Senior Cyber Defense DFIR Analyst with a strong focus on Cyber Threat Intelligence (CTI), threat detection engineering, and threat hunting. While formally positioned within DFIR, my role spans across threat intelligence engineering, SOC architecture, and detection strategy, driving proactive defense initiatives and intelligence-led security operations.

I lead the development of CTI strategies, SOPs, and tooling, including custom-built platforms like "ThreatOps"—a CTI automation tool designed to collect, parse, and operationalize RSS-based intelligence feeds, enriching internal security insights and empowering enterprise-wide threat programs.

With a foundation in SOC operations, including analysis, administration, and engineering, I bring prior experience in architecting and integrating core security solutions (SIEM, SOAR, EDR, TIPs, ASM, DRP), building end-to-end detection pipelines, and optimizing intelligence workflows.

Key Responsibilities:

• 🔍 Support threat-informed investigations and incident response by providing contextual intelligence, adversary insights, and lightweight analysis
• 🎯 Perform proactive threat hunting leveraging EDR/SIEM data mapped to MITRE ATT&CK, identifying stealthy behaviors and detection gaps
• ⚙️ Develop and operate an automated CTI pipeline using MISP, N8n, and Python for scalable IOC ingestion, enrichment, and correlation
• 🛠️ Engineer and maintain "ThreatOps" - custom CTI automation tool for RSS feed intelligence operationalization
• 📋 Design and implement CTI SOPs and intelligence workflows aligned with the intelligence lifecycle
• 🔬 Analyze adversary TTPs and campaign data to inform detection engineering and response tuning
• 🤖 Automate threat intelligence, hunting, and incident response workflows to improve cross-platform visibility and reduce analyst workload

Actively engaged in purple teaming to validate detection logic and enhance visibility. While my current DFIR responsibilities are more strategic than deep-dive forensics, I maintain hands-on capability in incident response, enrichment-driven triage, and light DFIR investigations.

Certified in Threat Hunting and Windows Forensics, I continuously contribute to threat-informed defense models, develop custom detection content, and ensure seamless integration of CTI into SOC workflows. My mission is to bridge intelligence, engineering, and response into a unified, adaptive cyber defense capability.

Core Principle:
"You can't protect what you don't understand."

• 🔭 Currently working on: Enhancing ThreatOps platform with ML-based threat scoring and advanced RSS feed correlation
• 🌱 Learning: Advanced threat hunting techniques, YARA rule optimization, and cloud-native security architectures
• 👯 Looking to collaborate on: Open-source CTI tools, MISP community projects, and threat hunting methodologies
• 💬 Ask me about: CTI automation, MISP optimization, threat hunting strategies, and SOC architecture design
• ⚡ Fun fact: I've automated over 80% of routine CTI processes, freeing analysts to focus on high-value threat analysis

• eCTHPv2 – Certified Threat Hunting Professional (EC-Council)
• Group-IB – Threat Intelligence Analyst
• Belkasoft – Windows Forensics Certification

• 2024-Present: Sr. Cyber Defense DFIR Analyst - Leading CTI operations, threat hunting, and detection engineering
• 2022-2024: Sr. SOC/Cyber Defense Analyst/Admin/Engineer - SOC operations, SIEM/SOAR administration, security architecture
• 2021-2022: Security Operations Specialist - Incident response, security monitoring, and compliance
• Career Focus: Evolved from traditional SOC operations to specialized CTI and threat hunting leadership

• Automated CTI Pipeline Development
  Built comprehensive automated CTI pipeline using MISP, N8n, and Python for scalable IOC ingestion, enrichment, tagging, and correlation with internal telemetry sources.

• MISP Galaxy "Ransomware Groups"
  Designed and published a custom MISP Galaxy mapping ransomware actors to ATT&CK techniques and metadata.

• CTI SOPs and Intelligence Workflows
  Designed and implemented comprehensive CTI Standard Operating Procedures and intelligence workflows, aligning with the intelligence lifecycle to support collection planning, threat analysis, and stakeholder dissemination.

• n8n Automation Workflows
  Built end-to-end enrichment pipelines in n8n for MISP events (IoCs, TTPs, victim profiles).

• MISP Analytics Dashboard
  Created interactive Jupyter Notebook dashboards visualizing events per day, threat categories, and APT actor profiles.

• Ransomware.live Integration
  Integrated the ransomware.live API into n8n workflows for automated group data enrichment in MISP.

• MITRE ATT&CK Mapping Automation
  Automated mapping of APT groups to MITRE ATT&CK Intrusion Sets using TAXII feeds and MISP galaxy tags.

• Security Community Contributions
  Authored multiple blog posts and delivered presentations on MISP best practices and RSS feed integration.

• External Source Integrations
  Integrated MISP with external intelligence sources: Group-IB (GIB), CTM360.

• TheHive SOAR Platform Development
  Developed and maintained TheHive for incident response and threat handling; integrated with Cortex, MISP, QRadar, TIP, Digital Risk Protection, email, MS Teams, n8n, and Shuffle to streamline workflows.

• Security Product Assessments
  Conducted comprehensive evaluations of EDR, Threat Intelligence Platforms, Dark Web Monitoring, Digital Risk Protection, and Attack Surface Management solutions for detection efficacy and integration.

• Attack Simulation Exercises
  Utilized CALDERA for adversary emulation, running real-world attack scenarios to test and strengthen organizational defenses.

• Custom SIEM Middleware
  Built middleware to ingest API log data into SIEM platforms, improving log centralization and analysis capabilities.

• Card Data Discovery Validator
  Created a Python-based tool to validate and mask cardholder data following security compliance standards.

• 📝 Security Research & Writing
  Regular contributor to threat intelligence and security operations content, sharing insights on CTI automation and threat hunting methodologies.

• 🛠️ Open Source Development
  Active contributor to MISP community projects and developer of custom CTI tools available for security community use.

• 🎓 Knowledge Sharing
  Presentations and blog posts on MISP optimization, RSS feed integration, and CTI automation best practices.

• 🔗 Industry Collaboration
  Collaborating with security vendors and open source communities to enhance threat intelligence sharing and detection capabilities.

• ThreatOps: Custom CTI Automation Platform - Custom-built tool for RSS feed intelligence collection and operationalization
• MISP: Malware Information Sharing Platform - Advanced CTI pipeline and automation workflows
• TheHive: Open Source SOAR - Incident response and threat handling automation
• Threat Hunting Framework - MITRE ATT&CK-based hunting methodologies and detection engineering
• EDR Assessment Guide - Comprehensive evaluation framework for endpoint detection solutions
• CTI Pipeline Automation - End-to-end automated threat intelligence processing and enrichment
• ELK Stack Deployment - Security-focused log analysis and visualization
• C2 Framework Integrations - Purple team testing and detection validation
• Attack Simulation Labs - Controlled environments for threat emulation and hunting
• API-to-QRadar Syslog Middleware - Custom integration solutions

• Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
• CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
• Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
• Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
• Why IT Admins Choose Samsung for Mobile Security