Analyst-focused work in SOC investigation, malware analysis, and threat intelligence
CTI research workflow for linking pseudonymous text profiles, clustering aliases, and scoring likely matches using stylometry, embeddings, and entity overlap on synthetic data.
Python CLI that ingests live threat feeds, maps malware activity to MITRE ATT&CK techniques, checks Sigma and mthcht detection-list coverage, queries D3FEND for countermeasure suggestions, and outputs a prioritized gap report plus an ATT&CK Navigator layer.
Full-stack security platform concept that predicts likely next attacker moves from MITRE ATT&CK campaign data, then checks Sigma detection coverage for each predicted technique.