Skills & Expertise
Analyst skills built through projects, labs, and hands-on investigation
Security Operations & Incident Analysis
Alert Analysis & Triage
Working through alerts, pivots, and investigation paths in lab environments to understand attacker behavior
IntermediateLog & Telemetry Analysis
Elastic Stack, Sysmon, Windows Event Logs, and network telemetry used in defensive analysis and project work
IntermediateIncident Response
Incident response concepts, investigation flow, and containment planning practiced through labs and case work
FoundationalDetection Rule Writing
Writing Sigma rules, tuning logic, and mapping detections back to ATT&CK techniques
ProficientThreat Intelligence & ATT&CK Analysis
MITRE ATT&CK Mapping
Mapping malware, detections, and observed behavior to MITRE ATT&CK techniques and tactics
ProficientThreat Actor Profiling
Researching actors with OSINT sources like passive DNS, certificate transparency, and infrastructure overlap
IntermediateCampaign Correlation
Connecting incidents through shared tooling, infrastructure, and TTP patterns to understand campaign activity
IntermediateInvestigation Support & Analysis Workflows
Python Scripting
Python scripting for enrichment, parsing, reporting, and analyst-support workflows
AdvancedIOC Enrichment
IOC collection and enrichment with VirusTotal, AbuseIPDB, Shodan, and MISP for analysis workflows
IntermediateReporting & Documentation
Writing threat notes, gap summaries, and project outputs that explain findings clearly for review
IntermediateOSINT Workflow Support
Using public sources, enrichment tools, and custom parsing to add context to IOCs and actor research
IntermediateThreat Feed Integration
Ingesting and normalizing live threat feeds (ThreatFox, Feodo, MalwareBazaar, URLhaus, YARAify, CISA KEV) into structured analysis pipelines
ProficientDetection Coverage & CTI Research
Detection Gap Analysis
Comparing observed ATT&CK techniques against Sigma rule libraries and detection lists to surface uncovered techniques and prioritize coverage improvements
ProficientCoverage Modeling
Predicting attacker next moves from real ATT&CK campaign sequences and mapping predicted techniques against live Sigma coverage to identify blind spots before they matter
IntermediateText-Based Attribution
Ranking and clustering pseudonymous alias profiles using stylometry, sentence embeddings, TF-IDF, and entity overlap with calibrated match probability scoring
IntermediateNLP & Embedding Pipelines
Building analyst-support pipelines with spaCy, SentenceTransformers, scikit-learn, and HDBSCAN for text extraction, similarity scoring, and cluster review
Intermediate