I am a highly skilled Cyber Defense Engineer with a proven track record in leading Security Operations and conducting in-depth assessments of Endpoint Detection & Response (EDR) and Email Security Gateways, Threat Intelligence Platforms (TIP), Attack Surface Management (ASM), Dark Web Monitoring and Digital Risk Protection (DRP), as well as Security Orchestration, Automation, and Response (SOAR) solutions.

My passion lies in designing and optimizing SOC processes, developing robust use cases and incident response playbooks, and implementing advanced detection rules and automation workflows. I also specialize in building custom middleware integrations, ensuring seamless and scalable security operations across diverse environments.

Core Principle:
“You can’t protect what you don’t understand.”

• eCTHPv2 – Certified Threat Hunting Professional (EC-Council)
• Group-IB – Threat Intelligence Analyst
• Belkasoft – Windows Forensics Certification

• MISP Galaxy “Ransomware Groups”
  Designed and published a custom MISP Galaxy mapping ransomware actors to ATT&CK techniques and metadata.

• n8n Automation Workflows
  Built end-to-end enrichment pipelines in n8n for MISP events (IoCs, TTPs, victim profiles).

• MISP Analytics Dashboard
  Created interactive Jupyter Notebook dashboards visualizing events per day, threat categories, and APT actor profiles.

• Ransomware.live Integration
  Integrated the ransomware.live API into n8n workflows for automated group data enrichment in MISP.

• MITRE ATT&CK Mapping Automation
  Automated mapping of APT groups to MITRE ATT&CK Intrusion Sets using TAXII feeds and MISP galaxy tags.

• Security Community Contributions
  Authored multiple blog posts and delivered presentations on MISP best practices and RSS feed integration.

• External Source Integrations
  Integrated MISP with external intelligence sources: Group-IB (GIB), CTM360.

• TheHive SOAR Platform Development
  Developed and maintained TheHive for incident response and threat handling; integrated with Cortex, MISP, QRadar, TIP, Digital Risk Protection, email, MS Teams, n8n, and Shuffle to streamline workflows.

• Security Product Assessments
  Conducted comprehensive evaluations of EDR, Threat Intelligence Platforms, Dark Web Monitoring, Digital Risk Protection, and Attack Surface Management solutions for detection efficacy and integration.

• Attack Simulation Exercises
  Utilized CALDERA for adversary emulation, running real-world attack scenarios to test and strengthen organizational defenses.

• Custom SIEM Middleware
  Built middleware to ingest API log data into SIEM platforms, improving log centralization and analysis capabilities.

• Card Data Discovery Validator
  Created a Python-based tool to validate and mask cardholder data following security compliance standards.

• TheHive: Open Source SOAR
• MISP: Malware Information Sharing Platform
• BookStack: Documentation Platform
• EDR Assessment Guide
• ELK Stack Deployment
• C2 Framework Integrations
• Attack Simulation Labs
• API-to-QRadar Syslog Middleware

• New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
• China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
• From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care
• U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
• ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach