Available for collaboration

Mark Stueck

Cybersecurity Architect based near Phoenix, Arizona. Passionate about navigating the constantly evolving world of digital defense — making security more approachable, practical, and understandable.

Get in touch View Resume
about

Who I Am

whoami.sh
$ cat profile.json
 
{
  "name": "Mark Stueck",
  "role": "Cybersecurity Architect",
  "location": "Phoenix, AZ",
  "focus": "Digital defense & threat architecture",
  "approach": "Practical, approachable, precise"
}
 
$
mission
Building security architectures that are resilient by design — not patched together after the fact.
philosophy
Security should enable the business, not block it. Good architecture makes the secure path the easy path.
expertise

Core Domains

Security Architecture Enterprise-scale design, zero-trust frameworks, defense-in-depth strategies
Cloud Security Secure cloud adoption, CSPM, identity federation, and workload protection
Threat Modeling STRIDE, MITRE ATT&CK, risk-based analysis, attack surface reduction
AI Security Workflows & Automation Securing AI pipelines, LLM threat surfaces, and automating security operations
Identity & Access Zero-trust IAM, PAM, SSO/MFA, least-privilege enforcement
Detection & Response SIEM/SOAR architecture, incident response, threat hunting frameworks
research & writing

Published Articles

Mar 15, 2023 CVE-2023-23397 NTLM Relay
Microsoft Outlook Privilege Elevation — Critical Vulnerability
Specially crafted emails can force victims to leak their Net-NTLMv2 hash without any user interaction, enabling NTLM relay attacks and lateral movement across corporate environments.
kudelskisecurity.com  →
Mar 10, 2023 CVE-2023-27532 Credential Exposure
Veeam Backup & Replication — Stored Credentials Exposed, No Auth Required
An unauthenticated attacker with network access can retrieve Veeam's stored credentials in plaintext — despite being encrypted at rest, they are decrypted before transmission.
kudelskisecurity.com  →
Dec 14, 2022 CVE-2022-37958 Pre-Auth RCE
SPNEGO NEGOEX — Critical Pre-Authentication RCE in Modern Windows
A wormable pre-authentication RCE in Windows' SPNEGO negotiation mechanism affects SMB, RDP, IIS, and more — requiring no user interaction or prior credentials to exploit.
kudelskisecurity.com  →
Nov 1, 2022 CVE-2022-3602 CVE-2022-3786 Buffer Overflow
OpenSSL 3 Buffer Overflow Vulnerabilities
Two buffer overflow flaws in OpenSSL 3's punycode decoding — triggered via malicious certificates — with potential for RCE on systems where memory protections can be bypassed.
kudelskisecurity.com  →
credentials

Certifications

GIAC Security Essentials (GSEC)
GSEC
GIAC
GIAC Certified Incident Handler (GCIH)
GCIH
GIAC
GIAC Security Leadership (GSLC)
GSLC
GIAC
GIAC Information Security Fundamentals (GISF)
GISF
GIAC
Microsoft Azure Security Technologies (AZ-500)
AZ-500
Microsoft
Microsoft Azure Fundamentals (AZ-900)
AZ-900
Microsoft
CompTIA A+
CompTIA A+
CompTIA
Splunk Core Certified Power User
Core Certified Power User
Splunk
Splunk Core Certified User
Core Certified User
Splunk
LRSA
LogRhythm Security Analyst
LogRhythm
connect

Find Me Online

LinkedIn
linkedin.com/in/markstueck
GitHub
github.com/ghostnote-hub
X (Twitter)
x.com/MCS138