Detection Engineering
PublishedSOC Automation with Splunk
Brute-force credential attack detection using Windows Security Event Logs, SPL-based alert logic, structured triage decisions, and repeatable analyst response documentation.
Build · Detect · Respond
Security operations. Built on evidence.
Hands-on security operations work across detection engineering, incident response, and identity security — built with real tooling, documented with analyst rigor, and structured for repeatable outcomes.
3
Security lab tracks
80+
Failed logons detected
5+
Years enterprise IT
2
Professional credentials
Featured Labs
Threat scenarios. Documented outcomes.
Each lab is built around an authentic security scenario and documented through detection logic, triage decisions, analyst response steps, and measurable results.
Incident Response
StagedPhishing-to-Malware Incident Response Lab
End-to-end phishing intrusion scenario covering initial delivery, host-based indicator analysis, containment decisions, and executive-ready incident documentation.
Identity Security
StagedIdentity & Access Management Security Lab
Operational access-control scenarios covering MFA enforcement, least-privilege principles, account lifecycle governance, privileged access management, and recovery workflows.
Personal Projects
Applied AI engineering beyond the security lab.
Production-level projects demonstrating multi-agent AI orchestration, platform API integration, autonomous workflow design, and operational security practices.
AI Automation
PublishedAI Etsy Product Pipeline
Autonomous AI commerce pipeline using CrewAI, Anthropic, Canva Connect, Etsy REST workflows, SQLite state tracking, SEO review, daily health reporting, and VPS loop automation.
Operating Method
The analyst framework behind every case.
Analyst Standard
From signal to response
This portfolio emphasizes the components that define effective security operations work: evidence quality, repeatable decision-making, clear analyst communication, and structured containment methodology.
Scenario
Model a realistic threat or access-control situation with actionable telemetry.
Detection
Develop and validate alert logic that isolates meaningful signal from background noise.
Triage
Translate raw events into documented findings with defined scope, severity, and decision criteria.
Response
Record analyst actions and outcomes as reusable case documentation for future incidents.
About
Security operations practitioner.
Five-plus years of enterprise IT experience in high-demand environments — including Columbia University and NYC Health + Hospitals — supporting mission-critical infrastructure and security operations workflows.
Technical Focus
Core focus areas include threat detection engineering, security event log analysis, identity and access management (IAM), and structured SOC investigation methodology.
Professional Approach
Technical work is executed with analytical rigor, thorough documentation, and evidence-based decision-making aligned with established security operations standards and best practices.
Credentials
Certifications & professional credentials.
CompTIA
Security+
Validates knowledge across threat analysis, security architecture, network security, operations, governance, and risk management.
IT Service Management
ITIL 4 Foundation
Demonstrates fluency in IT service management frameworks, service value chains, and continual improvement practices.