Over 15 years of cybersecurity experience delivering advanced detection engineering, SIEM solutions, AI security monitoring, and cloud protection.
With over 15 years of experience in cybersecurity, I help organizations build and improve advanced security capabilities across detection, monitoring, and response.
My work focuses on detection engineering, SIEM content development, threat detection strategy, and modern security monitoring across both traditional and emerging attack surfaces.
This includes building advanced detection rules, developing machine learning models for threat detection, securing AWS and Azure cloud environments, and designing monitoring approaches for new areas such as AI prompt interactions.
I believe effective cybersecurity is built on a combination of deep technical expertise, practical implementation, and the ability to adapt quickly to evolving threats and technologies.
Comprehensive cybersecurity services - from detection rules to cloud protection.
Enterprise-grade detection rules covering the full MITRE ATT&CK spectrum. Multi-layered capabilities - from threshold-based alerts, through correlation rules across multiple data sources, to chained detections for multi-stage attacks.
Rules are tuned for false positive reduction with defined lifecycle management processes. Each rule includes full context - threat intelligence, expected behavior, and recommended triage actions.
ML models built to detect threats that evade traditional rules - including C2 beaconing, DNS tunneling, DGA, and network traffic anomalies.
Unsupervised learning is used to profile normal user and host behavior, then surface deviations tied to lateral movement, data staging, exfiltration, or other patterns invisible to static detections.
Risk is aggregated dynamically per user, host, or entity instead of generating isolated alerts. Events are weighted by severity, confidence, and business context - with higher multipliers for critical assets, VIP users, and admin accounts.
When cumulative risk crosses defined thresholds, high-priority alarms fire with full incident context in a single view. Reduces alert fatigue and sharpens analyst focus.
Mapping compromise routes to identify high-risk identities based on proximity to crown jewels. Analyzing privilege delegation chains, nested group memberships, trust relationships, and lateral movement paths.
Blast radius estimation measures how many hops separate an account from Global Admin, Domain Controllers, or sensitive data stores. The result - a clear view of which accounts need MFA, PAM, privilege reduction, and enhanced monitoring.
Detection rules and monitoring logic for AI interactions - covering prompt injection, unauthorized usage, abuse of internal AI tools, and suspicious LLM interaction patterns.
Includes surfacing sensitive data exposure through AI systems and supporting broader AI governance - visibility into how AI is used, where risks emerge, and which interactions need review or escalation.
Dedicated monitoring and detection across AWS and Microsoft Azure - log monitoring, threat detection, and cloud-native security rules. Coverage includes:
Detection of misconfigurations, suspicious access, privilege escalation, and cloud-native attack techniques. Supports posture management and regulatory compliance.
Design and development of modern websites, landing pages, and lightweight web applications - with a focus on security, performance, and practical business use.
This includes corporate websites, internal tools, and custom digital solutions built to be fast, reliable, and easy to maintain.
Tools and platforms I specialize in.
Have a project or question? Reach out — I typically respond within 24 hours.
Whether you need a consultation, support with SIEM rules, or cloud infrastructure protection — I'd be happy to discuss your needs.
Your data is safe and will not be shared with third parties.