Contact for Details
/ Proof of Work

Four Projects. Real Tools. Documented Outcomes.

Detection engineering and forensic investigation work built across SIEM, EDR, and cloud security platforms. Each project documents the toolchain, scope, and result.

— Detection Engineering
— Cloud SIEM Operations

Phishing Detection Automation

Azure SIEM Monitoring

Deployed and tuned Microsoft Sentinel across a multi-tenant Azure environment. Authored KQL detection rules targeting lateral movement, privilege escalation, and failed authentication bursts.

Built an automated phishing triage pipeline using Python and email header analysis. Reduced analyst review time by classifying malicious indicators at ingestion before SIEM alert generation.

Stack: Python · SMTP analysis · IOC extraction · SIEM integration

Stack: Microsoft Sentinel · KQL · Azure AD · Log Analytics · Defender

— Open-Source EDR
— Forensic Investigation

Wazuh Threat Detection

DFIR Investigation Lab

Configured Wazuh agents across Linux and Windows endpoints. Wrote custom decoders and rules to surface rootkit behavior, file integrity violations, and brute-force patterns in near real time.

Constructed an end-to-end DFIR lab simulating ransomware and credential-theft scenarios. Documented full incident lifecycle from initial triage through memory acquisition, timeline correlation, and reporting.

Stack: Wazuh · OSSEC · Elastic Stack · Linux · Windows endpoint

Stack: Volatility · Autopsy · Wireshark · FTK Imager · MITRE ATT&CK

+ Full Toolchain

SIEM: Microsoft Sentinel · Splunk · Elastic SIEM · Wazuh · IBM QRadar

Platforms and Tools

Cloud & EDR: Azure AD · AWS Security Hub · Microsoft Defender · CrowdStrike · IDS/IPS

DFIR & Automation: Volatility · Autopsy · FTK Imager · Wireshark · Python · Bash · MITRE ATT&CK

Contact for Details

Ready to evaluate the full methodology?

Each project has documented toolchain decisions, detection logic, and outcome metrics. Reach out to discuss scope, stack, or a specific engagement.