I am a Senior Analyst in the domain of Cyber Defense operating across CSIRT and the Security Intelligence Center (SIC) operations, focused on high-fidelity incident response, threat hunting, detection engineering, and intelligence gathering.
My day-to-day work involves leading high-severity Cyber Intrusions, Incident Response & Digital Forensic investigations spanning multiple areas such as endpoint, network, and cloud telemetry, with practical depth in triage, containment, digital evidence handling, and post-incident root cause analysis. My background spans SOC operations, malware investigation, and threat hunting across enterprise environments.
Focus areas
- Incident response leadership for complex intrusions including Digital forensics and artifact-driven reconstruction
- When incidents occur, I drive containment and technical analysis with precision and documentation discipline. My work includes:
- Rapid triage of SIEM and EDR alerts
- Deep artifact analysis and forensic reconstruction
- Timeline building and root cause validation
- Clear communication with impacted users and leadership Preserving investigative clarity under pressure
- When incidents occur, I drive containment and technical analysis with precision and documentation discipline. My work includes:
- Threat detection engineering and tuning
- Beyond reactive response, I focus heavily on proactive detection refinement.
- Authoring and testing threat hunts
- Evaluating and troubleshooting detection logic
- Tuning SIEM/EDR correlations to reduce false positives while preserving coverage
- Beyond reactive response, I focus heavily on proactive detection refinement.
- Threat intelligence application to improve detection and response speed
- Creating custom detections based on intelligence reporting
Professional Focus
My background spans SOC/CSIRT operations, advanced threat detection, malware analysis, and intelligence-driven defense. I hold certifications in Digital Forensics (GCFA), Incident Response (eCIR), Threat Intelligence (arcX), and Penetration Testing (eCPPT), reflecting a balanced understanding of offense, defense, and investigative methodology.
My Core Strengths:
- Incident Response & DFIR
- Threat Hunting
- Detection Engineering
- SIEM / EDR Tuning
- Adversary Tradecraft Analysis
- Cross-functional Security Operations
Certifications and background
- GIAC Certified Forensic Analyst (GCFA)
- Linux Enterprise Incident Response (Mandiant)
- Threat Intelligence and Attribution (Mandiant)
- CrowdStrike Certified Falcon Responder
- FTK Pro and advanced Exterro/FTK artifacts training
Why This Site Exists
This platform serves as a structured knowledge repository — a place to publish research, document threat investigations, refine detection logic, and contribute to the broader security community.