I am a highly skilled Cyber Defense Engineer with a proven track record in leading Security Operations and conducting in-depth assessments of Endpoint Detection & Response (EDR) and Email Security Gateways, Threat Intelligence Platforms (TIP), Attack Surface Management (ASM), Dark Web Monitoring and Digital Risk Protection (DRP), as well as Security Orchestration, Automation, and Response (SOAR) solutions.
My passion lies in designing and optimizing SOC processes, developing robust use cases and incident response playbooks, and implementing advanced detection rules and automation workflows. I also specialize in building custom middleware integrations, ensuring seamless and scalable security operations across diverse environments.
Core Principle:
โYou canโt protect what you donโt understand.โ
| Area | Tools & Technologies |
|---|---|
| Threat Detection & DFIR | SIEM, EDR/XDR, Forensic Toolkits (Velociraptor, KAPE) |
| SOC Operations & Monitoring | SOAR, SIEM, Endpoint Protection (EDR/AV), Azure Monitor Logs |
| Cyber Threat Intelligence (CTI) | MISP, Group-IB (GIB), CTM360 |
| Automation & Orchestration | Python, n8n, TheHive, IBM QRadar SOAR, GitHub Actions |
| Attack Simulation | Atomic Red Team, Metasploit Framework, CALDERA, MITRE ATT&CK |
| Scripting, Integration & Middleware Development | Python, syslog, REST APIs, parsing & DSM building |
| Strategy & Process Design | SOC Playbooks, Incident Response Plans, CTI SOPs, SOC SOPs |
| Attack Surface Management & Digital Risk | ASM platforms, DRP services, Dark Web Monitoring tools |
- eCTHPv2 โ Certified Threat Hunting Professional (EC-Council)
- Group-IB โ Threat Intelligence Analyst
- Belkasoft โ Windows Forensics Certification
-
MISP Galaxy โRansomware Groupsโ
Designed and published a custom MISP Galaxy mapping ransomware actors to ATT&CK techniques and metadata. -
n8n Automation Workflows
Built end-to-end enrichment pipelines in n8n for MISP events (IoCs, TTPs, victim profiles). -
MISP Analytics Dashboard
Created interactive Jupyter Notebook dashboards visualizing events per day, threat categories, and APT actor profiles. -
Ransomware.live Integration
Integrated the ransomware.live API into n8n workflows for automated group data enrichment in MISP. -
MITRE ATT&CK Mapping Automation
Automated mapping of APT groups to MITRE ATT&CK Intrusion Sets using TAXII feeds and MISP galaxy tags. -
Security Community Contributions
Authored multiple blog posts and delivered presentations on MISP best practices and RSS feed integration. -
External Source Integrations
Integrated MISP with external intelligence sources: Group-IB (GIB), CTM360. -
TheHive SOAR Platform Development
Developed and maintained TheHive for incident response and threat handling; integrated with Cortex, MISP, QRadar, TIP, Digital Risk Protection, email, MS Teams, n8n, and Shuffle to streamline workflows. -
Security Product Assessments
Conducted comprehensive evaluations of EDR, Threat Intelligence Platforms, Dark Web Monitoring, Digital Risk Protection, and Attack Surface Management solutions for detection efficacy and integration. -
Attack Simulation Exercises
Utilized CALDERA for adversary emulation, running real-world attack scenarios to test and strengthen organizational defenses. -
Custom SIEM Middleware
Built middleware to ingest API log data into SIEM platforms, improving log centralization and analysis capabilities. -
Card Data Discovery Validator
Created a Python-based tool to validate and mask cardholder data following security compliance standards.
- TheHive: Open Source SOAR
- MISP: Malware Information Sharing Platform
- BookStack: Documentation Platform
- EDR Assessment Guide
- ELK Stack Deployment
- C2 Framework Integrations
- Attack Simulation Labs
- API-to-QRadar Syslog Middleware
- China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
- Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
- DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes
- XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks
- How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout