Home on Kyler Nats | Cybersecurity Portfolio

About Me

Mon, 01 Jan 0001 00:00:00 +0000

Kyler Nats

Cybersecurity Professional | M.S. in MIS

Automated AWS Infrastructure with Terraform

Mon, 01 Jan 0001 00:00:00 +0000

Learning how to replace manual cloud configuration with a secure, immutable Infrastructure-as-Code (IaC) pipeline to deploy hardened AWS environments.

Project Impact & Core Functionality

This project transitioned a manual workflow into a repeatable, version-controlled architecture, ensuring that every security group rule and subnet association is documented as code. By architecting a custom Virtual Private Cloud (VPC), I established a baseline for secure cloud operations that eliminates the risks of manual misconfiguration. The result is a functional, hardened web server environment that serves as the scalable foundation for future security labs.

Lab Notes

Mon, 01 Jan 0001 00:00:00 +0000

Working on these security simulations taught me that theory is very different from practice. I decided to build these labs because I wanted to see how vulnerabilities actually look when you are the one finding and fixing them.

One of the biggest takeaways for me was seeing how dangerous legacy software can be. I found that old services like vsftpd often have known backdoors that give an attacker full control almost instantly. It made me realize that keeping systems updated is not just a chore but a critical part of defense.

My Portfolio Infrastructure

Mon, 01 Jan 0001 00:00:00 +0000

How I built a containerized, high-performance portfolio using Hugo and Docker to ensure consistent deployments and secure web hosting.

Project Impact & Core Functionality

This project moved beyond simple web design to focus on the infrastructure required to host a professional cybersecurity brand. By using Docker, I created an isolated environment that ensures the site runs identically on my local machine and the production server, eliminating “it works on my machine” errors. The final architecture serves as a low-latency, secure platform to showcase my technical labs and research.

Navigating the CMMC 2.0 Framework

Mon, 01 Jan 0001 00:00:00 +0000

As a Master’s student immersed in cybersecurity frameworks, I’ve been particularly focused on CMMC 2.0. It’s more than just another set of controls, it represents a critical shift in how the Department of Defense (DoD) manages supply chain risk. For any organization looking to engage with the DIB, understanding this framework isn’t just about compliance, it’s about operational strategy.

What is CMMC 2.0?

At its core, CMMC 2.0 is the DoD’s answer to cyber vulnerabilities across its supply chain. It’s a verification program designed to ensure that defense contractors are actually protecting sensitive unclassified information. Rather than simply relying on contractors to say they’re secure, CMMC 2.0 mandates actual proof.

Offensive Security & Pentesting Lab

Mon, 01 Jan 0001 00:00:00 +0000

A segregated virtual lab used to simulate the end-to-end lifecycle of a cyberattack to identify and mitigate defensive gaps.

Project Impact & Core Functionality

This lab environment allowed for the safe execution of offensive security tactics against a hardened Linux target, bridging the gap between theoretical knowledge and technical application. By utilizing a Kali Linux attack vector, I successfully mapped the target’s attack surface and executed a series of exploits to gain unauthorized access. The project concludes with a full post-exploitation analysis, demonstrating how weak service configurations and poor credential management lead to total system compromise.

Professional Resume

Mon, 01 Jan 0001 00:00:00 +0000

I believe my blend of academic learning and real world experience makes me a strong candidate for security roles. I have worked in a security operations center and I am comfortable using professional tools to track down malicious behavior. My goal is to find a role where I can help a company stay secure while continuing to grow as a professional.

Download My Full Resume (PDF)

Your browser does not support PDFs. Download the PDF instead.

Prompt Injection vs. Jailbreaking

Mon, 01 Jan 0001 00:00:00 +0000

Artificial Intelligence tools are powerful. But like any system, they can be manipulated. Two common attack types you may hear about are prompt injection and jailbreaking. Let’s start by breaking down what each is.

What Is Prompt Injection?

Prompt injection happens when someone hides malicious instructions inside input data to trick an AI system.

The AI believes it is reading normal content. But hidden inside that content are instructions meant to change how the AI behaves.

Scalable RAG Chatbot Architecture

Mon, 01 Jan 0001 00:00:00 +0000

I built a high-performance Retrieval-Augmented Generation (RAG) pipeline designed to securely query massive datasets using vector embeddings and cloud-native architecture.

Project Impact & Core Functionality

This project engineered a scalable solution for AI-driven data retrieval, allowing a chatbot to provide accurate, source-backed answers from a sprawling Amazon product dataset. By moving away from local file processing and implementing a DuckDB streaming architecture, I ensured the system could handle enterprise-scale data without crashing under memory constraints. The final architecture is fully isolated within a VPC, ensuring that sensitive data remains invisible to the public internet while remaining highly accessible to the internal API.