everything, summarizes, builds a timeline, and points out gaps.

SecApps — Internal Security Platform

400+ users · 75 apps · millions of visits/yr

SecApps — Website Security Scanner module.

An internal web platform I build and maintain that hosts 75+ small apps used across IT — from automation utilities to tracking dashboards. Below is the Website Security Scanner module, which scans internal servers for HTTP security headers and assigns each a score.

  • 400+unique users across IT.
  • Millionsof page visits per year.
  • 75individual apps hosted under one platform.
  • Website Security Scannerexample app — scans internal servers for HTTP security headers and assigns a score.

Reserve-A-Desk (RAD)

700+ users · multi-day booking · live floor map

RAD — interactive office floor map with live desk status.

An internal hot-desking platform used across IT and other departments to reserve shared workspaces. Users manage reservations across multiple days and see exactly where teammates are sitting — including title and department — on an interactive floor map.

  • 700+users across IT and other departments.
  • Multi-dayreservations — book and manage future days at a glance.
  • Live floor mapsee who's sitting where, with title and department.
  • Multi-siteswitch between offices and floors from one view.

NATE — Next-Gen Automated Threat Evaluator

SOAR-native · GPT-powered · 5,000+ events/mo

NATE architecture — SOAR → prompt + EDR telemetry → GPT → vectorized historical events → AI summarization back to SOAR.

An AI threat evaluator built directly into our SOAR platform. NATE fuses OpenAI with historical case data and live EDR telemetry from the endpoint to produce high-fidelity event summaries — full timeline, historical context, verdict, and analyst-ready notes. It's measurably cut threat hunting time and runs with strong accuracy at scale.

  • 5,000+events evaluated per month, end-to-end.
  • SOAR-nativeembedded directly into the Splunk SOAR workflow.
  • EDR + Historyfuses S1 endpoint telemetry with vectorized past cases.
  • Verdict + Timelineproduces summary, timeline, historical context, and gaps.

SentinelOne EDR — Enterprise Deployment & SME

10,000+ endpoints · org-wide SME · all things EDR

SentinelOne — enterprise EDR platform.

Led the company-wide rollout of SentinelOne EDR to over 10,000 endpoints and now serve as the organization's SME for the platform. Day-to-day I own forensic investigations, EDR rule design and tuning, EDR-driven threat investigations, blocklist management, exclusion management, and every other lever the platform exposes — essentially all things EDR at Quad.

  • 10,000+ endpointsLed the org-wide SentinelOne deployment across the full endpoint fleet.
  • Org-wide SMEPrimary point of contact for EDR strategy, escalations, and tuning.
  • Rules & investigationsAuthor detection rules and drive forensic + EDR investigations end-to-end.
  • Blocklists & exclusionsOwn day-to-day blocklist and exclusion management across the platform.

Vulns (with Vulny AI)

full webapp + API · hundreds of weekly users · AI-assisted

Vulny — chat-first AI assistant inside the Vulnerability Management platform, with quick-action suggestions.

Vulns is the complete in-house Vulnerability Management platform I built — webapp plus backend API — that automates everything vulnerability-related at Quad. Tickets are issued through it every week and hundreds of users interact with it weekly across many built-in apps and features that make management simpler for everyone involved. Vulny is the AI assistant layered on top: a chat-first interface that calls Vulns' own API routes to kick off ad-hoc scans, look up tickets, check CVE hits, inspect ticketing exclusions, and more.

  • Full platformwebapp + backend API that automates all things vulnerability.
  • Hundreds/weekhundreds of users interact with Vulns every single week.
  • Weekly ticketsissues vulnerability tickets on a weekly cadence.
  • Vulny AIchat assistant that drives the platform's own API to take action.

Quad Quest

Donkey Kong–style · Kubernetes · dev/beta/prod

Quad Quest — Level 1: Magazine Monolith.

A custom web-based arcade game I built — Donkey Kong-style platformer reskinned and themed to Quad. It started as my hands-on learning project for Kubernetes: containerizing the app, managing image rollouts, and wiring up CI/CD pipelines that ship across dev, beta, and prod.

  • Donkey Kong–stylearcade platformer, fully reskinned and themed to Quad.
  • Custom web appbuilt from scratch — gameplay, sprites, levels, scoring.
  • Kubernetescontainerized and deployed on K8s as my learning project.
  • CI/CD pipelinesautomated dev → beta → prod rollouts with image management.
SOC · SOAR · Detection

Threat Hunting Program

Co-led a program integrating correlation rule sets, alerting pipelines, and SOAR automation for proactive detection across the enterprise.

production · ongoing
LLMs · ML · Automation

AI Security Tooling

Designed AI-powered web apps and fine-tuned ML models specialized for threat-hunting workflows and analyst augmentation.

production · ongoing
Illumio · Network

Zero-Trust Segmentation

Architected micro-segmentation to enforce least-privilege east-west traffic, dramatically reducing the lateral attack surface.

production · ongoing
Kubernetes · DevSecOps

Cloud-Native Platform

Built and managed Kubernetes deployments hosting internal security applications with secure, scalable infrastructure.

production · ongoing
05

Education

2019 — 2022
University of Wisconsin-Milwaukee
B.A.Sc. Computer Science
2017 — 2019
Highland Community College
Computer Science

// initiate handshake

Let's secure something.

Open to conversations about threat hunting, security automation, and AI-powered defense tooling.

shaunhalverson15@gmail.com LinkedIn