Nuclear Surface Warfare Officer transitioning into cybersecurity

Celine Tannous combines technical naval leadership with cybersecurity engineering and cyber defense work.

I'm a Nuclear Surface Warfare Officer with a Cyber Operations degree, an active TS/SCI clearance, and cybersecurity experience spanning shipboard network security and self-directed detection engineering. My current technical work focuses on adversary emulation, telemetry analysis, and SIEM detection validation in an Active Directory lab.

Background: Mission-critical Navy assignments shaped how I approach security work: clear standards, documented process, and accountable follow-through.

Areas of focus Security Engineering • Detection Engineering • Cyber Defense • Adversary Emulation
Availability Available for full-time civilian cybersecurity roles beginning January 2027.
Proof of work GitHub-documented detection engineering, technical analysis, and defensive validation work.
Core strengths Technical leadership, procedural discipline, documentation, and accountable execution.
20-person leadership Led a technical division responsible for critical electrical systems.
Cyber Operations degree B.S. with Honors Program and Merit from the U.S. Naval Academy.
Shipboard cyber ownership Managed network security posture and remediation alignment to DoD standards.
Documented lab portfolio Completed detection engineering lab with additional portfolio items currently in development.

About

My transition into cybersecurity builds on operational leadership, formal cyber education, and documented detection engineering work.

Who I am

I am a U.S. Navy Lieutenant and Cyber Operations graduate transitioning into civilian cybersecurity. My background combines operational leadership with technical cybersecurity training and shipboard responsibility.

What I’ve worked on

I've managed shipboard cybersecurity responsibilities, led a 20-person technical division in a nuclear environment, and built hands-on detection engineering experience through a self-directed Active Directory security lab.

How I approach the work

I value clear documentation, calm troubleshooting, and steady follow-through. That mindset connects my military experience with security engineering and cyber defense work.

Experience

Across these roles, the common thread has been technical leadership, structured problem-solving, and dependable execution in operational environments.

Cybersecurity Officer — USS Harpers Ferry (LSD-49) 2021–2023

Surface Warfare Officer collateral assignment

  • Managed cybersecurity posture and vulnerability remediation for operational shipboard networks in accordance with DoD and Navy cybersecurity requirements.
  • Coordinated remediation efforts and reinforced security controls across networked systems.
  • Delivered cybersecurity training to improve organizational awareness and security discipline.
  • Tracked cybersecurity findings through remediation and reinforced procedural compliance across network users and system stakeholders.
Assistant Reactor Electrical Assistant — USS Carl Vinson (CVN-70) 2026–Present

Provide technical and operational oversight for electrical systems supporting an A4W nuclear propulsion plant, including equipment readiness, casualty response, maintenance execution, and personnel qualification.

Reactor Electrical Division Officer — USS Carl Vinson (CVN-70) 2024–2026

Led a 20-person technical division responsible for nuclear propulsion electrical systems.

  • Managed fault isolation, redundancy, and casualty response in time-critical conditions.
  • Improved qualification rates and system reliability through structured training programs.
  • Led cross-functional execution where safety, precision, and accountability were non-negotiable.
  • Built team habits around technical rigor, procedural compliance, and calm troubleshooting.
Cyber Analyst Intern — General Electric Aviation Earlier experience

Supported threat identification and email analysis in a real-world enterprise setting.

  • Performed IOC research to support identification of malicious activity and emerging threats.
  • Reviewed emails for phishing, malware, or compromise and escalated confirmed issues.
Cyber / Research Intern — Johns Hopkins University Applied Physics Laboratory Earlier experience

Contributed to applied cybersecurity research and technical analysis for national security systems.

  • Assisted with scripting, technical analysis, and documentation.
  • Worked in a research environment that emphasized accuracy, clarity, and disciplined execution.

Projects

These projects come from documented lab work, with a focus on detection engineering, telemetry analysis, and adversary emulation.

Detection Engineering Lab

Built a VMware-based Active Directory lab with centralized Sysmon telemetry and Wazuh alerting. Authored and validated custom detections for controlled adversary behaviors including PowerShell abuse, scheduled-task persistence, and SMB lateral movement.

  • Instrumented Windows domain endpoints with Sysmon and forwarded telemetry into Wazuh.
  • Authored custom Wazuh rules mapped to MITRE ATT&CK techniques.
  • Validated detection logic against controlled adversary activity using Atomic Red Team and manual technique execution.
  • Documented detection logic, alert evidence, tuning notes, and investigation workflows.
Tools usedVMware, Active Directory, Sysmon, Wazuh, Atomic Red Team, Windows Event Logs
Skills demonstratedDetection engineering, telemetry pipeline design, MITRE ATT&CK mapping, rule tuning, adversary emulation
View this project in my GitHub portfolio

Project visuals

These visuals give a clearer view of the lab environment, telemetry flow, and the type of evidence behind the portfolio work.

Diagram of the enterprise cybersecurity home lab environment
Home lab architecture

A VMware-based enterprise-style lab with Active Directory, Windows endpoints, Wazuh, and Sysmon instrumentation.

Diagram of the detection engineering telemetry and alert pipeline
Detection pipeline

Sysmon telemetry flows into Wazuh and custom rules are validated against controlled adversary activity using Atomic Red Team.

Technical focus

My technical focus centers on telemetry visibility, detection logic, and validation against controlled attacker behavior.

Project implementation experience

Wazuh, Sysmon, Atomic Red Team, VMware, Active Directory, Windows Event Logs

Working familiarity / prior exposure

Splunk, Nessus, Wireshark, Linux, pfSense

Working style

Clear documentation, structured troubleshooting, training, risk ownership, and calm execution under pressure

Current direction

I'm building toward security engineering and cyber defense roles, with a technical focus on detection engineering, adversary emulation, and the intersection between attacker behavior and defensive telemetry.

Proof of work

Public projects, technical writing, and supporting materials make it easier to see how I think and what I’ve built so far.

GitHub portfolio

GitHub-documented detection engineering, technical analysis, and defensive validation work.

View GitHub profile

Resume and credentials

A concise overview of my background, technical direction, and current qualifications.

Open resume PDF

Credentials, education, and availability

A straightforward overview of education, certifications, and where I’m headed next.

Education

United States Naval Academy

  • B.S., Cyber Operations — Honors Program
  • Graduated with Merit, 2021
  • NSA CAE-CO designated program

Credentials

  • Active TS/SCI
  • CompTIA Security+
  • CompTIA PenTest+ — In Progress
  • CompTIA CySA+ — In Progress

Looking ahead

Available for full-time civilian cybersecurity roles beginning January 2027.

Cybersecurity Engineer Cyber Defense Analyst Detection Engineer Security Engineer

Let’s connect.

I'm always glad to connect with people working in cybersecurity, particularly in security engineering, cyber defense, detection engineering, and adversary emulation.