Skip to content

San Antonio, TX · Open to remote

Kristofer Todaro

Senior Threat Hunter and Detection Engineer focused on AI security

I find the adversary activity that slips past automated defenses, turn it into detections that hold up at scale, and work where AI and security meet.

Get in touch View experience
  • 8+ years in cyber defense
  • Active TS/SCI
  • CISSP · GCFA · GNFA
  • U.S. Air Force veteran
kt@portfolio — zsh

whoami: kristofer todaro :: senior threat hunter. cat ./focus.txt: detection engineering · DFIR · AI security. ./status --availability: open to remote · listening for the right team.

01 / About

Where AI and security meet

I am a threat hunter and detection engineer. I find adversary activity that evades automated tooling, then turn each finding into detections that hold up across large environments.

Most of my focus right now is AI security. That means two things at once: defending systems against AI-enabled attacks, and using AI to scale the slow, manual parts of hunting and detection. I think that intersection is one of the highest-priority problems in security today, and it is where I do my best work.

I have spent more than eight years in cybersecurity across federal, defense, and private-sector environments. For four years I ran hunt-forward missions against nation-state adversaries with the U.S. Cyber National Mission Force, including work supporting the defense of the 2020 U.S. elections against foreign influence operations. I then moved into managed detection and response at CrowdStrike, hunting across customer environments that spanned millions of endpoints.

Today I lead detection engineering and threat hunting on a federal contract. I am a U.S. Air Force veteran.

02 / Experience

Eight years, three sectors

Federal, defense, and private sector. Hunting nation-state adversaries, then building the detections that scale that work.

Lead Security Engineer

Sep 2023 - Present

Federal contract · CrowdStrike detection engineering and threat hunting

  • Lead detection engineering and threat hunting for the contract, building and tuning high-fidelity detections in CrowdStrike Falcon.
  • Hunt for adversary activity that evades existing coverage, then convert findings into durable, low-noise detections.

Detection and Response Analyst II

Feb 2022 - Sep 2023

CrowdStrike · Falcon Complete (Managed Detection and Response)

  • Delivered managed detection and response across customer environments spanning millions of endpoints.
  • Investigated and contained active intrusions, and hunted proactively for threats that automated detection missed.
  • Performed hands-on-keyboard response to active intrusions, plus malware analysis and triage to sharpen detections.

Senior Cyber Threat Hunter / Cyber Warfare Operator (1B471)

Apr 2018 - Aug 2022

U.S. Cyber National Mission Force · NSA / U.S. Air Force

  • Executed hunt-forward missions against nation-state adversaries for four years.
  • Contributed to the defense of the 2020 U.S. elections against foreign influence operations.
  • Hunted on forward and partner networks to surface adversary tooling and tradecraft.

03 / Skills & Certifications

What I bring

Threat Hunting & Detection

  • Threat hunting
  • Detection engineering
  • Hunt-forward operations
  • Adversary tradecraft (MITRE ATT&CK)
  • Threat intelligence

DFIR

  • Digital forensics
  • Incident response
  • Network forensics
  • Malware analysis

AI Security

  • Defending against AI-enabled threats
  • AI-assisted detection workflows
  • Security tooling built with LLMs

Engineering

  • Python
  • PowerShell
  • Bash
  • SQL
  • JavaScript / TypeScript
  • C++

Platforms & Tooling

  • CrowdStrike Falcon
  • SIEM / EDR
  • Zeek
  • Suricata
  • NetFlow

Certifications

Core

CISSPCompTIA Security+GIAC Advisory Board

Forensics & Offensive

GCFAGNFACHFICCTHPCEH

Platform (CrowdStrike)

CCFACCFR

Education

M.S., Cybersecurity and Information Assurance
Western Governors University · 2021 - 2022

B.A., Psychology
University of South Florida · 2006 - 2010

Clearance & Service

Active TS/SCI with counter-intelligence polygraph

U.S. Air Force veteran

04 / Selected Work

Things I have built

Security tooling, self-hosted infrastructure, and builds that pushed how far I could take a problem on my own.

Live · Securitylive

Cyber Certs Map

An interactive 2026 cybersecurity certification roadmap. Search, filter, compare, and plan a path across 14 domains including AI security. Built from scratch and self-hosted.

RoadmapAI securityJavaScriptSelf-hosted
certs.cybershinobis.com ↗

Infrastructure

Self-hosted security homelab

A self-run environment with a reverse proxy, split-horizon DNS, automatic TLS, and Cloudflare at the edge, serving several self-built apps over HTTPS with firewall rules and managed secrets.

CaddyCoreDNSTLSCloudflareHardening

Self-hosted · Reverse engineering

SunPower solar monitor

After SunPower went bankrupt and a firmware update locked down the panel API, I built a self-hosted dashboard to keep monitoring my own solar array. A FastAPI service polls the authenticated PVS6 local API, with a mobile PWA front end and secure remote access over Tailscale instead of exposing anything to the internet.

FastAPIPWAReverse engineeringTailscaleSelf-hosted

Full stack · Privacy

HomeOps Sentinel

A local-first home operations dashboard in Next.js and Prisma, designed with encrypted local secrets, an SSRF-aware AI adapter, and a no-cloud-by-default posture.

Next.jsPrismaLocal-firstAppSec

Security tooling

Security tooling

Custom tools that fill gaps in mainstream offerings: an ARM-native malware analysis VM that runs on Apple M1 and M2 hardware, and a remote network capture sensor using Zeek, Suricata, and NetFlow to extend SIEM visibility.

Malware analysisARMZeekSuricataNetFlow

05 / Contact

Let's talk

If you are building a security team that takes the craft seriously, or working at the AI and security intersection, I would like to hear from you.

Email ktodaro@protonmail.com LinkedIn linkedin.com/in/kristofer-todaro

This opens your email app. No mail app? Email me directly at ktodaro@protonmail.com.

06 / FAQ

In brief

Who is Kristofer Todaro?
A senior threat hunter and detection engineer with more than eight years across federal, defense, and private-sector security. A U.S. Air Force veteran who spent four years on hunt-forward missions with the U.S. Cyber National Mission Force, then moved into managed detection and response at CrowdStrike.
What does he specialize in?
Threat hunting, detection engineering, and digital forensics and incident response, with a current focus on AI security: defending against AI-enabled threats and using AI to scale defensive work.
Where is he based, and is he open to work?
San Antonio, Texas, and open to remote roles.
How do you contact him?
By email at ktodaro@protonmail.com or through LinkedIn at linkedin.com/in/kristofer-todaro.

Ask AI

Ask an AI about me

Open your assistant of choice with a prompt ready to run. It will summarize who I am, what I do, and how to reach me.

ChatGPT Ask ↗ Claude Ask ↗ Perplexity Ask ↗ Gemini Ask ↗